[Bug 1769492] Re: ipset: setting timeout value higher than 2147483 leads to unpredicted results

James Page james.page at ubuntu.com
Thu Jul 26 10:54:33 UTC 2018 

This appears to be a won't fix based on the upstream ML thread; I'm
going to mark the Ubuntu bug inline with the upstream reponse; I'd
suggest that if you want to pursue this further you engage directly with
the upstream project.

** Changed in: ipset (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ipset in Ubuntu.
https://bugs.launchpad.net/bugs/1769492

Title:
  ipset: setting timeout value higher than 2147483 leads to unpredicted
  results

Status in ipset package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu 16 LTS and 18 LTS contain a package "ipset" which is a
  companion utility for "iptables" to contain large lists of IP
  addresses.

  Ubuntu 16 LTS comes with ipset v6.29, Ubuntu 18 LTS comes with ipset
  v6.34.

  Both versions contain a bug: setting a list timeout value (for an
  entry) higher than 2147483 leads to unpredictable results.

  The value of "2147483" is "MaxInt / 1000" or 2^31/1000.

  It might have been better to support higher value (use 64-bit integer
  for timeout to store values higher than MaxInt) or report an error to
  the user that value higher then 2147483.

  Current behavior when values higher then 2147483 are silently changed
  to 4294967 is not what the user might have expected.

  Because of this, I think that this current behavior include in Ubuntu
  16 LTS and Ubuntu 18 LTS is a bug.

  Could you please fix this bug?

  Here is a script to illustrate that (it outputs timeouts gradually
  increasing by one second but after 2147482 the value jumps to
  4294967):

  #!/bin/bash

  ipset create list-0 hash:ip timeout 2147480 
  ipset create list-1 hash:ip timeout 2147481 
  ipset create list-2 hash:ip timeout 2147482 
  ipset create list-3 hash:ip timeout 2147483 
  ipset create list-4 hash:ip timeout 2147484 
  ipset create list-5 hash:ip timeout 2147485 
  ipset create list-6 hash:ip timeout 2147486 
  ipset create list-7 hash:ip timeout 2147487 

  ipset add list-0 127.0.0.127
  ipset add list-1 127.0.0.127
  ipset add list-2 127.0.0.127
  ipset add list-3 127.0.0.127
  ipset add list-4 127.0.0.127
  ipset add list-5 127.0.0.127
  ipset add list-6 127.0.0.127
  ipset add list-7 127.0.0.127

  ipset list | grep "127.0.0.127 timeout "

  ipset destroy list-0
  ipset destroy list-1
  ipset destroy list-2
  ipset destroy list-3
  ipset destroy list-4
  ipset destroy list-5
  ipset destroy list-6
  ipset destroy list-7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1769492/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list