Update the LOOP AVOIDANCE section to reflect reality.

Requested by: Archie Cobbs <archie@whistle.com>
1997-11-08 01:02:08 +00:00 · 1997-11-08 01:02:08 +00:00 · 36700156fc
commit 36700156fc
parent 9780ef311d
1 changed files with 15 additions and 14 deletions
--- a/share/man/man4/divert.4
+++ b/share/man/man4/divert.4
@ -1,4 +1,4 @@
-.\"	$Id: divert.4,v 1.7 1997/02/22 13:24:27 peter Exp $
+.\"	$Id: divert.4,v 1.8 1997/03/19 19:47:27 bde Exp $
 .\"
 .Dd June 18, 1996
 .Dt DIVERT 4
@ -77,20 +77,21 @@ unmodified to
 .Xr sendto 2
 simplifies things.
 .Sh LOOP AVOIDANCE
-To avoid having a packet sent from a divert socket rediverted back
-to the same socket, use the
-.Xr sendto 2
-system call supplying any non-zero destination port number.
-This indicates to
-.Xr ipfw 8
-and other diverting mechanisms to not divert the packet back
-to the same socket it was written from.
+Packets written into a divert socket (using
+.Xr sendto 2 )
+are never rediverted back to the same socket.  This means that a
+given packet (either incoming or outgoing) will be diverted to a
+given socket once and once only.
 .Pp
-Since
-.Xr ipfw
-checks incoming as well as outgoing packets,
-a packet written as incoming may get checked twice.
-Loop avoidance will be enabled for both checks.
+.Xr Ipfw 8
+rules are executed in order, each time the packet passes through
+the kernel, but only up until a matching
+.Nm
+rule applies.  On the second pass, after the packet has been diverted,
+the divert rule is ignored and any subsequent
+.Xr ipfw 8
+rules are applied.  For this reason, it is normally best to specify your
+divert rules prior to any others.
 .Sh DETAILS
 To enable divert sockets, your kernel must be compiled with the option
 .Dv IPDIVERT .