On Tue, 17 May 2011, Lutfi wrote:
> I am using ipset v. 6.2 on my Debian 6.0 64 bit box with kernel verison
> 2.6.37.2 #12. I used the command "ipset create test iptree --timeout
> 10800" for creating the set and add the ip addresses by using "ipset
> add test x.x.x.x". At beginning there seems no problem but after a while
> timeout values increases for ip addresses. Moreover I use a script to
> add those ip addresses to this set. The output of "ipset
> list test" is below:
>
> Name: test
> Type: hash:ip
> Header: family inet hashsize 8192 maxelem 65536 timeout 10800
> Size in memory: 733184
> References: 3
> Members:
> 82.192.209.168 timeout 14134968
I have tried to reproduce it with ipset-6.5 and was unsuccessful. However,
there are some problems with the timeout conversions in the kernel. Could
you try the attached patch and report back whether it solves the issue?
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungarydiff --git a/kernel/include/linux/netfilter/ipset/ip_set_timeout.h b/kernel/include/linux/netfilter/ipset/ip_set_timeout.h
index b9a0c26..bae086a 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -48,7 +48,7 @@ ip_set_timeout_test(unsigned long timeout)
{
return timeout != IPSET_ELEM_UNSET &&
(timeout == IPSET_ELEM_PERMANENT ||
- time_after(timeout, jiffies));
+ time_is_after_jiffies(timeout));
}
static inline bool
@@ -56,7 +56,7 @@ ip_set_timeout_expired(unsigned long timeout)
{
return timeout != IPSET_ELEM_UNSET &&
timeout != IPSET_ELEM_PERMANENT &&
- time_before(timeout, jiffies);
+ time_is_before_jiffies(timeout);
}
static inline unsigned long
@@ -67,7 +67,7 @@ ip_set_timeout_set(u32 timeout)
if (!timeout)
return IPSET_ELEM_PERMANENT;
- t = timeout * HZ + jiffies;
+ t = msecs_to_jiffies(timeout * 1000) + jiffies;
if (t == IPSET_ELEM_UNSET || t == IPSET_ELEM_PERMANENT)
/* Bingo! */
t++;
@@ -78,7 +78,8 @@ ip_set_timeout_set(u32 timeout)
static inline u32
ip_set_timeout_get(unsigned long timeout)
{
- return timeout == IPSET_ELEM_PERMANENT ? 0 : (timeout - jiffies)/HZ;
+ return timeout == IPSET_ELEM_PERMANENT ? 0 :
+ jiffies_to_msecs(timeout - jiffies)/1000;
}
#else
@@ -92,14 +93,14 @@ static inline bool
ip_set_timeout_test(unsigned long timeout)
{
return timeout == IPSET_ELEM_PERMANENT ||
- time_after(timeout, jiffies);
+ time_is_after_jiffies(timeout);
}
static inline bool
ip_set_timeout_expired(unsigned long timeout)
{
return timeout != IPSET_ELEM_PERMANENT &&
- time_before(timeout, jiffies);
+ time_is_before_jiffies(timeout);
}
static inline unsigned long
@@ -110,7 +111,7 @@ ip_set_timeout_set(u32 timeout)
if (!timeout)
return IPSET_ELEM_PERMANENT;
- t = timeout * HZ + jiffies;
+ t = msecs_to_jiffies(timeout * 1000) + jiffies;
if (t == IPSET_ELEM_PERMANENT)
/* Bingo! :-) */
t++;
@@ -121,7 +122,8 @@ ip_set_timeout_set(u32 timeout)
static inline u32
ip_set_timeout_get(unsigned long timeout)
{
- return timeout == IPSET_ELEM_PERMANENT ? 0 : (timeout - jiffies)/HZ;
+ return timeout == IPSET_ELEM_PERMANENT ? 0 :
+ jiffies_to_msecs(timeout - jiffies)/1000;
}
#endif /* ! IP_SET_BITMAP_TIMEOUT */
