On Fri, 10 Oct 2014, Patrick Schaaf wrote: > > You are right, I'll look into it. Part of the problem comes from a bad > > protocol decision, because ipset passes timeout values as an u32 value > > between userspace and kernel. > > Not sure whether it makes sense, but maybe an intermediate "fix" would > be to recognize, in userlevel, the too-large values, and properly clamp > them to the highest value representable by the protocol. Better than > wraparound that causes unexpectedly low timeouts, I think. I'm thinking on just introducing a new attribute to carry u64 sized timeout values. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
