From owner-freebsd-net@FreeBSD.ORG  Tue Feb 25 10:48:18 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0A1EF676;
 Tue, 25 Feb 2014 10:48:18 +0000 (UTC)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5700619E1;
 Tue, 25 Feb 2014 10:48:17 +0000 (UTC)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
 by hz.grosbein.net (8.14.7/8.14.7) with ESMTP id s1PAm2Wr067905
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Tue, 25 Feb 2014 11:48:03 +0100 (CET)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: freebsd-net@freebsd.org
Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1])
 by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id s1PAlwPU076008;
 Tue, 25 Feb 2014 17:47:58 +0700 (NOVT)
 (envelope-from eugen@grosbein.net)
Message-ID: <530C74DE.70203@grosbein.net>
Date: Tue, 25 Feb 2014 17:47:58 +0700
From: Eugene Grosbein <eugen@grosbein.net>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130415 Thunderbird/17.0.5
MIME-Version: 1.0
To: Alexander Motin <mav@FreeBSD.org>
Subject: Re: rpcbind & TCP wrappers
References: <530B996F.4060100@FreeBSD.org> <530BA819.1080400@delphij.net>
 <530C0B82.8070303@grosbein.net> <530C708C.9060107@FreeBSD.org>
In-Reply-To: <530C708C.9060107@FreeBSD.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=3.2 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, 
 LOCAL_FROM autolearn=no version=3.3.2
X-Spam-Report: * 2.9 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after
 Received: date
 * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net
X-Spam-Level: ***
Cc: Xin Li <delphij@delphij.net>, d@delphij.net, freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 10:48:18 -0000

On 25.02.2014 17:29, Alexander Motin wrote:

>> We can't?
>>
>> What if we make libwrap cache and check hosts.allow/hosts.deny modification times early
>> and just skip if it was not modified since last check?
> 
> Skip what?

Skip full file parsing.

> Configuration can be not trivial, and we can't know what 
> exactly you can or can not cache.

How can result be not cacheable for rpcbind?

> Even if we skip just file read, we still have to process it all,
> but that requires time too. Do we really 
> want/need another firewall there?

No need in another firewall. Just make small hash containing result
of previous check for the client and get result from hash if modification time
of file has not changed. With fallback to full file processing when hash overflows.