From nobody Fri Nov 10 16:42:25 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SRl3j69sCz505cl; Fri, 10 Nov 2023 16:42:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SRl3j5YQ8z3XW2; Fri, 10 Nov 2023 16:42:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699634545; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NgAxQy409+FWkhELYQKZDxjQkTdbMjGlo51sWipBe4g=; b=gG21B6dnsTOwVNrxEh4dGNFekxldaIZNSNin5xX6vzJFatQduv0QKoZXkpjXhe6aScNWgd 4YOv397/VBzLFE7cATW3OO+fczGESWu0HVtE5oC7p7YSlzPJxXnODhaQfyofQbXrhHHfFk qHl28Q9Z2Hcs1D00J/V0FY+UFBC2jPAhRpiJhGdvD0LBCqsHeI2lBdvx+YyrGYcYebpWPZ 7blfGCN7NeABU0TWn1x8BVoEilA7Jmhfbe1Q5hjNto8Mb2kFRGbzmaM8iYoDEE+vbfhMZu BZArjJ33aFeu5+tMXDWVS2Jadz27Em310V+pK5iaFBcvq3X39a0vRWIvbhFxEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699634545; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NgAxQy409+FWkhELYQKZDxjQkTdbMjGlo51sWipBe4g=; b=HlhJ6K5yl/6UBBY2tmUyceawracL380IvdH5gp4nbhjj+OBpBEzdWVyYYZXXu0zHfyZ/rv 63AGNK/WnDChLryVPA0AdJ3Qrc8cLef3kDrfanSx9og0wjISMMJMDjQD40K0oVPmHsBVVz ET19w6CLH66EO8S/8cR/mpDMnDID8/hkRFWCq0Lnrb37KTozaz8k+O8CGtaXN5D+eyaMrP IJdb0ZdEFSYDjEhpe6gWc7V6imaS7nxBsoh0OpwWbJDRRtwqdB6XKwroUkLrcVAZVM5kIb OY3ORxS31y5EtH0zyTRB/dAqJxnLvjwYJ3usWmwkqkYg8ZoKyf9xR4M81dNVZg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699634545; a=rsa-sha256; cv=none; b=kzlA1eLNFC8EiQLNLO/IyjMBRYrK7Xhi6ES0P2eeWCsXvs44aRpujoy72U+xA2ggxJvTqW Oe8dVfxH1J23i64BWoROmDPt+x5i5xXAiL6GJnxeQU4YgcOlRQeF5eujHJJiSwlD79BcHL RuNj4ukJrlIKWUeCHLvEYvU1fw7xKTNZu6oqIj1nU96TTd7gBki3SDzOTtIFIjBJu4Akxw c4RcMqGwz7N91u6Ue1zmJa9OLFr/Xj/CKsafU0idx2K+b0M4FLyi01imDaHsL3VpEJ4yWo 1WJP9kn08gXX1J3o9PmiRCHYQK8Lj0tZv/zWDvFU0E6jtsbF58WtmQJtzaCsSQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SRl3j4dJKz154w; Fri, 10 Nov 2023 16:42:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AAGgPig083733; Fri, 10 Nov 2023 16:42:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AAGgP89083730; Fri, 10 Nov 2023 16:42:25 GMT (envelope-from git) Date: Fri, 10 Nov 2023 16:42:25 GMT Message-Id: <202311101642.3AAGgP89083730@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 81d4c786209b - main - pfsync: Document the transport over IPv6 feature List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 81d4c786209bfa3752c25b2564eb363027f5d914 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=81d4c786209bfa3752c25b2564eb363027f5d914 commit 81d4c786209bfa3752c25b2564eb363027f5d914 Author: Luiz Amaral AuthorDate: 2023-11-10 15:40:02 +0000 Commit: Kristof Provost CommitDate: 2023-11-10 15:40:02 +0000 pfsync: Document the transport over IPv6 feature On D40102 we implemented support for transport over IPv6 but the documentation was not updated to reflect the new feature. Clarify what is available and how it can be used. MFC after: 1 week Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D42505 --- sbin/ifconfig/ifconfig.8 | 24 ++++++++++++++++++------ share/man/man4/pfsync.4 | 21 ++++++++++++++++++++- 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index bd6cbd05210e..3b1774606b21 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -27,7 +27,7 @@ .\" .\" From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 .\" -.Dd October 17, 2023 +.Dd November 08, 2023 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2870,12 +2870,24 @@ to send and receive pfsync state synchronisation messages. .It Fl syncdev Stop sending pfsync state synchronisation messages over the network. .It Cm syncpeer Ar peer_address -Make the pfsync link point-to-point rather than using -multicast to broadcast the state synchronisation messages. -The peer_address is the IP address of the other host taking part in -the pfsync cluster. +Set the destination address for the state synchronization messages sent. +The +.Ar peer_address +is normally the IPv4 or IPv6 address of the other host taking +part in the pfsync cluster. +.Pp +When the +.Ar peer_address +is set to a unicast IP address, the pfsync link will behave +as point-to-point rather than using multicast to broadcast the messages. +.Pp +When the +.Ar peer_address +is set to ff12::f0, the state synchronization +messages will be broadcast using multicast over IPv6. .It Fl syncpeer -Broadcast the packets using multicast. +Unset the syncpeer. +Packets will then be broadcast using multicast over IPv4. .It Cm maxupd Ar n Set the maximum number of updates for a single state which can be collapsed into one. diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4 index 4decb50feb7b..b3603c48316e 100644 --- a/share/man/man4/pfsync.4 +++ b/share/man/man4/pfsync.4 @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 17, 2023 +.Dd November 08, 2023 .Dt PFSYNC 4 .Os .Sh NAME @@ -113,6 +113,25 @@ dedicated to pfsync messages such as a crossover cable between two firewalls, or specify a peer address and protect the traffic with .Xr ipsec 4 . .Pp +Support for +.Nm +transport over IPv6 was introduced in +.Fx 14.0 . +To set up +.Nm +using multicast with IPv6 link-local addresses, the +.Ic syncpeer +must be set to the +.Nm +multicast address and the +.Ic syncdev +to the interface where +.Nm +traffic is expected. +.Bd -literal -offset indent +# ifconfig pfsync0 syncpeer ff12::f0 syncdev vtnet0 +.Ed +.Pp When new features are introduced to .Xr pf 4 the format of messages used by