Bug 846053
| Summary: | Values given for ipset from command line grow big | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ilpo Nyyssonen <iny> |
| Component: | ipset | Assignee: | Mathieu Bridon <bochecha> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | anthony.bloodoff, bill, bochecha |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-11-16 07:40:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ilpo Nyyssonen
2012-08-06 16:56:37 UTC
Thanks for the bug report. Unfortunately, I don't have access to a Fedora 17 machine, only F16 and Rawhide, so I can't reproduce this bug. Moreover, on Fedora 16 (which has the exact same version of ipset): # ipset list # ipset create test hash:ip timeout 60 # ipset list Name: test Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 timeout 60 Size in memory: 16504 References: 0 Members: I'm wondering if that's not a difference in the kernel (ipset is part user-space, part kernel-space). :-/ I'm running a more recent kernel here on Fedora 16: # uname -a Linux localhost.localdomain 3.4.6-1.fc16.x86_64 #1 SMP Fri Jul 20 12:58:04 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux Could you try updating to the latest F17 kernel (3.5.0), and see if the issue is still present? Linux localhost.localdomain 3.5.1-1.fc17.x86_64 #1 SMP Thu Aug 9 17:50:43 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux # ipset n test hash:ip maxelem 60 # ipset list Name: test Type: hash:ip Header: family inet hashsize 1024 maxelem 905969664 Size in memory: 16504 References: 0 Members: Thanks for the test. I'm really confused though, I honestly have no idea where this is coming from. Like I said, I can't reproduce it on Fedora 16, and my only other machine is running Fedora 18 (ipset-6.13, same kernel and libmnl as you), where I can't reproduce the problem either. :-/ I'll see if I can get a Fedora 17 VM running to try it out. Fedora 17, kernel 3.5.4-1.fc17.i686.PAE, ipset-6.11-1.fc17.i686 doing the commands ipset create virtual hash:ip,port,ip ipset add virtual 10.0.0.1,110,10.0.0.2 Then, I do "ipset list" and see random values of port Name: virtual Type: hash:ip,port,ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8328 References: 0 Members: 10.0.0.1,tcp:9737,10.0.0.2 on some types of ipsets a got a kernel panic when adding a first element to set So I really have no clue about this problem, I still can't reproduce it.
I just tried building the F18 packages for F17:
http://bochecha.fedorapeople.org/ipset-rhbz846053/
Could you try them, and see if they fix your problem?
I try to rebuild i686 from src.rpm, and install on test virtual machine FC17, kernel 3.5.3-1.fc17.i686.PAE and its work fine!!! Also test on real machine, FC17, kernel 3.5.4-1.fc17.i686.PAE and its work fine. Tonight I will try to test on x86-64 machine (In reply to comment #6) > I try to rebuild i686 from src.rpm, Oh, sorry, I completely forgot about i686. >_< > and install on test virtual machine > FC17, kernel 3.5.3-1.fc17.i686.PAE and its work fine!!! > > Also test on real machine, FC17, kernel 3.5.4-1.fc17.i686.PAE and its work > fine. You mean it fixes the problem you reported in comment 4? That's good, could you also try whether the commands in comment 0 are fixed? > Tonight I will try to test on x86-64 machine Thanks. I have to say I'm a bit worried about updating F17 at this time, as there's an ABI break between 6.11 and 6.13. But if that's what fixes this bug, and if we can't easily isolate and backport the actual change, I'll do it. FC17, kernel 3.5.2-3.fc17.x86_64, works as expected [root@orion distr]# ipset create virtual hash:ip,port,ip [root@orion distr]# ipset list Name: virtual Type: hash:ip,port,ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16512 References: 0 Members: [root@orion distr]# ipset add virtual 10.0.0.1,tcp:22-25,10.0.0.2 [root@orion distr]# ipset list Name: virtual Type: hash:ip,port,ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16704 References: 0 Members: 10.0.0.1,tcp:22,10.0.0.2 10.0.0.1,tcp:24,10.0.0.2 10.0.0.1,tcp:23,10.0.0.2 10.0.0.1,tcp:25,10.0.0.2 "ipset save", "ipset restore" also works, on ipset 6.11 on restore operation I have got eating of all memory(48Gb) and swap(8Gb). Great! Can you also try the two commands from the original comment? # ipset create test hash:ip timeout 60 # ipset create test hash:ip maxelem 16 In both cases the values (for timeout and maxelem respectively) were completely wrong, I'd like to make sure this is all fixed before I decide pushing an update. FC17, kernel 3.5.2-3.fc17.x86_64 ipset create test hash:ip timeout 60 ipset create test1 hash:ip maxelem 16 Name: test Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 timeout 60 Size in memory: 16504 References: 0 Members: Name: test1 Type: hash:ip Header: family inet hashsize 1024 maxelem 16 Size in memory: 16504 References: 0 Members: Awesome, thanks a lot for the testing! So, if I'm updating Fedora 17, I might as well update all the way to the latest upstream release (which is already in F18).
If you have a moment, can you test that these packages still fix this bug:
http://bochecha.fedorapeople.org/ipset-rhbz846053/
(this time I built both 32 and 64 bits :)
Evidently this fix hasn't been pushed to the repro. The timeout is still wrong: [root@moses ~]# man uname [root@moses ~]# uname -r 3.6.3-1.fc17.x86_64 [root@moses ~]# rpm -q ipset ipset-6.11-1.fc17.x86_64 [root@moses ~]# ipset destroy test [root@moses ~]# ipset create test hash:ip timeout 60 [root@moses ~]# ipset list test Name: test Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 timeout 4294967 Size in memory: 16504 References: 0 Members: Is the fix ready for prime-time? Bill (In reply to comment #13) > Evidently this fix hasn't been pushed to the repro. Of course it hasn't. My last comment asked people to help me try a package with the fix, because I can't reproduce it myself. (In reply to comment #14) > (In reply to comment #13) > > Evidently this fix hasn't been pushed to the repro. > > Of course it hasn't. > > My last comment asked people to help me try a package with the fix, because > I can't reproduce it myself. My apologies, I was assuming this had been confirmed. This works for me: [root@moses rpms]# uname -r 3.6.3-1.fc17.x86_64 [root@moses rpms]# rpm -q ipset ipset-6.14-1.fc17.x86_64 [root@moses rpms]# ipset destroy test [root@moses rpms]# ipset create test hash:ip timeout 60 [root@moses rpms]# ipset list test Name: test Type: hash:ip Revision: 0 Header: family inet hashsize 1024 maxelem 65536 timeout 60 Size in memory: 16504 References: 0 Members: Thanks for fixing this, Bill ipset-6.14-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/ipset-6.14-1.fc17 Package ipset-6.14-1.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ipset-6.14-1.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-17768/ipset-6.14-1.fc17 then log in and leave karma (feedback). ipset-6.14-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |