Re: ipf 4.1.5 badnat / memory leak

I had a look at that patch and while it's very neat and clean,
I'd rather not be free'ing the mbuf in so many places, so I
jiggled around with the code a little.

Did you have any sort of test rig to verify this? If so,
can you please try the patch below if you think it also fixes
the problem?

Thanks,
Darren

Index: fil.c
================================================== =================
RCS file: /devel/CVS/IP-Filter/fil.c,v
retrieving revision 2.243.2.49
diff -u -r2.243.2.49 fil.c
--- fil.c 4 Feb 2005 09:44:36 -0000 2.243.2.49
+++ fil.c 16 Feb 2005 13:03:18 -0000
@@ -2416,12 +2416,6 @@
#endif
m = fin->fin_m;

- if (FR_ISPASS(pass)) {
- ATOMIC_INCL(frstats[out].fr_pass);
- } else if (FR_ISBLOCK(pass)) {
- ATOMIC_INCL(frstats[out].fr_block);
- }
-
if (fr != NULL) {
frdest_t *fdp;

@@ -2453,21 +2447,23 @@
*/
RWLOCK_EXIT(&ipf_mutex);

+finished:
if (!FR_ISPASS(pass)) {
+ ATOMIC_INCL(frstats[out].fr_block);
if (*mp != NULL) {
FREE_MB_T(*mp);
m = *mp = NULL;
}
- }
+ } else {
+ ATOMIC_INCL(frstats[out].fr_pass);
#if defined(_KERNEL) && defined(__sgi)
- else {
if ((fin->fin_hbuf != NULL) &&
(mtod(fin->fin_m, struct ip *) != fin->fin_ip)) {
COPYBACK(m, 0, fin->fin_plen, fin->fin_hbuf);
}
- }
#endif
-finished:
+ }
+
RWLOCK_EXIT(&ipf_global);
#ifdef _KERNEL
# if OpenBSD >= 200311