misc/46140: Patch to update the documentation for pf(4) on the website

To: misc-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: misc/46140: Patch to update the documentation for pf(4) on the website
From: dhgutteridge%sympatico.ca@localhost
Date: Sun, 4 Mar 2012 04:40:01 +0000 (UTC)

>Number:         46140
>Category:       misc
>Synopsis:       Patch to update the documentation for pf(4) on the website
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 04 04:40:00 +0000 2012
>Originator:     David H. Gutteridge
>Release:        Many
>Organization:
>Environment:
>Description:
Below I've attached a patch to update the pf(4) documentation on the
website[1] to reflect changes made since NetBSD 4.  I'm not sure if
it's complete, but it's based on everything I could find.

According to pf.conf(5), the "group" keyword is not supported, so I
assume that's still the case.  It does not state that route labels
are not supported; however, neither did the previous version of the
man page associated with version 3.7 of pf(4)...

1. http://www.netbsd.org/docs/network/pf.html
>How-To-Repeat:

>Fix:
--- pf.xml~     2008-05-02 21:22:51.000000000 -0500
+++ pf.xml      2012-03-03 23:32:34.000000000 -0500
@@ -9,7 +9,7 @@
 <config param="rcsdate" value="$Date: 2008/05/02 21:22:51 $"/>
 
 <head>
-<!-- Copyright (c) 1994-2006
+<!-- Copyright (c) 1994-2012
 The NetBSD Foundation, Inc.  ALL RIGHTS RESERVED. -->
 <title>NetBSD Packet Filter information</title>
 </head>
@@ -34,6 +34,11 @@
 <title>Availability</title>
 
 <para>
+NetBSD 5.0 includes PF from OpenBSD 4.2.  NetBSD 6.0 includes this same
+version, but also provides &man.pfsync.4; and &man.pfs.8;.
+</para>
+
+<para>
 NetBSD 4.0 includes PF from OpenBSD 3.7 with patches from the 3.7 branch.
 </para>
 
@@ -47,13 +52,22 @@
 <sect3 id="kernel">
 <title>Kernel options</title>
 <para>
-To use PF, you don't need to compile your own kernel, you can use the LKM
-<filename>/usr/lkm/pf.o</filename>. Use &man.modload.8; to load the LKM:
+To use PF, you don't need to compile your own kernel.  In versions of
+NetBSD prior to 6.0, you can use the LKM <filename>/usr/lkm/pf.o
+</filename>. Use &man.modload.8; to load the LKM:
 <screen>
 # modload /usr/lkm/pf.o
 </screen>
-But if you prefer to use PF in the kernel, then you need least the
-following option enabled:
+To use PF with NetBSD 6.0 (on architectures that support modules), you
+can use the module
+<filename>/stand/&lt;arch&gt;/&lt;release&gt;/modules/pf/pf.kmod</filename>.
+Use &man.modload.8; to load the module (if it was not loaded at boot
+time):
+<screen>
+# modload pf
+</screen>
+But if you prefer to use PF in the base kernel, then you need at least
+the following option enabled:
 <screen>
 options        PFIL_HOOKS      # &man.pfil.9; packet filter hooks
 </screen>
@@ -95,12 +109,16 @@
 </para>
 
 <para>
-To load the LKM at boot-time, you need to set <userinput>lkm=YES</userinput>
+On NetBSD versions older than 6.0, to load the LKM at boot-time, you
+need to set <userinput>lkm=YES</userinput>
 in <filename>/etc/rc.conf</filename> and add the following line to
 <filename>/etc/lkm.conf</filename>:
 <screen>
 /usr/lkm/pf.o - - - - BEFORENET
 </screen>
+Beginning with NetBSD 6.0, to load the module at boot-time (on
+architectures that support modules), you simply need to edit
+<filename>/etc/rc.conf</filename> as noted above.
 </para>
 
 <para>
@@ -190,16 +208,16 @@
 
 <itemizedlist>
 <listitem>
-<ulink 
url="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync";>pfsync(4)</ulink>
-is not supported (due to protocol # assignment issues).
-This will hopefully be solved in a future release.
+&man.pfsync.4; is supported since NetBSD 6.0.
+</listitem>
+<listitem>
+&man.pfs.8; is supported since NetBSD 6.0.
 </listitem>
 <listitem>
-ALTQ is supported since NetBSD 4.0.
+&man.altq.4; is supported since NetBSD 4.0.
 </listitem>
 <listitem>
-<ulink url="http://www.openbsd.org/cgi-bin/man.cgi?query=carp";>carp(4)</ulink>
-is supported since NetBSD 4.0.
+&man.carp.4; is supported since NetBSD 4.0.
 </listitem>
 <listitem>
 The 'group' keyword does nothing, because NetBSD doesn't keep the GID
@@ -250,15 +268,23 @@
 <sect3 id="manpages">
 <title>Manual pages</title>
 <itemizedlist>
+<listitem>&man.altq.4; - alternate queuing framework</listitem>
+<listitem>&man.carp.4; - Common Address Redundancy Protocol</listitem>
 <listitem>&man.pf.4; - packet filter</listitem>
 <listitem>&man.pflog.4; - packet filter logging interface</listitem>
+<listitem>&man.pfsync.4; - packet filter state table logging interface
+</listitem>
+<listitem>&man.altq.conf.5; - ALTQ configuration file</listitem>
 <listitem>&man.pf.boot.conf.5; - initial configuration for packet 
filter</listitem>
 <listitem>&man.pf.conf.5; - packet filter configuration file</listitem>
 <listitem>&man.pf.os.5; - format of the operating system fingerprints 
file</listitem>
+<listitem>&man.altqd.8; - ALTQ daemon</listitem>
 <listitem>&man.authpf.8; - authenticating gateway user shell</listitem>
 <listitem>&man.ftp-proxy.8; - Internet File Transfer Protocol proxy 
server</listitem>
 <listitem>&man.pfctl.8; - control the packet filter (PF) and network address 
translation (NAT) device</listitem>
 <listitem>&man.pflogd.8; - packet filter logging daemon</listitem>
+<listitem>&man.pfs.8; - save and restore information for NAT and state
+tables</listitem>
 </itemizedlist>
 </sect3>

Prev by Date: Re: install/45990: sysinst uses traditional 63 sector MBR offset
Next by Date: Re: xsrc/29008 (src/11/Xserver/cfb/Makefile.cfb doesn't use optional STIPPLE_CODE)
Previous by Thread: [martin%duskware.de@localhost: Re: port-vax/46098: /boot compiled with gcc 4.5.3 does not work]
Next by Thread: Re: xsrc/29008 (src/11/Xserver/cfb/Makefile.cfb doesn't use optional STIPPLE_CODE)
Indexes:

Home | Main Index | Thread Index | Old Index