Re: IPFilter 4.1.16

This is a multi-part message in MIME format.
--------------040703010207090907030903
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Corey Johnston wrote:
> Update on IPF 4.1.16
>
> - It seems that ipnat -sl crashes the network.
>
> The system lists all the active ipnat rules and then tries to list the
> active sessions and then the network drops-out. All interfaces die,
> and even
> the console locks-up as it appears all network services are unavailable.
> Reboot appears to be the only remedy.
>
> - happens consistently
>
> I ran into this when trying to discover the source of the ipnat slows i
> mentioned earlier.
> I'll try and be more specific, but it looks like there is a fairly
> significant problem, at least on the Solaris build, with NAT.

Bah, I forgot to look at this before.

Patch attached.

Darren


--------------040703010207090907030903
Content-Type: text/plain;
name="natd.diffs"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="natd.diffs"

Index: ip_nat.c
================================================== =================
RCS file: /devel/CVS/IP-Filter/ip_nat.c,v
retrieving revision 2.195.2.69
diff -c -r2.195.2.69 ip_nat.c
*** ip_nat.c 18 Dec 2006 17:04:33 -0000 2.195.2.69
--- ip_nat.c 19 Dec 2006 14:25:44 -0000
***************
*** 4933,4938 ****
--- 4933,4939 ----
}
break;
default :
+ RWLOCK_EXIT(&ipf_nat);
return EINVAL;
}

***************
*** 5032,5039 ****
break;
}

! if ((count == 1) || (error != 0))
break;

READ_ENTER(&ipf_nat);

--- 5033,5042 ----
break;
}

! if ((count == 1) || (error != 0)) {
! RWLOCK_EXIT(&ipf_nat);
break;
+ }

READ_ENTER(&ipf_nat);


--------------040703010207090907030903--