I just posted an analysis of a couple of firmware problems on the Draytek UK forums (registration required). I thought I'd echo it here so that the rest of the world can get in on the act.
(the background is that running a public server behind a Draytek 2600we router can result in the router crashing monumentally badly from time to time. This problem is exaserbated by P2P applications such as Freenet, eDonkey, bittorrent, etc. This problem seems to affect all firmware versions up to 2.5.6, but definitely as far as 2.5.5_UK).
"Firstly, the NAT table is not maintained properly; it does not clear entries when connections are terminated (although it's important to note that most network connections have a timeout grace period after the actual connection stops being used). Some connections get left in the NAT table when they shouldn't be (notwithstanding timeouts). This fills the table abnormally quickly.
Secondly, the NAT table is not monitored properly. It has an implicit maximum size, yet the software does not enforce this (if it did, you'd reach the maximum number of connections, after which the router would drop any new connections, but most importantly it wouldn't crash!). As the connection table increases beyond the space allocated for it, it starts to overwrite other code and data in the system, which subsequently causes it to malfunction (in a pseudo-random way) - most frequently ultimately ending in a crash.
So there are two bugs in the NAT code in the firmware. Seeing as it's been broken for numerous releases, I really hope it gets sorted soon."
...Another Public Service Announcement, brought to you by Coofer Cat(tm).