On Sun, Apr 14, 2024 at 06:27:51AM +0100, Jason McIntyre wrote:
> for this diff: would you like to have a go at also adding it to the
> GRAMMAR section and resubmit?

Oh, right, here's a new diff.

> for the optimisation stuff: you could submit a separate diff for that.
> maybe a note where all the tcp.* bits are saying that they can be
> handled more generally by set optimization?

Will do!


Index: pf.conf.5
===================================================================
RCS file: /cvs/src/share/man/man5/pf.conf.5,v
retrieving revision 1.600
diff -u -p -r1.600 pf.conf.5
--- pf.conf.5	18 Nov 2022 18:11:10 -0000	1.600
+++ pf.conf.5	14 Apr 2024 07:23:35 -0000
@@ -1486,6 +1486,8 @@ The state after the first packet.
 .It Cm tcp.opening Pq 30 seconds by default
 The state after the second packet but before both endpoints have
 acknowledged the connection.
+.It Cm tcp.tsdiff Pq 30 seconds by default
+Maximum allowed time difference between RFC1323-compliant packet timestamps.
 .El
 .Pp
 ICMP and UDP are handled in a fashion similar to TCP, but with a much more
@@ -2941,7 +2943,7 @@ state-opt      = ( "max" number | "no-sy
 
 timeout-list   = timeout [ [ "," ] timeout-list ]
 timeout        = ( "tcp.first" | "tcp.opening" | "tcp.established" |
-                 "tcp.closing" | "tcp.finwait" | "tcp.closed" |
+                 "tcp.closing" | "tcp.finwait" | "tcp.closed" | "tcp.tsdiff" |
                  "udp.first" | "udp.single" | "udp.multiple" |
                  "icmp.first" | "icmp.error" |
                  "other.first" | "other.single" | "other.multiple" |