pfsync: Document the transport over IPv6 feature

On D40102 we implemented support for transport over IPv6 but the documentation was not updated to reflect the new feature. Clarify what is available and how it can be used. MFC after: 1 week Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D42505
freebsd · Nov 10, 2023 · 81d4c78 · 81d4c78
1 parent 5a8417c
commit 81d4c78
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 7 deletions.
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
@@ -27,7 +27,7 @@
 .\"
 .\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94
 .\"
-.Dd October 17, 2023
+.Dd November 08, 2023
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -2870,12 +2870,24 @@ to send and receive pfsync state synchronisation messages.
 .It Fl syncdev
 Stop sending pfsync state synchronisation messages over the network.
 .It Cm syncpeer Ar peer_address
-Make the pfsync link point-to-point rather than using
-multicast to broadcast the state synchronisation messages.
-The peer_address is the IP address of the other host taking part in
-the pfsync cluster.
+Set the destination address for the state synchronization messages sent.
+The
+.Ar peer_address
+is normally the IPv4 or IPv6 address of the other host taking
+part in the pfsync cluster.
+.Pp
+When the
+.Ar peer_address
+is set to a unicast IP address, the pfsync link will behave
+as point-to-point rather than using multicast to broadcast the messages.
+.Pp
+When the
+.Ar peer_address
+is set to ff12::f0, the state synchronization
+messages will be broadcast using multicast over IPv6.
 .It Fl syncpeer
-Broadcast the packets using multicast.
+Unset the syncpeer.
+Packets will then be broadcast using multicast over IPv4.
 .It Cm maxupd Ar n
 Set the maximum number of updates for a single state which
 can be collapsed into one.

diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd October 17, 2023
+.Dd November 08, 2023
 .Dt PFSYNC 4
 .Os
 .Sh NAME
@@ -113,6 +113,25 @@ dedicated to pfsync messages such as a crossover cable between two firewalls,
 or specify a peer address and protect the traffic with
 .Xr ipsec 4 .
 .Pp
+Support for
+.Nm
+transport over IPv6 was introduced in
+.Fx 14.0 .
+To set up
+.Nm
+using multicast with IPv6 link-local addresses, the
+.Ic syncpeer
+must be set to the
+.Nm
+multicast address and the
+.Ic syncdev
+to the interface where
+.Nm
+traffic is expected.
+.Bd -literal -offset indent
+# ifconfig pfsync0 syncpeer ff12::f0 syncdev vtnet0
+.Ed
+.Pp
 When new features are introduced to
 .Xr pf 4
 the format of messages used by