diff options
author | andre <andre@FreeBSD.org> | 2004-09-13 16:46:05 +0000 |
---|---|---|
committer | andre <andre@FreeBSD.org> | 2004-09-13 16:46:05 +0000 |
commit | eba7c4085ca0d4e9d8cb9060af0fefc31f734223 (patch) | |
tree | 3dbfddeb0db67847ed0c24e0d57c9abc91d26ebe /sbin | |
parent | 578f126aa1a1c761479fe9af84be3fe08f4a03c1 (diff) | |
download | FreeBSD-src-eba7c4085ca0d4e9d8cb9060af0fefc31f734223.zip FreeBSD-src-eba7c4085ca0d4e9d8cb9060af0fefc31f734223.tar.gz |
Make 'ipfw tee' behave as inteded and designed. A tee'd packet is copied
and sent to the DIVERT socket while the original packet continues with the
next rule. Unlike a normally diverted packet no IP reassembly attemts are
made on tee'd packets and they are passed upwards totally unmodified.
Note: This will not be MFC'd to 4.x because of major infrastucture changes.
PR: kern/64240 (and many others collapsed into that one)
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index e0c8055..43c2b52 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 9, 2004 +.Dd September 13, 2004 .Dt IPFW 8 .Os .Sh NAME @@ -672,10 +672,7 @@ Send a copy of packets matching this rule to the .Xr divert 4 socket bound to port .Ar port . -The search terminates and the original packet is accepted -(but see Section -.Sx BUGS -below). +The search continues with the next rule. .It Cm unreach Ar code Discard packets that match this rule, and try to send an ICMP unreachable notice with code @@ -2297,18 +2294,10 @@ regain control of it. .Pp Incoming packet fragments diverted by .Cm divert -or -.Cm tee are reassembled before delivery to the socket. The action used on those packet is the one from the rule which matches the first fragment of the packet. .Pp -Packets that match a -.Cm tee -rule should not be immediately accepted, but should continue -going through the rule list. -This may be fixed in a later version. -.Pp Packets diverted to userland, and then reinserted by a userland process may lose various packet attributes. The packet source interface name |