Red Hat Bugzilla – Bug 1496859
TestOnly: ipset comment extension does not work
Last modified: 2018-08-21 08:56:06 EDT
Description of problem: Trying to create an ipset with comments does not work although according to the package man page it should be possible. Version-Release number of selected component (if applicable): ipset-6.29-1.el7.x86_64 How reproducible: using ipset command as instructed in the ipset man page. Steps to Reproduce: 1. ipset create foo hash:net comment Actual results: [root@hexbit ~]# ipset create foo hash:net comment ipset v6.29: Unknown argument: `comment' Try `ipset help' for more information. Expected results: New ipset is created and it is possible to add entries with a comment to it (excerpt from another system that has OpenSUSE Leap 42.2): antique:~ # ipset create foo hash:net comment antique:~ # ipset add foo 10.10.10.0/24 comment "this is a comment" antique:~ # ipset list foo Name: foo Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 comment Size in memory: 506 References: 0 Number of entries: 1 Members: 10.10.10.0/24 comment "this is a comment" antique:~ # Additional info: The OpenSUSE Leap 42.2 system where the ipset comment extension works, ipset reports its version to be v6.29, the actual package name is ipset-6.29-1.29.x86_64
What is the status of this? I'm having the exact same issue above with RHEL 7.4 and ipset v6.29
Jim, (In reply to Jim Roland, RHCE from comment #4) > What is the status of this? I'm having the exact same issue above with RHEL > 7.4 and ipset v6.29 This feature requires a substantial rework of the ipset kernel component which is currently being targeted for the RHEL 7.6 kernel.
reproduce on 3.10.0-870.el7.x86_64: # ipset create foo hash:ip comment ipset v6.38: Argument `comment' is supported in the kernel module of the set type hash:ip starting from the revision 2 and you have installed revision 1 only. Your kernel is behind your ipset utility. verify on 3.10.0-894.el7.x86_64 ipset create foo hash:ip comment ipset add foo 192.168.1.1 comment "finally allow comment" ipset list Name: foo Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 comment Size in memory: 256 References: 0 Number of entries: 1 Members: 192.168.1.1 comment "finally I allow comment"
With Fedora 28 kernel 4.17.14-202.fc28.x86_64 ipset v6.38, an error message appear but it seems to be correct. # ipset create foo hash:ip comment # ipset -L Name: foo Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 comment Size in memory: 88 References: 0 Number of entries: 0 Members: # ipset add foo 192.168.1.1/24 comment "My comment 1" ipset v6.38: Element cannot be added to the set: it's already added # ipset -L Name: foo Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 comment Size in memory: 213 References: 0 Number of entries: 1 Members: 192.168.1.1 comment "My comment 1" # ipset add foo 192.168.1.2/24 comment "My comment 2" ipset v6.38: Element cannot be added to the set: it's already added # ipset -L Name: foo Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 comment Size in memory: 338 References: 0 Number of entries: 2 Members: 192.168.1.1 comment "My comment 1" 192.168.1.2 comment "My comment 2"