rpcbind & TCP wrappers
Eugene Grosbein
eugen at grosbein.net
Tue Feb 25 10:48:18 UTC 2014
On 25.02.2014 17:29, Alexander Motin wrote:
>> We can't?
>>
>> What if we make libwrap cache and check hosts.allow/hosts.deny modification times early
>> and just skip if it was not modified since last check?
>
> Skip what?
Skip full file parsing.
> Configuration can be not trivial, and we can't know what
> exactly you can or can not cache.
How can result be not cacheable for rpcbind?
> Even if we skip just file read, we still have to process it all,
> but that requires time too. Do we really
> want/need another firewall there?
No need in another firewall. Just make small hash containing result
of previous check for the client and get result from hash if modification time
of file has not changed. With fallback to full file processing when hash overflows.
More information about the freebsd-net
mailing list