>> On Thu, 22 Apr 2004 15:47:18 -0400
>> andreas==andreas@planix.com (Andreas Wrede) said:

andreas> Jaromir Dolecek wrote:

> Dick Davies wrote:
> 
>>Does anyone know if the IPF problems in recent currents have
>>been resolved yet?
>>
>>I'd like to update my box, but if that's still shaky,  i can't.
> 
> 
> IPF in -current is fine with IPv4, AFAICS there are still problems with
> IPv6 and IPsec.

andreas> I am running with the patch from kern/24981 and have not had a problem 
andreas> with IPv4 or IPv6. Don't know about IPSec.


It doesn't seem ipf-v4 work well on fastroute.

On netbsd box which has two network interfaces;


      Internet
        |
     [default-router(NAT)]
       |10.0.0.95
       |
       |10.0.0.50
+--- fxp0 ---+
|            |
| NetBSD box |
|            |
+--- aue0 ---+
      | 10.0.2.50
      |
      | 10.0.2.60
    [backup-router(NAT)]
      |
    Internet


where default route of NetBSD box is default-router.

After upgrading to ipf-v4, my NetBSD box can't throw packets to
backup-router by ipf.conf fastrouting line;

	pass out on fxp0 to aue0:10.0.2.60 from 10.0.2.50 to any

which throwed packets to backup-router formerly by older ipf.


I checked the link-level header with `tcpdump -e -i aue0' and
found that ipf-v4's fastroute throws the matching packets to
aue0:10.0.2.60 with MAC-address of default-router beyond fxp0.  This
should be a MAC-address of backup-router beyond aue0, I think.


Any suggestion?

--
yuuji