Date: Mon, 24 Feb 2014 21:11:43 +0200 From: Alexander Motin <mav@FreeBSD.org> To: freebsd-net@freebsd.org Subject: rpcbind & TCP wrappers Message-ID: <530B996F.4060100@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi. I've made benchmark to test rpcbind performance and discovered very interesting numbers: on my test machine our present rpcbind is able to handle only 12K RPCs per second, but building it without TCP wrappers (libwrap) improves performance to 116K RPCs/sec. Obviously hosts.allow parsing for each RPC is too expensive. Since rpcbind output is often cached by the clients it may be not so huge problem, but still 10x difference IMO worth some decision to be made there. I've talked to several people and they agree that it is not very useful to protect rpcbind since it is any way effectively read-only for other hosts in default configuration. Since I expect some people may still want it I've implemented patch disabling TCP wrappers in rpcbind by default, but introducing new command line option -t to easily restore functionality when needed: http://people.freebsd.org/~mav/libwrap.patch Any comments or objections? -- Alexander Motin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530B996F.4060100>