svn commit: r200183 - head/sbin/ipfw

Lytochkin Boris lytboris at gmail.com
Mon Dec 7 20:11:53 UTC 2009


Hi!

On Mon, Dec 7, 2009 at 10:29 PM, Max Laier <max at love2party.net> wrote:
[cut]
> I just tested an install of r197983 (9.0-CURRENT) that I had on a test-box and
> route-to works as it is supposed to - AFAICT.  FWIW, pf sets sin_len for every
> use.
>
> Might be a problem/mis-understanding in the OPs configuration that is the
> issue here?
>
> I'll follow up to the thread on -net@ is a second.

I posted my pf config in original message to -net@:
=====
scrub in all fragment reassemble
pass in all flags S/SA keep state
pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24
to any flags S/SA keep state
=====

Pretty simple. Even when forward is disabled packets that are matched
by route-to rule are forwarded to default gateway instead of specified
in route-to. And I checked rtalloc_ign_fib() arguments when using pf -
seems that pf does not use this function to lookup route-to route.

+sem@

-- 
Regards,
Boris Lytochkin


More information about the svn-src-head mailing list