Hi, On Tue, 14 Feb 2017, Vishwanath Pai wrote: > I noticed that in recent versions of ipset the parameter 'size' in set > type list:set is ignored. I noticed this change in the latest upstream > code. In kernel 4.1 'ipset add' errors out when I try to add more > elements than 'size' but in 4.10 it does not. For example, if the size > is set to 4 and I try to add a fifth element to the set: in 4.1 it > errors out with "set is full" but if I try the same in 4.10 kernel it > lets me add the 5th element. Yes, the internal storage method was rewritten from fixed sized arrays to linked lists. > I think this change was introduced in v4.2 by the following commit: > commit 00590fdd5be0d763631ef10e6a3e2ce8fc2d9ec3 > Author: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> > Date: Sat Jun 13 16:56:02 2015 +0200 > > netfilter: ipset: Introduce RCU locking in list type > > Standard rculist is used. > > Signed-off-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Exactly. > Adding more elements than 'size' does not break anything but has a > side-effect. For example in 4.1 kernel the command 'ipset add test e > before d' would replace d with e but on 4.10 kernel it will simply add e > to the list before d without replacing it. Yes, it's a subtle difference - and I didn't think of it... > Was this change intentional? Or should we be enforcing 'max elements' on > this set type? If we should enforce the limit then I can send a patch to > fix it. Please let me know. The change was not intentional. Maybe the best solution was to print a warning that 'size' is ignored when a list type of set is defined with a size parameter. It's an incompatibility which cannot be undone: even if we start to enforce the size parameter then the releases are still out which ignore that. What is your opinion? Should the limit still be reintroduced? Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html