IPFW divert and tag

[moriya]

I am using FreeBSD 8.1 with

options IPFIREWALL_FORWARD

Is it possible to use divert (to nat) and tag at the same time ?

For example,

divert 8668 ip from any to any tagged 10000
count ip from any to any tagged 10000

or

divert 8668 tag 1111 ip from any to any tagged 10000
count ip from any to any tagged 1111

It looks for me the tag is gone away after diversion.

 

[NickHibma]

From the ipfw man page:

             "Tags are "sticky", meaning once a tag is applied to a packet by a matching
             rule it exists until explicit removal.  Tags are kept with the
             packet everywhere within the kernel, but are lost when packet
             leaves the kernel, for example, on transmitting packet out to the
             network or sending packet to a divert(4) socket."

 

[NickHibma]

Why not revert the count and divert rules? That way it would count, and then divert. That should work.

 

[moriya]

At the time I posted it (a year ago), I looked for the way to apply a forwarding (fwd) rule to diverted packets. (There may have been several divert rules.)
But I gave up it because the service I thought looked no market.
Thank you anyway.