Jozsef Kadlecsik wrote: >> nl# ipset -v >> ipset v4.1, protocol version 4. >> Kernel module protocol version 4. > > I'll try to reproduce and find the reason for the difference in the > listing. > I can add another data point. A similar issue can be seen when xtables-addons 1.21 is installed on Debian Lenny, kernel 2.6.26-openvz-am64. In that case, extra /31 networks show up whether a set name is supplied or not; they are different in the two cases, however. gateway:~# ipset -L dshield -n Name: dshield Type: nethash References: 1 Header: hashsize: 1024 probes: 4 resize: 50 Members: 74.63.225.0/24 218.206.128.0/24 210.212.152.0/24 77.254.150.0/24 116.55.199.0/24 118.160.213.0/24 70.38.64.0/24 91.144.92.0/24 58.221.42.0/24 174.129.75.0/24 88.163.67.0/24 219.139.40.0/24 88.79.127.0/24 194.165.153.0/24 75.101.178.0/24 222.45.112.0/24 202.155.202.0/24 89.149.204.0/24 118.161.234.0/24 122.200.121.0/24 116.114.111.222/31 0.112.97.216/31 0.1.0.0/31 97.109.111.218/31 0.0.108.208/31 97.104.112.208/31 0.0.104.228/31 gateway:~# ipset -L -n ... Name: dshield Type: nethash References: 1 Header: hashsize: 1024 probes: 4 resize: 50 Members: 74.63.225.0/24 218.206.128.0/24 210.212.152.0/24 77.254.150.0/24 116.55.199.0/24 118.160.213.0/24 70.38.64.0/24 91.144.92.0/24 58.221.42.0/24 174.129.75.0/24 88.163.67.0/24 219.139.40.0/24 88.79.127.0/24 194.165.153.0/24 75.101.178.0/24 222.45.112.0/24 202.155.202.0/24 89.149.204.0/24 118.161.234.0/24 122.200.121.0/24 48.116.105.228/31 97.104.112.208/31 0.0.104.228/31 0.5.0.8/31 95.116.101.218/31 101.114.105.198/31 0.0.116.196/31 ... All of the /31 nets are bogus. When installed on a Lenny system running kernel 2.6.26-686, things seem to work as expected. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Attachment:
signature.asc
Description: OpenPGP digital signature
