Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Nov 2023 19:46:58 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: acfc2a0500a3 - stable/14 - pf.conf.5: revise divert-to and divert-reply
Message-ID:  <202311271946.3ARJkwll036658@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=acfc2a0500a30f65d190a3360b805aa3548bb157

commit acfc2a0500a30f65d190a3360b805aa3548bb157
Author:     Igor Ostapenko <pm@igoro.pro>
AuthorDate: 2023-11-17 20:01:17 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-11-27 19:45:49 +0000

    pf.conf.5: revise divert-to and divert-reply
    
    (cherry picked from commit 7e1affa242ca83710eb64e2c6184263fbea3deb7)
---
 share/man/man5/pf.conf.5 | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index ce64df78ad62..8255a89587be 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -27,7 +27,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd October 27, 2023
+.Dd November 17, 2023
 .Dt PF.CONF 5
 .Os
 .Sh NAME
@@ -2102,19 +2102,22 @@ Only effective before the route lookup happened, i.e. when filtering inbound.
 .It Xo Ar divert-to Aq Ar host
 .Ar port Aq Ar port
 .Xc
-Used to redirect packets to a local socket bound to
-.Ar host
-and
+Used to
+.Xr divert 4
+packets to the given divert
 .Ar port .
-The packets will not be modified, so
-.Xr getsockname 2
-on the socket will return the original destination address of the packet.
+Historically
+.Ox pf has another meaning for this, and
+.Fx pf uses
+this syntax to support
+.Xr divert 4 instead. Hence,
+.Ar host
+has no meaning and can be set to anything like 127.0.0.1.
+If a packet is re-injected and does not change direction then it will not be
+re-diverted.
 .It Ar divert-reply
-Used to receive replies for sockets that are bound to addresses
-which are not local to the machine.
-See
-.Xr setsockopt 2
-for information on how to bind these sockets.
+It has no meaning in
+.Fx pf .
 .It Ar probability Aq Ar number
 A probability attribute can be attached to a rule, with a value set between
 0 and 1, bounds not included.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202311271946.3ARJkwll036658>