On Mon Aug 23 2010 at 13:53:40 +0200, Christoph Egger wrote: > > ... has been found by OpenBSD: > > Their commit message: > -------------------------------------------- > Fix a 16 year old bug in the sorting routine for non-contiguous netmasks. > For masks of identical length rn_lexobetter() did not stop on the > first non-equal byte. This leads rn_addroute() to not detecting > duplicate entries and thus we might create a very long list of masks > to check for each node. > This can have a huge impact on IPsec performance, where non-contiguous > masks are used for the flow lookup. In a setup with 1300 flows we > saw 400 duplicate masks and only a third of the expected throughput. > -------------------------------------------- > > The patch is attached. Any comments?
The test for this is missing.
