From nobody Wed Jun 25 23:22:07 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bSHsD0RKjz5yh7S; Wed, 25 Jun 2025 23:22:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bSHsC5wYSz3dZT; Wed, 25 Jun 2025 23:22:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750893727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=seemH4BY77ia3JVrYugUDqcgfHjHa6H6Nn8+686kPSc=; b=Emf0l2vi8uMAbD5oKtgpshxvkUoakI7Yli3H8UaeRwaIElUShVdC45b3+b72ekVNuoV4oj ICSsyVH1tD2aoPxOx3VNBHdFQe9O1FKIBovz8FLmQ9yJnFSTtWX1WhPw8twM0CRJssfSgb ND2OuOJvsmfVdVOVk+u6vnpFG/yfw9eLEsXvM5EaToAS8WdysGN/Hy1SttXHQ96LZNJCaK PRDs2o2wkIrgg2CP/OxPjDAb7DWv4rB5KPRJzEyCfsAw4TNwRU5DSKZox4LQZJF978wqvc Q0IlBLTJ6idM7WBxXm1Q/fm+TbKsJ4iqRdhYsfaAqcpVBIybtXmkjeWR3jI+cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750893727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=seemH4BY77ia3JVrYugUDqcgfHjHa6H6Nn8+686kPSc=; b=L8MTklUOvLK5E/aAnpC6WQwr1+ke1WXtCMpueE950wiD2FJL5Ga7/QI6LUYkb0k+jLS6fg cX9Q00rjje8vl4kaaXtUeE0E3TsacGLqhTXiWYhW7G6jNzcRlsbtYZAiMwecsPA+hyfSQo Kr1x0tjfuH32S23o0rQnVelTTsM/ti8rZEXQ5kI3a5MXGo59sWmXko1l6hDk/T3w/c17+J PrkymbWJ5Fdnd+B/5fTjtIIh4RO/k7ch/rz2m3ZC8DjYgJNvEgdtTDu1KRSNn9WWfsrGIt 7Mf5nTByP/2mCo8wh2hiZ94T7VnF9d5QZkx4H+RolGpAPiVdCM4XKoE0eTp/1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750893727; a=rsa-sha256; cv=none; b=JirI0ZfxIQX2YruFY+0HMSDJ4RvN8ZNCsnZmd2ODq7d452J/cR2Q/zP0RLsx6U7GUaZts5 1bjiNK7iVes/jJg5OhEEM4qAJbADq1YP63tulD9NuH+mEOcVQztDpRVoRPaVsez0oWtL2C Hgg7kbuj8Cu9RaGB7iOqc12sSf9JO2j7zsYPwKxf3I0ML51IGzQz6uAGdlcOVsk0Mm+jBs m822bpwFTNUVrx1IpUyLtmOhpM61i461EmfuHsZiXnWmOl3U3KM6ZtjVQ0hP4ls7+VwfDH VpNA/WIu1yYBHnpIUVXFd25toXUhXyvZqd3vAfTTiQGztx9Ei45DcLFkFWxiZA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bSHsC5XG9zfWs; Wed, 25 Jun 2025 23:22:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55PNM7kY054367; Wed, 25 Jun 2025 23:22:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55PNM7dS054364; Wed, 25 Jun 2025 23:22:07 GMT (envelope-from git) Date: Wed, 25 Jun 2025 23:22:07 GMT Message-Id: <202506252322.55PNM7dS054364@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Alexander Ziaee Subject: git: dca2ab32e831 - main - pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ziaee X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: dca2ab32e831dd5cedab182da8c5c51aaa828967 Auto-Submitted: auto-generated The branch main has been updated by ziaee: URL: https://cgit.FreeBSD.org/src/commit/?id=dca2ab32e831dd5cedab182da8c5c51aaa828967 commit dca2ab32e831dd5cedab182da8c5c51aaa828967 Author: Alexander Ziaee AuthorDate: 2025-06-25 23:19:14 +0000 Commit: Alexander Ziaee CommitDate: 2025-06-25 23:19:55 +0000 pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS MFC after: 3 days Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D50856 --- share/man/man4/pf.4 | 37 ++++++++++++++++++++++++++++++++++--- share/man/man4/pfsync.4 | 30 ++++++++++++++++++++++++------ 2 files changed, 58 insertions(+), 9 deletions(-) diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index d17a80bc9512..eca7914472d6 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -35,6 +35,19 @@ .Sh SYNOPSIS .Cd "device pf" .Cd "options PF_DEFAULT_TO_DROP" +.Pp +In +.Xr loader.conf 5 : +.Cd net.pf.states_hashsize +.Cd net.pf.source_nodes_hashsize +.Cd net.pf.rule_tag_hashsize +.Cd net.pf.udpendpoint_hashsize +.Cd net.pf.default_to_drop +.Pp +In +.Xr sysctl.conf 5 : +.Cd net.pf.request_maxcount +.Cd net.pf.filter_local .Sh DESCRIPTION Packet filtering takes place in the kernel. A pseudo-device, @@ -74,10 +87,28 @@ separated by characters, similar to how file system hierarchies are laid out. The final component of the anchor path is the anchor under which operations will be performed. -.Sh SYSCTL VARIABLES AND LOADER TUNABLES -The following +.Sh SYSCTL VARIABLES +The following variables can be entered at the +.Xr loader 8 +prompt, set in +.Xr loader.conf 5 , +.Xr sysctl.conf 5 , +or changed at runtime with +.Xr sysctl 8 : +.Bl -tag -width indent +.It Va net.pf.filter_local +This tells +.Nm +to also filter on the loopback output hook. +This is typically used to allow redirect rules to adjust the source address. +.It Va net.pf.request_maxcount +The maximum number of items in a single ioctl call. +.El +.Sh LOADER TUNABLES +The following tunables can be entered at the .Xr loader 8 -tunables are available. +prompt, or set in +.Xr loader.conf 5 : .Bl -tag -width indent .It Va net.pf.states_hashsize Size of hash table that stores states. diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4 index 472a1c05ec5a..cc9c350ea875 100644 --- a/share/man/man4/pfsync.4 +++ b/share/man/man4/pfsync.4 @@ -32,6 +32,14 @@ .Nd packet filter state table synchronisation interface .Sh SYNOPSIS .Cd "device pfsync" +.Pp +In +.Xr loader.conf 5 : +.Cd net.pfsync.pfsync_buckets +.Pp +In +.Xr sysctl.conf 5 : +.Cd net.pfsync.carp_demotion_factor .Sh DESCRIPTION The .Nm @@ -155,12 +163,14 @@ Compatibility with FreeBSD 13.1 has been verified. .It Cm 1400 FreeBSD release 14.0. .El -.Pp -.Nm -has the following -.Xr sysctl 8 -tunables: -.Bl -tag -width ".Va net.pfsync" +.Sh SYSCTL VARIABLES +The following variables can be entered at the +.Xr loader 8 +prompt, set in +.Xr loader.conf 5 , +or changed at runtime with +.Xr sysctl 8 : +.Bl -tag -width indent .It Va net.pfsync.carp_demotion_factor Value added to .Va net.inet.carp.demotion @@ -171,6 +181,14 @@ See .Xr carp 4 for more information. Default value is 240. +.El +.Sh LOADER TUNABLES +The following tunable may be set in +.Xr loader.conf 5 +or at the +.Xr loader 8 +prompt: +.Bl -tag -width indent .It Va net.pfsync.pfsync_buckets The number of .Nm