From owner-freebsd-net@FreeBSD.ORG Mon Feb 24 19:11:48 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E54E19A0; Mon, 24 Feb 2014 19:11:48 +0000 (UTC) Received: from mail-ee0-x22e.google.com (mail-ee0-x22e.google.com [IPv6:2a00:1450:4013:c00::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2CA9B1B37; Mon, 24 Feb 2014 19:11:48 +0000 (UTC) Received: by mail-ee0-f46.google.com with SMTP id d49so976269eek.33 for ; Mon, 24 Feb 2014 11:11:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=r9B7GDwGtGTqzyliUCKfYpYtRn3QqpLUe8/LVUllvAg=; b=KlN4UJq4AdcwVM490gt4WdVHyZjdPx0EMbi9KgjWDEePSCKRHHZi2PV1HTSq4ii6rP +hxEcelSrvZpw2DzhEOG6VJjAovJO7xUxQ38GsXVD0RikoDKak90Cq6pQpT6Fnt6Faeu lLkRnAl9VOMfi2og9RBlJapZ6qhretH6aJs/EoyCp4frYddYI4d21laVDxdsY0bJXU62 O0PhQFuNkt7JMmYq2XLuxnfxSCjxdblJbi/TFmDTUDQpJ+8xjUIizQpa382we4vpl25m qP52/RlpoEIxQh+LecVmXIMLrKpVIM311nHvH0lHkn27TZ30qdcOPophHw6ccGZiZQ1V kkCQ== X-Received: by 10.14.211.71 with SMTP id v47mr26563214eeo.37.1393269106384; Mon, 24 Feb 2014 11:11:46 -0800 (PST) Received: from mavbook.mavhome.dp.ua ([134.249.139.101]) by mx.google.com with ESMTPSA id q44sm67075615eez.1.2014.02.24.11.11.44 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 24 Feb 2014 11:11:45 -0800 (PST) Sender: Alexander Motin Message-ID: <530B996F.4060100@FreeBSD.org> Date: Mon, 24 Feb 2014 21:11:43 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: rpcbind & TCP wrappers Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 19:11:49 -0000 Hi. I've made benchmark to test rpcbind performance and discovered very interesting numbers: on my test machine our present rpcbind is able to handle only 12K RPCs per second, but building it without TCP wrappers (libwrap) improves performance to 116K RPCs/sec. Obviously hosts.allow parsing for each RPC is too expensive. Since rpcbind output is often cached by the clients it may be not so huge problem, but still 10x difference IMO worth some decision to be made there. I've talked to several people and they agree that it is not very useful to protect rpcbind since it is any way effectively read-only for other hosts in default configuration. Since I expect some people may still want it I've implemented patch disabling TCP wrappers in rpcbind by default, but introducing new command line option -t to easily restore functionality when needed: http://people.freebsd.org/~mav/libwrap.patch Any comments or objections? -- Alexander Motin