Re: ipset and kernel 2.6.22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 23 Jul 2007, Łukasz Nierychło wrote:

In my opninion ipset iptree still does not work as it should be.
My test:

[]# ipset -N viruses iptree --timeout 100
[]# ipset -A viruses 172.16.14.12

Test1:
[]# ipset -T viruses 172.16.14.12
172.16.14.12 is in set viruses
Test2:
[]# ipset -T viruses 172.16.14.111
172.16.14.111 is in set viruses
Test3:
[]# ipset -T viruses 172.16.140.111
172.16.140.111 is NOT in set viruses

...

Test2 172.16.14.111 shoud NOT be in set viruses, every IP from example subnet 172.16.14.0/24
is reported as "in set", (look at test2).

Everything is ok after IPTRE_GC_TIME 5*60  (line 33 in ip_set_iptree.c)
When I changed this label to 60 this module iptree worked ok after 60s.

To test again you have to unload ipset module. Something is wrong few minutes
after module is loaded...

That looks like a real bug. Which kernel and pom-ng version are you using?

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux