Index: share/man/man4/icmp.4
===================================================================
--- share/man/man4/icmp.4
+++ share/man/man4/icmp.4
@@ -162,18 +162,14 @@
 .Xr sysctl 3
 MIB.
 .Bl -tag -width ".Va icmplim_output"
-.It Va maskrepl
+.It Va bmcastecho
 .Pq Vt boolean
-Enable/disable replies to ICMP Address Mask Request packets.
+Enable/disable ICMP replies received via broadcast or multicast.
+Defaults to false.
+.It Va drop_redirect
+.Pq Vt boolean
+Enable/disable dropping of ICMP Redirect packets.
 Defaults to false.
-.It Va maskfake
-.Pq Vt "unsigned integer"
-When
-.Va maskrepl
-is set and this value is non-zero,
-it will be used instead of the real address mask when
-the system replies to an ICMP Address Mask Request packet.
-Defaults to 0.
 .It Va icmplim
 .Pq Vt integer
 Bandwidth limit for ICMP replies in packets/second.
@@ -183,23 +179,27 @@
 .Pq Vt boolean
 Enable/disable logging of ICMP replies bandwidth limiting.
 Defaults to true.
-.It Va drop_redirect
-.Pq Vt boolean
-Enable/disable dropping of ICMP Redirect packets.
-Defaults to false.
 .It Va log_redirect
 .Pq Vt boolean
 Enable/disable logging of ICMP Redirect packets.
 Defaults to false.
-.It Va bmcastecho
+.It Va maskfake
+.Pq Vt "unsigned integer"
+When
+.Va maskrepl
+is set and this value is non-zero,
+it will be used instead of the real address mask when
+the system replies to an ICMP Address Mask Request packet.
+Defaults to 0.
+.It Va maskrepl
 .Pq Vt boolean
-Enable/disable ICMP replies received via broadcast or multicast.
+Enable/disable replies to ICMP Address Mask Request packets.
 Defaults to false.
-.It Va reply_src
-.Pq Vt str
-An interface name used for the ICMP reply source in response to packets
-which are not directly addressed to us.
-By default continue with normal source selection.
+.It Va quotelen
+.Pq Vt integer
+Number of bytes from original packet to quote in ICMP reply.
+This number is internally enforced to be at least 8 bytes (per RFC792)
+and at most the maximal space left in the ICMP reply mbuf.
 .It Va reply_from_interface
 .Pq Vt boolean
 Use the IP address of the interface the packet came through in for
@@ -209,11 +209,11 @@
 Enabling this option is particularly useful on routers because it
 makes external traceroutes show the actual path a packet has taken
 instead of the possibly different return path.
-.It Va quotelen
-.Pq Vt integer
-Number of bytes from original packet to quote in ICMP reply.
-This number is internally enforced to be at least 8 bytes (per RFC792)
-and at most the maximal space left in the ICMP reply mbuf.
+.It Va reply_src
+.Pq Vt str
+An interface name used for the ICMP reply source in response to packets
+which are not directly addressed to us.
+By default continue with normal source selection.
 .It Va tstamprepl
 .Pq Vt boolean
 Enable/disable replies to ICMP Timestamp packets.
Index: share/man/man4/inet.4
===================================================================
--- share/man/man4/inet.4
+++ share/man/man4/inet.4
@@ -28,7 +28,7 @@
 .\"     From: @(#)inet.4	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd July 14, 2022
+.Dd July 18, 2022
 .Dt INET 4
 .Os
 .Sh NAME
@@ -168,25 +168,54 @@
 MIB.
 The following general variables are defined:
 .Bl -tag -width ".Va accept_sourceroute"
+.It Va accept_sourceroute
+Boolean: enable/disable accepting of source-routed IP packets (default false).
+.It Va allow_net0
+Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints,
+and allow forwarding of packets with these addresses.
+.It Va allow_net240
+Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints,
+and allow forwarding of packets with these addresses.
 .It Va forwarding
 Boolean: enable/disable forwarding of IP packets.
 Defaults to off.
-.It Va redirect
-Boolean: enable/disable sending of ICMP redirects in response to
-.Tn IP
-packets for which a better, and for the sender directly reachable, route
-and next hop is known.
-Defaults to on.
-.It Va ttl
-Integer: default time-to-live
-.Pq Dq TTL
-to use for outgoing
-.Tn IP
-packets.
-.It Va accept_sourceroute
-Boolean: enable/disable accepting of source-routed IP packets (default false).
-.It Va sourceroute
-Boolean: enable/disable forwarding of source-routed IP packets (default false).
+.It Va loopback_prefixlen
+Integer: prefix length of the address space reserved for loopback purposes.
+The default is 8, meaning that 127.0.0.0/8 is reserved for loopback,
+and cannot be sent, received, or forwarded on a non-loopback interface.
+Use of other values is experimental.
+.It Va maxfragbucketsize
+Integer: maximum number of reassembly queues per bucket.
+Fragmented packets are hashed to buckets.
+Each bucket has a list of reassembly queues.
+The system must compare the incoming packets to the existing reassembly queues
+in the bucket to find a matching reassembly queue.
+To preserve system resources, the system limits the number of reassembly
+queues allowed in each bucket.
+This limit is recalculated when the number of mbuf clusters is changed or
+when the value of
+.Va maxfragpackets
+changes.
+This is a per-VNET limit.
+.It Va maxfragpackets
+Integer: maximum number of fragmented packets the host will accept and
+simultaneously hold in the reassembly queue for a particular VNET.
+0 means that the host will not accept any fragmented packets for that VNET.
+\-1 means that the host will not apply this limit for that VNET.
+This limit is recalculated when the number of mbuf clusters is changed.
+This is a per-VNET limit.
+.It Va maxfrags
+Integer: maximum number of fragments the host will accept and simultaneously
+hold across all reassembly queues in all VNETs.
+If set to 0, reassembly is disabled.
+If set to -1, this limit is not applied.
+This limit is recalculated when the number of mbuf clusters is changed.
+This is a global limit.
+.It Va maxfragsperpacket
+Integer: maximum number of fragments the host will accept and hold
+in the reassembly queue for a packet.
+0 means that the host will not accept any fragmented packets for the VNET.
+This is a per-VNET limit.
 .It Va process_options
 Integer: control IP options processing.
 By setting this variable to 0, all IP options in the incoming packets
@@ -202,6 +231,29 @@
 .Xr sysctl 8
 variable affects packets destined for a local host as well as packets
 forwarded to some other host.
+.It Va random_id
+Boolean: control IP IDs generation behaviour.
+Setting this
+.Xr sysctl 8
+to 1 causes the ID field in
+.Em non-atomic
+IP datagrams (or all IP datagrams, if
+.Va rfc6864
+is disabled) to be randomized instead of incremented by 1 with each packet
+generated.
+This closes a minor information leak which allows remote observers to
+determine the rate of packet generation on the machine by watching the
+counter.
+At the same time, on high-speed links, it can decrease the ID reuse
+cycle greatly.
+Default is 0 (sequential IP IDs).
+IPv6 flow IDs and fragment IDs are always random.
+.It Va redirect
+Boolean: enable/disable sending of ICMP redirects in response to
+.Tn IP
+packets for which a better, and for the sender directly reachable, route
+and next hop is known.
+Defaults to on.
 .It Va rfc1122_strong_es
 Boolean: in non-forwarding mode
 .Pq forwarding is disabled
@@ -217,14 +269,6 @@
 .Xr pfil 4
 filters may override and bypass this check.
 Disabled by default.
-.It Va source_address_validation
-Boolean: perform source address validation for packets destined for the local
-host.
-Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local
-host as our own infrastructure.
-This has no effect on packets to be forwarded, so don't consider it as
-anti-spoof feature for a router.
-Enabled by default.
 .It Va rfc6864
 Boolean: control IP IDs generation behaviour.
 True value enables RFC6864 support, which specifies that IP ID field of
@@ -233,66 +277,22 @@
 The
 .Fx implementation sets it to zero.
 Enabled by default.
-.It Va random_id
-Boolean: control IP IDs generation behaviour.
-Setting this
-.Xr sysctl 8
-to 1 causes the ID field in
-.Em non-atomic
-IP datagrams (or all IP datagrams, if
-.Va rfc6864
-is disabled) to be randomized instead of incremented by 1 with each packet
-generated.
-This closes a minor information leak which allows remote observers to
-determine the rate of packet generation on the machine by watching the
-counter.
-At the same time, on high-speed links, it can decrease the ID reuse
-cycle greatly.
-Default is 0 (sequential IP IDs).
-IPv6 flow IDs and fragment IDs are always random.
-.It Va maxfrags
-Integer: maximum number of fragments the host will accept and simultaneously
-hold across all reassembly queues in all VNETs.
-If set to 0, reassembly is disabled.
-If set to -1, this limit is not applied.
-This limit is recalculated when the number of mbuf clusters is changed.
-This is a global limit.
-.It Va maxfragpackets
-Integer: maximum number of fragmented packets the host will accept and
-simultaneously hold in the reassembly queue for a particular VNET.
-0 means that the host will not accept any fragmented packets for that VNET.
-\-1 means that the host will not apply this limit for that VNET.
-This limit is recalculated when the number of mbuf clusters is changed.
-This is a per-VNET limit.
-.It Va maxfragbucketsize
-Integer: maximum number of reassembly queues per bucket.
-Fragmented packets are hashed to buckets.
-Each bucket has a list of reassembly queues.
-The system must compare the incoming packets to the existing reassembly queues
-in the bucket to find a matching reassembly queue.
-To preserve system resources, the system limits the number of reassembly
-queues allowed in each bucket.
-This limit is recalculated when the number of mbuf clusters is changed or
-when the value of
-.Va maxfragpackets
-changes.
-This is a per-VNET limit.
-.It Va maxfragsperpacket
-Integer: maximum number of fragments the host will accept and hold
-in the reassembly queue for a packet.
-0 means that the host will not accept any fragmented packets for the VNET.
-This is a per-VNET limit.
-.It Va allow_net0
-Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints,
-and allow forwarding of packets with these addresses.
-.It Va allow_net240
-Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints,
-and allow forwarding of packets with these addresses.
-.It Va loopback_prefixlen
-Integer: prefix length of the address space reserved for loopback purposes.
-The default is 8, meaning that 127.0.0.0/8 is reserved for loopback,
-and cannot be sent, received, or forwarded on a non-loopback interface.
-Use of other values is experimental.
+.It Va source_address_validation
+Boolean: perform source address validation for packets destined for the local
+host.
+Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local
+host as our own infrastructure.
+This has no effect on packets to be forwarded, so don't consider it as
+anti-spoof feature for a router.
+Enabled by default.
+.It Va sourceroute
+Boolean: enable/disable forwarding of source-routed IP packets (default false).
+.It Va ttl
+Integer: default time-to-live
+.Pq Dq TTL
+to use for outgoing
+.Tn IP
+packets.
 .El
 .Sh SEE ALSO
 .Xr ioctl 2 ,
Index: share/man/man4/udp.4
===================================================================
--- share/man/man4/udp.4
+++ share/man/man4/udp.4
@@ -28,7 +28,7 @@
 .\"     @(#)udp.4	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd July 14, 2022
+.Dd July 18, 2022
 .Dt UDP 4
 .Os
 .Sh NAME
@@ -119,21 +119,21 @@
 .Xr sysctl 3
 MIB:
 .Bl -tag -width ".Va log_in_vain"
-.It Va checksum
-Enable udp checksums (enabled by default).
-.It Va maxdgram
-Maximum outgoing UDP datagram size
-.It Va recvspace
-Maximum space for incoming UDP datagrams
-.It Va log_in_vain
-For all udp datagrams, to ports on which there is no socket
-listening, log the connection attempt (disabled by default).
 .It Va blackhole
 When a datagram is received on a port where there is no socket
 listening, do not return an ICMP port unreachable message.
 (Disabled by default.
 See
 .Xr blackhole 4 . )
+.It Va checksum
+Enable udp checksums (enabled by default).
+.It Va log_in_vain
+For all udp datagrams, to ports on which there is no socket
+listening, log the connection attempt (disabled by default).
+.It Va maxdgram
+Maximum outgoing UDP datagram size
+.It Va recvspace
+Maximum space for incoming UDP datagrams
 .El
 .Sh ERRORS
 A socket operation may fail with one of the following errors returned: