I think you're looking for the attached patch. Well spotted, thanks.
Darren
Index: ip_nat.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_nat.c,v
retrieving revision 2.195.2.73
diff -c -r2.195.2.73 ip_nat.c
*** ip_nat.c 2 Feb 2007 23:53:33 -0000 2.195.2.73
--- ip_nat.c 2 Mar 2007 22:47:01 -0000
***************
*** 1671,1681 ****
--- 1671,1685 ----
if (nat->nat_tqe.tqe_ifq != NULL)
fr_deletequeueentry(&nat->nat_tqe);
+ if (logtype == NL_EXPIRE)
+ nat_stats.ns_expire++;
+
nat->nat_ref--;
if (nat->nat_ref > 0) {
MUTEX_EXIT(&ipf_nat_new);
return;
}
+
/*
* At this point, nat_ref can be either 0 or -1
*/
***************
*** 5225,5231 ****
break;
tqn = tqe->tqe_next;
nat = tqe->tqe_parent;
! nat_delete(nat, ISL_EXPIRE);
removed++;
}
}
--- 5229,5235 ----
break;
tqn = tqe->tqe_next;
nat = tqe->tqe_parent;
! nat_delete(nat, NL_EXPIRE);
removed++;
}
}
***************
*** 5239,5245 ****
break;
tqn = tqe->tqe_next;
nat = tqe->tqe_parent;
! nat_delete(nat, ISL_EXPIRE);
removed++;
}
}
--- 5243,5249 ----
break;
tqn = tqe->tqe_next;
nat = tqe->tqe_parent;
! nat_delete(nat, NL_EXPIRE);
removed++;
}
}
