tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: 16 year old bug

On Mon Aug 23 2010 at 13:53:40 +0200, Christoph Egger wrote:
> ... has been found by OpenBSD:
> Their commit message:
> --------------------------------------------
> Fix a 16 year old bug in the sorting routine for non-contiguous netmasks.
> For masks of identical length rn_lexobetter() did not stop on the
> first non-equal byte. This leads rn_addroute() to not detecting
> duplicate entries and thus we might create a very long list of masks
> to check for each node.
> This can have a huge impact on IPsec performance, where non-contiguous
> masks are used for the flow lookup.  In a setup with 1300 flows we
> saw 400 duplicate masks and only a third of the expected throughput.
> --------------------------------------------
> The patch is attached. Any comments?

The test for this is missing.

Home | Main Index | Thread Index | Old Index