summaryrefslogtreecommitdiffstats
path: root/contrib/pf/man/pf.4
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/pf/man/pf.4')
-rw-r--r--contrib/pf/man/pf.434
1 files changed, 24 insertions, 10 deletions
diff --git a/contrib/pf/man/pf.4 b/contrib/pf/man/pf.4
index 16e74ab..936a5a8 100644
--- a/contrib/pf/man/pf.4
+++ b/contrib/pf/man/pf.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.4,v 1.58 2007/02/09 11:39:06 henning Exp $
+.\" $OpenBSD: pf.4,v 1.62 2008/09/10 14:57:37 jmc Exp $
.\"
.\" Copyright (C) 2001, Kjell Wooding. All rights reserved.
.\"
@@ -28,7 +28,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd February 7, 2005
+.Dd July 17 2011
.Dt PF 4
.Os
.Sh NAME
@@ -294,25 +294,31 @@ if another process is concurrently updating a ruleset.
Add a state entry.
.Bd -literal
struct pfioc_state {
- u_int32_t nr;
- struct pf_state state;
+ struct pfsync_state state;
};
.Ed
.It Dv DIOCGETSTATE Fa "struct pfioc_state *ps"
-Extract the entry with the specified number
-.Va nr
-from the state table.
+Extract the entry identified by the
+.Va id
+and
+.Va creatorid
+fields of the
+.Va state
+structure from the state table.
.It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk"
Remove matching entries from the state table.
This ioctl returns the number of killed states in
-.Va psk_af .
+.Va psk_killed .
.Bd -literal
struct pfioc_state_kill {
+ struct pf_state_cmp psk_pfcmp;
sa_family_t psk_af;
int psk_proto;
struct pf_rule_addr psk_src;
struct pf_rule_addr psk_dst;
char psk_ifname[IFNAMSIZ];
+ char psk_label[PF_RULE_LABEL_SIZE];
+ u_int psk_killed;
};
.Ed
.It Dv DIOCCLRSTATES Fa "struct pfioc_state_kill *psk"
@@ -1049,12 +1055,14 @@ internal interface description.
The filtering process is the same as for
.Dv DIOCIGETIFACES .
.Bd -literal
-#define PFI_IFLAG_SKIP 0x0100 /* skip filtering on interface */
+#define PFI_IFLAG_SKIP 0x0100 /* skip filtering on interface */
.Ed
.It Dv DIOCCLRIFFLAG Fa "struct pfioc_iface *io"
Works as
.Dv DIOCSETIFFLAG
above but clears the flags.
+.It Dv DIOCKILLSRCNODES Fa "struct pfioc_iface *io"
+Explicitly remove source tracking nodes.
.El
.Sh FILES
.Bl -tag -width /dev/pf -compact
@@ -1133,6 +1141,7 @@ main(int argc, char *argv[])
.Xr altq 4 ,
.Xr if_bridge 4 ,
.Xr pflog 4 ,
+.Xr pflow 4 ,
.Xr pfsync 4 ,
.Xr pfctl 8 ,
.Xr altq 9
@@ -1140,4 +1149,9 @@ main(int argc, char *argv[])
The
.Nm
packet filtering mechanism first appeared in
-.Ox 3.0 .
+.Ox 3.0
+and then
+.Fx 5.2 .
+.Pp
+This implementation matches
+.Ox 4.5 .
OpenPOWER on IntegriCloud