there have been two big issues since 4.1.16 to fix:
* walking through the NAT tables with ioctls caused lock recursion
* fix tracking TCP window scaling in the state code
and there is another fix I'd like people to test:
* make flushing pools that are still in use mark them for deletion and
have attempting to recreate them clear the delete flag
So what does this look like?
excalibur ~/ipf41# ippool -l
excalibur ~/ipf41# ippool -f test/regress/p1.pool
excalibur ~/ipf41# ippool -l
table role = ipf type = tree number = 100
{ 1.1.1.1/32; ! 2.2.0.0/16; 2.2.2.0/24; };
excalibur ~/ipf41# ipf -f -
pass in from pool/100 to any
excalibur ~/ipf41# ipfstat -io
empty list for ipfilter(out)
pass in from pool/100 to any
excalibur ~/ipf41# ippool -F
1 object flushed
excalibur ~/ipf41# ippool -l
# table role = ipf type = tree number = 100
# { 0/0; };
excalibur ~/ipf41# ipfstat -io
empty list for ipfilter(out)
pass in from pool/100 to any
excalibur ~/ipf41# ipf -Fa
excalibur ~/ipf41# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)
excalibur ~/ipf41# ippool -l
# table role = ipf type = tree number = 100
# { 0/0; };
http://coombs.anu.edu.au/~avalon/ip_fil4.1next.tar.gz
darren
|