Date: Fri, 17 Nov 2023 09:00:39 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 51a024c42c46 - stable/14 - pfsync: Document the transport over IPv6 feature Message-ID: <202311170900.3AH90dbT065926@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=51a024c42c4698da1616f1126fb0af4660a3155d commit 51a024c42c4698da1616f1126fb0af4660a3155d Author: Luiz Amaral <email@luiz.eng.br> AuthorDate: 2023-11-10 15:40:02 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2023-11-17 09:00:22 +0000 pfsync: Document the transport over IPv6 feature On D40102 we implemented support for transport over IPv6 but the documentation was not updated to reflect the new feature. Clarify what is available and how it can be used. MFC after: 1 week Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D42505 (cherry picked from commit 81d4c786209bfa3752c25b2564eb363027f5d914) --- sbin/ifconfig/ifconfig.8 | 24 ++++++++++++++++++------ share/man/man4/pfsync.4 | 21 ++++++++++++++++++++- 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index bd6cbd05210e..3b1774606b21 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -27,7 +27,7 @@ .\" .\" From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 .\" -.Dd October 17, 2023 +.Dd November 08, 2023 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2870,12 +2870,24 @@ to send and receive pfsync state synchronisation messages. .It Fl syncdev Stop sending pfsync state synchronisation messages over the network. .It Cm syncpeer Ar peer_address -Make the pfsync link point-to-point rather than using -multicast to broadcast the state synchronisation messages. -The peer_address is the IP address of the other host taking part in -the pfsync cluster. +Set the destination address for the state synchronization messages sent. +The +.Ar peer_address +is normally the IPv4 or IPv6 address of the other host taking +part in the pfsync cluster. +.Pp +When the +.Ar peer_address +is set to a unicast IP address, the pfsync link will behave +as point-to-point rather than using multicast to broadcast the messages. +.Pp +When the +.Ar peer_address +is set to ff12::f0, the state synchronization +messages will be broadcast using multicast over IPv6. .It Fl syncpeer -Broadcast the packets using multicast. +Unset the syncpeer. +Packets will then be broadcast using multicast over IPv4. .It Cm maxupd Ar n Set the maximum number of updates for a single state which can be collapsed into one. diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4 index 4decb50feb7b..b3603c48316e 100644 --- a/share/man/man4/pfsync.4 +++ b/share/man/man4/pfsync.4 @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 17, 2023 +.Dd November 08, 2023 .Dt PFSYNC 4 .Os .Sh NAME @@ -113,6 +113,25 @@ dedicated to pfsync messages such as a crossover cable between two firewalls, or specify a peer address and protect the traffic with .Xr ipsec 4 . .Pp +Support for +.Nm +transport over IPv6 was introduced in +.Fx 14.0 . +To set up +.Nm +using multicast with IPv6 link-local addresses, the +.Ic syncpeer +must be set to the +.Nm +multicast address and the +.Ic syncdev +to the interface where +.Nm +traffic is expected. +.Bd -literal -offset indent +# ifconfig pfsync0 syncpeer ff12::f0 syncdev vtnet0 +.Ed +.Pp When new features are introduced to .Xr pf 4 the format of messages used by
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202311170900.3AH90dbT065926>