Howard Chu wrote: > Michael Ströder wrote: >> I'm currently trying to upgrade an OpenLDAP package for a openSUSE >> distribution. >> >> The original package links slapd with libwrap which made sense in former times >> on systems without local host firewall mechanisms. >> If libwrap does not have a major performance impact I'd keep it that way just >> for sake of backward compability. >> >> But AFAICT if slapd is linked with libwrap the TCP wrapper is always asked >> whether a connection is allowed or not. One cannot disable it by slapd >> configuration. >> >> So the question is: How big is the performance impact? > > How much does it matter? That's what I'm trying to find out. ;-) > libwrap has to fopen two files (/etc/hosts.allow and > hosts.deny) and read their rules, every time a connection is received. That's > pretty significant overhead, but if you're not receiving thousands of > connections per second, it probably doesn't matter. Hmm, I will drop it since the same functionality can be easily achieved on this platform by using local kernel firewall. BTW: I'm using this package also on rasperry pi. So calling fopen() twice seems significant to me. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature