Great!
It didn't die.. I hope that this does not cause high load on servers accepting a high number of connects per second..
/Uffe
Michal Trojnara wrote:
"Uffe Vedenbrant" sqm@mynta.org wrote:
I.e. libwrap will complain about unauthorized access and keep on running, not just die without any logging at all..
I really cannot say however if this is a stunnel or libwrap bug/feature.. I.e. is stunnel to sensitive of what it gets back from libwrap or is libwrap sending more data than needed back to stunnel..
Libwrap hosts_access(3) manual claims: hosts_access() consults the access control tables described in the hosts_access(5) manual page. When internal endpoint information is available, host names and client user names are looked up on demand, using the request structure as a cache. hosts_access() returns zero if access should be denied.
On the other hand hosts_options(5) claims: twist shell_command Replace the current process by an instance of the specified shell command, after performing the %<letter> expansions described in the hosts_access(5) manual page. Stdin, stdout and stderr are connected to the client process. This option must appear at the end of a rule.
In this case hosts_access *does not return at all*. 8-)
Good news! I've just modified stunnel to run libwrap as a separate process. Here is the beta version. It should work fine with twist option. ftp://stunnel.mirt.net/stunnel/stunnel-4.13b1.tar.gz
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users