diff options
| author | Eugene Grosbein <eugen@FreeBSD.org> | 2025-12-28 17:05:22 +0000 |
|---|---|---|
| committer | Eugene Grosbein <eugen@FreeBSD.org> | 2025-12-28 17:05:22 +0000 |
| commit | a7b8a5d37bcb0009297962137bfb6c6570e5af12 (patch) | |
| tree | 8baf1c7e65ec0fb18a6052b6f90acd64475c7fc3 | |
| parent | 176075e661fc657845d788ab3451e690c4e9bac6 (diff) | |
ipfw.8: fix documentation bug for setmark
A mark set with "setmark" keyword is intended to be "sticky"
and documented as such but in fact it is not yet,
as current implementation lacks "sticky" feature
and its implementation will be not MFC'd, most probably.
Correct the manual page until the implementation improved.
MFC after: 3 days
Discussed with: Boris Lytochkin <lytboris@gmail.com> (author)
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 7a81c84de3e4..bafad1479c0e 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -839,8 +839,12 @@ When a packet matches a rule with the .Cm setmark keyword, a 32-bit numeric mark is assigned to the packet. The mark is an extension to the tags. -As tags, mark is "sticky" so the value is kept the same within the kernel and -is lost when the packet leaves the kernel. +The mark is preserved for a packet within a single ipfw rulese traversal +and is lost when the packet is checked against the active ruleset +next time (see +.Sx PACKET FLOW +section) or leaves ipfw context (e.g. accepted, +diverted, bridged or routed). Unlike tags, mark can be matched as a lookup table key or compared with bitwise mask applied against another value. Each packet can have only one mark, so |