Source address based routing with PF

[Matthias Scheler <tron%zhadum.org.uk@localhost>]

        Hello,

I've got a machine with two IPv6 tunnels:

gif0: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1480
        tunnel inet 1.2.3.4 --> 5.6.7.8
        inet6 2001:6f8:10e5::1 -> 2001:6f8:900:954::1 prefixlen 128
        inet6 fe80::211:2fff:fe8e:931%gif0 ->  prefixlen 64 scopeid 0x3
        inet6 2001:6f8:10e5::2 ->  prefixlen 128
        inet6 2001:6f8:10e5::3 ->  prefixlen 128
        inet6 2001:6f8:10e5::4 ->  prefixlen 128
        inet6 2001:6f8:10e5::5 ->  prefixlen 128
        inet6 2001:6f8:900:954::2 ->  prefixlen 128

gif1: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1480
        tunnel inet 1.2.3.4 --> 9.10.11.12
        inet6 2001:4dd0:ff00:1a4::2 -> 2001:4dd0:ff00:1a4::1 prefixlen 128
        inet6 fe80::211:2fff:fe8e:931%gif1 ->  prefixlen 64 scopeid 0x6

The IPv6 default route points to 2001:6f8:900:954::1, the remote
tunnel address of "gif0". I want to use PF to make sure that
packets which use 2001:4dd0:ff00:1a4::2, the local tunnel address
of "gif1", as the source address go out via "gif1". I cannot get
this to work even with a very basic "pf.conf" which looks like this:

pass in all
pass out all
pass out on gif0 route-to ( gif1 2001:4dd0:ff00:1a4::1 ) from 
2001:4dd0:ff00:1a4::2 to any

Any ideas where the problem is? I've tried switching the order of the
last two rules but it didn't help.

I'm using PF 4.2 under NetBSD 5.1_RC2.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/