From: Kevin Locke <kevin@kevinlocke.name>
To: netfilter-devel@vger.kernel.org
Cc: Kevin Locke <kevin@kevinlocke.name>
Subject: [xtables-addons][PATCH 0/2] Misc ipset issues
Date: Sat, 19 Dec 2009 13:50:45 -0700 [thread overview]
Message-ID: <1261255847-16395-1-git-send-email-kevin@kevinlocke.name> (raw)
Hello All,
I just wanted to express my thanks for writing/maintaining ipset and
xtables-addons. I have found them to be very useful.
I ran across a few issues getting ipset to work on my system and
wanted to bring them up here for consideration.
The first is that in 2.6.33-rc1, sk_buff->iff was renamed to
sk_buff->skb_iif, which breaks compilation on kernels going forward.
The second issue is that the setlist module is currently not being
built which results in "ipset v4.1: Unknown set type" when attempting
to create a set of this type (as documented in the man page). I'm not
sure if this is intentional (if it is, feel free to ignore that
patch), but in my experience it has worked quite well with the
exception of -T not working as expected (or at all AFAICT).
Another issue, for which I did not include a patch, is how automatic
resizing of hash tables is handled. If I restore a file (created
outside ipset) which contains somewhere near (but less than) 65000
entries which do not hash to unique values I start getting log
messages like the following:
/usr/src/modules/xtables-addons/ipset/ip_set_nethash.c: nethash_retry: rehashing of set setname triggered: hashsize grows from 44319 to 66478
/usr/src/modules/xtables-addons/ipset/ip_set_nethash.c: nethash_retry: rehashing of set setname triggered: hashsize grows from 66478 to 99717
and ipset -R silently fails to restore the rest of the file (returning
exit code 0). I realize that there may be some code to deal with this
during save (or when adding entries using -A), but it would be very
helpful if the user could be warned about the failure during -R as
well. As a side note: One use case is when building a large set it
is significantly (on the order of 1000 times on my test system) faster
to build the list and use -R than individually with -A).
Thanks again for all of your work,
Kevin
P.S. Please CC me in replies as I am not subscribed to this list.
Kevin Locke (2):
Rename skb->iif to skb->skb_iif for after 2.6.32
Build ip_set_setlist.ko module
extensions/compat_skbuff.h | 5 ++++-
extensions/ipset/Kbuild | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
next reply other threads:[~2009-12-19 21:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-19 20:50 Kevin Locke [this message]
2009-12-19 20:50 ` [xtables-addons][PATCH 1/2] Rename skb->iif to skb->skb_iif for after 2.6.32 Kevin Locke
2009-12-19 20:50 ` [xtables-addons][PATCH 2/2] Build ip_set_setlist.ko module Kevin Locke
2009-12-20 9:36 ` [xtables-addons][PATCH 0/2] Misc ipset issues Jozsef Kadlecsik
2009-12-31 15:18 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1261255847-16395-1-git-send-email-kevin@kevinlocke.name \
--to=kevin@kevinlocke.name \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).