From 0826f046d28b6e035040fe693e0e9d3da6940efe Mon Sep 17 00:00:00 2001
From: Thomas Leonard <thomas.leonard@unikernel.com>
Date: Sat, 27 Feb 2016 12:48:32 +0000
Subject: [PATCH] Improve OOM handling when adding a NAT forward entry

The callback function was partially applied, meaning that it always used
the NAT table that was in use when processing started, even if the OOM
handler had replaced the table by then. This meant that the retry
attempt would always fail, since it tried to add it to the existing full
table, and also prevented that table from being GC'd.
---
 firewall.ml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/firewall.ml b/firewall.ml
index 6d5b7d1..97ce185 100644
--- a/firewall.ml
+++ b/firewall.ml
@@ -112,7 +112,8 @@ let rec add_nat_rule_and_transmit ?(retries=100) t frame fn logf =
 let add_nat_and_forward_ipv4 t ~frame =
   let xl_host = Ipaddr.V4 t.Router.uplink#my_ip in
   add_nat_rule_and_transmit t frame
-    (Nat_rewrite.make_nat_entry t.Router.nat frame xl_host)
+    (* Note: DO NOT partially apply; [t.nat] may change between calls *)
+    (fun xl_port -> Nat_rewrite.make_nat_entry t.Router.nat frame xl_host xl_port)
     (fun xl_port f ->
       match Nat_rewrite.layers frame with
       | None -> assert false