git: 1d0d0a8b4af5 - stable/15 - ipfw.8: fix documentation bug for setmark
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 02 Jan 2026 19:18:49 UTC
The branch stable/15 has been updated by eugen:
URL: https://cgit.FreeBSD.org/src/commit/?id=1d0d0a8b4af525c3940647b10df45ec8efa6afb6
commit 1d0d0a8b4af525c3940647b10df45ec8efa6afb6
Author: Eugene Grosbein <eugen@FreeBSD.org>
AuthorDate: 2025-12-28 17:05:22 +0000
Commit: Eugene Grosbein <eugen@FreeBSD.org>
CommitDate: 2026-01-02 19:18:04 +0000
ipfw.8: fix documentation bug for setmark
A mark set with "setmark" keyword is intended to be "sticky"
and documented as such but in fact it is not yet,
as current implementation lacks "sticky" feature
and its implementation will be not MFC'd, most probably.
Correct the manual page until the implementation improved.
Discussed with: Boris Lytochkin <lytboris@gmail.com> (author)
(cherry picked from commit a7b8a5d37bcb0009297962137bfb6c6570e5af12)
(cherry picked from commit 9fdf49e8a501047b61a615ab1b4b133159ad76e1)
---
sbin/ipfw/ipfw.8 | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 249bd195b4de..c1df8399c333 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -841,8 +841,12 @@ When a packet matches a rule with the
.Cm setmark
keyword, a 32-bit numeric mark is assigned to the packet.
The mark is an extension to the tags.
-As tags, mark is "sticky" so the value is kept the same within the kernel and
-is lost when the packet leaves the kernel.
+The mark is preserved for a packet within a single ipfw ruleset traversal
+and is lost when the packet is checked against the active ruleset
+next time (see
+.Sx PACKET FLOW
+section) or leaves ipfw context (e.g. accepted,
+diverted, bridged or routed).
Unlike tags, mark can be matched as a lookup table key or compared with bitwise
mask applied against another value.
Each packet can have only one mark, so