In article <pine.neb.4.64.1703201333580.22...@6bone.informatik.uni-leipzig.de>, <[email protected]> wrote: >hello, > >because of the problems of kern/52036 I tried to switch to npf. >Unfortunately there are other problems. > >Without npf everything works as expected. With activated npf works a >normal IPv6 ping over the router into the Internet, e.g. > >ping6 www.heise.de > >It also works ping with jumbo packages: > >ping6 -s 2000 www.heise.de > >In this case tcpdump of the routers outgoing interface reports: > >14:04:54.106503 IP6 2001:638:902:1::11 > 2a02:2e0:3fe:1001:7777:772e:2:85: >frag (0|1232) ICMP6, echo request, seq 13, length 1232 >14:04:54.106520 IP6 2001:638:902:1::11 > 2a02:2e0:3fe:1001:7777:772e:2:85: >frag (1232|776) > >If I enable npf whith the following rules: > >group default { > pass final all; >} > >ping6 www.heise.de still works. But the icmp message from 'ping6 -s 2000 >www.heise.de' is droped at the outside interface of the router.
Is that NetBSD-current? christos
