[Bug 719] New: ipset restore fails randomly

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Wed Jun 1 17:05:25 CEST 2011


           Summary: ipset restore fails randomly
           Product: ipset
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P3
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: martinbarrowcliff at gmail.com
   Estimated Hours: 0.0

For some time (1 year) I have observed erratic behavior for ipset restore.

I have 20 sets, of all types. None are heavily populated today.
I am saving all sets to a single file, aka ipset.save.

On reboot my sys5 init script does:
ipset -R < /etc/sysconfig/ipset.save.

Sometimes it loads perfectly, and sometimes it hangs my system.
I get no error codes back from ipset in the latter case so my
attempts to script a retry are of no avail.
I inspected the saved files closely and the saved file is clean.
I load all the kern modules before I do a restore.
I added delays between each sys5 operation.
However, when the problem occurs, only the first 2 sets are loaded.
This happens more often on a reboot, than a firewall reload,
but it does happen on both. 

I am using a very stable homespun server (not a dist) with grsec patched kernel
at 2.6.36, however; I have seen this issue for my last 5 kernels and several
versions of ipset. I have NEVER seen anything in my logs to explain this issue. 

I have resorted to loading each ipset individually in an attempt to 
isolate the problem, and it seems to work fine as of now; so I believe this 
may narrow down the problem. 
I really love my ipsets. Can I get some feedback on this please?

Marty B.
martinbarrowcliff at gmail.com

