From owner-freebsd-pf@freebsd.org Tue Dec 6 02:21:11 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80192C682E4 for ; Tue, 6 Dec 2016 02:21:11 +0000 (UTC) (envelope-from boyd.yang@gmail.com) Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 41FE81846 for ; Tue, 6 Dec 2016 02:21:11 +0000 (UTC) (envelope-from boyd.yang@gmail.com) Received: by mail-yw0-x22d.google.com with SMTP id r204so264761682ywb.0 for ; Mon, 05 Dec 2016 18:21:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=zXfV15Bz74lZ1Leju+0IGW+ltj6VrG3cWDtyvA+b17U=; b=ZXNHwPohZMOCCO90TIO4iBjxdR6gIx9D2+MoCTMCK58mN6dL01RyA1yZ6Voy+ug3RF sVZ8vObRgca5Z0bmoeM39rw8EPScAQOyPUdipeOOjM2C2No4wOMcvbPlMPKyTUs9MzNR HU+OksrczTmJp3rzPJaUvOCsKW/p4TSa5CfhYAMpiqsK27krrKdfN14VRpdkNmhdMblx 2bFpFvdU1QPtOpDfsUHYUE5vSIrAj1PUitcga8xkgGpHwJoKBJb8SDkkiN5w9QYPoRn/ /HlkY3cOfKQhdkrGn6bbQKRynAAcyy9DTGNKDUw8SpwiJfvZvzG+ItSoxnGxgHkYvy8v OvPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=zXfV15Bz74lZ1Leju+0IGW+ltj6VrG3cWDtyvA+b17U=; b=BVk3kpxGPcpjZq8yYDlcRXRw25Hrb2MWv7IvZ2gizoAWL4S08h3IozynEAr5dB5tWg /qJlCxZWn3WO4KTg4NCo+eCKWQsaoE9DqtbTM7XC4Hy+JGOhiBqHj/G487R3o9JtDmjB SbhBCAJVwbrdIiVgq60rskO1KsTQ93ZdwrXYksblMjH4b9HpBm0Ih7oECIk+U3E6hMP+ UDBl3ZFwv7Wa5bvti5ZHn3o6eyaNZte3pwWzB+OIjKWV+BY7zEXbCFobGn2razbBl5Fz AxxO3pZUBIZjdEb3cliDhadQ88PN83E0i3MHYrndKVSoPdQoiDjZ0pPHwrPIri97Q37O bOUQ== X-Gm-Message-State: AKaTC02vBMGr57+XXQUCgLgiADwUbkKtI8ohfMop/ZZe9V0ojk0pITaYm47sQFo5wRIC4tFW/IAMGrXcvl9dKQ== X-Received: by 10.13.230.198 with SMTP id p189mr57415957ywe.253.1480990870334; Mon, 05 Dec 2016 18:21:10 -0800 (PST) MIME-Version: 1.0 Received: by 10.83.33.137 with HTTP; Mon, 5 Dec 2016 18:21:10 -0800 (PST) From: boyd yang Date: Tue, 6 Dec 2016 10:21:10 +0800 Message-ID: Subject: How to make "divert-to" and "dirvet-reply" work To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2016 02:21:11 -0000 Hi All, The "divert-to" and "divert-reply" function seems wonderful in the document: man pf.conf divert-to port Used to redirect packets to a local socket bound to host and port. The packets will not be modified, so getsockname(2) on the socket will return the original destination address of the packet. divert-reply Used to receive replies for sockets that are bound to addresses which are not local to the machine. See setsockopt(2) for informa- tion on how to bind these sockets. But they do not work. Below two patches do not work either. https://lists.freebsd.org/pipermail/freebsd-net/2009-June/022166.html https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188511 How to implement the two functions? My OS is FreeBSD 10.3 amd64. I want that binding not-local address socket can connect successfully to another server. But now the socket cannot get SYN ACK packet.