On 03/09/2009 23:32, Roy Marples wrote:
I use stock IPFilter in NetBSD-5 with miniupnpd-20090820 [1].
It fails to work.
So I tried the tarball from Darrens blog [2].
This doesn't work either.
So I went back to miniupnpd-20090820 and cut this patch (attached).
This almost works - it adds and reports correctly. However, it won't
delete filter rules.
The error it gives is ioctl(SIOCRMAFR): Device busy from line 441 in
src/ipf/ipfrdr.c
According to my testing, it is trying to delete the correct rule.
So, what is wrong?
Progress!
I updated ipfilter on my NetBSD-5 box to the version in -current
(ipfilter 4.1.33 I believe) and this error now goes away. I also have
the patch from NetBSD PR kern/41914 applied as the original issue was
with reference count being too high from what I understand.
Anyway, the new issue is that everything is now working but the removal
of NAT rules. It seems that it cannot find every over rule to remove. A
simple change of the code from (in psuedo code)
if (remove_nat_rule(&rule) == -1)
return -1;
to
if (remove_nat_rule(&rule) == -1)
if (remove_nat_rule(&rule) == -1)
return -1;
Makes it all work nicely, but obviously this is sub-optiomal. So is
there anyway to reset SIOCGENITER? I tried sending SIOCIPFDELTOK the
same data, but it came back with no such process :/
Any thoughts or ideas here?
Thanks
Roy
