[Bug 1237] sets: timeout > 24d20h31m23s becomes 49d17h2m47s

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Mar 25 23:23:05 CEST 2018


https://bugzilla.netfilter.org/show_bug.cgi?id=1237

Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|pablo at netfilter.org         |fw at strlen.de
                 CC|                            |fw at strlen.de

--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to Marco De Benedetto from comment #0)
> I would like to use a timeout of 30 days for elements in a set but it
> seems there is a some kind of problem above 24d20h31m23s.

Indeed, this is a kernel bug.  nft uses msecs_to_jiffies which treats values <
0
as "infinity",  24d20h31m23s is 2147483000 msecs and still smaller than
INT_MAX, 1 second more causes integer overflow.

nft timeout handling also has a problem with 32bit systems, as jiffies is only
32bit.  We should probably use "u64" instead of "long" and have gc task use
time_is_before_eq_jiffies64().

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180325/9427662a/attachment.html>


More information about the netfilter-buglog mailing list