From a10c9747dc7a4ec1e302b135df9ed73a2f848176 Mon Sep 17 00:00:00 2001 From: Daniel Harris Date: Tue, 8 Jul 2003 13:24:42 +0000 Subject: [PATCH] Correct to match reality regarding interface names. PR: 51006 Submitted by: "Dmitry Pryanishnikov" mdoc clue by: "Simon L. Nielsen" MFC after: 10 days --- sbin/ipfw/ipfw.8 | 10 +++++++--- share/man/man4/divert.4 | 7 ++++--- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 4c4fd5f933cd..2cc2a69baaac 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -2119,9 +2119,13 @@ going through the rule list. This may be fixed in a later version. .Pp Packets diverted to userland, and then reinserted by a userland process -(such as -.Xr natd 8 ) -will lose various packet attributes, including their source interface. +may lose various packet attributes. +The packet source interface name +will be preserved if it is shorter than 8 bytes and the userland process +saves and reuses the sockaddr_in +(as does +.Xr natd 8 ) ; +otherwise, it may be lost. If a packet is reinserted in this manner, later rules may be incorrectly applied, making the order of .Cm divert diff --git a/share/man/man4/divert.4 b/share/man/man4/divert.4 index 0087aceecf26..73a6cb195552 100644 --- a/share/man/man4/divert.4 +++ b/share/man/man4/divert.4 @@ -50,9 +50,10 @@ and the IP address set to the (first) address of the interface on which the packet was received (if the packet was incoming) or .Dv INADDR_ANY -(if the packet was outgoing). In the case of an incoming packet the interface -name will also be placed in the 8 bytes following the address, -(assuming it fits). +(if the packet was outgoing). +The interface name (if defined +for the packet) will be placed in the 8 bytes following the address, +if it fits. .Sh WRITING PACKETS Writing to a divert socket is similar to writing to a raw IP socket; the packet is injected ``as is'' into the normal kernel IP packet