Thanks,
On Sat, 25 Jul 2020 15:00:07 +0200
Alexander Bluhm wrote:
> On Sat, Jul 25, 2020 at 09:37:37PM +0900, YASUOKA Masahiko wrote:
>> Is this part a reason why we have "divert-reply"?
>
> Yes.
>
> Divert rules pass packets to the local network stack. With divert-to
> you specify the socket
On Sat, Jul 25, 2020 at 09:37:37PM +0900, YASUOKA Masahiko wrote:
> Is this part a reason why we have "divert-reply"?
Yes.
Divert rules pass packets to the local network stack. With divert-to
you specify the socket address. This works for incomming connections.
The divert-to address can be 127.
s
> with that keyword when you want to use them with SO_BINDANY.
Thanks,
Let me clarify whether I understand correctly.
| @@ -1410,9 +1410,7 @@ pf_remove_divert_state(struct pf_state_k
| struct pf_state_item*si;
|
| TAILQ_FOREACH(si, &sk->states, entry) {
| -
On Sat, Jul 25, 2020 at 08:20:21PM +0900, YASUOKA Masahiko wrote:
> Currently SO_BINDANY is usable without any divert or divert-reply
> rule.
This is why we have the divert-reply feature. Just mark the states
with that keyword when you want to use them with SO_BINDANY.
See man setsockopt
Is tha
a "divert-to" or "divert-reply" rule. It might be
created by SO_BINDANY.
Index: sys/net/pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.1094
diff -u -p -r1.1094 pf.c
--- sys/net/pf.c 24 Jul 2020 18:17:1
thout a "divert-to" or "divert-reply" rule. It might be
created by SO_BINDANY.
Index: sys/net/pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.1094
diff -u -p -r1.1094 pf.c
--- sys/net/pf.c24 Jul 2020 18:17:15 - 1.1094
+++ sys/net/pf.c25 Ju
