[Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Dec 3 15:49:57 CET 2013 

https://bugzilla.netfilter.org/show_bug.cgi?id=880

           Summary: ipset doesn't refresh the timeout for an existing
                    entry when the table is FULL.
           Product: ipset
           Version: unspecified
          Platform: x86_64
        OS/Version: Fedora
            Status: NEW
          Severity: normal
          Priority: P5
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: xose.vazquez at gmail.com
   Estimated Hours: 0.0


ipset doesn't refresh timeout for an existing entry when the table is FULL.


- Version-Release number of selected component:

kernel: 3.11.10-200.fc19.x86_64
ipset: v6.20.1


- Steps to Reproduce:

# ipset create http hash:ip timeout 0 maxelem 5
# ipset add http 192.168.0.1
# ipset add http 192.168.0.2
# ipset add http 192.168.0.3
# ipset add http 192.168.0.4
# ipset list
Name: http
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 5 timeout 0
Size in memory: 16784
References: 0
Members:
192.168.0.3 timeout 0
192.168.0.4 timeout 0
192.168.0.1 timeout 0
192.168.0.2 timeout 0
# ipset add http 192.168.0.5 -exist timeout 60
(wait)# ipset list
Name: http
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 5 timeout 0
Size in memory: 16848
References: 0
Members:
192.168.0.3 timeout 0
192.168.0.4 timeout 0
192.168.0.5 timeout 41
192.168.0.1 timeout 0
192.168.0.2 timeout 0
# ipset add http 192.168.0.5 -exist timeout 60
ipset v6.20.1: Hash is full, cannot add more elements
# ipset list
Name: http
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 5 timeout 0
Size in memory: 16848
References: 0
Members:
192.168.0.3 timeout 0
192.168.0.4 timeout 0
192.168.0.5 timeout 21  <<<<---- It should be 60.
192.168.0.1 timeout 0
192.168.0.2 timeout 0


It works flawlessly when the tables is not full.

# ipset del http 192.168.0.4
# ipset add http 192.168.0.5 -exist timeout 60
(wait)# ipset list
Name: http
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 5 timeout 0
Size in memory: 16848
References: 0
Members:
192.168.0.3 timeout 0
192.168.0.5 timeout 38
192.168.0.1 timeout 0
192.168.0.2 timeout 0
# ipset add http 192.168.0.5 -exist timeout 60
# ipset list
Name: http
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 5 timeout 0
Size in memory: 16848
References: 0
Members:
192.168.0.3 timeout 0
192.168.0.5 timeout 59    <<<<<----- OK
192.168.0.1 timeout 0
192.168.0.2 timeout 0

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list