During a test with ~12000 established SAs it was noted that vici
related operations hung.
The operations took over 16 minutes to finish. The time was spent in
the vici message parser, which was assigning the message over and over
again, to get rid of the already parsed portions.
First fixed by cutting the consumed parts off without copying the message.
Runtime for ~12000 SAs is now around 20 seconds.
Further optimization brought the runtime down to roughly 1-2 seconds
by using an fd to read through the message variable.
Closesstrongswan/strongswan#103.
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
- Switch.pm, which was implemented as a source filter, has been deprecated in
Perl 5.10 and was later removed from the core modules in Perl 5.14 or so.
Unfortunately, its replacement, the given/when/default construct, has since
been downgraded to "experimental" status because of problems with the underlying
"smart-match" operator.
Thus, as of Perl 5.22, Perl still has no actually usable "switch"-like construct.
So just use boring, old and ugly "if/elsif/else" constructs instead, which are
compatible with almost any Perl version.
- None of the Perl modules here does anything that would require "AutoLoader".
- "Exporter" can be used to export plain functions into another modules name
space. But the things that were exported here are meant to be called as
methods. In this case, it is neither necessary nor advisable to export those
symbols.
Just export nothing (the POD documentation already said so).
- It is usually the calling script that enables (or does not enable) warnings
globally. When a module says "use warnings;" however, the caller looses control
over what warnings should be enabled in that module.