divert-reply not working

Hi all,
I am facing to a problem trying to use divert-reply with pf while trying to start it
# service pf start
Enabling pf/etc/pf.conf:6: divert-reply has no meaning in FreeBSD pf(4)
pfctl: Syntax error in config file: pf rules not loaded

# kldstat
Id Refs Address  Size  Name
1  20 0xffffffff80200000 17bc6a8  kernel
2  1 0xffffffff819bd000 11990  carp.ko
3  1 0xffffffff81c11000 56c6  fdescfs.ko
4  1 0xffffffff81c17000 114db  ipfw.ko
5  1 0xffffffff81c29000 231a  vmmemctl.ko
6  1 0xffffffff81c2c000 2382  vmxnet.ko
7  1 0xffffffff81c2f000 2d8c  vmblock.ko
8  1 0xffffffff81c32000 89be  vmhgfs.ko
9  1 0xffffffff81c3b000 4cb6  ipdivert.ko
10  1 0xffffffff81c40000 32d6a  pf.ko
divert-reply is present in pf.conf(5) for FreeBSD 10.0-RELEASE, I use 10.3-RELEASE-p4.
Is there any kernel module I must load to enable this feature ?

pf.conf(5) shows:
     divert-to <host> port <port>
           Used to redirect packets to a local socket bound to host and port.
           The packets will not be modified, so getsockname(2) on the socket
           will return the original destination address of the packet.

           Used to receive replies for sockets that are bound to addresses
           which are not local to the machine.  See setsockopt(2) for informa-
           tion on how to bind these sockets.
But they do not work.

"divert-to" does not work.
"divert-reply" does not work in my system 10.3.
sockeks use SO_BINDANY.
It's a bridge with two network interfaces.


anchor "xxx-proxy/*" 
pass in quick log on em1 inet proto tcp from any to port 80 flags S/SA keep state divert-to port 8080
pass out quick log on $ext_if inet proto tcp from any to port 80 flags S/SA keep state divert-reply

pass log all

Below patch does not work either
Last edited by a moderator: