From nobody Mon Sep 15 11:54:23 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cQNjq5s3yz67Fdk; Mon, 15 Sep 2025 11:54:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cQNjq1YZLz448q; Mon, 15 Sep 2025 11:54:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757937263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fMsmWGQrVO+bpHeSAH1urIRGM6q8ePQGN2yZO4InGEw=; b=c5HQBW2mTzTfvBLkuolIR0iOlcGw5qiReIaSwe77KBMN7A1ZCtW+7+dElLhQdJKv+xCNTG H1LbAiZnQ9PcbxyiIh+jzJAZXGl5i2o/5kw1WqEIT5AXZMmMbhIddqJYMj9vmiN1PvhXkE nykeFrHBoou85WBhrDv63huOsryGp2YX5dDyVFit7ze40Snm7mXRo/dqWZ7F5EchXcIqu2 UE9QmrdsBcf0B1/K3LQINewhfOVHocPdqACOje/QNxmyFSF+jM5jt2e7Qlqq0XREeoHBs2 fdEWviYiOvMAUlyEgzhj4jv/9Bj/fo+T/oX0g283MjkCstiG4CXAiGMzmF8SSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757937263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fMsmWGQrVO+bpHeSAH1urIRGM6q8ePQGN2yZO4InGEw=; b=xHJGkmj/hEHMx3XYRU13SFuginejylTX79/XUqBXDmzbyQ3YIlrQzsAVPF+chuEowBbI9b Y71HYMIE0Du9HLyLrmXsDJnpIOmNh2YNx6ePKsDsDxsvuHEzu+smciIwHqoos4HVJHtZBv 1tT3V00PAq90Robcy2XrGx+iy9whuIEho9GYQZgGK4XqAaeAbUKGP18ImEr5K08ZyA+fti tUsX4bUTTapHc/CjKi7MX28986+vYVRN7s+eanelbi48FjoaQhQzur+MQ/oB6r1ROF6ThK tOyYeGJ36poDfQDjYtPC9aGftPi4eJfHwazRvurRLZ5X+n8pv9SLmhUwSQGL/g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757937263; a=rsa-sha256; cv=none; b=SfmUGce7JG5iuNNGC6vrhgGi20+KLb5Zyq+1lJB4XltxPMT6t7lv9QH6tGSEwkMze+7yFy JZcJ7Xp0XqpyeZ4dee18+UWNNrj+VweECeOxw2sYCMgTB8Fi/24LuX90rtFUM/sM3JqKZc 1DqXeUT2r1FmVQh90Blem0vFjaIZwe8lBbLKvaAahfzMsVC15ZMgwVxtc0HuNmqxOK7OfT AEyfwG6f+736ayHB8ujeXQUx/xCkkPLQw3kGpoxahjigAGYBbSTN8pbda6bOZ2QTQrt6/C hnpWQIaHZLTnegzQMX2FAMZwF9kfhZbSwVwZh2UoNGlxKqBtoPQZLMaIZjvQ3g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cQNjq18lGztcW; Mon, 15 Sep 2025 11:54:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58FBsN56025378; Mon, 15 Sep 2025 11:54:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58FBsN6I025375; Mon, 15 Sep 2025 11:54:23 GMT (envelope-from git) Date: Mon, 15 Sep 2025 11:54:23 GMT Message-Id: <202509151154.58FBsN6I025375@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 0a67f601fe4f - main - pf.conf.5: hint how to set tcp timeout collectively List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0a67f601fe4f2e8af72cb0f99785cba4c91f7d7c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0a67f601fe4f2e8af72cb0f99785cba4c91f7d7c commit 0a67f601fe4f2e8af72cb0f99785cba4c91f7d7c Author: Kristof Provost AuthorDate: 2025-08-20 14:34:33 +0000 Commit: Kristof Provost CommitDate: 2025-09-15 09:32:34 +0000 pf.conf.5: hint how to set tcp timeout collectively Hint that the tcp timeout values can be adjusted collectively via "set optimization". from jesper wallin ok bluhm Obtained from: OpenBSD, jmc , df80715c2d Sponsored by: Rubicon Communications, LLC ("Netgate") --- share/man/man5/pf.conf.5 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 271a83a89ee5..edaa160dddf2 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -267,6 +267,10 @@ which corresponds to the connection state. Each packet which matches this state will reset the TTL. Tuning these values may improve the performance of the firewall at the risk of dropping valid idle connections. +Alternatively, these values may be adjusted collectively +in a manner suitable for a specific environment using +.Cm set optimization +(see above). .Pp .Bl -tag -width xxxx -compact .It Ar tcp.first