Add support for divert sockets. They allow you to:

- queue packets from pf(4) to a userspace application
- reinject packets from the application into the kernel stack.

The divert socket can be bound to a special "divert port" and will
receive every packet diverted to that port by pf(4).

The pf syntax is pretty simple, e.g.:

pass on em0 inet proto tcp from any to any port 80 divert-packet port 8000

test, bugfix and ok by reyk@
manpage help and ok by jmc@
no objections from many others.

1 files changed, 6 insertions, 2 deletions

diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index b6066f83b37..734eb67458b 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.8,v 1.149 2009/06/03 21:49:05 beck Exp $
+.\"	$OpenBSD: sysctl.8,v 1.150 2009/09/08 17:00:41 michele Exp $
 .\"	$NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
 .\"
 .\" Copyright (c) 1993
@@ -30,7 +30,7 @@
 .\"
 .\"	@(#)sysctl.8	8.2 (Berkeley) 5/9/95
 .\"
-.Dd $Mdocdate: June 3 2009 $
+.Dd $Mdocdate: September 8 2009 $
 .Dt SYSCTL 8
 .Os
 .Sh NAME
@@ -210,6 +210,8 @@ not all of the variables are relevant to all architectures.
 .It vm.maxslp	integer	no
 .It vm.uspace	integer	no
 .It fs.posix.setuid	integer	yes
+.It net.inet.divert.recvspace	integer	yes
+.It net.inet.divert.sendspace	integer	yes
 .It net.inet.ip.forwarding	integer	yes
 .It net.inet.ip.redirect	integer	yes
 .It net.inet.ip.ttl	integer	yes
@@ -444,6 +446,8 @@ definitions for third level virtual memory identifiers
 .It Aq Pa netinet/in.h
 definitions for third level IPv4/v6 identifiers and
 fourth level IPv4/v6 identifiers
+.It Aq Pa netinet/ip_divert.h
+definitions for fourth level divert identifiers
 .It Aq Pa netinet/icmp_var.h
 definitions for fourth level ICMP identifiers
 .It Aq Pa netinet6/icmp6.h