From owner-freebsd-net@FreeBSD.ORG Tue Feb 25 10:29:41 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5C8A61E4 for ; Tue, 25 Feb 2014 10:29:41 +0000 (UTC) Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E41F9183F for ; Tue, 25 Feb 2014 10:29:40 +0000 (UTC) Received: by mail-wg0-f51.google.com with SMTP id a1so174365wgh.22 for ; Tue, 25 Feb 2014 02:29:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Ohtj/+AMDrM25pIhtrFXQLVdjr5K6xh+KL1fJF42gcU=; b=1GHVyn2kPD185x6K0kSNXVhu3z+Lu8BxQB+S25aho/gWinKeMhWk3m09uSE0UDXVzR YoQPDcWUXj9VZDPcS/Tx2FoviwgigVAi4LgSrIg1nUs4qxpc98s8rg9bYm2Ljzxz2UqF VerR9lJL5MlTojF4JfkFdUwzUjspy3hIGFVkpuXkjX+F0EDuCno8/8tp0mnqDSfkNxwL hzK1gG8afB3GAiXk8si/hBglrHHYQhRxuaBU64+IX2etzs2t4UEkXZLIw5U1yfSwS7Xk bjxcPNzTV+WQfYsJcB+xxq7S/zWejQshL/nt/rgmT/bR0WP4Brrf5WzOMgsK3GTZVyO+ mCcg== X-Received: by 10.194.62.243 with SMTP id b19mr939395wjs.63.1393324176467; Tue, 25 Feb 2014 02:29:36 -0800 (PST) Received: from mavbook.mavhome.dp.ua (mavhome.mavhome.dp.ua. [213.227.240.37]) by mx.google.com with ESMTPSA id m8sm64968881eef.14.2014.02.25.02.29.34 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Feb 2014 02:29:35 -0800 (PST) Sender: Alexander Motin Message-ID: <530C708C.9060107@FreeBSD.org> Date: Tue, 25 Feb 2014 12:29:32 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Eugene Grosbein , d@delphij.net Subject: Re: rpcbind & TCP wrappers References: <530B996F.4060100@FreeBSD.org> <530BA819.1080400@delphij.net> <530C0B82.8070303@grosbein.net> In-Reply-To: <530C0B82.8070303@grosbein.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Xin Li X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Feb 2014 10:29:41 -0000 On 25.02.2014 05:18, Eugene Grosbein wrote: > On 25.02.2014 03:14, Xin Li wrote: > >> By the way we need to be careful when changing the defaults, or it >> creates astonishment (tcpwrap are supposed to work without restarting >> the service) but I think this is probably a pain we have to face if we >> can't make TCP wrappers to work faster. > > We can't? > > What if we make libwrap cache and check hosts.allow/hosts.deny modification times early > and just skip if it was not modified since last check? Skip what? Configuration can be not trivial, and we can't know what exactly you can or can not cache. Even if we skip just file read, we still have to process it all, but that requires time too. Do we really want/need another firewall there? -- Alexander Motin