From nobody Fri Jul 4 18:23:15 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bYhpC4swcz61jMS; Fri, 04 Jul 2025 18:23:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bYhpC1shxz3nS9; Fri, 04 Jul 2025 18:23:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751653395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OjlCKh6tHJNTwJseCnyOhwAGH3ZSt8p57NkHHMrczeI=; b=X715utP/28bsDdIo005cQ1mwgHFuj+nK29xhZjCKROD6w94BRR9Sln9yr6SYcyq6mKZkl6 7h3ovgXWKHCxYpHZQHq/SGDthnmOzKQshycVHsXiNghJWUTmzRRFkzidN7MPrZ1OtWjlFc cnp8moLl/QtctEpoisIs1rIHsmxu9b2J2/Iis4GlmjPDpyVllkxS4ApXVUSVrbs3pyE4OQ eWGDrEulCt5cB3TwX6Pu1b6AEPcCB4IH2VtsNInnI2dYhEN43FPlj1eq5C0XISOB/Hd4by rp7H3yGqn5B5sFrGtKg2jI6KFBtrx84G2d20QrsCCcHGnkfVrKj1RpNcdR7rYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751653395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OjlCKh6tHJNTwJseCnyOhwAGH3ZSt8p57NkHHMrczeI=; b=Nw2t5U8Lugr3OP+JzqEwLw84M0b3DtpRVlXx0pmQnsizl6XoaXRIGnHSdXw5TkZNbzMAD8 S7tUmk+XvVovIS5R4l0jPvDZ6IKic0Ae0H5jp6b3DSVkk06mrmyilKcKPHbROGynMNiUEY RuG0OriAsj6ZjylnTxHeG00njx6WcPIo+wbXGk0MGmWg0EhqDoeig2L01d8naCnK7vR1r9 hh9pKFqzjo54Op/h5ONW4DCcDw6G5B7g//hNZzySl7lykRQc7cDy1v3bdvrARZsfpSb3Am yXzTD/4AzmSZJd4XadgpJZaIUFusxPUnIL9wWgK4TBsK+b8KrNA4Me9xwNt4mw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751653395; a=rsa-sha256; cv=none; b=Oycfx3+XNEr6A+UsFPamBO1SBI+yG4f5EQhU2z5WvU0DGiEYIbapmD0Kcdrggwrnxzbcq/ RFK8Jfb43fySIVUtDUY9axP1bbdw0NO1ni9iYp+X9PNtjyWA7X8bhwqu5y+/GB5gMRJjra P/oqZ49AXzglChrgxAc8pzML4SBUVO5C40iKznhtbhbgL0jShNScPHykAV4fSxgDFdw7DC Gq3LeBqpRa0xkvcrldwKsj6+X2sAV89O/JDJod377FYZxZP0dZ4zZZXZ15GY0ZjmFzLM6l bSQDu5i3H8MdZDAXndpuMcwR7nYWsanyxAXQXYq2yr4ELA+oKvXCWj6nozZfow== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bYhpC1Tffz120W; Fri, 04 Jul 2025 18:23:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 564INFAO069951; Fri, 4 Jul 2025 18:23:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 564INFAA069948; Fri, 4 Jul 2025 18:23:15 GMT (envelope-from git) Date: Fri, 4 Jul 2025 18:23:15 GMT Message-Id: <202507041823.564INFAA069948@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alexander Ziaee Subject: git: 293e4c54b536 - stable/14 - pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ziaee X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 293e4c54b5363394b5c70db4e5e32aca8e9b5094 Auto-Submitted: auto-generated The branch stable/14 has been updated by ziaee: URL: https://cgit.FreeBSD.org/src/commit/?id=293e4c54b5363394b5c70db4e5e32aca8e9b5094 commit 293e4c54b5363394b5c70db4e5e32aca8e9b5094 Author: Alexander Ziaee AuthorDate: 2025-06-25 23:19:14 +0000 Commit: Alexander Ziaee CommitDate: 2025-07-04 18:20:56 +0000 pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS MFC after: 3 days Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D50856 (cherry picked from commit dca2ab32e831dd5cedab182da8c5c51aaa828967) --- share/man/man4/pf.4 | 37 ++++++++++++++++++++++++++++++++++--- share/man/man4/pfsync.4 | 30 ++++++++++++++++++++++++------ 2 files changed, 58 insertions(+), 9 deletions(-) diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index cd87b98ea45d..e0526552507c 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -35,6 +35,19 @@ .Sh SYNOPSIS .Cd "device pf" .Cd "options PF_DEFAULT_TO_DROP" +.Pp +In +.Xr loader.conf 5 : +.Cd net.pf.states_hashsize +.Cd net.pf.source_nodes_hashsize +.Cd net.pf.rule_tag_hashsize +.Cd net.pf.udpendpoint_hashsize +.Cd net.pf.default_to_drop +.Pp +In +.Xr sysctl.conf 5 : +.Cd net.pf.request_maxcount +.Cd net.pf.filter_local .Sh DESCRIPTION Packet filtering takes place in the kernel. A pseudo-device, @@ -74,10 +87,28 @@ separated by characters, similar to how file system hierarchies are laid out. The final component of the anchor path is the anchor under which operations will be performed. -.Sh SYSCTL VARIABLES AND LOADER TUNABLES -The following +.Sh SYSCTL VARIABLES +The following variables can be entered at the +.Xr loader 8 +prompt, set in +.Xr loader.conf 5 , +.Xr sysctl.conf 5 , +or changed at runtime with +.Xr sysctl 8 : +.Bl -tag -width indent +.It Va net.pf.filter_local +This tells +.Nm +to also filter on the loopback output hook. +This is typically used to allow redirect rules to adjust the source address. +.It Va net.pf.request_maxcount +The maximum number of items in a single ioctl call. +.El +.Sh LOADER TUNABLES +The following tunables can be entered at the .Xr loader 8 -tunables are available. +prompt, or set in +.Xr loader.conf 5 : .Bl -tag -width indent .It Va net.pf.states_hashsize Size of hash tables that store states. diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4 index b4b96ee133bf..46d239d421c0 100644 --- a/share/man/man4/pfsync.4 +++ b/share/man/man4/pfsync.4 @@ -32,6 +32,14 @@ .Nd packet filter state table sychronisation interface .Sh SYNOPSIS .Cd "device pfsync" +.Pp +In +.Xr loader.conf 5 : +.Cd net.pfsync.pfsync_buckets +.Pp +In +.Xr sysctl.conf 5 : +.Cd net.pfsync.carp_demotion_factor .Sh DESCRIPTION The .Nm @@ -155,12 +163,14 @@ Compatibility with FreeBSD 13.1 has been verified. .It Cm 1400 FreeBSD release 14.0. .El -.Pp -.Nm -has the following -.Xr sysctl 8 -tunables: -.Bl -tag -width ".Va net.pfsync" +.Sh SYSCTL VARIABLES +The following variables can be entered at the +.Xr loader 8 +prompt, set in +.Xr loader.conf 5 , +or changed at runtime with +.Xr sysctl 8 : +.Bl -tag -width indent .It Va net.pfsync.carp_demotion_factor Value added to .Va net.inet.carp.demotion @@ -171,6 +181,14 @@ See .Xr carp 4 for more information. Default value is 240. +.El +.Sh LOADER TUNABLES +The following tunable may be set in +.Xr loader.conf 5 +or at the +.Xr loader 8 +prompt: +.Bl -tag -width indent .It Va net.pfsync.pfsync_buckets The number of .Nm