diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-01-03 01:00:23 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-01-03 01:00:23 +0000 |
commit | 73b0b24639dedb8033c251e747720f90900ccea1 (patch) | |
tree | 1a7808306e005bfd340b33875d9d33affebe931a /sbin/ipfw | |
parent | dbd23c04de506031db8bfe19c45f14c9898766f3 (diff) | |
download | FreeBSD-src-73b0b24639dedb8033c251e747720f90900ccea1.zip FreeBSD-src-73b0b24639dedb8033c251e747720f90900ccea1.tar.gz |
o Note that packets diverted using a 'divert' socket, and then
reinserted by a userland process, will lose a number of packet
attributes, including their source interface. This may affect
the behavior of later rules, and while not strictly a BUG, may
cause unexpected behavior if not clearly documented. A similar
note for natd(8) might be desirable.
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 975ecca..b465609 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1379,6 +1379,15 @@ Packets that match a rule should not be immediately accepted, but should continue going through the rule list. This may be fixed in a later version. +.Pp +Packets diverted to userland, and then reinserted by a userland process +(such as +.Xr natd 8 ) +will lose various packet attributes, including their source interface. +If a packet is reinserted in this manner, later rules may be incorrectly +applied, making the order of +.Cm divert +rules in the rule sequence very important. .Sh AUTHORS .An Ugen J. S. Antsilevich , .An Poul-Henning Kamp , |