In some email I received from Klaus Klein, sie wrote:
> tron@zhadum.de (Matthias Scheler) writes:
> 
> > In article <20020423233652.A26037@interlude.eu.org>,
> > 	Andrew Doran <ad@interlude.eu.org> writes:
> > > I seems like "ipf -y" might achieve the same goal, but I don't recall
> > > whether or not it did the last time I tried it.
> > > 
> > >        -y     Manually resync the in-kernel interface list  main-
> > >               tained by IP Filter with the current interface sta-
> > >               tus list.
> > 
> > I tried a few minutes ago on a system with IP Filter 3.25 and it worked.
> > I've modified "/etc/rc.d/network" to use "ipf -y" when necessary which
> > should fix this problem completely.
> 
> Well, ipf -y will issue a SIOCFRSYN ioctl to ipfilter, which in turn
> will call its frsync() function, which is a no-op.
> 
> "What am I missing?"

There's more than one instance of the function frsync().

The one compiled for ipftest is a no-op, the one for the kernel isn't.

ip_fil.c:frsync() vs fil.c:frsync()

Darren