Index | Thread | Search

From:
Jason McIntyre <jmc@kerhand.co.uk>
Subject:
Re: pfctl.8: fix markup for shorter lists and more automatic tags
To:
tech@openbsd.org
Date:
Wed, 20 Nov 2024 19:31:56 +0000

Download raw body.

Thread 
On Wed, Nov 20, 2024 at 06:25:52PM +0000, Klemens Nanni wrote:
> SYNOPSIS
>      pfctl [-deghNnPqrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file]
>            [-i interface] [-K key] [-k key] [-L statefile] [-o level]
>            [-p device] [-S statefile] [-s modifier [-R id]]
>            [-t table -T command [address ...]] [-V rdomain] [-x level]
> 
> 
> Looking for the "R" or "T" tags in the manual pager yields no results as they
> are part of the preceding flag, e.g. only "s" brings you to the joint definition
> of [-s modifier [-R id]].
> 
> Add manual tags for -T and -R to fix that.
> 
> Also, "zero" is not defined since the list item is called '-T zero', so you
> can't jump straight to that definition via tags, either.
> 
> Seems a bit odd to repeat the flag for each modifier/command, so I like to turn
>              -T test           Test if the given addresses match a table.
> into
>              test           Test if the given addresses match a table.
> 
> 
> for brevity and to get automatic tagging for all such modifiers/commands, e.g.
> "tag" now jumping to that line.
> 
> Feedback? OK?
> 

hi. i'm fine with these changes - i think they all make sense.
jmc

> Index: pfctl.8
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/pfctl.8,v
> diff -u -p -r1.184 pfctl.8
> --- pfctl.8	20 Nov 2024 13:57:29 -0000	1.184
> +++ pfctl.8	20 Nov 2024 18:10:34 -0000
> @@ -191,25 +191,25 @@ Flush the filter parameters specified by
>  .Ar modifier
>  (may be abbreviated):
>  .Pp
> -.Bl -tag -width xxxxxxxxxxxx -compact
> -.It Fl F Cm rules
> +.Bl -tag -width xxxxxxxxx -compact
> +.It Cm rules
>  Flush the filter rules.
> -.It Fl F Cm states
> +.It Cm states
>  Flush the state table (NAT and filter).
> -.It Fl F Cm Sources
> +.It Cm Sources
>  Flush the source tracking table.
> -.It Fl F Cm info
> +.It Cm info
>  Flush the filter information (statistics that are not bound to rules).
> -.It Fl F Cm Tables
> +.It Cm Tables
>  Flush the tables.
> -.It Fl F Cm osfp
> +.It Cm osfp
>  Flush the passive operating system fingerprints.
> -.It Fl F Cm Reset
> +.It Cm Reset
>  Reset limits, timeouts and other options back to default settings.
>  See the OPTIONS section in
>  .Xr pf.conf 5
>  for details.
> -.It Fl F Cm all
> +.It Cm all
>  Flush all of the above.
>  .El
>  .Pp
> @@ -316,13 +316,13 @@ Do not actually load rules, just parse t
>  .It Fl o Ar level
>  Control the ruleset optimizer, overriding any rule file settings.
>  .Pp
> -.Bl -tag -width xxxxxxxxxxxx -compact
> -.It Fl o Cm none
> +.Bl -tag -width xxxxxxxxx -compact
> +.It Cm none
>  Disable the ruleset optimizer.
> -.It Fl o Cm basic
> +.It Cm basic
>  Enable basic ruleset optimizations.
>  This is the default behaviour.
> -.It Fl o Cm profile
> +.It Cm profile
>  Enable basic ruleset optimizations with profiling.
>  .El
>  .Pp
> @@ -348,13 +348,14 @@ are mutually exclusive.
>  .It Fl S Ar statefile
>  Store the pf state table in the file specified by
>  .Ar statefile .
> +.Tg R
>  .It Fl s Ar modifier Op Fl R Ar id
>  Show the filter parameters specified by
>  .Ar modifier
>  (may be abbreviated):
>  .Pp
> -.Bl -tag -width xxxxxxxxxxxxxx -compact
> -.It Fl s Cm queue
> +.Bl -tag -width xxxxxxxxxxx -compact
> +.It Cm queue
>  Show the currently loaded queue definitions.
>  When used together with
>  .Fl v ,
> @@ -364,7 +365,7 @@ When used together with
>  .Nm
>  will loop and show updated queue statistics every five seconds, including
>  measured bandwidth and packets per second.
> -.It Fl s Cm rules
> +.It Cm rules
>  Show the currently loaded filter rules.
>  If
>  .Fl R Ar id
> @@ -388,7 +389,7 @@ will skip evaluation of rules where poss
>  Packets passed statefully are counted in the rule that created the state
>  (even though the rule isn't evaluated more than once for the entire
>  connection).
> -.It Fl s Cm Anchors
> +.It Cm Anchors
>  Show the currently loaded anchors directly attached to the main ruleset.
>  If
>  .Fl a Ar anchor
> @@ -399,15 +400,15 @@ If
>  .Fl v
>  is specified, all anchors attached under the target anchor will be
>  displayed recursively.
> -.It Fl s Cm states
> +.It Cm states
>  Show the contents of the state table.
>  If
>  .Fl R Ar id
>  is specified as well,
>  only states created by the rule with the specified numeric ID are shown.
> -.It Fl s Cm Sources
> +.It Cm Sources
>  Show the contents of the source tracking table.
> -.It Fl s Cm info
> +.It Cm info
>  Show filter information (statistics and counters).
>  When used together with
>  .Fl v ,
> @@ -415,7 +416,7 @@ source tracking statistics, the firewall
>  main ruleset's MD5 checksum for use with
>  .Xr pfsync 4
>  are also shown.
> -.It Fl s Cm labels
> +.It Cm labels
>  Show per-rule statistics (label, evaluations, packets total, bytes total,
>  packets in, bytes in, packets out, bytes out, state creations) of
>  filter rules with labels, useful for accounting.
> @@ -423,15 +424,15 @@ If
>  .Fl R Ar id
>  is specified as well,
>  only the statistics for the rule with the specified numeric ID are shown.
> -.It Fl s Cm timeouts
> +.It Cm timeouts
>  Show the current global timeouts.
> -.It Fl s Cm memory
> +.It Cm memory
>  Show the current pool memory hard limits.
> -.It Fl s Cm Tables
> +.It Cm Tables
>  Show the list of tables.
> -.It Fl s Cm osfp
> +.It Cm osfp
>  Show the list of operating system fingerprints.
> -.It Fl s Cm Interfaces
> +.It Cm Interfaces
>  Show the list of interfaces and interface groups available to PF.
>  When used together with
>  .Fl v ,
> @@ -441,7 +442,7 @@ When used together with
>  interface statistics are also shown.
>  .Fl i
>  can be used to select an interface or a group of interfaces.
> -.It Fl s Cm all
> +.It Cm all
>  Show all of the above, except for the lists of interfaces and operating
>  system fingerprints.
>  .El
> @@ -486,6 +487,7 @@ no free ports in translation port range
>  .It no-route
>  dropped by no-route
>  .El
> +.Tg T
>  .It Fl t Ar table Fl T Ar command Op Ar address ...
>  Specify the
>  .Ar command
> @@ -493,31 +495,31 @@ Specify the
>  .Ar table .
>  Commands include:
>  .Pp
> -.Bl -tag -width "-T expire number" -compact
> -.It Fl T Cm add
> +.Bl -tag -width "expire number" -compact
> +.It Cm add
>  Add one or more addresses to a table.
>  Automatically create a persistent table if it does not exist.
> -.It Fl T Cm delete
> +.It Cm delete
>  Delete one or more addresses from a table.
> -.It Fl T Cm expire Ar number
> +.It Cm expire Ar number
>  Delete addresses which had their statistics cleared more than
>  .Ar number
>  seconds ago.
>  For entries which have never had their statistics cleared,
>  .Ar number
>  refers to the time they were added to the table.
> -.It Fl T Cm flush
> +.It Cm flush
>  Flush all addresses in a table.
> -.It Fl T Cm kill
> +.It Cm kill
>  Kill a table.
> -.It Fl T Cm replace
> +.It Cm replace
>  Replace the addresses of the table.
>  Automatically create a persistent table if it does not exist.
> -.It Fl T Cm show
> +.It Cm show
>  Show the content (addresses) of a table.
> -.It Fl T Cm test
> +.It Cm test
>  Test if the given addresses match a table.
> -.It Fl T Cm zero
> +.It Cm zero
>  Clear all the statistics of a table, or only for specified addresses.
>  .El
>  .Pp
>