"T@W" <lsp93@xs4all.nl> forwarded a message about IPFilter last month:
...
> How to disable fragment caching
> ===============================
> In realtime, use adb or gdb or kgdb or whatever to change the variable
> named "ipfr_inuse" to 1000000.  1000000 isn't important, it just needs
> to be larger than IPFT_SIZE and an integer.
> NOTE: there are no sysctl's on BSD systems to adjust this if securelevel
>       is > 0.
... 

I'm not clear about how to do either the above nor how to patch this
for NetBSD 1.4.1.  Can anyone provide any guidance?  I downloaded the
latest ip-filter, but the install scripts for NetBSD cannot properly
patch my /usr/src/sys/arch/i386/i386/conf.c, and the installation
notes give the helpful suggestion that I patch the file manually,
which I also don't know how to do with any confidence.