docs/51006: [PATCH] divert(4) and ipfw(8) manpages are too pessimistic

Daniel Harris dh at askdh.com
Tue Jul 8 12:30:15 UTC 2003 

The following reply was made to PR docs/51006; it has been noted by GNATS.

From: Daniel Harris <dh at askdh.com>
To: freebsd-gnats-submit at FreeBSD.org, dmitry at atlantis.dp.ua
Cc:  
Subject: Re: docs/51006: [PATCH] divert(4) and ipfw(8) manpages are too pessimistic
Date: Tue, 08 Jul 2003 08:21:54 -0400

 I tweaked this a little; please check the accuracy of the patch at 
 http://people.freebsd.org/~dannyboy/divert-and-ipfw.patch
 (reproduced below).
 
 Index: sbin/ipfw/ipfw.8
 ===================================================================
 RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v
 retrieving revision 1.126
 diff -u -r1.126 ipfw.8
 --- sbin/ipfw/ipfw.8	8 Jul 2003 08:07:03 -0000	1.126
 +++ sbin/ipfw/ipfw.8	8 Jul 2003 12:17:19 -0000
 @@ -2119,9 +2119,11 @@
  This may be fixed in a later version.
  .Pp
  Packets diverted to userland, and then reinserted by a userland process
 -(such as
 -.Xr natd 8 )
 -will lose various packet attributes, including their source interface.
 +may lose various packet attributes. The packet source interface name
 +will be preserved (if it is shorter than 8 bytes) if the userland process
 +saves and reuses the sockaddr_in
 +(as does
 +.Xr natd 8 ); otherwise, it may be lost.
  If a packet is reinserted in this manner, later rules may be incorrectly
  applied, making the order of
  .Cm divert
 Index: share/man/man4/divert.4
 ===================================================================
 RCS file: /home/ncvs/src/share/man/man4/divert.4,v
 retrieving revision 1.27
 diff -u -r1.27 divert.4
 --- share/man/man4/divert.4	28 Jun 2003 23:53:37 -0000	1.27
 +++ share/man/man4/divert.4	8 Jul 2003 12:17:19 -0000
 @@ -50,9 +50,9 @@
  the interface on which the packet was received (if the packet
  was incoming) or
  .Dv INADDR_ANY
 -(if the packet was outgoing). In the case of an incoming packet the interface
 -name will also be placed in the 8 bytes following the address,
 -(assuming it fits).
 +(if the packet was outgoing). The interface name (if defined
 +for the packet) will be placed in the 8 bytes following the address,
 +if it fits.
  .Sh WRITING PACKETS
  Writing to a divert socket is similar to writing to a raw IP socket;
  the packet is injected ``as is'' into the normal kernel IP packet
 
 
 Thanks,
 
 -- 
 Daniel Harris

More information about the freebsd-doc mailing list