BSD Kernel Interfaces Manual
divert — kernel packet diversion mechanism
socket(PF_INET , SOCK_RAW , IPPROTO_DIVERT);
To enable support for divert sockets, place the following lines in the kernel configuration file:
Alternatively, to load divert as a module at boot time, add the following lines into the loader.conf(5)
Divert sockets are similar to raw IP sockets, except that they can be bound to a specific divert port via the
bind(2) system call. The IP address in the bind is ignored; only the port number is significant. A div ert
socket bound to a divert port will receive all packets diverted to that port by some (here unspecified) kernel
mechanism(s). Packets may also be written to a divert port, in which case they re-enter kernel IP packet pro-
Divert sockets are normally used in conjunction with FreeBSD’s packet filtering implementation and the
ipfw(8) program. By reading from and writing to a divert socket, matching packets can be passed through
an arbitrary ‘‘filter’’ as they travel through the host machine, special routing tricks can be done, etc.
Packets are diverted either as they are ‘‘incoming’’ or ‘‘outgoing.’’ Incoming packets are diverted after
reception on an IP interface, whereas outgoing packets are diverted before next hop forwarding.
Diverted packets may be read unaltered via read(2), recv(2), or recvfrom(2). In the latter case, the
address returned will have its port set to some tag supplied by the packet diverter, (usually the ipfw rule num-
ber) and the IP address set to the (first) address of the interface on which the packet was received (if the
packet was incoming) or INADDR_ANY (if the packet was outgoing). The interface name (if defined for the
packet) will be placed in the 8 bytes following the address, if it fits.
Writing to a divert socket is simil