git: dca2ab32e831 - main - pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Alexander Ziaee <ziaee_at_FreeBSD.org>
Date: Wed, 25 Jun 2025 23:22:07 UTC
The branch main has been updated by ziaee:

URL: https://cgit.FreeBSD.org/src/commit/?id=dca2ab32e831dd5cedab182da8c5c51aaa828967

commit dca2ab32e831dd5cedab182da8c5c51aaa828967
Author:     Alexander Ziaee <ziaee@FreeBSD.org>
AuthorDate: 2025-06-25 23:19:14 +0000
Commit:     Alexander Ziaee <ziaee@FreeBSD.org>
CommitDate: 2025-06-25 23:19:55 +0000

    pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS
    
    MFC after:              3 days
    Reviewed by:            kp
    Differential Revision:  https://reviews.freebsd.org/D50856
---
 share/man/man4/pf.4     | 37 ++++++++++++++++++++++++++++++++++---
 share/man/man4/pfsync.4 | 30 ++++++++++++++++++++++++------
 2 files changed, 58 insertions(+), 9 deletions(-)

diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4
index d17a80bc9512..eca7914472d6 100644
--- a/share/man/man4/pf.4
+++ b/share/man/man4/pf.4
@@ -35,6 +35,19 @@
 .Sh SYNOPSIS
 .Cd "device pf"
 .Cd "options PF_DEFAULT_TO_DROP"
+.Pp
+In
+.Xr loader.conf 5 :
+.Cd net.pf.states_hashsize
+.Cd net.pf.source_nodes_hashsize
+.Cd net.pf.rule_tag_hashsize
+.Cd net.pf.udpendpoint_hashsize
+.Cd net.pf.default_to_drop
+.Pp
+In
+.Xr sysctl.conf 5 :
+.Cd net.pf.request_maxcount
+.Cd net.pf.filter_local
 .Sh DESCRIPTION
 Packet filtering takes place in the kernel.
 A pseudo-device,
@@ -74,10 +87,28 @@ separated by
 characters, similar to how file system hierarchies are laid out.
 The final component of the anchor path is the anchor under which
 operations will be performed.
-.Sh SYSCTL VARIABLES AND LOADER TUNABLES
-The following
+.Sh SYSCTL VARIABLES
+The following variables can be entered at the
+.Xr loader 8
+prompt, set in
+.Xr loader.conf 5 ,
+.Xr sysctl.conf 5 ,
+or changed at runtime with
+.Xr sysctl 8 :
+.Bl -tag -width indent
+.It Va net.pf.filter_local
+This tells
+.Nm
+to also filter on the loopback output hook.
+This is typically used to allow redirect rules to adjust the source address.
+.It Va net.pf.request_maxcount
+The maximum number of items in a single ioctl call.
+.El
+.Sh LOADER TUNABLES
+The following tunables can be entered at the
 .Xr loader 8
-tunables are available.
+prompt, or set in
+.Xr loader.conf 5 :
 .Bl -tag -width indent
 .It Va net.pf.states_hashsize
 Size of hash table that stores states.
diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4
index 472a1c05ec5a..cc9c350ea875 100644
--- a/share/man/man4/pfsync.4
+++ b/share/man/man4/pfsync.4
@@ -32,6 +32,14 @@
 .Nd packet filter state table synchronisation interface
 .Sh SYNOPSIS
 .Cd "device pfsync"
+.Pp
+In
+.Xr loader.conf 5 :
+.Cd net.pfsync.pfsync_buckets
+.Pp
+In
+.Xr sysctl.conf 5 :
+.Cd net.pfsync.carp_demotion_factor
 .Sh DESCRIPTION
 The
 .Nm
@@ -155,12 +163,14 @@ Compatibility with FreeBSD 13.1 has been verified.
 .It Cm 1400
 FreeBSD release 14.0.
 .El
-.Pp
-.Nm
-has the following
-.Xr sysctl 8
-tunables:
-.Bl -tag -width ".Va net.pfsync"
+.Sh SYSCTL VARIABLES
+The following variables can be entered at the
+.Xr loader 8
+prompt, set in
+.Xr loader.conf 5 ,
+or changed at runtime with
+.Xr sysctl 8 :
+.Bl -tag -width indent
 .It Va net.pfsync.carp_demotion_factor
 Value added to
 .Va net.inet.carp.demotion
@@ -171,6 +181,14 @@ See
 .Xr carp 4
 for more information.
 Default value is 240.
+.El
+.Sh LOADER TUNABLES
+The following tunable may be set in
+.Xr loader.conf 5
+or at the
+.Xr loader 8
+prompt:
+.Bl -tag -width indent
 .It Va net.pfsync.pfsync_buckets
 The number of
 .Nm