[Bug 719] New: ipset restore fails randomly

[bugzilla-daemon at bugzilla.netfilter.org]

http://bugzilla.netfilter.org/show_bug.cgi?id=719

           Summary: ipset restore fails randomly
           Product: ipset
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P3
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: martinbarrowcliff at gmail.com
   Estimated Hours: 0.0


For some time (1 year) I have observed erratic behavior for ipset restore.

I have 20 sets, of all types. None are heavily populated today.
I am saving all sets to a single file, aka ipset.save.

On reboot my sys5 init script does:
ipset -R < /etc/sysconfig/ipset.save.

Sometimes it loads perfectly, and sometimes it hangs my system.
I get no error codes back from ipset in the latter case so my
attempts to script a retry are of no avail.
I inspected the saved files closely and the saved file is clean.
I load all the kern modules before I do a restore.
I added delays between each sys5 operation.
However, when the problem occurs, only the first 2 sets are loaded.
This happens more often on a reboot, than a firewall reload,
but it does happen on both. 

I am using a very stable homespun server (not a dist) with grsec patched kernel
at 2.6.36, however; I have seen this issue for my last 5 kernels and several
versions of ipset. I have NEVER seen anything in my logs to explain this issue. 

I have resorted to loading each ipset individually in an attempt to 
isolate the problem, and it seems to work fine as of now; so I believe this 
may narrow down the problem. 
I really love my ipsets. Can I get some feedback on this please?

Marty B.
martinbarrowcliff at gmail.com


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.