Convert IPDIVERT into a loadable module. This makes use of the dynamic loadability

of protocols.  The call to divert_packet() is done through a function pointer.  All
semantics of IPDIVERT remain intact.  If IPDIVERT is not loaded ipfw will refuse to
install divert rules and  natd will complain about 'protocol not supported'.  Once
it is loaded both will work and accept rules and open the divert socket.  The module
can only be unloaded if no divert sockets are open.  It does not close any divert
sockets when an unload is requested but will return EBUSY instead.

1 files changed, 2 insertions, 4 deletions

diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index c45a04f..36b4e48 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -35,7 +35,6 @@
 #if !defined(KLD_MODULE)
 #include "opt_ipfw.h"
 #include "opt_ipdn.h"
-#include "opt_ipdivert.h"
 #include "opt_inet.h"
 #include "opt_ipsec.h"
 #ifndef INET
@@ -3077,9 +3076,8 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 
 		case O_DIVERT:
 		case O_TEE:
-#ifndef	IPDIVERT
-			return EINVAL;
-#endif
+			if (ip_divert_ptr == NULL)
+				return EINVAL;
 		case O_FORWARD_MAC: /* XXX not implemented yet */
 		case O_CHECK_STATE:
 		case O_COUNT: