ipfw tee fixed [cvs commit: src/sbin/ipfw ipfw.8src/sys/netinet
ip_fw_pfil.c]
Andre Oppermann
andre at freebsd.org
Mon Sep 13 12:01:39 PDT 2004
Ruslan Ermilov wrote:
> On Mon, Sep 13, 2004 at 08:44:12PM +0200, Andre Oppermann wrote:
>
>>Ruslan Ermilov wrote:
>>
>>>On Mon, Sep 13, 2004 at 06:51:56PM +0200, Andre Oppermann wrote:
>>>
>>>
>>>>I've fixed 'ipfw tee' in 6-current. Please try it and report back. This
>>>>is pretty useful for passive packet monitoring.
>>>>
>>>
>>>Just to make it crystal clear for everyone, the tee'd fragments are
>>>still reassembled into a full packet before the diversion, correct?
>>
>>No, they are not. Only diverted packets are reassembled, tee'd packet
>>are not.
>>
>
> Then at least the divert(4) manpage should be updated to document the
> difference in behavior (between "divert" and "tee").
Under BUGS the ipfw(8) man page now says only 'divert' will reassemble
the packet. The old version said both do it. So I've changed that and
removed 'tee' from it. Other than that there is no reference to this
(non-)behaviour anywhere in that man page.
--
Andre
More information about the freebsd-current
mailing list