1496859 – TestOnly: ipset comment extension does not work

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1496859 - TestOnly: ipset comment extension does not work

Summary: TestOnly: ipset comment extension does not work

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	7.4
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Stefano Brivio
QA Contact:	yiche
Docs Contact:	Ioanna Gkioka
URL:
Whiteboard:
Depends On:	1557599
Blocks:	NST_77ReleaseNotes
TreeView+	depends on / blocked

Reported:	2017-09-28 16:20 UTC by martti.laaksonen
Modified:	2023-05-18 10:02 UTC (History)
CC List:	19 users (show)
Fixed In Version:	kernel-3.10.0-894.el7
Doc Type:	Enhancement
Doc Text:	The ipset `comment` extension is now supported Τhis update adds the ipset `comment` extension. Τhis enables you to add entries with a comment. For more information, see the ipset (8) man page.
Clone Of:
Environment:
Last Closed:	2019-06-17 10:46:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description martti.laaksonen 2017-09-28 16:20:41 UTC

Description of problem:
Trying to create an ipset with comments does not work although according to the package man page it should be possible.

Version-Release number of selected component (if applicable):
ipset-6.29-1.el7.x86_64

How reproducible:
using ipset command as instructed in the ipset man page.

Steps to Reproduce:
1. ipset create foo hash:net comment


Actual results:
[root@hexbit ~]# ipset create foo hash:net comment
ipset v6.29: Unknown argument: `comment'
Try `ipset help' for more information.


Expected results:
New ipset is created and it is possible to add entries with a comment to it (excerpt from another system that has OpenSUSE Leap 42.2):
antique:~ # ipset create foo hash:net comment
antique:~ # ipset add foo 10.10.10.0/24 comment "this is a comment"
antique:~ # ipset list foo
Name: foo
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 506
References: 0
Number of entries: 1
Members:
10.10.10.0/24 comment "this is a comment"
antique:~ # 


Additional info:
The OpenSUSE Leap 42.2 system where the ipset comment extension works, ipset reports its version to be v6.29, the actual package name is ipset-6.29-1.29.x86_64

Comment 4 Jim Roland, RHCE 2018-03-16 21:23:15 UTC

What is the status of this?  I'm having the exact same issue above with RHEL 7.4 and ipset v6.29

Comment 5 Stefano Brivio 2018-03-18 19:35:14 UTC

Jim,

(In reply to Jim Roland, RHCE from comment #4)
> What is the status of this?  I'm having the exact same issue above with RHEL
> 7.4 and ipset v6.29

This feature requires a substantial rework of the ipset kernel component which is currently being targeted for the RHEL 7.6 kernel.

Comment 18 yiche 2018-08-10 09:29:50 UTC

reproduce on 3.10.0-870.el7.x86_64:
# ipset create foo hash:ip comment
ipset v6.38: Argument `comment' is supported in the kernel module of the set type hash:ip starting from the revision 2 and you have installed revision 1 only. Your kernel is behind your ipset utility.

verify on 3.10.0-894.el7.x86_64
ipset create foo hash:ip comment
ipset add foo 192.168.1.1 comment "finally allow comment"
ipset list

Name: foo
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 256
References: 0
Number of entries: 1
Members:
192.168.1.1 comment "finally I allow comment"

Comment 19 Franck Le GUILLOUS 2018-08-21 12:56:06 UTC

With Fedora 28 kernel 4.17.14-202.fc28.x86_64 ipset v6.38, an error message appear but it seems to be correct.

# ipset create foo hash:ip comment
# ipset -L
Name: foo
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 88
References: 0
Number of entries: 0
Members:

# ipset add foo 192.168.1.1/24 comment "My comment 1" 
ipset v6.38: Element cannot be added to the set: it's already added

# ipset -L
Name: foo
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 213
References: 0
Number of entries: 1
Members:
192.168.1.1 comment "My comment 1"

# ipset add foo 192.168.1.2/24 comment "My comment 2" 
ipset v6.38: Element cannot be added to the set: it's already added

# ipset -L
Name: foo
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 338
References: 0
Number of entries: 2
Members:
192.168.1.1 comment "My comment 1"
192.168.1.2 comment "My comment 2"

Comment 20 ethan 2022-08-03 09:33:13 UTC Comment hidden (spam)

I am read your all article which you post for us. Thanks for giving an amazing post. https://tech-sujit.blogspot.com/ If you want a different search then go my website.

Comment 22 Tom Hiddleston 2022-12-21 09:48:18 UTC Comment hidden (spam)

Very great article. I read many articles on this blog but the information you give is very good and useful. https://krunkergame.co

Comment 23 Rowell 2023-02-28 14:18:00 UTC Comment hidden (spam)

I visit this page regularly and recommend it to all of those who wanted to enhance their knowledge with ease. https://lolbeans-io.com

Comment 24 Tony Adams 2023-03-15 01:12:36 UTC Comment hidden (spam)

According to the ipset man page, the comment extension was added in version 6.7 of ipset. Therefore, you may want to check if your system has a more recent version of ipset installed that supports the comment extension. https://fnf2.io/

Comment 25 Celine Dion 2023-04-10 09:51:36 UTC Comment hidden (spam)

It is possible that the chipset version in the system where you are experiencing the issue may not support the comment extension or there may be some configuration or installation issue. https://wordlewebsite.com

Comment 26 victorable 2023-05-06 07:42:33 UTC Comment hidden (spam)

Can try Version-Number ipset-6.29-1.el7.x86_64 https://driftboss.co

Comment 27 heritageericsson 2023-05-17 04:29:56 UTC Comment hidden (spam)

Morning strolls in the fog, eating ice cream on the front porch, riding bikes, and afternoon excursions to towering cliffs with panoramic views of the Atlantic are just some of the simple joys that may be enjoyed here. https://phrazle.co

Note You need to log in before you can comment on or make changes to this bug.