From owner-man-jp-reviewer@jp.freebsd.org  Fri Aug 20 03:04:43 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id DAA05650;
	Fri, 20 Aug 1999 03:04:43 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from mail.yk.rim.or.jp (root@mail.yk.rim.or.jp [202.247.130.37])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id DAA05645
	for <man-jp-reviewer@jp.freebsd.org>; Fri, 20 Aug 1999 03:04:42 +0900 (JST)
	(envelope-from k-horik@yk.rim.or.jp)
Received: from localhost (pl076.nas112.yokosuka.nttpc.ne.jp [210.165.198.76])
	by mail.yk.rim.or.jp (8.8.8/3.6W-RIMNET-98-06-09) with ESMTP id DAA26814
	for <man-jp-reviewer@jp.freebsd.org>; Fri, 20 Aug 1999 03:04:40 +0900 (JST)
To: man-jp-reviewer@jp.freebsd.org
lSubject: Re: [man-jp-reviewer 1519] divert.4
In-Reply-To: Your message of "Thu, 19 Aug 1999 21:16:44 +0900"
	<14267.62892.635452.50483J@oz.prd.fc.nec.co.jp>
References: <14267.62892.635452.50483J@oz.prd.fc.nec.co.jp>
Mime-Version: 1.0
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990820030418P.k-horik@yk.rim.or.jp>
Date: Fri, 20 Aug 1999 03:04:18 +0900
From: Kazuo Horikawa <k-horik@yk.rim.or.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 205
Reply-To: man-jp-reviewer@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: man-jp-reviewer 1520
Subject: [man-jp-reviewer 1520] (No Subject in original)
Errors-To: owner-man-jp-reviewer@jp.freebsd.org
Sender: owner-man-jp-reviewer@jp.freebsd.org
X-Originator: k-horik@yk.rim.or.jp

 $BKY@n$G$9!#(B

> divert.4 $B$N=iLu$G$9!#(B
> 
> $BFbMF$rA4A3M}2r$7$F$$$J$$$N$G%R%I%$$G$9!#<1<T$NJ}!"C!$$$F$/$@$5$$!#(B
 $BJ,$+$kHO0O$G!#(B


> .Nd $B%+!<%M%k%Q%1%C%H$N1*2s%a%+%K%:%`(B
 kernel packet divert mechanism $B$N(B kernel $B$O!"(Bdivert $B$^$?$O(B mechanism 
$B$r=$>~$7$F$$$k$H;W$$$^$9!#!V%+!<%M%k%Q%1%C%H!W$H$$$&%Q%1%C%H$N$3$H$r(B
$B8@5Z$7$F$$$k$N$G$O$J$$$H;W$$$^$9!#(B
 $B$H$9$k$H(B
	$B%+!<%M%k$K$h$k%Q%1%C%H1*2s%a%+%K%:%`(B
$B$J$I$,$h$$$+$b$7$l$^$;$s!#(B


> .Sh $B2r@b(B
[$BN,(B]
> bind $B$G$N(B IP $B%"%I%l%9$OL5;k$5$l!"%]!<%HHV9f$N$_$,0UL#$r;}$A$^$9!#(B
> $B1*2s%]!<%H$K%P%$%s%I$5$l$?1*2s%=%1%C%H$O2?$i$+(B ($B$3$3$G$OFCDj$7$^$;$s(B) $B$N(B
> $B%+!<%M%k%a%+%K%:%`$K$h$C$F$=$N%]!<%H$K1*2s$5$l$?A4$F$N%Q%1%C%H$r<u?.$7$^$9!#(B
> $B%Q%1%C%H$O1*2s%]!<%H$K=q$-9~$`$3$H$b$G$-$^$9!#(B
          $B$r(B

> $B$=$N>l9g$O%+!<%M%k$N(B IP $B%Q%1%C%H=hM}$K:F$SF~NO$5$l$^$9!#(B
> .Pp
> $BDL>o!"1*2s%=%1%C%H$O(B FreeBSD $B$N%Q%1%C%H%U%#%k%?%j%s%0$N<BAu$d(B
> .Xr ipfw 8
> $B%W%m%0%i%`$K4XO"$7$F;H$o$l$^$9!#(B
            $B$H6&$K;H$o$l$^$9!#(B


> .Sh $B%Q%1%C%H$rFI$`(B
[$BN,(B]
> .Xr recvfrom 2
> $B$K%j%?!<%s$5$l$k%"%I%l%9$K$O!"(B
> $B%Q%1%C%H$r1*2s$5$;$k$b$N$K$h$C$FDs6!$5$l$k(B
> $B$$$/$D$+$N%?%0$X$N%]!<%H%;%C%H(B ($BDL>o$O(B ipfw $B%k!<%kHV9f(B) $B$H!"(B
> $B%Q%1%C%H$NF~NO$N>l9g$O%Q%1%C%H$r<u?.$7$?%$%s%?%U%'!<%9$N(B
> ($B:G=i$N(B) $B%"%I%l%9(B ($B%Q%1%C%HF~NO$N>l9g(B)
> $B$b$7$/$O(B
> .Dv INADDR_ANY
> ($B%Q%1%C%H$N=PNO$N>l9g(B) $B$X$N(B IP $B%"%I%l%9%;%C%H$,4^$^$l$^$9!#(B
 o set $B$O(B set $B$N2a5nJ,;l$@$H;W$$$^$9!#(B
 o some $B$O!V$J$s$i$+$N!W$N0UL#$@$H;W$$$^$9!#(B(tag $B$OC1?t(B)

	$B8e<T$,JV$9%"%I%l%9$G$O!"(B
	$B%]!<%H$K$O%Q%1%C%H1*2s<T$,Ds6!$9$k$J$s$i$+$s$N%?%0(B
	($BDL>o$O(B ipfw $B$N%k!<%kHV9f(B) $B$,@_Dj$5$l!"(B
	IP $B%"%I%l%9$K$O(B
	($BF~NO%Q%1%C%H$N>l9g(B) $B%Q%1%C%H$,<u?.$5$l$?(B
	($B:G=i$N(B) $B%$%s%?%U%'!<%9%"%I%l%9$+(B
	($B=PNO%Q%1%C%H$N>l9g(B) INADDR_ANY $B$,@_Dj$5$l$^$9!#(B

$B86J8(B
     In the latter case, the address returned will have its port
     set to the some tag supplied by the packet diverter, (usually the ipfw
     rule number) and the IP address set to the (first) address of the inter-
     face on which the packet was received (if the packet was incoming) or
     INADDR_ANY (if the packet was outgoing).


> .Sh $B%Q%1%C%H$r=q$/(B
[$BN,(B]
> $B$b$7%$%s%?%U%'!<%9L>$,8+$D$+$l$P!"(B
> $B$=$N%$%s%?%U%'!<%9$,;H$o$l!"(BIP $B%"%I%l%9$NCM$OL5;k$5$l$^$9(B ($B$=$l$,(B
> .Dv INADDR_ANY
> $B$G$J$$>l9g(B)$B!#(B
 $B3g8LFb$O!"!V$=$l$,(B INADDR_ANY $B$G$O$J$$$H$$$&;v<B$OL5;k$5$l$J$$!W(B
$B$H$$$&0UL#$@$H;W$$$^$9!#(B(INADDR_ANY $B$N>l9g$O(B incoming $B$H$7$F07$&$,!"(B
$B$3$3$G$O(B (INADDR_ANY $B$G$O$J$+$C$?$N$G(B) outgoing $B$H$7$F07$&$3$H$K$7$?(B
$B%Q%1%C%H$K$D$$$F=R$Y$F$$$k(B)

	$B$b$7%$%s%?%U%'!<%9L>$,8+$D$+$l$P!"(B
	$B$=$N%$%s%?%U%'!<%9$,;H$o$l!"(BIP $B%"%I%l%9$NCM$OL5;k$5$l$^$9(B
	($B$=$l$,(B
	.Dv INADDR_ANY
	$B$G$J$$$3$H$OL5;k$5$l$^$;$s(B)$B!#(B
$B$^$?$O(B
	$B$b$7%$%s%?%U%'!<%9L>$,8+$D$+$l$P!"(B
	$B$=$N%$%s%?%U%'!<%9$,;H$o$l!"(BIP $B%"%I%l%9$NCM$O(B (
	.Dv INADDR_ANY
	$B$G$O$J$$$3$H0J30$O(B) $BL5;k$5$l$^$9!#(B
$B$J$I!#(B

 $B86J8(B
     If an interface name is found, that interface will be used and the
     value of the IP address will be ignored (other than the fact that it is
     not INADDR_ANY ).


> $B%Q%1%C%H$rFI$_=P$7$F=q$-La$9;~$K$O!"(B
> .Xr recvfrom 2
> $B$K$h$C$FM?$($i$l$?%=%1%C%H%"%I%l%9$HF1$8$b$N$r!"$=$N$^$^$N7A$G(B
> .Xr sendto 2
> $B$KEO$9$3$H$G=hM}$,C1=c$K$J$j$^$9(B ($B2<5-;2>H(B)$B!#(B
              $BJ*;v$,(B
 $B$3$3$G8@$$$?$$$N$O!"8e$G=R$Y$k(B loop avoidance $B$J$I$,4JC1$K$J$k$H$$$&(B
$B0UL#$@$H;W$&$N$G!"!V=hM}!W$h$j$O!VJ*;v!W$NJ}$,$7$C$/$j$/$k$H;W$$$^$9!#(B
# $B$J$s$H$J$/$7$C$/$j$/$k$HKY@n$,46$8$k$@$1$+$b$7$l$^$;$s(B ^_^;

> .Pp
> .Xr sendto 2 
> $B$XEO$5$l$k%=%1%C%H%"%I%l%9$N%]!<%HItJ,$K$O!"(B
> $B1*2s%b%8%e!<%k$K$H$C$F0UL#$N$"$k%?%0$,4^$^$l$^$9!#(B
> .Xr ipfw 8
> $B$N>l9g$K$O!"%?%0$O%k!<%k$N=hM}$,%j%9%?!<%H$7$?(B
> .Em $B8e$K(B
> $B%k!<%kHV9f$H$7$F2r<a$5$l$^$9!#(B
$B86J8$O!"(B
     In the case of
     Ipfw(8) the tag is interpretted as the rule number after which rule pro-
     cessing should restart.
$B$J$N$G!"(Bafter which $B0J9_$O(B
     rule processing should be restart after the rule number.
     $B$3$N%k!<%kHV9f$N<!$+$i!"%k!<%k=hM}$r:F3+$9$k(B
$B$H$$$&0UL#$G$"$j!"(B
	.Xr ipfw 8
	$B$N>l9g$K$O!"%?%0$O!"(B
	.Em $B$3$N<!$N(B
	$B%k!<%kHV9f$+$i%k!<%k=hM}$r:F3+$9$Y$-$H2r<a$5$l$^$9!#(B
$B$J$I$,E,@Z$@$H;W$$$^$9!#(B
# .Sh LOOP AVOIDANCE $B$N:G=i$NJ8$bF1$8FbMF$NJ8$G$9!#(B


> .Sh $B%k!<%W$N2sHr(B
> $B1*2s%=%1%C%H$X(B (
> .Xr sendto 2
> $B$r;H$C$F(B) $B=q$-9~$^$l$?%Q%1%C%H$O!"(B
> $B%=%1%C%H%"%I%l%9$N%]!<%HItJ,$KM?$($i$l$?%?%0$KB3$/%k!<%kHV9f$K$*$$$F!"(B
                                                              $B$+$i!"(B
# $B$NJ}$,J,$+$j0W$$$H;W$$$^$9!#(B
> $B%Q%1%C%H%U%#%k%?!<$K:FF~$5$l$^$9!#(B
  $B%Q%1%C%H%U%#%k%?$K:FF~NO$5$l$^$9!#(B
# $B%U%#%k%?!<(B -> $B%U%#%k%?(B
# $B!V:FF~!W$O(B reentrant $B$r8@$&$H$-$K;H$&8@MU$J$N$G!"$3$3$G$O$"$^$jE,@Z(B
# $B$G$J$5$=$&$@$H;W$$$^$9!#(B


> .Sh $B>\:Y(B
[$BN,(B]
> $B%Q%1%C%H$O<u?.$5$l$F!"JQ99$J$7$GAw?.$5$l$^$9$,!"(B
> $B=PNO$H$7$F=q$+$l$?%Q%1%C%H$N(B IP $B%X%C%@$N%A%'%C%/%5%`$O(B
> $B@5$7$$CM$K=q$-49$($i$l$^$9!#(B
> $BF~NO$H$7$F=q$+$l!"8m$C$?%A%'%C%/%5%`$r;}$D%Q%1%C%H$O<N$F$i$l$^$9!#(B
> $B$=$l$i0J30$O!"A4$F$N%X%C%@%U%#!<%k%I$OJQ99$5$l$^$;$s(B ($B$9$J$o$A!"(B
> $B%M%C%H%o!<%/%*!<%@$K$J$j$^$9(B)$B!#(B
 $B$3$3$N3g8LFb(B (and therefore in network order) $B$N$D$J$,$j$,$h$/$o$+$i(B
$B$J$$$N$G$9$,!"$I$&$"$k$Y$-$+KY@n$K$O$h$/$o$+$j$^$;$s$G$9!#(B

> 1024 $B$h$j>.$5$$%\!<%HHV9f$X$N%P%$%s%I$K$O!"(B
> $B%?%$%W(B SOCK_RAW $B$N%=%1%C%H$N@8@.$,I,MW$G$"$k$?$a$K!"(B
> $B%9!<%Q%f!<%6%"%/%;%9$,I,MW$H$J$j$^$9!#(B
 $B86J8(B
     Binding to port numbers less than 1024 requires super-user access, as
     does creating a socket of type SOCK_RAW.
$B$N(B as does creating ... $B$O(B as creating ... requres super-user access
$B$G$"$j!"(B
	$B%?%$%W(B SOCK_RAW $B$N%=%1%C%H$N@8@.$K%9!<%Q%f!<%6%"%/%;%9$,(B
	$BI,MW$H$J$k$N$HF1MM$K!"(B
$B$N0UL#$@$H;W$$$^$9!#(B


> .Sh $B%(%i!<(B
[$BN,(B]
> .It Bq Er EADDRNOTAVAIL
> IP $B%"%I%l%9$K4^$^$l$kE>Aw@h%"%I%l%9$,(B
> $B$=$N%$%s%?%U%'!<%9$K$b4XO"$E$1$i$l$F$$$J$$(B
> .Dv INADDR_ANY
> $B$HEy$7$/$"$j$^$;$s!#(B
 o $B!V$=$N%$%s%?%U%'!<%9$K$b4XO"$E$1$i$l$F$$$J$$!W$,JQ$J46$8$G$9!#(B
 o IP address contains the destination address ($B$N2a5n7A(B) $B$G$O$J$/(B
   The destination address contains IP address ($B$N2a5n7A(B)$B!#(B
   (/usr/include/netinet/in.h $B$N(B struct sockaddr_in $B$NDj5A$b;2>H(B)
       
	$BE>Aw@h%"%I%l%9$K4^$^$l$k(B IP $B%"%I%l%9$O!"(B
	.Dv INADDR_ANY
	$B$HEy$7$/$J$/!"(B
	$B$I$N%$%s%?%U%'!<%9$K$b4XO"$E$1$i$l$F$$$^$;$s!#(B
($B$J$I(B) $B$G$O$J$$$G$7$g$&$+!#(B

 $B86J8(B	
                   The destination address contained an IP address not equal
                   to INADDR_ANY that was not associated with any interface.

 IP address contains the destination address $B$N0UL#$@$H$9$k$H!"(B
 The destination address contained in an IP address is not equal to ... 
                                   ^^               ^^
$B$J$I$H$J$k$N$G$O$J$$$G$7$g$&$+!#(B


> $BNc$($P!"B>$N%^%7%s08$N%Q%1%C%H$N$$$/$D$+$N%U%i%0%a%s%H$@$1$,(B
> $B%m!<%+%k%^%7%s7PM3$G%k!<%F%#%s%0$5$l$J$1$l$P!"%Q%1%C%H$,<:$o$l$^$9!#(B
 if only $B$O>r7o@aA4BN$r=$>~$7$F$$$k$N$G$O$J$$$G$7$g$&$+!#(B

	$BNc$($P!"B>$N%^%7%s08$N%Q%1%C%H$N$&$A?t8D$N%U%i%0%a%s%H$,(B
	$B%m!<%+%k%^%7%s7PM3$G%k!<%F%#%s%0$5$l$J$$$@$1$G!"(B

$B86J8(B
     For example, if only some fragments of a packet destined
     for another machine don't get routed through the local machine, the pack-
     et is lost.
--
$BKY@nOBM:(B
