On Thu, May 05, 2011 at 23:56, Stuart Henderson wrote: >> > That change is correct but I'm not sure about keeping this example >> > code at all. We've had divert-to since OpenBSD 4.4 - when this is used >> > instead of rdr-to the destination address is preserved, so it can be >> > fetched with getsockname() without the DIOCNATLOOK dance.
> looking through the ports tree, there are two occasions where > DIOCNATLOOK is used that can't be replaced with divert-to/getsockname: > ftpsesame, which needs to lookup addresses gleaned from BPF captured > connections, and oidentd which needs to lookup in response to ident > requests. does anyone think it's worth keeping the example for cases > like these? (personally I don't, but could be persuaded otherwise > if people feel strongly about it). Sorry I'm late to the party. Can we put the DIOCNATLOOK example back? It was added like 900 years ago in response to a question I asked dhartmei, and I actually still use it. I just read the man page again expecting to find it. In my case I've never used rdr-to or divert-to, just plain nat, doing stuff like what oidentd does.
