NetBSD Problem Report #37174
From john@andromeda.ziaspace.com Mon Oct 22 20:30:21 2007
Return-Path: <john@andromeda.ziaspace.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 720EA63B934
for <gnats-bugs@gnats.NetBSD.org>; Mon, 22 Oct 2007 20:30:21 +0000 (UTC)
Message-Id: <200710222030.l9MKUHMr020771@andromeda.ziaspace.com>
Date: Mon, 22 Oct 2007 20:30:17 GMT
From: jklos@netbsd.org
Reply-To: jklos@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: ipfilter doesn't properly remove connections from NAT table
X-Send-Pr-Version: 3.95
>Number: 37174
>Category: kern
>Synopsis: ipfilter doesn't properl remove connections from NAT table
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Oct 22 20:35:00 +0000 2007
>Closed-Date: Mon Oct 20 07:16:53 +0000 2008
>Last-Modified: Mon Oct 20 07:16:53 +0000 2008
>Originator: John Klos
>Release: NetBSD 4.0_RC3
>Organization:
>Environment:
System:
Multiple NetBSD 4.0_RC3 macppc machines.
Architecture: powerpc
Machine: macppc
>Description:
ipfilter's NAT table grows and grows, and stale entries do not get
properly removed.
>How-To-Repeat:
Install NetBSD 4.0_RC3 onto a machine which does NAT for a modest sized
network. ipnat -l | wc will show a constantly growing list of connections.
Networks which would normally only average around 1,000 connections show
more than 25,000 connections in a day or two. Networks which average
around 50 connections show more than 20,000 after four or five days.
>Fix:
>Release-Note:
>Audit-Trail:
From: Pavel Cahyna <pavel@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org,
netbsd-bugs@NetBSD.org
Subject: Re: kern/37174: ipfilter doesn't properly remove connections from NAT table
Date: Mon, 22 Oct 2007 23:14:42 +0200
> Install NetBSD 4.0_RC3 onto a machine which does NAT for a modest sized
> network. ipnat -l | wc will show a constantly growing list of connections.
> Networks which would normally only average around 1,000 connections show
> more than 25,000 connections in a day or two. Networks which average
> around 50 connections show more than 20,000 after four or five days.
Probably caused by http://releng.netbsd.org/cgi-bin/req-4.cgi?show=880
which will be backed out soon.
State-Changed-From-To: open->feedback
State-Changed-By: pavel@netbsd.org
State-Changed-When: Sat, 27 Oct 2007 10:36:34 +0000
State-Changed-Why:
Can you check if reverting pullup #880 fixes the problem for you?
State-Changed-From-To: feedback->closed
State-Changed-By: jklos@NetBSD.org
State-Changed-When: Mon, 20 Oct 2008 07:16:53 +0000
State-Changed-Why:
Problem was resolved in NetBSD 4.0.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.