diff options
author | bjk <bjk@FreeBSD.org> | 2012-09-18 16:00:44 +0000 |
---|---|---|
committer | bjk <bjk@FreeBSD.org> | 2012-09-18 16:00:44 +0000 |
commit | 8ae051cca31518c696bd2a3e2b4ec0aa28d0e8f6 (patch) | |
tree | bc9b1698b1fc40f7c41edde7851ecea9a6fda75a /sbin/ipfw | |
parent | 4675313369d449d3cdb513292679b7cf56812cc2 (diff) | |
download | FreeBSD-src-8ae051cca31518c696bd2a3e2b4ec0aa28d0e8f6.zip FreeBSD-src-8ae051cca31518c696bd2a3e2b4ec0aa28d0e8f6.tar.gz |
Fix grammar in the portion about FIBs. Also, cross-reference
setfib(2) instead of setfib(1) for the 16-FIB limit.
PR: docs/157452
Approved by: hrs (mentor)
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index a6f5a73..af4a2c5 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -957,25 +957,27 @@ actions. The packet is tagged so as to use the FIB (routing table) .Ar fibnum in any subsequent forwarding decisions. -Initially this is limited to the values 0 through 15, see -.Xr setfib 1 . +In the current implementation, this is limited to the values 0 through 15, see +.Xr setfib 2 . Processing continues at the next rule. It is possible to use the .Cm tablearg -keyword with a setfib. -If tablearg value is not within compiled FIB range packet fib is set to 0. +keyword with setfib. +If the tablearg value is not within the compiled range of fibs, +the packet's fib is set to 0. .It Cm reass -Queue and reassemble ip fragments. +Queue and reassemble IP fragments. If the packet is not fragmented, counters are updated and processing continues with the next rule. If the packet is the last logical fragment, the packet is reassembled and, if .Va net.inet.ip.fw.one_pass -is set to 0, processing continues with the next rule, else packet is -allowed to pass and search terminates. -If the packet is a fragment in the middle, it is consumed and +is set to 0, processing continues with the next rule. +Otherwise, the packet is allowed to pass and the search terminates. +If the packet is a fragment in the middle of a logical group of fragments, +it is consumed and processing stops immediately. .Pp -Fragments handling can be tuned via +Fragment handling can be tuned via .Va net.inet.ip.maxfragpackets and .Va net.inet.ip.maxfragsperpacket |