Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Roman Drahtmueller (drahtsuse.de)
Date: Fri Nov 30 2001 - 11:23:01 CST
> > Tcpwrappers should be enough for access control.
> In-process, or via tcpd? Is exec too expensive?
Actually, we have around 10000 execve()-calls per hour, but there are no
page-faults for the binary (there are 700 of them running already). The
cpu load is near 20% if 800 processes are delivering 50 MBit/s (on a
P-III-600). So unless you have very many services running only for a very
short period, the execve() overhead isn't that much of a hassle.
> Is there a nice algorithm to approximate this without keeping
> track of the launch times of all connections launched in the
> last Y <time unit>s?
I'm not sure. xinetd consumes very much memory for the internal list, and
that's more of a problem since the memory could be used otherwise.
> > > Is the BSD inetd's feature set really too small for modern use?
> > I'm pretty satisfied with what's in FreeBSD, basically.
> Aside from the really flexible rate-limiting, does it have
> significantly fewer features different from xinetd?
-- - - | Roman Drahtmüller <drahtsuse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -