On Wed, Jul 05, 2023 at 11:10:11AM +0200, Alexandr Nedvedicky wrote: > diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 > index 92eeb45f657..7346c7e3194 100644 > --- a/share/man/man4/pf.4 > +++ b/share/man/man4/pf.4 > @@ -48,12 +48,25 @@ and retrieve statistics. > The most commonly used functions are covered by > .Xr pfctl 8 . > .Pp > -Manipulations like loading a ruleset that involve more than a single > +Operations loading or reading a ruleset that involve more than a single
just to check: if *only* loading and reading require tickets, this text is fine. if other things require a ticket (or in the future are likely to), you should reinstate "like". > .Xr ioctl 2 > call require a so-called > -.Em ticket , > -which prevents the occurrence of > -multiple concurrent manipulations. > +.Sy ticket , > +which allows > +.Xr pf 4 > +to deal with concurrent operations. > +For certain > +.Xr ioctl 2 > +commands (currently > +.Dv DIOCGETRULES ) > +the number of tickets program can get is limited. s/program/a program/ > +The program must explicitly release the ticket using the > +.Dv DIOCXEND > +command to avoid hitting the limit. > +All tickets which are not freed by > +.Dv DIOCXEND > +are released when the program closes > +.Pa /dev/pf . > .Pp > Fields of > .Xr ioctl 2 > @@ -132,6 +145,9 @@ for subsequent > calls and the number > .Va nr > of rules in the active ruleset. > +The ticket should be released by the > +.Dv DIOCXEND > +command. > .It Dv DIOCGETRULE Fa "struct pfioc_rule *pr" > Get a > .Va rule > @@ -792,6 +808,10 @@ inactive rulesets since the last > .Dv DIOCXBEGIN . > .Dv DIOCXROLLBACK > will silently ignore rulesets for which the ticket is invalid. > +.It Dv DIOCXEND Fa "u_int32_t *ticket" > +Release ticket obtained by the > +.Dv DIOCGETRULES > +command. > .It Dv DIOCSETHOSTID Fa "u_int32_t *hostid" > Set the host ID, which is used by > .Xr pfsync 4 otherwise ok. jmc
