Hide Forgot
ipset doesn't refresh timeout for an existing entry when the table is FULL. - Version-Release number of selected component: kernel: 3.11.9-200.fc19.x86_64 and 3.11.10-200.fc19.x86_64 ipset: v6.16.1 and v6.20.1 - Steps to Reproduce: # ipset create http hash:ip timeout 0 maxelem 5 # ipset add http 192.168.0.1 # ipset add http 192.168.0.2 # ipset add http 192.168.0.3 # ipset add http 192.168.0.4 # ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 5 timeout 0 Size in memory: 16784 References: 0 Members: 192.168.0.3 timeout 0 192.168.0.4 timeout 0 192.168.0.1 timeout 0 192.168.0.2 timeout 0 # ipset add http 192.168.0.5 -exist timeout 60 (wait)# ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 5 timeout 0 Size in memory: 16848 References: 0 Members: 192.168.0.3 timeout 0 192.168.0.4 timeout 0 192.168.0.5 timeout 41 192.168.0.1 timeout 0 192.168.0.2 timeout 0 # ipset add http 192.168.0.5 -exist timeout 60 ipset v6.20.1: Hash is full, cannot add more elements # ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 5 timeout 0 Size in memory: 16848 References: 0 Members: 192.168.0.3 timeout 0 192.168.0.4 timeout 0 192.168.0.5 timeout 21 <<<<---- It should be 60. 192.168.0.1 timeout 0 192.168.0.2 timeout 0 It works flawlessly when the tables is not full. # ipset del http 192.168.0.4 # ipset add http 192.168.0.5 -exist timeout 60 (wait)# ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 5 timeout 0 Size in memory: 16848 References: 0 Members: 192.168.0.3 timeout 0 192.168.0.5 timeout 38 192.168.0.1 timeout 0 192.168.0.2 timeout 0 # ipset add http 192.168.0.5 -exist timeout 60 # ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 5 timeout 0 Size in memory: 16848 References: 0 Members: 192.168.0.3 timeout 0 192.168.0.5 timeout 59 <<<<<----- OK 192.168.0.1 timeout 0 192.168.0.2 timeout 0
Thanks for the bug report. You say it is reproducible with ipset 6.20.1, did you try that on F19 as well?
(In reply to Mathieu Bridon from comment #1) > Thanks for the bug report. > > You say it is reproducible with ipset 6.20.1, did you try that on F19 as > well? Yes, it happens in a fresh install of fedora 19. thank you.
(In reply to Xose Vazquez Perez from comment #2) > (In reply to Mathieu Bridon from comment #1) > > Thanks for the bug report. > > > > You say it is reproducible with ipset 6.20.1, did you try that on F19 as > > well? > > Yes, it happens in a fresh install of fedora 19. Now I'm confused, because Fedora 19 doesn't have ipset 6.20.1 Did you try installing the Fedora 20 package on Fedora 19? ---------- Anyway, I can reproduce it on Fedora 20 as well: kernel-3.11.9-300.fc20.x86_64 ipset-6.20.1-1.fc20.x86_64 I just now see that you've already opened a bug report for that. I was about to do it, so thanks a lot for being proactive here. :) Let's see what upstream says.
(In reply to Mathieu Bridon from comment #3) > Now I'm confused, because Fedora 19 doesn't have ipset 6.20.1 That's right. But... > Did you try installing the Fedora 20 package on Fedora 19? ... I did rebuild also http://kojipkgs.fedoraproject.org//packages/ipset/6.20.1/1.fc21/src/ipset-6.20.1-1.fc21.src.rpm on F19. > I just now see that you've already opened a bug report for that. I was about > to do it, so thanks a lot for being proactive here. :) > > Let's see what upstream says. just waiting...
It still happens with: kernel 3.16.3-200.fc20.x86_64 ipset v6.22, protocol version: 6 (ipset-6.22-1.fc20.x86_64)
Fixed upstream. It was in the kernel side: http://git.netfilter.org/ipset/commit/?id=d5927a73000ca784623feeab2b73facbd7fca3b0 -thanks-