Hi, Thanks for the reply Jozsef. The compilation fails unless you put u_int32_t min_ip, max_ip; (instead of __be32 ) in KERNEL_DIR/ include/linux/netfilter_ipv4/ipt_iprange.h But I have an other pb. When I want to flush and delete all rules. (after ipset -U :all: :all: ; ipset -F ; ipset -X and iptables -D <on appropriate rules using sets >) Sometimes, references stays on some sets. How can I really destroy them ? Thanks in advance 2007/3/28, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>:
On Tue, 27 Mar 2007, Ismaël BALLO wrote: > I use ipset 2.2.9a on kernel 2.6.19.7 compiled (from kernel.org) with > these options > (iptables 1.3.6) > I have a minor bug (non blocking) when I load ipsets ( it seems it > happens when I have a large numbers of bindings) > > Mar 23 14:45:10 fwa01 kernel: BUG: sleeping function called from > invalid context at mm/slab.c:3007 > Mar 23 14:45:10 fwa01 kernel: in_atomic():1, irqs_disabled():0 > Mar 23 14:45:10 fwa01 kernel: [<c0158e6c>] kmem_cache_alloc+0x1b/0x55 > Mar 23 14:45:10 fwa01 kernel: [<f89a77b8>] ip_set_hash_add+0xe7/0x142 > [ip_set] That's due to a stupid bug of mine in the flag of kmalloc. The fixed kernel source can be downloaded from the svn repository or as the patch-o-matic-ng-20070328.tar.bz2 snapshot from the ipset webpage. Thank you for the bugreport. > and other : What can we chose best parameters for hashsize, probes, resize ? There is no golden path: either you pay by memory for speed (i.e. large hashsize, small probes, large resize percentage) or reversed. The defaults of the iphash and nethash types are towards the other end, i.e. spare with the memory requirement and loose thus speed. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
