diff options
| author | Michele Marchetto <michele@cvs.openbsd.org> | 2009-10-04 16:08:38 +0000 |
|---|---|---|
| committer | Michele Marchetto <michele@cvs.openbsd.org> | 2009-10-04 16:08:38 +0000 |
| commit | 82b30916c9515794d7aca77e8c937fc5e0455586 (patch) | |
| tree | ce06c3cb91a134e4d7d4cb69f04155cf3c8ba2dc /sbin/sysctl/sysctl.c | |
| parent | dd5c2f75fe5e092eb892c438f7f87faa2e57fcb6 (diff) | |
Add (again) support for divert sockets. They allow you to:
- queue packets from pf(4) to a userspace application
- reinject packets from the application into the kernel stack.
The divert socket can be bound to a special "divert port" and will
receive every packet diverted to that port by pf(4).
The pf syntax is pretty simple, e.g.:
pass on em0 inet proto tcp from any to any port 80 divert-packet port 1
A lot of discussion have happened since my last commit that resulted
in many changes and improvements.
I would *really* like to thank everyone who took part in the discussion
especially canacar@ who spotted out which are the limitations of this approach.
OpenBSD divert(4) is meant to be compatible with software running on
top of FreeBSD's divert sockets even though they are pretty different and will
become even more with time.
discusses with many, but mainly reyk@ canacar@ deraadt@ dlg@ claudio@ beck@
tested by reyk@ and myself
ok reyk@ claudio@ beck@
manpage help and ok by jmc@
Diffstat (limited to 'sbin/sysctl/sysctl.c')
| -rw-r--r-- | sbin/sysctl/sysctl.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index 3ce2fd6f8ca..8ca864e29b0 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.164 2009/09/08 17:52:17 michele Exp $ */ +/* $OpenBSD: sysctl.c,v 1.165 2009/10/04 16:08:37 michele Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -40,7 +40,7 @@ static const char copyright[] = #if 0 static const char sccsid[] = "@(#)sysctl.c 8.5 (Berkeley) 5/9/95"; #else -static const char rcsid[] = "$OpenBSD: sysctl.c,v 1.164 2009/09/08 17:52:17 michele Exp $"; +static const char rcsid[] = "$OpenBSD: sysctl.c,v 1.165 2009/10/04 16:08:37 michele Exp $"; #endif #endif /* not lint */ @@ -82,6 +82,7 @@ static const char rcsid[] = "$OpenBSD: sysctl.c,v 1.164 2009/09/08 17:52:17 mich #include <netinet/ip_gre.h> #include <netinet/ip_ipcomp.h> #include <netinet/ip_carp.h> +#include <netinet/ip_divert.h> #include <net/pfvar.h> #include <net/if_pfsync.h> @@ -549,7 +550,8 @@ parse(char *string, int flags) (mib[2] == IPPROTO_IPCOMP && mib[3] == IPCOMPCTL_STATS) || (mib[2] == IPPROTO_ICMP && mib[3] == ICMPCTL_STATS) || (mib[2] == IPPROTO_CARP && mib[3] == CARPCTL_STATS) || - (mib[2] == IPPROTO_PFSYNC && mib[3] == PFSYNCCTL_STATS)) { + (mib[2] == IPPROTO_PFSYNC && mib[3] == PFSYNCCTL_STATS) || + (mib[2] == IPPROTO_DIVERT && mib[3] == DIVERTCTL_STATS)) { if (flags == 0) return; warnx("use netstat to view %s information", @@ -1322,6 +1324,7 @@ struct ctlname mobileipname[] = MOBILEIPCTL_NAMES; struct ctlname ipcompname[] = IPCOMPCTL_NAMES; struct ctlname carpname[] = CARPCTL_NAMES; struct ctlname pfsyncname[] = PFSYNCCTL_NAMES; +struct ctlname divertname[] = DIVERTCTL_NAMES; struct ctlname bpfname[] = CTL_NET_BPF_NAMES; struct ctlname ifqname[] = CTL_IFQ_NAMES; struct list inetlist = { inetname, IPPROTO_MAXID }; @@ -1576,6 +1579,15 @@ struct list inetvars[] = { { 0, 0 }, { 0, 0 }, { pfsyncname, PFSYNCCTL_MAXID }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { divertname, DIVERTCTL_MAXID }, }; struct list bpflist = { bpfname, NET_BPF_MAXID }; struct list ifqlist = { ifqname, IFQCTL_MAXID }; |