On Tue, Jul 04, 2023 at 04:35:23PM +0200, Alexandr Nedvedicky wrote:
> Hello,
>
> diff below updates pf(4) manpage to reflect changes [1] which
> were committed earlier today.
>
> does update to pf(4) read OK?
>
> thanks and
> regards
> sashan
>
> [1] https://marc.info/?l=openbsd-cvs&m=168848058603797&w=2
> https://marc.info/?l=openbsd-cvs&m=168847042626997&w=2
>
> --------8<---------------8<---------------8<------------------8<--------
>
> diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4
> index 92eeb45f657..305c536b137 100644
> --- a/share/man/man4/pf.4
> +++ b/share/man/man4/pf.4
> @@ -48,12 +48,25 @@ and retrieve statistics.
> The most commonly used functions are covered by
> .Xr pfctl 8 .
> .Pp
> -Manipulations like loading a ruleset that involve more than a single
> +Operations like loading or reading a ruleset that involve more than a single
you probably don;t need to add "or reading", since you already indicate
that it is just an example ("like"), not an exhaustive list. or is there
a specific reason to list reading a ruleset?
> .Xr ioctl 2
> call require a so-called
> .Em ticket ,
should probably be Sy rather than Em, but don;t sweat it if such a
change would make the rest of the manual inconsistent.
> -which prevents the occurrence of
> -multiple concurrent manipulations.
> +which allows
> +.Xr pf 4
> +to deal with concurrent operations.
> +For certain
> +.Xr ioctl 2
> +commands (currently
> +.Dv DIOCGETRULES )
> +the number of tickets application can obtain is limited.
i'm not sure what this means. tickets per application? "tickets
application" does not read correctly.
> +The application must explicitly release the ticket using
s/using/using the/
or "using DIOCXEND to avoid..."
> +.Dv DIOCXEND
> +command to avoid hitting the limit.
> +All tickets which are not freed by
> +.Dv DIOCXEND
> +are released when application closes
s/application/the application/
> +.Pa /dev/pf .
> .Pp
> Fields of
> .Xr ioctl 2
> @@ -132,6 +145,9 @@ for subsequent
> calls and the number
> .Va nr
> of rules in the active ruleset.
> +The ticket should be released by
s/by/by the/
or maybe just "released by DIOCXEND".
> +.Dv DIOCXEND
> +command.
> .It Dv DIOCGETRULE Fa "struct pfioc_rule *pr"
> Get a
> .Va rule
> @@ -792,6 +808,10 @@ inactive rulesets since the last
> .Dv DIOCXBEGIN .
> .Dv DIOCXROLLBACK
> will silently ignore rulesets for which the ticket is invalid.
> +.It Dv DIOCXEND Fa "u_int32_t *ticket"
> +Release ticket obtained by
> +.Dv DIOCGETRULES
> +command.
again, either "by the XXX command" or "by XXX".
> .It Dv DIOCSETHOSTID Fa "u_int32_t *hostid"
> Set the host ID, which is used by
> .Xr pfsync 4
>
jmc
