Date: Tue, 8 Jul 2003 05:30:13 -0700 (PDT) From: Daniel Harris <dh@askdh.com> To: freebsd-doc@FreeBSD.org Subject: Re: docs/51006: [PATCH] divert(4) and ipfw(8) manpages are too pessimistic Message-ID: <200307081230.h68CUDSM076857@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/51006; it has been noted by GNATS. From: Daniel Harris <dh@askdh.com> To: freebsd-gnats-submit@FreeBSD.org, dmitry@atlantis.dp.ua Cc: Subject: Re: docs/51006: [PATCH] divert(4) and ipfw(8) manpages are too pessimistic Date: Tue, 08 Jul 2003 08:21:54 -0400 I tweaked this a little; please check the accuracy of the patch at http://people.freebsd.org/~dannyboy/divert-and-ipfw.patch (reproduced below). Index: sbin/ipfw/ipfw.8 =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v retrieving revision 1.126 diff -u -r1.126 ipfw.8 --- sbin/ipfw/ipfw.8 8 Jul 2003 08:07:03 -0000 1.126 +++ sbin/ipfw/ipfw.8 8 Jul 2003 12:17:19 -0000 @@ -2119,9 +2119,11 @@ This may be fixed in a later version. .Pp Packets diverted to userland, and then reinserted by a userland process -(such as -.Xr natd 8 ) -will lose various packet attributes, including their source interface. +may lose various packet attributes. The packet source interface name +will be preserved (if it is shorter than 8 bytes) if the userland process +saves and reuses the sockaddr_in +(as does +.Xr natd 8 ); otherwise, it may be lost. If a packet is reinserted in this manner, later rules may be incorrectly applied, making the order of .Cm divert Index: share/man/man4/divert.4 =================================================================== RCS file: /home/ncvs/src/share/man/man4/divert.4,v retrieving revision 1.27 diff -u -r1.27 divert.4 --- share/man/man4/divert.4 28 Jun 2003 23:53:37 -0000 1.27 +++ share/man/man4/divert.4 8 Jul 2003 12:17:19 -0000 @@ -50,9 +50,9 @@ the interface on which the packet was received (if the packet was incoming) or .Dv INADDR_ANY -(if the packet was outgoing). In the case of an incoming packet the interface -name will also be placed in the 8 bytes following the address, -(assuming it fits). +(if the packet was outgoing). The interface name (if defined +for the packet) will be placed in the 8 bytes following the address, +if it fits. .Sh WRITING PACKETS Writing to a divert socket is similar to writing to a raw IP socket; the packet is injected ``as is'' into the normal kernel IP packet Thanks, -- Daniel Harris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307081230.h68CUDSM076857>