Hi Martin,
On Fri, 11 Jan 2019, Martin Kratochvíl wrote:
> > Is there any ipset operation (list/swap/etc.) executed in parallel
> > with the destroy command which hangs? Is there any kernel message
> > during this time? Couldn't you capture a panic message?
>
> We run only sequence of command on two sets like
>
> function zeroing() {
> #create table with name zero_$1 same as $1 with zero counters
> ipset save $1 | sed 's/packets [0-9]* bytes [0-9]* //g' | sed
> "s/$1/zero_$1/g" | ipset -! restore
> #swap new zeroed table with current one
> ipset swap $1 zero_$1
> #send to stdout set with value on counters
> ipset save zero_$1
> #destroy set with old values, we are counting from zero in new one
> ipset destroy zero_$1
> }
>
> zeroing set1
> zeroing set2
>
> No other "ipset is running from parallel", only iptables packet match
> against ipset.
Could you send me a saved set with the counters on? I'd attempt to
reproduce the issue.
> I will try solve my situation with not zeroing sets, and count
> difference of packets by script or zeroing each record in set
> individually.
That's only a workaround, there should be no problem whatsoever in the
usage above.
> If i could help you, i can compile any different version of kernel and
> try it on routers or different version of ipset with extra kernel
> modules of this version. if is possible to compile ipset (or load ipset)
> in debug mode, i could do it
Thanks! First I'd like to reproduce it and then fix whatever causes the
hang of destroying a set.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
