Subject: kern/11569: ipnat only allows one operation
To: None <>
From: None <>
List: netbsd-bugs
Date: 11/26/2000 08:08:20
>Number:         11569
>Category:       kern
>Synopsis:       ipnat only allows one operation
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 26 08:08:01 PST 2000
>Originator:     Havard Eidnes
>Release:        1.4.3
System: NetBSD 1.4.3 NetBSD 1.4.3 (ORRE) #6: Sun Oct 29 13:35:01 MET 2000 hp300

	Enabling ipnat with "ipnat -f /etc/ipnat.conf" and where
	the /etc/ipnat.conf file containins

map le0 -> portmap tcp/udp 40000:65000
map le0 ->

	results in

IP Filter: initialized.  Default = pass all, Logging = disabled
IP Filter: v3.3.6

	but also

IP Filter: already initialized

	What appears to have happened is that the last of the IPNAT rules
	have not been installed.

	Any later run of "ipnat -l" results in an error:

orre# ipnat -l
ioctl(SIOCGNATS): Device busy

	and another logged line saying

IP Filter: already initialized

	"Of course it's already initialized".  However, that should not
	prevent other ipnat commands from working, or the addition of new

	See above.


	On the face of it, it seems that this should fix the problem
	(i.e. I've not tested this at submit time, but will shortly):

diff -u -r1.34.2.4 ip_fil.c
--- ip_fil.c    2000/08/09 18:07:45
+++ ip_fil.c    2000/11/26 15:51:55
@@ -436,7 +436,7 @@
                 * Since the default rule is to pass all packets,
                 * this shouldn't cause any noticeable side-effects.
-               if (fr_running == 0) {
+               if (ipl_inited == 0) {
 #if defined(_KERNEL)
                        error = ipl_enable();