Re: IPFilter 4.1.16

[Darren Reed <darrenr@reed.wattle.id.au>]

Corey Johnston wrote:
> Update on IPF 4.1.16
>
> - It seems that ipnat -sl crashes the network.
>
> The system lists all the active ipnat rules and then tries to list the
> active sessions and then the network drops-out. All interfaces die,
> and even
> the console locks-up as it appears all network services are unavailable.
> Reboot appears to be the only remedy.
>
> - happens consistently
>
> I ran into this when trying to discover the source of the ipnat slows i
> mentioned earlier.
> I'll try and be more specific, but it looks like there is a fairly
> significant problem, at least on the Solaris build, with NAT.

Bah, I forgot to look at this before.

Patch attached.

Darren

Index: ip_nat.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_nat.c,v
retrieving revision 2.195.2.69
diff -c -r2.195.2.69 ip_nat.c
*** ip_nat.c    18 Dec 2006 17:04:33 -0000      2.195.2.69
--- ip_nat.c    19 Dec 2006 14:25:44 -0000
***************
*** 4933,4938 ****
--- 4933,4939 ----
                }
                break;
        default :
+               RWLOCK_EXIT(&ipf_nat);
                return EINVAL;
        }
  
***************
*** 5032,5039 ****
                        break;
                }
  
!               if ((count == 1) || (error != 0))
                        break;
  
                READ_ENTER(&ipf_nat);
  
--- 5033,5042 ----
                        break;
                }
  
!               if ((count == 1) || (error != 0)) {
!                       RWLOCK_EXIT(&ipf_nat);
                        break;
+               }
  
                READ_ENTER(&ipf_nat);