Subject: kern/37174: ipfilter doesn't properly remove connections from NAT table
To: None <,,>
From: None <>
List: netbsd-bugs
Date: 10/22/2007 20:35:00
>Number:         37174
>Category:       kern
>Synopsis:       ipfilter doesn't properl remove connections from NAT table
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Oct 22 20:35:00 +0000 2007
>Originator:     John Klos
>Release:        NetBSD 4.0_RC3
Multiple NetBSD 4.0_RC3 macppc machines.
Architecture: powerpc
Machine: macppc
ipfilter's NAT table grows and grows, and stale entries do not get 
properly removed.
Install NetBSD 4.0_RC3 onto a machine which does NAT for a modest sized 
network. ipnat -l | wc will show a constantly growing list of connections. 
Networks which would normally only average around 1,000 connections show 
more than 25,000 connections in a day or two. Networks which average 
around 50 connections show more than 20,000 after four or five days.