error in man ipfw / divert
Alex de Kruijff
freebsd at akruijff.dds.nl
Thu Jul 21 21:42:45 GMT 2005
Hi,
I was wrondering is man ipfw wrong here?
man ipfw tells: divert port -
Divert packets that match this rule to the divert(4) socket
bound to port port. The search terminates.
man divert tells:
Packets written into a divert socket (using sendto(2)) re-enter the
packet filter at the rule number following the tag given in the port
part of the socket address, which is usually already set at the rule
number that caused the diversion (not the next rule if there are several
at the same number). If the 'tag' is altered to indicate an alternative
re-entry point, care should be taken to avoid loops, where the same
packet is diverted more than once at the same rule.
I think man ipfw should say something like:
when nothing is listening on the port then the search terminates
when something is listening on the port then the search continues from
the same rule.
--
Alex
More information about the freebsd-ipfw
mailing list