On Fri, Feb 09, 2024 at 05:59:09PM +1100, Damien Miller wrote:

> Hi,
> 
> I just noticed a typo in pf.conf(5). The code says:
> 
> pfctl.c:	{ "pktdelay-pkts",	PF_LIMIT_PKTDELAY_PKTS },
> 
> (i.e. hyphen, not underscore)
> 
> ok?
> 
> I'm also not able to get "set delay" doing anything visible, but maybe
> I'm holding it wrong.

In the diff you only change the -width parameter and not the actual .It line

As using delay, I have used it with delaying DNS traffic with this
snippet. I'm using no state, cause otherwise an existing state will
ruin my delay attempt.

pass out inet6 proto {tcp, udp} from any to port 53 no state
pass out inet proto {tcp, udp} from any to port 53 no state
pass in inet6 proto {tcp, udp} from any port 53 to any no state
pass in inet proto {tcp, udp} from any port 53 to any no state

pass out on egress proto {tcp, udp} from any to <google> port 53 set delay 1000 no state

# Delay list
table <google> const {
216.239.32.10
216.239.34.10
216.239.36.10
216.239.38.10
2001:4860:4802:32::a
2001:4860:4802:34::a
2001:4860:4802:36::a
2001:4860:4802:38::a
}

I hope I did not miss any other required line from pf.conf to make it
work.

	-Otto


> 
> Index: pf.conf.5
> ===================================================================
> RCS file: /cvs/src/share/man/man5/pf.conf.5,v
> diff -u -p -r1.600 pf.conf.5
> --- pf.conf.5	18 Nov 2022 18:11:10 -0000	1.600
> +++ pf.conf.5	9 Feb 2024 06:57:14 -0000
> @@ -1238,7 +1238,7 @@ See
>  for an explanation of memory pools.
>  .Pp
>  Limits can be set on the following:
> -.Bl -tag -width pktdelay_pkts
> +.Bl -tag -width pktdelay-pkts
>  .It Cm states
>  Set the maximum number of entries in the memory pool used by state table
>  entries (those generated by
>