docs: Added All NetBSD Manuals

1 files changed, 178 insertions, 0 deletions

diff --git a/static/netbsd/man7/npf-params.7 b/static/netbsd/man7/npf-params.7
new file mode 100644
index 00000000..6b80d4c0
--- /dev/null
+++ b/static/netbsd/man7/npf-params.7
@@ -0,0 +1,178 @@
+.\" $NetBSD: npf-params.7,v 1.9 2023/02/12 13:21:28 kardel Exp $
+.\"
+.\" Copyright (c) 2019 Mindaugas Rasiukevicius <rmind at netbsd org>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd May 31, 2020
+.Dt NPF-PARAMS 7
+.Os
+.Sh NAME
+.Nm npf-params
+.Nd tunable NPF parameters
+.Sh DESCRIPTION
+NPF supports a set of dynamically tunable parameters.
+.Pp
+All parameter values are integers and should generally be between
+zero and
+.Dv INT_MAX ,
+unless specified otherwise.
+Some parameters values can be negative; such values would typically
+have a special meaning.
+Enable/disable switches should be represented as boolean values 0 ("off")
+or 1 ("on").
+.Sh PARAMETERS
+.Bl -tag -width "123456"
+.\" ---
+.Bl -tag -width "123456"
+.It Li bpf.jit
+BPF just-in-time compilation: enables or disables
+.Xr bpfjit 4
+support.
+Some machine architectures are not presently supported by
+.Xr bpfjit 4 .
+Setting this parameter to off stops NPF from trying to enable this
+functionality, and generating a warning if it is unable to do so.
+Default: 1.
+.El
+.\" ---
+.Bl -tag -width "123456"
+.It Li ip4.reassembly
+Perform IPv4 reassembly before inspecting the packet.
+Fragmentation is considered very harmful, so most networks are expected
+to prevent it; reassembly is enabled by default.
+However, while the packet should generally be reassembled at the receiver,
+reassembly by the packet filter may be necessary in order to perform state
+tracking.
+Default: 1.
+.It Li ip6.reassembly
+Perform IPv6 reassembly before inspecting the packet.
+Discouraged in general but not prohibited by RFC 8200.
+Default: 0.
+.El
+.\" ---
+.Bl -tag -width "123456"
+.It Li gc.step
+Number of connection state items to process in one garbage collection
+(G/C) cycle.
+Must be positive number.
+Default: 256.
+.It Li gc.interval_min
+The lower bound for the sleep time of the G/C worker.
+The worker is self-tuning and will wake up more frequently if there are
+connections to expire; it will wake up less frequently, diverging towards
+the upper bound, if it does not encounter expired connections.
+Default: 50 (in milliseconds).
+.It Li gc.interval_max
+The upper bound for the sleep time of the G/C worker.
+Default: 5000 (in milliseconds).
+.El
+.\" ---
+.It Li state.key
+The connection state is uniquely identified by an n-tuple.
+The state behavior can be controlled by including (excluding)
+some of the information in (from) the keys.
+.Bl -tag -width "123456"
+.It Li interface
+Include interface identifier into the keys, making the connection
+state strictly per-interface.
+Default: 1.
+.It Li direction
+Include packet direction into the keys.
+Default: 1.
+.El
+.\" ---
+.It Li state.generic
+Generic state tracking parameters for non-TCP flows.
+All timeouts are in seconds and must be zero or positive.
+.Bl -tag -width "123456"
+.It Li timeout.new
+Timeout for new ("unsynchronized") state.
+Default: 30.
+.It Li timeout.established
+Timeout for established ("synchronized") state.
+Default: 60.
+.It Li timeout.closed
+Timeout for closed state.
+Default: 0.
+.El
+.\" ---
+.It Li state.tcp
+State tracking parameters for TCP connections.
+All timeout values are in seconds.
+.Bl -tag -width "123456"
+.It Li max_ack_win
+Maximum allowed ACK window.
+Default: 66000.
+.It Li strict_order_rst
+Enforce strict order RST.
+Default: 1.
+.\" -
+.It Li timeout.new
+Timeout for a new connection in "unsynchronized" state.
+Default: 30.
+.It Li timeout.established
+Timeout for an established connection ("synchronized" state).
+Default: 86400.
+.It Li timeout.half_close
+Timeout for the half-close TCP states.
+Default: 3600.
+.It Li timeout.close
+Timeout for the full close TCP states.
+Default: 10.
+.It Li timeout.time_wait
+Timeout for the TCP time-wait state.
+Default: 240.
+.El
+.\" ---
+.It Li portmap.min_port
+Lower bound of the port range used when selecting the port
+for dynamic NAT with port translation enabled.
+Default: 1024 (inclusive; also the lowest allowed value).
+.It Li portmap.max_port
+Upper bound of the port range as described above.
+Default: 49151 (inclusive; 65535 is the highest allowed value).
+.\" ---
+.El
+.\" -----
+.Sh EXAMPLES
+An example line in the
+.Xr npf.conf 5
+configuration file:
+.Bd -literal -offset indent
+set state.tcp.strict_order_rst on       # "on" can be used instead of 1
+set state.tcp.timeout.time_wait 0       # destroy the state immediately
+.Ed
+.\" -----
+.Sh SEE ALSO
+.Xr libnpf 3 ,
+.Xr npfkern 3 ,
+.Xr bpfjit 4 ,
+.Xr npf.conf 5 ,
+.Xr pcap-filter 7 ,
+.Xr npfctl 8
+.\" -----
+.Sh AUTHORS
+NPF
+was designed and implemented by
+.An Mindaugas Rasiukevicius .