http://bugzilla.novell.com/show_bug.cgi?id=563876 http://bugzilla.novell.com/show_bug.cgi?id=563876#c0 Summary: -m recent addresses added within 300 seconds of system restart have invalid last_seen times Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: i586 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: support@microtechniques.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) I have a system that saves -m recent entries and reloads them if the system is restarted. The addresses loaded this way were not expiring as expected. Listing the entries, I noticed that the last_seen times of the reloaded entries were much larger than entries added later (the last_seen entries are basically timer ticks, and on my system they increase by 250/second). I wrote a small test program that added an entry to a test table every 10 seconds, and found that the values were way in the future for any entries entered within the first 300 seconds of a system restart. A test table was created with iptables -N dummy iptables -A dummy -m recent --name testip --rcheck and then entries were added with a loop of echo 1.2.3.4.$cnt >/proc/net/xt_recent/testip sleep 10 listing the entries with cat /proc/net/xt_recent/testip gives: src=1.2.3.1 ttl: 0 last_seen: 4294906797 oldest_pkt: 1 4294906797 src=1.2.3.2 ttl: 0 last_seen: 4294909305 oldest_pkt: 1 4294909305 20 similar entries src=1.2.3.23 ttl: 0 last_seen: 4294962249 oldest_pkt: 1 4294962249 src=1.2.3.24 ttl: 0 last_seen: 4294964783 oldest_pkt: 1 4294964783 src=1.2.3.25 ttl: 0 last_seen: 24 oldest_pkt: 1 24 src=1.2.3.26 ttl: 0 last_seen: 2563 oldest_pkt: 1 2563 all further entries are as expected. Translating into date/time (UTC): **** 1.2.3.1 last seen 28 Jun 2010 01:45:07 **** 1.2.3.2 last seen 28 Jun 2010 01:45:17 **** 1.2.3.23 last seen 28 Jun 2010 01:48:49 **** 1.2.3.24 last seen 28 Jun 2010 01:48:59 Here it changes to the correct time. The program had been running for 24*10 seconds, and the system up time at /proc/uptime was 300.9 seconds. **** 1.2.3.25 last seen 11 Dec 2009 05:38:00 **** 1.2.3.26 last seen 11 Dec 2009 05:38:10 The same appears to be true for entries entered via iptables rules such as -m recent --name testip --set Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.