This bug was fixed in the package ipset - 7.10-1ubuntu0.21.04.1
---
ipset (7.10-1ubuntu0.21.04.1) hirsute; urgency=medium
* d/p/lp-1918936-{fix-p,P}arse-port-before-trying-by-service-name.patch:
speed up numeric port adds (LP: #1918936)
-- Christian Ehrhardt Thu, 25 Nov
This bug was fixed in the package ipset - 7.5-1ubuntu0.20.04.1
---
ipset (7.5-1ubuntu0.20.04.1) focal; urgency=medium
* d/p/lp-1918936-{fix-p,P}arse-port-before-trying-by-service-name.patch:
speed up numeric port adds (LP: #1918936).
-- Christian Ehrhardt Thu, 25 Nov
2021
This bug was fixed in the package ipset - 7.10-1ubuntu0.21.10.1
---
ipset (7.10-1ubuntu0.21.10.1) impish; urgency=medium
* d/p/lp-1918936-{fix-p,P}arse-port-before-trying-by-service-name.patch:
speed up numeric port adds (LP: #1918936)
-- Christian Ehrhardt Thu, 25 Nov
2021
Hirsute verified - https://paste.ubuntu.com/p/Zs6vG7M6Jf/
| real1m46.509s
vs.
| real0m43.891s
Impish verified - https://paste.ubuntu.com/p/yWW4k8Jy79/
| real1m14.348s
vs.
| real0m27.687s
** Tags removed: verification-needed verification-needed-hirsute
Tested on a Focal VM in Canonistack.
Using current ipset:
| ubuntu@juju-87625f-hloeung-110:~$ sudo apt-get install ipset
| ...
| Get:1 http://us.archive.ubuntu.com/ubuntu focal/main amd64 libipset13 amd64
7.5-1~exp1 [53.4 kB]
| Get:2 http://us.archive.ubuntu.com/ubuntu focal/main amd64 ipset
Hello Junien, or anyone else affected,
Accepted ipset into impish-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/ipset/7.10-1ubuntu0.21.10.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Description changed:
- [Impact]
+ [Impact]
A change included ipset 6.37 as a performance regression as all ip set rule
incur a getprotocolbyname lookup, irrespective of whether the name of the
protocol or the actual port number is specified in the set configuration. For
large sets this
** Description changed:
+ [Impact]
+ A change included ipset 6.37 as a performance regression as all ip set rule
incur a getprotocolbyname lookup, irrespective of whether the name of the
protocol or the actual port number is specified in the set configuration. For
large sets this can double
I've uploaded updates for focal, hirsute and impish for SRU team review.
The updated packages include the original fix and the subsequent
followup fix both of which have landed upstream and are included in the
release of ipset in Jammy.
--
You received this bug notification because you are a
All patches discussed are included in 7.15 release which is is Jammy
development; marking this task as fix released.
** Also affects: ipset (Ubuntu Jammy)
Importance: Undecided
Status: Confirmed
** Also affects: ipset (Ubuntu Impish)
Importance: Undecided
Status: New
**
** Changed in: ipset (Ubuntu Focal)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918936
Title:
ipset does NSS lookups even if ports are numeric
To manage
The attachment "ipset.patch" seems to be a patch. If it isn't, please
remove the "patch" flag from the attachment, remove the "patch" tag, and
if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray,
** Patch added: "ipset.patch"
https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1918936/+attachment/5507474/+files/ipset.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918936
Title:
Apologies, can we update it to using the attached patch?
It includes the fix by Jozsef from upstream:
"""
Fix patch "Parse port before trying by service name"
The patch broke parsing service names: number parsing failures
are hard errors which erase data, thus making impossible to
parse input as
I have wrapped you all of this up in MPs that should do it.
I have scripts to do most of that, so it was fast and easy to do and applies
cleanly.
But it is the openstacks team package and I don't want to interfere too much.
OTOH from here - if they like it - they can more or less checkout
(or
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/ipset/+git/ipset/+merge/404743
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/ipset/+git/ipset/+merge/404744
** Merge proposal linked:
** Changed in: ipset (Ubuntu Bionic)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918936
Title:
ipset does NSS lookups even if ports are numeric
To manage
Per discussion on Mattermost, the original behavior was to try
string_to_u16() before parse_portname(). This was switched in upstream
commit
https://git.netfilter.org/ipset/tree/lib/parse.c?id=516600858cb54906fb728d04e5edf1131ee7b3b2
and released with ipset v6.37.
--
You received this bug
$ git tag --contains dbeb20a667e82e4efb8b26b24a0ec641dab5c857
v7.11
ipset | 6.34-1 | bionic | source, amd64, arm64, armhf, i386,
ppc64el, s390x
ipset | 7.5-1~exp1 | focal| source, amd64, arm64, armhf, ppc64el,
riscv64, s390x
ipset | 7.6-2 | groovy |
Example entries in ipset used for testing:
| add test 10.1.1.0/21,80,150.222.129.122/31
| add test 10.1.1.0/21,80,150.222.129.124/31
| add test 10.1.1.0/21,80,150.222.129.126/31
We're not specifying the protocol to avoid the just as expensive
getprotobyname() lookup.
--
You received this bug
Current size of ipset used for testing:
| ubuntu@juju-87625f-hloeung-93:~/ipset$ wc -l ~/whitelist-ipv4
| 515698 /home/ubuntu/whitelist-ipv4
With the patch:
| ubuntu@juju-87625f-hloeung-93:~/ipset$ sudo ipset destroy test
| ubuntu@juju-87625f-hloeung-93:~/ipset$ sudo ipset create test
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ipset (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918936
Title:
22 matches
Mail list logo