divert-reply not working

Hi all,
I am facing to a problem trying to use divert-reply with pf while trying to start it
Code:
# service pf start
Enabling pf/etc/pf.conf:6: divert-reply has no meaning in FreeBSD pf(4)
pfctl: Syntax error in config file: pf rules not loaded

# kldstat
Id Refs Address  Size  Name
1  20 0xffffffff80200000 17bc6a8  kernel
2  1 0xffffffff819bd000 11990  carp.ko
3  1 0xffffffff81c11000 56c6  fdescfs.ko
4  1 0xffffffff81c17000 114db  ipfw.ko
5  1 0xffffffff81c29000 231a  vmmemctl.ko
6  1 0xffffffff81c2c000 2382  vmxnet.ko
7  1 0xffffffff81c2f000 2d8c  vmblock.ko
8  1 0xffffffff81c32000 89be  vmhgfs.ko
9  1 0xffffffff81c3b000 4cb6  ipdivert.ko
10  1 0xffffffff81c40000 32d6a  pf.ko
.
divert-reply is present in pf.conf(5) for FreeBSD 10.0-RELEASE, I use 10.3-RELEASE-p4.
Is there any kernel module I must load to enable this feature ?

Thanks
 
pf.conf(5) shows:
Code:
     divert-to <host> port <port>
           Used to redirect packets to a local socket bound to host and port.
           The packets will not be modified, so getsockname(2) on the socket
           will return the original destination address of the packet.

     divert-reply
           Used to receive replies for sockets that are bound to addresses
           which are not local to the machine.  See setsockopt(2) for informa-
           tion on how to bind these sockets.
But they do not work.

"divert-to" does not work.
"divert-reply" does not work in my system 10.3.
sockeks use SO_BINDANY.
It's a bridge with two network interfaces.

Code:
int_if="em1"
ext_if="em0"

anchor "xxx-proxy/*" 
pass in quick log on em1 inet proto tcp from any to 192.168.3.5 port 80 flags S/SA keep state divert-to 127.0.0.1 port 8080
pass out quick log on $ext_if inet proto tcp from any to 192.168.3.5 port 80 flags S/SA keep state divert-reply

pass log all

Below patch does not work either
https://people.freebsd.org/~pjd/patches/transparent_proxy.patch
 
Last edited by a moderator:
Back
Top