From 0826f046d28b6e035040fe693e0e9d3da6940efe Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Sat, 27 Feb 2016 12:48:32 +0000 Subject: [PATCH] Improve OOM handling when adding a NAT forward entry The callback function was partially applied, meaning that it always used the NAT table that was in use when processing started, even if the OOM handler had replaced the table by then. This meant that the retry attempt would always fail, since it tried to add it to the existing full table, and also prevented that table from being GC'd. --- firewall.ml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/firewall.ml b/firewall.ml index 6d5b7d1..97ce185 100644 --- a/firewall.ml +++ b/firewall.ml @@ -112,7 +112,8 @@ let rec add_nat_rule_and_transmit ?(retries=100) t frame fn logf = let add_nat_and_forward_ipv4 t ~frame = let xl_host = Ipaddr.V4 t.Router.uplink#my_ip in add_nat_rule_and_transmit t frame - (Nat_rewrite.make_nat_entry t.Router.nat frame xl_host) + (* Note: DO NOT partially apply; [t.nat] may change between calls *) + (fun xl_port -> Nat_rewrite.make_nat_entry t.Router.nat frame xl_host xl_port) (fun xl_port f -> match Nat_rewrite.layers frame with | None -> assert false