diff options
author | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-03-18 22:56:07 +0000 |
---|---|---|
committer | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-03-18 22:56:07 +0000 |
commit | 16b21db4d33ff08e914df52000c560f64ef0e39d (patch) | |
tree | a11f2d1036bb85a2c46891708f459ae9eedcd2af | |
parent | 404d4678be49dbab2ac44d8d6ae087f87036f9d6 (diff) |
Remove hard sentence breaks, and some other cleanup along the way.
66 files changed, 1627 insertions, 1124 deletions
diff --git a/sbin/atactl/atactl.8 b/sbin/atactl/atactl.8 index 8a3de54e852..b247ed3c75d 100644 --- a/sbin/atactl/atactl.8 +++ b/sbin/atactl/atactl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: atactl.8,v 1.2 2000/02/02 02:52:05 deraadt Exp $ +.\" $OpenBSD: atactl.8,v 1.3 2000/03/18 22:55:53 aaron Exp $ .\" $NetBSD: atactl.8,v 1.5 1999/02/24 18:49:14 jwise Exp $ .\" .\" Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -52,13 +52,13 @@ .Sh DESCRIPTION .Nm allows a user or system administrator to issue commands to and otherwise -control devices which reside on standard IDE and ATA controllers. It is -used by specifying +control devices which reside on standard IDE and ATA controllers. +It is used by specifying a device to manipulate, the command to perform, and any arguments the command may require. -.Sh DEVICE COMMANDS -The following commands may be used on IDE and ATA devices. Note -that not all devices support all commands. +.Pp +The following commands may be used on IDE and ATA devices. +Note that not all devices support all commands. .Pp If the .Ar device @@ -66,7 +66,7 @@ is specified without a .Ar command , the .Cm identify -command is implied. +command is implied. .Pp .Cm identify .Pp @@ -75,19 +75,20 @@ revision strings, and the device's capabilities. .Pp .Cm idle .Pp -Place the specified device into Idle mode. This mode may consume less -power than Active mode. +Place the specified device into Idle mode. +This mode may consume less power than Active mode. .Pp .Cm standby .Pp -Place the specified device into Standby mode. This mode will consume -less power than Idle mode. +Place the specified device into Standby mode. +This mode will consume less power than Idle mode. .Pp .Cm sleep .Pp -Place he specified device into Sleep mode. This mode will consume -less power than Standby mode, but requires a device reset to resume -operation. Typically the +Place he specified device into Sleep mode. +This mode will consume less power than Standby mode, +but requires a device reset to resume operation. +Typically the .Xr wd 4 driver performs this reset automatically, but this should still be used with caution. @@ -98,7 +99,8 @@ used with caution. Places the specified device into Idle mode, and sets the Standby timer to .Ar standby-timer -seconds. A value of 0 will disable the Standby timer. +seconds. +A value of 0 will disable the Standby timer. .Pp .Cm setstandby .Ar standby-timer @@ -106,23 +108,21 @@ seconds. A value of 0 will disable the Standby timer. Places the specified device into Standby mode, and sets the Standby timer to .Ar standby-timer -seconds. A value of 0 will disable the Standby timer. +seconds. +A value of 0 will disable the Standby timer. .Pp .Cm checkpower .Pp Will print out if the device is in Active, Idle, or Standby power management mode. -.Sh BUGS -The output from the -.Cm identify -command is rather ugly. .Sh SEE ALSO .Xr ioctl 2 , .Xr wd 4 .Sh AUTHOR The .Nm -command was written by Ken Hornstein. It was based heavily on the +command was written by Ken Hornstein. +It was based heavily on the .Xr scsictl 8 command written by Jason R. Thorpe. .Sh HISTORY @@ -130,3 +130,7 @@ The .Nm command first appeared in .Ox 2.6 . +.Sh BUGS +The output from the +.Cm identify +command is rather ugly. diff --git a/sbin/badsect/badsect.8 b/sbin/badsect/badsect.8 index 57560b0e526..0c1cfea582b 100644 --- a/sbin/badsect/badsect.8 +++ b/sbin/badsect/badsect.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: badsect.8,v 1.9 1999/06/29 12:20:43 aaron Exp $ +.\" $OpenBSD: badsect.8,v 1.10 2000/03/18 22:55:54 aaron Exp $ .\" $NetBSD: badsect.8,v 1.8 1995/03/18 14:54:27 cgd Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 @@ -45,7 +45,8 @@ .Ar bbdir sector Op Ar ... .Sh DESCRIPTION .Nm -makes a file to contain a bad sector. Normally, bad sectors +makes a file to contain a bad sector. +Normally, bad sectors are made inaccessible by the standard formatter, which provides a forwarding table for bad sectors to the driver; see .Xr bad144 8 @@ -76,7 +77,8 @@ is used on a quiet file system in the following way: First mount the file system, and change to its root directory. Make a directory .Li BAD -there. Run +there. +Run .Nm giving as argument the .Ar BAD @@ -88,8 +90,10 @@ relative sector numbers in its console error messages.) Then change back to the root directory, unmount the file system and run .Xr fsck 8 -on the file system. The bad sectors should show up in two files -or in the bad sector files and the free list. Have +on the file system. +The bad sectors should show up in two files +or in the bad sector files and the free list. +Have .Xr fsck remove files containing the offending bad sectors, but .Em do not @@ -113,22 +117,22 @@ it will ask A positive response will cause .Xr fsck to convert the inode to a regular file containing the bad block. -.Sh SEE ALSO -.Xr bad144 8 , -.Xr fsck 8 .Sh DIAGNOSTICS .Nm refuses to attach a block that resides in a critical area or is out of range of the file system. A warning is issued if the block is already in use. +.Sh SEE ALSO +.Xr bad144 8 , +.Xr fsck 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.1 . .Sh BUGS If more than one sector which comprise a file system fragment are bad, you should specify only one of them to .Nm badsect , as the blocks in the bad sector files actually cover all the sectors in a file system fragment. -.Sh HISTORY -The -.Nm -command appeared in -.Bx 4.1 . diff --git a/sbin/brconfig/brconfig.8 b/sbin/brconfig/brconfig.8 index ac63438f3e7..cb156f9d24b 100644 --- a/sbin/brconfig/brconfig.8 +++ b/sbin/brconfig/brconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: brconfig.8,v 1.6 2000/02/11 04:22:27 jason Exp $ +.\" $OpenBSD: brconfig.8,v 1.7 2000/03/18 22:55:54 aaron Exp $ .\" .\" Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) .\" All rights reserved. @@ -37,7 +37,7 @@ .Nd manipulate bridge interfaces .Sh SYNOPSIS .Nm brconfig -.Ar -a +.Fl a .Nm brconfig .Ar bridge-name .Op Ar up @@ -73,13 +73,14 @@ The .Nm brconfig utility retrieves kernel state of bridge interfaces and allows -user control of these bridges. In the first synopsis, the command +user control of these bridges. +In the first synopsis, the command will list the status of all bridges in the system. In the second, its command line consists of the name of a bridge and a set of operations to be -performed on that bridge. The commands are executed in -the order they were specified. If no command is specified in -the second synopsis, the +performed on that bridge. +The commands are executed in the order they were specified. +If no command is specified in the second synopsis, the .Nm brconfig will display status information about the bridge. With the third synopsis, rules for filtering Ethernet MAC addresses can @@ -147,7 +148,8 @@ interfaces that have this flag set. This is the default for interfaces added to the bridge. .It Ar -discover interface Mark an interface so that packets are not sent out of the interface -if the destination port of the packet is unknown. Turning this flag +if the destination port of the packet is unknown. +Turning this flag off means that the bridge will not send packets out of this interface unless the packet is a broadcast packet, multicast packet, or a packet with a destination address found on the interface's segment. @@ -185,9 +187,11 @@ Add a filtering rule to an interface. Rules have a similiar syntax to .Xr ipf 4 . Rules can be used to selectively block or pass frames based on Ethernet -MAC address. Rules are processed in the order in which they were added +MAC address. +Rules are processed in the order in which they were added to the interface, and the first rule matched takes the action (block or pass) -of the rule. If no source or destination address is specified, the +of the rule. +If no source or destination address is specified, the rule will match all frames (good for creating a catchall policy). .It Ar rulefile filename Load a set of rules from the file @@ -227,17 +231,13 @@ broadcast packets or are for 8:0:20:1e:2f:2b. .It Cm brconfig bridge0 rule block out on fxp0 The above commands will set up a filter so that 0:1:2:3:4:5 can send frames through fxp0 only to 5:4:3:2:1, and 5:4:3:2:1:0 can return frames through -fxp0 to 0:1:2:3:4:5. All other traffic trying to go into and be sent from -fxp0 will be blocked. +fxp0 to 0:1:2:3:4:5. +All other traffic trying to go into and be sent from fxp0 will be blocked. .El .Sh SEE ALSO .Xr bridge 4 , .Xr bridgename.if 5 , .Xr ifconfig 8 -.Sh HISTORY -.Nm brconfig -first appeared in -.Ox 2.5 . .Sh AUTHOR The .Xr brconfig 8 @@ -247,11 +247,17 @@ kernel interface were written by .An Jason L. Wright Aq jason@thought.net as part of an undergraduate independent study at the University of North Carolina at Greensboro. +.Sh HISTORY +The +.Nm brconfig +command first appeared in +.Ox 2.5 . .Sh BUGS There are some rather special network interface chipsets which will not work in a bridge configuration. Some chipsets have serious flaws when running in promiscuous mode, like the TI ThunderLAN (see -.Xr tl 4 ), +.Xr tl 4 ) , which receives its own transmissions (this renders the address learning -cache useless). Most other chipsets work fine though. +cache useless). +Most other chipsets work fine though. diff --git a/sbin/ccdconfig/ccdconfig.8 b/sbin/ccdconfig/ccdconfig.8 index 4a2d19b7254..64aab0acfdd 100644 --- a/sbin/ccdconfig/ccdconfig.8 +++ b/sbin/ccdconfig/ccdconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ccdconfig.8,v 1.12 1999/07/03 02:11:06 aaron Exp $ +.\" $OpenBSD: ccdconfig.8,v 1.13 2000/03/18 22:55:55 aaron Exp $ .\" $NetBSD: ccdconfig.8,v 1.4 1996/02/28 01:01:17 thorpej Exp $ .\" .\" Copyright (c) 1996 The NetBSD Foundation, Inc. @@ -73,13 +73,15 @@ .Sh DESCRIPTION .Nm is used to dynamically configure and unconfigure concatenated disk -devices, or ccds. For more information about the ccd, see +devices, or ccds. +For more information about the ccd, see .Xr ccd 4 . .Pp The options are as follows: .Bl -tag -width indent .It Fl c -Configure a ccd. This is the default behavior of +Configure a ccd. +This is the default behavior of .Nm ccdconfig . .It Fl C Configure all ccd devices listed in the ccd configuration file. @@ -90,8 +92,10 @@ instead of the default .Pa /etc/ccd.conf . .It Fl g Dump the current ccd configuration in a format suitable for use as the -ccd configuration file. If no arguments are specified, every configured -ccd is dumped. Otherwise, the configuration of each listed ccd is dumped. +ccd configuration file. +If no arguments are specified, every configured +ccd is dumped. +Otherwise, the configuration of each listed ccd is dumped. .It Fl M Ar core Extract values associated with the name list from .Ar core @@ -114,7 +118,8 @@ to be verbose. .Pp A ccd is described on the command line and in the ccd configuration file by the name of the ccd, the interleave factor, the ccd configuration -flags, and a list of one or more devices. The flags may be represented +flags, and a list of one or more devices. +The flags may be represented as a decimal number, a hexadecimal number, a comma-separated list of strings, or the word .Dq none . diff --git a/sbin/disklabel/disklabel.8 b/sbin/disklabel/disklabel.8 index e4fc2f732ca..33e88abcc6d 100644 --- a/sbin/disklabel/disklabel.8 +++ b/sbin/disklabel/disklabel.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: disklabel.8,v 1.34 1999/10/10 16:49:28 aaron Exp $ +.\" $OpenBSD: disklabel.8,v 1.35 2000/03/18 22:55:55 aaron Exp $ .\" $NetBSD: disklabel.8,v 1.9 1995/03/18 14:54:38 cgd Exp $ .\" .\" Copyright (c) 1987, 1988, 1991, 1993 @@ -118,9 +118,11 @@ The .Nm utility can be used to install, examine, or modify the label on a disk drive or -pack. The disk label contains information about disk characteristics (size, +pack. +The disk label contains information about disk characteristics (size, type, etc.) and the partition layout, stored on the disk -itself. It is used by the operating system to optimize disk I/O and +itself. +It is used by the operating system to optimize disk I/O and locate the filesystems resident on the disk. .Pp The options are as follows: @@ -132,14 +134,16 @@ purposes). Print additional information during operation (verbose mode). .It Fl r Causes the label to be read from or written to the disk directly, -rather than going through the system's in-core copy of the label. This -option may allow a label to be installed on a disk without kernel +rather than going through the system's in-core copy of the label. +This option may allow a label to be installed on a disk without kernel support for a label, such as when labels are first installed on a -system. This flag does not work on a number of architectures, thus it is -not considered the right way to put a new label on a disk. Its use is -discouraged. +system. +This flag does not work on a number of architectures, thus it is +not considered the right way to put a new label on a disk. +Its use is discouraged. .It Fl B -Install bootstrap code. The +Install bootstrap code. +The .Fl r flag is implied by .Fl B @@ -153,16 +157,19 @@ specify the secondary boot program. .It Fl d Use the .Em default -label. This ignores any existing +label. +This ignores any existing .Ox -partitions on the disk. Note that this option will only work for disks -that are capable of reporting their geometry, such as SCSI, IDE, and -ESDI. May not be used in conjunction with the +partitions on the disk. +Note that this option will only work for disks +that are capable of reporting their geometry, such as SCSI, IDE, and ESDI. +May not be used in conjunction with the .Fl r flag. .It Fl c Clear the system's in-core copy of the label and update it based on -the on-disk label. May not be used in conjunction with the +the on-disk label. +May not be used in conjunction with the .Fl r flag. .It Fl f Ar tempfile @@ -171,11 +178,13 @@ Write entries to in .Xr fstab 5 format for any partitions for which mount point information has been -specified. The +specified. +The .Fl f flag is only valid when used in conjunction with the .Fl E -flag. If +flag. +If .Ar tempfile already exists, it will be overwritten. .It Fl t @@ -204,7 +213,7 @@ Disallow writing of the pack label area on the selected disk. Allow writing of the pack label area on the selected disk. .El .Pp -The first form of the command (read) is used to examine the label on +The first form of the command (read) is used to examine the label on the named disk drive (e.g., sd0 or .Pa /dev/rsd0c Ns ). It will display all of the parameters associated with the drive @@ -216,43 +225,50 @@ the disk has no label, or the partition types on the disk are incorrect, the kernel may have constructed or modified the label. .Pp The second form of the command (write) is used to write a standard -label on the designated drive. The drive parameters and partitions are -taken from that file. If different disks of the same physical type are +label on the designated drive. +The drive parameters and partitions are taken from that file. +If different disks of the same physical type are to have different partitions, it will be necessary to have separate disktab entries describing each, or to edit the label after -installation as described below. The optional argument is a pack -identification string, up to 16 characters long. The pack ID must be -quoted if it contains blanks. If the +installation as described below. +The optional argument is a pack +identification string, up to 16 characters long. +The pack ID must be quoted if it contains blanks. +If the .Fl r flag is given, the disk sectors containing the label and bootstrap -will be written directly. A side-effect of this is that any existing +will be written directly. +A side-effect of this is that any existing bootstrap code will be overwritten and the disk rendered unbootable. If .Fl r is not specified, the existing label will be updated via the in-core -copy and any bootstrap code will be unaffected. If the disk does not -already have a label, the +copy and any bootstrap code will be unaffected. +If the disk does not already have a label, the .Fl r -flag must be used. In either case, the kernel's in-core label is -replaced. +flag must be used. +In either case, the kernel's in-core label is replaced. .Pp In the third form of the command (edit), the label is read from the in-core kernel copy, or directly from the disk if the .Fl r -flag is also given. The label is formatted and then supplied to an -editor for changes. If no editor is specified in an +flag is also given. +The label is formatted and then supplied to an editor for changes. +If no editor is specified in an .Ev EDITOR environment variable, .Xr vi 1 -is used. When the editor terminates, the formatted label is reread and -used to rewrite the disk label. Existing bootstrap code is unchanged -regardless of whether +is used. +When the editor terminates, the formatted label is reread and +used to rewrite the disk label. +Existing bootstrap code is unchanged regardless of whether .Fl r was specified. .Pp The initial label editor mode is only intended for new disks as it will move partitions around as necessary to maintain a contiguous pool -of free blocks. Some commands or prompts take an optional unit. +of free blocks. +Some commands or prompts take an optional unit. Available units are .Sq b for bytes, @@ -264,64 +280,77 @@ for kilobytes, for megabytes, and .Sq g -for gigabytes. Quantities will be rounded to the nearest -cylinder when units are specified for sizes (or offsets). Commands -may be aborted by entering +for gigabytes. +Quantities will be rounded to the nearest +cylinder when units are specified for sizes (or offsets). +Commands may be aborted by entering .Ql ^D (Control-D). Entering .Ql ^D at the main .Ql > -prompt will exit the editor. At prompts that request a size, +prompt will exit the editor. +At prompts that request a size, .Ql * may be entered to indicate the rest of the available space. The editor commands are as follows: .Bl -tag -width "p [unit] " .It ? Op command -Display help message with all available commands. You may specify a +Display help message with all available commands. +You may specify a .Em command -for which to get more detailed help. There is also (simple) -context-sensitive help available at most prompts. +for which to get more detailed help. +There is also (simple) context-sensitive help available at most prompts. .It M Display this manual page. .It u -Undo (or redo) last change. Entering +Undo (or redo) last change. +Entering .Em u -once will undo your last change. Entering it again will restore the change. +once will undo your last change. +Entering it again will restore the change. .It p Op unit -Print the current disk label. If a +Print the current disk label. +If a .Em unit is given, the size and offsets are displayed in terms of the specified unit. .It e -Edit drive parameters. This option is used to set the following -parameters: sectors/track, tracks/cylinder, sectors/cylinder, +Edit drive parameters. +This option is used to set the following +parameters: sectors/track, tracks/cylinder, sectors/cylinder, number of cylinders on the disk, total sectors on the disk, rpm, interleave, disk type, and a descriptive label string. .It b -Set OpenBSD disk boundaries. This option tells +Set OpenBSD disk boundaries. +This option tells .Nm -which parts of the disk it is allowed to modify. This option is +which parts of the disk it is allowed to modify. +This option is probably only useful for ports with fdisk partition tables where the -ending sector in the MBR is incorrect. The user may enter +ending sector in the MBR is incorrect. +The user may enter .Ql * at the .Dq Size prompt to indicate the entire size of the disk (minus -the starting sector). This is useful for disks larger than 8 +the starting sector). +This is useful for disks larger than 8 gigabytes where the fdisk partition table is incapable of storing the real size. .It r -Recalculate free space. This option should really not be necessary -under normal circumstances. +Recalculate free space. +This option should really not be necessary under normal circumstances. .It a Op part -Add new partition. This option adds a new BSD partition. If no -partition letter is specified (a-p), the user will be prompted for +Add new partition. +This option adds a new BSD partition. +If no partition letter is specified (a-p), the user will be prompted for one. .It c Op part -Change the size of an existing partition. If no partition is -specified, the user will be prompted for one. The new size may be +Change the size of an existing partition. +If no partition is specified, the user will be prompted for one. +The new size may be in terms of the aforementioned units and may also be prefixed with .Ql + or @@ -330,8 +359,9 @@ to change the size by a relative amount. .It d Op part Delete an existing partition (or .Ql * -to delete all partitions). If no partition is specified, the -user will be prompted for one. You may not delete the +to delete all partitions). +If no partition is specified, the user will be prompted for one. +You may not delete the .Ql c partition. .It g Op d|b|u @@ -346,16 +376,17 @@ geometry is simply what the label said before .Nm made any changes). .It m Op part -Modify parameters for an existing partition. If no partition is -specified, the user will be prompted for one. This option allows +Modify parameters for an existing partition. +If no partition is specified, the user will be prompted for one. +This option allows the user to change the filesystem type, starting offset, partition size, block fragment size, block size, and cylinders per group for the specified partition (not all parameters are configurable for non-BSD partitions). .It n Op part -Name the mount point for an existing partition. If no partition is -specified, the user will be prompted for one. This option is only -valid if +Name the mount point for an existing partition. +If no partition is specified, the user will be prompted for one. +This option is only valid if .Nm was invoked with the .Fl f @@ -366,13 +397,14 @@ Save the label to a file in format (suitable for loading via the .Fl R -option). If no path is specified, the user will be prompted for -one. +option). +If no path is specified, the user will be prompted for one. .It w -Write the label to disk. This option will commit any changes to -the on-disk label. +Write the label to disk. +This option will commit any changes to the on-disk label. .It q -Quit the editor. If any changes have been made, the user will be +Quit the editor. +If any changes have been made, the user will be asked whether or not to save the changes to the on-disk label. .It x Exit the editor without saving any changes to the label. @@ -380,9 +412,11 @@ Exit the editor without saving any changes to the label. .Pp In the restore form of the command, the prototype file used to create the label should be in the same format as that produced when reading -or editing a label. Comments are delimited by +or editing a label. +Comments are delimited by .Ar \&# -and newline. As with +and newline. +As with .Fl w , any existing bootstrap code will be clobbered if .Fl r @@ -391,13 +425,15 @@ is specified and will be unaffected otherwise. The final three forms of .Nm are used to install bootstrap code on machines where the bootstrap is -part of the label. The bootstrap code is comprised of one or two boot +part of the label. +The bootstrap code is comprised of one or two boot programs depending on the machine. .Pp When installting bootstrap code with the .Fl B flag, if the names are not explicitly given, standard boot programs -will be used. The boot programs are located in +will be used. +The boot programs are located in .Pa /usr/mdec . The names of the programs are taken from the .Dq b0 @@ -409,7 +445,8 @@ entry for the disk if .Ar disktype was given and its disktab entry exists and includes those parameters. Otherwise, boot program names are derived from the name of the -disk. These names are of the form +disk. +These names are of the form .Pa basename Ns boot for the primary (or only) bootstrap, and .Pf boot Pa basename @@ -421,18 +458,14 @@ if the disk device is .Em sd0 . .Pp The first of the three boot-installation forms is used to install -bootstrap code without changing the existing label. It is essentially +bootstrap code without changing the existing label. +It is essentially a read command with respect to the disk label itself and all options are related to the specification of the boot program as described -previously. The final two forms are analogous to the basic write and +previously. +The final two forms are analogous to the basic write and restore versions except that they will install bootstrap code in addition to a new label. -.Sh FILES -.Bl -tag -width Pa -compact -.It Pa /etc/disktab -.It Pa /usr/mdec/ Ns Em xx Ns boot -.It Pa /usr/mdec/boot Ns Em xx -.El .Sh EXAMPLES .Dl disklabel sd0 .Pp @@ -445,18 +478,20 @@ Create a label for sd0 based on information for .Dq sd2212 found in .Pa /etc/disktab . -Any existing bootstrap code will be clobbered. (Normally you do -not want to use the +Any existing bootstrap code will be clobbered. +(Normally you do not want to use the .Fl r flag though.) .Pp .Dl disklabel -e -r sd0 .Pp Read the on-disk label for sd0, edit it and reinstall in-core as -well as on-disk. (Normally you do not want to use the +well as on-disk. +(Normally you do not want to use the .Fl r flag -though.) Existing bootstrap code is unaffected. +though.) +Existing bootstrap code is unaffected. .Pp .Dl disklabel -R sd0 mylabel .Pp @@ -466,28 +501,38 @@ Existing bootstrap code is unaffected. .Pp .Dl disklabel -B sd0 .Pp -Install a new bootstrap on sd0. The boot code comes from +Install a new bootstrap on sd0. +The boot code comes from .Pa /usr/mdec/sdboot and possibly .Pa /usr/mdec/bootsd . On-disk and in-core labels are unchanged, but on some systems other -information may be destroyed. Use with care. +information may be destroyed. +Use with care. .Pp .Dl disklabel -w -B /dev/rsd0c -b newboot sd2212 .Pp -Install a new label and bootstrap. The label is derived from -disktab information for +Install a new label and bootstrap. +The label is derived from disktab information for .Dq sd2212 and installed both in-core and -on-disk. The bootstrap code comes from the file +on-disk. +The bootstrap code comes from the file .Pa /usr/mdec/newboot . +.Sh FILES +.Bl -tag -width Pa -compact +.It Pa /etc/disktab +.It Pa /usr/mdec/ Ns Em xx Ns boot +.It Pa /usr/mdec/boot Ns Em xx +.El .Sh SEE ALSO .Xr disklabel 5 , .Xr disktab 5 .Sh DIAGNOSTICS The kernel device drivers will not allow the size of a disk partition to be decreased or the offset of a partition to be changed while -it is open. Some device drivers create a label containing only a +it is open. +Some device drivers create a label containing only a single large partition if a disk is unlabeled; thus, the label must be written to the .Sq a @@ -499,13 +544,15 @@ setting the label on the new partition while shrinking the partition. .Pp On some machines the bootstrap code may not fit entirely in the -area allocated for it by some filesystems. As a result, it may +area allocated for it by some filesystems. +As a result, it may not be possible to have filesystems on some partitions of a .Dq bootable -disk. When installing bootstrap code, +disk. +When installing bootstrap code, .Nm -checks for these cases. If the installed boot code would overlap -a partition of type +checks for these cases. +If the installed boot code would overlap a partition of type .Dv FS_UNUSED it is marked as type .Dv FS_BOOT . @@ -523,7 +570,8 @@ will not install bootstrap code that overlaps it. .Sh NOTES On i386 machines, .Xr installboot 8 -is normally used to install boot code. The +is normally used to install boot code. +The .Fl B option to .Nm @@ -535,13 +583,15 @@ device name uses the .Sq a partition on the tahoe, the .Sq c -partition on all others. In +partition on all others. +In .Fl E mode, .Nm is far too quick to shuffle partitions around; it should keep a free block list and only move partitions around with the user's -permission. Also, in +permission. +Also, in .Fl E mode, partitions outside the OpenBSD portion of the disk should be changeable. diff --git a/sbin/dump/dump.8 b/sbin/dump/dump.8 index 90ed136eecf..d5292144906 100644 --- a/sbin/dump/dump.8 +++ b/sbin/dump/dump.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: dump.8,v 1.22 2000/03/05 00:28:49 aaron Exp $ +.\" $OpenBSD: dump.8,v 1.23 2000/03/18 22:55:55 aaron Exp $ .\" $NetBSD: dump.8,v 1.17 1997/06/05 11:15:06 lukem Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -64,16 +64,16 @@ is not documented here.) examines files on a filesystem and determines which files -need to be backed up. These files -are copied to the given disk, tape or other +need to be backed up. +These files are copied to the given disk, tape or other storage medium for safe keeping (see the .Fl f option below for doing remote backups). A dump that is larger than the output medium is broken into multiple volumes. On most media the size is determined by writing until an -end-of-media indication is returned. This can be enforced -by using the +end-of-media indication is returned. +This can be enforced by using the .Cm a option. .Pp @@ -117,8 +117,9 @@ The default level is 0. .It Fl a .Dq auto-size . Bypass all tape length considerations, and enforce writing until -an end-of-media indication is returned. This option is recommended -for most modern tape drives. Use of this option is particularly +an end-of-media indication is returned. +This option is recommended for most modern tape drives. +Use of this option is particularly recommended when appending to an existing tape, or using a tape drive with hardware compression (where you can never be sure about the compression ratio). @@ -354,6 +355,13 @@ argument of whilst a backup is in progress, statistics on the amount completed, current transfer rate, and estimated finished time, will be written to the standard error output. +.Sh DIAGNOSTICS +Many, and verbose. +.Pp +.Nm +exits with zero status on success. +Startup errors are indicated with an exit code of 1; +abnormal termination is indicated with an exit code of 3. .Sh FILES .Bl -tag -width /etc/dumpdates -compact .It Pa /dev/rst0 @@ -376,13 +384,11 @@ to find group .Xr fstab 5 , .Xr restore 8 , .Xr rmt 8 -.Sh DIAGNOSTICS -Many, and verbose. -.Pp +.Sh HISTORY +A .Nm -exits with zero status on success. -Startup errors are indicated with an exit code of 1; -abnormal termination is indicated with an exit code of 3. +command appeared in +.At v6 . .Sh BUGS Fewer than 32 read errors on the filesystem are ignored. .Pp @@ -414,8 +420,3 @@ told the operator which tape to mount when, and provided more assistance for the operator running .Xr restore . -.Sh HISTORY -A -.Nm -command appeared in -.At v6 . diff --git a/sbin/fdisk/fdisk.8 b/sbin/fdisk/fdisk.8 index a7419baf3de..5cb43578ccd 100644 --- a/sbin/fdisk/fdisk.8 +++ b/sbin/fdisk/fdisk.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fdisk.8,v 1.30 2000/03/05 00:28:49 aaron Exp $ +.\" $OpenBSD: fdisk.8,v 1.31 2000/03/18 22:55:55 aaron Exp $ .\" .\" Copyright (c) 1997 Tobias Weingartner .\" All rights reserved. @@ -44,15 +44,19 @@ .Ar device .Sh DESCRIPTION In order for the BIOS to boot the kernel, certain conventions must be -adhered to. Sector 0 of a bootable hard disk must contain boot code, -an MBR partition table, and a magic number. These MBR partitions (also +adhered to. +Sector 0 of a bootable hard disk must contain boot code, +an MBR partition table, and a magic number. +These MBR partitions (also known as BIOS partitions) can be used to break the disk up into several -pieces. The BIOS loads sector 0 of the boot disk into memory, verifies +pieces. +.Pp +The BIOS loads sector 0 of the boot disk into memory, verifies the magic number, and begins executing the code at the first byte. The normal DOS MBR boot code searches the MBR partition table for an .Dq active partition (indicated by a -.Dq \&* +.Ql \&* in the first column), and if one is found, the boot block from that partition is loaded and executed in place of the original (MBR) boot block. @@ -105,11 +109,12 @@ and options. .Pp This disk is divided into two partitions that happen to fill the disk. -The first partition overlaps the third partition. (Used for debugging -purposes.) +The first partition overlaps the third partition. +(Used for debugging purposes.) .Bl -tag -width "start/size" .It Em "#" -Number of partition table entry. A +Number of partition table entry. +A .Dq \&* denotes the bootable partition. .It Em "id" @@ -143,21 +148,24 @@ In this mode, will completely overwrite the primary MBR, and start with a fresh one using a default template, or one given by the .Fl f -flag. It will set up partition number 3 to be an +flag. +It will set up partition number 3 to be an .Os partition, that will start at cylinder 0, head 1, sector 1, and extend to the end of the disk. This mode is designed to initialize an MBR the very first time, -or when it has been corrupted beyond repair. It is almost equivalent -to the DOS command +or when it has been corrupted beyond repair. +It is almost equivalent to the DOS command .Dq FDISK /MBR . .Pp The flag .Fl e is used to modify a partition table using a interactive edit mode of the .Nm -program. This mode is designed to allow you to change any partition on the -drive you choose, including extended partitions. It is a very powerful mode, +program. +This mode is designed to allow you to change any partition on the +drive you choose, including extended partitions. +It is a very powerful mode, but is safe as long as you do not execute the .Em write command, or answer in the negative (the default) when @@ -167,15 +175,17 @@ asks you about writing out changes. When you first enter this mode, you are presented with a prompt, that looks like so: .Em "fdisk: 0>" . -This prompt has two important pieces of information for you. It will tell -you if the in-memory copy of the boot block has been modified or not. If it -has been modified, the prompt will change to look like: +This prompt has two important pieces of information for you. +It will tell +you if the in-memory copy of the boot block has been modified or not. +If it has been modified, the prompt will change to look like: .Em "fdisk:*0>" . The second piece of information pertains to the number given in the prompt. This number specifies the disk offset of the currently selected boot block -you are editing. This number could be something different that zero when -you are editing extended partitions. The list of commands and their -explanations are given below. +you are editing. +This number could be something different that zero when +you are editing extended partitions. +The list of commands and their explanations are given below. .Bl -tag -width "update" .It Em help Display a list of commands that @@ -190,14 +200,17 @@ boot block. Display the current drive geometry that .Nm has -probed. You are given a chance to edit it if you wish. +probed. +You are given a chance to edit it if you wish. .It Em edit Edit a given table entry in the memory copy of -the current boot block. You may edit either in BIOS geometry mode, +the current boot block. +You may edit either in BIOS geometry mode, or in sector offsets and sizes. .It Em flag -Make the given partition table entry bootable. Only one -entry can be marked bootable. If you wish to boot from an extended +Make the given partition table entry bootable. +Only one entry can be marked bootable. +If you wish to boot from an extended partition, you will need to mark the partition table entry for the extended partition as bootable. .It Em update @@ -210,8 +223,8 @@ to by the extended partition table entry in the current boot block. Print the currently selected in-memory copy of the boot block and its MBR table to the terminal. .It Em write -Write the in-memory copy of the boot block to disk. You will -be asked to confirm this operation. +Write the in-memory copy of the boot block to disk. +You will be asked to confirm this operation. .It Em exit Exit the current level of .Nm fdisk , @@ -223,7 +236,8 @@ Exit the current level of .Nm fdisk , either returning to the previously selected in-memory copy of a boot block, or exiting the -program if there is none. Unlike +program if there is none. +Unlike .Em exit it does write the modified block out. .It Em abort diff --git a/sbin/fsck/fsck.8 b/sbin/fsck/fsck.8 index 84a36b7ad76..12c30c33931 100644 --- a/sbin/fsck/fsck.8 +++ b/sbin/fsck/fsck.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fsck.8,v 1.15 1999/06/04 02:45:15 aaron Exp $ +.\" $OpenBSD: fsck.8,v 1.16 2000/03/18 22:55:56 aaron Exp $ .\" $NetBSD: fsck.8,v 1.14 1996/10/03 20:08:29 christos Exp $ .\" .\" Copyright (c) 1996 Christos Zoulas. All rights reserved. @@ -51,8 +51,9 @@ file or in the command line for consistency. The options are as follows: .Bl -tag -width indent .It Fl d -Debugging mode. Just print the commands without executing them. Available -only if +Debugging mode. +Just print the commands without executing them. +Available only if .Nm is compiled to support it. .It Fl f @@ -62,7 +63,8 @@ that support this). Limit the number of parallel checks to .Ar maxparallel . By default, the limit is the number of -disks, running one process per disk. If a smaller limit is given, +disks, running one process per disk. +If a smaller limit is given, the disks are checked round-robin, one filesystem at a time. .It Fl n Cause @@ -76,8 +78,8 @@ mounted writeable. .It Fl p Enter preen mode. .It Fl t Ar fstype -Invoke fsck only in the comma separated list of filesystem types. If the -list starts with +Invoke fsck only in the comma separated list of filesystem types. +If the list starts with .Dq no , invoke fsck only in the filesystem types that are .Em not diff --git a/sbin/fsck_ext2fs/fsck_ext2fs.8 b/sbin/fsck_ext2fs/fsck_ext2fs.8 index c30ce670bb9..5789b3362ba 100644 --- a/sbin/fsck_ext2fs/fsck_ext2fs.8 +++ b/sbin/fsck_ext2fs/fsck_ext2fs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fsck_ext2fs.8,v 1.10 1999/07/21 01:07:53 deraadt Exp $ +.\" $OpenBSD: fsck_ext2fs.8,v 1.11 2000/03/18 22:55:57 aaron Exp $ .\" $NetBSD: fsck_ext2fs.8,v 1.1 1997/06/11 11:21:48 bouyer Exp $ .\" .\" Copyright (c) 1997 Manuel Bouyer. @@ -55,7 +55,8 @@ .Sh DESCRIPTION .Nm performs interactive filesystem consistency checks and repair for each of -the filesystems specified on the command line. It is normally invoked from +the filesystems specified on the command line. +It is normally invoked from .Xr fsck 8 . .Pp The kernel takes care that only a restricted class of innocuous filesystem @@ -85,7 +86,8 @@ option) will correct; if it encounters other inconsistencies, it exits with an abnormal return status. For each corrected inconsistency one or more lines will be printed identifying the filesystem on which the correction will take place, -and the nature of the correction. After successfully correcting a filesystem, +and the nature of the correction. +After successfully correcting a filesystem, .Nm will print the number of files on that filesystem and the number of used and free blocks. @@ -125,17 +127,18 @@ The following flags are interpreted by .Bl -tag -width indent .It Fl b Ar block# Use the block specified immediately after the flag as -the super block for the filesystem. Block 8193 is usually -an alternate super block. +the super block for the filesystem. +Block 8193 is usually an alternate super block. .It Fl d Print debugging output. .It Fl f -Force checking of file systems. Normally, if a file system is cleanly -unmounted, the kernel will set a +Force checking of file systems. +Normally, if a file system is cleanly unmounted, the kernel will set a .Dq clean flag in the file system superblock and .Nm -will not check the file system. This option forces +will not check the file system. +This option forces .Nm to check the file system, regardless of the state of the clean flag. .It Fl m Ar mode diff --git a/sbin/fsck_ffs/fsck_ffs.8 b/sbin/fsck_ffs/fsck_ffs.8 index d2943980bef..e4cdfe193e0 100644 --- a/sbin/fsck_ffs/fsck_ffs.8 +++ b/sbin/fsck_ffs/fsck_ffs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fsck_ffs.8,v 1.10 1999/07/21 01:07:53 deraadt Exp $ +.\" $OpenBSD: fsck_ffs.8,v 1.11 2000/03/18 22:55:57 aaron Exp $ .\" $NetBSD: fsck_ffs.8,v 1.12 1996/09/23 16:18:34 christos Exp $ .\" .\" Copyright (c) 1980, 1989, 1991, 1993 @@ -105,7 +105,8 @@ option will correct; if it encounters other inconsistencies, it exits with an abnormal return status and an automatic reboot will then fail. For each corrected inconsistency one or more lines will be printed identifying the filesystem on which the correction will take place, -and the nature of the correction. After successfully correcting a filesystem, +and the nature of the correction. +After successfully correcting a filesystem, .Nm will print the number of files on that filesystem, the number of used and free blocks, @@ -157,20 +158,21 @@ The following flags are interpreted by .Nm fsck_ffs : .Bl -tag -width indent .It Fl f -Force checking of file systems. Normally, if a file system is cleanly -unmounted, the kernel will set a +Force checking of file systems. +Normally, if a file system is cleanly unmounted, the kernel will set a .Dq clean flag in the file system superblock and .Nm -will not check the file system. This option forces +will not check the file system. +This option forces .Nm to check the file system, regardless of the state of the clean flag. .It Fl b Ar block# Use the .Ar block specified as -the super block for the filesystem. Block 32 is usually -an alternate super block. +the super block for the filesystem. +Block 32 is usually an alternate super block. .It Fl m Ar mode Use the .Ar mode diff --git a/sbin/fsck_msdos/fsck_msdos.8 b/sbin/fsck_msdos/fsck_msdos.8 index a53344684eb..2906724acf7 100644 --- a/sbin/fsck_msdos/fsck_msdos.8 +++ b/sbin/fsck_msdos/fsck_msdos.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fsck_msdos.8,v 1.8 1998/12/15 01:20:31 aaron Exp $ +.\" $OpenBSD: fsck_msdos.8,v 1.9 2000/03/18 22:55:57 aaron Exp $ .\" $NetBSD: fsck_msdos.8,v 1.4 1996/10/17 20:41:24 cgd Exp $ .\" .\" Copyright (C) 1995 Wolfgang Solfrank @@ -67,8 +67,8 @@ run from during automatic reboot, when a FAT filesystem is detected. When preening file systems, .Nm -will fix common inconsistencies non-interactively. If -more serious problems are found, +will fix common inconsistencies non-interactively. +If more serious problems are found, .Nm does not try to fix them, indicates that it was not successful, and exits. diff --git a/sbin/fsdb/fsdb.8 b/sbin/fsdb/fsdb.8 index 4eab50b5057..9b9653c9839 100644 --- a/sbin/fsdb/fsdb.8 +++ b/sbin/fsdb/fsdb.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fsdb.8,v 1.12 1999/07/04 18:59:39 aaron Exp $ +.\" $OpenBSD: fsdb.8,v 1.13 2000/03/18 22:55:57 aaron Exp $ .\" $NetBSD: fsdb.8,v 1.5 1997/01/11 05:51:40 lukem Exp $ .\" .\" Copyright (c) 1996 The NetBSD Foundation, Inc. @@ -50,25 +50,28 @@ opens .Ar fsname (usually a raw disk partition) and runs a command loop -allowing manipulation of the file system's inode data. You are prompted -to enter a command with +allowing manipulation of the file system's inode data. +You are prompted to enter a command with .Ic "fsdb (inum X)>" where .Va X -is the currently selected i-number. The initial selected inode is the -root of the filesystem (i-number 2). +is the currently selected i-number. +The initial selected inode is the root of the file system (i-number 2). +.Pp The command processor uses the .Xr editline 3 library, so you can use command line editing to reduce typing if desired. When you exit the command loop, the file system superblock is marked dirty and any buffered blocks are written to the file system. .Pp -The -.Fl d -option enables additional debugging output (which comes primarily from +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Enables additional debugging output (which comes primarily from .Xr fsck 8 -derived code). -.Sh COMMANDS +.El +.Pp Besides the built-in .Xr editline 3 commands, @@ -90,21 +93,20 @@ Revert to the previously current inode. .It Cm clri Clear the current inode. .Pp -.It Cm lookup Ar name -.It Cm cd Ar name +.It Cm lookup Ar name , Cm cd Ar name Find .Ar name in the current directory and make its inode the current inode. .Ar Name may be a multi-component name or may begin with slash to indicate that -the root inode should be used to start the lookup. If some component +the root inode should be used to start the lookup. +If some component along the pathname is not found, the last valid directory encountered is left as the active inode. .Pp This command is valid only if the starting inode is a directory. .Pp -.It Cm active -.It Cm print +.It Cm active , Cm print Print out the active inode. .Pp .It Cm uplink @@ -118,23 +120,22 @@ Set the active inode's link count to .Ar number . .Pp .It Cm ls -List the current inode's directory entries. This command is valid only -if the current inode is a directory. +List the current inode's directory entries. +This command is valid only if the current inode is a directory. .Pp -.It Cm rm Ar name -.It Cm del Ar name +.It Cm rm Ar name , Cm del Ar name Remove the entry .Ar name -from the current directory inode. This command is valid only -if the current inode is a directory. +from the current directory inode. +This command is valid only if the current inode is a directory. .Pp .It Cm ln Ar ino Ar name Create a link to inode .Ar ino under the name .Ar name -in the current directory inode. This command is valid only -if the current inode is a directory. +in the current directory inode. +This command is valid only if the current inode is a directory. .Pp .It Cm chinum Ar dirslot Ar inum Change the i-number in directory entry @@ -147,7 +148,8 @@ Change the name in directory entry .Ar dirslot to .Ar name . -This command cannot expand a directory entry. You can only rename an +This command cannot expand a directory entry. +You can only rename an entry if the name will fit into the existing directory slot. .Pp .It Cm chtype Ar type @@ -188,9 +190,10 @@ Change the group of the current inode to Change the generation number of the current inode to .Ar gen . .Pp -.It Cm mtime Ar time -.It Cm ctime Ar time -.It Cm atime Ar time +.It Xo Cm mtime Ar time , +.Cm ctime Ar time , +.Cm atime Ar time +.Xc Change the modification, change, or access time (respectively) on the current inode to .Ar time . @@ -199,14 +202,17 @@ should be in the format .Em YYYYMMDDHHMMSS[.nsec] where .Em nsec -is an optional nanosecond specification. If no nanoseconds are specified, the +is an optional nanosecond specification. +If no nanoseconds are specified, the .Va mtimensec , .Va ctimensec , or .Va atimensec field will be set to zero. .Pp -.It Cm quit, Cm q, Cm exit, Em <EOF> +.It Xo Cm quit , +.Cm q , Cm exit, Em <EOF> +.Xc Exit the program. .El .Sh SEE ALSO @@ -214,6 +220,15 @@ Exit the program. .Xr fs 5 , .Xr clri 8 , .Xr fsck 8 +.Sh HISTORY +.Nm +uses the source code for +.Xr fsck 8 +to implement most of the file system manipulation code. +The remainder of +.Nm +first appeared in +.Nx 1.1 . .Sh BUGS Manipulation of .Dq short @@ -225,14 +240,6 @@ You must specify modes as numbers rather than symbolic names. There are a bunch of other things that you might want to do which .Nm doesn't implement. -.Sh HISTORY -.Nm -uses the source code for -.Xr fsck 8 -to implement most of the file system manipulation code. The remainder of -.Nm -first appeared in -.Nx 1.1 . .Sh WARNING Use this tool with extreme caution \(en you can damage an FFS file system beyond what diff --git a/sbin/fsirand/fsirand.8 b/sbin/fsirand/fsirand.8 index d4dd3914196..a0ce0991603 100644 --- a/sbin/fsirand/fsirand.8 +++ b/sbin/fsirand/fsirand.8 @@ -23,7 +23,7 @@ .\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: fsirand.8,v 1.18 2000/03/05 00:28:57 aaron Exp $ +.\" $OpenBSD: fsirand.8,v 1.19 2000/03/18 22:55:57 aaron Exp $ .\" .Dd January 25, 1997 .Dt FSIRAND 8 @@ -56,8 +56,8 @@ now does the equivalent of itself so it is no longer necessary to run .Nm -by hand on a new filesystem. It is only used to -re-randomize or report on an existing filesystem. +by hand on a new filesystem. +It is only used to re-randomize or report on an existing filesystem. .Pp .Nm should only be used on an unmounted filesystem that @@ -95,6 +95,8 @@ of memory for large disks with few cylinder groups. .Xr fs 5 , .Xr fsck 8 , .Xr newfs 8 +.Sh AUTHOR +Todd C. Miller <Todd.Miller@courtesan.com> .Sh HISTORY The .Nm @@ -103,5 +105,3 @@ This version of .Nm first appeared in .Ox 2.1 . -.Sh AUTHOR -Todd C. Miller <Todd.Miller@courtesan.com> diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index efc22842dd2..236db45c94c 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.38 2000/01/17 03:02:14 mickey Exp $ +.\" $OpenBSD: ifconfig.8,v 1.39 2000/03/18 22:55:57 aaron Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -76,13 +76,12 @@ network interface parameters. must be used at boot-time to define the network address of each interface present on a machine; it may also be used at a later time to redefine an interface's address -or other operating parameters. To configure a bridge interface, -use the +or other operating parameters. +To configure a bridge interface, use the .Xr brconfig 8 program instead. .Pp -Available operands for -.Nm ifconfig : +The operands are as follows: .Bl -tag -width Ds .It Ar address For the @@ -112,7 +111,8 @@ and on interfaces other than the first. For the .Tn ISO family, addresses are specified as a long hexadecimal string, -as in the Xerox family. However, two consecutive dots imply a zero +as in the Xerox family. +However, two consecutive dots imply a zero byte, and the dots are optional, if the user wishes to (carefully) count out long strings of digits in network byte order. .Tn AppleTalk @@ -182,8 +182,8 @@ interface, such as established with the .Cm srcsa or .Cm dstsa -flags. If the all-zeroes SA is specified, the sending SA is cleared -by default. +flags. +If the all-zeroes SA is specified, the sending SA is cleared by default. .It Cm debug Enable driver dependent debugging code; usually, this turns on extra console error logging. @@ -213,10 +213,11 @@ Bind an .Xr ipsec 4 Security Association (SA) to an .Xr enc 4 -interface. The interface can then be used in conjunction with the +interface. +The interface can then be used in conjunction with the .Xr bridge 4 -to establish virtual Local Area Networks (LANs). The SA is specified -as +to establish virtual Local Area Networks (LANs). +The SA is specified as .Ar address/SPI/protocol , where .Ar address @@ -225,8 +226,9 @@ is an IPv4 or IPv6 address, is a hexadecimal number, and .Ar protocol is a decimal number identifying the security protocol (typically 50 -for ESP, 51 for AH, or 4 for IP-in-IP). The SA must exist for the -operation to be successfully completed. Typically, such SAs would be +for ESP, 51 for AH, or 4 for IP-in-IP). +The SA must exist for the operation to be successfully completed. +Typically, such SAs would be established via .Xr ipsecadm 1 . This SA will be used to send packets to a remote host via @@ -238,18 +240,21 @@ or SA is specified, any existing binding between the corresponding .Xr enc 4 interface and the SA is cleared (in fact, just the SPI and the protocol -part of the SA have to be set to zero). Only one SA may be bound to an +part of the SA have to be set to zero). +Only one SA may be bound to an .Xr enc 4 -interface at a time. SAs may not be bound to the +interface at a time. +SAs may not be bound to the .Dq enc0 interface. .It Cm giftunnel Set the source and destination tunnel addresses on a .Xr gif 4 -interface. Packets routed to this interface will be encapsulated in -IPv4 or IPv6, depending on the source and destination address -families. Both addresses must be of the same family. This flag -obsoletes the old +interface. +Packets routed to this interface will be encapsulated in +IPv4 or IPv6, depending on the source and destination address families. +Both addresses must be of the same family. +This flag obsoletes the old .Nm gifconfig command. .It Cm ipdst @@ -264,20 +269,22 @@ packets is done differently. .It Cm link[0-2] Enable special processing of the link level of the interface. These three options are interface specific in actual effect; however, -they are in general used to select special modes of operation. An example +they are in general used to select special modes of operation. +An example of this is to enable SLIP compression, or to select the connector type -for some Ethernet cards. Refer to the man page for the specific driver -for more information. +for some Ethernet cards. +Refer to the man page for the specific driver for more information. .It Fl link[0-2] Disable special processing at the link level with the specified interface. .It Cm media Ar type Set the media type of the interface to .Ar type . Some interfaces support the mutually exclusive use of one of several -different physical media connectors. For example, a 10Mb/s Ethernet -interface might support the use of either +different physical media connectors. +For example, a 10Mb/s Ethernet interface might support the use of either .Tn AUI -or twisted pair connectors. Setting the media type to +or twisted pair connectors. +Setting the media type to .Dq 10base5 or .Dq AUI @@ -286,7 +293,8 @@ Setting it to .Dq 10baseT or .Dq UTP -would activate twisted pair. Refer to the interfaces' driver +would activate twisted pair. +Refer to the interfaces' driver specific man page for a complete list of the available types. .It Cm mediaopt Ar opts Set the specified media options on the interface. @@ -300,7 +308,8 @@ Disable the specified media options on the interface. Set the media instance to .Ar minst . This is useful for devices which have multiple physical layer interfaces -(PHYs). Setting the instance on such devices may not be strictly required +(PHYs). +Setting the instance on such devices may not be strictly required by the network interface driver as the driver may take care of this automatically; see the driver's manual page for more information. .It Cm metric Ar n @@ -357,7 +366,8 @@ for 37 type addresses. .It Cm phase The argument following this specifies the version (phase) of the -AppleTalk network attached to the interface. Values of 1 or 2 are permitted. +AppleTalk network attached to the interface. +Values of 1 or 2 are permitted. .It Cm pltime Ar n (inet6 only) Set preferred lifetime for the address. @@ -369,8 +379,11 @@ but you can specify by prefix length by digits. .It Cm range Under AppleTalk, set the interface to respond to a .Em netrange -of the form startnet-endnet. AppleTalk uses this scheme instead of -netmasks though OpenBSD implements it internally as a set of netmasks. +of the form startnet-endnet. +AppleTalk uses this scheme instead of +netmasks though +.Ox +implements it internally as a set of netmasks. .It Cm srcsa Similar to .Cm dstsa , @@ -378,16 +391,20 @@ this operation binds an .Xr ipsec 4 SA to an .Xr enc 4 -interface. The SAs bound via this operation are receiving SAs. Any -packets received over one of these SAs, will be made to appear as if +interface. +The SAs bound via this operation are receiving SAs. +Any packets received over one of these SAs, will be made to appear as if it arrived by the corresponding .Xr enc 4 -interface. If the interface is part of a bridge, the packets will be -delivered to the bridge. Contrary to the +interface. +If the interface is part of a bridge, the packets will be +delivered to the bridge. +Contrary to the .Cm dstsa flag, multiple SAs may be bound to an .Xr enc 4 -interface via this operation. Similar to the +interface via this operation. +Similar to the .Cm dstsa flag, no SAs may be bound to the .Dq enc0 @@ -445,14 +462,16 @@ Using causes .Nm to print information on all interfaces. -The protocol family may be specified as well. Additionally, if +The protocol family may be specified as well. +Additionally, if .Fl am , is used, interface media information is printed. .Pp If .Fl A is used, it causes full interface alias information for each interface to -be displayed. If +be displayed. +If .Fl Am is used, interface media information is printed for all interfaces as well. @@ -462,7 +481,7 @@ If followed by an interface name is specified, then the media information for that interface will be printed. .Pp -Only the super-user may modify the configuration of a network interface. +Only the superuser may modify the configuration of a network interface. .Sh EXAMPLES .Bl -tag -width ifconfig .It Cm ifconfig fxp0 inet 192.168.1.10 netmask 255.255.255.0 diff --git a/sbin/init/init.8 b/sbin/init/init.8 index 7c139f57d4f..d1035ab47f1 100644 --- a/sbin/init/init.8 +++ b/sbin/init/init.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: init.8,v 1.25 2000/03/14 21:31:34 aaron Exp $ +.\" $OpenBSD: init.8,v 1.26 2000/03/18 22:55:58 aaron Exp $ .\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -91,8 +91,9 @@ is marked as The kernel .Xr securelevel 7 is normally set to 0 while in single-user mode, and raised to 1 when -the system begins multi-user operations. This action will not take -place if the securelevel is -1, and can be modified via the +the system begins multi-user operations. +This action will not take +place if the securelevel is \-1, and can be modified via the .Pa /etc/rc.securelevel script. .Pp @@ -114,8 +115,8 @@ program. The .Xr login program, when a valid user logs in, -executes a shell for that user. When this shell -dies, either because the user logged out +executes a shell for that user. +When this shell dies, either because the user logged out or an abnormal termination occurred (a signal), the .Nm diff --git a/sbin/ipf/ipf.5 b/sbin/ipf/ipf.5 index a7011230d9a..6e9b6cc13fd 100644 --- a/sbin/ipf/ipf.5 +++ b/sbin/ipf/ipf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipf.5,v 1.21 2000/03/14 21:31:34 aaron Exp $ +.\" $OpenBSD: ipf.5,v 1.22 2000/03/18 22:55:58 aaron Exp $ .Dd July 9, 1999 .Dt IPF 5 .Os @@ -8,12 +8,13 @@ .Sh DESCRIPTION A rule file for .Nm -may have any name or even be stdin. As +may have any name or even be stdin. +As .Xr ipfstat 8 produces parseable rules as output when displaying the internal kernel filter lists, it is quite plausible to use its output to feed back into -.Nm ipf . +.Nm ipf . Thus, to remove all filters on input packets, the following could be done: .nf @@ -127,17 +128,21 @@ Filters are installed by default at the end of the kernel's filter lists, prepending the rule with .Cm @n will cause it to be inserted -as the n'th entry in the current list. This is especially useful when +as the n'th entry in the current list. +This is especially useful when modifying and testing active filter rulesets. .Sh ACTIONS The action indicates what to do with the packet if it matches the rest -of the filter rule. Each rule +of the filter rule. +Each rule .Em must -have an action. The following actions are recognized: +have an action. +The following actions are recognized: .Pp .Bl -tag -width XXXXXXXX -offset indent .It block -indicates that the packet should be flagged to be dropped. In response +indicates that the packet should be flagged to be dropped. +In response to blocking a packet, the filter may be instructed to send a reply packet, either an ICMP packet .Pq Cm return-icmp , @@ -148,13 +153,16 @@ or a TCP reset An ICMP packet may be generated in response to any IP packet, and its type may optionally be specified, but a TCP reset may only be used with a rule which is being applied to TCP -packets. When using +packets. +When using .Cm return-icmp or .Cm return-icmp-as-dest , -it is possible to specify the actual unreachable `type'. That is, whether +it is possible to specify the actual unreachable `type'. +That is, whether it is a network unreachable, port unreachable or even administratively -prohibited. This is done by enclosing the ICMP code associated with it +prohibited. +This is done by enclosing the ICMP code associated with it in parenthesis directly following .Cm return-icmp or @@ -174,37 +182,45 @@ the filter. .It count causes the packet to be included in the accounting statistics kept by the filter, and has no effect on whether the packet will be allowed through -the filter. These statistics are viewable with +the filter. +These statistics are viewable with .Xr ipfstat 8 . .It call this action is used to invoke the named function in the kernel, which -must conform to a specific calling interface. Customized actions and -semantics can thus be implemented to supplement those available. This -feature is for use by knowledgeable hackers, and is not currently +must conform to a specific calling interface. +Customized actions and +semantics can thus be implemented to supplement those available. +This feature is for use by knowledgeable hackers, and is not currently documented. .It "skip <n>" causes the filter to skip over the next .Cm n -filter rules. If a rule is inserted or deleted inside the region being +filter rules. +If a rule is inserted or deleted inside the region being skipped over, then the value of .Cm n is adjusted appropriately. .It auth this allows authentication to be performed by a user-space program running -and waiting for packet information to validate. The packet is held for a +and waiting for packet information to validate. +The packet is held for a period of time in an internal buffer whilst it waits for the program to return to the kernel the .Em real flags for whether it should be allowed through -or not. Such a program might look at the source address and request some sort +or not. +Such a program might look at the source address and request some sort of authentication from the user (such as a password) before allowing the packet through or telling the kernel to drop it if from an unrecognised source. .It preauth tells the filter that for packets of this class, it should look in the -pre-authenticated list for further clarification. If no further matching +pre-authenticated list for further clarification. +If no further matching rule is found, the packet will be dropped (the FR_PREAUTH is not the same -as FR_PASS). If a further matching rule is found, the result from that is -used in its instead. This might be used in a situation where a person +as FR_PASS). +If a further matching rule is found, the result from that is +used in its instead. +This might be used in a situation where a person .Em logs in to the firewall and it sets up some temporary rules defining the access for that person. @@ -217,12 +233,13 @@ or Each packet moving through the kernel is either inbound (just been received on an interface, and moving towards the kernel's protocol processing) or outbound (transmitted or forwarded by the stack, and on its way to an -interface). There is a requirement that each filter rule explicitly +interface). +There is a requirement that each filter rule explicitly state which side of the I/O it is to be used on. .Sh OPTIONS -The list of options is brief, and all are indeed optional. Where -options are used, they must be present in the order shown here. These -are the currently supported options: +The list of options is brief, and all are indeed optional. +Where options are used, they must be present in the order shown here. +These are the currently supported options: .Pp .Bl -tag -width dup-to -offset indent .It log @@ -232,11 +249,13 @@ header will be written to the log (as described in the LOGGING section below). .It quick allows "short-cut" rules in order to speed up the filter or override -later rules. If a packet matches a filter rule which is marked as +later rules. +If a packet matches a filter rule which is marked as .Cm quick , this rule will be the last rule checked, allowing a "short-circuit" path to avoid processing later rules for this -packet. The current status of the packet (after any effects of the +packet. +The current status of the packet (after any effects of the current rule) will determine whether it is passed or blocked. .Pp If this option is missing, the rule is taken to be a "fall-through" @@ -244,11 +263,12 @@ rule, meaning that the result of the match (block/pass) is saved and that processing will continue to see if there are any more matches. .It on allows an interface name to be incorporated into the matching -procedure. Interface names are as printed by +procedure. +Interface names are as printed by .Ic "netstat -i" . If this option is used, the rule will only match if the packet is going -through that interface in the specified direction (in/out). If this -option is absent, the rule is taken to be applied to a packet +through that interface in the specified direction (in/out). +If this option is absent, the rule is taken to be applied to a packet regardless of the interface it is present on (i.e., on all interfaces). Filter rulesets are common to all interfaces, rather than having a filter list for each interface. @@ -260,36 +280,41 @@ logged and/or dropped. .It dup-to causes the packet to be copied, and the duplicate packet to be sent outbound on the specified interface, optionally with the destination -IP address changed to that specified. This is useful for off-host -logging, using a network sniffer. +IP address changed to that specified. +This is useful for off-host logging, using a network sniffer. .It to causes the packet to be moved to the outbound queue on the -specified interface. This can be used to circumvent kernel routing +specified interface. +This can be used to circumvent kernel routing decisions, and even to bypass the rest of the kernel processing of the -packet (if applied to an inbound rule). It is thus possible to +packet (if applied to an inbound rule). +It is thus possible to construct a firewall that behaves transparently, like a filtering hub -or switch, rather than a router. The +or switch, rather than a router. +The .Cm fastroute keyword is a synonym for this option. .Sh MATCHING PARAMETERS The keywords described in this section are used to describe attributes of the packet to be used when determining whether rules match or don't -match. The following general-purpose attributes are provided for +match. +The following general-purpose attributes are provided for matching, and must be used in this order: .Pp .Bl -tag -width XXXXXXX -offset indent .It tos packets with different Type-Of-Service values can be filtered. -Individual service levels or combinations can be filtered upon. The -value for the TOS mask can either be represented as a hex number or a +Individual service levels or combinations can be filtered upon. +The value for the TOS mask can either be represented as a hex number or a decimal integer value. .It ttl -packets may also be selected by their Time-To-Live value. The value given in +packets may also be selected by their Time-To-Live value. +The value given in the filter rule must exactly match that in the packet for a match to occur. This value can only be given as a decimal integer value. .It proto -allows a specific protocol to be matched against. All protocol names -found in +allows a specific protocol to be matched against. +All protocol names found in .Pn /etc/protocols are recognized and may be used. However, the protocol may also be given as a DECIMAL number, allowing @@ -309,20 +334,24 @@ The and .Cm to keywords are used to match against IP -addresses (and optionally port numbers). Rules must specify +addresses (and optionally port numbers). +Rules must specify .Em both source and destination parameters. .Pp IP addresses may be specified in one of two ways: as a numerical address/mask, or as a hostname .Cm mask -netmask. The hostname +netmask. +The hostname may either be a valid hostname, from either the hosts file or DNS (depending on your configuration and library), an interface name (in the case of IP address aliases, only the first IP address is used) or of the dotted numeric -form. There is no special designation for networks but network names -are recognized. Note that having your filter rules depend on DNS +form. +There is no special designation for networks but network names +are recognized. +Note that having your filter rules depend on DNS results can introduce an avenue of attack, and is .Em highly discouraged. @@ -332,15 +361,18 @@ There is a special case for the hostname which is taken to be 0.0.0.0/0 (see below for mask syntax) and matches all IP addresses. Only the presence of "any" has an implied mask, in all other -situations, a hostname MUST be accompanied by a mask. It is possible +situations, a hostname MUST be accompanied by a mask. +It is possible to give "any" a hostmask, but in the context of this language, it is non-sensical. .Pp The numerical format "x/y" indicates that a mask of y consecutive 1 bits set is generated, starting with the MSB, so a y value -of 16 would give 0xffff0000. The symbolic "x mask y" indicates +of 16 would give 0xffff0000. +The symbolic "x mask y" indicates that the mask y is in dotted IP notation or a hexadecimal number of -the form 0x12345678. Note that all the bits of the IP address +the form 0x12345678. +Note that all the bits of the IP address indicated by the bitmask must match the address on the packet exactly; there isn't currently a way to invert the sense of the match, or to match ranges of IP addresses which do not express themselves easily as @@ -351,16 +383,20 @@ If a match is included, for either or both of source and destination, then it is only applied to .\" XXX - "may only be" ? how does this apply to other protocols? will it not match, or will it be ignored? -TCP and UDP packets. If there is no +TCP and UDP packets. +If there is no .Cm proto match parameter, -packets from both protocols are compared. This is equivalent to "proto -tcp/udp". When composing +packets from both protocols are compared. +This is equivalent to "proto tcp/udp". +When composing .Cm port comparisons, either the service -name or an integer port number may be used. Port comparisons may be +name or an integer port number may be used. +Port comparisons may be done in a number of forms, with a number of comparison operators, or -port ranges may be specified. When the port appears as part of the +port ranges may be specified. +When the port appears as part of the .Cm from object, it matches the source port number, when it appears as part of the @@ -378,8 +414,8 @@ following additional parameters may be used: .Bl -tag -width XXXXXXX -offset indent .It with is used to match irregular attributes that some packets may have -associated with them. To match the presence of IP options in general, -use +associated with them. +To match the presence of IP options in general, use .Cm "with ipopts" . To match packets that are too short to contain a complete header, use @@ -400,8 +436,8 @@ match if the option(s) is not present. .Pp Multiple consecutive .Cm with -clauses are allowed. Alternatively, -the keyword +clauses are allowed. +Alternatively, the keyword .Cm and may be used in place of .Cm with , @@ -411,9 +447,11 @@ When multiple clauses are listed, all those must match to cause a match of the rule. .\" XXX describe the options more specifically in a separate section .It flags -is only effective for TCP filtering. Each of the letters possible +is only effective for TCP filtering. +Each of the letters possible represents one of the possible flags that can be set in the TCP -header. The association is as follows: +header. +The association is as follows: .Bd -literal F - FIN S - SYN @@ -424,13 +462,17 @@ header. The association is as follows: .Ed .Pp The various flag symbols may be used in combination, so that "SA" -would represent a SYN-ACK combination present in a packet. There is +would represent a SYN-ACK combination present in a packet. +There is nothing preventing the specification of combinations, such as "SFR", that would not normally be generated by law-abiding TCP -implementations. However, to guard against weird aberrations, it is -necessary to state which flags you are filtering against. To allow +implementations. +However, to guard against weird aberrations, it is +necessary to state which flags you are filtering against. +To allow this, it is possible to set a mask indicating which TCP flags you wish -to compare (i.e., those you deem significant). This is done by +to compare (i.e., those you deem significant). +This is done by appending "/<flags>" to the set of TCP flags you wish to match against, e.g.: .Bd -literal @@ -453,20 +495,21 @@ against, e.g.: .Ed .It icmp-type is only effective when used with \fBproto icmp\fP and must NOT be used -in conjunction with \fBflags\fP. There are a number of types, which can be +in conjunction with \fBflags\fP. +There are a number of types, which can be referred to by an abbreviation recognized by this language, or the numbers -with which they are associated can be used. The most important from -a security point of view is the ICMP redirect. +with which they are associated can be used. +The most important from a security point of view is the ICMP redirect. .El .Sh KEEP HISTORY The second last parameter that can be set for a filter rule is whether or not -to record historical information for that packet, and what sort to keep. The -following information can be kept: +to record historical information for that packet, and what sort to keep. +The following information can be kept: .Pp .Bl -tag -width XXXXXXX -offset indent .It state -keeps information about the flow of a communication session. State can -be kept for TCP, UDP, and ICMP packets. +keeps information about the flow of a communication session. +State can be kept for TCP, UDP, and ICMP packets. .It frags keeps information on fragmented packets, to be applied to later fragments. @@ -475,15 +518,18 @@ fragments. allowing packets which match these to flow straight through, rather than going through the access control list. .Sh GROUPS -The last pair of parameters control filter rule "grouping". By default, all -filter rules are placed in group 0 if no other group is specified. To add a +The last pair of parameters control filter rule "grouping". +By default, all +filter rules are placed in group 0 if no other group is specified. +To add a rule to a non-default group, the group must first be started by creating a group .Cm head . If a packet matches a rule which is the .Cm head of a group, the filter processing then switches to the group, using -that rule as the default for the group. If +that rule as the default for the group. +If .Cm quick is used with a .Cm head @@ -510,7 +556,8 @@ indicates that the rule should be put in group (number n) rather than group 0. .Sh LOGGING When a packet is logged, with either the \fBlog\fP action or option, the headers of the packet are written to the \fBipl\fP packet logging -pseudo-device. Immediately following the \fBlog\fP keyword, the +pseudo-device. +Immediately following the \fBlog\fP keyword, the following qualifiers may be used (in order): .Bl -tag -width XXXXXXXX -offset indent .It body @@ -533,14 +580,17 @@ indicates the logging facility and priority that will be used to log information about this packet using .Xr ipmon 8 's .Fl s -option. If no facility is specified, the default facility is assumed. If no facility is specified, the default facility is assumed. +option. +If no facility is specified, the default facility is assumed. .El .Pp See .Xr ipl 4 for the format of records written -to this device. The ipmon(8) program can be used to read and format -this log. +to this device. +The +.Xr ipmon 8 +program can be used to read and format this log. .Sh EXAMPLES The \fBquick\fP option is good for rules such as: .Pp @@ -558,8 +608,9 @@ The "fall-through" rule parsing allows for effects such as this: .Ed .Pp which sets up the range 6000-6003 as being permitted and all others being -denied. Note that the effect of the first rule is overridden by subsequent -rules. Another (easier) way to do the same is: +denied. +Note that the effect of the first rule is overridden by subsequent rules. +Another (easier) way to do the same is: .Bd -literal block in from any to any port 6000 <> 6003 pass in from any to any port 5999 >< 6004 @@ -567,12 +618,13 @@ rules. Another (easier) way to do the same is: .Pp Note that both the "block" and "pass" are needed here to effect a result as a failed match on the "block" action does not imply a pass, -only that the rule hasn't taken effect. To then allow ports < 1024, a -rule such as: +only that the rule hasn't taken effect. +To then allow ports < 1024, a rule such as: .Pp .Dl pass in quick from any to any port < 1024 .Pp -would be needed before the first block. To create a new group for +would be needed before the first block. +To create a new group for processing all inbound packets on le0/le1/lo0, with the default being to block all inbound packets, we would do something like: .Bd -literal @@ -587,14 +639,15 @@ and to then allow ICMP packets in on le0, only, we would do: .Dl pass in proto icmp all group 100 .Pp Note that because only inbound packets on le0 are used processed by group 100, -there is no need to respecify the interface name. Likewise, we could further -breakup processing of TCP, etc, as follows: +there is no need to respecify the interface name. +Likewise, we could further breakup processing of TCP, etc, as follows: .Bd -literal block in proto tcp all head 110 group 100 pass in from any to any port = 23 group 110 .Ed .Pp -and so on. The last line, if written without the groups would be: +and so on. +The last line, if written without the groups would be: .Pp .Dl pass in on le0 proto tcp from any to any port = telnet .Pp diff --git a/sbin/ipf/ipf.8 b/sbin/ipf/ipf.8 index 730d22715eb..3dbcdcb4c47 100644 --- a/sbin/ipf/ipf.8 +++ b/sbin/ipf/ipf.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipf.8,v 1.21 2000/03/05 00:28:50 aaron Exp $ +.\" $OpenBSD: ipf.8,v 1.22 2000/03/18 22:55:58 aaron Exp $ .Dd January 6, 2000 .Dt IPF 8 .Os @@ -31,9 +31,10 @@ flows, track fragment state information for IP packets (applying the same rules to all fragments), and much more. .Pp .Nm -provides special capabilities for the most common Internet protocols. Both -TCP and UDP packets may be filtered by port number or port range, or ICMP -packets by type/code. Rules may filter packets on any arbitrary combination of +provides special capabilities for the most common Internet protocols. +Both TCP and UDP packets may be filtered by port number or port range, or ICMP +packets by type/code. +Rules may filter packets on any arbitrary combination of TCP flags, IP options, IP security classes, or Type of Service (TOS). .Nm also supports inverted host/net matching. @@ -67,16 +68,17 @@ if this machine is to act as a firewall that also routes traffic or does Network Address Translation (NAT). .El .Pp -Once these steps are complete a rule file may be created. A very -simple rule file might contain the following: +Once these steps are complete a rule file may be created. +A very simple rule file might contain the following: .Pp .Dl pass in from any to any .Dl pass out from any to any .Pp -Here we're passing all packets and not doing any filtering. This is a +Here we're passing all packets and not doing any filtering. +This is a recommended starting point since it allows the current configuration to be -tested before formulating and installing a more restrictive ruleset. For -example, the following: +tested before formulating and installing a more restrictive ruleset. +For example, the following: .Pp .Dl "block in on we0 proto tcp from foo/32 to any" .Pp @@ -84,7 +86,8 @@ This would block all incoming TCP packets on interface .Dq we0 from host .Dq foo -to any internal destination. If this file is +to any internal destination. +If this file is .Pa /etc/ipf.rules (the default location), the following command will flush the kernel's current ruleset, install the new ruleset, and enable @@ -114,7 +117,8 @@ policies), .Nm can maintain a separate .Dq inactive -ruleset simultaneously. Inactive rulesets are useful for debugging pending or +ruleset simultaneously. +Inactive rulesets are useful for debugging pending or proposed changes to the active ruleset (see .Fl I option below). @@ -122,7 +126,8 @@ option below). The options are as follows: .Bl -tag -width Ds .It Fl A -Apply changes to the active ruleset. This is the default. +Apply changes to the active ruleset. +This is the default. .It Fl I Apply changes to the inactive ruleset. .It Fl D @@ -141,7 +146,8 @@ or .Sq a (all filtering rules). .It Fl F Ar table -Flush entries from state tables. If +Flush entries from state tables. +If .Ar table is .Sq s , @@ -150,7 +156,8 @@ removes any state information about connections that are non-fully established. If .Sq S , .Nm -removes the entire state table. Only one of the two options may be specified. +removes the entire state table. +Only one of the two options may be specified. A fully established connection will appear in .Ic ipfstat -s output as @@ -160,13 +167,14 @@ handshake. .It Fl P Add rules as temporary entries in the authentication rule table. .It Fl V -Show version information. This will display the version information compiled +Show version information. +This will display the version information compiled into the ipf binary and retrieve it from the kernel code (if running/present). If it is present in the kernel, information about its current state will be displayed (whether logging is active, default filtering, etc). .It Fl d -Enable debug mode. Causes a hexdump of filter rules to be generated as it -processes each one. +Enable debug mode. +Causes a hexdump of filter rules to be generated as it processes each one. .It Fl f Ar filename Read, parse, and process the .Nm @@ -192,11 +200,13 @@ is one of .Cm block , or .Cm nomatch . -Any packet which exits filtering and matches the set category is logged. This +Any packet which exits filtering and matches the set category is logged. +This is useful for causing all packets which don't match any of the loaded rules to be logged. .It Fl n -No change. Prevent +No change. +Prevent .Nm from actually changing the state of the in-kernel filtering configuration. .It Fl o @@ -209,14 +219,16 @@ Swap the active and inactive rulesets. .It Fl v Enable verbose mode. .Nm -will echo each of the successfully processed rules to the standard output. The +will echo each of the successfully processed rules to the standard output. +The original rule and any error messages that result will be echoed to standard error. .It Fl y Force .Nm to synchronize the IP filter's in-kernel network interface list with the -current system interface list. In particular, if an interface's IP address +current system interface list. +In particular, if an interface's IP address changes (i.e., due to a DHCP operation), .Nm must be executed with this option. @@ -234,8 +246,8 @@ into the active list, and enable IP filtering: .Dl ipf -A -Fa -f /etc/ipf.rules -E .Pp It is advisable to work with an inactive filtering list before commiting new -rules to the active in-kernel filtering list. To load a ruleset into the -inactive list: +rules to the active in-kernel filtering list. +To load a ruleset into the inactive list: .Pp .Dl ipf -I -Fa -f /etc/ipf.rules .Pp @@ -260,27 +272,31 @@ Consider a system manager who administers .Nm remotely and has made changes to the .Pa /etc/ipf.rules -file on the remote system. The following command sequence is noteworthy: +file on the remote system. +The following command sequence is noteworthy: .Pp .Dl ipf -I -Fa -f /etc/ipf.rules .Dl ipf -s; sleep 10; ipf -s .Pp The first command installs the new ruleset into the inactive filtering list. The second command first swaps the inactive (new) rules with the active (old) -rules. After entering the second command, type some characters. If the -characters are echoed the new ruleset is possibly valid. If not, within 10 -seconds the old ruleset will be re-installed. This trick is useful for -minimizing service disruptions. +rules. +After entering the second command, type some characters. +If the characters are echoed the new ruleset is possibly valid. +If not, within 10 +seconds the old ruleset will be re-installed. +This trick is useful for minimizing service disruptions. .Sh NOTES -Rules are checked in the order they are specified. The last matching rule -wins, except when the +Rules are checked in the order they are specified. +The last matching rule wins, except when the .Dq quick keyword is present (see .Xr ipf 5 ) . .Pp Note that .Fl F Ns No a -does not affect the state table. To view the current state table, use the +does not affect the state table. +To view the current state table, use the .Xr ipfstat 8 program: .Pp @@ -311,5 +327,3 @@ ipf state socket .Xr ipnat 8 .Pp http://coombs.anu.edu.au/~avalon - - diff --git a/sbin/ipfstat/ipfstat.8 b/sbin/ipfstat/ipfstat.8 index a6ee1ae6635..98555433e98 100644 --- a/sbin/ipfstat/ipfstat.8 +++ b/sbin/ipfstat/ipfstat.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipfstat.8,v 1.18 1999/10/05 20:08:03 aaron Exp $ +.\" $OpenBSD: ipfstat.8,v 1.19 2000/03/18 22:55:58 aaron Exp $ .Dd June 13, 1999 .Dt IPFSTAT 8 .Os @@ -59,7 +59,8 @@ Swap between retrieving .Dq inactive and .Dq active -filter list details. For use in combination with +filter list details. +For use in combination with .Fl h . .It Fl n Show the rule number for each rule as it is printed. @@ -73,7 +74,8 @@ Display the filter list used for the output side of the kernel IP processing. Show packet/flow state information (statistics) and held state information (in the kernel) if any is present. .It Fl v -Turn verbose mode on. Displays more debugging information. +Turn verbose mode on. +Displays more debugging information. .El .Sh FILES .Bl -tag -width /dev/ipstate -compact diff --git a/sbin/ipnat/ipnat.4 b/sbin/ipnat/ipnat.4 index 481257bfa20..07bf5989957 100644 --- a/sbin/ipnat/ipnat.4 +++ b/sbin/ipnat/ipnat.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipnat.4,v 1.17 2000/01/24 07:27:02 kjell Exp $ +.\" $OpenBSD: ipnat.4,v 1.18 2000/03/18 22:55:58 aaron Exp $ .Dd June 5, 1999 .Dt IPNAT 4 .Os @@ -14,8 +14,8 @@ Unlike .Xr ipf 4 , only a single list is supported by the kernel NAT -interface. An inactive list which can be swapped to is not currently -supported. +interface. +An inactive list which can be swapped to is not currently supported. .Pp .Pp To add/delete rules to/from the NAT list, two diff --git a/sbin/ipnat/ipnat.5 b/sbin/ipnat/ipnat.5 index b449831c5e0..61e2878d280 100644 --- a/sbin/ipnat/ipnat.5 +++ b/sbin/ipnat/ipnat.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipnat.5,v 1.12 2000/01/24 07:27:02 kjell Exp $ +.\" $OpenBSD: ipnat.5,v 1.13 2000/03/18 22:55:59 aaron Exp $ .Dd June 5, 1999 .Dt IPNAT 5 .Os @@ -9,10 +9,11 @@ Files processed by .Xr ipnat 8 are normal text files containing either a valid NAT rule or a comment on each -non-blank line. Comment lines begin with a +non-blank line. +Comment lines begin with a .Ql # -and are ignored, as are blank lines. Valid NAT rules -are described by the following grammar: +and are ignored, as are blank lines. +Valid NAT rules are described by the following grammar: .Bd -literal -offset indent natrule ::= maprule | rdrrule | bimaprule @@ -47,8 +48,8 @@ rule or the .Ql \&: in the .Fa portrange -rule, there must be no whitespace before or after it. In the case -of the +rule, there must be no whitespace before or after it. +In the case of the .Ql \&/ in the .Fa proxy @@ -66,13 +67,16 @@ rule, if the element begins with a non-digit the mask is taken to be all zeros. A .Ql \&. in the element causes the element to be interpreted as a numeric IP -address of the form 1.2.3.4. An +address of the form 1.2.3.4. +An .Ql x -in the element causes the element to be interpreted as a 32 bit hex value. If all +in the element causes the element to be interpreted as a 32 bit hex value. +If all else fails the element is interpreted as the number of sequential 1's to place as the most significant bits in the 32 bit network mask. Whatever the interpretation method, a result network mask of all 1's, indicating a -hostname, is valid. A network mask of 31 1's (255.255.255.254) +hostname, is valid. +A network mask of 31 1's (255.255.255.254) is considered invalid as there is no space for allocating host .Tn IP Ns #\&'s after consideration for broadcast and network addresses. @@ -88,7 +92,8 @@ map ppp0 10.0.0.0/8 -> 209.1.2.0/24 .Pp The obvious problem here is we're trying to squeeze over 16,000,000 .Tn IP -addresses into a 254 address space. To increase the scope, remapping for +addresses into a 254 address space. +To increase the scope, remapping for .Tn TCP and/or .Tn UDP , @@ -99,8 +104,8 @@ map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 .Pp which falls only 527,566 .Sq addresses -short of the space available in network -10. If we were to combine these rules, they would need to be specified as +short of the space available in network 10. +If we were to combine these rules, they would need to be specified as follows: .Bd -literal -offset indent map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 diff --git a/sbin/ipnat/ipnat.8 b/sbin/ipnat/ipnat.8 index 94a95c1d6e6..6e4977453aa 100644 --- a/sbin/ipnat/ipnat.8 +++ b/sbin/ipnat/ipnat.8 @@ -41,7 +41,8 @@ Remove, rather than add, entries specified in the rule list. .It Fl s Display statistics. .It Fl v -Verbosity. Displays detailed information pertaining to rule processing. +Verbosity. +Displays detailed information pertaining to rule processing. .El .Pp Certain configuration requirements must be met before @@ -57,7 +58,8 @@ file contains the assignment .It Packet filtering (see .Xr ipf 8 ) -must be enabled, even if it's not being used. Check the +must be enabled, even if it's not being used. +Check the .Pa /etc/rc.conf file and make sure it contains the assignment .Cm ipfilter=YES . @@ -94,7 +96,8 @@ This file is typically standard input is represented by a single dash .Pq Ql - . Each rule is parsed, then sequentially added to -the kernel's internal NAT list. Like +the kernel's internal NAT list. +Like .Xr ipf 8 , if an entry contradicts another previously added, the newer will take precedence. @@ -103,8 +106,9 @@ Comments (beginning with a .Ql # ) and blank lines are ignored as .Nm -parses the file. Entries may be separated by spaces or tabs. Each rule must -begin with either +parses the file. +Entries may be separated by spaces or tabs. +Each rule must begin with either .Em map , .Em bimap , or @@ -114,8 +118,8 @@ See below for rule syntax, or refer to for sample rule entries. .Ss Mapping rules .Em map -tells the NAT how a range of addresses should be translated. The entries use -the following format: +tells the NAT how a range of addresses should be translated. +The entries use the following format: .Pp .Bd -unfilled -offset indent -compact map ifname internal/mask -> external/mask options @@ -123,8 +127,8 @@ map ifname internal/mask -> external/mask options .Pp The .Em ifname -field is the interface to which packets are sent. A gateway with a PPP link -would probably use +field is the interface to which packets are sent. +A gateway with a PPP link would probably use .Dq ppp0 or .Dq tun0 , @@ -150,7 +154,8 @@ Do not specify internal interface names, use their addresses instead. .Pp The address range of the LAN goes in the .Em internal -field. This is usually one of the three blocks of address space the Internet +field. +This is usually one of the three blocks of address space the Internet Assigned Numbers Authority has allocated for private networks (RFC 1597): .Pp .Bd -unfilled -offset indent -compact @@ -164,8 +169,8 @@ The address is the offically assigned IP number of the gateway or network. .Pp .Em mask -is the netmask of the address. This mask is 32 bits long, and is divided into -four 8-bit numbers. +is the netmask of the address. +This mask is 32 bits long, and is divided into four 8-bit numbers. .Pp .Bd -unfilled -offset indent -compact 11111111.0.0.0 Class A - 8 bits set. @@ -179,8 +184,9 @@ Both .Em internal and .Em external -may be an actual IP address, the name of an interface, or a hostname. If it is -a network number, however, a problem may arise. For example: +may be an actual IP address, the name of an interface, or a hostname. +If it is a network number, however, a problem may arise. +For example: .Pp .Bd -unfilled -offset indent -compact map ppp0 10.0.0.0/8 -> 209.1.2.0/24 @@ -189,14 +195,15 @@ map ppp0 10.0.0.0/8 -> 209.1.2.0/24 16,000,000 IP addresses are being squeezed into an address space of only 254. This is solved by the .Em portmap -option, which remaps ports instead of IP addresses. The protocol is specified -by following the option with either +option, which remaps ports instead of IP addresses. +The protocol is specified by following the option with either .Em tcp , .Em udp , .Em tcp/udp , or .Em tcpudp -(the last two have the same effect). The syntax to assign a range of ports is +(the last two have the same effect). +The syntax to assign a range of ports is .Dq portnumber:portnumber . This looks like: .Pp @@ -209,21 +216,25 @@ That will cut the number down from ~16,000,000 addresses short to only 527,566. .Pp .Ss Bidirectional mapping rules .Em bimap -is used to create static, bidirectional NAT mappings. Standard +is used to create static, bidirectional NAT mappings. +Standard .Em map rules only create NAT mappings when the connection is initiated from the -internal IP address. For example, using the following rule: +internal IP address. +For example, using the following rule: .Pp .Bd -unfilled -offset indent -compact map ppp0 10.0.0.3/32 -> 209.1.2.3/32 .Ed .Pp NAT mappings will only be created if the machine at 10.0.0.3 initiates the -connection. To create a truly bidirectional NAT entry, +connection. +To create a truly bidirectional NAT entry, .Em bimap -is necessary. Using the following rule, for example, clients on the -ppp0 side of the NAT box can initiate requests to 209.1.2.3. This -traffic will be mapped to 10.0.0.3 as expected: +is necessary. +Using the following rule, for example, clients on the +ppp0 side of the NAT box can initiate requests to 209.1.2.3. +This traffic will be mapped to 10.0.0.3 as expected: .Pp .Bd -unfilled -offset indent -compact bimap ppp0 10.0.0.3/32 -> 209.1.2.3/32 @@ -233,7 +244,8 @@ To be genuinely useful, .Em bimap should be used in conjunction with either proxy arp, or .Xr ifconfig 8 -aliases. For example, if we create two bimap entries such as: +aliases. +For example, if we create two bimap entries such as: .Pp .Bd -unfilled -offset indent -compact bimap fxp0 10.0.0.3/32 -> 209.1.2.3/32 @@ -256,9 +268,11 @@ ifconfig fxp0 alias 209.1.2.4 netmask 255.255.255.255 .Pp .Ss Redirection rules .Em rdr -tells the NAT how to redirect incoming packets. It is useful if one wishes to +tells the NAT how to redirect incoming packets. +It is useful if one wishes to redirect a connection through a proxy, or to another box on the private -network. The format of this directive is: +network. +The format of this directive is: .Pp rdr ifname external/mask port service -> internal port service protocol .Pp @@ -268,18 +282,21 @@ This setup is best described by an example of an actual entry: rdr xl0 0.0.0.0/0 port 25 -> 204.213.176.10 port smtp .Ed .Pp -This redirects all smtp packets received on xl0 to 204.213.176.10, port 25. A -netmask is not needed on the +This redirects all smtp packets received on xl0 to 204.213.176.10, port 25. +A netmask is not needed on the .Em internal -address; it is always 32. The +address; it is always 32. +The .Em external and .Em internal fields, similar to the .Em map -directive, may be actual addresses, hostnames, or interfaces. Likewise, the +directive, may be actual addresses, hostnames, or interfaces. +Likewise, the .Em service -field may be the name of a service, or a port number. The +field may be the name of a service, or a port number. +The .Em protocol of the service may be selected by appending .Em tcp , @@ -287,7 +304,8 @@ of the service may be selected by appending .Em tcp/udp , or .Em tcpudp -(the last two have the same effect) to the end of the line. TCP is the default. +(the last two have the same effect) to the end of the line. +TCP is the default. .Sh FILES .Bl -tag -width /usr/share/ipf/nat.1 -compact .It Pa /etc/ipnat.rules @@ -301,7 +319,8 @@ device file .El .Sh BUGS .Em bimap -should really only be used with single IP addresses (x.x.x.x/32). Bimapping +should really only be used with single IP addresses (x.x.x.x/32). +Bimapping other CIDR ranges will result in unexpected, and possibly random mappings into the destination address block. .Sh SEE ALSO diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8 index 34437cfa36f..e9eed806137 100644 --- a/sbin/ipsecadm/ipsecadm.8 +++ b/sbin/ipsecadm/ipsecadm.8 @@ -1,4 +1,5 @@ -.\" $OpenBSD: ipsecadm.8,v 1.20 2000/01/13 04:48:55 angelos Exp $ +.\" $OpenBSD: ipsecadm.8,v 1.21 2000/03/18 22:55:59 aaron Exp $ +.\" .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -85,8 +86,9 @@ modifiers are: and .Fl key . .It old esp -Setup a SA which uses the old esp transforms. Only -encryption algorithms can be applied. Allowed modifiers are: +Setup a SA which uses the old esp transforms. +Only encryption algorithms can be applied. +Allowed modifiers are: .Fl dst , .Fl src , .Fl proxy , @@ -97,9 +99,9 @@ encryption algorithms can be applied. Allowed modifiers are: and .Fl key . .It new ah -Setup a SA which uses the new ah transforms. Authentication -will be done with HMAC using the specified hash algorithm. Allowed modifiers -are: +Setup a SA which uses the new ah transforms. +Authentication will be done with HMAC using the specified hash algorithm. +Allowed modifiers are: .Fl dst , .Fl src , .Fl proxy , @@ -109,8 +111,9 @@ are: and .Fl key . .It old ah -Setup a SA which uses the old ah transforms. Simple keyed -hashes will be used for authentication. Allowed modifiers are: +Setup a SA which uses the old ah transforms. +Simple keyed hashes will be used for authentication. +Allowed modifiers are: .Fl dst , .Fl src , .Fl proxy , @@ -120,12 +123,16 @@ hashes will be used for authentication. Allowed modifiers are: and .Fl key . .It ip4 -Setup an SA which uses the IP-in-IP encapsulation protocol. This mode +Setup an SA which uses the IP-in-IP encapsulation protocol. +This mode offers no security services by itself, but can be used to route other -(experimental or otherwise) protocols over an IP network. The SPI value +(experimental or otherwise) protocols over an IP network. +The SPI value is not used for anything other than referencing the information, and -does not appear on the wire. Unlike other setups, like new esp, there -is no necessary setup in the receiving side. Allowed modifiers are: +does not appear on the wire. +Unlike other setups, like new esp, there +is no necessary setup in the receiving side. +Allowed modifiers are: .Fl dst , .Fl src , and @@ -135,11 +142,12 @@ The specified SA will be deleted. Allowed modifiers are: .Fl dst , .Fl spi , -.Fl proto . +.Fl proto , and .Fl chain . .It group -Group two SAs together. Allowed modifiers are: +Group two SAs together. +Allowed modifiers are: .Fl dst , .Fl spi , .Fl proto , @@ -165,7 +173,8 @@ and .Fl bypass . The .Xr netstat 1 -command shows the existing egress (outbound) flows. A +command shows the existing egress (outbound) flows. +A .Nm bypass flow is used to specify a flow for which IPSec processing will be bypassed, i.e packets will not be processed by any SAs. @@ -199,8 +208,10 @@ and This can be useful while travelling where the IP address of potential clients is not known. .It flush -Flush SAs from from kernel. This includes flushing any flows and -routing entries associated with the SAs. Allowed modifiers are: +Flush SAs from from kernel. +This includes flushing any flows and +routing entries associated with the SAs. +Allowed modifiers are: .Fl ah , .Fl esp , .Fl oldah , @@ -218,114 +229,134 @@ defaults to new esp mode. The modifiers have the following meanings: .Bl -tag -width forcetunnel -offset indent .It src -The source IP address for the SA. This is necessary for incoming +The source IP address for the SA. +This is necessary for incoming SAs to avoid source address spoofing between mutually -suspicious hosts that have established SAs with us. For outgoing SAs, -this field is used to fill in the source address when doing -tunneling. +suspicious hosts that have established SAs with us. +For outgoing SAs, +this field is used to fill in the source address when doing tunneling. .It dst The destination IP address for the SA. .It proxy This IP address, if provided, is checked against the inner IP address when -doing tunneling to a firewall, to prevent source spoofing attacks. It is -strongly recommended that this option is provided when applicable. It is +doing tunneling to a firewall, to prevent source spoofing attacks. +It is +strongly recommended that this option is provided when applicable. +It is applicable in a scenario when host A is using IPsec to communicate with -firewall B, and through that to host C. In that case, the proxy address for -the incoming SA should be C. This option is not necessary for outgoing SAs. +firewall B, and through that to host C. +In that case, the proxy address for +the incoming SA should be C. +This option is not necessary for outgoing SAs. .It spi The Security Parameter Index (SPI). .It tunnel -This option has been deprecated. The arguments are ignored, and it -otherwise has the same effect as the +This option has been deprecated. +The arguments are ignored, and it otherwise has the same effect as the .Nm forcetunnel option. .It newpadding This option has been deprecated. .It forcetunnel Force IP-inside-IP encapsulation before ESP or AH processing is performed for -outgoing packets. The source/destination addresses of the outgoing IP packet +outgoing packets. +The source/destination addresses of the outgoing IP packet will be those provided in the .Nm src and .Nm dst -options. Notice that the IPsec stack will perform IP-inside-IP encapsulation +options. +Notice that the IPsec stack will perform IP-inside-IP encapsulation when deemed necessary, even if this flag has not been set. .It enc -The encryption algorithm to be used with the SA. Possible values -are: +The encryption algorithm to be used with the SA. +Possible values are: .Bl -tag -width skipjack .It Nm des This is available for both old and new esp. Notice that hardware crackers for DES can be (and have been) built for -US$250,000 (in 1998). Use DES for encryption of critical information -at your own risk. -We suggest using 3DES instead. DES support is kept for interoperability -(with old implementations) purposes only. See +US$250,000 (in 1998). +Use DES for encryption of critical information at your own risk. +We suggest using 3DES instead. +DES support is kept for interoperability +(with old implementations) purposes only. +See .Xr des_cipher 3 . .It Nm 3des -This is available for both old and new esp. It is considered -more secure than straight DES, since it uses larger keys. +This is available for both old and new esp. +It is considered more secure than straight DES, since it uses larger keys. .It Nm blf -Blowfish encryption is available only in new esp. See +Blowfish encryption is available only in new esp. +See .Xr blf_key 3 . .It Nm cast CAST encryption is available only in new esp. .It Nm skipjack -SKIPJACK encryption is available only in new esp. This algorithm designed -by the NSA is faster than 3DES. However, since it was designed by the NSA +SKIPJACK encryption is available only in new esp. +This algorithm designed by the NSA and is faster than 3DES. +However, since it was designed by the NSA it is a poor choice. .El .Pp .It auth -The authentication algorithm to be used with the SA. Possible values -are: +The authentication algorithm to be used with the SA. +Possible values are: .Nm md5 and .Nm sha1 -for both old and new ah and also new esp. Also +for both old and new ah and also new esp. +Also .Nm rmd160 for both new ah and esp. .It key -The secret symmetric key used for encryption and authentication. The size -for +The secret symmetric key used for encryption and authentication. +The size for .Nm des and .Nm 3des -is fixed to 8 and 24 respectively. For other ciphers like +is fixed to 8 and 24 respectively. +For other ciphers like .Nm cast or .Nm blf -the key length can be variable. The +the key length can be variable. +The .Nm key -should be given in hexadecimal digits. The +should be given in hexadecimal digits. +The .Nm key should be chosen in random (ideally, using some true-random source like -coin flipping). It is very important that the key is not guessable. One -practical way of generating keys is by using the +coin flipping). +It is very important that the key is not guessable. +One practical way of generating keys is by using the .Xr random 4 device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1) .It authkey The secret key material used for authentication -if additional authentication in new esp mode is required. For -old or new ah the key material for authentication is passed with the +if additional authentication in new esp mode is required. +For old or new ah the key material for authentication is passed with the .Nm key -option. The +option. +The .Nm key -should be given in hexadecimal digits. The +should be given in hexadecimal digits. +The .Nm key should be chosen in random (ideally, using some true-random source like -coin flipping). It is very important that the key is not guessable. One -practical way of generating keys is by using the +coin flipping). +It is very important that the key is not guessable. +One practical way of generating keys is by using the .Xr random 4 device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1) .It iv -This option has been deprecated. The argument is ignored. When applicable, -it has the same behaviour as the +This option has been deprecated. +The argument is ignored. +When applicable, it has the same behaviour as the .Nm halfiv option. .It halfiv -This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes). It -may only be used with old ESP. +This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes). +It may only be used with old ESP. .It proto The security protocol needed by .Nm delspi , @@ -364,12 +395,14 @@ case insensitive. .It addr The source address, source network mask, destination address and destination network mask against which packets need to match to use the specified -Security Association. All addresses must be of the same address family +Security Association. +All addresses must be of the same address family (IPv4 or IPv6). .It transport The protocol number which packets need to match to use the specified -Security Association. By default the protocol number is not used for -matching. Instead of a number, a valid protocol name that appears in +Security Association. +By default the protocol number is not used for matching. +Instead of a number, a valid protocol name that appears in .Xr protocols 5 can be used. .It sport @@ -432,7 +465,7 @@ For .Nm flush , only flush SAs of type ip4. .El -.Sh EXAMPLE +.Sh EXAMPLES Setup a SA which uses new esp with 3des encryption and HMAC-SHA1 authentication: .Bd -literal diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8 index 1b41526ffcf..7e360862de9 100644 --- a/sbin/isakmpd/isakmpd.8 +++ b/sbin/isakmpd/isakmpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.8,v 1.16 2000/02/01 02:46:18 niklas Exp $ +.\" $OpenBSD: isakmpd.8,v 1.17 2000/03/18 22:55:59 aaron Exp $ .\" $EOM: isakmpd.8,v 1.19 2000/01/31 22:33:46 niklas Exp $ .\" .\" Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. @@ -76,8 +76,8 @@ option is used to make the daemon run in the foreground, logging to stderr. .It Xo Fl D .Ar debug-class Ns No = Ns Ar level .Xc -This argument is possible to specify many times. It takes a parameter of -the form +This argument is possible to specify many times. +It takes a parameter of the form .Ar class Ns No = Ns Ar level where both .Ar class @@ -89,7 +89,8 @@ denotes a debugging class, and .Ar level the level you want that debugging class to limit debug printouts at (i.e., all debug printouts above the level specified -will not output anything). If +will not output anything). +If .Ar class is set to 'A', then all debugging classes are set to the specified level. @@ -99,7 +100,8 @@ The option specifies the .Tn FIFO (a.k.a. named pipe) where the daemon listens for -user requests. If the path given is a dash +user requests. +If the path given is a dash .Pq Sq \&- , .Nm will listen to stdin instead. diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index 89e785fa479..84142d48162 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.30 2000/01/31 08:38:28 niklas Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.31 2000/03/18 22:55:59 aaron Exp $ .\" $EOM: isakmpd.conf.5,v 1.38 2000/01/31 08:39:44 niklas Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -47,8 +47,8 @@ IPSEC layer of the kernel's networking stack. .Pp The file is of a well known type of format called .INI style, named after the suffix used by an overrated windowing environment for its configuration -files. This format consists of sections, each beginning with a line looking -like: +files. +This format consists of sections, each beginning with a line looking like: .Bd -literal [Section name] .Ed @@ -59,8 +59,8 @@ Tag=Value .Ed If the value needs more space than fits on a single line it's possible to continue it on the next by ending the first with a backspace character -immediately before the newline character. This method can extend a value for -an arbitrary amount of lines. +immediately before the newline character. +This method can extend a value for an arbitrary amount of lines. .Pp Comments can be put anywhere in the file by using a hash mark .Pq Sq \&# . @@ -69,7 +69,8 @@ Then the comment goes on to the end of the line. Often the right-hand side values consist of other section names. This results in a tree structure. Some values are treated as a list of several scalar values, such lists always -use comma as the separator. Some values are formatted like this: X,Y:Z, which +use comma as the separator. +Some values are formatted like this: X,Y:Z, which is an offer/accept syntax, where X is a value we offer and Y:Z is a range of accepted values, inclusive. .Pp @@ -90,16 +91,19 @@ The interval between watchdog checks of connections we want up at all times. How many seconds should an exchange maximally take to setup before we give up. .It Em Listen-on -A list of IP-addresses OK to listen on. This list is used as +A list of IP-addresses OK to listen on. +This list is used as a filter for the set of addresses the interfaces configured -provides. This means that we won't see if an address given +provides. +This means that we won't see if an address given here does not exist on this host, and thus no error is given for that case. .It Em Shared-SADB If this tag is defined, whatever the value is, some semantics of .Nm are changed so that multiple instances can run on top of one SADB -and setup SAs with eachother. Specifically this means replay +and setup SAs with eachother. +Specifically this means replay protection will not be asked for, and errors that can occur when updating an SA with its parameters a 2nd time will be ignored. .El @@ -107,9 +111,9 @@ updating an SA with its parameters a 2nd time will be ignored. ISAKMP SA negotiation parameter root .Bl -tag -width 12n .It Em <IP-address> -A name of the ISAKMP peer at the given IP-address. This name -is used as the section name for further information to be -found. Look at <ISAKMP-peer> below. +A name of the ISAKMP peer at the given IP-address. +This name is used as the section name for further information to be found. +Look at <ISAKMP-peer> below. .El .It Em Phase 2 IPsec SA negotiation parameter root @@ -117,16 +121,18 @@ IPsec SA negotiation parameter root .It Em Connections A list of directed IPSec "connection" names that should be brought up automatically, either on first use if the system supports it, or at -startup of the daemon. These names are section names where further -information can be found. Look at <IPSec-connection> below. +startup of the daemon. +These names are section names where further information can be found. +Look at <IPSec-connection> below. Normally any connection mentioned here are treated as part of the "Passive-connection" list we present below, however there is a -flag: "Active-only" that disables this behaviour. This too is -mentioned in the <IPSec-connection> section, in the "Flags" tag. +flag: "Active-only" that disables this behaviour. +This too is mentioned in the <IPSec-connection> section, in the "Flags" tag. .It Em Passive-connections A list of IPSec "connection" names we recognize and accept initiations for. -These names are section names where further information can be found. Look -at <IPSec-connection> below. Currently only the Local-ID and Remote-ID tags +These names are section names where further information can be found. +Look at <IPSec-connection> below. +Currently only the Local-ID and Remote-ID tags are looked at in those sections, as they are matched against the IDs given by the initiator. .El @@ -136,7 +142,7 @@ by the initiator. A directory containing PEM certificates of certification authorities that we trust to sign other certificates. .It Em Cert-directory -A directory containing PEM certificates that we trust to be valid. +A directory containing PEM certificates that we trust to be valid. These certificates are used in preference to those passed in messages and are required to have a SubjectAltName extension. .It Em Accept-self-signed @@ -167,14 +173,15 @@ The Local IP-address to use, if we are multi-homed, or have aliases. .It Em Address The IP-address of the peer. .It Em Port -In case of UDP, the UDP port number to send to. This is optional, the +In case of UDP, the UDP port number to send to. +This is optional, the default value is 500 which is the IANA-registered number for ISAKMP. .It Em Configuration -The name of the ISAKMP-configuration section to use. Look at -<ISAKMP-configuration> below. +The name of the ISAKMP-configuration section to use. +Look at <ISAKMP-configuration> below. .It Em Authentication -Authentication data for this specific peer. In the case of -preshared key, this is the key value itself. +Authentication data for this specific peer. +In the case of preshared key, this is the key value itself. .It Em ID If existent, the name of the section that describes the local client ID that we should present to our peer. If not present, it @@ -182,8 +189,8 @@ defaults to the address of the local interface we are sending packets over to the remote daemon. Look at <Phase1-ID> below. .It Em Flags A comma-separated list of flags controlling the further -handling of the ISAKMP SA. Currently there are no specific -ISAKMP SA flags defined. +handling of the ISAKMP SA. +Currently there are no specific ISAKMP SA flags defined. .It Em Next-hop A Linux FreeS/WAN specific value which should be the IP address of the next hop along the path to reach the peer, usually a router. @@ -191,7 +198,8 @@ next hop along the path to reach the peer, usually a router. .It Em <Phase1-ID> .Bl -tag -width 12n .It Em ID-type -The ID type as given by the RFCs. For Phase 1 this is currently +The ID type as given by the RFCs. +For Phase 1 this is currently .Li IPV4_ADDR , .Li IPV4_ADDR_SUBNET , .Li FQDN , @@ -222,18 +230,21 @@ string respectively. .It Em <ISAKMP-configuration> .Bl -tag -width 12n .It Em DOI -The domain of interpretation as given by the RFCs. Normally +The domain of interpretation as given by the RFCs. +Normally .Li IPSEC . .It Em EXCHANGE_TYPE -The exchange type as given by the RFCs. For main mode this is +The exchange type as given by the RFCs. +For main mode this is .Li ID_PROT and for aggressive mode it is .Li AGGRESSIVE . .It Em Transforms A list of proposed transforms to use for protecting the -ISAKMP traffic. These are actually names for sections -further describing the transforms. Look at <ISAKMP-transform> -below. +ISAKMP traffic. +These are actually names for sections +further describing the transforms. +Look at <ISAKMP-transform> below. .El .It Em <ISAKMP-transform> .Bl -tag -width 12n @@ -242,15 +253,15 @@ The encryption algorithm as the RFCs name it, or ANY to denote that any encryption algorithm proposed will be accepted. .It Em KEY_LENGTH For encryption algorithms with variable key length, this is -where the offered/accepted keylengths are described. The -value is of the offer-accept kind described above. +where the offered/accepted keylengths are described. +The value is of the offer-accept kind described above. .It Em HASH_ALGORITHM The hash algorithm as the RFCs name it, or ANY. .It Em AUTHENTICATION_METHOD The authentication method as the RFCs name it, or ANY. .It Em GROUP_DESCRIPTION -The group used for Diffie-Hellman exponentiations, or ANY. The -name are symbolic, like +The group used for Diffie-Hellman exponentiations, or ANY. +The name are symbolic, like .Li MODP_768 , MODP_1024 , EC_155 and .Li EC_185 . @@ -283,11 +294,12 @@ as ISAKMP-peers and IPSec-connections really are handled by the same code inside isakmpd. .It Em ISAKMP-peer The name of the ISAKMP-peer which to talk to in order to -set up this connection. The value is the name of an -<ISAKMP-peer> section. See above. +set up this connection. +The value is the name of an <ISAKMP-peer> section. +See above. .It Em Configuration -The name of the IPSec-configuration section to use. Look at -<IPSec-configuration> below. +The name of the IPSec-configuration section to use. +Look at <IPSec-configuration> below. .It Em Local-ID If existent, the name of the section that describes the optional local client ID that we should present to our peer. @@ -297,12 +309,13 @@ Look at <IPSec-ID> below. .It Em Remote-ID If existent, the name of the section that describes the optional remote client ID that we should present to our peer. -It is also used when we act as responders to find out what +It is also used when we act as responders to find out what <IPSec-connection> we are dealing with. Look at <IPSec-ID> below. .It Em Flags A comma-separated list of flags controlling the further -handling of the IPSec SA. Currently only one flag is defined: +handling of the IPSec SA. +Currently only one flag is defined: .Bl -tag -width 12n .It Em Active-only If this flag is given and this <IPSec-connection> is part of the phase 2 @@ -313,38 +326,44 @@ accepting connections from the peer. .It Em <IPSec-configuration> .Bl -tag -width 12n .It Em DOI -The domain of interpretation as given by the RFCs. Normally +The domain of interpretation as given by the RFCs. +Normally .Li IPSEC . .It Em EXCHANGE_TYPE -The exchange type as given by the RFCs. For quick mode this is +The exchange type as given by the RFCs. +For quick mode this is .Li QUICK_MODE . .It Em Suites A list of protection suites (bundles of protocols) usable for -protecting the IP traffic. Each of the list elements is a -name of an <IPSec-suite> section. See below. +protecting the IP traffic. +Each of the list elements is a name of an <IPSec-suite> section. +See below. .El .It Em <IPSec-suite> .Bl -tag -width 12n .It Em Protocols A list of the protocols included in this protection suite. Each of the list elements is a name of an <IPSec-protocol> -section. See below. +section. +See below. .El .It Em <IPSec-protocol> .Bl -tag -width 12n .It Em PROTOCOL_ID -The protocol as given by the RFCs. Acceptable values today -are +The protocol as given by the RFCs. +Acceptable values today are .Li IPSEC_AH and .Li IPSEC_ESP . .It Em Transforms A list of transforms usable for implementing the protocol. Each of the list elements is a name of an <IPSec-transform> -section. See below. +section. +See below. .It Em ReplayWindow -The size of the window used for replay protection. This is normally -left alone. Look at the +The size of the window used for replay protection. +This is normally left alone. +Look at the .Nm ESP and .Nm AH @@ -355,14 +374,15 @@ RFCs for a better description. .It Em TRANSFORM_ID The transform ID as given by the RFCs. .It Em ENCAPSULATION_MODE -The encapsulation mode as given by the RFCs. This means -TRANSPORT or TUNNEL. +The encapsulation mode as given by the RFCs. +This means TRANSPORT or TUNNEL. .It Em AUTHENTICATION_ALGORITHM The optional authentication algorithm in the case of this being an ESP transform. .It Em GROUP_DESCRIPTION An optional (provides PFS if present) Diffie-Hellman group -description. The values are the same as GROUP_DESCRIPTION's +description. +The values are the same as GROUP_DESCRIPTION's in <ISAKMP-transform> sections shown above. .It Em Life List of lifetimes, each element is a <Lifetime> section name. @@ -370,7 +390,8 @@ List of lifetimes, each element is a <Lifetime> section name. .It Em <IPSec-ID> .Bl -tag -width 12n .It Em ID-type -The ID type as given by the RFCs. For IPSec this is currently +The ID type as given by the RFCs. +For IPSec this is currently .Li IPV4_ADDR or .Li IPV4_ADDR_SUBNET . diff --git a/sbin/mknod/mkfifo.1 b/sbin/mknod/mkfifo.1 index b1e95bc0bee..6f37c9f1840 100644 --- a/sbin/mknod/mkfifo.1 +++ b/sbin/mknod/mkfifo.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mkfifo.1,v 1.4 1999/06/05 01:29:38 aaron Exp $ +.\" $OpenBSD: mkfifo.1,v 1.5 2000/03/18 22:55:59 aaron Exp $ .\" $NetBSD: mkfifo.1,v 1.4 1994/12/23 07:16:54 jtc Exp $ .\" .\" Copyright (c) 1990, 1993 @@ -46,7 +46,7 @@ .Sh SYNOPSIS .Nm mkfifo .Op Fl m Ar mode -.Ar fifo_name ... +.Ar fifo_name ... .Sh DESCRIPTION .Nm mkfifo creates the FIFOs requested, in the order specified, diff --git a/sbin/mknod/mknod.8 b/sbin/mknod/mknod.8 index 594d791ec71..03fda9381a6 100644 --- a/sbin/mknod/mknod.8 +++ b/sbin/mknod/mknod.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mknod.8,v 1.8 1999/07/21 12:32:18 aaron Exp $ +.\" $OpenBSD: mknod.8,v 1.9 2000/03/18 22:55:59 aaron Exp $ .\" $NetBSD: mknod.8,v 1.9 1995/08/10 23:47:32 jtc Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -79,14 +79,16 @@ operators are interpreted relative to an assumed initial mode of To make nodes manually, the arguments are: .Bl -tag -width majorx .It Ar name -Device or FIFO name. For example +Device or FIFO name. +For example .Dq sd for a SCSI disk or a .Dq pty -for pseudo-devices. FIFOs may be named arbitrarily by the user. +for pseudo-devices. +FIFOs may be named arbitrarily by the user. .It Cm b | Cm c | Cm p -Type of device or FIFO. If the -device is a block type device such as a tape or disk drive which needs +Type of device or FIFO. +If the device is a block type device such as a tape or disk drive which needs both cooked and raw special files, the type is .Cm b . @@ -97,8 +99,9 @@ A FIFO (also known as a named pipe) is type .Cm p . .It Ar major The major device number is an integer number which tells the kernel -which device driver entry point to use. To learn what -major device number to use for a particular device, check the file +which device driver entry point to use. +To learn what major device number to use for a particular device, +check the file .Pa /dev/MAKEDEV to see if the device is known. .It Ar minor diff --git a/sbin/modload/modload.8 b/sbin/modload/modload.8 index d221d6c47f0..e983dde1dd3 100644 --- a/sbin/modload/modload.8 +++ b/sbin/modload/modload.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: modload.8,v 1.14 2000/03/05 00:28:56 aaron Exp $ +.\" $OpenBSD: modload.8,v 1.15 2000/03/18 22:55:59 aaron Exp $ .\" $NetBSD: modload.8,v 1.5 1995/03/18 14:56:43 cgd Exp $ .\" .\" Copyright (c) 1993 Christopher G. Demetriou @@ -49,7 +49,8 @@ The input file is an object file (.o file). The options are as follows: .Bl -tag -width indent .It Fl d -Debug. Used to debug +Debug. +Used to debug .Nm itself. .It Fl q @@ -57,7 +58,8 @@ Be very quiet. .It Fl u Delete the loaded module .Pq Ar output_file -after loading. If the output file was not specified, this option causes the +after loading. +If the output file was not specified, this option causes the temporary file to be kept rather than deleted. .It Fl v Print comments about the loading process. @@ -77,8 +79,8 @@ The default module entry point name is .Dq xxxinit . .It Fl p Ar postinstall Specify the name of a shell script or program that will -be executed if the module is successfully loaded. It -is always passed the module ID (in decimal) and module +be executed if the module is successfully loaded. +It is always passed the module ID (in decimal) and module type (in hexadecimal) as the first two arguments. For loadable drivers, the third argument is the block or character major device number. @@ -86,7 +88,8 @@ For a loadable system call, the third argument is the system call number. .It Fl o Ar output_file Specify the name of the output file that is produced by -the linker. If this option is not specified, a file in the +the linker. +If this option is not specified, a file in the .Pa /tmp directory is used with the name generated from the module name with a diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index 3a088cef9bf..10d83b8920c 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount.8,v 1.19 2000/03/05 00:28:50 aaron Exp $ +.\" $OpenBSD: mount.8,v 1.20 2000/03/18 22:56:00 aaron Exp $ .\" $NetBSD: mount.8,v 1.11 1995/07/12 06:23:21 cgd Exp $ .\" .\" Copyright (c) 1980, 1989, 1991, 1993 @@ -122,9 +122,11 @@ to the file system should be done asynchronously. This is a .Em dangerous flag to set since it does not guarantee to keep a consistent -file system structure on the disk. You should not use this flag +file system structure on the disk. +You should not use this flag unless you are prepared to recreate the file system should your -system crash. The most common use of this flag is to speed up +system crash. +The most common use of this flag is to speed up .Xr restore 8 where it can give a factor of two speed increase. .It force @@ -273,7 +275,8 @@ The file system object is to be read and write. The options specific to the various file system types are described in the manual pages for those file systems' .Nm mount_XXX -commands. For instance, the options specific to Berkeley +commands. +For instance, the options specific to Berkeley Fast File Systems are described in the .Xr mount_ffs 8 manual page. diff --git a/sbin/mount_ffs/mount_ffs.8 b/sbin/mount_ffs/mount_ffs.8 index 6d2765dc247..d61032fbe35 100644 --- a/sbin/mount_ffs/mount_ffs.8 +++ b/sbin/mount_ffs/mount_ffs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_ffs.8,v 1.7 1999/07/21 01:07:54 deraadt Exp $ +.\" $OpenBSD: mount_ffs.8,v 1.8 2000/03/18 22:56:00 aaron Exp $ .\" $NetBSD: mount_ffs.8,v 1.2 1996/02/05 06:33:47 jtc Exp $ .\" .\" Copyright (c) 1980, 1989, 1991, 1993 @@ -55,8 +55,8 @@ device on to the file system tree at point The .Nm mount_ufs form of the command is meant for backward -compatibility only. Fast File Systems should no longer -be listed as type +compatibility only. +Fast File Systems should no longer be listed as type .Dq ufs in .Xr fstab 5 diff --git a/sbin/mount_kernfs/mount_kernfs.8 b/sbin/mount_kernfs/mount_kernfs.8 index 3cbd92736c5..3d995d5de22 100644 --- a/sbin/mount_kernfs/mount_kernfs.8 +++ b/sbin/mount_kernfs/mount_kernfs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_kernfs.8,v 1.11 1999/07/21 01:07:54 deraadt Exp $ +.\" $OpenBSD: mount_kernfs.8,v 1.12 2000/03/18 22:56:00 aaron Exp $ .\" $NetBSD: mount_kernfs.8,v 1.6 1995/03/18 14:57:24 cgd Exp $ .\" .\" Copyright (c) 1992, 1993, 1994 @@ -99,7 +99,8 @@ The hostname, with a trailing newline. The hostname can be changed by writing to this file. A trailing newline will be stripped from the hostname being written. .It Pa domainname -The domainname, with a trailing newline. Behaves like a hostname. +The domainname, with a trailing newline. +Behaves like a hostname. .It Pa hz Frequency of the system clock (decimal ASCII). .It Pa ipsec diff --git a/sbin/mount_msdos/mount_msdos.8 b/sbin/mount_msdos/mount_msdos.8 index 87b32d69d48..4b395eedac7 100644 --- a/sbin/mount_msdos/mount_msdos.8 +++ b/sbin/mount_msdos/mount_msdos.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_msdos.8,v 1.10 1999/05/12 13:26:49 aaron Exp $ +.\" $OpenBSD: mount_msdos.8,v 1.11 2000/03/18 22:56:00 aaron Exp $ .\" $NetBSD: mount_msdos.8,v 1.10 1996/01/19 21:14:43 leo Exp $ .\" .\" Copyright (c) 1993,1994 Christopher G. Demetriou @@ -114,17 +114,21 @@ searches the root directory of the filesystem to be mounted for any existing Windows 95/98 long filenames. If no such entries are found, .Fl s -is the default. Otherwise +is the default. +Otherwise .Fl l is assumed. .It Fl 9 Ignore the special Windows 95/98 directory entries even -if deleting or renaming a file. This forces +if deleting or renaming a file. +This forces .Fl s . .It Fl G This option causes the filesystem to be interpreted as an Atari-Gemdos -filesystem. The differences to the msdos filesystem are minimal and -limited to the boot block. This option enforces +filesystem. +The differences to the msdos filesystem are minimal and +limited to the boot block. +This option enforces .Fl s . .El .Sh SEE ALSO @@ -144,8 +148,8 @@ The default handling for and .Fl l will result in empty filesystems to be populated -with short filenames only. To generate long filenames -on empty DOS filesystems use +with short filenames only. +To generate long filenames on empty DOS file systems use .Fl l . .Pp Note that Windows 95/98 handles only access dates, diff --git a/sbin/mount_nfs/mount_nfs.8 b/sbin/mount_nfs/mount_nfs.8 index af11574b7c5..62410003243 100644 --- a/sbin/mount_nfs/mount_nfs.8 +++ b/sbin/mount_nfs/mount_nfs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_nfs.8,v 1.16 2000/03/14 21:31:34 aaron Exp $ +.\" $OpenBSD: mount_nfs.8,v 1.17 2000/03/18 22:56:00 aaron Exp $ .\" $NetBSD: mount_nfs.8,v 1.3 1996/02/18 11:59:10 fvdl Exp $ .\" .\" Copyright (c) 1992, 1993, 1994, 1995 @@ -76,7 +76,8 @@ The options are: .It Fl 2 Use the NFS Version 2 protocol. .It Fl 3 -Use the NFS Version 3 protocol. The default is to try version 3 first, and +Use the NFS Version 3 protocol. +The default is to try version 3 first, and fall back to version 2 if the mount fails. .It Fl D Ar deadthresh Used with NQNFS to set the @@ -92,7 +93,8 @@ Values may be set in the range of 1 - 9, with 9 referring to an This option is not generally recommended and is really an experimental feature. .It Fl I Ar readdirsize -Set the readdir read size to the specified value. The value should normally +Set the readdir read size to the specified value. +The value should normally be a multiple of DIRBLKSIZ that is <= the read size for the mount. .It Fl K Pass Kerberos authenticators to the server for client-to-server @@ -107,7 +109,8 @@ Only use this argument for mounts with a large round trip delay. Values are normally in the 10-30 second range. .It Fl P The kernel always uses a reserved port number to communicate with -clients. This option is ignored, and exists solely for compatibility +clients. +This option is ignored, and exists solely for compatibility with older systems. .It Fl R Ar retrycnt Set the retry count for doing the mount to the specified value. @@ -135,7 +138,8 @@ where the filesystem mount is not critical to multiuser operation. For UDP mount points, do not do a .Xr connect 2 . This must be used for servers that do not reply to requests from the -standard NFS port number 2049. It may also be required for servers +standard NFS port number 2049. +It may also be required for servers with more than one IP address (only necessary if replies come from an address other than the one specified in the mount request). .It Fl d @@ -160,7 +164,8 @@ be used. This option reduces RPC traffic for cases such as .Dq "ls -l" , but tends to flood the attribute and name caches with prefetched entries. -Try this option and see whether performance improves or degrades. Probably +Try this option and see whether performance improves or degrades. +Probably most useful for client to server network interconnects with a large bandwidth times delay product. .It Fl m Ar realm diff --git a/sbin/mount_null/mount_null.8 b/sbin/mount_null/mount_null.8 index 0eee27d0b5b..f7f3a3afa93 100644 --- a/sbin/mount_null/mount_null.8 +++ b/sbin/mount_null/mount_null.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_null.8,v 1.13 1999/09/23 04:12:02 alex Exp $ +.\" $OpenBSD: mount_null.8,v 1.14 2000/03/18 22:56:00 aaron Exp $ .\" $NetBSD: mount_null.8,v 1.4 1996/04/10 20:57:19 thorpej Exp $ .\" .\" Copyright (c) 1992, 1993, 1994 @@ -90,23 +90,26 @@ New null layers are created with .Nm takes two arguments: the pathname of the lower vfs (target-pn) and the pathname where the null -layer will appear in the namespace (mount-point-pn). After -the null layer is put into place, the contents +layer will appear in the namespace (mount-point-pn). +After the null layer is put into place, the contents of target-pn subtree will be aliased under mount-point-pn. .\" .\" .Sh OPERATION OF A NULL LAYER The null layer is the minimum file system layer, simply bypassing all possible operations to the lower layer -for processing there. The majority of its activity centers +for processing there. +The majority of its activity centers on the bypass routine, through which nearly all vnode operations pass. .Pp The bypass routine accepts arbitrary vnode operations for -handling by the lower layer. It begins by examining vnode +handling by the lower layer. +It begins by examining vnode operation arguments and replacing any null-nodes by their -lower-layer equivalents. It then invokes the operation -on the lower layer. Finally, it replaces the null-nodes +lower-layer equivalents. +It then invokes the operation on the lower layer. +Finally, it replaces the null-nodes in the arguments and, if a vnode is returned by the operation, stacks a null-node on top of the returned vnode. .Pp @@ -131,12 +134,12 @@ information. .\" .Sh INSTANTIATING VNODE STACKS Mounting associates the null layer with a lower layer, -in effect stacking two VFSes. Vnode stacks are instead -created on demand as files are accessed. +in effect stacking two VFSes. +Vnode stacks are instead created on demand as files are accessed. .Pp The initial mount creates a single vnode stack for the -root of the new null layer. All other vnode stacks -are created as a result of vnode operations on +root of the new null layer. +All other vnode stacks are created as a result of vnode operations on this or other null vnode stacks. .Pp New vnode stacks come into existence as a result of @@ -158,7 +161,8 @@ Now consider opening A .Em vop_lookup would be -done on the root null-node. This operation would bypass through +done on the root null-node. +This operation would bypass through to the lower layer which would return a vnode representing the UFS .Pa sys . @@ -186,16 +190,16 @@ null layer. .\" .Sh INVOKING OPERATIONS ON LOWER LAYERS There are two techniques to invoke operations on a lower layer -when the operation cannot be completely bypassed. Each method -is appropriate in different situations. In both cases, -it is the responsibility of the aliasing layer to make +when the operation cannot be completely bypassed. +Each method is appropriate in different situations. +In both cases, it is the responsibility of the aliasing layer to make the operation arguments "correct" for the lower layer by mapping an vnode arguments to the lower layer. .Pp The first approach is to call the aliasing layer's bypass routine. This method is most suitable when you wish to invoke the operation -currently being handled on the lower layer. It has the advantage -the bypass routine already must do argument mapping. +currently being handled on the lower layer. +It has the advantage the bypass routine already must do argument mapping. An example of this is .Em null_getattrs in the null layer. @@ -205,8 +209,8 @@ the lower layer with the .Em VOP_OPERATIONNAME interface. The advantage of this method is that it is easy to invoke -arbitrary operations on the lower layer. The disadvantage -is that vnodes arguments must be manually mapped. +arbitrary operations on the lower layer. +The disadvantage is that vnodes arguments must be manually mapped. .\" .\" .Sh SEE ALSO diff --git a/sbin/mount_portal/mount_portal.8 b/sbin/mount_portal/mount_portal.8 index fc93a87a662..405996913b5 100644 --- a/sbin/mount_portal/mount_portal.8 +++ b/sbin/mount_portal/mount_portal.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_portal.8,v 1.10 1999/07/21 01:07:55 deraadt Exp $ +.\" $OpenBSD: mount_portal.8,v 1.11 2000/03/18 22:56:01 aaron Exp $ .\" $NetBSD: mount_portal.8,v 1.6 1995/08/18 15:01:19 pk Exp $ .\" .\" Copyright (c) 1993, 1994 @@ -110,8 +110,8 @@ Each rule takes one line and consists of two or more whitespace separated fields. A hash .Pq Sq # -character causes the remainder of a line to -be ignored. Blank lines are ignored. +character causes the remainder of a line to be ignored. +Blank lines are ignored. .Pp The first field is a pathname prefix to match against the requested pathname. diff --git a/sbin/mount_umap/mount_umap.8 b/sbin/mount_umap/mount_umap.8 index 3addee5c29e..2aacd29122d 100644 --- a/sbin/mount_umap/mount_umap.8 +++ b/sbin/mount_umap/mount_umap.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_umap.8,v 1.13 2000/03/04 22:19:30 aaron Exp $ +.\" $OpenBSD: mount_umap.8,v 1.14 2000/03/18 22:56:01 aaron Exp $ .\" $NetBSD: mount_umap.8,v 1.4 1996/03/05 02:36:42 thorpej Exp $ .\" .\" Copyright (c) 1992, 1993, 1994 @@ -77,9 +77,11 @@ The .Nm command uses a set of files provided by the user to make correspondences between UIDs and GIDs in the subtree's original environment and -some other set of IDs in the local environment. For instance, user +some other set of IDs in the local environment. +For instance, user smith might have UID 1000 in the original environment, while having -UID 2000 in the local environment. The +UID 2000 in the local environment. +The .Nm command allows the subtree from smith's original environment to be mapped in such a way that all files with owner UID 1000 look like @@ -97,7 +99,8 @@ and describe the mappings to be made between identifiers. Briefly, the format of these files is a count of the number of mappings on the first line, with each subsequent line containing -a single mapping. Each of these mappings consists of an ID from +a single mapping. +Each of these mappings consists of an ID from the original environment and the corresponding ID in the local environment, separated by whitespace. .Em uid-mapfile @@ -111,21 +114,23 @@ will be treated as user NOBODY, and any GIDs not mapped in .Em gid-mapfile will be treated as group -NULLGROUP. At most 64 UIDs can be mapped for a given subtree, and +NULLGROUP. +At most 64 UIDs can be mapped for a given subtree, and at most 16 groups can be mapped by a given subtree. .Pp The mapfiles can be located anywhere in the file hierarchy, but they must be owned by root, and they must be writable only by root. .Nm will refuse to map the subtree if the ownership or permissions on -these files are improper. It will also balk if the count of mappings +these files are improper. +It will also balk if the count of mappings in the first line of the map files is not correct. .Pp The layer created by the .Nm command is meant to serve as a simple example of file system layering. -It is not meant for production use. The implementation is not very -sophisticated. +It is not meant for production use. +The implementation is not very sophisticated. .Sh SEE ALSO .Xr mount 8 , .Xr mount_null 8 diff --git a/sbin/mount_xfs/mount_xfs.8 b/sbin/mount_xfs/mount_xfs.8 index 0e4a903bae4..c556e2a44e7 100644 --- a/sbin/mount_xfs/mount_xfs.8 +++ b/sbin/mount_xfs/mount_xfs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_xfs.8,v 1.13 1999/07/21 01:07:56 deraadt Exp $ +.\" $OpenBSD: mount_xfs.8,v 1.14 2000/03/18 22:56:01 aaron Exp $ .\" $NetBSD: mount_null.8,v 1.4 1996/04/10 20:57:19 thorpej Exp $ .\" .\" Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan @@ -51,7 +51,8 @@ .Sh DESCRIPTION The .Nm -command mounts one of the xfs character devices. The character device is used +command mounts one of the xfs character devices. +The character device is used for communication with a user-land cachemanager and fileprovider. .Pp The options are as follows: @@ -66,7 +67,8 @@ man page for possible options and their meanings. .El .Pp The xfs filesystem was written primarily to make a free, AFS-compatible -filesystem (Arla). But since the xfs interface is simple and generic +filesystem (Arla). +But since the xfs interface is simple and generic it could be used for other filesystems as well. .\" .Sh SEE ALSO diff --git a/sbin/ncheck_ffs/ncheck_ffs.8 b/sbin/ncheck_ffs/ncheck_ffs.8 index 98dee72681c..625cb017ff1 100644 --- a/sbin/ncheck_ffs/ncheck_ffs.8 +++ b/sbin/ncheck_ffs/ncheck_ffs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ncheck_ffs.8,v 1.10 2000/03/05 00:28:56 aaron Exp $ +.\" $OpenBSD: ncheck_ffs.8,v 1.11 2000/03/18 22:56:02 aaron Exp $ .\" .\" Copyright (c) 1995, 1996 SigmaSoft, Th. Lockert <tholo@sigmasoft.com> .\" All rights reserved. @@ -42,7 +42,8 @@ .Sh DESCRIPTION .Nm generates a list of filenames and inode numbers for the given -file system. Names of directories are followed by a +file system. +Names of directories are followed by a .Dq \&. . .Pp The options are as follows: diff --git a/sbin/newfs/newfs.8 b/sbin/newfs/newfs.8 index e66c3c9ed9f..2c15337cd7d 100644 --- a/sbin/newfs/newfs.8 +++ b/sbin/newfs/newfs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: newfs.8,v 1.19 1999/12/03 19:24:18 art Exp $ +.\" $OpenBSD: newfs.8,v 1.20 2000/03/18 22:56:01 aaron Exp $ .\" $NetBSD: newfs.8,v 1.12 1995/03/18 14:58:41 cgd Exp $ .\" .\" Copyright (c) 1983, 1987, 1991, 1993, 1994 @@ -120,10 +120,12 @@ a set of configuration parameters for the memory based file system. The special file is typically that of the primary swap area, since that is where the file system will be backed up when free memory gets low and the memory supporting -the file system has to be paged. If the keyword +the file system has to be paged. +If the keyword .Dq swap is used instead of a special file name, default configuration parameters -will be used. (This option is useful when trying to use +will be used. +(This option is useful when trying to use .Nm mount_mfs on a machine without any disks.) .Pp @@ -152,7 +154,8 @@ that can be understood by older boot ROMs. .It Fl U Enables soft updates on the new filesystem. .It Fl q -Operate in quiet mode. With this option, +Operate in quiet mode. +With this option, .Nm will not print extraneous information like superblock backups. .It Fl a Ar maxcontig @@ -199,7 +202,8 @@ See .Xr tunefs 8 for more details on how to set this option. .It Fl n Ar number of rotational positions -The number of distinct rotational positions. The default is 1. +The number of distinct rotational positions. +The default is 1. .It Fl o Ar optimization\ preference .Ar space or diff --git a/sbin/newfs_msdos/newfs_msdos.8 b/sbin/newfs_msdos/newfs_msdos.8 index f0857cfe486..ddf5a8159d6 100644 --- a/sbin/newfs_msdos/newfs_msdos.8 +++ b/sbin/newfs_msdos/newfs_msdos.8 @@ -1,3 +1,5 @@ +.\" $OpenBSD: newfs_msdos.8,v 1.15 2000/03/18 22:56:02 aaron Exp $ +.\" .\" Copyright (c) 1998 Robert Nordier .\" All rights reserved. .\" @@ -78,26 +80,29 @@ FAT type (one of 12, 16, or 32). .It Fl I Ar volid Volume ID. .It Fl L Ar label -Volume label (up to 11 characters). The label should consist of +Volume label (up to 11 characters). +The label should consist of only those characters permitted in regular DOS (8+3) filenames. .It Fl O Ar OEM -OEM string (up to 8 characters). The default is +OEM string (up to 8 characters). +The default is "BSD 4.4". .It Fl S Ar sector-size -Number of bytes per sector. Acceptable values are powers of 2 -in the range 128 through 32768. +Number of bytes per sector. +Acceptable values are powers of 2 in the range 128 through 32768. .It Fl a Ar FAT-size Number of sectors per FAT. .It Fl b Ar block-size -File system block size (bytes per cluster). This should resolve to an -acceptable number of sectors per cluster (see below). +File system block size (bytes per cluster). +This should resolve to an acceptable number of sectors per cluster (see below). .It Fl c Ar cluster-size -Sectors per cluster. Acceptable values are powers of 2 in the range -1 through 128. +Sectors per cluster. +Acceptable values are powers of 2 in the range 1 through 128. .It Fl e Ar dirents Number of root directory entries (FAT12 and FAT16 only). .It Fl f Ar format -Specify a standard (floppy disk) format. The eight standard formats +Specify a standard (floppy disk) format. +The eight standard formats are (capacities in kilobytes): 160, 180, 320, 360, 720, 1200, 1440, 2880. .It Fl h Ar heads @@ -106,13 +111,14 @@ Number of drive heads. Location of the file system info sector (FAT32 only). A value of 0xffff signifies no info sector. .It Fl k Ar backup -Location of the backup boot sector (FAT32 only). A value -of 0xffff signifies no backup sector. +Location of the backup boot sector (FAT32 only). +A value of 0xffff signifies no backup sector. .It Fl m Ar media Media descriptor (acceptable range 0xf0 to 0xff). .It Fl n Ar FATs -Number of FATs. Acceptable values are 1 to 16 inclusive. The default -is 2. +Number of FATs. +Acceptable values are 1 to 16 inclusive. +The default is 2. .It Fl o Ar hidden Number of hidden sectors. .It Fl r Ar reserved @@ -125,8 +131,8 @@ Number of sectors per track. .Sh NOTES FAT file system parameters occupy a "Boot Sector BPB (BIOS Parameter Block)" in the first of the "reserved" sectors which precede the actual -file system. For reference purposes, this structure is presented -below. +file system. +For reference purposes, this structure is presented below. .Bd -literal struct bsbpb { u_int16_t bps; /* [-S] bytes per sector */ diff --git a/sbin/newlfs/newlfs.8 b/sbin/newlfs/newlfs.8 index 63966433779..dc10c1a8596 100644 --- a/sbin/newlfs/newlfs.8 +++ b/sbin/newlfs/newlfs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: newlfs.8,v 1.8 1999/06/04 02:45:19 aaron Exp $ +.\" $OpenBSD: newlfs.8,v 1.9 2000/03/18 22:56:02 aaron Exp $ .\" $NetBSD: newlfs.8,v 1.2 1995/03/18 14:58:54 cgd Exp $ .\" .\" Copyright (c) 1993 @@ -69,7 +69,8 @@ Create a log-structured file system (LFS). This flag is currently required. .It Fl m Ar freespace\&% The percentage of space reserved from normal users; the minimum -free space threshold. The default value used is 10%. +free space threshold. +The default value used is 10%. See .Xr tunefs 8 for more details on how to set this option. diff --git a/sbin/nfsiod/nfsiod.8 b/sbin/nfsiod/nfsiod.8 index 50ab70c3a26..57da8109c74 100644 --- a/sbin/nfsiod/nfsiod.8 +++ b/sbin/nfsiod/nfsiod.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nfsiod.8,v 1.9 1999/07/21 01:07:56 deraadt Exp $ +.\" $OpenBSD: nfsiod.8,v 1.10 2000/03/18 22:56:02 aaron Exp $ .\" $NetBSD: nfsiod.8,v 1.6 1995/03/18 14:59:04 cgd Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 @@ -61,7 +61,8 @@ Specify how many servers are to be started (max 20). .El .Pp A client should run enough daemons to handle its maximum -level of concurrency, typically four to six. The system maximum is twenty. +level of concurrency, typically four to six. +The system maximum is twenty. .Pp The .Nm diff --git a/sbin/photurisd/photurisd.8 b/sbin/photurisd/photurisd.8 index fcf5919bf7f..85a90a01090 100644 --- a/sbin/photurisd/photurisd.8 +++ b/sbin/photurisd/photurisd.8 @@ -1,4 +1,5 @@ -.\" $OpenBSD: photurisd.8,v 1.6 1999/09/23 04:12:02 alex Exp $ +.\" $OpenBSD: photurisd.8,v 1.7 2000/03/18 22:56:02 aaron Exp $ +.\" .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -70,8 +71,8 @@ The .Fl i option can be used to ignore the .Pa photuris.startup -file. Otherwise the exchanges in that file will be initiated -on startup. +file. +Otherwise the exchanges in that file will be initiated on startup. .It Fl d Ar directory The .Fl d @@ -79,7 +80,8 @@ option specifies the .Ar directory in which .Nm -looks for its startup files. The default is +looks for its startup files. +The default is .Pa /etc/photuris/ . .It Fl p Ar port The @@ -92,31 +94,35 @@ the daemon shall bind to. The file .Pa photuris.conf contains the moduli for the DH exchange and the actual exchange -schemes used to establish a shared secret. The following keywords are -understood: +schemes used to establish a shared secret. +The following keywords are understood: .Bl -tag -width exchange -offset indent .It Ic modulus -This keyword is followed by the numeric generator and modulus. Those two -values describe the group in which exchange values for the +This keyword is followed by the numeric generator and modulus. +Those two values describe the group in which exchange values for the .Dq Diffie-Hellmann -key exchange are generated. The modulus needs to be a +key exchange are generated. +The modulus needs to be a .Dq safe prime . .It Ic exchange -This keyword is used to specify the supported exchange schemes. The scheme is +This keyword is used to specify the supported exchange schemes. +The scheme is followed by either zero or the number of bits of the modulus to be used with this scheme. If zero is specified the given scheme acts as modifier to the base -scheme. The base scheme is +scheme. +The base scheme is .Dq DH_G_2_MD5 -(generator of two and MD5 identification). Extended schemes are +(generator of two and MD5 identification). +Extended schemes are .Dq DH_G_2_DES_MD5 and .Dq DH_G_2_3DES_SHA1 . An exchange can only be configured if an apropriate modulus has be given before. .It Ic config -This is used to configure the LifeTimes of SPIs and exchanges. The configurable -values are: +This is used to configure the LifeTimes of SPIs and exchanges. +The configurable values are: .Ic exchange_max_retries , .Ic exchange_retransmit_timeout , .Ic exchange_timeout , @@ -129,19 +135,21 @@ They are followed by an integer. The file .Pa attributes.conf contains the attributes, i.e., different choices of encryption -and authentication, offered to the other peer. If a line starts with an ip +and authentication, offered to the other peer. +If a line starts with an ip address and a space separated netmask the following attributes are only -offered to hosts lying in that net range. Only one attribute per line -is allowed. An attribute can either be an already defined tag or -a new definition of an attribute. In that case the line is followed by a -comma separated list: +offered to hosts lying in that net range. +Only one attribute per line is allowed. +An attribute can either be an already defined tag or +a new definition of an attribute. +In that case the line is followed by a comma-separated list: .Ar attribute name , .Ar Photuris ID , .Ar type of attribute and .Ar key length . -The name is only used as reference. A list of possible Photuris IDs can -be found in +The name is only used as reference. +A list of possible Photuris IDs can be found in .Pa /usr/share/ipsec/attributes.conf . The attribute type is one of the following: .Dq enc , @@ -166,21 +174,22 @@ identity exchange. .Bl -tag -width identity_pair_local -offset indent .It Ic identity local Defines the identity the local daemon will assume and the according -password. Both name and secret are braced by quotation marks and follow -the +password. +Both name and secret are braced by quotation marks and follow the .Ic identity local directive. .It Ic identity remote Defines the parties the daemon can communicate with and their secrets. Both name and secret are braced by quotation marks and follow the .Ic identity remote -directive. The name and secret are the same as the identity local -on the remote site. +directive. +The name and secret are the same as the identity local on the remote site. .It Ic identity pair local If the identity of the remote site is already known, .Ic identity pair local enables the daemon to assume an identity and secret based on -the remote identity. The directive is followed by the +the remote identity. +The directive is followed by the remote identity, a new local identity and an according secret. In that way the secrets are not shared with all other parties. .El @@ -205,7 +214,8 @@ and .Ic user are understood in the .Pa photuris.startup -file. The values are as follows: +file. +The values are as follows: .Bl -tag -width exchange_lifetime -offset indent .It Ic dst The destination IP address with which the exchange is to be established. @@ -214,7 +224,8 @@ The port number of the destination .Nm daemon. .It Ic options -The options to be used in the exchange. Possible values are +The options to be used in the exchange. +Possible values are .Dq enc and .Dq auth . @@ -223,10 +234,12 @@ If both .Ic tsrc and .Ic tdst -(see below) are specified, a tunnel (IP over IP) is setup. The +(see below) are specified, a tunnel (IP over IP) is setup. +The .Ic tsrc option is a network address with netmask used for matching the source -IP address of a packet. When both the source and the destination +IP address of a packet. +When both the source and the destination addresses match their respective options the packet will be routed into the tunnel. .It Ic tdst @@ -234,18 +247,22 @@ If both .Ic tsrc (see above) and .Ic tdst -are specified, a tunnel (IP over IP) is setup. The +are specified, a tunnel (IP over IP) is setup. +The .Ic tdst option is a network address with netmask used for matching the destination -IP address of a packet. When both the source and the destination +IP address of a packet. +When both the source and the destination addresses match their respective options the packet will be routed into the tunnel. .It Ic exchange_lifetime -Determines the lifetime of the exchange. After an exchange expires +Determines the lifetime of the exchange. +After an exchange expires no new SPIs are created, which means the transport or tunnel is torn down as soon as the current SPI times out (see .Ic spi_lifetime -below). The default value is gotten from the +below). +The default value is gotten from the .Ic exchange_lifetime parameter given in .Pa photuris.conf . @@ -253,8 +270,8 @@ If it is not given there the default is 1800 seconds. .It Ic spi_lifetime Determines the lifetime of each created SPI in the exchange. .It Ic user -The user name for whom the keying shall be done. Preconfigured -secrets are taken from the users secret file. +The user name for whom the keying shall be done. +Preconfigured secrets are taken from the users secret file. .El .Pp Exchanges are separated by newlines. diff --git a/sbin/ping/ping.8 b/sbin/ping/ping.8 index f7e71ce2e98..477c44c62a7 100644 --- a/sbin/ping/ping.8 +++ b/sbin/ping/ping.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ping.8,v 1.19 1999/07/18 16:21:55 hugh Exp $ +.\" $OpenBSD: ping.8,v 1.20 2000/03/18 22:56:02 aaron Exp $ .\" $NetBSD: ping.8,v 1.10 1995/12/31 04:55:35 ghudson Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 @@ -107,8 +107,8 @@ Only the super-user may use this option. This can be very hard on a network and should be used with caution. .Ef .It Fl I Ar ifaddr -Specify the interface to transmit from on machines with multiple -interfaces. For unicast and multicast pings. +Specify the interface to transmit from on machines with multiple interfaces. +For unicast and multicast pings. .It Fl i Ar wait Wait .Ar wait @@ -126,7 +126,8 @@ If is specified, .Nm sends that many packets as fast as possible before falling into its normal -mode of behavior. Only root may set a preload value. +mode of behavior. +Only root may set a preload value. .It Fl n Numeric output only. No attempt will be made to lookup symbolic names for host addresses. @@ -155,8 +156,8 @@ Note that the IP header is only large enough for nine such routes. If more routes come back than should, such as due to an illegal spoofed packet, .Nm -will print the route list and then truncate it at the correct -spot. Many hosts ignore or discard this option. +will print the route list and then truncate it at the correct spot. +Many hosts ignore or discard this option. .It Fl r Bypass the normal routing tables and send directly to a host on an attached network. @@ -171,7 +172,8 @@ The default is 56, which translates into 64 data bytes when combined with the 8 bytes of .Tn ICMP -header data. If the +header data. +If the .Fl D or .Fl T @@ -192,7 +194,8 @@ packets other than that are received are listed. .It Fl w Ar maxwait Specifies the number of seconds to wait for a response to a packet -before transmitting the next one. The default is 10. +before transmitting the next one. +The default is 10. .El .Pp In addition, the following option may be used for multicast pings: @@ -212,7 +215,8 @@ Round trip times and packet loss statistics are computed. If duplicate packets are received, they are not included in the packet loss calculation, although the round trip time of these packets is used in calculating the minimum/average/maximum round trip time numbers and -the standard deviation. When the specified number of packets have been +the standard deviation. +When the specified number of packets have been sent (and received), or if the program is terminated with a .Dv SIGINT , a brief summary is displayed. diff --git a/sbin/ping6/ping6.8 b/sbin/ping6/ping6.8 index 17cf288b1bc..0ec28ae4b51 100644 --- a/sbin/ping6/ping6.8 +++ b/sbin/ping6/ping6.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ping6.8,v 1.5 2000/02/28 14:06:39 itojun Exp $ +.\" $OpenBSD: ping6.8,v 1.6 2000/03/18 22:56:03 aaron Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. .\" All rights reserved. @@ -82,7 +82,8 @@ Generate ICMPv6 Node Information Node Addresses query, rather than echo-request. must be a string constructed of the following charaters. .Bl -tag -width Ds -compact .It Ic a -requests all the responder's unicast addresses. If the charater is ommited, +requests all the responder's unicast addresses. +If the charater is ommited, only those addresses which belong to the interface which has the responder's address are requests. .It Ic c @@ -94,11 +95,13 @@ requests responder's site-local addresses. .It Ic l requests responder's link-local addresses. .It Ic A -requests responder's anycast addresses. Without this character, the responder -will return unicast addresses only. With this character, the responder -will return anycast addresses only. +requests responder's anycast addresses. +Without this character, the responder +will return unicast addresses only. +With this character, the responder will return anycast addresses only. Note that the specification does not specify how to get responder's -anycast addresses. This is an experimental option. +anycast addresses. +This is an experimental option. .El .It Fl b Ar bufsiz Set socket buffer size. @@ -200,7 +203,7 @@ If the outgoing interface is specified by the .Fl I option as well, the address must be assinged to the specified interface. .It Fl s Ar packetsize -Specifies the number of data bytes to be sent. +Specifies the number of data bytes to be sent. The default is 56, which translates into 64 .Tn ICMP data bytes when combined diff --git a/sbin/quotacheck/quotacheck.8 b/sbin/quotacheck/quotacheck.8 index 26d847e5503..25c76507b56 100644 --- a/sbin/quotacheck/quotacheck.8 +++ b/sbin/quotacheck/quotacheck.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: quotacheck.8,v 1.8 1999/06/04 02:45:22 aaron Exp $ +.\" $OpenBSD: quotacheck.8,v 1.9 2000/03/18 22:56:03 aaron Exp $ .\" $NetBSD: quotacheck.8,v 1.4 1995/03/18 14:59:20 cgd Exp $ .\" .\" Copyright (c) 1983, 1990, 1991, 1993 @@ -83,7 +83,8 @@ By default, only the types of quotas listed in .Pa /etc/fstab are checked. .It Fl d -Enable debugging mode. No actual data will be written on disk(s). +Enable debugging mode. +No actual data will be written on disk(s). .It Fl g Only group quotas listed in .Pa /etc/fstab diff --git a/sbin/raidctl/raidctl.8 b/sbin/raidctl/raidctl.8 index 8266cdfa00a..061d2d24094 100644 --- a/sbin/raidctl/raidctl.8 +++ b/sbin/raidctl/raidctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: raidctl.8,v 1.11 2000/03/14 21:31:42 aaron Exp $ +.\" $OpenBSD: raidctl.8,v 1.12 2000/03/18 22:56:03 aaron Exp $ .\" $NetBSD: raidctl.8,v 1.11 2000/01/05 03:02:41 oster Exp $ .\" .\" Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -123,7 +123,8 @@ is the user-land control program for the RAIDframe disk device. .Nm is primarily used to dynamically configure and unconfigure RAIDframe disk -devices. For more information about the RAIDframe disk device, see +devices. +For more information about the RAIDframe disk device, see .Xr raid 4 . .Pp This document assumes the reader has at least rudimentary knowledge of @@ -138,7 +139,8 @@ as a hot spare for the device .Ar dev . .It Fl B Ar dev Initiate a copyback of reconstructed data from a spare disk to -it's original disk. This is performed after a component has failed, +it's original disk. +This is performed after a component has failed, and the failed drive has been reconstructed onto a spare drive. .It Fl c Ar config_file Ar dev Configure the RAIDframe device @@ -151,8 +153,8 @@ is given later. .It Fl C Ar config_file Ar dev As for .Ar -c , -but forces the configuration to take place. This is required the -first time a RAID set is configured. +but forces the configuration to take place. +This is required the first time a RAID set is configured. .It Fl f Ar component Ar dev This marks the specified .Ar component @@ -162,12 +164,14 @@ component. Fails the specified .Ar component of the device, and immediately begin a reconstruction of the failed -disk onto an available hot spare. This is one of the mechanisms used to start +disk onto an available hot spare. +This is one of the mechanisms used to start the reconstruction process if a component does have a hardware failure. .It Fl g Ar component Ar dev Get the component label for the specified component. .It Fl i Ar dev -Initialize (re-write) the parity on the device. This +Initialize (re-write) the parity on the device. +This .Em must be done before the RAID device is labeled and before filesystems are created on the RAID device, and is normally used after @@ -175,15 +179,15 @@ a system crash (and before a .Xr fsck 8 ) to ensure the integrity of the parity. .It Fl I Ar serial_number Ar dev -Initialize the component labels on each component of the device. +Initialize the component labels on each component of the device. .Ar serial_number is used as one of the keys in determining whether a -particular set of components belong to the same RAID set. While not -strictly enforced, different serial numbers should be used for +particular set of components belong to the same RAID set. +While not strictly enforced, different serial numbers should be used for different RAID sets. .It Fl p Ar dev -Check the status of the parity on the RAID set. Displays a status -message, and returns successfully if the parity is up-to-date. +Check the status of the parity on the RAID set. +Displays a status message; returns successfully if the parity is up-to-date. .It Fl P Ar dev Check the status of the parity on the RAID set, and initialize (re-write) the parity if the parity is not known to be up-to-date. @@ -202,12 +206,14 @@ component has a hardware failure. Display the status of the RAIDframe device for each of the components and spares. .It Fl S Ar dev -Check the status of component reconstruction. The output indicates +Check the status of component reconstruction. +The output indicates the amount of progress achieved in reconstructing a failed component. .It Fl u Ar dev Unconfigure the RAIDframe device. .It Fl v -Be more verbose. For operations such as reconstructions, parity +Be more verbose. +For operations such as reconstructions, parity re-writing, and copybacks, provide a progress indicator. .El .Pp @@ -225,35 +231,38 @@ or just simply raid0 (for .Pa /dev/rraid0d ) . .Pp The format of the configuration file is complex, and -only an abbreviated treatment is given here. In the configuration -files, a -.Sq # +only an abbreviated treatment is given here. +In the configuration files, a +.Ql # indicates the beginning of a comment. .Pp There are 4 required sections of a configuration file, and 2 -optional components. Each section begins with a +optional components. +Each section begins with a .Dq START , followed by the section name, and the confuration parameters associated with that -section. The first section is the +section. +The first section is the .Dq array section, and it specifies -the number of rows, columns, and spare disks in the RAID array. For -example: +the number of rows, columns, and spare disks in the RAID array. +For example: .Bd -unfilled -offset indent START array 1 3 0 .Ed .Pp -indicates an array with 1 row, 3 columns, and 0 spare disks. Note -that although multi-dimensional arrays may be specified, they are +indicates an array with 1 row, 3 columns, and 0 spare disks. +Note that although multi-dimensional arrays may be specified, they are .Em not supported in the driver. .Pp The second section, the .Dq disks section, specifies the actual -components of the device. For example: +components of the device. +For example: .Bd -unfilled -offset indent START disks /dev/sd0e @@ -261,15 +270,17 @@ START disks /dev/sd2e .Ed .Pp -specifies the three component disks to be used in the RAID device. If -any of the specified drives cannot be found when the RAID device is +specifies the three component disks to be used in the RAID device. +If any of the specified drives cannot be found when the RAID device is configured, then they will be marked as .Dq failed , and the system will -operate in degraded mode. Note that it is +operate in degraded mode. +Note that it is .Em imperative that the order of the components in the configuration file does not -change between configurations of a RAID device. Changing the order +change between configurations of a RAID device. +Changing the order of the components (at least at the time of this writing) will result in data loss. .Pp @@ -279,7 +290,8 @@ is optional, and if present specifies the devices to be used as .Dq hot spares -- devices which are on-line, but are not actively used by the RAID driver unless -one of the main components fail. A simple +one of the main components fail. +A simple .Dq spare section might be: .Bd -unfilled -offset indent @@ -287,18 +299,20 @@ START spare /dev/sd3e .Ed .Pp -for a configuration with a single spare component. If no spare drives -are to be used in the configuration, then the +for a configuration with a single spare component. +If no spare drives are to be used in the configuration, then the .Dq spare section may be omitted. .Pp The next section is the .Dq layout -section. This section describes the +section. +This section describes the general layout parameters for the RAID device, and provides such information as sectors per stripe unit, stripe units per parity unit, stripe units per reconstruction unit, and the parity configuration to -use. This section might look like: +use. +This section might look like: .Bd -unfilled -offset indent START layout # sectPerSU SUsPerParityUnit SUsPerReconUnit RAID_level @@ -307,26 +321,31 @@ START layout .Pp The sectors per stripe unit specifies, in blocks, the interleave factor; i.e., the number of contiguous sectors to be written to each -component for a single stripe. Appropriate selection of this value +component for a single stripe. +Appropriate selection of this value (32 in this example) is the subject of much research in RAID -architectures. The stripe units per parity unit and +architectures. +The stripe units per parity unit and stripe units per reconstruction unit are normally each set to 1. While certain values above 1 are permitted, a discussion of valid values and the consequences of using anything other than 1 are outside -the scope of this document. The last value in this section (5 in this -example) indicates the parity configuration desired. Valid entries -include: +the scope of this document. +The last value in this section (5 in this +example) indicates the parity configuration desired. +Valid entries include: .Bl -tag -width inde .It 0 -RAID level 0. No parity, only simple striping. +RAID level 0. +No parity, only simple striping. .It 1 -RAID level 1. Mirroring. +RAID level 1. +Mirroring. .It 4 -RAID level 4. Striping across components, with parity stored on the -last component. +RAID level 4. +Striping across components, with parity stored on the last component. .It 5 -RAID level 5. Striping across components, parity distributed across -all components. +RAID level 5. +Striping across components, parity distributed across all components. .El .Pp There are other valid entries here, including those for Even-Odd @@ -337,24 +356,24 @@ those parity operations has not been tested with .Pp The next required section is the .Dq queue -section. This is most often -specified as: +section. +This is most often specified as: .Bd -unfilled -offset indent START queue fifo 1 .Ed .Pp where the queuing method is specified as FIFO (first-in, first-out), -and the size of the per-component queue is limited to 1 request. A -value of 1 is quite conservative here, and values of 100 or more may +and the size of the per-component queue is limited to 1 request. +A value of 1 is quite conservative here, and values of 100 or more may been used to increase the driver performance. Other queuing methods may also be specified, but a discussion of them is beyond the scope of this document. .Pp The final section, the .Dq debug -section, is optional. For more details -on this the reader is referred to the RAIDframe documentation +section, is optional. +For more details on this the reader is referred to the RAIDframe documentation dissussed in the .Sx HISTORY section. @@ -363,14 +382,15 @@ See for a more complete configuration file example. .Sh EXAMPLES The examples in this section will focus on a RAID 5 configuration. -Other RAID configurations will behave similarly. It is highly -recommended that before using the RAID driver for real filesystems +Other RAID configurations will behave similarly. +It is highly +recommended that before using the RAID driver for real file systems that the system administrator(s) have used .Em all of the options for .Nm raidctl , -and that they understand how the component reconstruction process -works. While this example is not created as a tutorial, the steps +and that they understand how the component reconstruction process works. +While this example is not created as a tutorial, the steps shown here can be easily duplicated using four equal-sized partitions from any number of disks (including all four from a single disk). .Pp @@ -378,8 +398,8 @@ The primary uses of .Nm is to configure and unconfigure .Xr raid 4 -devices. To configure a device, a configuration -file which looks something like: +devices. +To configure a device, a configuration file which looks something like: .Bd -unfilled -offset indent START array # numRow numCol numSpare @@ -401,7 +421,8 @@ START queue fifo 100 .Ed .Pp -is first created. In short, this configuration file specifies a RAID +is first created. +In short, this configuration file specifies a RAID 5 configuration consisting of the disks .Pa /dev/sd1e , .Pa /dev/sd2e , @@ -412,8 +433,8 @@ with available as a .Dq hot spare in case one of -the three main drives should fail. If the above configuration is in a -file called +the three main drives should fail. +If the above configuration is in a file called .Pa rfconfig , raid device 0 in the normal case can be configured with: .Bd -unfilled -offset indent @@ -425,14 +446,16 @@ The above is equivalent to the following: raidctl -c rfconfig /dev/rraid0d .Ed .Pp -on the i386 architecture. On all other architectures, +on the i386 architecture. +On all other architectures, .Pa /dev/rraid0c is used in place of .Pa /dev/rraid0d . .Pp A RAID set will not configure with .Fl c -if the component labels are not correct. A +if the component labels are not correct. +A .Sq component label contains important information about the component, including a user-specified serial number, the row and column of that component in the RAID @@ -454,21 +477,24 @@ raidctl -C rfconfig raid0 The .Fl C forces the configuration to succeed, even if any of the component -labels are incorrect. This option should not be used lightly in +labels are incorrect. +This option should not be used lightly in situations other than initial configurations, as if the system is refusing to configure a RAID set, there is probably a very good reason for it. .Pp When the RAID set is configured for the first time, it is necessary to initialize the component labels, and to initialize the -parity on the RAID set. Initializing the component labels is done with: +parity on the RAID set. +Initializing the component labels is done with: .Bd -unfilled -offset indent raidctl -I 112341 raid0 .Ed .Pp where .Sq 112341 -is a user-specified serial number for the RAID set. Using different +is a user-specified serial number for the RAID set. +Using different serial numbers between RAID sets is strongly encouraged, as using the same serial number for all RAID sets will only serve to decrease the usefulness of the component label checking. @@ -479,8 +505,8 @@ raidctl -i raid0 .Ed .Pp Initializing the parity in this way may also be required after an -unclean shutdown. Once the parity is known to be correct, -it is then safe to perform +unclean shutdown. +Once the parity is known to be correct, it is then safe to perform .Xr disklabel 8 , .Xr newfs 8 , or @@ -493,16 +519,18 @@ After the parity has been initialized for the first time, the command: raidctl -p raid0 .Ed .Pp -can be used to check the current status of the parity. To check the -parity and rebuild it if necessary the command: +can be used to check the current status of the parity. +To check the parity and rebuild it if necessary the command: .Bd -unfilled -offset indent raidctl -P raid0 .Ed .Pp -is used. Note that re-writing the parity can be done while +is used. +Note that re-writing the parity can be done while other operations on the RAID set are taking place (e.g., while doing a .Xr fsck 8 -on a filesystem on the RAID set). However: for maximum effectiveness +on a filesystem on the RAID set). +However: for maximum effectiveness of the RAID set, the parity should be known to be correct before any data on the set is modified. .Pp @@ -545,8 +573,11 @@ Status: optimal .Pp For a component label to be considered valid, that particular component label must be in agreement with the other component labels -in the set. For example, the serial number, 'modification counter', -number of rows and number of columns must all be in agreement. If any +in the set. +For example, the serial number, +.Dq modification counter , +number of rows, and number of columns must all be in agreement. +If any of these are different, then the component is not considered to be part of the set. .Pp @@ -571,8 +602,8 @@ Spares: .Pp Note that with the use of .Fl f -a reconstruction has not been started. To both fail the disk and -start a reconstruction, the +a reconstruction has not been started. +To both fail the disk and start a reconstruction, the .Fl F option must be used: .Bd -unfilled -offset indent @@ -594,12 +625,13 @@ Spares: /dev/sd4e: used_spare .Ed .Pp -This indicates that a reconstruction is in progress. To find out how -the reconstruction is progressing the +This indicates that a reconstruction is in progress. +To find out how the reconstruction is progressing the .Fl S -option may be used. This will indicate the progress in terms of the -percentage of the reconstruction that is completed. When the -reconstruction is finished the +option may be used. +This will indicate the progress in terms of the +percentage of the reconstruction that is completed. +When the reconstruction is finished the .Fl s option will show: .Bd -unfilled -offset indent @@ -611,7 +643,8 @@ Spares: /dev/sd4e: used_spare .Ed .Pp -At this point there are at least two options. First, if +At this point there are at least two options. +First, if .Pa /dev/sd2e is known to be good (i.e., the failure was either caused by .Fl f @@ -620,7 +653,8 @@ or or the failed disk was replaced), then a copyback of the data can be initiated with the .Fl B -option. In this example, this would copy the entire contents of +option. +In this example, this would copy the entire contents of .Pa /dev/sd4e to .Pa /dev/sd2e . @@ -640,8 +674,8 @@ The second option after the reconstruction is to simply use .Pa /dev/sd4e in place of .Pa /dev/sd2e -in the configuration file. For example, the -configuration file (in part) might now look like: +in the configuration file. +For example, the configuration file (in part) might now look like: .Bd -unfilled -offset indent START array 1 3 0 @@ -656,11 +690,13 @@ This can be done as .Pa /dev/sd4e is completely interchangeable with .Pa /dev/sd2e -at this point. Note that extreme care must be taken when -changing the order of the drives in a configuration. This is one of +at this point. +Note that extreme care must be taken when +changing the order of the drives in a configuration. +This is one of the few instances where the devices and/or their orderings can be -changed without loss of data! In general, the ordering of components -in a configuration file should +changed without loss of data! +In general, the ordering of components in a configuration file should .Em never be changed. .Pp @@ -674,8 +710,8 @@ Components: No spares. .Ed .Pp -In this case there are a number of options. The first option is to add a hot -spare using: +In this case there are a number of options. +The first option is to add a hot spare using: .Bd -unfilled -offset indent raidctl -a /dev/sd4e raid0 .Ed @@ -706,8 +742,8 @@ raidctl -R /dev/sd2e raid0 .Pp to rebuild the .Pa /dev/sd2e -component. As the rebuilding is in progress, -the status will be: +component. +As the rebuilding is in progress, the status will be: .Bd -unfilled -offset indent Components: /dev/sd1e: optimal @@ -725,13 +761,12 @@ Components: No spares. .Ed .Pp - -.Pp The final operation performed by .Nm is to unconfigure a .Xr raid 4 -device. This is accomplished via a simple: +device. +This is accomplished via a simple: .Bd -unfilled -offset indent raidctl -u raid0 .Ed @@ -739,7 +774,8 @@ raidctl -u raid0 at which point the device is ready to be reconfigured. .Sh WARNINGS Certain RAID levels (1, 4, 5, 6, and others) can protect against some -data loss due to component failure. However the loss of two +data loss due to component failure. +However the loss of two components of a RAID 4 or 5 system, or the loss of a single component of a RAID 0 system will result in the entire filesystem being lost. RAID is @@ -749,12 +785,14 @@ a substitute for good backup practices. Recomputation of parity .Em must be performed whenever there is a chance that it may have been -compromised. This includes after system crashes, or before a RAID -device has been used for the first time. Failure to keep parity +compromised. +This includes after system crashes, or before a RAID +device has been used for the first time. +Failure to keep parity correct will be catastrophic should a component ever fail -- it is better to use RAID 0 and get the additional space and speed, than it -is to use parity, but not keep the parity correct. At least with RAID -0 there is no perception of increased data security. +is to use parity, but not keep the parity correct. +At least with RAID 0 there is no perception of increased data security. .Pp .Sh FILES .Bl -tag -width /dev/XXrXraidX -compact @@ -767,8 +805,6 @@ device special files .Xr ccd 4 , .Xr raid 4 , .Xr rc 8 -.Sh BUGS -Hot-spare removal is currently not available. .Sh HISTORY RAIDframe is a framework for rapid prototyping of RAID structures developed by the folks at the Parallel Data Laboratory at Carnegie @@ -781,11 +817,13 @@ Parallel Data Laboratory of Carnegie Mellon University. .Pp The .Nm -command first appeared as a program in CMU's RAIDframe v1.1 distribution. This -version of +command first appeared as a program in CMU's RAIDframe v1.1 distribution. +This version of .Nm is a complete re-write, and first appeared in .Nx 1.4 . +.Sh BUGS +Hot-spare removal is currently not available. .Sh COPYRIGHT .Bd -unfilled diff --git a/sbin/reboot/boot_atari.8 b/sbin/reboot/boot_atari.8 index 89f410f7368..21ecf142991 100644 --- a/sbin/reboot/boot_atari.8 +++ b/sbin/reboot/boot_atari.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_atari.8,v 1.8 1999/07/08 19:58:30 deraadt Exp $ +.\" $OpenBSD: boot_atari.8,v 1.9 2000/03/18 22:56:03 aaron Exp $ .\" $NetBSD: boot_atari.8,v 1.1 1996/06/27 11:07:56 leo Exp $ .\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. @@ -51,20 +51,23 @@ system bootstrapping procedures When the .Ox kernel is booted normally (using one of the two methods discussed below), -it initializes itself and proceeds to boot the system. An automatic +it initializes itself and proceeds to boot the system. +An automatic consistency check of the file systems takes place, and unless this -fails, the system comes up to multi-user operations. The proper way -to shut the system down is with the +fails, the system comes up to multi-user operations. +The proper way to shut the system down is with the .Xr shutdown 8 command. .Pp If the system crashes, it will enter the kernel debugger, .Xr ddb 8 , -if it is configured in the kernel. If the debugger is not present +if it is configured in the kernel. +If the debugger is not present or has exited, the system will attempt a dump to the configured dump device (which will be automatically recovered with .Xr savecore 8 -during the next boot cycle). After the dump completes (successful +during the next boot cycle). +After the dump completes (successful or not), the system will attempt a reboot. .Pp .Ss Booting OpenBSD using the bootloader @@ -74,20 +77,21 @@ partition is created by means of .Xr installboot 8 , the Atari BIOS will automatically start the .Ox -bootloader. By default, -it will load the kernel image +bootloader. +By default, it will load the kernel image .Pa /bsd -and attempt to boot it into multi-user mode. This behaviour can be changed by -either keeping the +and attempt to boot it into multi-user mode. +This behaviour can be changed by either keeping the .Sq Alternate or .Sq Right-Shift -key pressed during the boot process. When -the +key pressed during the boot process. +When the .Sq Alternate key is pressed, the bootstrap is aborted, causing the BIOS to continue scanning the disks for a bootable partition (this is compatible -with AHDI 3.0). Pressing the +with AHDI 3.0). +Pressing the .Sq Right-Shift key during the boot causes the bootloader to enter interactive mode. In interactive mode, the command line looks like: @@ -111,7 +115,8 @@ indicated will be used. If something other than .Pa .OpenBSD is specified, control is returned to the BIOS with the boot preference set to -the selected type. Due to limitations of the BIOS, however, the search for +the selected type. +Due to limitations of the BIOS, however, the search for bootblocks is continued rather than restarted. .It Em boot-path This gives you the opportunity to boot another kernel, say: @@ -138,7 +143,8 @@ When you want (or have to) start .Ox from GEM, you have to use the .Xr loadbsd -program that is supplied on the kernel-floppy. The +program that is supplied on the kernel-floppy. +The .Xr loadbsd command line specification is: @@ -172,15 +178,17 @@ only to use ST compatible RAM. Test loading of the kernel but don't start .Ox . .It Fl w -Wait for a keypress before exiting loadbsd. This is useful when starting this -program under GEM. +Wait for a keypress before exiting loadbsd. +This is useful when starting this program under GEM. .It Fl D Show debugging output while booting the kernel. .It Fl S Ar amount -Set the amount of available ST compatible RAM in bytes. Normally this +Set the amount of available ST compatible RAM in bytes. +Normally this value is set automatically from the values initialized by the BIOS. .It Fl T Ar amount -Set the amount of available TT compatible RAM in bytes. Normally this +Set the amount of available TT compatible RAM in bytes. +Normally this value is set automatically from the values initialized by the BIOS. .It Fl V Print the version of @@ -193,8 +201,8 @@ This is a GEMDOS path specification of the kernel to boot. Note: Because the loadbsd program can only read kernels from a GEMDOS filesystem, the file .Pa /bsd -is usually not the same as the actual kernel booted. This can cause some -programs to fail. +is usually not the same as the actual kernel booted. +This can cause some programs to fail. .Sh FILES .Bl -tag -width /bsd -compact .It Pa /bsd diff --git a/sbin/reboot/boot_i386.8 b/sbin/reboot/boot_i386.8 index 83e799fcd88..94c66ab7606 100644 --- a/sbin/reboot/boot_i386.8 +++ b/sbin/reboot/boot_i386.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_i386.8,v 1.10 1999/06/04 02:45:23 aaron Exp $ +.\" $OpenBSD: boot_i386.8,v 1.11 2000/03/18 22:56:03 aaron Exp $ .\" .\" Copyright (c) 1997 Tobias Weingartner .\" @@ -51,7 +51,8 @@ clones will perform a POST (Power On Self Test) upon being booted cold. This test will find and initialize memory, keyboard, and other devices. It will search for and initialize any extension ROMs that are present, and then attempt to boot the operating system from an available boot -drive. Failing this, older IBM systems came up in ROM BASIC. +drive. +Failing this, older IBM systems came up in ROM BASIC. .Pp The newer .Tn "PC AT" @@ -64,31 +65,38 @@ boot the hard disk C (otherwise known as hard disk controller 1, drive 0). The BIOS loads the first block (at physical location: track 0, head 0, sector 1) off the boot device into memory, and if the last two bytes in the block match the signature 0x55AA, the BIOS considers the block a valid -bootable drive. The BIOS then proceeds to call the machine code program -in this block. If the BIOS is current, it will also pass the boot drive +bootable drive. +The BIOS then proceeds to call the machine code program in this block. +If the BIOS is current, it will also pass the boot drive to the boot block in register %dl. .Pp -There are two different types of boot blocks on devices. There is the -MBR (master boot record) and the PBR (partition boot record). A digression +There are two different types of boot blocks on devices. +There is the +MBR (master boot record) and the PBR (partition boot record). +A digression into a little piece of history will quickly give light as to why this is so. In the beginning, the PC .Dq architecture came with a single or dual floppy -drives, and no hard drives. The only type of bootable sectors on any device -were the PBRs. They were responsible for loading the rest of the operating -system from the correct device. When hard disks came out, it was felt that +drives, and no hard drives. +The only type of bootable sectors on any device were the PBRs. +They were responsible for loading the rest of the operating +system from the correct device. +When hard disks came out, it was felt that such a huge space should be able to be partitioned into separate drives, and this is when the MBR was invented. .Pp The MBR relocates itself upon being loaded and invoked by the BIOS. Embeded within the MBR is a partition table, with four partition table -entries. The MBR code traverses this table (which was loaded with the +entries. +The MBR code traverses this table (which was loaded with the MBR by the BIOS), looking for an active entry, and then loads the MBR or -PBR from the disk location specified by the partition table entry. So -in reality, the MBR is nothing more than a fancy chaining PBR. +PBR from the disk location specified by the partition table entry. +So in reality, the MBR is nothing more than a fancy chaining PBR. .Pp Note: The MBR could load another MBR, which is the case when you are booting -off an extended partition. In other words, the first block of an extended +off an extended partition. +In other words, the first block of an extended partition is really an MBR, which will then load the corresponding MBR or PBR out of its extended partition's partition table. .Sh GEOMETRY TRANSLATION @@ -98,16 +106,18 @@ This portion of the is a mess, and a compatibility nightmare. .Pp The PC BIOS has an API to manipulate any disk that the BIOS happens to -support. This interface uses 10 bits to address the cylinder, 8 bits to -address the head, and 6 bits to address the sector of a drive. This -restricts any application using the BIOS to being able to address only +support. +This interface uses 10 bits to address the cylinder, 8 bits to +address the head, and 6 bits to address the sector of a drive. +This restricts any application using the BIOS to being able to address only 1024 cylinders, 256 heads, and 63 (since the sectors are 1 based) sectors -on a disk. These limitations proved to be fine for roughly 3 years after +on a disk. +These limitations proved to be fine for roughly 3 years after the debut of hard disks on PC computers. .Pp Many (if not all) newer drives have many more cylinders than the BIOS API -can support, and likely more sectors per track as well. To allow the BIOS -the ability of accessing these large drives, the BIOS would +can support, and likely more sectors per track as well. +To allow the BIOS the ability of accessing these large drives, the BIOS would .Dq re-map the cylinder/head/sector of the real drive geometry into something that would @@ -115,14 +125,16 @@ allow the applications using the BIOS to access a larger portion of the drive, still using the restricted BIOS API. .Pp The reason this has become a problem is that any modern OS will use its own -drivers to access the disk drive, bypassing the BIOS completely. However, +drivers to access the disk drive, bypassing the BIOS completely. +However, the MBR, PBR, and partition tables are all still written using the original -BIOS access methods. This is for backwards compatibility to the original -IBM PC! +BIOS access methods. +This is for backwards compatibility to the original IBM PC! .Pp So the gist of it is, the MBR, PBR, and partition table need to have BIOS geometry offsets and cylinder/head/sector values for them to be able to -load any type of operating system. This geometry can, and likely will, +load any type of operating system. +This geometry can, and likely will, change whenever you move a disk from machine to machine, or from controller to controller. .Em They are controller and machine specific . @@ -147,7 +159,7 @@ system second stage bootstrap The .Dq PC BIOS Architecture makes this process very prone to weird and -wonderful interactions between differing operating systems. There is -no published standard to the MBR and PBR, which makes coding these a -nightmare. Somebody *please* write me a decent BIOS, and make them (the -masses) use it! +wonderful interactions between differing operating systems. +There is no published standard to the MBR and PBR, +which makes coding these a nightmare. +Somebody *please* write me a decent BIOS, and make them (the masses) use it! diff --git a/sbin/reboot/boot_mac68k.8 b/sbin/reboot/boot_mac68k.8 index 6abeae79b98..89478b408ce 100644 --- a/sbin/reboot/boot_mac68k.8 +++ b/sbin/reboot/boot_mac68k.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_mac68k.8,v 1.11 2000/03/14 21:31:42 aaron Exp $ +.\" $OpenBSD: boot_mac68k.8,v 1.12 2000/03/18 22:56:03 aaron Exp $ .\" $NetBSD: boot_mac68k.8,v 1.1 1995/07/02 02:09:52 briggs Exp $ .\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. @@ -51,21 +51,25 @@ system bootstrapping procedures Normally, the .Ox kernel on the mac68k architecture is booted from the native operating -system by means of an application program. When the kernel takes over, -it initializes itself and proceeds to boot the system. An automatic +system by means of an application program. +When the kernel takes over, +it initializes itself and proceeds to boot the system. +An automatic consistency check of the file systems takes place, and unless this -fails, the system comes up to multi-user operations. The proper way -to shut the system down is with the +fails, the system comes up to multi-user operations. +The proper way to shut the system down is with the .Xr shutdown 8 command. .Pp If the system crashes, it will enter the kernel debugger, .Xr ddb 8 , -if it is configured in the kernel. If the debugger is not present +if it is configured in the kernel. +If the debugger is not present or has exited, the system will attempt a dump to the configured dump device (which will be automatically recovered with .Xr savecore 8 -during the next boot cycle). After the dump completes (successful +during the next boot cycle). +After the dump completes (successful or not), the system will attempt a reboot. .Pp On most mac68k machines with @@ -76,24 +80,28 @@ switch can be physically rotated and locked in the position. The native OS can be configured to automatically start the .Ox -boot program. Additionally, the +boot program. +Additionally, the .Ox boot program can be configured to boot .Ox -without intervention. When a system is so configured, it can crash +without intervention. +When a system is so configured, it can crash or lose power and reboot back to a fully multi-user state without any intervention. .Pp .Ss The boot application -The boot application runs in the native OS on the system. It has a +The boot application runs in the native OS on the system. +It has a dialog where booting preferences may be changed and an option whereby -these options may be saved. The preferences are stored in the program +these options may be saved. +The preferences are stored in the program itself, not in a preferences folder, thus allowing two separate copies of the program to be configured differently (e.g., to boot different bsd or bsd.test, or to boot from two different drives). .Pp -One option that may be specified is a boot to single-user mode. This -stops the boot process very early on and allows system maintenance. +One option that may be specified is a boot to single-user mode. +This stops the boot process very early on and allows system maintenance. If one wishes to provide some security at this phase of the boot, remove the .Dq secure @@ -103,8 +111,10 @@ file. .Pp Another useful option that may be specified is the .Dq serial console -option. This will allow a serial device (terminal or computer) to -act as a console for the system. This device must be configured to +option. +This will allow a serial device (terminal or computer) to +act as a console for the system. +This device must be configured to use 9600 baud, eight bits, no parity, and one stop bit (9600-8N1). Either the printer port or the modem port (tty01 and tty00, respectively) may be used for this. @@ -112,8 +122,9 @@ respectively) may be used for this. It is sometimes useful to boot a kernel that resides in a folder in native OS rather than from the usual location in the .Ox -file system. A radio button is supplied for this purpose. Note that -some programs will not run properly if the kernel is not found as +file system. +A radio button is supplied for this purpose. +Note that some programs will not run properly if the kernel is not found as .Pa /bsd within the .Ox diff --git a/sbin/reboot/boot_pmax.8 b/sbin/reboot/boot_pmax.8 index 1a108e082a9..a04839ef053 100644 --- a/sbin/reboot/boot_pmax.8 +++ b/sbin/reboot/boot_pmax.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_pmax.8,v 1.14 1999/07/08 19:58:30 deraadt Exp $ +.\" $OpenBSD: boot_pmax.8,v 1.15 2000/03/18 22:56:03 aaron Exp $ .\" $NetBSD: boot_pmax.8,v 1.1 1995/04/25 23:55:11 mellon Exp $ .\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. @@ -63,18 +63,20 @@ At power up, all DECstation ROMs consult the .Nm haltaction environment variable in EEPROM to determine whether or not to attempt an automatic -boot. If this -variable is set to +boot. +If this variable is set to .Dq h , the ROM prints a prompt on the console and -waits for user commands. If set to +waits for user commands. +If set to .Dq b , the ROM attempts to autoboot. .Pp On the DECstation 2100 and 3100, the path used for automatic booting is stored in the .Nm bootpath -environment variable. The path is made up of a +environment variable. +The path is made up of a device type specifier (e.g., rz, tz, mop or tftp), followed by a triplet in the form (x,y,z), followed by a filename to load. .Pp @@ -92,9 +94,11 @@ For network boots, () may be specified instead of (0,0,0). .Pp The filename is optional for bootp/tftp and mop booting, since in these cases the network protocol can be used to determine which -file to boot. When booting off the tape, no filename should be +file to boot. +When booting off the tape, no filename should be specified, and when booting off disk, the filename of a kernel -must be specified. Generally, the kernel is named +must be specified. +Generally, the kernel is named .Pa bsd . .Pp An example @@ -108,14 +112,15 @@ For automatic boots, the ROM automatically passes a argument to the bootloader, requesting that .Ox -attempt to come up to multi-user mode. At the boot ROM prompt, -the user may boot +attempt to come up to multi-user mode. +At the boot ROM prompt, the user may boot .Ox with either the .Nm auto or the .Nm boot -command. If the +command. +If the .Nm auto command is used, the .Fl a @@ -132,8 +137,8 @@ or the .Nm auto command is issued with no arguments, the kernel specified in the .Nm bootpath -environment variable is booted. An alternate kernel may be specified -with the +environment variable is booted. +An alternate kernel may be specified with the .Fl f flag, followed by the path of the kernel to boot, as described above. For example: @@ -144,23 +149,27 @@ On TurboChannel machines (all DECstation 5000 models), the bootpath is specified in the .Nm boot environment variable, along with any arguments -to be passed to the kernel. Note that to specify boot arguments (e.g., +to be passed to the kernel. +Note that to specify boot arguments (e.g., .Fl a ) when setting the .Nm boot environment variable, the filename and arguments -must be enclosed in quotes. For example: +must be enclosed in quotes. +For example: .Pp .Dl setenv boot "3/rz4/bsd -a" .Pp The device from which to boot is specified as the TurboChannel slot number, a TurboChannel-option-specific device name, and a path to the -file to load, all separated by slashes. You can get a list of the +file to load, all separated by slashes. +You can get a list of the devices installed in your TurboChannel slots (as well as any built-in devices which appear as TurboChannel slots) by typing the .Nm cnfg command -at the boot prompt. You can get more detailed information about a specific +at the boot prompt. +You can get more detailed information about a specific TurboChannel option by typing .Nm cnfg followed by the slot number of that @@ -170,7 +179,8 @@ For SCSI devices, the option-specific device identifier is either .Dq rz# for disks or .Dq tz# -for tapes, where # is the SCSI ID of the device. For network +for tapes, where # is the SCSI ID of the device. +For network devices, the option-specific protocol identifier is either mop or tftp. Filename requirements are as for the DECstation 2100 and 3100. .Pp @@ -178,7 +188,8 @@ To start .Ox from the boot prompt, the .Nm boot -command must be used. With no arguments, this simply boots the default +command must be used. +With no arguments, this simply boots the default kernel with the default arguments as set with .Nm setenv .Nm boot . @@ -186,7 +197,8 @@ If no .Nm boot environment variable is set, or if an alternate kernel is to be booted, the path of that kernel may be specified after the boot command as -described above, and any arguments may be passed similarly. For example: +described above, and any arguments may be passed similarly. +For example: .Pp .Dl boot 3/rz4/bsd.new -a .Sh SEE ALSO diff --git a/sbin/reboot/boot_sparc.8 b/sbin/reboot/boot_sparc.8 index 8e332be563e..e981df13106 100644 --- a/sbin/reboot/boot_sparc.8 +++ b/sbin/reboot/boot_sparc.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_sparc.8,v 1.13 1999/07/08 20:28:03 deraadt Exp $ +.\" $OpenBSD: boot_sparc.8,v 1.14 2000/03/18 22:56:03 aaron Exp $ .\" $NetBSD: boot_sparc.8,v 1.4 1995/04/25 11:37:25 pk Exp $ .\" .\" Copyright (c) 1992, 1993 @@ -81,20 +81,23 @@ ROM can be found on sun4c and sun4m models. The .Dq new-style SPARC boot ROM is a full-featured Forth system with emacs -key bindings. It can be put in +key bindings. +It can be put in .Dq old-style user-interface compatibility mode (in which case it shows a simple .Dq \&> prompt), but this is essentially -useless. However, by default the ROM runs in old-mode; to enter new-mode type +useless. +However, by default the ROM runs in old-mode; to enter new-mode type .Dq n . The ROM then shows a Forth-style .Dq ok -prompt. It is recommended to have -the ROM always start in its native +prompt. +It is recommended to have the ROM always start in its native .Dq new-style -mode. Utter the following +mode. +Utter the following incantation in new-mode to force the ROM to always start in new-mode: .Pp .Em \ ok diff --git a/sbin/reboot/boot_vax.8 b/sbin/reboot/boot_vax.8 index 5dd83bbd120..1ad13088986 100644 --- a/sbin/reboot/boot_vax.8 +++ b/sbin/reboot/boot_vax.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_vax.8,v 1.9 1999/07/08 19:58:30 deraadt Exp $ +.\" $OpenBSD: boot_vax.8,v 1.10 2000/03/18 22:56:03 aaron Exp $ .\" $NetBSD: boot_vax.8,v 1.3 1995/04/23 10:33:39 cgd Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -139,10 +139,10 @@ and to the order in which adaptors are found on the 11/780 and 8600 .Tn UNIX ) . .Pp On an 11/750, the reset button will boot from the device -selected by the front panel boot device switch. In systems -with RK07's, position B normally selects the RK07 for boot. -This will boot multi-user. To boot from RK07 with boot flags you -may specify +selected by the front panel boot device switch. +In systems with RK07's, position B normally selects the RK07 for boot. +This will boot multi-user. +To boot from RK07 with boot flags you may specify .Pp .Bd -unfilled -offset indent -compact .Li \&>>>B/ Ns Fl n No DMA0 @@ -177,7 +177,7 @@ and DU disk). A non-zero disk partition can be used by adding (partition times 1000 hex) to -.Ar n . +.Ar n . .Pp The boot procedure on the Micro .Tn VAX @@ -189,7 +189,8 @@ When halted, the processor may be booted using the same syntax as on the 11/750. .Pp The 11/750 boot procedure uses the boot ROMs to load block 0 off -the specified device. The +the specified device. +The .Pa /usr/mdec directory contains a number of bootstrap programs for the various disks which should be placed diff --git a/sbin/reboot/reboot.8 b/sbin/reboot/reboot.8 index 6cee67767fd..28b64039dc0 100644 --- a/sbin/reboot/reboot.8 +++ b/sbin/reboot/reboot.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: reboot.8,v 1.17 1999/07/20 18:35:36 aaron Exp $ +.\" $OpenBSD: reboot.8,v 1.18 2000/03/18 22:56:04 aaron Exp $ .\" $NetBSD: reboot.8,v 1.3 1995/10/05 05:36:21 mycroft Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 @@ -65,20 +65,22 @@ The options are as follows: .It Fl d Causes system to create a dump before rebooting. This option is useful for debugging system dump procedures or -capturing the state of a corrupted or misbehaving system. See +capturing the state of a corrupted or misbehaving system. +See .Xr savecore 8 for information on how to recover this dump. .It Fl n Prevent file system cache from being flushed. This option should probably not be used. .It Fl q -Quick. The system is halted or restarted quickly and ungracefully, and only +Quick. +The system is halted or restarted quickly and ungracefully, and only the flushing of the file system cache is performed. This option should probably not be used. .It Fl p Causes the system to power down, if it is being halted, and the -hardware supports automatic power down. (Currently supported on some -i386, sparc, and mac68k platforms.) +hardware supports automatic power down. +(Currently supported on some i386, sparc, and mac68k platforms.) .El .Pp Normally, the diff --git a/sbin/restore/restore.8 b/sbin/restore/restore.8 index 308b0c4fbae..27ad3a5dda9 100644 --- a/sbin/restore/restore.8 +++ b/sbin/restore/restore.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: restore.8,v 1.16 1999/07/04 18:59:41 aaron Exp $ +.\" $OpenBSD: restore.8,v 1.17 2000/03/18 22:56:04 aaron Exp $ .\" $NetBSD: restore.8,v 1.15 1997/07/01 05:37:53 lukem Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 @@ -191,8 +191,8 @@ The target file system should be made pristine with mounted, and the user .Xr cd Ns 'd into the pristine file system -before starting the restoration of the initial level 0 backup. If the -level 0 restores successfully, the +before starting the restoration of the initial level 0 backup. +If the level 0 restores successfully, the .Fl r flag may be used to restore any necessary incremental backups on top of the level 0. @@ -272,7 +272,8 @@ tries to determine the block size dynamically. Normally, .Nm will try to determine dynamically whether the dump was made from an -old (pre-4.4) or new format file sytem. The +old (pre-4.4) or new format file sytem. +The .Fl c flag disables this check, and only allows reading a dump in the old format. diff --git a/sbin/route/route.8 b/sbin/route/route.8 index 2cb9785aa7d..c2ef20ac4e8 100644 --- a/sbin/route/route.8 +++ b/sbin/route/route.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: route.8,v 1.20 2000/03/14 21:31:35 aaron Exp $ +.\" $OpenBSD: route.8,v 1.21 2000/03/18 22:56:04 aaron Exp $ .\" $NetBSD: route.8,v 1.6 1995/03/18 15:00:13 cgd Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -50,8 +50,8 @@ .Oc .Sh DESCRIPTION .Nm -is a utility used to manually manipulate the network -routing tables. It normally is not needed, as a +is a utility used to manually manipulate the network routing tables. +It normally is not needed, as a system routing table management daemon such as .Xr routed 8 , should tend to this task. @@ -68,7 +68,8 @@ programmatic interface discussed in Run in debug-only mode, i.e., don't actually modify the routing table. .It Fl n Bypasses attempts to print host and network names symbolically -when reporting actions. (The process of translating between symbolic +when reporting actions. +(The process of translating between symbolic names and numerical equivalents can be quite time consuming, and may require correct operation of the network; thus it may be expedient to forgo this, especially when attempting to repair networking operations.) @@ -307,9 +308,8 @@ the routing tables. .Sh DIAGNOSTICS .Bl -tag -width Ds .It Sy "add [host \&| network ] %s: gateway %s flags %x" -The specified route is being added to the tables. The -values printed are from the routing table entry supplied -in the +The specified route is being added to the tables. +The values printed are from the routing table entry supplied in the .Xr ioctl 2 call. If the gateway address used was not the primary address of the gateway diff --git a/sbin/routed/routed.8 b/sbin/routed/routed.8 index cec6c236436..6bd3efea49b 100644 --- a/sbin/routed/routed.8 +++ b/sbin/routed/routed.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: routed.8,v 1.28 2000/03/04 20:02:24 aaron Exp $ +.\" $OpenBSD: routed.8,v 1.29 2000/03/18 22:56:04 aaron Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -209,10 +209,10 @@ is received), there is a single default route and a variable number of redirected host routes in the kernel table. .Pp The Router Discover standard requires that advertisements -have a default "lifetime" of 30 minutes. That means should -something happen, a client can be without a good route for -30 minutes. It is a good idea to reduce the default to 45 -seconds using +have a default "lifetime" of 30 minutes. +That means should something happen, a client can be without a good route for +30 minutes. +It is a good idea to reduce the default to 45 seconds using .Fl P Cm rdisc_interval=45 on the command line or .Cm rdisc_interval=45 @@ -264,7 +264,8 @@ This is typically used on a gateway to the Internet, or on a gateway that uses another routing protocol whose routes are not reported to other local routers. Notice that because a metric of 1 is used, this feature is -dangerous. It is more commonly accidentally used to create chaos with a routing +dangerous. +It is more commonly accidentally used to create chaos with a routing loop than to solve problems. .It Fl h Causes host or point-to-point routes to not be advertised, @@ -500,7 +501,8 @@ and the supplied metric (default 1). This is useful for filling "holes" in CIDR allocations. This parameter must appear by itself on a line. .Pp -Do not use this feature unless necessary. It is dangerous. +Do not use this feature unless necessary. +It is dangerous. .It Cm passwd Ns \&= Ns Ar XXX Specifies a RIPv2 password that will be included on all RIPv2 responses sent and checked on all RIPv2 responses received. diff --git a/sbin/scan_ffs/scan_ffs.8 b/sbin/scan_ffs/scan_ffs.8 index 216f21deda1..10b1bd02881 100644 --- a/sbin/scan_ffs/scan_ffs.8 +++ b/sbin/scan_ffs/scan_ffs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: scan_ffs.8,v 1.9 2000/03/05 00:28:50 aaron Exp $ +.\" $OpenBSD: scan_ffs.8,v 1.10 2000/03/18 22:56:04 aaron Exp $ .\" .\" Copyright (c) 1997 Niklas Hallqvist, Tobias Weingartner .\" All rights reserved. @@ -42,13 +42,15 @@ .Op Fl e Ar end .Ar device .Sh DESCRIPTION -This is the life-saver of typos. If you have ever been working too long, +This is the life-saver of typos. +If you have ever been working too long, and just happened to type 'disklabel -rw sd0 floppy', instead of 'disklabel -rw fd0 floppy', you know what I am talking about. .Pp This little program will take a raw disk device (which you might have to create) that covers the whole disk, and finds all probable UFS/FFS partitions -on the disk. It has various options to make it go faster, and to print out +on the disk. +It has various options to make it go faster, and to print out information to help in the reconstruction of the disklabel. .Pp The options are as follows: @@ -56,15 +58,16 @@ The options are as follows: .It Fl l This will make .Nm -print out a string looking much like the input to disklabel. With a little -massaging, this output can usually be used in the disklabel edit. +print out a string looking much like the input to disklabel. +With a little massaging, this output can usually be used in the disklabel edit. .Pp .It Fl s This tells .Nm to be smart about skipping partitions (when it thinks it found a valid one). By not scanning partitions for superblocks, the program completes a couple of -orders of magnitude faster. However, sometimes being smart is too good for +orders of magnitude faster. +However, sometimes being smart is too good for its own good, especially if your disk has had a different layout previously, or contains other non-UFS/FFS filesystems. @@ -77,7 +80,8 @@ to be verbose about what it is doing, and what it has found. .It Fl b Ar begin Tell .Nm -where to begin searching for filesystems. This makes it easier to skip swap +where to begin searching for filesystems. +This makes it easier to skip swap partitions, or other large non-UFS/FFS partitions. .Pp .It Fl e Ar end @@ -88,26 +92,30 @@ where to stop. .It Ar device This specifies which device .Nm -should use to scan for filesystems. Usually this device should cover the -whole disk in question. +should use to scan for filesystems. +Usually this device should cover the whole disk in question. .Pp .El .Pp The basic operation of this program is as follows: .Bl -enum -width "1111" .It -Panic. You usually do so anyways, so you might as well get it over with. -Just don't do anything stupid. Panic away from your machine. Then relax, -and see if the steps below won't help you out. +Panic. +You usually do so anyways, so you might as well get it over with. +Just don't do anything stupid. +Panic away from your machine. +Then relax, and see if the steps below won't help you out. .It -Try to find your old disklabel by any other means possible. This includes +Try to find your old disklabel by any other means possible. +This includes printouts, backups, screendumps, and whatever other method you can think of. The more information you have, the better your chances are in recovering the disklabel of the disk. .Pp .It Create a disklabel on the affected disk, which covers the whole disk, and has -at least one partition which covers the whole disk. As the +at least one partition which covers the whole disk. +As the .Dq c partition usually covers the whole disk anyways, this sounds like a good place to start. @@ -115,7 +123,8 @@ usually covers the whole disk anyways, this sounds like a good place to start. .It Run .Nm -over this partition. If you have any information about the disklabel +over this partition. +If you have any information about the disklabel which used to exist on the disk, keep that in mind while .Nm spews out its things. @@ -130,9 +139,11 @@ and other sources. .Pp .El .Pp -Last but certainly not least, we wish you good luck. The UFS/FFS filesystems -are pretty sturdy. I've seen them reconstructed after some pretty weird and -awesome fumbles. If you can't have backups, at least have funky tools to help +Last but certainly not least, we wish you good luck. +The UFS/FFS filesystems are pretty sturdy. +I've seen them reconstructed after some pretty weird and +awesome fumbles. +If you can't have backups, at least have funky tools to help you out of a jam when they happen. .Sh SEE ALSO .Xr disklabel 8 @@ -140,4 +151,3 @@ you out of a jam when they happen. It is not perfect, and could do a lot more things with date/time information in the superblocks it finds, but this program has saved more than one butt, more than once. - diff --git a/sbin/scsi/scsi.8 b/sbin/scsi/scsi.8 index ec69ec500a7..feaad0e3b99 100644 --- a/sbin/scsi/scsi.8 +++ b/sbin/scsi/scsi.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: scsi.8,v 1.15 2000/03/05 00:28:50 aaron Exp $ +.\" $OpenBSD: scsi.8,v 1.16 2000/03/18 22:56:04 aaron Exp $ .\" $FreeBSD: scsi.8,v 1.5 1995/05/05 20:41:58 dufault Exp $ .\" .\" Written By Julian ELischer @@ -82,8 +82,8 @@ .Sh DESCRIPTION The .Nm -program is used to send commands to a SCSI device. It is also -a sample usage of the user-level SCSI commands. +program is used to send commands to a SCSI device. +It is also a sample usage of the user-level SCSI commands. .Ar out_fmt can be .Ql - @@ -101,15 +101,18 @@ Specifies the that should be opened, i.e., .Pa /dev/rsd0c . .It Fl d Ar debug_level -Sets the SCSI kernel debug level. The kernel must have been compiled -with the SCSIDEBUG -option. See +Sets the SCSI kernel debug level. +The kernel must have been compiled with the +.Cm SCSIDEBUG +option. +See .Pa /sys/scsi/scsi_debug.h to figure out what to set the kernel debug level to. .Pp .It Fl z Ar seconds Freezes all activity on all SCSI busses for a given number of -seconds. If +seconds. +If .Fl v is also specified, a BEL character is sent to the standard output at the start and finish of the bus freeze. @@ -117,16 +120,17 @@ This requires that the kernel be built with the SCSI_FREEZE kernel option. This kernel code is not committed yet. .Pp .It Fl m Ar page -Read a device mode page. The file +Read a device mode page. +The file .Pa /usr/share/misc/scsi_modes -is read to discover how to interpret the mode data. The environment -variable +is read to discover how to interpret the mode data. +The environment variable .Ev SCSI_MODES can specify a different file to use. .Pp .It Fl P Ar pc -Specify a page control field. The page control -fields are +Specify a page control field. +The page control fields are .Bd -literal -offset 0 Current Values 1 Changeable Values @@ -135,11 +139,11 @@ fields are .Ed .Pp .It Fl e -Permits you to edit the fields. It will use the editor specified -by your +Permits you to edit the fields. +It will use the editor specified by your .Ev EDITOR -environment variable. To store changes permanently, -edit page control 3 using the +environment variable. +To store changes permanently, edit page control 3 using the .Fl P flag. .Pp @@ -173,8 +177,11 @@ for a description of fixed SCSI devices. .It Fl c Permits you to send user-level SCSI commands specified on the command line to a -device. The command is sent using the SCIOCCOMMAND ioctl, so the -device you are accessing must permit this ioctl. See +device. +The command is sent using the +.Dv SCIOCCOMMAND +ioctl, so the device you are accessing must permit this ioctl. +See .Xr scsi 4 for full details of which minor devices permit the ioctl, and .Xr scsi 3 @@ -199,7 +206,8 @@ specified in the command format. Indicates that this is a data out command (i.e., data will be sent from the system to the device) with .Ar count -bytes of data. The data out is built up using the facilities described in +bytes of data. +The data out is built up using the facilities described in .Xr scsi 3 using the provided arguments to fill in any integer variables. .Ar out_fmt @@ -213,7 +221,8 @@ bytes of data should be read from the standard input. Indicates that this is a data in command (i.e., data will be read from the device into the system) with .Ar count -bytes of data read in. The information is extracted according to +bytes of data read in. +The information is extracted according to .Ar in_fmt using the facilities described in .Xr scsi 3 @@ -252,7 +261,8 @@ output to that file. The .Ev SU_DEBUG_LEVEL variable can be set to a non-zero integer to increase -the level of debugging. Currently this is a on or off thing; it should +the level of debugging. +Currently this is a on or off thing; it should perhaps use the ioctl to set the debug level in the kernel and then set it back to zero at program exit. .Pp @@ -268,7 +278,8 @@ variable determines the editor to use for the mode editor. .Xr scsi 3 , .Xr scsi 4 .Sh BUGS -Some devices respond to an inquiry for all LUNS. This will cause them +Some devices respond to an inquiry for all LUNS. +This will cause them to come on line to 8 times during reprobe to different logical units. "scsi -f /dev/rsd0c -c "4 0 0 0 0 0" permits anyone who can write to .Pa /dev/rsd0c diff --git a/sbin/shutdown/shutdown.8 b/sbin/shutdown/shutdown.8 index 9b597f4a0ac..c03d1968101 100644 --- a/sbin/shutdown/shutdown.8 +++ b/sbin/shutdown/shutdown.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: shutdown.8,v 1.16 2000/01/15 07:00:43 ericj Exp $ +.\" $OpenBSD: shutdown.8,v 1.17 2000/03/18 22:56:05 aaron Exp $ .\" $NetBSD: shutdown.8,v 1.6 1995/03/18 15:01:07 cgd Exp $ .\" .\" Copyright (c) 1988, 1991, 1993 @@ -109,7 +109,8 @@ specify a future time in one of two formats: or .Ar yymmddhhmm , where the year, month, and day may be defaulted -to the current system values. The first form brings the system down in +to the current system values. +The first form brings the system down in .Ar number minutes and the second at the absolute time specified. .It Ar warning-message @@ -124,16 +125,17 @@ input. .Pp At intervals, becoming more frequent as apocalypse approaches and starting at ten hours before shutdown, warning messages are displayed -on the terminals of all users logged in. Five minutes before +on the terminals of all users logged in. +Five minutes before shutdown, or immediately if shutdown is in less than 5 minutes, logins are disabled by creating .Pa /etc/nologin and copying the -warning message there. If this file exists when a user attempts to -log in, +warning message there. +If this file exists when a user attempts to log in, .Xr login 1 -prints its contents and exits. The file is -removed just before +prints its contents and exits. +The file is removed just before .Nm exits. .Pp diff --git a/sbin/slattach/slattach.8 b/sbin/slattach/slattach.8 index 7998ec156b0..5df718c1a60 100644 --- a/sbin/slattach/slattach.8 +++ b/sbin/slattach/slattach.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: slattach.8,v 1.9 1999/09/25 16:53:39 deraadt Exp $ +.\" $OpenBSD: slattach.8,v 1.10 2000/03/18 22:56:05 aaron Exp $ .\" $NetBSD: slattach.8,v 1.12 1995/03/18 15:01:12 cgd Exp $ .\" .\" Copyright (c) 1986, 1991, 1993 @@ -54,13 +54,14 @@ The following operands are supported by .Nm slattach : .Bl -tag -width Ar .It Fl h -Turn on RTS/CTS flow control. By default, no flow control is done. +Turn on RTS/CTS flow control. +By default, no flow control is done. .It Fl m -Maintain modem control signals after closing the line. Specifically, -this disables HUPCL. +Maintain modem control signals after closing the line. +Specifically, this disables HUPCL. .It Fl s Ar baudrate -Specifies the speed of the connection. If not specified, the -default of 9600 is used. +Specifies the speed of the connection. +If not specified, the default of 9600 is used. .It Ar ttyname Specifies the name of the tty device. .Ar ttyname diff --git a/sbin/startkey/startkey.1 b/sbin/startkey/startkey.1 index 2253a9c05c4..39405261b3d 100644 --- a/sbin/startkey/startkey.1 +++ b/sbin/startkey/startkey.1 @@ -1,4 +1,5 @@ -.\" $OpenBSD: startkey.1,v 1.6 1999/09/23 04:12:03 alex Exp $ +.\" $OpenBSD: startkey.1,v 1.7 2000/03/18 22:56:05 aaron Exp $ +.\" .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -44,14 +45,16 @@ The .Nm utility attempts to contact the .Xr photurisd 8 -daemon and initialize a key exchange. The flags are: +daemon and initialize a key exchange. +The flags are: .Bl -tag -width Ds .It Fl d Ar directory The .Fl d option specifies the directory in which .Xr photurisd -looks for its startup files. The default is +looks for its startup files. +The default is .Pa /etc/photuris/ . .El .Pp @@ -75,7 +78,8 @@ The port number of the destination .Xr photuris daemon. .It Ic options -The options to be used in the exchange. Possible values are +The options to be used in the exchange. +Possible values are .Dq enc and .Dq auth . @@ -84,10 +88,12 @@ If both .Ic tsrc and .Ic tdst -(see below) are specified, a tunnel (IP over IP) is setup. The +(see below) are specified, a tunnel (IP over IP) is setup. +The .Ic tsrc option is a network address with netmask used for matching the source -IP address of a packet. When both the source and the destination +IP address of a packet. +When both the source and the destination addresses match their respective options the packet will be routed into the tunnel. .It Ic tdst @@ -95,18 +101,22 @@ If both .Ic tsrc (see above) and .Ic tdst -are specified, a tunnel (IP over IP) is setup. The +are specified, a tunnel (IP over IP) is setup. +The .Ic tdst option is a network address with netmask used for matching the destination -IP address of a packet. When both the source and the destination +IP address of a packet. +When both the source and the destination addresses match their respective options the packet will be routed into the tunnel. .It Ic exchange_lifetime -Determines the lifetime of the exchange. After an exchange expires +Determines the lifetime of the exchange. +After an exchange expires no new SPIs are created, which means the transport or tunnel is torn down as soon as the current SPI times out (see .Ic spi_lifetime -below). The default value is gotten from the +below). +The default value is gotten from the .Ic exchange_lifetime parameter given in .Pa photuris.conf . @@ -114,8 +124,8 @@ If it is not given there the default is 1800 seconds. .It Ic spi_lifetime Determines the lifetime of each created SPI in the exchange. .It Ic user -The user name for whom the keying shall be done. Preconfigured -secrets are taken from the users secret file. +The user name for whom the keying shall be done. +Preconfigured secrets are taken from the users secret file. .El .Sh EXAMPLE startkey dst=169.200.12.23 options=auth diff --git a/sbin/swapctl/swapctl.8 b/sbin/swapctl/swapctl.8 index fae881a5378..457d313d8cb 100644 --- a/sbin/swapctl/swapctl.8 +++ b/sbin/swapctl/swapctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: swapctl.8,v 1.9 2000/03/05 00:28:51 aaron Exp $ +.\" $OpenBSD: swapctl.8,v 1.10 2000/03/18 22:56:05 aaron Exp $ .\" $NetBSD: swapctl.8,v 1.14 1998/05/22 18:27:52 msaitoh Exp $ .\" .\" Copyright (c) 1997 Matthew R. Green @@ -90,7 +90,8 @@ to read the file for devices and files with an .Dq sw type, and adds all these entries -as swap devices. If no swap devices are configured, +as swap devices. +If no swap devices are configured, .Nm will exit with an error code. .It Fl a @@ -98,11 +99,13 @@ The .Fl a option requires that a .Ar path -also be in the argument list. The +also be in the argument list. +The .Ar path is added to the kernel's list of swap devices using the .Xr swapctl 2 -system call. When using the +system call. +When using the .Nm swapon form of this command, the .Fl a @@ -132,7 +135,8 @@ The .Fl p option sets the priority of swap devices or files to the .Ar priority -argument. This works with the +argument. +This works with the .\" .Fl d , .Fl a , .Fl c @@ -149,15 +153,18 @@ This flag modifies the function of the option. The .Fl t -option allows the type of device to add to be specified. An argument of +option allows the type of device to add to be specified. +An argument of .Ar blk causes all block devices in .Pa /etc/fstab -to be added. An argument of +to be added. +An argument of .Ar noblk causes all non-block devices in .Pa /etc/fstab -to be added. This option is useful in early system startup, where swapping +to be added. +This option is useful in early system startup, where swapping may be needed before all file systems are available, such as during disk checks of large file systems. .El @@ -168,13 +175,15 @@ file for swap devices, the following options are recognized: .Pp .Bl -tag -width nfsmntpt=/path -compact .It priority=N -This option sets the priority of the specified swap device to N. The -highest priority is 0, second priority is 1, etc. +This option sets the priority of the specified swap device to N. +The highest priority is 0, second priority is 1, etc. .It nfsmntpt=/path -This option is useful for swapping to NFS files. It specifies -the local mount point to mount an NFS filesystem. Typically, once +This option is useful for swapping to NFS files. +It specifies the local mount point to mount an NFS filesystem. +Typically, once this mount has succeeded, the file to be used for swapping on will -be available under this point mount. For example: +be available under this point mount. +For example: .Bd -literal server:/export/swap/client none swap sw,nfsmntpt=/swap .Ed @@ -188,11 +197,12 @@ will configure no swap space and your machine will behave very badly if (more likely when) it runs out of real memory. .Pp Local and remote swap files cannot be configured until after the file -systems they reside on are mounted read/write. The system startup -scripts need to +systems they reside on are mounted read/write. +The system startup scripts need to .Xr fsck 8 -all local file systems before this can happen. This process requires -substantial amounts of memory on some systems. If you configure no +all local file systems before this can happen. +This process requires substantial amounts of memory on some systems. +If you configure no local block swap devices on a machine that has local file systems to check and rely only on swap files, the machine will have no swap space at all during system diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 83345ad65d0..564b58d6003 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.43 2000/01/21 02:53:06 angelos Exp $ +.\" $OpenBSD: sysctl.8,v 1.44 2000/03/18 22:56:05 aaron Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -318,7 +318,8 @@ sysctl -w fs.posix.setuid=0 .Ed .Pp Set the list of reserved TCP ports that should not be allocated -by the kernel dynamically. This can be used to keep daemons +by the kernel dynamically. +This can be used to keep daemons from stealing a specific port that another program needs to function. List elements may be separated by commas and/or whitespace. .Bd -literal -offset indent -compact diff --git a/sbin/ttyflags/ttyflags.8 b/sbin/ttyflags/ttyflags.8 index b74f51f29f1..ec9cac07d17 100644 --- a/sbin/ttyflags/ttyflags.8 +++ b/sbin/ttyflags/ttyflags.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ttyflags.8,v 1.7 1998/12/15 01:20:45 aaron Exp $ +.\" $OpenBSD: ttyflags.8,v 1.8 2000/03/18 22:56:05 aaron Exp $ .\" $NetBSD: ttyflags.8,v 1.2 1995/03/18 15:01:22 cgd Exp $ .\" .\" Copyright (c) 1994 Christopher G. Demetriou @@ -62,7 +62,8 @@ The .Ar tty arguments are optional, but must not be specified if the .Fl a -flag is used. If specified, the +flag is used. +If specified, the .Ar tty arguments should be the base names of the ttys, as found in diff --git a/sbin/tunefs/tunefs.8 b/sbin/tunefs/tunefs.8 index cf62973cb01..f43f334274c 100644 --- a/sbin/tunefs/tunefs.8 +++ b/sbin/tunefs/tunefs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tunefs.8,v 1.13 1999/05/29 01:50:18 aaron Exp $ +.\" $OpenBSD: tunefs.8,v 1.14 2000/03/18 22:56:06 aaron Exp $ .\" $NetBSD: tunefs.8,v 1.8 1995/03/18 15:01:29 cgd Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -60,9 +60,10 @@ The parameters which are to be changed are indicated by the flags given below: .Bl -tag -width Ds .It Fl A -The file system has several backups of the super-block. Specifying -this option will cause all backups to be modified as well as the -primary super-block. This is potentially dangerous - use with caution. +The file system has several backups of the super-block. +Specifying this option will cause all backups to be modified as well as the +primary super-block. +This is potentially dangerous - use with caution. .It Fl a Ar maxcontig This specifies the maximum number of contiguous blocks that will be laid out before forcing a rotational delay (see @@ -119,14 +120,16 @@ fragmentation is unlikely to be problematical, and the file system can be optimized for time. .It Fl p This option shows a summary of what the current tuneable settings -are on the selected file system. More detailed information can be -obtained in the +are on the selected file system. +More detailed information can be obtained in the .Xr dumpfs 8 manual page. .It Fl s Ar enable_or_disable -This option enables soft updates on the file system. Soft updates +This option enables soft updates on the file system. +Soft updates eliminates most synchronous writes to disk by maintaining -a partial order of writes to the disk. This significantly improves +a partial order of writes to the disk. +This significantly improves meta-data operations (file creation and deletion) at the expense of subjecting them to the same potential 30-second delay as file data. Recovery is made simpler, however, by maintaining a strict ordering of diff --git a/sbin/wicontrol/wicontrol.8 b/sbin/wicontrol/wicontrol.8 index da397fe75ed..15606d9e615 100644 --- a/sbin/wicontrol/wicontrol.8 +++ b/sbin/wicontrol/wicontrol.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: wicontrol.8,v 1.7 2000/03/02 18:50:00 ho Exp $ +.\" $OpenBSD: wicontrol.8,v 1.8 2000/03/18 22:56:06 aaron Exp $ .\" .\" Copyright (c) 1997, 1998, 1999 .\" Bill Paul <wpaul@ctr.columbia.edu> All rights reserved. @@ -66,8 +66,10 @@ devices via the .Xr wi 4 and .Xr awi 4 -drivers. Most of the parameters that can be changed relate to the -IEEE 802.11 protocol which the WaveLAN implements. This includes +drivers. +Most of the parameters that can be changed relate to the +IEEE 802.11 protocol which the WaveLAN implements. +This includes the station name, whether the station is operating in ad-hoc (point to point) or BSS (service set) mode, and the network name of a service set to join (IBSS) if BSS mode is enabled. @@ -91,33 +93,43 @@ The options are as follows: Display the statistics counters for the specified WaveLAN/IEEE interface. .It Fl e Ar 0|1 -Enable or disable WEP encryption. Permitted values are +Enable or disable WEP encryption. +Permitted values are .Ar 0 (encryption disabled) or .Ar 1 -(encryption enabled). Encryption is off by default. +(encryption enabled). +Encryption is off by default. .It Fl k Ar key "[ -v 1|2|3|4 ]" -Set WEP encryption keys. There are four default encryption keys that can be -programmed. A specific key can be set using the +Set WEP encryption keys. +There are four default encryption keys that can be programmed. +A specific key can be set using the .Fl v -flag. If the +flag. +If the .Fl v -flag is not specified, the first key will be set. Encryption keys can either +flag is not specified, the first key will be set. +Encryption keys can either be normal text (i.e., "hello") or a series of hexadecimal digits -(i.e., "0x1234512345"). For WaveLAN Silver cards, the key is +(i.e., "0x1234512345"). +For WaveLAN Silver cards, the key is restricted to 40 bits, hence the key can be either a 5-character text string -or 10 hexadecimal digits. For WaveLAN Gold cards, the key can be up to +or 10 hexadecimal digits. +For WaveLAN Gold cards, the key can be up to 128 bits, which means the key can be specified as either a 16-character text string or 32 hexadecimal digits. .It Fl T Ar 1|2|3|4 Specify which of the four WEP encryption keys will be used to encrypt transmitted packets. .It Fl t Ar tx rate -Set the transmit rate of the specified interface. The legal values +Set the transmit rate of the specified interface. +The legal values for the transmit rate vary depending on whether the interface is a -standard WaveLAN/IEEE or a WaveLAN/IEEE Turbo adapter. The standard +standard WaveLAN/IEEE or a WaveLAN/IEEE Turbo adapter. +The standard NICs support a maximum transmit rate of 2Mbps while the turbo NICs -support a maximum speed of 6Mbps. The following table shows the +support a maximum speed of 6Mbps. +The following table shows the legal transmit rate settings and the corresponding transmit speeds: .Bd -filled -offset indent .Bl -column "TX rate " "NIC speed " @@ -132,30 +144,32 @@ legal transmit rate settings and the corresponding transmit speeds: .El .Ed .Pp -The standard NICs support only settings 1 through 3. Turbo NICs support -all the above listed speed settings. +The standard NICs support only settings 1 through 3. +Turbo NICs support all the above listed speed settings. The default driver setting is 3 (auto rate select). .It Fl n Ar network name -Set the name of the service set (IBSS) that this station wishes to -join. The +Set the name of the service set (IBSS) that this station wishes to join. +The .Ar network name -can be any text string up to 30 characters in length. The default name +can be any text string up to 30 characters in length. +The default name is the empty string which should allow the station to connect to the first -available access point. The interface should be set for BSS mode using -the +available access point. +The interface should be set for BSS mode using the .Fl p flag in order for this to work. .It Fl s Ar station name Sets the .Ar station name -for the specified interface. The +for the specified interface. +The .Ar station name -is used for diagnostic purposes. The Lucent WaveMANAGER sofware can -poll the names of remote hosts. +is used for diagnostic purposes. +The Lucent WaveMANAGER sofware can poll the names of remote hosts. .It Fl c Ar 0|1 -Allow the station to create a service set (IBSS). Permitted values -are 0 (don't create IBSS) and 1 (enable creation of IBSS). The default -is 0. +Allow the station to create a service set (IBSS). +Permitted values are 0 (don't create IBSS) and 1 (enable creation of IBSS). +The default is 0. .Pp Note: this option is provided for experimental purposes only: enabling the creation of an IBSS on a host system doesn't appear to actually work. @@ -170,43 +184,53 @@ the creation of an IBSS on a host system doesn't appear to actually work. .It Fl p Ar port type Set the .Ar port type -for a specified interface. The legal values for +for a specified interface. +The legal values for .Ar port type -are 1 (BSS mode) and 3 (ad-hoc) mode. In ad-hoc mode, the station can +are 1 (BSS mode) and 3 (ad-hoc) mode. +In ad-hoc mode, the station can communicate directly with any other stations within direct radio range -(provided that they are also operating in ad-hoc mode). In BSS mode, +(provided that they are also operating in ad-hoc mode). +In BSS mode, hosts must associate with a service set controlled by an access point, -which relays traffic between end stations. The default setting is 3 -(ad-hoc mode). +which relays traffic between end stations. +The default setting is 3 (ad-hoc mode). .It Fl a Ar access_point_density Specify the .Ar access point density -for a given interface. Legal values are 1 (low), 2 (medium) and 3 (high). +for a given interface. +Legal values are 1 (low), 2 (medium) and 3 (high). This setting influences some of the radio modem threshold settings. .It Fl m Ar MAC address -Set the station address for the specified interface. The +Set the station address for the specified interface. +The .Ar MAC address is specified as a series of six hexadecimal values separated by colons, -e.g.: 00:60:1d:12:34:56. This programs the new address into the card -and updates the interface as well. +e.g.: 00:60:1d:12:34:56. +This programs the new address into the card and updates the interface as well. .It Fl d Ar max_data_length Set the maximum receive and transmit frame size for a specified interface. The .Ar max data length -can be any number from 350 to 2304. The default is 2304. +can be any number from 350 to 2304. +The default is 2304. .It Fl r Ar RTS threshold -Set the RTS/CTS threshold for a given interface. This controls the -number of bytes used for the RTS/CTS handshake boundary. The +Set the RTS/CTS threshold for a given interface. +This controls the number of bytes used for the RTS/CTS handshake boundary. +The .Ar RTS threshold -can be any value between 0 and 2047. The default is 2347. +can be any value between 0 and 2047. +The default is 2347. .It Fl f Ar frequency -Set the radio frequency of a given interface. The +Set the radio frequency of a given interface. +The .Ar frequency -should be specfied as a channel ID as shown in the table below. The -list of available frequencies is dependent on radio regulations specified -by regional authorities. Recognized regulatory authorities include -the FCC (United States), ETSI (Europe), France and Japan. Frequencies -in the table are specified in Mhz. +should be specfied as a channel ID as shown in the table below. +The list of available frequencies is dependent on radio regulations specified +by regional authorities. +Recognized regulatory authorities include +the FCC (United States), ETSI (Europe), France and Japan. +Frequencies in the table are specified in Mhz. .Bd -filled -offset indent .Bl -column "Channel ID " "FCC " "ETSI " "France " "Japan " .Em "Channel ID FCC ETSI France Japan" @@ -228,27 +252,32 @@ in the table are specified in Mhz. .Ed .Pp If an illegal channel is specified, the -NIC will revert to its default channel. For NICs sold in the United States -and Europe, the default channel is 3. For NICs sold in France, the default -channel is 11. For NICs sold in Japan, the only available channel is 14. +NIC will revert to its default channel. +For NICs sold in the United States and Europe, the default channel is 3. +For NICs sold in France, the default channel is 11. +For NICs sold in Japan, the only available channel is 14. Note that two stations must be set to the same channel in order to communicate. .It Fl P Ar 0|1 -Enable or disable power management on a given interface. Enabling -power management uses an alternating sleep/wake protocol to help +Enable or disable power management on a given interface. +Enabling power management uses an alternating sleep/wake protocol to help conserve power on mobile stations, at the cost of some increased -receive latency. Power management is off by default. Note that power +receive latency. +Power management is off by default. +Note that power management requires the cooperation of an access point in order to -function; it is not functional in ad-hoc mode. Also, power management +function; it is not functional in ad-hoc mode. +Also, power management is only implemented in Lucent WavePOINT firmware version 2.03 or -later, and in WaveLAN PCMCIA adapter firmware 2.00 or later. Older -revisions will silently ignore the power management setting. Legal -values for this parameter are 0 (off) and 1 (on). +later, and in WaveLAN PCMCIA adapter firmware 2.00 or later. +Older revisions will silently ignore the power management setting. +Legal values for this parameter are 0 (off) and 1 (on). .It Fl S Ar max sleep interval Specify the sleep interval to use when power management is enabled. The .Are max sleep interval -is specified in milliseconds. The default is 100. +is specified in milliseconds. +The default is 100. .El .Sh SEE ALSO .Xr awi 4 , |