From: Otto Moerbeek Subject: Re: typo in pf.conf.5 To: Damien Miller Cc: tech@openbsd.org Date: Fri, 9 Feb 2024 08:18:53 +0100 On Fri, Feb 09, 2024 at 08:11:32AM +0100, Otto Moerbeek wrote: > On Fri, Feb 09, 2024 at 05:59:09PM +1100, Damien Miller wrote: > > > Hi, > > > > I just noticed a typo in pf.conf(5). The code says: > > > > pfctl.c: { "pktdelay-pkts", PF_LIMIT_PKTDELAY_PKTS }, > > > > (i.e. hyphen, not underscore) > > > > ok? > > > > I'm also not able to get "set delay" doing anything visible, but maybe > > I'm holding it wrong. > > In the diff you only change the -width parameter and not the actual .It line > > As using delay, I have used it with delaying DNS traffic with this > snippet. I'm using no state, cause otherwise an existing state will > ruin my delay attempt. I mean, when I enable/disable the line I want to have it effect immediately. > > pass out inet6 proto {tcp, udp} from any to port 53 no state > pass out inet proto {tcp, udp} from any to port 53 no state > pass in inet6 proto {tcp, udp} from any port 53 to any no state > pass in inet proto {tcp, udp} from any port 53 to any no state > > pass out on egress proto {tcp, udp} from any to port 53 set delay 1000 no state > > # Delay list > table const { > 216.239.32.10 > 216.239.34.10 > 216.239.36.10 > 216.239.38.10 > 2001:4860:4802:32::a > 2001:4860:4802:34::a > 2001:4860:4802:36::a > 2001:4860:4802:38::a > } > > I hope I did not miss any other required line from pf.conf to make it > work. > > -Otto > > > > > > Index: pf.conf.5 > > =================================================================== > > RCS file: /cvs/src/share/man/man5/pf.conf.5,v > > diff -u -p -r1.600 pf.conf.5 > > --- pf.conf.5 18 Nov 2022 18:11:10 -0000 1.600 > > +++ pf.conf.5 9 Feb 2024 06:57:14 -0000 > > @@ -1238,7 +1238,7 @@ See > > for an explanation of memory pools. > > .Pp > > Limits can be set on the following: > > -.Bl -tag -width pktdelay_pkts > > +.Bl -tag -width pktdelay-pkts > > .It Cm states > > Set the maximum number of entries in the memory pool used by state table > > entries (those generated by > > >