This way, the first time sysmerge is run on a new box, it will already
have reference sums needed for automatic processing.
Original idea from and discussed with deraadt@
"commit it" deraadt@, tweaks and ok millert
o only stop processing if inet or inet6 lines are malformed
o everything not a specially handled bit is passed to ifconfig unmangled
noticed by several after the move from bridgename.bridge0 -> hostname.bridge0
prodded by deraadt@, tested by and feedback from several
man page bits 'look fine' jmc@
- queue packets from pf(4) to a userspace application
- reinject packets from the application into the kernel stack.
The divert socket can be bound to a special "divert port" and will
receive every packet diverted to that port by pf(4).
The pf syntax is pretty simple, e.g.:
pass on em0 inet proto tcp from any to any port 80 divert-packet port 1
A lot of discussion have happened since my last commit that resulted
in many changes and improvements.
I would *really* like to thank everyone who took part in the discussion
especially canacar@ who spotted out which are the limitations of this approach.
OpenBSD divert(4) is meant to be compatible with software running on
top of FreeBSD's divert sockets even though they are pretty different and will
become even more with time.
discusses with many, but mainly reyk@ canacar@ deraadt@ dlg@ claudio@ beck@
tested by reyk@ and myself
ok reyk@ claudio@ beck@
manpage help and ok by jmc@
attempts to "ifconfig carp down" noticed by david@.
- use non-descriptive variables names rather than $if/$junk to encourage
people reading the code to think what it's doing; many of the output lines
are not interface names.
ok david@
Spotted by deraadt@. These were used to bring down carp ifaces
cleanly; replace with shell features.
ok deraadt@, henning@. "Much mo' better" blambert@.
ajacoutot