From owner-dev-commits-src-main@freebsd.org Fri Sep 24 09:43:59 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 071FE669A65; Fri, 24 Sep 2021 09:43:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HG6YV5zmLz4cXb; Fri, 24 Sep 2021 09:43:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9EAAE143F7; Fri, 24 Sep 2021 09:43:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18O9hwwS081242; Fri, 24 Sep 2021 09:43:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18O9hw8U081241; Fri, 24 Sep 2021 09:43:58 GMT (envelope-from git) Date: Fri, 24 Sep 2021 09:43:58 GMT Message-Id: <202109240943.18O9hw8U081241@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 00a7a05bde84 - main - pf.conf.5: document dummynet support MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 00a7a05bde8481a58860253daf86661372ae3b72 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2021 09:43:59 -0000 The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=00a7a05bde8481a58860253daf86661372ae3b72 commit 00a7a05bde8481a58860253daf86661372ae3b72 Author: Kristof Provost AuthorDate: 2021-09-10 12:42:44 +0000 Commit: Kristof Provost CommitDate: 2021-09-24 09:41:26 +0000 pf.conf.5: document dummynet support MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31907 --- share/man/man5/pf.conf.5 | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 7b97657d7d1c..1bc7f147e830 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 19, 2021 +.Dd September 10, 2021 .Dt PF.CONF 5 .Os .Sh NAME @@ -772,7 +772,7 @@ much in the same way as works in the packet filter (see below). This mechanism should be used when it is necessary to exclude specific packets from broader scrub rules. -.Sh QUEUEING +.Sh QUEUEING with ALTQ The ALTQ system is currently not available in the GENERIC kernel nor as loadable modules. In order to use the herein after called queueing options one has to use a @@ -1104,6 +1104,33 @@ pass out on dc0 inet proto tcp from any to any port 22 \e pass out on dc0 inet proto tcp from any to any port 25 \e queue mail .Ed +.Sh QUEUEING with dummynet +Queueing can also be done with +.Xr dummynet 4 . +Queues and pipes can be created with +.Xr dnctl 8 . +.Pp +Packets can be assigned to queues and pipes using +.Ar dnqueue +and +.Ar dnpipe +respectively. +.Pp +Both +.Ar dnqueue +and +.Ar dnpipe +take either a single pipe or queue number or two numbers as arguments. +The first pipe or queue number will be used to shape the traffic in the rule +direction, the second will be used to shape the traffic in the reverse +direction. +If the rule does not specify a direction the first packet to create state will +be shaped according to the first number, and the response traffic according to +the second. +.Pp +If the +.Xr dummynet 4 +module is not loaded any traffic sent into a queue or pipe will be dropped. .Sh TRANSLATION Translation rules modify either the source or destination address of the packets associated with a stateful connection. @@ -1324,7 +1351,9 @@ rules in that parameters are set every time a packet matches the rule, not only on the last matching rule. For the following parameters, this means that the parameter effectively becomes "sticky" until explicitly overridden: -.Ar queue +.Ar queue , +.Ar dnpipe , +.Ar dnqueue . .It Ar pass The packet is passed; @@ -2941,7 +2970,9 @@ filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | "label" string | "tag" string | [ ! ] "tagged" string | "set prio" ( number | "(" number [ [ "," ] number ] ")" ) | "queue" ( string | "(" string [ [ "," ] string ] ")" ) | - "rtable" number | "probability" number"%" | "prio" number + "rtable" number | "probability" number"%" | "prio" number | + "dnpipe" ( number | "(" number "," number ")" ) | + "dnqueue" ( number | "(" number "," number ")" ) nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] [ "on" ifspec ] [ af ]