From owner-freebsd-ipfw@FreeBSD.ORG  Wed Nov  4 16:50:03 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6D6681065692
	for <freebsd-ipfw@freebsd.org>; Wed,  4 Nov 2009 16:50:03 +0000 (UTC)
	(envelope-from jakub.bednar@avg.com)
Received: from ms.grisoft.cz (ms.avg.com [193.85.188.248])
	by mx1.freebsd.org (Postfix) with ESMTP id 2A6DA8FC20
	for <freebsd-ipfw@freebsd.org>; Wed,  4 Nov 2009 16:50:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by ms.grisoft.cz (Postfix) with SMTP id A4DF65B00FC
	for <freebsd-ipfw@freebsd.org>; Wed,  4 Nov 2009 17:37:23 +0100 (CET)
Received: from deimos.cz.avg.com (unknown [192.168.200.161])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by ms.grisoft.cz (Postfix) with ESMTP id 8F8FA5B00F0
	for <freebsd-ipfw@freebsd.org>; Wed,  4 Nov 2009 17:37:23 +0100 (CET)
Received: from [192.168.194.133] (192.168.194.133) by mail.cz.avg.com
	(192.168.200.162) with Microsoft SMTP Server id 8.2.176.0;
	Wed, 4 Nov 2009 17:37:23 +0100
From: jakub <jakub.bednar@avg.com>
To: <freebsd-ipfw@freebsd.org>
Content-Type: text/plain
Date: Wed, 4 Nov 2009 17:37:23 +0100
Message-ID: <1257352643.7731.8.camel@dell>
MIME-Version: 1.0
X-Mailer: Evolution 2.22.3.1 
Content-Transfer-Encoding: 7bit
Subject: Diverting sockets and streams
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 16:50:03 -0000

Hi list,

I have a newbie question about divert sockets but I can't find a direct
answer.

I have a rule like this:

ipfw add divert 5555 tcp from me to any 80 keep-state

If I understand it correctly, in order to check the data stream properly
I have to deal with:

1. packet reordering
2. packet duplication

so basically I have to implement part of the TCP stack in my app.

I don't have to bother with fragmentation (according to man pages).
I won't be able to understand IPSec packets as I will get encrypted IP
frames.

Am I correct?  Or can you please tell me how it really works?

Thanks a lot,

Jakub