Changeset View
Changeset View
Standalone View
Standalone View
share/man/man4/pf.4
Show First 20 Lines • Show All 133 Lines • ▼ Show 20 Lines | struct pfioc_pooladdr { | ||||
struct pf_pooladdr addr; | struct pf_pooladdr addr; | ||||
}; | }; | ||||
.Ed | .Ed | ||||
.Pp | .Pp | ||||
Clear the buffer address pool and get a | Clear the buffer address pool and get a | ||||
.Va ticket | .Va ticket | ||||
for subsequent | for subsequent | ||||
.Dv DIOCADDADDR , | .Dv DIOCADDADDR , | ||||
.Dv DIOCADDRULE , | |||||
and | and | ||||
.Dv DIOCCHANGERULE | .Dv DIOCADDRULE | ||||
calls. | calls. | ||||
.It Dv DIOCADDADDR Fa "struct pfioc_pooladdr *pp" | .It Dv DIOCADDADDR Fa "struct pfioc_pooladdr *pp" | ||||
.Pp | .Pp | ||||
Add the pool address | Add the pool address | ||||
.Va addr | .Va addr | ||||
to the buffer address pool to be used in the following | to the buffer address pool to be used in the following | ||||
.Dv DIOCADDRULE | .Dv DIOCADDRULE | ||||
or | |||||
.Dv DIOCCHANGERULE | |||||
call. | call. | ||||
All other members of the structure are ignored. | All other members of the structure are ignored. | ||||
.It Dv DIOCADDRULE Fa "struct pfioc_rule *pr" | .It Dv DIOCADDRULE Fa "struct pfioc_rule *pr" | ||||
.Bd -literal | .Bd -literal | ||||
struct pfioc_rule { | struct pfioc_rule { | ||||
u_int32_t action; | u_int32_t action; | ||||
u_int32_t ticket; | u_int32_t ticket; | ||||
u_int32_t pool_ticket; | u_int32_t pool_ticket; | ||||
▲ Show 20 Lines • Show All 152 Lines • ▼ Show 20 Lines | |||||
the maximum number of which can be obtained from a preceding | the maximum number of which can be obtained from a preceding | ||||
.Dv DIOCGETRULESETS | .Dv DIOCGETRULESETS | ||||
call. | call. | ||||
This ioctl returns | This ioctl returns | ||||
.Er EINVAL | .Er EINVAL | ||||
if the given anchor does not exist or | if the given anchor does not exist or | ||||
.Er EBUSY | .Er EBUSY | ||||
if another process is concurrently updating a ruleset. | if another process is concurrently updating a ruleset. | ||||
.It Dv DIOCADDSTATE Fa "struct pfioc_state *ps" | |||||
Add a state entry. | |||||
.Bd -literal | |||||
struct pfioc_state { | |||||
struct pfsync_state state; | |||||
}; | |||||
.Ed | |||||
.It Dv DIOCGETSTATE Fa "struct pfioc_state *ps" | |||||
Extract the entry identified by the | |||||
.Va id | |||||
and | |||||
.Va creatorid | |||||
fields of the | |||||
.Va state | |||||
structure from the state table. | |||||
.It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk" | .It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk" | ||||
Remove matching entries from the state table. | Remove matching entries from the state table. | ||||
This ioctl returns the number of killed states in | This ioctl returns the number of killed states in | ||||
.Va psk_killed . | .Va psk_killed . | ||||
.Bd -literal | .Bd -literal | ||||
struct pfioc_state_kill { | struct pfioc_state_kill { | ||||
struct pf_state_cmp psk_pfcmp; | struct pf_state_cmp psk_pfcmp; | ||||
sa_family_t psk_af; | sa_family_t psk_af; | ||||
▲ Show 20 Lines • Show All 89 Lines • ▼ Show 20 Lines | |||||
is non-zero on entry, as many states as possible that can fit into this | is non-zero on entry, as many states as possible that can fit into this | ||||
size will be copied into the supplied buffer | size will be copied into the supplied buffer | ||||
.Va ps_states . | .Va ps_states . | ||||
On exit, | On exit, | ||||
.Va ps_len | .Va ps_len | ||||
is always set to the total size required to hold all state table entries | is always set to the total size required to hold all state table entries | ||||
(i.e., it is set to | (i.e., it is set to | ||||
.Li sizeof(struct pf_state) * nr ) . | .Li sizeof(struct pf_state) * nr ) . | ||||
.It Dv DIOCCHANGERULE Fa "struct pfioc_rule *pcr" | |||||
Add or remove the | |||||
.Va rule | |||||
in the ruleset specified by | |||||
.Va rule.action . | |||||
.Pp | .Pp | ||||
The type of operation to be performed is indicated by | The type of operation to be performed is indicated by | ||||
.Va action , | .Va action , | ||||
which can be any of the following: | which can be any of the following: | ||||
.Bd -literal | .Bd -literal | ||||
enum { PF_CHANGE_NONE, PF_CHANGE_ADD_HEAD, PF_CHANGE_ADD_TAIL, | enum { PF_CHANGE_NONE, PF_CHANGE_ADD_HEAD, PF_CHANGE_ADD_TAIL, | ||||
PF_CHANGE_ADD_BEFORE, PF_CHANGE_ADD_AFTER, | PF_CHANGE_ADD_BEFORE, PF_CHANGE_ADD_AFTER, | ||||
PF_CHANGE_REMOVE, PF_CHANGE_GET_TICKET }; | PF_CHANGE_REMOVE, PF_CHANGE_GET_TICKET }; | ||||
Show All 15 Lines | |||||
indicates to which anchor the operation applies. | indicates to which anchor the operation applies. | ||||
.Va nr | .Va nr | ||||
indicates the rule number against which | indicates the rule number against which | ||||
.Dv PF_CHANGE_ADD_BEFORE , | .Dv PF_CHANGE_ADD_BEFORE , | ||||
.Dv PF_CHANGE_ADD_AFTER , | .Dv PF_CHANGE_ADD_AFTER , | ||||
or | or | ||||
.Dv PF_CHANGE_REMOVE | .Dv PF_CHANGE_REMOVE | ||||
actions are applied. | actions are applied. | ||||
.\" It Dv DIOCCHANGEALTQ Fa "struct pfioc_altq *pcr" | |||||
.It Dv DIOCCHANGEADDR Fa "struct pfioc_pooladdr *pca" | |||||
Add or remove the pool address | |||||
.Va addr | |||||
from the rule specified by | |||||
.Va r_action , | |||||
.Va r_num , | |||||
and | |||||
.Va anchor . | |||||
.It Dv DIOCSETTIMEOUT Fa "struct pfioc_tm *pt" | .It Dv DIOCSETTIMEOUT Fa "struct pfioc_tm *pt" | ||||
.Bd -literal | .Bd -literal | ||||
struct pfioc_tm { | struct pfioc_tm { | ||||
int timeout; | int timeout; | ||||
int seconds; | int seconds; | ||||
}; | }; | ||||
.Ed | .Ed | ||||
.Pp | .Pp | ||||
Show All 10 Lines | |||||
values in | values in | ||||
.Aq Pa net/pfvar.h . | .Aq Pa net/pfvar.h . | ||||
.It Dv DIOCGETTIMEOUT Fa "struct pfioc_tm *pt" | .It Dv DIOCGETTIMEOUT Fa "struct pfioc_tm *pt" | ||||
Get the state timeout of | Get the state timeout of | ||||
.Va timeout . | .Va timeout . | ||||
The value will be placed into the | The value will be placed into the | ||||
.Va seconds | .Va seconds | ||||
field. | field. | ||||
.It Dv DIOCCLRRULECTRS | |||||
Clear per-rule statistics. | |||||
.It Dv DIOCSETLIMIT Fa "struct pfioc_limit *pl" | .It Dv DIOCSETLIMIT Fa "struct pfioc_limit *pl" | ||||
Set the hard limits on the memory pools used by the packet filter. | Set the hard limits on the memory pools used by the packet filter. | ||||
.Bd -literal | .Bd -literal | ||||
struct pfioc_limit { | struct pfioc_limit { | ||||
int index; | int index; | ||||
unsigned limit; | unsigned limit; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 666 Lines • Show Last 20 Lines |