On Fri, Feb 09, 2024 at 08:11:32AM +0100, Otto Moerbeek wrote:

> On Fri, Feb 09, 2024 at 05:59:09PM +1100, Damien Miller wrote:
> 
> > Hi,
> > 
> > I just noticed a typo in pf.conf(5). The code says:
> > 
> > pfctl.c:	{ "pktdelay-pkts",	PF_LIMIT_PKTDELAY_PKTS },
> > 
> > (i.e. hyphen, not underscore)
> > 
> > ok?
> > 
> > I'm also not able to get "set delay" doing anything visible, but maybe
> > I'm holding it wrong.
> 
> In the diff you only change the -width parameter and not the actual .It line
> 
> As using delay, I have used it with delaying DNS traffic with this
> snippet. I'm using no state, cause otherwise an existing state will
> ruin my delay attempt.

I mean, when I enable/disable the line I want to have it effect immediately.

> 
> pass out inet6 proto {tcp, udp} from any to port 53 no state
> pass out inet proto {tcp, udp} from any to port 53 no state
> pass in inet6 proto {tcp, udp} from any port 53 to any no state
> pass in inet proto {tcp, udp} from any port 53 to any no state
> 
> pass out on egress proto {tcp, udp} from any to <google> port 53 set delay 1000 no state
> 
> # Delay list
> table <google> const {
> 216.239.32.10
> 216.239.34.10
> 216.239.36.10
> 216.239.38.10
> 2001:4860:4802:32::a
> 2001:4860:4802:34::a
> 2001:4860:4802:36::a
> 2001:4860:4802:38::a
> }
> 
> I hope I did not miss any other required line from pf.conf to make it
> work.
> 
> 	-Otto
> 
> 
> > 
> > Index: pf.conf.5
> > ===================================================================
> > RCS file: /cvs/src/share/man/man5/pf.conf.5,v
> > diff -u -p -r1.600 pf.conf.5
> > --- pf.conf.5	18 Nov 2022 18:11:10 -0000	1.600
> > +++ pf.conf.5	9 Feb 2024 06:57:14 -0000
> > @@ -1238,7 +1238,7 @@ See
> >  for an explanation of memory pools.
> >  .Pp
> >  Limits can be set on the following:
> > -.Bl -tag -width pktdelay_pkts
> > +.Bl -tag -width pktdelay-pkts
> >  .It Cm states
> >  Set the maximum number of entries in the memory pool used by state table
> >  entries (those generated by
> > 
>