diff options
| author | Michele Marchetto <michele@cvs.openbsd.org> | 2009-10-04 16:08:38 +0000 |
|---|---|---|
| committer | Michele Marchetto <michele@cvs.openbsd.org> | 2009-10-04 16:08:38 +0000 |
| commit | 82b30916c9515794d7aca77e8c937fc5e0455586 (patch) | |
| tree | ce06c3cb91a134e4d7d4cb69f04155cf3c8ba2dc /sbin/sysctl/sysctl.8 | |
| parent | dd5c2f75fe5e092eb892c438f7f87faa2e57fcb6 (diff) | |
Add (again) support for divert sockets. They allow you to:
- queue packets from pf(4) to a userspace application
- reinject packets from the application into the kernel stack.
The divert socket can be bound to a special "divert port" and will
receive every packet diverted to that port by pf(4).
The pf syntax is pretty simple, e.g.:
pass on em0 inet proto tcp from any to any port 80 divert-packet port 1
A lot of discussion have happened since my last commit that resulted
in many changes and improvements.
I would *really* like to thank everyone who took part in the discussion
especially canacar@ who spotted out which are the limitations of this approach.
OpenBSD divert(4) is meant to be compatible with software running on
top of FreeBSD's divert sockets even though they are pretty different and will
become even more with time.
discusses with many, but mainly reyk@ canacar@ deraadt@ dlg@ claudio@ beck@
tested by reyk@ and myself
ok reyk@ claudio@ beck@
manpage help and ok by jmc@
Diffstat (limited to 'sbin/sysctl/sysctl.8')
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 2dc2a555fd3..80898888e41 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.151 2009/09/08 17:52:17 michele Exp $ +.\" $OpenBSD: sysctl.8,v 1.152 2009/10/04 16:08:37 michele Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 .\" -.Dd $Mdocdate: September 8 2009 $ +.Dd $Mdocdate: October 4 2009 $ .Dt SYSCTL 8 .Os .Sh NAME @@ -210,6 +210,8 @@ not all of the variables are relevant to all architectures. .It vm.maxslp integer no .It vm.uspace integer no .It fs.posix.setuid integer yes +.It net.inet.divert.recvspace integer yes +.It net.inet.divert.sendspace integer yes .It net.inet.ip.forwarding integer yes .It net.inet.ip.redirect integer yes .It net.inet.ip.ttl integer yes @@ -444,6 +446,8 @@ definitions for third level virtual memory identifiers .It Aq Pa netinet/in.h definitions for third level IPv4/v6 identifiers and fourth level IPv4/v6 identifiers +.It Aq Pa netinet/ip_divert.h +definitions for fourth level divert identifiers .It Aq Pa netinet/icmp_var.h definitions for fourth level ICMP identifiers .It Aq Pa netinet6/icmp6.h |