On 2026/02/03 08:21, William B. wrote: > I suspect I will be fine once I apply the referenced patch, without it there > is no divert for > PF to route to. I am a bit surprised it is not enabled by default and there > is not a > straightforward way to enable it aside from patching the kernel given that > divert is regularly > mentioned in the OpenBSD documentation.
That is not correct, you misunderstand what the diff is doing. Divert sockets *are* already enabled by default and generally working. Whatever problem you have with suricata is something else and will not be fixed by bluhm's patch (which just fixes the export used by netstat). > > Are your "divert-packet" PF rules actually getting hit? Check your > packets / bytes / state creations counters in "pfctl -sr -v | grep > -A2 divert-packet". >
