|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Roman Drahtmueller (draht
suse.de)Date: Fri Nov 30 2001 - 11:23:01 CST
>
> > Tcpwrappers should be enough for access control.
>
> In-process, or via tcpd? Is exec too expensive?
Actually, we have around 10000 execve()-calls per hour, but there are no
page-faults for the binary (there are 700 of them running already). The
cpu load is near 20% if 800 processes are delivering 50 MBit/s (on a
P-III-600). So unless you have very many services running only for a very
short period, the execve() overhead isn't that much of a hassle.
>
> Is there a nice algorithm to approximate this without keeping
> track of the launch times of all connections launched in the
> last Y <time unit>s?
I'm not sure. xinetd consumes very much memory for the internal list, and
that's more of a problem since the memory could be used otherwise.
>
> > > Is the BSD inetd's feature set really too small for modern use?
> >
> > I'm pretty satisfied with what's in FreeBSD, basically.
>
> Aside from the really flexible rate-limiting, does it have
> significantly fewer features different from xinetd?
>
> Matthew.
>
Thanks,
Roman.
-- - - | Roman Drahtmüller <draht
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]