[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Performance impact of linking libwrap

To: Michael Ströder <michael@stroeder.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Performance impact of linking libwrap
From: Howard Chu <hyc@symas.com>
Date: Tue, 09 Dec 2014 15:19:59 +0000
In-reply-to: <548704F9.7030504@stroeder.com>
References: <548704F9.7030504@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33a1

Michael Ströder wrote:

HI!

I'm currently trying to upgrade an OpenLDAP package for a openSUSE distribution.

The original package links slapd with libwrap which made sense in former times
on systems without local host firewall mechanisms.
If libwrap does not have a major performance impact I'd keep it that way just
for sake of backward compability.

But AFAICT if slapd is linked with libwrap the TCP wrapper is always asked
whether a connection is allowed or not. One cannot disable it by slapd
configuration.

So the question is: How big is the performance impact?

How much does it matter? libwrap has to fopen two files(/etc/hosts.allow and hosts.deny) and read their rules, every time aconnection is received. That's pretty significant overhead, but ifyou're not receiving thousands of connections per second, it probablydoesn't matter.


Ciao, Michael.



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Performance impact of linking libwrap
  - From: Michael Ströder <michael@stroeder.com>

References:
- Performance impact of linking libwrap
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: is syncrepl + lmdb possible ?
Next by Date: Re: Q: LDIF: use replace instead of add/delete?
Index(es):
- Chronological
- Thread