From e036a58daba4b407df24ee693fffee8a41ca746a Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 3 Jan 2002 01:00:23 +0000
Subject: [PATCH] o Note that packets diverted using a 'divert' socket, and
 then   reinserted by a userland process, will lose a number of packet  
 attributes, including their source interface.  This may affect   the behavior
 of later rules, and while not strictly a BUG, may   cause unexpected behavior
 if not clearly documented.  A similar   note for natd(8) might be desirable.

---
 sbin/ipfw/ipfw.8 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 975eccafdb8a..b465609be3df 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -1379,6 +1379,15 @@ Packets that match a
 rule should not be immediately accepted, but should continue
 going through the rule list.
 This may be fixed in a later version.
+.Pp
+Packets diverted to userland, and then reinserted by a userland process
+(such as
+.Xr natd 8 )
+will lose various packet attributes, including their source interface.
+If a packet is reinserted in this manner, later rules may be incorrectly
+applied, making the order of
+.Cm divert
+rules in the rule sequence very important.
 .Sh AUTHORS
 .An Ugen J. S. Antsilevich ,
 .An Poul-Henning Kamp ,