diff options
author | brian <brian@FreeBSD.org> | 1997-11-08 01:02:08 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 1997-11-08 01:02:08 +0000 |
commit | ded7d50b91c66146334f8225548768c2108ed9ca (patch) | |
tree | 901a693a1c1df943e1eec4759e62ee7fc7af5cb1 /share | |
parent | cf98226436ed56bb8bafd7a981bf6c0ce0622912 (diff) | |
download | FreeBSD-src-ded7d50b91c66146334f8225548768c2108ed9ca.zip FreeBSD-src-ded7d50b91c66146334f8225548768c2108ed9ca.tar.gz |
Update the LOOP AVOIDANCE section to reflect reality.
Requested by: Archie Cobbs <archie@whistle.com>
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man4/divert.4 | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/share/man/man4/divert.4 b/share/man/man4/divert.4 index ca0f1bf..b01a7c2 100644 --- a/share/man/man4/divert.4 +++ b/share/man/man4/divert.4 @@ -1,4 +1,4 @@ -.\" $Id: divert.4,v 1.7 1997/02/22 13:24:27 peter Exp $ +.\" $Id: divert.4,v 1.8 1997/03/19 19:47:27 bde Exp $ .\" .Dd June 18, 1996 .Dt DIVERT 4 @@ -77,20 +77,21 @@ unmodified to .Xr sendto 2 simplifies things. .Sh LOOP AVOIDANCE -To avoid having a packet sent from a divert socket rediverted back -to the same socket, use the -.Xr sendto 2 -system call supplying any non-zero destination port number. -This indicates to -.Xr ipfw 8 -and other diverting mechanisms to not divert the packet back -to the same socket it was written from. +Packets written into a divert socket (using +.Xr sendto 2 ) +are never rediverted back to the same socket. This means that a +given packet (either incoming or outgoing) will be diverted to a +given socket once and once only. .Pp -Since -.Xr ipfw -checks incoming as well as outgoing packets, -a packet written as incoming may get checked twice. -Loop avoidance will be enabled for both checks. +.Xr Ipfw 8 +rules are executed in order, each time the packet passes through +the kernel, but only up until a matching +.Nm +rule applies. On the second pass, after the packet has been diverted, +the divert rule is ignored and any subsequent +.Xr ipfw 8 +rules are applied. For this reason, it is normally best to specify your +divert rules prior to any others. .Sh DETAILS To enable divert sockets, your kernel must be compiled with the option .Dv IPDIVERT . |