On Wed, Jul 05, 2023 at 11:15:41AM +0200, Alexandr Nedvedicky wrote: > Hello, > > > On Wed, Jul 05, 2023 at 11:10:11AM +0200, Alexandr Nedvedicky wrote: > </snip> > > > > thanks for your help to put my update to pf(4) to shape. > > updated diff is below. > > > > diff in my earlier email was wrong. this one is the right one. > > sorry for extra noise.
This reads good to me, below are just a few nits I'm unsure about myself. With the two missing articles added, OK kn; we can always polish later. > > regards > sashan > > --------8<---------------8<---------------8<------------------8<-------- > diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 > index 92eeb45f657..7346c7e3194 100644 > --- a/share/man/man4/pf.4 > +++ b/share/man/man4/pf.4 > @@ -48,12 +48,25 @@ and retrieve statistics. > The most commonly used functions are covered by > .Xr pfctl 8 . > .Pp > -Manipulations like loading a ruleset that involve more than a single > +Operations loading or reading a ruleset that involve more than a single > .Xr ioctl 2 > call require a so-called > -.Em ticket , > -which prevents the occurrence of > -multiple concurrent manipulations. > +.Sy ticket , > +which allows > +.Xr pf 4 This could (should?) be .Nm, I think. > +to deal with concurrent operations. > +For certain > +.Xr ioctl 2 > +commands (currently > +.Dv DIOCGETRULES ) > +the number of tickets program can get is limited. *a program > +The program must explicitly release the ticket using the Perhaps plural "Programs ... [their] tickets ..." reads better? > +.Dv DIOCXEND > +command to avoid hitting the limit. > +All tickets which are not freed by > +.Dv DIOCXEND > +are released when the program closes > +.Pa /dev/pf . > .Pp > Fields of > .Xr ioctl 2 > @@ -132,6 +145,9 @@ for subsequent > calls and the number > .Va nr > of rules in the active ruleset. > +The ticket should be released by the > +.Dv DIOCXEND > +command. > .It Dv DIOCGETRULE Fa "struct pfioc_rule *pr" > Get a > .Va rule > @@ -792,6 +808,10 @@ inactive rulesets since the last > .Dv DIOCXBEGIN . > .Dv DIOCXROLLBACK > will silently ignore rulesets for which the ticket is invalid. > +.It Dv DIOCXEND Fa "u_int32_t *ticket" > +Release ticket obtained by the *the ticket My brain thinks "obtained with a command [by a program]", but I'll defer to jmc as native speaker. > +.Dv DIOCGETRULES > +command. > .It Dv DIOCSETHOSTID Fa "u_int32_t *hostid" > Set the host ID, which is used by > .Xr pfsync 4 >
