ipset problem.

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* ipset problem.
@ 2010-01-22 11:54 Husnu Demir
  2010-01-22 13:22 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 17+ messages in thread
From: Husnu Demir @ 2010-01-22 11:54 UTC (permalink / raw)
  To: Netfilter Developer Mailing List

[-- Attachment #1: Type: text/plain, Size: 2090 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have a problem. As I show below if I lookat with ipset -S <name_of_set> there
are unknown list members. But I could not  see these list members with ipset -S
command.


I do not know it is a real problem or just a cosmetics error.

hdemir.
- --------------

Details.

# uname -a
Linux nl 2.6.32.2 #1 SMP Wed Dec 30 11:29:42 EET 2009 x86_64 GNU/Linux


nl# ipset -S VERIDEPOLARI
# Generated by ipset 4.1 on Fri Jan 22 13:48:33 2010
- -N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
- -A VERIDEPOLARI 85.17.173.0/24
- -A VERIDEPOLARI 72.232.170.0/25
- -A VERIDEPOLARI 85.131.172.96/27
- -A VERIDEPOLARI 85.131.151.0/25
- -A VERIDEPOLARI 75.126.168.8/29
- -A VERIDEPOLARI 85.131.152.0/25
- -A VERIDEPOLARI 81.95.11.208/28
- -A VERIDEPOLARI 85.131.179.0/24
- -A VERIDEPOLARI 91.121.132.0/24
- -A VERIDEPOLARI 66.211.108.0/26
- -A VERIDEPOLARI 208.72.168.0/21
- -A VERIDEPOLARI 85.17.172.0/24
- -A VERIDEPOLARI 130.117.156.0/24
- -A VERIDEPOLARI 97.114.97.148/31
- -A VERIDEPOLARI 116.115.105.214/31
- -A VERIDEPOLARI 0.103.65.200/31
- -A VERIDEPOLARI 104.116.101.218/31
- -A VERIDEPOLARI 0.104.115.192/31
COMMIT
# Completed on Fri Jan 22 13:48:33 2010
nl# ipset -S  | grep VERI
- -N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
- -A VERIDEPOLARI 85.17.173.0/24
- -A VERIDEPOLARI 72.232.170.0/25
- -A VERIDEPOLARI 85.131.172.96/27
- -A VERIDEPOLARI 85.131.151.0/25
- -A VERIDEPOLARI 75.126.168.8/29
- -A VERIDEPOLARI 85.131.152.0/25
- -A VERIDEPOLARI 81.95.11.208/28
- -A VERIDEPOLARI 85.131.179.0/24
- -A VERIDEPOLARI 91.121.132.0/24
- -A VERIDEPOLARI 66.211.108.0/26
- -A VERIDEPOLARI 208.72.168.0/21
- -A VERIDEPOLARI 85.17.172.0/24
- -A VERIDEPOLARI 130.117.156.0/24
nl# ipset -v
ipset v4.1, protocol version 4.
Kernel module protocol version 4.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktZkdkACgkQHgR50XBBy+m9nACdE1IhGPeFfrc6OpMrrQ4qzLw0
4gsAoO/SD/QYRUSNtQ+lrJORvXzKmHCG
=sR7V
-----END PGP SIGNATURE-----

[-- Attachment #2: hdemir.vcf --]
[-- Type: text/x-vcard, Size: 164 bytes --]

begin:vcard
fn:Husnu Demir
n:Demir;Husnu
email;internet:hdemir@metu.edu.tr
tel;work:+903122103330
tel;fax:+903122103303
x-mozilla-html:FALSE
version:2.1
end:vcard


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-22 11:54 ipset problem Husnu Demir
@ 2010-01-22 13:22 ` Jozsef Kadlecsik
  2010-01-22 18:05   ` Tom Eastep
  2010-01-23 21:00   ` Jozsef Kadlecsik
  0 siblings, 2 replies; 17+ messages in thread
From: Jozsef Kadlecsik @ 2010-01-22 13:22 UTC (permalink / raw)
  To: Husnu Demir; +Cc: Netfilter Developer Mailing List

Hi,

On Fri, 22 Jan 2010, Husnu Demir wrote:

> I have a problem. As I show below if I lookat with ipset -S <name_of_set> there
> are unknown list members. But I could not  see these list members with ipset -S
> command. 
> 
> I do not know it is a real problem or just a cosmetics error.

It looks like a bug.

> # uname -a
> Linux nl 2.6.32.2 #1 SMP Wed Dec 30 11:29:42 EET 2009 x86_64 GNU/Linux
> 
> nl# ipset -S VERIDEPOLARI
> # Generated by ipset 4.1 on Fri Jan 22 13:48:33 2010
> - -N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
> - -A VERIDEPOLARI 85.17.173.0/24
> - -A VERIDEPOLARI 72.232.170.0/25
> - -A VERIDEPOLARI 85.131.172.96/27
> - -A VERIDEPOLARI 85.131.151.0/25
> - -A VERIDEPOLARI 75.126.168.8/29
> - -A VERIDEPOLARI 85.131.152.0/25
> - -A VERIDEPOLARI 81.95.11.208/28
> - -A VERIDEPOLARI 85.131.179.0/24
> - -A VERIDEPOLARI 91.121.132.0/24
> - -A VERIDEPOLARI 66.211.108.0/26
> - -A VERIDEPOLARI 208.72.168.0/21
> - -A VERIDEPOLARI 85.17.172.0/24
> - -A VERIDEPOLARI 130.117.156.0/24
> - -A VERIDEPOLARI 97.114.97.148/31
> - -A VERIDEPOLARI 116.115.105.214/31
> - -A VERIDEPOLARI 0.103.65.200/31
> - -A VERIDEPOLARI 104.116.101.218/31
> - -A VERIDEPOLARI 0.104.115.192/31
> COMMIT
> # Completed on Fri Jan 22 13:48:33 2010
> nl# ipset -S  | grep VERI
> - -N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
> - -A VERIDEPOLARI 85.17.173.0/24
> - -A VERIDEPOLARI 72.232.170.0/25
> - -A VERIDEPOLARI 85.131.172.96/27
> - -A VERIDEPOLARI 85.131.151.0/25
> - -A VERIDEPOLARI 75.126.168.8/29
> - -A VERIDEPOLARI 85.131.152.0/25
> - -A VERIDEPOLARI 81.95.11.208/28
> - -A VERIDEPOLARI 85.131.179.0/24
> - -A VERIDEPOLARI 91.121.132.0/24
> - -A VERIDEPOLARI 66.211.108.0/26
> - -A VERIDEPOLARI 208.72.168.0/21
> - -A VERIDEPOLARI 85.17.172.0/24
> - -A VERIDEPOLARI 130.117.156.0/24
> nl# ipset -v
> ipset v4.1, protocol version 4.
> Kernel module protocol version 4.

I'll try to reproduce and find the reason for the difference in the 
listing.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-22 13:22 ` Jozsef Kadlecsik
@ 2010-01-22 18:05   ` Tom Eastep
  2010-01-23 21:00   ` Jozsef Kadlecsik
  1 sibling, 0 replies; 17+ messages in thread
From: Tom Eastep @ 2010-01-22 18:05 UTC (permalink / raw)
  To: Jozsef Kadlecsik; +Cc: Husnu Demir, Netfilter Developer Mailing List

[-- Attachment #1: Type: text/plain, Size: 2092 bytes --]

Jozsef Kadlecsik wrote:

>> nl# ipset -v
>> ipset v4.1, protocol version 4.
>> Kernel module protocol version 4.
> 
> I'll try to reproduce and find the reason for the difference in the 
> listing.
> 

I can add another data point.

A similar issue can be seen when xtables-addons 1.21 is installed on
Debian Lenny, kernel 2.6.26-openvz-am64. In that case, extra /31
networks show up whether a set name is supplied or not; they are
different in the two cases, however.

gateway:~# ipset -L dshield -n
Name: dshield
Type: nethash
References: 1
Header: hashsize: 1024 probes: 4 resize: 50
Members:
74.63.225.0/24
218.206.128.0/24
210.212.152.0/24
77.254.150.0/24
116.55.199.0/24
118.160.213.0/24
70.38.64.0/24
91.144.92.0/24
58.221.42.0/24
174.129.75.0/24
88.163.67.0/24
219.139.40.0/24
88.79.127.0/24
194.165.153.0/24
75.101.178.0/24
222.45.112.0/24
202.155.202.0/24
89.149.204.0/24
118.161.234.0/24
122.200.121.0/24
116.114.111.222/31
0.112.97.216/31
0.1.0.0/31
97.109.111.218/31
0.0.108.208/31
97.104.112.208/31
0.0.104.228/31

gateway:~# ipset -L -n
...
Name: dshield
Type: nethash
References: 1
Header: hashsize: 1024 probes: 4 resize: 50
Members:
74.63.225.0/24
218.206.128.0/24
210.212.152.0/24
77.254.150.0/24
116.55.199.0/24
118.160.213.0/24
70.38.64.0/24
91.144.92.0/24
58.221.42.0/24
174.129.75.0/24
88.163.67.0/24
219.139.40.0/24
88.79.127.0/24
194.165.153.0/24
75.101.178.0/24
222.45.112.0/24
202.155.202.0/24
89.149.204.0/24
118.161.234.0/24
122.200.121.0/24
48.116.105.228/31
97.104.112.208/31
0.0.104.228/31
0.5.0.8/31
95.116.101.218/31
101.114.105.198/31
0.0.116.196/31
...

All of the /31 nets are bogus.

When installed on a Lenny system running kernel 2.6.26-686, things seem
to work as expected.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-22 13:22 ` Jozsef Kadlecsik
  2010-01-22 18:05   ` Tom Eastep
@ 2010-01-23 21:00   ` Jozsef Kadlecsik
  2010-01-23 21:44     ` Jozsef Kadlecsik
  1 sibling, 1 reply; 17+ messages in thread
From: Jozsef Kadlecsik @ 2010-01-23 21:00 UTC (permalink / raw)
  To: Husnu Demir; +Cc: Netfilter Developer Mailing List

On Fri, 22 Jan 2010, Jozsef Kadlecsik wrote:

> On Fri, 22 Jan 2010, Husnu Demir wrote:
> 
> > I have a problem. As I show below if I lookat with ipset -S <name_of_set> there
> > are unknown list members. But I could not  see these list members with ipset -S
> > command. 
> > 
> > I do not know it is a real problem or just a cosmetics error.
> 
> It looks like a bug.
> 
> > # uname -a
> > Linux nl 2.6.32.2 #1 SMP Wed Dec 30 11:29:42 EET 2009 x86_64 GNU/Linux
> > 
> > nl# ipset -S VERIDEPOLARI
> > # Generated by ipset 4.1 on Fri Jan 22 13:48:33 2010
> > - -N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
> > - -A VERIDEPOLARI 85.17.173.0/24
> > - -A VERIDEPOLARI 72.232.170.0/25
> > - -A VERIDEPOLARI 85.131.172.96/27
> > - -A VERIDEPOLARI 85.131.151.0/25
> > - -A VERIDEPOLARI 75.126.168.8/29
> > - -A VERIDEPOLARI 85.131.152.0/25
> > - -A VERIDEPOLARI 81.95.11.208/28
> > - -A VERIDEPOLARI 85.131.179.0/24
> > - -A VERIDEPOLARI 91.121.132.0/24
> > - -A VERIDEPOLARI 66.211.108.0/26
> > - -A VERIDEPOLARI 208.72.168.0/21
> > - -A VERIDEPOLARI 85.17.172.0/24
> > - -A VERIDEPOLARI 130.117.156.0/24
> > - -A VERIDEPOLARI 97.114.97.148/31
> > - -A VERIDEPOLARI 116.115.105.214/31
> > - -A VERIDEPOLARI 0.103.65.200/31
> > - -A VERIDEPOLARI 104.116.101.218/31
> > - -A VERIDEPOLARI 0.104.115.192/31
> > COMMIT
> > # Completed on Fri Jan 22 13:48:33 2010
> > nl# ipset -S  | grep VERI
> > - -N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
> > - -A VERIDEPOLARI 85.17.173.0/24
> > - -A VERIDEPOLARI 72.232.170.0/25
> > - -A VERIDEPOLARI 85.131.172.96/27
> > - -A VERIDEPOLARI 85.131.151.0/25
> > - -A VERIDEPOLARI 75.126.168.8/29
> > - -A VERIDEPOLARI 85.131.152.0/25
> > - -A VERIDEPOLARI 81.95.11.208/28
> > - -A VERIDEPOLARI 85.131.179.0/24
> > - -A VERIDEPOLARI 91.121.132.0/24
> > - -A VERIDEPOLARI 66.211.108.0/26
> > - -A VERIDEPOLARI 208.72.168.0/21
> > - -A VERIDEPOLARI 85.17.172.0/24
> > - -A VERIDEPOLARI 130.117.156.0/24
> > nl# ipset -v
> > ipset v4.1, protocol version 4.
> > Kernel module protocol version 4.
> 
> I'll try to reproduce and find the reason for the difference in the 
> listing.

I checked on exactly the same kernel release and could not reproduce the 
problem you reported.

Can you delete all sets and run the testsuite in the ipset source 
directory by executing `make tests'? Do all the tests pass?

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-23 21:00   ` Jozsef Kadlecsik
@ 2010-01-23 21:44     ` Jozsef Kadlecsik
       [not found]       ` <alpine.DEB.2.00.1001242243560.20757@blackhole.kfki.hu>
  0 siblings, 1 reply; 17+ messages in thread
From: Jozsef Kadlecsik @ 2010-01-23 21:44 UTC (permalink / raw)
  To: Husnu Demir; +Cc: Netfilter Developer Mailing List

On Sat, 23 Jan 2010, Jozsef Kadlecsik wrote:

> On Fri, 22 Jan 2010, Jozsef Kadlecsik wrote:
> 
> > I'll try to reproduce and find the reason for the difference in the 
> > listing.
> 
> I checked on exactly the same kernel release and could not reproduce the 
> problem you reported.

Nevermind, I could now reproduce it by creating another sets.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 17+ messages in thread

[parent not found: <alpine.DEB.2.00.1001242243560.20757@blackhole.kfki.hu>]

* Re: ipset problem.
       [not found]       ` <alpine.DEB.2.00.1001242243560.20757@blackhole.kfki.hu>
@ 2010-01-25  7:17         ` Husnu Demir
  2010-01-25 10:24           ` Jozsef Kadlecsik
  0 siblings, 1 reply; 17+ messages in thread
From: Husnu Demir @ 2010-01-25  7:17 UTC (permalink / raw)
  To: Jozsef Kadlecsik,
	netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

[-- Attachment #1: Type: text/plain, Size: 1793 bytes --]

Hi,

I do download xtables-addons-1.22.tar.bz2 and installed it. It has the same
problem. I could not try  ipset-4.2.tar.bz2. In fact xtables is more easy. Is
xtables is not updated or the problem still continue.

Thanks.

hdemir.


# Generated by ipset 4.1 on Mon Jan 25 09:16:57 2010
-N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
-A VERIDEPOLARI 75.126.168.8/29
-A VERIDEPOLARI 66.211.108.0/26
-A VERIDEPOLARI 130.117.156.0/24
-A VERIDEPOLARI 85.131.179.0/24
-A VERIDEPOLARI 85.17.172.0/24
-A VERIDEPOLARI 85.131.152.0/25
-A VERIDEPOLARI 81.95.11.208/28
-A VERIDEPOLARI 85.131.151.0/25
-A VERIDEPOLARI 208.72.168.0/21
-A VERIDEPOLARI 85.131.172.96/27
-A VERIDEPOLARI 91.121.132.0/24
-A VERIDEPOLARI 72.232.170.0/25
-A VERIDEPOLARI 85.17.173.0/24
-A VERIDEPOLARI 97.114.97.148/31
-A VERIDEPOLARI 116.115.105.214/31
-A VERIDEPOLARI 0.103.65.200/31
-A VERIDEPOLARI 104.116.101.218/31
-A VERIDEPOLARI 0.104.115.192/31
COMMIT
# Completed on Mon Jan 25 09:16:57 2010



Jozsef Kadlecsik wrote:
> On Sat, 23 Jan 2010, Jozsef Kadlecsik wrote:
> 
>> On Sat, 23 Jan 2010, Jozsef Kadlecsik wrote:
>>
>>> On Fri, 22 Jan 2010, Jozsef Kadlecsik wrote:
>>>
>>>> I'll try to reproduce and find the reason for the difference in the 
>>>> listing.
>>> I checked on exactly the same kernel release and could not reproduce the 
>>> problem you reported.
>> Nevermind, I could now reproduce it by creating another sets.
> 
> Please try the new ipset release, it fixes the problem you reported.
> And thanks for the bug report.
> 
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
>           H-1525 Budapest 114, POB. 49, Hungary


[-- Attachment #2: hdemir.vcf --]
[-- Type: text/x-vcard, Size: 164 bytes --]

begin:vcard
fn:Husnu Demir
n:Demir;Husnu
email;internet:hdemir@metu.edu.tr
tel;work:+903122103330
tel;fax:+903122103303
x-mozilla-html:FALSE
version:2.1
end:vcard


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25  7:17         ` Husnu Demir
@ 2010-01-25 10:24           ` Jozsef Kadlecsik
  2010-01-25 11:33             ` Jan Engelhardt
  2010-01-25 11:34             ` Husnu Demir
  0 siblings, 2 replies; 17+ messages in thread
From: Jozsef Kadlecsik @ 2010-01-25 10:24 UTC (permalink / raw)
  To: Husnu Demir
  Cc: netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

On Mon, 25 Jan 2010, Husnu Demir wrote:

> I do download xtables-addons-1.22.tar.bz2 and installed it. It has the 
> same problem. 

xtables-addons-1.22 was released two days ago, before ipset-4.2.

> I could not try ipset-4.2.tar.bz2.

Why can't you install ipset itself? What's the problem?

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25 10:24           ` Jozsef Kadlecsik
@ 2010-01-25 11:33             ` Jan Engelhardt
  2010-01-25 11:47               ` Husnu Demir
  2010-01-25 11:34             ` Husnu Demir
  1 sibling, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2010-01-25 11:33 UTC (permalink / raw)
  To: Jozsef Kadlecsik
  Cc: Husnu Demir,
	netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

On Monday 2010-01-25 11:24, Jozsef Kadlecsik wrote:
>On Mon, 25 Jan 2010, Husnu Demir wrote:
>
>> I do download xtables-addons-1.22.tar.bz2 and installed it. It has the 
>> same problem. 
>
>xtables-addons-1.22 was released two days ago, before ipset-4.2.
>
>> I could not try ipset-4.2.tar.bz2.
>
>Why can't you install ipset itself? What's the problem?

Probably because it's "not as easy as" apt-get.
Don't assume everyone is a developer :)

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25 11:33             ` Jan Engelhardt
@ 2010-01-25 11:47               ` Husnu Demir
  0 siblings, 0 replies; 17+ messages in thread
From: Husnu Demir @ 2010-01-25 11:47 UTC (permalink / raw)
  To: Jan Engelhardt
  Cc: Jozsef Kadlecsik,
	netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

[-- Attachment #1: Type: text/plain, Size: 894 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jan Engelhardt wrote:
> On Monday 2010-01-25 11:24, Jozsef Kadlecsik wrote:
>> On Mon, 25 Jan 2010, Husnu Demir wrote:
>>
>>> I do download xtables-addons-1.22.tar.bz2 and installed it. It has the 
>>> same problem. 
>> xtables-addons-1.22 was released two days ago, before ipset-4.2.
>>
>>> I could not try ipset-4.2.tar.bz2.
>> Why can't you install ipset itself? What's the problem?
> 
> Probably because it's "not as easy as" apt-get.
> Don't assume everyone is a developer :)

For me it is not so hard to do them but reloading of the server is a little bit
hard to do :)


hdemir.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktdhNUACgkQHgR50XBBy+lHVwCeJNatBeg0hAMKyA1dZ+BMjVcs
B/8AniXsv0IEz+3RHnSmPwxr7DIefX+j
=tNEX
-----END PGP SIGNATURE-----

[-- Attachment #2: hdemir.vcf --]
[-- Type: text/x-vcard, Size: 164 bytes --]

begin:vcard
fn:Husnu Demir
n:Demir;Husnu
email;internet:hdemir@metu.edu.tr
tel;work:+903122103330
tel;fax:+903122103303
x-mozilla-html:FALSE
version:2.1
end:vcard


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25 10:24           ` Jozsef Kadlecsik
  2010-01-25 11:33             ` Jan Engelhardt
@ 2010-01-25 11:34             ` Husnu Demir
  2010-01-25 11:39               ` Jan Engelhardt
  2010-01-25 11:49               ` Jozsef Kadlecsik
  1 sibling, 2 replies; 17+ messages in thread
From: Husnu Demir @ 2010-01-25 11:34 UTC (permalink / raw)
  To: Jozsef Kadlecsik
  Cc: netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

[-- Attachment #1: Type: text/plain, Size: 1061 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


As far as I remember I should pacth the kernel and reload the server which I did
not want. But for the xtables no need to reload the kernel.

hdemir.

Jozsef Kadlecsik wrote:
> On Mon, 25 Jan 2010, Husnu Demir wrote:
> 
>> I do download xtables-addons-1.22.tar.bz2 and installed it. It has the 
>> same problem. 
> 
> xtables-addons-1.22 was released two days ago, before ipset-4.2.
> 
>> I could not try ipset-4.2.tar.bz2.
> 
> Why can't you install ipset itself? What's the problem?
> 
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
>           H-1525 Budapest 114, POB. 49, Hungary

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktdgaYACgkQHgR50XBBy+nbFACgngzIpG5UWJn6HpFIXvjmMVxy
xUUAni43Z3BXxNZ0CBmSXyE5IYgV/exm
=yBQ5
-----END PGP SIGNATURE-----

[-- Attachment #2: hdemir.vcf --]
[-- Type: text/x-vcard, Size: 164 bytes --]

begin:vcard
fn:Husnu Demir
n:Demir;Husnu
email;internet:hdemir@metu.edu.tr
tel;work:+903122103330
tel;fax:+903122103303
x-mozilla-html:FALSE
version:2.1
end:vcard


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25 11:34             ` Husnu Demir
@ 2010-01-25 11:39               ` Jan Engelhardt
  2010-01-25 11:49               ` Jozsef Kadlecsik
  1 sibling, 0 replies; 17+ messages in thread
From: Jan Engelhardt @ 2010-01-25 11:39 UTC (permalink / raw)
  To: Husnu Demir
  Cc: Jozsef Kadlecsik,
	netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

On Monday 2010-01-25 12:34, Husnu Demir wrote:

>As far as I remember I should pacth the kernel and reload the server which I did
>not want. But for the xtables no need to reload the kernel.

You can grab the Xt-a git snapshot with 4.2 now.

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25 11:34             ` Husnu Demir
  2010-01-25 11:39               ` Jan Engelhardt
@ 2010-01-25 11:49               ` Jozsef Kadlecsik
  2010-01-25 11:57                 ` Husnu Demir
  2010-01-25 12:01                 ` Husnu Demir
  1 sibling, 2 replies; 17+ messages in thread
From: Jozsef Kadlecsik @ 2010-01-25 11:49 UTC (permalink / raw)
  To: Husnu Demir
  Cc: netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

On Mon, 25 Jan 2010, Husnu Demir wrote:

> > On Mon, 25 Jan 2010, Husnu Demir wrote:
> > 
> >> I do download xtables-addons-1.22.tar.bz2 and installed it. It has the 
> >> same problem. 
> > 
> > xtables-addons-1.22 was released two days ago, before ipset-4.2.
> > 
> >> I could not try ipset-4.2.tar.bz2.
> > 
> > Why can't you install ipset itself? What's the problem?
>
> As far as I remember I should pacth the kernel and reload the server 
> which I did not want. But for the xtables no need to reload the kernel.

You have to patch the kernel only if you run 2.4.x, as it is written in 
the README of the ipset source tree...

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25 11:49               ` Jozsef Kadlecsik
@ 2010-01-25 11:57                 ` Husnu Demir
  2010-01-25 12:01                 ` Husnu Demir
  1 sibling, 0 replies; 17+ messages in thread
From: Husnu Demir @ 2010-01-25 11:57 UTC (permalink / raw)
  To: Jozsef Kadlecsik
  Cc: netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

[-- Attachment #1: Type: text/plain, Size: 1590 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good point, I did not understand  what I read. Perhaps I am following the IPSET so
long time that I think that I have to compile all kernel. As I read "need the
source tree of ..", I should reload the kernel.



0. You need the source tree of your kernel (version >= 2.6.16 or 2.4.36.x)
   and it have to be configured, modules compiled.


Thanks.

hdemir.



Jozsef Kadlecsik wrote:
> On Mon, 25 Jan 2010, Husnu Demir wrote:
> 
>>> On Mon, 25 Jan 2010, Husnu Demir wrote:
>>>
>>>> I do download xtables-addons-1.22.tar.bz2 and installed it. It has the 
>>>> same problem. 
>>> xtables-addons-1.22 was released two days ago, before ipset-4.2.
>>>
>>>> I could not try ipset-4.2.tar.bz2.
>>> Why can't you install ipset itself? What's the problem?
>> As far as I remember I should pacth the kernel and reload the server 
>> which I did not want. But for the xtables no need to reload the kernel.
> 
> You have to patch the kernel only if you run 2.4.x, as it is written in 
> the README of the ipset source tree...
> 
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
>           H-1525 Budapest 114, POB. 49, Hungary


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktdhxEACgkQHgR50XBBy+mCggCfe47Js52jNJLxxx7S6hblOdqc
Kf8AoM4y/GlopHCFtmOtfPDVEdXWoag4
=fui9
-----END PGP SIGNATURE-----

[-- Attachment #2: hdemir.vcf --]
[-- Type: text/x-vcard, Size: 164 bytes --]

begin:vcard
fn:Husnu Demir
n:Demir;Husnu
email;internet:hdemir@metu.edu.tr
tel;work:+903122103330
tel;fax:+903122103303
x-mozilla-html:FALSE
version:2.1
end:vcard


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: ipset problem.
  2010-01-25 11:49               ` Jozsef Kadlecsik
  2010-01-25 11:57                 ` Husnu Demir
@ 2010-01-25 12:01                 ` Husnu Demir
  1 sibling, 0 replies; 17+ messages in thread
From: Husnu Demir @ 2010-01-25 12:01 UTC (permalink / raw)
  To: Jozsef Kadlecsik
  Cc: netfilter-devel@vger.kernel.org >> Netfilter Developer Mailing List

[-- Attachment #1: Type: text/plain, Size: 1917 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks to all,

ipset -S VERIDEPOLARI
# Generated by ipset 4.2 on Mon Jan 25 14:01:05 2010
- -N VERIDEPOLARI nethash --hashsize 1024 --probes 4 --resize 50
- -A VERIDEPOLARI 85.17.172.0/24
- -A VERIDEPOLARI 208.72.168.0/21
- -A VERIDEPOLARI 85.131.151.0/25
- -A VERIDEPOLARI 75.126.168.8/29
- -A VERIDEPOLARI 85.131.172.96/27
- -A VERIDEPOLARI 72.232.170.0/25
- -A VERIDEPOLARI 85.131.179.0/24
- -A VERIDEPOLARI 66.211.108.0/26
- -A VERIDEPOLARI 85.17.173.0/24
- -A VERIDEPOLARI 91.121.132.0/24
- -A VERIDEPOLARI 81.95.11.208/28
- -A VERIDEPOLARI 130.117.156.0/24
- -A VERIDEPOLARI 85.131.152.0/25
COMMIT
# Completed on Mon Jan 25 14:01:05 2010


the version shows ipset 4.2.


hdemir.


Jozsef Kadlecsik wrote:
> On Mon, 25 Jan 2010, Husnu Demir wrote:
> 
>>> On Mon, 25 Jan 2010, Husnu Demir wrote:
>>>
>>>> I do download xtables-addons-1.22.tar.bz2 and installed it. It has the 
>>>> same problem. 
>>> xtables-addons-1.22 was released two days ago, before ipset-4.2.
>>>
>>>> I could not try ipset-4.2.tar.bz2.
>>> Why can't you install ipset itself? What's the problem?
>> As far as I remember I should pacth the kernel and reload the server 
>> which I did not want. But for the xtables no need to reload the kernel.
> 
> You have to patch the kernel only if you run 2.4.x, as it is written in 
> the README of the ipset source tree...
> 
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
>           H-1525 Budapest 114, POB. 49, Hungary

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktdiAAACgkQHgR50XBBy+nXgwCeOFxBf7pkHaGN+m5qJoR+zG/M
9PgAn0M2l0e3zHbThIJjMwfB4vTs01gG
=Xfw1
-----END PGP SIGNATURE-----

[-- Attachment #2: hdemir.vcf --]
[-- Type: text/x-vcard, Size: 164 bytes --]

begin:vcard
fn:Husnu Demir
n:Demir;Husnu
email;internet:hdemir@metu.edu.tr
tel;work:+903122103330
tel;fax:+903122103303
x-mozilla-html:FALSE
version:2.1
end:vcard


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Ipset Problem
@ 2012-09-13 14:19 Lutfi ODUNCUOGLU
  2012-09-13 14:53 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 17+ messages in thread
From: Lutfi ODUNCUOGLU @ 2012-09-13 14:19 UTC (permalink / raw)
  To: netfilter-devel@vger.kernel.org

Hi,

I have two iptables configuration, for inet4 and inet6. In order to stop 
the iptables;

ipset flush
ipset destroy

and for ip6tables

ipset flush
ipset destroy

Can we make them just to flush and destroy inet6 or inet4? Is there any 
way? If not can you add this to request list?

Thanks in advance.

Lutfi

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: Ipset Problem
  2012-09-13 14:19 Ipset Problem Lutfi ODUNCUOGLU
@ 2012-09-13 14:53 ` Jozsef Kadlecsik
  2012-09-13 20:12   ` hdemir
  0 siblings, 1 reply; 17+ messages in thread
From: Jozsef Kadlecsik @ 2012-09-13 14:53 UTC (permalink / raw)
  To: Lutfi ODUNCUOGLU; +Cc: netfilter-devel@vger.kernel.org

On Thu, 13 Sep 2012, Lutfi ODUNCUOGLU wrote:

> I have two iptables configuration, for inet4 and inet6. In order to stop the
> iptables;
> 
> ipset flush
> ipset destroy
> 
> and for ip6tables
> 
> ipset flush
> ipset destroy

Unnecessary, the sets are already flushed and destroyed above.

> Can we make them just to flush and destroy inet6 or inet4? Is there any way?

"ipset flush" flushes all sets, and "ipset destroy" destroys all sets, 
both inet and inet6. 

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: Ipset Problem
  2012-09-13 14:53 ` Jozsef Kadlecsik
@ 2012-09-13 20:12   ` hdemir
  0 siblings, 0 replies; 17+ messages in thread
From: hdemir @ 2012-09-13 20:12 UTC (permalink / raw)
  To: Jozsef Kadlecsik; +Cc: Lutfi ODUNCUOGLU, netfilter-devel@vger.kernel.org

> On Thu, 13 Sep 2012, Lutfi ODUNCUOGLU wrote:
>
>> I have two iptables configuration, for inet4 and inet6. In order to stop
>> the
>> iptables;
>>
>> ipset flush
>> ipset destroy
>>
>> and for ip6tables
>>
>> ipset flush
>> ipset destroy
>
> Unnecessary, the sets are already flushed and destroyed above.

Why unnecessary? Can I need to only flush and destroy inet6 sets? If I can
define them separetly, why not? Mostly iptables and ip6tables are
different. They are handled separate. One can need to flush and destroy
them, I think.


thanks.

>
>> Can we make them just to flush and destroy inet6 or inet4? Is there any
>> way?
>
> "ipset flush" flushes all sets, and "ipset destroy" destroys all sets,
> both inet and inet6.
>
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of
> Sciences
>           H-1525 Budapest 114, POB. 49, Hungary
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2012-09-13 20:21 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-22 11:54 ipset problem Husnu Demir
2010-01-22 13:22 ` Jozsef Kadlecsik
2010-01-22 18:05   ` Tom Eastep
2010-01-23 21:00   ` Jozsef Kadlecsik
2010-01-23 21:44     ` Jozsef Kadlecsik
     [not found]       ` <alpine.DEB.2.00.1001242243560.20757@blackhole.kfki.hu>
2010-01-25  7:17         ` Husnu Demir
2010-01-25 10:24           ` Jozsef Kadlecsik
2010-01-25 11:33             ` Jan Engelhardt
2010-01-25 11:47               ` Husnu Demir
2010-01-25 11:34             ` Husnu Demir
2010-01-25 11:39               ` Jan Engelhardt
2010-01-25 11:49               ` Jozsef Kadlecsik
2010-01-25 11:57                 ` Husnu Demir
2010-01-25 12:01                 ` Husnu Demir
  -- strict thread matches above, loose matches on Subject: below --
2012-09-13 14:19 Ipset Problem Lutfi ODUNCUOGLU
2012-09-13 14:53 ` Jozsef Kadlecsik
2012-09-13 20:12   ` hdemir

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).