diff options
| -rw-r--r-- | share/man/man5/pf.conf.5 | 95 |
1 files changed, 47 insertions, 48 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 20322a3da8f..f9c05944e3c 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.518 2012/07/09 20:52:59 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.519 2012/07/10 09:40:35 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 9 2012 $ +.Dd $Mdocdate: July 10 2012 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -622,34 +622,6 @@ For example, the following rule will drop 20% of incoming ICMP packets: .Pp .Dl block in proto icmp probability 20% .Pp -.It Xo Ar set prio Aq Ar priority -.No \*(Ba ( Aq Ar priority , -.Aq Ar priority ) -.Xc -Packets matching this rule will be assigned a specific queueing priority. -Priorities are assigned as integers 0 through 7, -with a default priority of 3. -If the packet is transmitted on a -.Xr vlan 4 -interface, the queueing priority will also be written as the priority -code point in the 802.1Q VLAN header. -If two priorities are given, packets which have a TOS of -.Ar lowdelay -and TCP ACKs with no data payload will be assigned to the second one. -.Pp -For example: -.Bd -literal -offset indent -pass in proto tcp to port 25 set prio 2 -pass in proto tcp to port 22 set prio (2, 5) -.Ed -.Pp -The interface priority queues accessed by the -.Ar set prio -keyword are always enabled and do not require any additional -configuration, unlike the queues described below and in the -.Sx QUEUEING -section. -.Pp .It Xo Ar queue Aq Ar queue .No \*(Ba ( Aq Ar queue , .Aq Ar queue ) @@ -1223,6 +1195,33 @@ Suitable for almost all networks. Alias for .Ar high-latency . .El +.It Xo Ar set prio Aq Ar priority +.No \*(Ba ( Aq Ar priority , +.Aq Ar priority ) +.Xc +Packets matching this rule will be assigned a specific queueing priority. +Priorities are assigned as integers 0 through 7, +with a default priority of 3. +If the packet is transmitted on a +.Xr vlan 4 +interface, the queueing priority will also be written as the priority +code point in the 802.1Q VLAN header. +If two priorities are given, packets which have a TOS of +.Ar lowdelay +and TCP ACKs with no data payload will be assigned to the second one. +.Pp +For example: +.Bd -literal -offset indent +pass in proto tcp to port 25 set prio 2 +pass in proto tcp to port 22 set prio (2, 5) +.Ed +.Pp +The interface priority queues accessed by the +.Ar set prio +keyword are always enabled and do not require any additional +configuration, unlike the queues described below and in the +.Sx QUEUEING +section. .It Ar set reassemble The .Ar reassemble @@ -1409,6 +1408,24 @@ set limit states 10000 .Pp With 9000 state table entries, the timeout values are scaled to 50% (tcp.first 60, tcp.established 43200). +.It Xo Ar set tos Aq Ar string +.No \*(Ba Aq Ar number +.Xc +Enforces a TOS for matching packets. +.Ar string +may be one of +.Ar critical , +.Ar inetcontrol , +.Ar lowdelay , +.Ar netcontrol , +.Ar throughput , +.Ar reliability , +or one of the DiffServ Code Points: +.Ar ef , +.Ar af11 ... af43 , +.Ar cs0 ... cs7 ; +.Ar number +may be either a hex or decimal number. .El .Sh QUEUEING Packets can be assigned to queues for the purpose of bandwidth @@ -2359,24 +2376,6 @@ artificially extends the security of TCP sequence numbers by 10 to 18 bits when the host uses appropriately randomized timestamps, since a blind attacker would have to guess the timestamp as well. .El -.It Xo Ar set tos Aq Ar string -.No \*(Ba Aq Ar number -.Xc -Enforces a TOS for matching packets. -.Ar string -may be one of -.Ar critical , -.Ar inetcontrol , -.Ar lowdelay , -.Ar netcontrol , -.Ar throughput , -.Ar reliability , -or one of the DiffServ Code Points: -.Ar ef , -.Ar af11 ... af43 , -.Ar cs0 ... cs7 ; -.Ar number -may be either a hex or decimal number. .El .Pp For example: |