1 files changed, 18 insertions, 6 deletions

diff --git a/share/man/man4/divert.4 b/share/man/man4/divert.4
index 91ca105eab7..e7eeac6726a 100644
--- a/share/man/man4/divert.4
+++ b/share/man/man4/divert.4
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: divert.4,v 1.11 2012/10/24 22:57:41 jmc Exp $
+.\"     $OpenBSD: divert.4,v 1.12 2013/06/01 18:41:43 lteo Exp $
 .\"
 .\" Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 24 2012 $
+.Dd $Mdocdate: June 1 2013 $
 .Dt DIVERT 4
 .Os
 .Sh NAME
@@ -43,10 +43,18 @@ and
 .Xr udp 4 .
 When
 .Xr pf 4
-processes a packet that matches a divert rule (see
+processes a packet that matches a rule with the
+.Ar divert-packet
+parameter
+(see
 .Xr pf.conf 5
 for details) it is immediately sent to the divert socket listening on the
-port specified in the rule.
+divert port specified in the rule.
+Note that
+.Ar divert-packet
+should not be confused with
+.Ar divert-to ,
+which does not use divert sockets.
 .Xr pf 4
 reassembles TCP streams by default (if IP reassembly is not disabled)
 before sending them to the divert sockets.
@@ -63,8 +71,12 @@ kernel.
 After being reinjected, inbound and outbound packets are treated differently.
 Inbound packets are added to the relevant input queue and a soft interrupt is
 scheduled to signal that a new packet is ready to be processed; outbound ones
-are processed directly by the relevant IP/IPv6 output function.
-The packets' checksums are recalculated upon reinjection.
+are processed directly by the relevant IPv4/IPv6 output function.
+Since the userspace application could have modified the packets, upon
+reinjection basic sanity checks are done to ensure that the packets are still
+valid.
+The packets' IPv4 and protocol checksums (TCP, UDP, ICMP, and ICMPv6) are also
+recalculated.
 .Pp
 Writing to a divert socket can be achieved using
 .Xr sendto 2