Add support for divert sockets. They allow you to:

- queue packets from pf(4) to a userspace application
- reinject packets from the application into the kernel stack.

The divert socket can be bound to a special "divert port" and will
receive every packet diverted to that port by pf(4).

The pf syntax is pretty simple, e.g.:

pass on em0 inet proto tcp from any to any port 80 divert-packet port 8000

test, bugfix and ok by reyk@
manpage help and ok by jmc@
no objections from many others.

1 files changed, 3 insertions, 3 deletions

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 5e86421708f..1a7b0029d9d 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.291 2009/09/01 13:42:00 henning Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.292 2009/09/08 17:00:41 michele Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -60,7 +60,7 @@ struct ip6_hdr;
 enum	{ PF_INOUT, PF_IN, PF_OUT };
 enum	{ PF_PASS, PF_DROP, PF_SCRUB, PF_NOSCRUB, PF_NAT, PF_NONAT,
 	  PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP, PF_DEFER,
-	  PF_MATCH };
+	  PF_MATCH, PF_DIVERT };
 enum	{ PF_RULESET_FILTER, PF_RULESET_NAT, PF_RULESET_BINAT,
 	  PF_RULESET_RDR, PF_RULESET_MAX };
 enum	{ PF_OP_NONE, PF_OP_IRG, PF_OP_EQ, PF_OP_NE, PF_OP_LT,
@@ -622,7 +622,7 @@ struct pf_rule {
 	struct {
 		struct pf_addr		addr;
 		u_int16_t		port;
-	}			divert;
+	}			divert, divert_packet;
 };
 
 /* rule flags */