On Sun, Apr 14, 2024 at 09:27:01AM +0200, Jesper Wallin wrote:
> On Sun, Apr 14, 2024 at 06:27:51AM +0100, Jason McIntyre wrote:
> > for this diff: would you like to have a go at also adding it to the
> > GRAMMAR section and resubmit?
> 
> Oh, right, here's a new diff.
> 
> > for the optimisation stuff: you could submit a separate diff for that.
> > maybe a note where all the tcp.* bits are saying that they can be
> > handled more generally by set optimization?
> 
> Will do!
> 

committed, thanks.
jmc

> 
> Index: pf.conf.5
> ===================================================================
> RCS file: /cvs/src/share/man/man5/pf.conf.5,v
> retrieving revision 1.600
> diff -u -p -r1.600 pf.conf.5
> --- pf.conf.5	18 Nov 2022 18:11:10 -0000	1.600
> +++ pf.conf.5	14 Apr 2024 07:23:35 -0000
> @@ -1486,6 +1486,8 @@ The state after the first packet.
>  .It Cm tcp.opening Pq 30 seconds by default
>  The state after the second packet but before both endpoints have
>  acknowledged the connection.
> +.It Cm tcp.tsdiff Pq 30 seconds by default
> +Maximum allowed time difference between RFC1323-compliant packet timestamps.
>  .El
>  .Pp
>  ICMP and UDP are handled in a fashion similar to TCP, but with a much more
> @@ -2941,7 +2943,7 @@ state-opt      = ( "max" number | "no-sy
>  
>  timeout-list   = timeout [ [ "," ] timeout-list ]
>  timeout        = ( "tcp.first" | "tcp.opening" | "tcp.established" |
> -                 "tcp.closing" | "tcp.finwait" | "tcp.closed" |
> +                 "tcp.closing" | "tcp.finwait" | "tcp.closed" | "tcp.tsdiff" |
>                   "udp.first" | "udp.single" | "udp.multiple" |
>                   "icmp.first" | "icmp.error" |
>                   "other.first" | "other.single" | "other.multiple" |