On Wed, Apr 04, 2018 at 05:51:48PM -0700, Han Zhou wrote:
> Address sets are automatically generated from corresponding port
> groups, and can be used directly in ACL match conditions.


I think that sync_address_sets() has a memory leak, because I don't see
any free() calls that match up with the xstrdup() calls.  (I'm not sure
that the xstrdup() calls are actually needed.)

I don't think the xcalloc() calls are needed.  I think you can just
initialize ipv4_addrs and ipv6_addrs to NULL.

I think that sync_address_sets() is O(n**2) in n_ipv4_addrs and
n_ipv6_addrs, because of the allocation strategy.  If port groups get
big (and they will eventually even if they do not today, because scale)
I think that it would be better to expand the allocations exponentially.


dev mailing list

Reply via email to