OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Content filtering 101
From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Wed Jun 07 2000 - 10:59:59 CDT

On 7 June 2000, Liviu Daia <Liviu.Daiaimar.ro> wrote:
[...]
> (3) Performance tests.
[...]
> - Testbed:
>
> /usr/bin/time /usr/postfix/smtp-source -m100 -s20 -l15360 -c \
> -tnulleuler.imar.ro euler.imar.ro

    Minor correction: I actually used "-m1000", not "-m100".

[...]
> (c) I didn't try running tailbiter instead of macofida, but I suspect
> the same thing happens with it: the "backlog" observed earlier by
> Bennett is actually the queue created by the second smtpd, and the big
> speed difference is actually due to "gethostbyaddr" and / or other DNS
> lookup failures. Again, comments / corrections are welcome.
[...]

    On second thought, the second part may be wrong: in my tests I
didn't add a real content filter to macofida (I was planning to do that
next, but then I realized I was not timing the right thing), so the
speed difference observed by Bennett might also be due to:

(1) compiling the patterns over and over again:

     95 pat: for (re) {
     96 if ($msg->{MSG} =~ /$_/) {
     97 $eek = 1;
     98 last pat;
     99 }
    100 }

(2) use of backtracking in the search pattern for no good reason (hint:
    never ever use \1 and friends when you can avoid them);

(3) the overhead of plain regexp match.

    OTOH, I'm pretty sure the "backlog" is actually the queue produced
by the second smtpd.

    Regards,

    Liviu Daia 

-- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc