o Note that packets diverted using a 'divert' socket, and then

reinserted by a userland process, will lose a number of packet attributes, including their source interface. This may affect the behavior of later rules, and while not strictly a BUG, may cause unexpected behavior if not clearly documented. A similar note for natd(8) might be desirable.
author: rwatson <rwatson@FreeBSD.org> 2002-01-03 01:00:23 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-01-03 01:00:23 +0000
commit: 73b0b24639dedb8033c251e747720f90900ccea1 (patch)
tree: 1a7808306e005bfd340b33875d9d33affebe931a /sbin/ipfw/ipfw.8
parent: dbd23c04de506031db8bfe19c45f14c9898766f3 (diff)
download: FreeBSD-src-73b0b24639dedb8033c251e747720f90900ccea1.zip
FreeBSD-src-73b0b24639dedb8033c251e747720f90900ccea1.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 975ecca..b465609 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -1379,6 +1379,15 @@ Packets that match a
 rule should not be immediately accepted, but should continue
 going through the rule list.
 This may be fixed in a later version.
+.Pp
+Packets diverted to userland, and then reinserted by a userland process
+(such as
+.Xr natd 8 )
+will lose various packet attributes, including their source interface.
+If a packet is reinserted in this manner, later rules may be incorrectly
+applied, making the order of
+.Cm divert
+rules in the rule sequence very important.
 .Sh AUTHORS
 .An Ugen J. S. Antsilevich ,
 .An Poul-Henning Kamp ,
author	rwatson <rwatson@FreeBSD.org>	2002-01-03 01:00:23 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-01-03 01:00:23 +0000
commit	73b0b24639dedb8033c251e747720f90900ccea1 (patch)
tree	1a7808306e005bfd340b33875d9d33affebe931a /sbin/ipfw/ipfw.8
parent	dbd23c04de506031db8bfe19c45f14c9898766f3 (diff)
download	FreeBSD-src-73b0b24639dedb8033c251e747720f90900ccea1.zip FreeBSD-src-73b0b24639dedb8033c251e747720f90900ccea1.tar.gz