git: d16b1904d1ee - main - pf.4/pf.conf.5: Remove unused sysctl

Wed, 25 Jun 2025 16:22:34 -0700 

The branch main has been updated by ziaee:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=d16b1904d1eefaa0aecb8a317b79254d14ec49c7

commit d16b1904d1eefaa0aecb8a317b79254d14ec49c7
Author:     Alexander Ziaee <zi...@freebsd.org>
AuthorDate: 2025-06-25 23:17:59 +0000
Commit:     Alexander Ziaee <zi...@freebsd.org>
CommitDate: 2025-06-25 23:19:42 +0000

    pf.4/pf.conf.5: Remove unused sysctl
    
    "We never actually added the sysctl. The limit was implemented, and the
    sysctl to tune it was documented but never added (so the limit is there,
    but is always 16 and cannot be changed)." ~kp
    
    MFC after:              3 days
    Fixes:                  339a1977c324 (pf: Add a systl to limit work)
    Reported by:            kp
    Reviewed by:            kp
    Differential Revision:  https://reviews.freebsd.org/D50859
---
 share/man/man4/pf.4      | 5 -----
 share/man/man5/pf.conf.5 | 6 +-----
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4
index 9ab46558a2d6..d17a80bc9512 100644
--- a/share/man/man4/pf.4
+++ b/share/man/man4/pf.4
@@ -104,11 +104,6 @@ to also filter on the loopback output hook.
 This is typically used to allow redirect rules to adjust the source address.
 .It Va net.pf.request_maxcount
 The maximum number of items in a single ioctl call.
-.It Va net.pf.rdr_srcport_rewrite_tries
-The maximum number of times to try and find a free source port when handling
-redirects.
-Such rules are typically applied to external traffic, so an exhaustive search
-may be too expensive.
 .El
 .Pp
 Read only
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 3bdba4958aea..49c81f51294c 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1479,11 +1479,7 @@ A
 .Ar rdr-to
 opion may cause the source port to be modified if doing so avoids a conflict
 with an existing connection.
-A random source port in the range 50001-65535 is chosen in this case; to
-avoid excessive CPU consumption, the number of searches for a free port is
-limited by the
-.Va net.pf.rdqr_srcport_rewrite_tries
-sysctl.
+A random source port in the range 50001-65535 is chosen in this case.
 Port numbers are never translated with a
 .Ar binat-to
 option.

Reply via email to