Add support for divert sockets. They allow you to:

- queue packets from pf(4) to a userspace application
- reinject packets from the application into the kernel stack.

The divert socket can be bound to a special "divert port" and will
receive every packet diverted to that port by pf(4).

The pf syntax is pretty simple, e.g.:

pass on em0 inet proto tcp from any to any port 80 divert-packet port 8000

test, bugfix and ok by reyk@
manpage help and ok by jmc@
no objections from many others.

1 files changed, 8 insertions, 2 deletions

diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3
index e6d47ddc9ec..7e40c4c22e5 100644
--- a/lib/libc/gen/sysctl.3
+++ b/lib/libc/gen/sysctl.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.3,v 1.187 2009/06/09 22:24:40 jmc Exp $
+.\"	$OpenBSD: sysctl.3,v 1.188 2009/09/08 17:00:40 michele Exp $
 .\"
 .\" Copyright (c) 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 9 2009 $
+.Dd $Mdocdate: September 8 2009 $
 .Dt SYSCTL 3
 .Os
 .Sh NAME
@@ -1128,6 +1128,8 @@ The currently defined protocols and names are:
 .It carp	allow	integer	yes
 .It carp	log	integer	yes
 .It carp	preempt	integer	yes
+.It divert	recvspace	integer	yes
+.It divert	sendspace	integer	yes
 .It esp	enable	integer	yes
 .It esp	udpencap	integer	yes
 .It esp	udpencap_port	integer	yes
@@ -1240,6 +1242,10 @@ another active master.
 If set to any other value, carp will become master of the virtual host if it
 believes it can send advertisements more frequently than the current master.
 Disabled by default.
+.It Li divert.recvspace
+Returns the default divert receive buffer size.
+.It Li divert.sendspace
+Returns the default divert send buffer size.
 .It Li esp.enable
 If set to 1, enable the Encapsulating Security Payload
 .Pq ESP