bugzilla-daemon at netfilter.org
2013-Aug-12 22:48 UTC
[Bug 840] New: Specifying CIDR when adding to a hash:ip entry is silently ignored
https://bugzilla.netfilter.org/show_bug.cgi?id=840
Summary: Specifying CIDR when adding to a hash:ip entry is
silently ignored
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: quentin at armitage.org.uk
Estimated Hours: 0.0
# ipset create foo hash:ip netmask 24
# ipset add foo 1.2.3.4/24
# ipset add foo 1.2.4.5/32
# ipset list foo
Name: foo
Type: hash:ip
Revision: 0
Header: family inet hashsize 1024 maxelem 65536 netmask 24
Size in memory: 16536
References: 0
Members:
1.2.4.0
1.2.3.0
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Aug-14 11:17 UTC
[Bug 840] Specifying CIDR when adding to a hash:ip entry is silently ignored
https://bugzilla.netfilter.org/show_bug.cgi?id=840
Jozsef Kadlecsik <kadlec at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |kadlec at netfilter.org
Resolution| |INVALID
--- Comment #1 from Jozsef Kadlecsik <kadlec at netfilter.org> 2013-08-14
13:17:39 CEST ---
The CIDR is not ignored at all, please see the elements: you specified that you
will add /24 netblocks to the set. When adding 1.2.4.5/32, you added 1.2.4.5/24
(which is consistent to what the SET target does).
The /24 is not printed, because the set header definition contains the
information:
Header: family inet hashsize 1024 maxelem 65536 netmask 24
You can easily check that any IP address in 1.2.4.5/24 is matched in the set.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Aug-14 13:36 UTC
[Bug 840] Specifying CIDR when adding to a hash:ip entry is silently ignored
https://bugzilla.netfilter.org/show_bug.cgi?id=840 --- Comment #2 from Quentin Armitage <quentin at armitage.org.uk> 2013-08-14 15:36:50 CEST --- My apologies, I think I worded my original comment badly. I think it is highly confusing, and error prone for a user, to block 1.2.4.0/24 when 1.2.4.5/32 is specified. It might be more intuitive to give an error if there is a netmask specified in the add command which is longer that the netmask of the set which is specified in the command. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Apparently Analagous Threads
- [Bug 733] New: ipset restore won't restore from output of ipset save
- [Bug 844] New: Can set apparently invalid netmask for hash:ip
- [Bug 1101] New: SET target unreliable in iptables - add does not work as expected
- [Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.
- [Bug 838] New: ipset add foo syslog fails for bitmap:port