[Bug 1769492] Re: ipset: setting timeout value higher than 2147483 leads to unpredicted results
James Page
james.page at ubuntu.com
Thu Jul 26 10:54:33 UTC 2018
This appears to be a won't fix based on the upstream ML thread; I'm
going to mark the Ubuntu bug inline with the upstream reponse; I'd
suggest that if you want to pursue this further you engage directly with
the upstream project.
** Changed in: ipset (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ipset in Ubuntu.
https://bugs.launchpad.net/bugs/1769492
Title:
ipset: setting timeout value higher than 2147483 leads to unpredicted
results
Status in ipset package in Ubuntu:
Won't Fix
Bug description:
Ubuntu 16 LTS and 18 LTS contain a package "ipset" which is a
companion utility for "iptables" to contain large lists of IP
addresses.
Ubuntu 16 LTS comes with ipset v6.29, Ubuntu 18 LTS comes with ipset
v6.34.
Both versions contain a bug: setting a list timeout value (for an
entry) higher than 2147483 leads to unpredictable results.
The value of "2147483" is "MaxInt / 1000" or 2^31/1000.
It might have been better to support higher value (use 64-bit integer
for timeout to store values higher than MaxInt) or report an error to
the user that value higher then 2147483.
Current behavior when values higher then 2147483 are silently changed
to 4294967 is not what the user might have expected.
Because of this, I think that this current behavior include in Ubuntu
16 LTS and Ubuntu 18 LTS is a bug.
Could you please fix this bug?
Here is a script to illustrate that (it outputs timeouts gradually
increasing by one second but after 2147482 the value jumps to
4294967):
#!/bin/bash
ipset create list-0 hash:ip timeout 2147480
ipset create list-1 hash:ip timeout 2147481
ipset create list-2 hash:ip timeout 2147482
ipset create list-3 hash:ip timeout 2147483
ipset create list-4 hash:ip timeout 2147484
ipset create list-5 hash:ip timeout 2147485
ipset create list-6 hash:ip timeout 2147486
ipset create list-7 hash:ip timeout 2147487
ipset add list-0 127.0.0.127
ipset add list-1 127.0.0.127
ipset add list-2 127.0.0.127
ipset add list-3 127.0.0.127
ipset add list-4 127.0.0.127
ipset add list-5 127.0.0.127
ipset add list-6 127.0.0.127
ipset add list-7 127.0.0.127
ipset list | grep "127.0.0.127 timeout "
ipset destroy list-0
ipset destroy list-1
ipset destroy list-2
ipset destroy list-3
ipset destroy list-4
ipset destroy list-5
ipset destroy list-6
ipset destroy list-7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1769492/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list