Disable libwrap (TCP wrappers) support in rpcbind by default, introducing
new command line options -W, to enable it when needed. On my tests this change by almost ten times improves rpcbind performance. No objections: many, net@
This commit is contained in:
parent
d464d78756
commit
ea9ed3d85b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=262860
5
UPDATING
5
UPDATING
@ -31,6 +31,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
|
|||||||
disable the most expensive debugging functionality run
|
disable the most expensive debugging functionality run
|
||||||
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
||||||
|
|
||||||
|
20140306:
|
||||||
|
Support for libwrap (TCP wrappers) in rpcbind was disabled by default
|
||||||
|
to improve performance. To re-enable it, if needed, run rpcbind
|
||||||
|
with command line option -W.
|
||||||
|
|
||||||
20140226:
|
20140226:
|
||||||
Switched back to the GPL dtc compiler due to updates in the upstream
|
Switched back to the GPL dtc compiler due to updates in the upstream
|
||||||
dts files not being supported by the BSDL dtc compiler. You will need
|
dts files not being supported by the BSDL dtc compiler. You will need
|
||||||
|
@ -60,6 +60,7 @@ exim : localhost : allow
|
|||||||
exim : ALL : allow
|
exim : ALL : allow
|
||||||
|
|
||||||
# Rpcbind is used for all RPC services; protect your NFS!
|
# Rpcbind is used for all RPC services; protect your NFS!
|
||||||
|
# Rpcbind should be running with -W option to support this.
|
||||||
# (IP addresses rather than hostnames *MUST* be used here)
|
# (IP addresses rather than hostnames *MUST* be used here)
|
||||||
#rpcbind : 192.0.2.32/255.255.255.224 : allow
|
#rpcbind : 192.0.2.32/255.255.255.224 : allow
|
||||||
#rpcbind : 192.0.2.96/255.255.255.224 : allow
|
#rpcbind : 192.0.2.96/255.255.255.224 : allow
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
.\" Copyright 1989 AT&T
|
.\" Copyright 1989 AT&T
|
||||||
.\" Copyright 1991 Sun Microsystems, Inc.
|
.\" Copyright 1991 Sun Microsystems, Inc.
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.Dd April 23, 2007
|
.Dd March 6, 2014
|
||||||
.Dt RPCBIND 8
|
.Dt RPCBIND 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -133,6 +133,8 @@ to use non-privileged ports for outgoing connections, preventing non-privileged
|
|||||||
clients from using
|
clients from using
|
||||||
.Nm
|
.Nm
|
||||||
to connect to services from a privileged port.
|
to connect to services from a privileged port.
|
||||||
|
.It Fl W
|
||||||
|
Enable libwrap (TCP wrappers) support.
|
||||||
.El
|
.El
|
||||||
.Sh NOTES
|
.Sh NOTES
|
||||||
All RPC servers must be restarted if
|
All RPC servers must be restarted if
|
||||||
|
@ -88,6 +88,9 @@ rpcblist_ptr list_rbl; /* A list of version 3/4 rpcbind services */
|
|||||||
int runasdaemon = 0;
|
int runasdaemon = 0;
|
||||||
int insecure = 0;
|
int insecure = 0;
|
||||||
int oldstyle_local = 0;
|
int oldstyle_local = 0;
|
||||||
|
#ifdef LIBWRAP
|
||||||
|
int libwrap = 0;
|
||||||
|
#endif
|
||||||
int verboselog = 0;
|
int verboselog = 0;
|
||||||
|
|
||||||
char **hosts = NULL;
|
char **hosts = NULL;
|
||||||
@ -785,7 +788,12 @@ parseargs(int argc, char *argv[])
|
|||||||
#else
|
#else
|
||||||
#define WSOP ""
|
#define WSOP ""
|
||||||
#endif
|
#endif
|
||||||
while ((c = getopt(argc, argv, "6adh:iLls" WSOP)) != -1) {
|
#ifdef LIBWRAP
|
||||||
|
#define WRAPOP "W"
|
||||||
|
#else
|
||||||
|
#define WRAPOP ""
|
||||||
|
#endif
|
||||||
|
while ((c = getopt(argc, argv, "6adh:iLls" WRAPOP WSOP)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case '6':
|
case '6':
|
||||||
ipv6_only = 1;
|
ipv6_only = 1;
|
||||||
@ -818,6 +826,11 @@ parseargs(int argc, char *argv[])
|
|||||||
case 's':
|
case 's':
|
||||||
runasdaemon = 1;
|
runasdaemon = 1;
|
||||||
break;
|
break;
|
||||||
|
#ifdef LIBWRAP
|
||||||
|
case 'W':
|
||||||
|
libwrap = 1;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
#ifdef WARMSTART
|
#ifdef WARMSTART
|
||||||
case 'w':
|
case 'w':
|
||||||
warmstart = 1;
|
warmstart = 1;
|
||||||
@ -825,8 +838,8 @@ parseargs(int argc, char *argv[])
|
|||||||
#endif
|
#endif
|
||||||
default: /* error */
|
default: /* error */
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"usage: rpcbind [-6adiLls%s] [-h bindip]\n",
|
"usage: rpcbind [-6adiLls%s%s] [-h bindip]\n",
|
||||||
WSOP);
|
WRAPOP, WSOP);
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -66,6 +66,9 @@ struct r_rmtcall_args {
|
|||||||
|
|
||||||
extern int debugging;
|
extern int debugging;
|
||||||
extern int doabort;
|
extern int doabort;
|
||||||
|
#ifdef LIBWRAP
|
||||||
|
extern int libwrap;
|
||||||
|
#endif
|
||||||
extern int verboselog;
|
extern int verboselog;
|
||||||
extern int insecure;
|
extern int insecure;
|
||||||
extern int oldstyle_local;
|
extern int oldstyle_local;
|
||||||
|
@ -108,14 +108,16 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef LIBWRAP
|
#ifdef LIBWRAP
|
||||||
if (addr->sa_family == AF_LOCAL)
|
if (libwrap && addr->sa_family != AF_LOCAL) {
|
||||||
return 1;
|
request_init(&req, RQ_DAEMON, "rpcbind", RQ_CLIENT_SIN, addr,
|
||||||
request_init(&req, RQ_DAEMON, "rpcbind", RQ_CLIENT_SIN, addr, 0);
|
0);
|
||||||
sock_methods(&req);
|
sock_methods(&req);
|
||||||
if(!hosts_access(&req)) {
|
if(!hosts_access(&req)) {
|
||||||
logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
|
logit(deny_severity, addr, proc, prog,
|
||||||
|
": request from unauthorized host");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
if (verboselog)
|
if (verboselog)
|
||||||
logit(log_severity, addr, proc, prog, "");
|
logit(log_severity, addr, proc, prog, "");
|
||||||
|
Loading…
Reference in New Issue
Block a user