Divertd - a divert(4) socket using daemon.

NAME:
	divertd - Light Ids daemon

SYNOPSIS:
	divertd [-c configfile]

DESCRIPTION:
	The divertd daemon is able to listen divert(4) sockets, using a patched 
libpcap, and log packets, and do some specials treatments.

RUNNING divertd:
	Only on FreeBSD -current right now, using ipfw2 implementation.

	You'll need to patch libpcap with "pcap.divert.patch"
	$ cd /usr/src/contrib/libpcap
	$ patch -p1 < /path/to/pcap.divert.patch
	$ cd /usr/src/lib/libpcap
	$ make && make install

	To compile divertd, a simple 

	You'll need firewall rules like:

	ipfw add 2999 divert 1 log ip from any to any

	Warning: these rules are like "deny". They stop every treatment of the 
packets. A 'ReInject' option is existing in divertd to send the packet back 
into the packet filter.

CONFIGURATION OPTIONS:
	You may have in your favorite divertd.conf:

	DivertPort <number> : Specify the divert port to use (in the last rule 
in RUNNING divertd section, it'll be '1'.)

	DebugMode : Active the debug mode (Doesn't fork.)

	PcapLogFile <file> : Specify the pcap format logging file.

	/* XXX: List others options */
	ReInject
	AddDivertRule
	NumberPacketsForDivert
	TimeOutDivert
	NextDivertRuleNumber
	LastDivertRuleNumber
	AddRejectRule
	NumberPacketsForReject
	TimeOutReject
	NextRejectRuleNumber
	LastRejectRuleNumber
	

SEE ALSO:
	divert(4), pcap(3), ipfw(8)

AUTHOR:
	Patrick MARIE <mycroft@virgaria.org>

THANKS:
	Le_Daim <le_daim@ledaim.org> : Teaching me all pcap, ipfw2 and divert(4) 
stuff.


TODO:
	* IPFW support (for 4.x)
	* May be (i certainly won't do it) iptables support 
	  (as there seems to exists divert sockets on linux)
	* NullRoute option
	* Dump all rules and status tables in order to reload them after
	  a deamon shutdown/restart
	* TrustedIP, TrustedNetwork options: to avoid some ips to be 
	  firewalled by error. (against attacks)
	  (like localhost, admins host, etc..)

IDEAS:
	* Report the packets to Dshield.org

	* Reroute/rewrite all my outgoing port 25 mail to some
	  magic smart host over an userland ssh connection.

	* nice idea.. procmail for packets.

BUGS:
	* unknown. Still some /* XXX */ to correct, but no major bugs.
