[Bug 1237] sets: timeout > 24d20h31m23s becomes 49d17h2m47s
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Mar 25 23:23:05 CEST 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1237
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|pablo at netfilter.org |fw at strlen.de
CC| |fw at strlen.de
--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to Marco De Benedetto from comment #0)
> I would like to use a timeout of 30 days for elements in a set but it
> seems there is a some kind of problem above 24d20h31m23s.
Indeed, this is a kernel bug. nft uses msecs_to_jiffies which treats values <
0
as "infinity", 24d20h31m23s is 2147483000 msecs and still smaller than
INT_MAX, 1 second more causes integer overflow.
nft timeout handling also has a problem with 32bit systems, as jiffies is only
32bit. We should probably use "u64" instead of "long" and have gc task use
time_is_before_eq_jiffies64().
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180325/9427662a/attachment.html>
More information about the netfilter-buglog
mailing list