HomeFreeBSD

Avoid unneeded call to arc4random() in syncache_add()

Description

Avoid unneeded call to arc4random() in syncache_add()

Don't call arc4random() unconditionally to initialize sc_iss, and
then when syncookies are enabled, just overwrite it with the
return value from from syncookie_generate(). Instead, only call
arc4random() to initialize sc_iss when syncookies are not
enabled.

Note that on a system under a syn flood attack, arc4random()
becomes quite expensive, and the chacha_poly crypto that it calls
is one of the more expensive things happening on the
system. Removing this unneeded arc4random() call reduces CPU from
about 40% to about 35% in my test scenario (Broadwell Xeon, 6Mpps
syn flood attack).

Reviewed by: rrs, tuxen, bz
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D21591

Details

Committed
gallatinWed, Sep 11, 6:48 PM
Reviewer
rrs
Differential Revision
D21591: avoid unneeded call to arc4random() in syncache_add()
Parents
rS352227: Only skip problematic test in CI env.
Branches
Unknown
Tags
Unknown