netbsd-bugs: kern/37174: ipfilter doesn't properly remove connections from NAT table

Subject: kern/37174: ipfilter doesn't properly remove connections from NAT table
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <jklos@netbsd.org>
List: netbsd-bugs
Date: 10/22/2007 20:35:00

>Number:         37174
>Category:       kern
>Synopsis:       ipfilter doesn't properl remove connections from NAT table
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Oct 22 20:35:00 +0000 2007
>Originator:     John Klos
>Release:        NetBSD 4.0_RC3
>Organization:
	
>Environment:
	
	
System: 
Multiple NetBSD 4.0_RC3 macppc machines.
Architecture: powerpc
Machine: macppc
>Description:
	
ipfilter's NAT table grows and grows, and stale entries do not get 
properly removed.
>How-To-Repeat:
	
Install NetBSD 4.0_RC3 onto a machine which does NAT for a modest sized 
network. ipnat -l | wc will show a constantly growing list of connections. 
Networks which would normally only average around 1,000 connections show 
more than 25,000 connections in a day or two. Networks which average 
around 50 connections show more than 20,000 after four or five days.
>Fix:
	

>Unformatted: