On Sun, Jul 31, 2011 at 02:30:05PM +0200, Peter N. M. Hansteen wrote:
> Ryan McBride <mcbr...@openbsd.org> writes:
> > The interface may have more than one address...
>
> That's probably just me not noticing, but the odd part is that while
> this interface has several addresses, it only has one IPv4 address:
The point of using a dynamic interface is to handle possible future
situations as well. So even if you only have one address now, how does
PF know that you'll never do "ifconfig xl0 inet alias ..."?
Basically, when you use "(" ifname ")", internally in PF it's handled as
a table that's managed by the kernel, and
1) pfctl has no idea what's in that table, so it has to assume that
there might be multiple addresses
2) all tables get implicit round-robin load-balancing unless you specify
something else (I think the only other valid option for tables at the
moment is 'least-states')
Anyhow, the behaviour is the same as what you're expecting: round-robin
on a single address means you always get that address selected.
