Re : IPSET iptree problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello, 
 
my kernel is now  
Linux x-rabbit 2.6.23-rc3 1 Mon Aug 27 13:44:18 CEST 2007 i686 pentium4 i386 
GNU/Linux 
 
I preformed two tests, one shortly after boot and another few minutes later. 
The results are different.  
I hope this will help you.  
 
 
[root@x-rabbit ~] logger Test Start 
[root@x-rabbit ~] ipset -N viruses iptree --timeout 100 
[root@x-rabbit ~] ipset -A viruses 172.16.14.12 
[root@x-rabbit ~] ipset -T viruses 172.16.14.12 
172.16.14.12 is in set viruses. 
[root@x-rabbit ~] ipset -T viruses 172.16.14.111 
172.16.14.111 is in set viruses. 
[root@x-rabbit ~] ipset -n -L viruses 
Name: viruses 
Type: iptree 
References: 0 
Default binding: 
Header: timeout: 100 
Members: 
172.16.14.12%81 
Bindings: 
 
 
Kernel log: 
 
 
Aug 27 14:46:44 x-rabbit root: Test Start 
Aug 27 14:46:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
optval83, user08059198, len76 
Aug 27 14:46:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
op1 
Aug 27 14:46:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_create (DBG): 
setname: viruses, typename: iptree, id: 
65535 
Aug 27 14:46:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_create (DBG): try 
to load ip_set_iptree 
Aug 27 14:46:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_register_set_type 
(DBG): 'iptree' registered. 
Aug 27 14:46:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_create (DBG): 
create: 'viruses' created with index 0, 
id 0! 
Aug 27 14:46:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
final result 0 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbfb076a8, len72 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op10 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 72 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
optval83, user08059060, len16 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
op101 
 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: addip (DBG): 
172.16.14.12 0 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
172 16 14 12 timeout 100 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
alloc 172 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
alloc 16 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
alloc 14 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 12 
4294935011 
Aug 27 14:47:10 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
final result 0 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbfe349d8, len72 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op10 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 72 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
optval83, user08059060, len16 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
op103 
 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 
172 16 14 12 timeout 100 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 
4294935011 4294911225 
Aug 27 14:47:15 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
final result -17 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbf811bb8, len72 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op10 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 72 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
optval83, user08059060, len16 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
op103 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 
172 16 14 111 timeout 100 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 0 
4294912132 
Aug 27 14:47:18 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
final result -17 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbfd2a77c, len44 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op20 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set :all:, copylen 44 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, user08059138, len80 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op201 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
filled viruses of type iptree, index 
 0 
 
Aug 27 14:47:28 x-rabbit kernel: 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: list_members_size 
(DBG): members 1 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set :all:, copylen 80 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, user08059138, len32 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op203 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_list_set (DBG): set: 
viruses, used: 0 e083e000 e083e00 
0 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: list_members_size 
(DBG): members 1 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 32 
Aug 27 14:47:28 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:51:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses 
Aug 27 14:51:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: 172 16 14 12: expires 4294935011 
 jiffies 15109 
Aug 27 14:51:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses: leaf 172 16 14 empty 
Aug 27 14:51:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses: branch 172 16 empty 
Aug 27 14:51:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses: branch 172 empty 
 
 
 
 
The same test after 5 minutes from system boot: 
 
 
root@x-rabbit ~] logger Next Test 
[root@x-rabbit ~] ipset -A viruses 172.16.14.12 
[root@x-rabbit ~] ipset -T viruses 172.16.14.12 
172.16.14.12 is in set viruses. 
[root@x-rabbit ~] ipset -T viruses 172.16.14.111 
172.16.14.111 is NOT in set viruses. 
[root@x-rabbit ~] ipset -n -L viruses 
Name: viruses 
Type: iptree 
References: 0 
Default binding: 
Header: timeout: 100 
Members: 
172.16.14.12%83 
Bindings: 
 
 
Kernel Logs: 
 
Aug 27 14:55:38 x-rabbit root: Next Test 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbfc71818, len72 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op10 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 72 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
optval83, user08059060, len16 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
op101 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: addip (DBG): 
172.16.14.12 0 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
172 16 14 12 timeout 100 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
alloc 172 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
alloc 16 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 
alloc 14 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __addip (DBG): 12 
95780 
Aug 27 14:55:42 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
final result 0 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbfb58f08, len72 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op10 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 72 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
optval83, user08059060, len16 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
op103 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 
172 16 14 12 timeout 100 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 
95780 71693 
Aug 27 14:55:46 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
final result -17 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbf843be8, len72 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op10 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 72 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
optval83, user08059060, len16 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
op103 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 
172 16 14 111 timeout 100 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: __testip (DBG): 0 
72605 
Aug 27 14:55:49 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_set (DBG): 
final result 0 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, userbfc88edc, len44 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op20 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set :all:, copylen 44 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, user08059138, len80 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op201 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
filled viruses of type iptree, index 
 0 
Aug 27 14:55:59 x-rabbit kernel: 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: list_members_size 
(DBG): members 1 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set :all:, copylen 80 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
optval83, user08059138, len32 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
op203 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_list_set (DBG): set: 
viruses, used: 0 e083e000 e083e00 
0 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: list_members_size 
(DBG): members 1 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
set viruses, copylen 32 
Aug 27 14:55:59 x-rabbit kernel: net/ipv4/netfilter/ip_set.c: ip_set_sockfn_get (DBG): 
final result 0 
Aug 27 14:56:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses 
Aug 27 14:56:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: 172 16 14 12: expires 95780 jiff 
ies 90109 
Aug 27 14:56:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses: leaf 172 16 14 not empt 
y 
Aug 27 14:56:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses: branch 172 16 not empty 
Aug 27 14:56:59 x-rabbit kernel: net/ipv4/netfilter/ip_set_iptree.c: ip_tree_gc (DBG): 
gc: viruses: branch 172 not empty 
(END) 
 
 
 
 
 
 
 
>>> After IPTREE_GC_TIME all is ok for some unknown period of 
>>> time, but finally this malfunction comes again. 
>> 
>> Thank you the reports, on the weekend I'll be able to debug it. 
>> Please stay tuned. 
> 
>Hm, I'm unable to reproduce it. There *was* an endian-related bug in  
>the iptree type, but even that could not cause such behaviour. 
> 
>Please give a try to the upcoming release, which you can get 
>as http://ipset.netfilter.org/ipset-2.6.23-rc3.patch. 
> 
>If you still see the bug, please do the following: 
> 
>- recompile ipset in the kernel with debugging enabled, i.e. change 
> 
>if 0 
>define IP_SET_DEBUG 
>endif 
> 
>   to 
> 
>if 1 
>define IP_SET_DEBUG 
>endif 
> 
>   in <kernel-src>/include/linux/netfilter_ipv4/ip_set.h 
> 
>- then after recompiling issue the following commands and report the 
>   resulted kernel logs: 
> 
> ipset -N viruses iptree --timeout 100 
> ipset -A viruses 172.16.14.12 
> ipset -T viruses 172.16.14.12 
> ipset -T viruses 172.16.14.111 
> ipset -n -L viruses 
> 
>Best regards, 
>Jozsef 
>-
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux