From 13138dc63686a9a027f86f353a5f17b77a3620d4 Mon Sep 17 00:00:00 2001
From: Thomas Leonard <thomas.leonard@unikernel.com>
Date: Tue, 5 Jan 2016 16:43:07 +0000
Subject: [PATCH] Fix OOM check when adding NAT entries

---
 firewall.ml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/firewall.ml b/firewall.ml
index a2d74e8..74fcbe6 100644
--- a/firewall.ml
+++ b/firewall.ml
@@ -84,6 +84,12 @@ let random_user_port () =
 let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
   let xl_port = random_user_port () in
   match fn xl_port with
+  | exception Out_of_memory ->
+      (* Because hash tables resize in big steps, this can happen even if we have a fair
+         chunk of free memory. *)
+      Log.warn "Out_of_memory adding NAT rule. Dropping NAT table..." Logs.unit;
+      Router.reset t;
+      add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf
   | Nat_rewrite.Overlap when retries < 0 -> return ()
   | Nat_rewrite.Overlap ->
       if retries = 0 then (
@@ -101,12 +107,6 @@ let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
       | None ->
           Log.warn "No NAT entry, even after adding one!" Logs.unit;
           return ()
-  | exception Out_of_memory ->
-      (* Because hash tables resize in big steps, this can happen even if we have a fair
-         chunk of free memory. *)
-      Log.warn "Out_of_memory adding NAT rule. Dropping NAT table..." Logs.unit;
-      Router.reset t;
-      add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf
 
 (* Add a NAT rule for the endpoints in this frame, via a random port on the firewall. *)
 let add_nat_and_forward_ipv4 t ~frame =