On Sat, 25 Jul 2020 13:29:57 +0200
Alexander Bluhm <alexander.bl...@gmx.net> wrote:
> On Sat, Jul 25, 2020 at 08:20:21PM +0900, YASUOKA Masahiko wrote:
>> Currently SO_BINDANY is usable without any divert or divert-reply
>> rule.
>
> This is why we have the divert-reply feature. Just mark the states
> with that keyword when you want to use them with SO_BINDANY.
Thanks,
Let me clarify whether I understand correctly.
| @@ -1410,9 +1410,7 @@ pf_remove_divert_state(struct pf_state_k
| struct pf_state_item *si;
|
| TAILQ_FOREACH(si, &sk->states, entry) {
| - if (sk == si->s->key[PF_SK_STACK] && si->s->rule.ptr &&
| - (si->s->rule.ptr->divert.type == PF_DIVERT_TO ||
| - si->s->rule.ptr->divert.type == PF_DIVERT_REPLY)) {
| + if (sk == si->s->key[PF_SK_STACK]) {
| pf_remove_state(si->s);
| break;
| }
|
Is this part a reason why we have "divert-reply"?
> See man setsockopt
Yes, I have checked the API already.
> Is that not possible for you?
It's possible.
--yasuoka
