ipset -L causing kernel panic when using macipmap

Jozsef Kadlecsik kadlec at blackhole.kfki.hu
Mon Dec 6 11:37:43 CET 2004

On Mon, 6 Dec 2004, Peter Surda wrote:

> >Please use ipset 2.0 (i.e ipset utility and the kernel part from
> >patch-o-matic-ng) from the svn repository or download the snapshots from
> >http://people.netfilter.org/kadlec/ipset/install.html.
> >
> A whole upgrade is quite complicated, because I have my own distribution
> with a lot of patches in kernel and iptables and I wouldn't have the
> time to test it after an upgrade at the moment. In the meantime I'll try
> to backport this fix and also -S and -R functionality instead :-).

ipset does not conflict with anything else: only Makefile and Config.in
are affected from the other parts of the kernel tree. You could even copy
the files over your tree from patch-o-matic-ng.

The internals were completely reorganized in 2.0 to achieve the goals, so
you should actually reimplement -S and -R from scratch in ipset 1.0.

> Do I see correctly that the bug was a "- -" instead of "-" in the
> list_members function or is it more complicated and I have to use the
> whole diff of p-o-m-ng between 1.12. and 6.12.?

No, that was due to a stupid memcpy bug in ip_set_macipmap.c itself in

Best regards,
E-mail  : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

More information about the netfilter-devel mailing list