summaryrefslogtreecommitdiff
path: root/scripts/tags.sh
diff options
context:
space:
mode:
authorVishwanath Pai <vpai@akamai.com>2017-09-11 21:52:40 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2017-09-18 17:35:32 +0200
commit7f4f7dd4417d9efd038b14d39c70170db2e0baa0 (patch)
tree8ef970f9c954a75f918cf91347b1c9325f9c0278 /scripts/tags.sh
parentb0ade85165b3caeb0cd908cffe5921a39f25c243 (diff)
netfilter: ipset: ipset list may return wrong member count for set with timeout
Simple testcase: $ ipset create test hash:ip timeout 5 $ ipset add test 1.2.3.4 $ ipset add test 1.2.2.2 $ sleep 5 $ ipset l Name: test Type: hash:ip Revision: 5 Header: family inet hashsize 1024 maxelem 65536 timeout 5 Size in memory: 296 References: 0 Number of entries: 2 Members: We return "Number of entries: 2" but no members are listed. That is because mtype_list runs "ip_set_timeout_expired" and does not list the expired entries, but set->elements is never upated (until mtype_gc cleans it up later). Reviewed-by: Joshua Hunt <johunt@akamai.com> Signed-off-by: Vishwanath Pai <vpai@akamai.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'scripts/tags.sh')
0 files changed, 0 insertions, 0 deletions