From owner-freebsd-hackers@FreeBSD.ORG  Thu Jan  5 00:59:45 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A9E6916A41F
	for <freebsd-hackers@freebsd.org>; Thu,  5 Jan 2006 00:59:45 +0000 (GMT)
	(envelope-from nessup@gmail.com)
Received: from fed1rmmtao04.cox.net (fed1rmmtao04.cox.net [68.230.241.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2CA7243D5D
	for <freebsd-hackers@freebsd.org>; Thu,  5 Jan 2006 00:59:45 +0000 (GMT)
	(envelope-from nessup@gmail.com)
Received: from [192.168.1.2] (really [68.111.13.24]) by fed1rmmtao04.cox.net
	(InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP
	id <20060105005739.FYDL17690.fed1rmmtao04.cox.net@[192.168.1.2]>
	for <freebsd-hackers@freebsd.org>; Wed, 4 Jan 2006 19:57:39 -0500
Mime-Version: 1.0 (Apple Message framework v623)
Content-Transfer-Encoding: 7bit
Message-Id: <a280f1c696571b105ef9a49b1dabca22@gmail.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: freebsd-hackers@freebsd.org
From: Dan Joumaa <nessup@gmail.com>
Date: Wed, 4 Jan 2006 17:59:44 -0700
X-Mailer: Apple Mail (2.623)
Subject: Invalid ipfirewall rule?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2006 00:59:45 -0000

I'm trying to set a rule that will divert all TCP/UDP packets from host 
X to my divert socket. When I try to set the below firewall rule, 
setsockopt fails and sets errno to EINVAL. Any ideas?

    entry->version = IP_FW_CURRENT_API_VERSION;
    entry->fw_src.s_addr = htonl(host);
    entry->fw_uar.fw_pts[1] = 0xffff;
    entry->fw_prot = IPPROTO_TCP|IPPROTO_UDP;
    entry->fw_flg = IP_FW_F_DIVERT;

--ness