Re: ipset - destroy table hang in kernel as Dproccess on kernel 4.19.12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is there any ipset operation (list/swap/etc.) executed in parallel with
the destroy command which hangs? Is there any kernel message during this
time? Couldn't you capture a panic message?


We run only sequence of command on two sets like

function zeroing() {
#create table with name zero_$1 same as $1 with zero counters
ipset save $1 | sed 's/packets [0-9]* bytes [0-9]* //g' | sed "s/$1/zero_$1/g" | ipset -! restore 
#swap new zeroed table with current one
ipset swap $1 zero_$1
#send to stdout set with value on counters
ipset save zero_$1
#destroy set with old values, we are counting from zero in new one
ipset destroy zero_$1
}

zeroing set1
zeroing set2
No other "ipset is running from parallel", only iptables packet match against ipset.
The panic happen because router have no ram or watchdog restart router because high load. It only happened on router with traffic, when i try run function on test router in my lab  with "zeroing" to catch panic message in neverending loop it works with no problem. I try catch some message with netconsole, but no success.
When script "hangs occured" i see name of process as "ipset destroy zero_$1" in htop, state of process is D
I will try solve my situation with not zeroing sets, and count difference of packets by script or zeroing each record in set individually.
There was a race betwen save/swap/delete, fixed just before ipset 6.30. So 
it's strange...
I read about that in changelog, i though the version 7.1 will solve it, but no success.
If i could help you, i can compile any different version of kernel and try it on routers or different version of ipset with extra kernel modules of this version. 
if is possible to compile ipset (or load ipset) in debug mode, i could do it


Thank you

Best regards,

MaKr


Is this kernel problem or problem with ipset? Is other way how to
zeroing counter in ipset? Or is it problem with swapping and destroying
sets, when we do it so often?

Probably it's an ipset issue but more info is needed...

Currently there's no other way to zero the packet/byte counters.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
           H-1525 Budapest 114, POB. 49, Hungary

Attachment: smime.p7s
Description: Elektronicky podpis S/MIME

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux