Subject: Re: ipf still poorly?
To: None <>
From: HIROSE Yuuji <>
List: current-users
Date: 04/26/2004 04:01:15
>> On Thu, 22 Apr 2004 15:47:18 -0400
>> (Andreas Wrede) said:

andreas> Jaromir Dolecek wrote:

> Dick Davies wrote:
>>Does anyone know if the IPF problems in recent currents have
>>been resolved yet?
>>I'd like to update my box, but if that's still shaky,  i can't.
> IPF in -current is fine with IPv4, AFAICS there are still problems with
> IPv6 and IPsec.

andreas> I am running with the patch from kern/24981 and have not had a problem 
andreas> with IPv4 or IPv6. Don't know about IPSec.

It doesn't seem ipf-v4 work well on fastroute.

On netbsd box which has two network interfaces;

+--- fxp0 ---+
|            |
| NetBSD box |
|            |
+--- aue0 ---+

where default route of NetBSD box is default-router.

After upgrading to ipf-v4, my NetBSD box can't throw packets to
backup-router by ipf.conf fastrouting line;

	pass out on fxp0 to aue0: from to any

which throwed packets to backup-router formerly by older ipf.

I checked the link-level header with `tcpdump -e -i aue0' and
found that ipf-v4's fastroute throws the matching packets to
aue0: with MAC-address of default-router beyond fxp0.  This
should be a MAC-address of backup-router beyond aue0, I think.

Any suggestion?