On 21 November 2016 at 22:38, Alexandr Nedvedicky <alexandr.nedvedi...@oracle.com> wrote: > I don't have my test bed ready to play with NAT-64 + PBR. The only think > I've > tried is the parser and it seems to me NAT-64 + PBR is problematic: > > echo 'pass in on net1 inet af-to inet6 from 2001:db8::1 to > 2001:db8::/96 route-to 2001:db8::1@net0' | pfctl -n -f - > stdin:1: af mismatch in routing spec > stdin:1: skipping rule due to errors > stdin:1: rule expands to no valid combination >
% echo "pass in inet af-to inet6 from ::1 dup-to em0" | pfctl -vnf - pass in inet all flags S/SA af-to inet6 from 0.0.0.0 dup-to em0 % echo "pass in inet af-to inet6 from ::1 dup-to (em0 1.2.3.4)" | pfctl -vnf - pass in inet all flags S/SA af-to inet6 from 0.0.0.0 dup-to 1.2.3.4@em0 > parser does not allow me to use IPv6 address as a next hop. As soon as I > remove > next-hop, the parser accepts the rule: > > echo 'pass in on net1 inet af-to inet6 from 2001:db8::1 to > 2001:db8::/96 route-to net0' | pfctl -n -f - > > The bluhm's change should not alter behavior of older code. > Yes, it just adds something new.
