Re: IPNat Stops routing

--ZG5hGh9V5E9QzVHS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 02, 2003 at 02:29:21PM -0400, Jim Sandoz wrote:
> eh?
>=20
> (ronin)$ pwd
> /ronin/home0/jds/tools/ipf/ip_fil3.4.31
> (ronin)$ grep NAT_TABLE_SZ *
> ip_nat.c:u_int ipf_nattable_sz =3D NAT_TABLE_SZ;
> ip_nat.h:#ifndef NAT_TABLE_SZ
> ip_nat.h:# define NAT_TABLE_SZ 127
> ip_nat.h:#undef NAT_TABLE_SZ
> ip_nat.h:#define NAT_TABLE_SZ 16383

Looks may be deceiving. Take a look at ip_nat.c, and you'll see
that NAT_TABLE_SZ controls the number of hash buckets, not a maximum
number of table entries allocated. Upon flush/unload, you'll see
a bulk KFREE of the hash table, but the actual entries are maintained
in the nat_instances list, whose items are iteratively freed
afterwards.

ip_state.c has the whole fr_statemax thing going on; there's no
analog for ip_nat.c (... yet?).

--=20
ryan beasley <ryanb@goddamnbastard.org>
GPG ID: 0x16EFBD48

--ZG5hGh9V5E9QzVHS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/AylbskfdOxbvvUgRAkGiAJsE9+WNWY/HNDtYnQphnAsAWaXLUACeN0/9
JW8szLAus3yO7beKhBFbd48=
=PKL8
-----END PGP SIGNATURE-----

--ZG5hGh9V5E9QzVHS--