Netbsd 6 NPF npfctl stats and logging

["Mike C." <miguelmclara%gmail.com@localhost>]

Hi all,

I've been testing with NPF, but since I could not find much
documentation except the man pages I have some doubts.

First and if this somehow changes anything I'd like to refer I'm testing
this on a NetBSD 6.0 BETA 2 Xen domU.

I've recompiled the kernel adding npf support but I can't seem to get
the logging woring nor I see anything in npfctl stats.

npfctl stats      
Packets passed:
        0 default pass
        0 ruleset pass
        0 session pass

Packets blocked:
        0 default block
        0 ruleset block

Session and NAT entries:
        0 session allocations
        0 session destructions
        0 NAT entry allocations
        0 NAT entry destructions

Invalid packet state cases:
        0 cases in total
        0 TCP case I
        0 TCP case II
        0 TCP case III

Packet race cases:
        0 NAT association race
        0 duplicate session race

Rule processing procedure cases:
        0 packets logged
        0 packets normalized

Unexpected error cases:
        0


tcpdump show nothing for the interface npflog0, the interface is created
and UP:

# ifconfig npflog0                                                    
npflog0: flags=1<UP>


Am I missing anything trivial? If so sorry for taking your time, but any
help will be very much appreciated.

I'm just using the example config in the man page.



And if I may add another question, I get this error:
# npfctl
reload                                                                          
                                                          

/etc/npf.conf:15:47: multiple addresses are not valid near '$ext_if'

what's the correct syntax in this case? I've tried:

 nat $ext_if from 192.168.100.0/24 to any -> ($ext_if)

But in this case It complains about the "(" so its obviously not the
correct syntax!


Thank you