On Fri, 28 Oct 2005, Radek Hladik wrote: > What I mean is that when I create iptree without default timeout: > > ipset -N test iptree > > and now I try to add member with timeout: > > ipset -A test 1.2.3.4%60 > > but the timeout is not working and IP 1.2.3.4 stays in the iptree > forever. According to log messages: > kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): gc: 1 2 3 > 4: expires 1 jiffies 9992264 > The garbage collector is called but expires value is set to 1. I think > that it is because of the line > ipt_set_iptree.c:141 dtree->expires[d] = map->timeout ? (timeout * HZ > + jiffies) : 1; > which sets expires to 1 when adding member with timeout to non-timeout > iptree. I think it would not break backward compatibility as old > commands do not use the ip%timeout notation. There are two possibilites: - The set is created with a default timeout value, in which case all the entries time out. They can be added with specific timeout values by using ipset or with the default value via the SET target. - The set is created without a timeout value (this is the default), when the entries do not time out. The set element which is actually added to the set is denoted by '1' in the line above. In this case there is no way to have got entries which do time out, not without bloating the structures, which I do not want to do. > And I've found another issue I want to ask about. Is there any > possibility to set timeout different from default timeout via ipt_SET > target? No, the SET target is totally generic and has no notion whatsoever on the underlying set types. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary