From root@atlantis.dp.ua  Tue Apr 15 14:59:05 2003
Return-Path: <root@atlantis.dp.ua>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E4B1A37B404
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 Apr 2003 14:59:05 -0700 (PDT)
Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7A80643F85
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 Apr 2003 14:59:02 -0700 (PDT)
	(envelope-from root@atlantis.dp.ua)
Received: from homelynx.homenet (q47.atlantis.dp.ua [193.108.47.47])
	by smtp.atlantis.dp.ua (8.12.6p2/8.12.6) with ESMTP id h3FLwnNU096244
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 16 Apr 2003 00:58:49 +0300 (EEST)
	(envelope-from root@atlantis.dp.ua)
Received: from homelynx.homenet (localhost [127.0.0.1])
	by homelynx.homenet (8.12.6/8.12.6) with ESMTP id h3FLwbKV001347
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 16 Apr 2003 00:58:38 +0300 (EEST)
	(envelope-from root@homelynx.homenet)
Received: (from root@localhost)
	by homelynx.homenet (8.12.6/8.12.6/Submit) id h3FLwZWD001346;
	Wed, 16 Apr 2003 00:58:35 +0300 (EEST)
	(envelope-from root)
Message-Id: <200304152158.h3FLwZWD001346@homelynx.homenet>
Date: Wed, 16 Apr 2003 00:58:35 +0300 (EEST)
From: dmitry@atlantis.dp.ua
Reply-To: dmitry@atlantis.dp.ua
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] divert(4) and ipfw(8) manpages are too pessimistic
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         51006
>Category:       docs
>Synopsis:       [PATCH] divert(4) and ipfw(8) manpages are too pessimistic
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dannyboy
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 15 15:00:09 PDT 2003
>Closed-Date:    Sat Jul 19 09:53:08 PDT 2003
>Last-Modified:  Sat Jul 19 09:53:08 PDT 2003
>Originator:     dmitry@atlantis.dp.ua
>Release:        FreeBSD 4.7-RELEASE i386
>Organization:
Atlantis ISP
>Environment:
System: FreeBSD homelynx.homenet 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Tue Mar 25 12:13:03 EET 2003 root@atlantis.atlantis.dp.ua:/usr/src/sys/compile/lynx i386


>Description:

   divert(4) manpage claims:
   
  In the case of an incoming packet the interface name will also be placed
  in the 8 bytes following the address.

However, actual code in /sys/netinet/ip_divert.c records receive interface
name when it's defined for packet and fits in 8 bytes (including trailing
zero byte) both for incoming and outgoing packets. This is correct behaviour,
since it allows ipfw rules for transit packets (having 'out recv IFX xmit IFY'
part) to work correctly after divert rules. Also, ipfw(8) manpage incorrectly
states:

  Packets diverted to userland, and then reinserted by a userland process
  (such as natd(8)) will lose various packet attributes, including
  their source interface.

Actually, natd(8) saves and reuses the sockaddr_in (as suggested in divert(4)),
and thus preserves packet source interface name.

>How-To-Repeat:

    man 4 divert
    man 8 ipfw

>Fix:

 Apply the following patch:
 
--- divert.4.orig	Wed Oct  9 15:45:43 2002
+++ divert.4	Tue Apr 15 23:19:33 2003
@@ -50,8 +50,8 @@
 the interface on which the packet was received (if the packet
 was incoming) or
 .Dv INADDR_ANY
-(if the packet was outgoing). In the case of an incoming packet the interface
-name will also be placed in the 8 bytes following the address,
+(if the packet was outgoing). Incoming interface name (if defined
+for the packet) will also be placed in the 8 bytes following the address,
 (assuming it fits).
 .Sh WRITING PACKETS
 Writing to a divert socket is similar to writing to a raw IP socket;
--- ipfw.8.orig	Wed Oct  9 15:45:23 2002
+++ ipfw.8	Wed Apr 16 00:30:32 2003
@@ -2018,9 +2018,11 @@
 This may be fixed in a later version.
 .Pp
 Packets diverted to userland, and then reinserted by a userland process
+may lose various packet attributes. Packet source interface name
+will be preserved (assuming it is shorter than 8 bytes) if userland process
+saves and reuses the sockaddr_in
 (such as
-.Xr natd 8 )
-will lose various packet attributes, including their source interface.
+.Xr natd 8 ), otherwise it may be lost.
 If a packet is reinserted in this manner, later rules may be incorrectly
 applied, making the order of
 .Cm divert
>Release-Note:
>Audit-Trail:

From: Daniel Harris <dh@askdh.com>
To: freebsd-gnats-submit@FreeBSD.org, dmitry@atlantis.dp.ua
Cc:  
Subject: Re: docs/51006: [PATCH] divert(4) and ipfw(8) manpages are too pessimistic
Date: Tue, 08 Jul 2003 08:21:54 -0400

 I tweaked this a little; please check the accuracy of the patch at 
 http://people.freebsd.org/~dannyboy/divert-and-ipfw.patch
 (reproduced below).
 
 Index: sbin/ipfw/ipfw.8
 ===================================================================
 RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v
 retrieving revision 1.126
 diff -u -r1.126 ipfw.8
 --- sbin/ipfw/ipfw.8	8 Jul 2003 08:07:03 -0000	1.126
 +++ sbin/ipfw/ipfw.8	8 Jul 2003 12:17:19 -0000
 @@ -2119,9 +2119,11 @@
  This may be fixed in a later version.
  .Pp
  Packets diverted to userland, and then reinserted by a userland process
 -(such as
 -.Xr natd 8 )
 -will lose various packet attributes, including their source interface.
 +may lose various packet attributes. The packet source interface name
 +will be preserved (if it is shorter than 8 bytes) if the userland process
 +saves and reuses the sockaddr_in
 +(as does
 +.Xr natd 8 ); otherwise, it may be lost.
  If a packet is reinserted in this manner, later rules may be incorrectly
  applied, making the order of
  .Cm divert
 Index: share/man/man4/divert.4
 ===================================================================
 RCS file: /home/ncvs/src/share/man/man4/divert.4,v
 retrieving revision 1.27
 diff -u -r1.27 divert.4
 --- share/man/man4/divert.4	28 Jun 2003 23:53:37 -0000	1.27
 +++ share/man/man4/divert.4	8 Jul 2003 12:17:19 -0000
 @@ -50,9 +50,9 @@
  the interface on which the packet was received (if the packet
  was incoming) or
  .Dv INADDR_ANY
 -(if the packet was outgoing). In the case of an incoming packet the interface
 -name will also be placed in the 8 bytes following the address,
 -(assuming it fits).
 +(if the packet was outgoing). The interface name (if defined
 +for the packet) will be placed in the 8 bytes following the address,
 +if it fits.
  .Sh WRITING PACKETS
  Writing to a divert socket is similar to writing to a raw IP socket;
  the packet is injected ``as is'' into the normal kernel IP packet
 
 
 Thanks,
 
 -- 
 Daniel Harris
 
 
State-Changed-From-To: open->feedback 
State-Changed-By: dannyboy 
State-Changed-When: Tue Jul 8 05:32:48 PDT 2003 
State-Changed-Why:  
Submitter has been asked for feedback. 


Responsible-Changed-From-To: freebsd-doc->dannyboy 
Responsible-Changed-By: dannyboy 
Responsible-Changed-When: Tue Jul 8 05:32:48 PDT 2003 
Responsible-Changed-Why:  
I'll take this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51006 

From: "Simon L. Nielsen" <simon@nitro.dk>
To: Daniel Harris <dh@askdh.com>
Cc: freebsd-gnats-submit@FreeBSD.org, dmitry@atlantis.dp.ua
Subject: Re: docs/51006: [PATCH] divert(4) and ipfw(8) manpages are too pessimistic
Date: Tue, 8 Jul 2003 15:02:26 +0200

 --OXfL5xGRrasGEqWY
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On 2003.07.08 05:30:13 -0700, Daniel Harris wrote:
 
 Some mdoc(7) and language comments (yes, I noticed they also were in the
 orignal patch):
 
 >  Index: sbin/ipfw/ipfw.8
 >  =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 >  RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v
 >  retrieving revision 1.126
 >  diff -u -r1.126 ipfw.8
 >  --- sbin/ipfw/ipfw.8	8 Jul 2003 08:07:03 -0000	1.126
 >  +++ sbin/ipfw/ipfw.8	8 Jul 2003 12:17:19 -0000
 >  @@ -2119,9 +2119,11 @@
 >   This may be fixed in a later version.
 >   .Pp
 >   Packets diverted to userland, and then reinserted by a userland process
 >  -(such as
 >  -.Xr natd 8 )
 >  -will lose various packet attributes, including their source interface.
 >  +may lose various packet attributes. The packet source interface name
 
 There should be a newline before 'The packet...'.
 
 >  +will be preserved (if it is shorter than 8 bytes) if the userland proce=
 ss
 >  +saves and reuses the sockaddr_in
 
 The double if sounds a bit odd to me, what about :
 
 will be preserved if it is shorter than 8 bytes, and the userland process
 saves and reuses the sockaddr_in
 
 >  +(as does
 >  +.Xr natd 8 ); otherwise, it may be lost.
 
 This should be:
 
 =2EXr natd 8 ) ;
 otherwise, it may be lost.
 
 >  Index: share/man/man4/divert.4
 >  =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 >  RCS file: /home/ncvs/src/share/man/man4/divert.4,v
 >  retrieving revision 1.27
 >  diff -u -r1.27 divert.4
 >  --- share/man/man4/divert.4	28 Jun 2003 23:53:37 -0000	1.27
 >  +++ share/man/man4/divert.4	8 Jul 2003 12:17:19 -0000
 >  @@ -50,9 +50,9 @@
 >   the interface on which the packet was received (if the packet
 >   was incoming) or
 >   .Dv INADDR_ANY
 >  -(if the packet was outgoing). In the case of an incoming packet the int=
 erface
 >  -name will also be placed in the 8 bytes following the address,
 >  -(assuming it fits).
 >  +(if the packet was outgoing). The interface name (if defined
 
 There should be a newline before 'The interface'.
 
 --=20
 Simon L. Nielsen
 
 --OXfL5xGRrasGEqWY
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.2 (FreeBSD)
 
 iD8DBQE/CsDh8kocFXgPTRwRAtakAKC600M+vc8NUfYGymEb7sTYNucbVACg01dL
 0Z5Occ+nElIkClBXiin7PrE=
 =HltR
 -----END PGP SIGNATURE-----
 
 --OXfL5xGRrasGEqWY--

From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To: Daniel Harris <dh@askdh.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: docs/51006: [PATCH] divert(4) and ipfw(8) manpages are too
 pessimistic
Date: Tue, 8 Jul 2003 16:05:02 +0300 (EEST)

 Hello!
 
 On Tue, 8 Jul 2003, Daniel Harris wrote:
 > I tweaked this a little; please check the accuracy of the patch at
 > http://people.freebsd.org/~dannyboy/divert-and-ipfw.patch
 > (reproduced below).
 
  Thank you, your English is better than mine ;) Technically both variants are
 the same, so I think that your patch should be commited.
 
 Sincerely, Dmitry
 -- 
 Atlantis ISP, System Administrator
 e-mail:  dmitry@atlantis.dp.ua
 nic-hdl: LYNX-RIPE
 
State-Changed-From-To: feedback->patched 
State-Changed-By: dannyboy 
State-Changed-When: Tue Jul 8 06:24:48 PDT 2003 
State-Changed-Why:  
Committed to HEAD, MFC to follow in around 10 days. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51006 
State-Changed-From-To: patched->closed 
State-Changed-By: dannyboy 
State-Changed-When: Sat Jul 19 09:52:50 PDT 2003 
State-Changed-Why:  
MFCed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51006 
>Unformatted:
