freebsd-nq/contrib/pf/man
Gleb Smirnoff f08535f872 Restore a feature that was present in 5.x and 6.x, and was cleared in
7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.

However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:

- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
  conditions, for now these are:
  - interface goes down
  - carp(4) has problems with ip_output() or ip6_output()
  - pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
  is actual value added to advskew. The adjustment values for
  particular error conditions are also configurable, and their
  defaults are maximum advskew value, so a single failure bumps
  demotion to maximum. This is for POLA compatibility, and should
  satisfy most users.
- Demotion factor is a writable sysctl, so user can do
  foot shooting, if he desires to.
2011-12-20 13:53:31 +00:00
..
pf.4 Correct the description of struct pfioc_state_kill. 2011-07-17 17:33:39 +00:00
pf.conf.5 Update packet filter (pf) code to OpenBSD 4.5. 2011-06-28 11:57:25 +00:00
pf.os.5 Update packet filter (pf) code to OpenBSD 4.5. 2011-06-28 11:57:25 +00:00
pflog.4 Update packet filter (pf) code to OpenBSD 4.5. 2011-06-28 11:57:25 +00:00
pfsync.4 Restore a feature that was present in 5.x and 6.x, and was cleared in 2011-12-20 13:53:31 +00:00