Subject: Re: ipf still poorly?
To: None <current-users@NetBSD.org>
From: HIROSE Yuuji <firstname.lastname@example.org>
Date: 04/26/2004 04:01:15
>> On Thu, 22 Apr 2004 15:47:18 -0400
>> email@example.com (Andreas Wrede) said:
andreas> Jaromir Dolecek wrote:
> Dick Davies wrote:
>>Does anyone know if the IPF problems in recent currents have
>>been resolved yet?
>>I'd like to update my box, but if that's still shaky, i can't.
> IPF in -current is fine with IPv4, AFAICS there are still problems with
> IPv6 and IPsec.
andreas> I am running with the patch from kern/24981 and have not had a problem
andreas> with IPv4 or IPv6. Don't know about IPSec.
It doesn't seem ipf-v4 work well on fastroute.
On netbsd box which has two network interfaces;
+--- fxp0 ---+
| NetBSD box |
+--- aue0 ---+
where default route of NetBSD box is default-router.
After upgrading to ipf-v4, my NetBSD box can't throw packets to
backup-router by ipf.conf fastrouting line;
pass out on fxp0 to aue0:10.0.2.60 from 10.0.2.50 to any
which throwed packets to backup-router formerly by older ipf.
I checked the link-level header with `tcpdump -e -i aue0' and
found that ipf-v4's fastroute throws the matching packets to
aue0:10.0.2.60 with MAC-address of default-router beyond fxp0. This
should be a MAC-address of backup-router beyond aue0, I think.