CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2021/05/25 20:38:01
Modified files:
sys/net : if_veb.c
Log message:
support divert-to when pf applies it to a packet.
when a divert-to rule applies to a packet, pf doesnt take the packet
away and shove it in the socket directly. pf marks the packet, and
then ip (or ipv6) input processing looks at the mark and picks the
local socket to queue it on. because veb operates at layer 2, ip
input processing only occurred if the packet was destined to go
into a vport interface.
bridge(4) handles this by checking if the packet has the pf divert
to mark set on it and calls ip input if it's set. this copies the
semantic to veb.
this allows divert-to to steal (take?) packets going over a veb and
process them on a local socket.
reported by ajacatot@
