>> Any pf gurus in the house?  I'm havinnng some trouble with pf;
>> preliminary indications are that it's corrupting packet contents.
> I suspect this is caused by a NetBSD-specific change to pf.c
> pf_route() [...and checksum offload support...]

It would appear you are correct.  Someone sent me, offlist, a patch
that tries to fix this; it didn't quite work, but I was able to tweak
it a little and make it work.

With that change, things work perfectly...almost. :)

Everything works as desired, *except* that when a connection comes in
from the outside to an address on vr0 or fxp1, the return traffic flows
via ex0 despite the "pass out quick" clauses attempting to direct it
out the correct interface - the same clauses that work fine for traffic
on (NATted) outgoing connections!

I'm looking at this, trying to see whether it's pilot error or a real
bug or what....

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B