diff options
-rw-r--r-- | share/man/man4/pf.4 | 66 |
1 files changed, 38 insertions, 28 deletions
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index f229b624595..392f48eab58 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.4,v 1.70 2010/03/25 21:27:13 schwarze Exp $ +.\" $OpenBSD: pf.4,v 1.71 2010/05/31 18:33:54 jmc Exp $ .\" .\" Copyright (C) 2001, Kjell Wooding. All rights reserved. .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: March 25 2010 $ +.Dd $Mdocdate: May 31 2010 $ .Dt PF 4 .Os .Sh NAME @@ -98,7 +98,6 @@ Stop the ALTQ bandwidth control system. struct pfioc_rule { u_int32_t action; u_int32_t ticket; - u_int32_t pool_ticket; u_int32_t nr; char anchor[MAXPATHLEN]; char anchor_call[MAXPATHLEN]; @@ -278,7 +277,7 @@ Get the internal packet filter statistics. .Bd -literal struct pf_status { u_int64_t counters[PFRES_MAX]; - u_int64_t lcounters[LCNT_MAX]; + u_int64_t lcounters[LCNT_MAX]; /* limit counters */ u_int64_t fcounters[FCNT_MAX]; u_int64_t scounters[SCNT_MAX]; u_int64_t pcounters[2][2][3]; @@ -290,6 +289,7 @@ struct pf_status { u_int32_t since; u_int32_t debug; u_int32_t hostid; + u_int32_t reass; /* reassembly */ char ifname[IFNAMSIZ]; u_int8_t pf_chksum[MD5_DIGEST_LENGTH]; }; @@ -326,8 +326,8 @@ Get state table entries. struct pfioc_states { int ps_len; union { - caddr_t psu_buf; - struct pf_state *psu_states; + caddr_t psu_buf; + struct pfsync_state *psu_states; } ps_u; #define ps_buf ps_u.psu_buf #define ps_states ps_u.psu_states @@ -343,7 +343,7 @@ On exit, .Va ps_len is always set to the total size required to hold all state table entries (i.e., it is set to -.Li sizeof(struct pf_state) * nr ) . +.Li sizeof(struct pfsync_state) * nr ) . .It Dv DIOCCHANGERULE Fa "struct pfioc_rule *pcr" Add or remove the .Va rule @@ -564,10 +564,13 @@ struct pfr_addr { struct in_addr _pfra_ip4addr; struct in6_addr _pfra_ip6addr; } pfra_u; + char pfra_ifname[IFNAMSIZ]; u_int8_t pfra_af; u_int8_t pfra_net; u_int8_t pfra_not; u_int8_t pfra_fback; + u_int8_t pfra_type; + u_int8_t pad[7]; }; #define pfra_ip4addr pfra_u._pfra_ip4addr #define pfra_ip6addr pfra_u._pfra_ip6addr @@ -741,7 +744,7 @@ struct pfioc_trans { int size; /* number of elements */ int esize; /* size of each element in bytes */ struct pfioc_trans_e { - int rs_num; + int type; char anchor[MAXPATHLEN]; u_int32_t ticket; } *array; @@ -759,7 +762,7 @@ and calls. .Pp Ruleset types, identified by -.Va rs_num , +.Va type , include the following: .Pp .Bl -tag -width PF_RULESET_FILTER -offset ind -compact @@ -793,22 +796,30 @@ Flush the passive OS fingerprint table. .It Dv DIOCOSFPADD Fa "struct pf_osfp_ioctl *io" .Bd -literal struct pf_osfp_ioctl { - struct pf_osfp_entry { - SLIST_ENTRY(pf_osfp_entry) fp_entry; - pf_osfp_t fp_os; - char fp_class_nm[PF_OSFP_LEN]; - char fp_version_nm[PF_OSFP_LEN]; - char fp_subtype_nm[PF_OSFP_LEN]; - } fp_os; - pf_tcpopts_t fp_tcpopts; - u_int16_t fp_wsize; - u_int16_t fp_psize; - u_int16_t fp_mss; + struct pf_osfp_entry fp_os; + pf_tcpopts_t fp_tcpopts; /* packed TCP options */ + u_int16_t fp_wsize; /* TCP window size */ + u_int16_t fp_psize; /* ip->ip_len */ + u_int16_t fp_mss; /* TCP MSS */ u_int16_t fp_flags; - u_int8_t fp_optcnt; - u_int8_t fp_wscale; - u_int8_t fp_ttl; - int fp_getnum; + u_int8_t fp_optcnt; /* TCP option count */ + u_int8_t fp_wscale; /* TCP window scaling */ + u_int8_t fp_ttl; /* IPv4 TTL */ + + int fp_getnum; /* DIOCOSFPGET number */ +}; + +struct pf_osfp_entry { + SLIST_ENTRY(pf_osfp_entry) fp_entry; + pf_osfp_t fp_os; + int fp_enflags; +#define PF_OSFP_EXPANDED 0x001 /* expanded entry */ +#define PF_OSFP_GENERIC 0x002 /* generic signature */ +#define PF_OSFP_NODETAIL 0x004 /* no p0f details */ +#define PF_OSFP_LEN 32 + char fp_class_nm[PF_OSFP_LEN]; + char fp_version_nm[PF_OSFP_LEN]; + char fp_subtype_nm[PF_OSFP_LEN]; }; .Ed .Pp @@ -941,20 +952,19 @@ The data is returned in the structure described below: .Bd -literal struct pfi_kif { - RB_ENTRY(pfi_kif) pfik_tree; char pfik_name[IFNAMSIZ]; + RB_ENTRY(pfi_kif) pfik_tree; u_int64_t pfik_packets[2][2][2]; u_int64_t pfik_bytes[2][2][2]; u_int32_t pfik_tzero; int pfik_flags; - struct pf_state_tree_lan_ext pfik_lan_ext; - struct pf_state_tree_ext_gwy pfik_ext_gwy; - TAILQ_ENTRY(pfi_kif) pfik_w_states; + int pfik_flags_new; void *pfik_ah_cookie; struct ifnet *pfik_ifp; struct ifg_group *pfik_group; int pfik_states; int pfik_rules; + int pfik_routes; TAILQ_HEAD(, pfi_dynaddr) pfik_dynaddrs; }; .Ed |