Using sfio

[Russ Allbery]

Alex Kiernan <alexk at demon.net> writes:

> I've finally found some time to integrate the many changes against the
> upstream we're running and started thinking about the SSL/rate limiting
> code in nnrpd.

> Something I've not looked hard at, but seems like a neat way of dealing
> with it is sfio (http://www.research.att.com/sw/tools/sfio/), which I
> think sendmail uses/used?, which has support for disciplines on a
> stream, so we could push an SSL discipline, a rate limiting discipline
> etc.

That sounds pretty cool.  I know Perl used to (maybe still does) have an
option to build with sfio as well, since it has better behavior in various
situations.  (I think it handles large files and large numbers of file
descriptors better, for instance.)

I'm not sure what to think about integrating sfio into INN.  I think
that's a lot of code.  Hm.  I wonder how hard it would be to make it an
option (and I wouldn't object to having it be required if people want to
use some features like rate limiting or SSL, but I haven't thought about
that in a lot of detail).

It's a bit unclear to me what the native SSL support is buying us over
just using stunnel since nnrpd is a forking server anyway, but I also
haven't examined it in any detail.  The code right now is pretty ugly (and
there are a whole bunch of pending patches for it from Bear Giles that I
haven't had a chance to apply yet).

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.