tcp_wrappers: accumulated change-request PRs

Wietse Venema wietse at porcupine.org
Wed Jun 23 14:56:58 GMT 2004 

Bruce M Simpson:
> Hi all,
> 
> Whilst scanning GNATS, I found a number of PRs relating to requests
> for tcp_wrappers functionality and some outright bugfixes.  Rather than
> commit these as-is, I think we should push the changes back to Wietse,
> as we maintain tcp_wrappers on a vendor branch.
> 
> The PRs in question are:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/31034
> http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/32808
> http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/36556
> http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/42336
> 
> What does everyone else think?

The currently maintained version is tcp wrappers version 7.6 with
IPv6 support from Casper Dik. As mentioned elsewhere, maintenance
of this code means coping with changing language/system/network
environments; it does not mean adding new features.

If there is a problem in the maintained version then I will certainly
fix it (as you can see from the progression of file modification
times). Requests or even contributions for new features receive
less enthousiastic response as some may have experienced.

Improving warning/error messages is not a big problem for me, however
I would be cautious feeding more and more text into syslog() for
safety reasons. Even if syslog() itself was fixed years ago, software
that processes logfile records does not necessarily handle it well.

How much does the maintained version differ from the FreeBSD contrib
source code? I haven't looked into this for a long time, having used
FreeBSD since early 1993.

I would not include regexp support into the maintained version,
for several reasons. First, it's complex code, and it's is bound
to have bugs. If I work really hard at it, my code still has one
bug every 1000 lines. Second, it's unsafe. Most people don't know
how to use regular expressions properly, as frequently experienced
on the postfix-users list.

Even the less sophisticated shell-style globbing is fraught with
peril, with good programmers like Rich Salz having to release
multiple wild_match() versions because of bugs.

	Wietse

More information about the freebsd-net mailing list