Hi, On Fri, 11 Jan 2019, Martin Kratochvíl wrote: > i am using ipset longer then year on many routers. On routers under high > load (gigabit network, 300Mbps+, many packets.) we discover problem with > ipset (debian stretch ipset version 6.30, vanilla kernel 4.19.12) > > I often swap and destroy sets (ipset), for "zeroing counters" (on time > in 5 minutes) > > After few days of router normal operation the command > #ipset destroy <table_name> > > hang in kernel, proccess is seeing as D - uninterruptable. After this > happen, i couldn't make succesfully any "ipset destroy .." or "ipset > swap .." operation, or command iptables -S hang too and we have other > problem with mount or other kernel operation. After that load is higher > and higher, use of memory is higher and only way how to solve this is > reboot router, panic ocurs aproximately 4-6 hours after the comannd > hangs. Is there any ipset operation (list/swap/etc.) executed in parallel with the destroy command which hangs? Is there any kernel message during this time? Couldn't you capture a panic message? > We try change the debian package ipset 6.30, with ipset 7.1 and compile > last kernel ipset modules from source against kernel 4.19.12 as extra/ > and change it in our kernel router. The problem still persist with this > new ipset modules too. > > We do not se any messages in kernel log with problem. The problem occurs > with r8169 driver, with r8168 driver too. The problem ocurs with e1000e > driver on other hardware. > > In older kernel 4.16.8 this do not happen. There was a race betwen save/swap/delete, fixed just before ipset 6.30. So it's strange... > Is this kernel problem or problem with ipset? Is other way how to > zeroing counter in ipset? Or is it problem with swapping and destroying > sets, when we do it so often? Probably it's an ipset issue but more info is needed... Currently there's no other way to zero the packet/byte counters. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
