2021-03-12 13:57:52 |
Junien F |
bug |
|
|
added bug |
2021-03-12 13:58:41 |
Junien F |
bug |
|
|
added subscriber The Canonical Sysadmins |
2021-03-12 14:45:11 |
Launchpad Janitor |
ipset (Ubuntu): status |
New |
Confirmed |
|
2021-03-12 15:54:01 |
Paride Legovini |
bug |
|
|
added subscriber Paride Legovini |
2021-03-12 15:54:10 |
Paride Legovini |
bug |
|
|
added subscriber Ubuntu Server |
2021-03-12 23:43:53 |
Haw Loeung |
bug |
|
|
added subscriber Haw Loeung |
2021-03-13 10:52:34 |
Paride Legovini |
bug |
|
|
added subscriber Ubuntu OpenStack |
2021-03-13 10:52:36 |
Paride Legovini |
removed subscriber Ubuntu Server |
|
|
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Focal |
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
bug task added |
|
ipset (Ubuntu Focal) |
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Hirsute |
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
bug task added |
|
ipset (Ubuntu Hirsute) |
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Groovy |
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
bug task added |
|
ipset (Ubuntu Groovy) |
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Bionic |
|
2021-06-25 05:11:20 |
Christian Ehrhardt |
bug task added |
|
ipset (Ubuntu Bionic) |
|
2021-06-25 06:04:24 |
Christian Ehrhardt |
ipset (Ubuntu Bionic): status |
New |
Invalid |
|
2021-06-25 06:17:04 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/ipset/+git/ipset/+merge/404743 |
|
2021-06-25 06:17:21 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/ipset/+git/ipset/+merge/404744 |
|
2021-06-25 06:18:04 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/ipset/+git/ipset/+merge/404746 |
|
2021-06-27 19:52:24 |
Haw Loeung |
attachment added |
|
ipset.patch https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1918936/+attachment/5507473/+files/ipset.patch |
|
2021-06-27 19:55:00 |
Haw Loeung |
attachment removed |
ipset.patch https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1918936/+attachment/5507473/+files/ipset.patch |
|
|
2021-06-27 20:25:14 |
Haw Loeung |
attachment added |
|
ipset.patch https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1918936/+attachment/5507474/+files/ipset.patch |
|
2021-06-27 20:25:46 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2021-06-27 20:25:55 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2021-08-16 05:06:01 |
Haw Loeung |
ipset (Ubuntu Focal): status |
New |
Confirmed |
|
2021-08-16 05:08:19 |
Barry Price |
bug |
|
|
added subscriber Barry Price |
2021-11-25 09:28:08 |
James Page |
nominated for series |
|
Ubuntu Jammy |
|
2021-11-25 09:28:08 |
James Page |
bug task added |
|
ipset (Ubuntu Jammy) |
|
2021-11-25 09:28:08 |
James Page |
nominated for series |
|
Ubuntu Impish |
|
2021-11-25 09:28:08 |
James Page |
bug task added |
|
ipset (Ubuntu Impish) |
|
2021-11-25 09:31:03 |
James Page |
ipset (Ubuntu Jammy): status |
Confirmed |
Fix Released |
|
2021-11-25 09:32:16 |
James Page |
ipset (Ubuntu Impish): status |
New |
Triaged |
|
2021-11-25 09:32:18 |
James Page |
ipset (Ubuntu Hirsute): status |
New |
Triaged |
|
2021-11-25 09:32:22 |
James Page |
ipset (Ubuntu Groovy): status |
New |
Won't Fix |
|
2021-11-25 09:32:25 |
James Page |
ipset (Ubuntu Focal): status |
Confirmed |
Triaged |
|
2021-11-25 10:14:11 |
James Page |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2021-11-25 10:21:39 |
James Page |
description |
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
[Impact]
A change included ipset 6.37 as a performance regression as all ip set rule incur a getprotocolbyname lookup, irrespective of whether the name of the protocol or the actual port number is specified in the set configuration. For large sets this can double the speed of applying changes to ipset tables.
[Test Plan]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
* if other testing is appropriate to perform before landing this update,
this should also be described here.
[Where problems could occur]
The original patch to resolve this issue did introduce another bug which as subsequently been fixed as well (and is included in the updated packages).
If the fix introduces issues its likely that iptable rules making use of ipset groups will start to fail in some way - probably rejecting traffic or suchlike.
[Other Info]
[Original Bug Report]
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
|
2021-11-25 10:30:51 |
James Page |
description |
[Impact]
A change included ipset 6.37 as a performance regression as all ip set rule incur a getprotocolbyname lookup, irrespective of whether the name of the protocol or the actual port number is specified in the set configuration. For large sets this can double the speed of applying changes to ipset tables.
[Test Plan]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
* if other testing is appropriate to perform before landing this update,
this should also be described here.
[Where problems could occur]
The original patch to resolve this issue did introduce another bug which as subsequently been fixed as well (and is included in the updated packages).
If the fix introduces issues its likely that iptable rules making use of ipset groups will start to fail in some way - probably rejecting traffic or suchlike.
[Other Info]
[Original Bug Report]
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
[Impact]
A change included ipset 6.37 as a performance regression as all ip set rule incur a getprotocolbyname lookup, irrespective of whether the name of the protocol or the actual port number is specified in the set configuration. For large sets this can double the speed of applying changes to ipset tables.
[Test Plan]
sudo ipset destroy test
sudo ipset create test hash:net,port,net hashsize 4096 maxelem 786432
for y in `seq 1 7`; do for x in `seq 1 254`; do for i in `seq 1 254`; do echo "add test 10.1.1.0/21,80,150.$y.$x.$i/32" >> whitelist-ipv4 ;done; done; done
time sudo ipset restore < ./whitelist-ipv4
[Where problems could occur]
The original patch to resolve this issue did introduce another bug which as subsequently been fixed as well (and is included in the updated packages).
If the fix introduces issues its likely that iptable rules making use of ipset groups will start to fail in some way - probably rejecting traffic or suchlike.
[Other Info]
[Original Bug Report]
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
|
2021-11-25 10:34:53 |
James Page |
ipset (Ubuntu Impish): importance |
Undecided |
High |
|
2021-11-25 10:34:54 |
James Page |
ipset (Ubuntu Hirsute): importance |
Undecided |
High |
|
2021-11-25 10:34:59 |
James Page |
ipset (Ubuntu Focal): importance |
Undecided |
High |
|
2021-11-25 10:35:02 |
James Page |
ipset (Ubuntu Focal): assignee |
|
James Page (james-page) |
|
2021-11-25 10:35:04 |
James Page |
ipset (Ubuntu Hirsute): assignee |
|
James Page (james-page) |
|
2021-11-25 10:35:06 |
James Page |
ipset (Ubuntu Impish): assignee |
|
James Page (james-page) |
|
2021-11-25 10:35:50 |
James Page |
description |
[Impact]
A change included ipset 6.37 as a performance regression as all ip set rule incur a getprotocolbyname lookup, irrespective of whether the name of the protocol or the actual port number is specified in the set configuration. For large sets this can double the speed of applying changes to ipset tables.
[Test Plan]
sudo ipset destroy test
sudo ipset create test hash:net,port,net hashsize 4096 maxelem 786432
for y in `seq 1 7`; do for x in `seq 1 254`; do for i in `seq 1 254`; do echo "add test 10.1.1.0/21,80,150.$y.$x.$i/32" >> whitelist-ipv4 ;done; done; done
time sudo ipset restore < ./whitelist-ipv4
[Where problems could occur]
The original patch to resolve this issue did introduce another bug which as subsequently been fixed as well (and is included in the updated packages).
If the fix introduces issues its likely that iptable rules making use of ipset groups will start to fail in some way - probably rejecting traffic or suchlike.
[Other Info]
[Original Bug Report]
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
[Impact]
A change included ipset 6.37 as a performance regression as all ip set rule incur a getprotocolbyname lookup, irrespective of whether the name of the protocol or the actual port number is specified in the set configuration. For large sets this can double the speed of applying changes to ipset tables.
[Test Plan]
sudo ipset destroy test
sudo ipset create test hash:net,port,net hashsize 4096 maxelem 786432
for x in `seq 1 7`; do for y in `seq 1 254`; do for z in `seq 1 254`; do echo "add test 10.1.1.0/21,80,150.$x.$y.$z/32" >> whitelist-ipv4 ;done; done; done
time sudo ipset restore < ./whitelist-ipv4
[Where problems could occur]
The original patch to resolve this issue did introduce another bug which as subsequently been fixed as well (and is included in the updated packages).
If the fix introduces issues its likely that iptable rules making use of ipset groups will start to fail in some way - probably rejecting traffic or suchlike.
[Other Info]
[Original Bug Report]
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
|
2021-11-25 10:37:23 |
James Page |
description |
[Impact]
A change included ipset 6.37 as a performance regression as all ip set rule incur a getprotocolbyname lookup, irrespective of whether the name of the protocol or the actual port number is specified in the set configuration. For large sets this can double the speed of applying changes to ipset tables.
[Test Plan]
sudo ipset destroy test
sudo ipset create test hash:net,port,net hashsize 4096 maxelem 786432
for x in `seq 1 7`; do for y in `seq 1 254`; do for z in `seq 1 254`; do echo "add test 10.1.1.0/21,80,150.$x.$y.$z/32" >> whitelist-ipv4 ;done; done; done
time sudo ipset restore < ./whitelist-ipv4
[Where problems could occur]
The original patch to resolve this issue did introduce another bug which as subsequently been fixed as well (and is included in the updated packages).
If the fix introduces issues its likely that iptable rules making use of ipset groups will start to fail in some way - probably rejecting traffic or suchlike.
[Other Info]
[Original Bug Report]
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
[Impact]
A change included ipset 6.37 as a performance regression as all ip set rule incur a getprotocolbyname lookup, irrespective of whether the name of the protocol or the actual port number is specified in the set configuration. For large sets this can double the speed of applying changes to ipset tables.
[Test Plan]
# Create a suitable large set of data to restore to the ipset
for x in `seq 1 7`; do for y in `seq 1 254`; do for z in `seq 1 254`; do echo "add test 10.1.1.0/21,80,150.$x.$y.$z/32" >> whitelist-ipv4 ;done; done; done
# Destroy,create, restore
sudo ipset destroy test
sudo ipset create test hash:net,port,net hashsize 4096 maxelem 786432
time sudo ipset restore < ./whitelist-ipv4
Large reduction in time taken to restore the ipset (32s-> 5s on an 8 core machine).
[Where problems could occur]
The original patch to resolve this issue did introduce another bug which as subsequently been fixed as well (and is included in the updated packages).
If the fix introduces issues its likely that iptable rules making use of ipset groups will start to fail in some way - probably rejecting traffic or suchlike.
[Other Info]
[Original Bug Report]
Hi,
Do you think we could get https://git.netfilter.org/ipset/commit/?id=dbeb20a667e82e4efb8b26b24a0ec641dab5c857 SRUed to 20.04 ?
This divides our ipset loading time by ~2 (from ~60s to ~25s).
Thanks |
|
2021-11-30 18:16:00 |
Brian Murray |
ipset (Ubuntu Impish): status |
Triaged |
Fix Committed |
|
2021-11-30 18:16:03 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2021-11-30 18:16:12 |
Brian Murray |
tags |
patch |
patch verification-needed verification-needed-impish |
|
2021-11-30 18:19:26 |
Brian Murray |
ipset (Ubuntu Hirsute): status |
Triaged |
Fix Committed |
|
2021-11-30 18:19:34 |
Brian Murray |
tags |
patch verification-needed verification-needed-impish |
patch verification-needed verification-needed-hirsute verification-needed-impish |
|
2021-11-30 18:20:45 |
Brian Murray |
ipset (Ubuntu Focal): status |
Triaged |
Fix Committed |
|
2021-11-30 18:20:55 |
Brian Murray |
tags |
patch verification-needed verification-needed-hirsute verification-needed-impish |
patch verification-needed verification-needed-focal verification-needed-hirsute verification-needed-impish |
|
2021-11-30 22:16:21 |
Haw Loeung |
tags |
patch verification-needed verification-needed-focal verification-needed-hirsute verification-needed-impish |
patch verification-done-focal verification-needed verification-needed-hirsute verification-needed-impish |
|
2021-11-30 22:31:00 |
Haw Loeung |
tags |
patch verification-done-focal verification-needed verification-needed-hirsute verification-needed-impish |
patch verification-done verification-done-focal verification-done-hirsute verification-done-impish |
|
2021-12-07 18:48:31 |
Launchpad Janitor |
ipset (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
2021-12-07 18:48:34 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2021-12-07 18:48:57 |
Launchpad Janitor |
ipset (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
2021-12-07 18:49:56 |
Launchpad Janitor |
ipset (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|