Date: Tue, 25 Feb 2014 17:47:58 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Alexander Motin <mav@FreeBSD.org> Cc: Xin Li <delphij@delphij.net>, d@delphij.net, freebsd-net@freebsd.org Subject: Re: rpcbind & TCP wrappers Message-ID: <530C74DE.70203@grosbein.net> In-Reply-To: <530C708C.9060107@FreeBSD.org> References: <530B996F.4060100@FreeBSD.org> <530BA819.1080400@delphij.net> <530C0B82.8070303@grosbein.net> <530C708C.9060107@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25.02.2014 17:29, Alexander Motin wrote: >> We can't? >> >> What if we make libwrap cache and check hosts.allow/hosts.deny modification times early >> and just skip if it was not modified since last check? > > Skip what? Skip full file parsing. > Configuration can be not trivial, and we can't know what > exactly you can or can not cache. How can result be not cacheable for rpcbind? > Even if we skip just file read, we still have to process it all, > but that requires time too. Do we really > want/need another firewall there? No need in another firewall. Just make small hash containing result of previous check for the client and get result from hash if modification time of file has not changed. With fallback to full file processing when hash overflows.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530C74DE.70203>