ipfw.8: fix documentation bug for setmark

A mark set with "setmark" keyword is intended to be "sticky"
and documented as such but in fact it is not yet,
as current implementation lacks "sticky" feature
and its implementation will be not MFC'd, most probably.

Correct the manual page until the implementation improved.

MFC after:	3 days
Discussed with:	Boris Lytochkin <lytboris@gmail.com> (author)
This commit is contained in:
Eugene Grosbein
2025-12-29 00:05:22 +07:00
parent 176075e661
commit a7b8a5d37b
+6 -2
View File
@@ -839,8 +839,12 @@ When a packet matches a rule with the
.Cm setmark
keyword, a 32-bit numeric mark is assigned to the packet.
The mark is an extension to the tags.
As tags, mark is "sticky" so the value is kept the same within the kernel and
is lost when the packet leaves the kernel.
The mark is preserved for a packet within a single ipfw rulese traversal
and is lost when the packet is checked against the active ruleset
next time (see
.Sx PACKET FLOW
section) or leaves ipfw context (e.g. accepted,
diverted, bridged or routed).
Unlike tags, mark can be matched as a lookup table key or compared with bitwise
mask applied against another value.
Each packet can have only one mark, so