login
Search
Could somebody help me understand what is going on?
My basic question is simple. What is supposed to fill my entropy by default and why is it so slow in this one machine and not my others?
Let me explain.
I have a small x86 system running Debian Sarge 2.6.8 It is running a lot of inscription: sldap, https, svn https and ssh. All of these programs started running really slow, apache could take up to 10min to run `/etc/init.d/apache2 restart` I traced this issue to all of these programs hanging while accessing /dev/random. That lead me strait to my entropy pool being 0 and it filling back up extremely slowly.
I have resolved the situation by installing rng-tools with the hw-random kernel module(already installed).
I would like to find what is supposed to be filling my entropy pool and fix that so that I may remove rng-tools I hate having daemons running around taking up memory when I shouldn't need them.
Any help or knowledge that can be shed on this light would be greatly appreciated.
entropy
network traffic... but you can use "/dev/urandom" it won't block!
referances
In that case, what little traffic I have to and from that box is all encrypted. Encryption needs a random number and a random number needs entropy, and that encrypted transfer creates entropy but less then I used to make the connection... We'll that's recursively degrading.
This makes a lot of sense, however I would still like a little more documentation if anybody has it. Reference to source code or an environment variable or something. Speaking of environment variable's is there a way to force it to switch from the network to an IRQ like BSD does?
Maybe in the future I should just make sure all my programs like SVN are compiled to use /dev/urandom instead.
---------
~H~ Harmon Wood :)
Why use a shotgun to kill a grasshopper when I got a blow gun and some darts right here!
Translation: Rebooting is NOT an option.
Disk I/O, network I/O, etc, f
Disk I/O, network I/O, etc, fills the entropy pool.
Change the IRQ for entropy
Ok here is what I have so far and perhaps some can tell me how to specify the IRQ used below?
From linux-2.6.8 source ./drivers/char/random.c
* The current exported interfaces for gathering environmental noise
* from the devices are:
*
* void add_keyboard_randomness(unsigned char scancode);
* void add_mouse_randomness(__u32 mouse_data);
* void add_interrupt_randomness(int irq);
# I would like to make a personal note here: THIS IS NOT NETWORK TRAFFIC OR DISK I/O!
# OK, I'm done yelling now.
First off there is no keyboard or mouse plugged into this box it's a development server. However there are three of us actually coding on this server via ssh shouldn't that count as keyboard randomness?
Secondly and most importantly, Does anybody know where I can change the IRQ for add_interrupt_randomness. I traced "int irq" back to ./arch/i386/kernel/irq.c which lead me to ./arch/i386/kernel/process.c. Now I'm not the greatest coder in the world but I couldn't quite make sense of where it goes from there. Could somebody help me with this? Is this perhaps an issue with the 2.6.8 kernel?
---------
~H~ Harmon Wood :)
Why use a shotgun to kill a grasshopper when I got a blow gun and some darts right here!
Translation: Rebooting is NOT an option.
However there are three of us
However there are three of us actually coding on this server via ssh shouldn't that count as keyboard randomness?
No, that would count as IRQ randomness, if your network card, or whatever medium you use to connect to the box with, actually triggers IRQs (which it probably does).
Secondly and most importantly, Does anybody know where I can change the IRQ for add_interrupt_randomness.
I think the driver (or whatever) that requests the IRQ to be sent to them, must specify the IQRF_SAMPLE_FLAG:
static int elmc_open(struct net_device *dev) { int ret; elmc_id_attn586(); /* disable interrupts */ ret = request_irq(dev->irq, &elmc_interrupt, IRQF_SHARED | IRQF_SAMPLE_RANDOM, dev->name, dev);Just search for request_irq() in your network driver's code, and add IRQF_SHARED. I don't know why all drivers don't have this.
(I am not a kernel programmer)
Awesome
Thank you, that was very helpful.
Changed in linux-2.6.8/drivers/net/3c59x.c:
TO:
I will have a chance to recompile this module later tonight.
Thank you, again : )
---------
~H~ Harmon Wood :)
Why use a shotgun to kill a grasshopper when I got a blow gun and some darts right here!
Translation: Rebooting is NOT an option.
Uh, I mean IRQF_SAMPLE_RANDOM
Uh, I mean IRQF_SAMPLE_RANDOM.