diff options
| author | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-25 19:59:05 -0400 |
|---|---|---|
| committer | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-25 19:59:05 -0400 |
| commit | 1f19f33e45791ea59aed048796fc68672c6723a5 (patch) | |
| tree | 54625fba89e91d1c2177801ec635e8528bba937f /static/freebsd/man5 | |
| parent | ac5e55f5f2af5b92794c2aded46c6bae85b5f5ed (diff) | |
docs: Removed Precompiled HTML
Diffstat (limited to 'static/freebsd/man5')
59 files changed, 0 insertions, 17434 deletions
diff --git a/static/freebsd/man5/a.out.5 3.html b/static/freebsd/man5/a.out.5 3.html deleted file mode 100644 index f4fb643b..00000000 --- a/static/freebsd/man5/a.out.5 3.html +++ /dev/null @@ -1,354 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">A.OUT(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">A.OUT(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">a.out</code> — <span class="Nd">format of - executable binary files</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">a.out.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The include file - <code class="In"><<a class="In">a.out.h</a>></code> declares three - structures and several macros. The structures describe the format of - executable machine code files (‘binaries’) on the system.</p> -<p class="Pp">A binary file consists of up to 7 sections. In order, these - sections are:</p> -<dl class="Bl-tag"> - <dt>exec header</dt> - <dd>Contains parameters used by the kernel to load a binary file into memory - and execute it, and by the link editor <a class="Xr">ld(1)</a> to combine - a binary file with other binary files. This section is the only mandatory - one.</dd> - <dt>text segment</dt> - <dd>Contains machine code and related data that are loaded into memory when a - program executes. May be loaded read-only.</dd> - <dt>data segment</dt> - <dd>Contains initialized data; always loaded into writable memory.</dd> - <dt>text relocations</dt> - <dd>Contains records used by the link editor to update pointers in the text - segment when combining binary files.</dd> - <dt>data relocations</dt> - <dd>Like the text relocation section, but for data segment pointers.</dd> - <dt>symbol table</dt> - <dd>Contains records used by the link editor to cross reference the addresses - of named variables and functions (‘symbols’) between binary - files.</dd> - <dt>string table</dt> - <dd>Contains the character strings corresponding to the symbol names.</dd> -</dl> -<p class="Pp">Every binary file begins with an <var class="Fa">exec</var> - structure:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct exec { - unsigned long a_midmag; - unsigned long a_text; - unsigned long a_data; - unsigned long a_bss; - unsigned long a_syms; - unsigned long a_entry; - unsigned long a_trsize; - unsigned long a_drsize; -};</pre> -</div> -<p class="Pp">The fields have the following functions:</p> -<dl class="Bl-tag"> - <dt id="N_GETFLAG"><var class="Fa">a_midmag</var></dt> - <dd>This field is stored in host byte-order. It has a number of sub-components - accessed by the macros - <a class="permalink" href="#N_GETFLAG"><code class="Fn">N_GETFLAG</code></a>(), - <code class="Fn">N_GETMID</code>(), and - <code class="Fn">N_GETMAGIC</code>(), and set by the macro - <a class="permalink" href="#N_SETMAGIC"><code class="Fn" id="N_SETMAGIC">N_SETMAGIC</code></a>(). - <p class="Pp" id="N_GETFLAG~2">The macro - <a class="permalink" href="#N_GETFLAG~2"><code class="Fn">N_GETFLAG</code></a>() - returns a few flags:</p> - <dl class="Bl-tag"> - <dt id="EX_DYNAMIC"><a class="permalink" href="#EX_DYNAMIC"><code class="Dv">EX_DYNAMIC</code></a></dt> - <dd>indicates that the executable requires the services of the run-time - link editor.</dd> - <dt id="EX_PIC"><a class="permalink" href="#EX_PIC"><code class="Dv">EX_PIC</code></a></dt> - <dd>indicates that the object contains position independent code. This - flag is set by <a class="Xr">as(1)</a> when given the - ‘-k’ flag and is preserved by <a class="Xr">ld(1)</a> if - necessary.</dd> - </dl> - <p class="Pp">If both EX_DYNAMIC and EX_PIC are set, the object file is a - position independent executable image (e.g. a shared library), which is - to be loaded into the process address space by the run-time link - editor.</p> - <p class="Pp" id="N_GETMID">The macro - <a class="permalink" href="#N_GETMID"><code class="Fn">N_GETMID</code></a>() - returns the machine-id. This indicates which machine(s) the binary is - intended to run on.</p> - <p class="Pp" id="N_GETMAGIC"><a class="permalink" href="#N_GETMAGIC"><code class="Fn">N_GETMAGIC</code></a>() - specifies the magic number, which uniquely identifies binary files and - distinguishes different loading conventions. The field must contain one - of the following values:</p> - <dl class="Bl-tag"> - <dt id="OMAGIC"><a class="permalink" href="#OMAGIC"><code class="Dv">OMAGIC</code></a></dt> - <dd>The text and data segments immediately follow the header and are - contiguous. The kernel loads both text and data segments into writable - memory.</dd> - <dt id="NMAGIC"><a class="permalink" href="#NMAGIC"><code class="Dv">NMAGIC</code></a></dt> - <dd>As with <code class="Dv">OMAGIC</code>, text and data segments - immediately follow the header and are contiguous. However, the kernel - loads the text into read-only memory and loads the data into writable - memory at the next page boundary after the text.</dd> - <dt id="ZMAGIC"><a class="permalink" href="#ZMAGIC"><code class="Dv">ZMAGIC</code></a></dt> - <dd>The kernel loads individual pages on demand from the binary. The - header, text segment and data segment are all padded by the link - editor to a multiple of the page size. Pages that the kernel loads - from the text segment are read-only, while pages from the data segment - are writable.</dd> - </dl> - </dd> - <dt><var class="Fa">a_text</var></dt> - <dd>Contains the size of the text segment in bytes.</dd> - <dt><var class="Fa">a_data</var></dt> - <dd>Contains the size of the data segment in bytes.</dd> - <dt id="bss"><var class="Fa">a_bss</var></dt> - <dd>Contains the number of bytes in the ‘bss segment’ and is - used by the kernel to set the initial break (<a class="Xr">brk(2)</a>) - after the data segment. The kernel loads the program so that this amount - of writable memory appears to follow the data segment and initially reads - as zeroes. (<a class="permalink" href="#bss"><i class="Em">bss</i></a> = - block started by symbol)</dd> - <dt><var class="Fa">a_syms</var></dt> - <dd>Contains the size in bytes of the symbol table section.</dd> - <dt><var class="Fa">a_entry</var></dt> - <dd>Contains the address in memory of the entry point of the program after the - kernel has loaded it; the kernel starts the execution of the program from - the machine instruction at this address.</dd> - <dt><var class="Fa">a_trsize</var></dt> - <dd>Contains the size in bytes of the text relocation table.</dd> - <dt><var class="Fa">a_drsize</var></dt> - <dd>Contains the size in bytes of the data relocation table.</dd> -</dl> -<p class="Pp">The <code class="In"><<a class="In">a.out.h</a>></code> - include file defines several macros which use an <var class="Fa">exec</var> - structure to test consistency or to locate section offsets in the binary - file.</p> -<dl class="Bl-tag"> - <dt id="N_BADMAG"><a class="permalink" href="#N_BADMAG"><code class="Fn">N_BADMAG</code></a>(<var class="Fa">exec</var>)</dt> - <dd>Nonzero if the <var class="Fa">a_magic</var> field does not contain a - recognized value.</dd> - <dt id="N_TXTOFF"><a class="permalink" href="#N_TXTOFF"><code class="Fn">N_TXTOFF</code></a>(<var class="Fa">exec</var>)</dt> - <dd>The byte offset in the binary file of the beginning of the text - segment.</dd> - <dt id="N_SYMOFF"><a class="permalink" href="#N_SYMOFF"><code class="Fn">N_SYMOFF</code></a>(<var class="Fa">exec</var>)</dt> - <dd>The byte offset of the beginning of the symbol table.</dd> - <dt id="N_STROFF"><a class="permalink" href="#N_STROFF"><code class="Fn">N_STROFF</code></a>(<var class="Fa">exec</var>)</dt> - <dd>The byte offset of the beginning of the string table.</dd> -</dl> -<p class="Pp">Relocation records have a standard format which is described by - the <var class="Fa">relocation_info</var> structure:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct relocation_info { - int r_address; - unsigned int r_symbolnum : 24, - r_pcrel : 1, - r_length : 2, - r_extern : 1, - r_baserel : 1, - r_jmptable : 1, - r_relative : 1, - r_copy : 1; -};</pre> -</div> -<p class="Pp">The <var class="Fa">relocation_info</var> fields are used as - follows:</p> -<dl class="Bl-tag"> - <dt><var class="Fa">r_address</var></dt> - <dd>Contains the byte offset of a pointer that needs to be link-edited. Text - relocation offsets are reckoned from the start of the text segment, and - data relocation offsets from the start of the data segment. The link - editor adds the value that is already stored at this offset into the new - value that it computes using this relocation record.</dd> - <dt id="not"><var class="Fa">r_symbolnum</var></dt> - <dd>Contains the ordinal number of a symbol structure in the symbol table (it - is <a class="permalink" href="#not"><i class="Em">not</i></a> a byte - offset). After the link editor resolves the absolute address for this - symbol, it adds that address to the pointer that is undergoing relocation. - (If the <var class="Fa">r_extern</var> bit is clear, the situation is - different; see below.)</dd> - <dt><var class="Fa">r_pcrel</var></dt> - <dd>If this is set, the link editor assumes that it is updating a pointer that - is part of a machine code instruction using pc-relative addressing. The - address of the relocated pointer is implicitly added to its value when the - running program uses it.</dd> - <dt><var class="Fa">r_length</var></dt> - <dd>Contains the log base 2 of the length of the pointer in bytes; 0 for - 1-byte displacements, 1 for 2-byte displacements, 2 for 4-byte - displacements.</dd> - <dt><var class="Fa">r_extern</var></dt> - <dd>Set if this relocation requires an external reference; the link editor - must use a symbol address to update the pointer. When the - <var class="Fa">r_extern</var> bit is clear, the relocation is - ‘local’; the link editor updates the pointer to reflect - changes in the load addresses of the various segments, rather than changes - in the value of a symbol (except when <var class="Fa">r_baserel</var> is - also set (see below). In this case, the content of the - <var class="Fa">r_symbolnum</var> field is an <var class="Fa">n_type</var> - value (see below); this type field tells the link editor what segment the - relocated pointer points into.</dd> - <dt><var class="Fa">r_baserel</var></dt> - <dd>If set, the symbol, as identified by the <var class="Fa">r_symbolnum</var> - field, is to be relocated to an offset into the Global Offset Table. At - run-time, the entry in the Global Offset Table at this offset is set to be - the address of the symbol.</dd> - <dt><var class="Fa">r_jmptable</var></dt> - <dd>If set, the symbol, as identified by the <var class="Fa">r_symbolnum</var> - field, is to be relocated to an offset into the Procedure Linkage - Table.</dd> - <dt><var class="Fa">r_relative</var></dt> - <dd>If set, this relocation is relative to the (run-time) load address of the - image this object file is going to be a part of. This type of relocation - only occurs in shared objects.</dd> - <dt><var class="Fa">r_copy</var></dt> - <dd>If set, this relocation record identifies a symbol whose contents should - be copied to the location given in <var class="Fa">r_address</var>. The - copying is done by the run-time link-editor from a suitable data item in a - shared object.</dd> -</dl> -<p class="Pp">Symbols map names to addresses (or more generally, strings to - values). Since the link-editor adjusts addresses, a symbol's name must be - used to stand for its address until an absolute value has been assigned. - Symbols consist of a fixed-length record in the symbol table and a - variable-length name in the string table. The symbol table is an array of - <var class="Fa">nlist</var> structures:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct nlist { - union { - const char *n_name; - long n_strx; - } n_un; - unsigned char n_type; - char n_other; - short n_desc; - unsigned long n_value; -};</pre> -</div> -<p class="Pp">The fields are used as follows:</p> -<dl class="Bl-tag"> - <dt><var class="Fa">n_un.n_strx</var></dt> - <dd>Contains a byte offset into the string table for the name of this symbol. - When a program accesses a symbol table with the <a class="Xr">nlist(3)</a> - function, this field is replaced with the - <var class="Fa">n_un.n_name</var> field, which is a pointer to the string - in memory.</dd> - <dt><var class="Fa">n_type</var></dt> - <dd>Used by the link editor to determine how to update the symbol's value. The - <var class="Fa">n_type</var> field is broken down into three sub-fields - using bitmasks. The link editor treats symbols with the - <code class="Dv">N_EXT</code> type bit set as ‘external’ - symbols and permits references to them from other binary files. The - <code class="Dv">N_TYPE</code> mask selects bits of interest to the link - editor: - <dl class="Bl-tag"> - <dt id="N_UNDF"><a class="permalink" href="#N_UNDF"><code class="Dv">N_UNDF</code></a></dt> - <dd>An undefined symbol. The link editor must locate an external symbol - with the same name in another binary file to determine the absolute - value of this symbol. As a special case, if the - <var class="Fa">n_value</var> field is nonzero and no binary file in - the link-edit defines this symbol, the link-editor will resolve this - symbol to an address in the bss segment, reserving an amount of bytes - equal to <var class="Fa">n_value</var>. If this symbol is undefined in - more than one binary file and the binary files do not agree on the - size, the link editor chooses the greatest size found across all - binaries.</dd> - <dt id="N_ABS"><a class="permalink" href="#N_ABS"><code class="Dv">N_ABS</code></a></dt> - <dd>An absolute symbol. The link editor does not update an absolute - symbol.</dd> - <dt id="N_TEXT"><a class="permalink" href="#N_TEXT"><code class="Dv">N_TEXT</code></a></dt> - <dd>A text symbol. This symbol's value is a text address and the link - editor will update it when it merges binary files.</dd> - <dt id="N_DATA"><a class="permalink" href="#N_DATA"><code class="Dv">N_DATA</code></a></dt> - <dd>A data symbol; similar to <code class="Dv">N_TEXT</code> but for data - addresses. The values for text and data symbols are not file offsets - but addresses; to recover the file offsets, it is necessary to - identify the loaded address of the beginning of the corresponding - section and subtract it, then add the offset of the section.</dd> - <dt id="N_BSS"><a class="permalink" href="#N_BSS"><code class="Dv">N_BSS</code></a></dt> - <dd>A bss symbol; like text or data symbols but has no corresponding - offset in the binary file.</dd> - <dt id="N_FN"><a class="permalink" href="#N_FN"><code class="Dv">N_FN</code></a></dt> - <dd>A filename symbol. The link editor inserts this symbol before the - other symbols from a binary file when merging binary files. The name - of the symbol is the filename given to the link editor, and its value - is the first text address from that binary file. Filename symbols are - not needed for link-editing or loading, but are useful for - debuggers.</dd> - </dl> - <p class="Pp">The <code class="Dv">N_STAB</code> mask selects bits of - interest to symbolic debuggers such as <a class="Xr">gdb(1)</a> - (<span class="Pa">ports/devel/gdb</span>); the values are described in - <a class="Xr">stab(5)</a>.</p> - </dd> - <dt><var class="Fa">n_other</var></dt> - <dd>This field provides information on the nature of the symbol independent of - the symbol's location in terms of segments as determined by the - <var class="Fa">n_type</var> field. Currently, the lower 4 bits of the - <var class="Fa">n_other</var> field hold one of two values: - <code class="Dv">AUX_FUNC</code> and <code class="Dv">AUX_OBJECT</code> - (see <code class="In"><<a class="In">link.h</a>></code> for their - definitions). <code class="Dv">AUX_FUNC</code> associates the symbol with - a callable function, while <code class="Dv">AUX_OBJECT</code> associates - the symbol with data, irrespective of their locations in either the text - or the data segment. This field is intended to be used by - <a class="Xr">ld(1)</a> for the construction of dynamic executables.</dd> - <dt><var class="Fa">n_desc</var></dt> - <dd>Reserved for use by debuggers; passed untouched by the link editor. - Different debuggers use this field for different purposes.</dd> - <dt><var class="Fa">n_value</var></dt> - <dd>Contains the value of the symbol. For text, data and bss symbols, this is - an address; for other symbols (such as debugger symbols), the value may be - arbitrary.</dd> -</dl> -<p class="Pp" id="unsigned">The string table consists of an - <a class="permalink" href="#unsigned"><i class="Em">unsigned long</i></a> - length followed by null-terminated symbol strings. The length represents the - size of the entire table in bytes, so its minimum value (or the offset of - the first string) is always 4 on 32-bit machines.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">as(1)</a>, <a class="Xr">gdb(1)</a> - (<span class="Pa">ports/devel/gdb</span>), <a class="Xr">ld(1)</a>, - <a class="Xr">brk(2)</a>, <a class="Xr">execve(2)</a>, - <a class="Xr">nlist(3)</a>, <a class="Xr">core(5)</a>, - <a class="Xr">elf(5)</a>, <a class="Xr">link(5)</a>, - <a class="Xr">stab(5)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="In"><<a class="In">a.out.h</a>></code> - include file appeared in <span class="Ux">Version 7 AT&T - UNIX</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">Since not all of the supported architectures use the - <var class="Fa">a_midmag</var> field, it can be difficult to determine what - architecture a binary will execute on without examining its actual machine - code. Even with a machine identifier, the byte order of the - <var class="Fa">exec</var> header is machine-dependent.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 10, 2010</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/acct.5 3.html b/static/freebsd/man5/acct.5 3.html deleted file mode 100644 index a898191a..00000000 --- a/static/freebsd/man5/acct.5 3.html +++ /dev/null @@ -1,101 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">ACCT(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">ACCT(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">acct</code> — <span class="Nd">execution - accounting file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">sys/types.h</a>></code> - <br/> - <code class="In">#include <<a class="In">sys/acct.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The kernel maintains the following <var class="Fa">acct</var> - information structure for all processes. If a process terminates, and - accounting is enabled, the kernel calls the <a class="Xr">acct(2)</a> - function call to prepare and append the record to the accounting file.</p> -<div class="Bd Pp Li"> -<pre>#define AC_COMM_LEN 16 - -/* - * Accounting structure version 3 (current). - * The first byte is always zero. - * Time units are microseconds. - */ - -struct acctv3 { - uint8_t ac_zero; /* zero identifies new version */ - uint8_t ac_version; /* record version number */ - uint16_t ac_len; /* record length */ - - char ac_comm[AC_COMM_LEN]; /* command name */ - float ac_utime; /* user time */ - float ac_stime; /* system time */ - float ac_etime; /* elapsed time */ - time_t ac_btime; /* starting time */ - uid_t ac_uid; /* user id */ - gid_t ac_gid; /* group id */ - float ac_mem; /* average memory usage */ - float ac_io; /* count of IO blocks */ - __dev_t ac_tty; /* controlling tty */ - - uint16_t ac_len2; /* record length */ - union { - uint32_t ac_align; /* force v1 compatible alignment */ - -#define AFORK 0x01 /* forked but not exec'ed */ -/* ASU is no longer supported */ -#define ASU 0x02 /* used super-user permissions */ -#define ACOMPAT 0x04 /* used compatibility mode */ -#define ACORE 0x08 /* dumped core */ -#define AXSIG 0x10 /* killed by a signal */ -#define ANVER 0x20 /* new record version */ - - uint8_t ac_flag; /* accounting flags */ - } ac_trailer; - -#define ac_flagx ac_trailer.ac_flag -};</pre> -</div> -<p class="Pp">If a terminated process was created by an - <a class="Xr">execve(2)</a>, the name of the executed file (at most ten - characters of it) is saved in the field <var class="Fa">ac_comm</var> and - its status is saved by setting one of more of the following flags in - <var class="Fa">ac_flag</var>: <code class="Dv">AFORK</code>, - <code class="Dv">ACOMPAT</code>, <code class="Dv">ACORE</code> and - <code class="Dv">ASIG</code>. <code class="Dv">ASU</code> is no longer - supported. <code class="Dv">ANVER</code> is always set in the above - structure.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">lastcomm(1)</a>, <a class="Xr">acct(2)</a>, - <a class="Xr">execve(2)</a>, <a class="Xr">sa(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">A <code class="Nm">acct</code> file format appeared in - <span class="Ux">Version 7 AT&T UNIX</span>. The current record - format was introduced on May 2007. It is backwards compatible with the - previous format, which is still documented in - <code class="In"><<a class="In">sys/acct.h</a>></code> and supported - by <a class="Xr">lastcomm(1)</a> and <a class="Xr">sa(8)</a>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">February 13, 2017</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/ar.5 3.html b/static/freebsd/man5/ar.5 3.html deleted file mode 100644 index 2f734903..00000000 --- a/static/freebsd/man5/ar.5 3.html +++ /dev/null @@ -1,240 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">AR(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">AR(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">ar</code> — <span class="Nd">archive file - format for <a class="Xr">ar(1)</a> and - <a class="Xr">ranlib(1)</a></span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">ar.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp"><a class="Xr">ar(1)</a> archives are created and managed by the - <a class="Xr">ar(1)</a> and <a class="Xr">ranlib(1)</a> utilities. These - archives are typically used during program development to hold libraries of - program objects. An <a class="Xr">ar(1)</a> archive is contained in a single - operating system file.</p> -<p class="Pp">This manual page documents two variants of the - <a class="Xr">ar(1)</a> archive format: the BSD archive format, and the - SVR4/GNU archive format.</p> -<p class="Pp">In both variants the archive file starts with an identifying byte - sequence of the seven ASCII characters - ‘<code class="Li">!<arch></code>’ followed by a ASCII - linefeed character (see the constant “ARMAG” in the header - file <code class="In"><<a class="In">ar.h</a>></code>).</p> -<p class="Pp">Archive members follow the initial identifying byte sequence. Each - archive member is prefixed by a fixed size header describing the file - attributes associated with the member.</p> -<section class="Ss"> -<h2 class="Ss" id="Archive_Headers"><a class="permalink" href="#Archive_Headers">Archive - Headers</a></h2> -<p class="Pp">An archive header describes the file attributes for the archive - member that follows it. The <code class="Nm">ar</code> format only supports - a limited number of attributes: the file name, the file creation time stamp, - the uid and gid of the creator, the file mode and the file size.</p> -<p class="Pp">Archive headers are placed at an even byte offset in the archive - file. If the data for an archive member ends at an odd byte offset, then a - padding byte with value 0x0A is used to position the next archive header on - an even byte offset.</p> -<p class="Pp">An archive header comprises the following fixed sized fields:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">ar_name</var></dt> - <dd>(16 bytes) The file name of the archive member. The format of this field - varies between the BSD and SVR4/GNU formats and is described in more - detail in the section - <a class="Sx" href="#Representing_File_Names">Representing File Names</a> - below.</dd> - <dt><var class="Ar">ar_date</var></dt> - <dd>(12 bytes) The file modification time for the member in seconds since the - epoch, encoded as a decimal number.</dd> - <dt><var class="Ar">ar_uid</var></dt> - <dd>(6 bytes) The uid associated with the archive member, encoded as a decimal - number.</dd> - <dt><var class="Ar">ar_gid</var></dt> - <dd>(6 bytes) The gid associated with the archive member, encoded as a decimal - number.</dd> - <dt><var class="Ar">ar_mode</var></dt> - <dd>(8 bytes) The file mode for the archive member, encoded as an octal - number.</dd> - <dt><var class="Ar">ar_size</var></dt> - <dd>(10 bytes) In the SVR4/GNU archive format this field holds the size in - bytes of the archive member, encoded as a decimal number. In the BSD - archive format, for short file names, this field holds the size in bytes - of the archive member, encoded as a decimal number. For long file names - (see <a class="Sx" href="#Representing_File_Names">Representing File - Names</a> below), the field contains the combined size of the archive - member and its file name, encoded as a decimal number.</dd> - <dt><var class="Ar">ar_fmag</var></dt> - <dd>(2 bytes) This field holds 2 bytes with values 0x96 and 0x0A respectively, - marking the end of the header.</dd> -</dl> -<p class="Pp">Unused bytes in the fields of an archive header are set to the - value 0x20.</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="Representing_File_Names"><a class="permalink" href="#Representing_File_Names">Representing - File Names</a></h2> -<p class="Pp">The BSD and SVR4/GNU variants use different schemes for encoding - file names for members.</p> -<dl class="Bl-tag"> - <dt>BSD</dt> - <dd>File names that are up to 16 bytes long and which do not contain embedded - spaces are stored directly in the <var class="Ar">ar_name</var> field of - the archive header. File names that are either longer than 16 bytes or - which contain embedded spaces are stored immediately after the archive - header and the <var class="Ar">ar_name</var> field of the archive header - is set to the string “#1/” followed by a decimal - representation of the number of bytes needed for the file name. In - addition, the <var class="Ar">ar_size</var> field of the archive header is - set to the decimal representation of the combined sizes of the archive - member and the file name. The file contents of the member follows the file - name without further padding. - <p class="Pp">As an example, if the file name for a member was “A - B” and its contents was the string “C D”, then the - <var class="Ar">ar_name</var> field of the header would contain - “<code class="Li">#1/3</code>”, the - <var class="Ar">ar_size</var> field of the header would contain - “<code class="Li">6</code>”, and the bytes immediately - following the header would be 0x41, 0x20, 0x42, 0x43, 0x20 and 0x44 - (ASCII “A BC D”).</p> - </dd> - <dt>SVR4/GNU</dt> - <dd>File names that are up to 15 characters long are stored directly in the - <var class="Ar">ar_name</var> field of the header, terminated by a - “<code class="Li">/</code>” character. - <p class="Pp">If the file name is larger than would fit in space for the - <var class="Ar">ar_name</var> field, then the actual file name is kept - in the archive string table (see - <a class="Sx" href="#Archive_String_Tables">Archive String Tables</a> - below), and the decimal offset of the file name in the string table is - stored in the <var class="Ar">ar_name</var> field, prefixed by a - “<code class="Li">/</code>” character.</p> - <p class="Pp">As an example, if the real file name has been stored at offset - 768 in the archive string table, the <var class="Ar">ar_name</var> field - of the header will contain the string “/768”.</p> - </dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="Special_Archive_Members"><a class="permalink" href="#Special_Archive_Members">Special - Archive Members</a></h2> -<p class="Pp">The following archive members are special.</p> -<dl class="Bl-tag"> - <dt>“<code class="Li">/</code>”</dt> - <dd>In the SVR4/GNU variant of the archive format, the archive member with - name “<code class="Li">/</code>” denotes an archive symbol - table. If present, this member will be the very first member in the - archive.</dd> - <dt>“<code class="Li">//</code>”</dt> - <dd>In the SVR4/GNU variant of the archive format, the archive member with - name “<code class="Li">//</code>” denotes the archive string - table. This special member is used to hold filenames that do not fit in - the file name field of the header (see - <a class="Sx" href="#Representing_File_Names">Representing File Names</a> - above). If present, this member immediately follows the archive symbol - table if an archive symbol table is present, or is the first member - otherwise.</dd> - <dt>“<code class="Li">__.SYMDEF</code>”</dt> - <dd>This special member contains the archive symbol table in the BSD variant - of the archive format. If present, this member will be the very first - member in the archive.</dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="Archive_String_Tables"><a class="permalink" href="#Archive_String_Tables">Archive - String Tables</a></h2> -<p class="Pp">An archive string table is used in the SVR4/GNU archive format to - hold file names that are too large to fit into the constraints of the - <var class="Ar">ar_name</var> field of the archive header. An archive string - table contains a sequence of file names. Each file name in the archive - string table is terminated by the byte sequence 0x2F, 0x0A (the ASCII string - “/\n”). No padding is used to separate adjacent file - names.</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="Archive_Symbol_Tables"><a class="permalink" href="#Archive_Symbol_Tables">Archive - Symbol Tables</a></h2> -<p class="Pp">Archive symbol tables are used to speed up link editing by - providing a mapping between the program symbols defined in the archive and - the corresponding archive members. Archive symbol tables are managed by the - <a class="Xr">ranlib(1)</a> utility.</p> -<p class="Pp">The format of archive symbol tables is as follows:</p> -<dl class="Bl-tag"> - <dt>BSD</dt> - <dd>In the BSD archive format, the archive symbol table comprises of two - parts: a part containing an array of <var class="Vt">struct ranlib</var> - descriptors, followed by a part containing a symbol string table. The - sizes and layout of the structures that make up a BSD format archive - symbol table are machine dependent. - <p class="Pp">The part containing <var class="Vt">struct ranlib</var> - descriptors begins with a field containing the size in bytes of the - array of <var class="Vt">struct ranlib</var> descriptors encoded as a C - <var class="Vt">long</var> value.</p> - <p class="Pp">The array of <var class="Vt">struct ranlib</var> descriptors - follows the size field. Each <var class="Vt">struct ranlib</var> - descriptor describes one symbol.</p> - <p class="Pp">A <var class="Vt">struct ranlib</var> descriptor comprises two - fields:</p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">ran_strx</var></dt> - <dd>(C <var class="Vt">long</var>) This field contains the zero-based - offset of the symbol name in the symbol string table.</dd> - <dt><var class="Ar">ran_off</var></dt> - <dd>(C <var class="Vt">long</var>) This field is the file offset to the - archive header for the archive member defining the symbol.</dd> - </dl> - <p class="Pp">The part containing the symbol string table begins with a - field containing the size in bytes of the string table, encoded as a C - <var class="Vt">long</var> value. This string table follows the size - field, and contains NUL-terminated strings for the symbols in the symbol - table.</p> - </dd> - <dt>SVR4/GNU</dt> - <dd>In the SVR4/GNU archive format, the archive symbol table starts with a - 4-byte binary value containing the number of entries contained in the - archive symbol table. This count of entries is stored most significant - byte first. - <p class="Pp">Next, there are <var class="Ar">count</var> 4-byte numbers, - each stored most significant byte first. Each number is a binary offset - to the archive header for the member in the archive file for the - corresponding symbol table entry.</p> - <p class="Pp">After the binary offset values, there are - <var class="Ar">count</var> NUL-terminated strings in sequence, holding - the symbol names for the corresponding symbol table entries.</p> - </dd> -</dl> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="STANDARDS_COMPLIANCE"><a class="permalink" href="#STANDARDS_COMPLIANCE">STANDARDS - COMPLIANCE</a></h1> -<p class="Pp">The <a class="Xr">ar(1)</a> archive format is not currently - specified by a standard.</p> -<p class="Pp">This manual page documents the <a class="Xr">ar(1)</a> archive - formats used by the <span class="Ux">4.4BSD</span> and - <span class="Ux">UNIX</span> SVR4 operating system releases.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">ar(1)</a>, <a class="Xr">ld(1)</a>, - <a class="Xr">ranlib(1)</a>, <a class="Xr">elf(3)</a>, - <a class="Xr">elf_getarsym(3)</a>, <a class="Xr">elf_rand(3)</a></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 28, 2010</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/bluetooth.device.conf.5 3.html b/static/freebsd/man5/bluetooth.device.conf.5 3.html deleted file mode 100644 index d0e3544c..00000000 --- a/static/freebsd/man5/bluetooth.device.conf.5 3.html +++ /dev/null @@ -1,133 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">BLUETOOTH.DEVICE.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">BLUETOOTH.DEVICE.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">bluetooth.device.conf</code> — - <span class="Nd">Bluetooth device configuration file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">Bluetooth device configuration framework provides ability to - adjust certain Bluetooth device parameters on per-device basis.</p> -<p class="Pp">Bluetooth device configuration files are plain text files that - should conform to basic <a class="Xr">sh(1)</a> syntax. Even though - Bluetooth device are not exactly shell scripts, they are parsed and passed - through shell <code class="Ic">eval</code> command. This makes it possible - to use various shell tricks in the Bluetooth device configuration files.</p> -<p class="Pp">The <span class="Pa">/etc/rc.d/bluetooth</span> script is used to - start and stop Bluetooth devices. This script is not executed by default - when system boots. It is called by <a class="Xr">devd(8)</a> in response to - Bluetooth device arrival and departure events. It is possible to execute - this script by hand if required. The script accepts Bluetooth device driver - name as an extra parameter.</p> -<p class="Pp">The system wide Bluetooth device configuration file is called - <span class="Pa">/etc/defaults/bluetooth.device.conf</span>. Configuration - parameters set in the system wide Bluetooth device configuration file apply - to every Bluetooth device connected to the system.</p> -<p class="Pp">Configuration parameters overrides for the specific Bluetooth - device should be placed in the - <span class="Pa">/etc/bluetooth/</span><var class="Ar">DEVICE_DRIVER_NAME</var><span class="Pa">.conf</span> - file. Where <var class="Ar">DEVICE_DRIVER_NAME</var> is the device driver - name of the Bluetooth device.</p> -<p class="Pp">The following list provides a name and short description for each - variable that can be set in a Bluetooth device configuration file.</p> -<dl class="Bl-tag"> - <dt id="authentication_enable"><var class="Va">authentication_enable</var></dt> - <dd>(<var class="Vt">bool</var>) The - <var class="Va">authentication_enable</var> parameter controls if the - device requires to authenticate the remote device at connection setup. If - set to “<code class="Li">YES</code>”, the device will try to - authenticate the other device at connection setup. Bluetooth - authentication requests are handled by <a class="Xr">hcsecd(8)</a> - daemon.</dd> - <dt id="class"><var class="Va">class</var></dt> - <dd>(<var class="Vt">str</var>) The <var class="Va">class</var> parameter is - used to indicate the capabilities of the device to other devices. For more - details see “Assigned Numbers - Bluetooth Baseband” - document.</dd> - <dt id="connectable"><var class="Va">connectable</var></dt> - <dd>(<var class="Vt">bool</var>) The <var class="Va">connectable</var> - parameter controls whether or not the device should periodically scan for - page attempts from other devices. If set to - “<code class="Li">YES</code>”, the device will periodically - scan for page attempts from other devices.</dd> - <dt id="discoverable"><var class="Va">discoverable</var></dt> - <dd>(<var class="Vt">bool</var>) The <var class="Va">discoverable</var> - parameter controls whether or not the device should periodically scan for - inquiry requests from other devices. If set to - “<code class="Li">YES</code>”, the device will periodically - scan for inquiry requests from other devices.</dd> - <dt id="encryption_mode"><var class="Va">encryption_mode</var></dt> - <dd>(<var class="Vt">str</var>) The <var class="Va">encryption_mode</var> - parameter controls if the device requires encryption to the remote device - at connection setup. At connection setup, only the devices with the - <var class="Va">authentication_enable</var> parameter enabled and - <var class="Va">encryption_mode</var> parameter enabled will try to - encrypt the connection to the other device. Possible values are - “<code class="Li">NONE</code>” encryption disabled, - “<code class="Li">P2P</code>” encryption for only - point-to-point packets, or “<code class="Li">ALL</code>” - encryption for both point-to-point and broadcast packets.</dd> - <dt id="hci_debug_level"><var class="Va">hci_debug_level</var></dt> - <dd>(<var class="Vt">int</var>) HCI node debug level. Higher values mean more - verbose output.</dd> - <dt id="l2cap_debug_level"><var class="Va">l2cap_debug_level</var></dt> - <dd>(<var class="Vt">int</var>) L2CAP node debug level. Higher values mean - more verbose output.</dd> - <dt id="local_name"><var class="Va">local_name</var></dt> - <dd>(<var class="Vt">str</var>) The <var class="Va">local_name</var> parameter - provides the ability to modify the user friendly name for the device.</dd> - <dt id="role_switch"><var class="Va">role_switch</var></dt> - <dd>(<var class="Vt">bool</var>) The <var class="Va">role_switch</var> - parameter controls whether the local device should perform role switch. By - default, if role switch is supported, the local device will try to perform - role switch and become Master on incoming connection. Some devices do not - support role switch and thus incoming connections from such devices will - fail. If <var class="Va">role switch</var> is disabled then accepting - device will remain Slave.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/defaults/bluetooth.device.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/etc/rc.d/bluetooth</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">The <span class="Pa">/etc/bluetooth/ubt0.conf</span> file should - be used to specify configuration parameters overrides for the first USB - Bluetooth device (device driver name is <code class="Li">ubt0</code>).</p> -<p class="Pp">The <span class="Pa">/etc/bluetooth/ubt1.conf</span> file should - be used to specify configuration parameters overrides for the second USB - Bluetooth device.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">ng_hci(4)</a>, <a class="Xr">ng_l2cap(4)</a>, - <a class="Xr">ng_ubt(4)</a>, <a class="Xr">devd(8)</a>, - <a class="Xr">hccontrol(8)</a>, <a class="Xr">hcsecd(8)</a>, - <a class="Xr">l2control(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Maksim Yevmenkin</span> - <<a class="Mt" href="mailto:m_evmenkin@yahoo.com">m_evmenkin@yahoo.com</a>></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">September 29, 2021</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/bluetooth.hosts.5 4.html b/static/freebsd/man5/bluetooth.hosts.5 4.html deleted file mode 100644 index 3e008a3a..00000000 --- a/static/freebsd/man5/bluetooth.hosts.5 4.html +++ /dev/null @@ -1,55 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">BLUETOOTH.HOSTS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">BLUETOOTH.HOSTS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">bluetooth.hosts</code> — - <span class="Nd">Bluetooth host name database</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <span class="Pa">/etc/bluetooth/hosts</span> file contains - information regarding the known Bluetooth hosts. For each Bluetooth host a - single line should be present with the following information:</p> -<div class="Bd Pp Bd-indent"> -<pre>Bluetooth address -official host name -aliases</pre> -</div> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A ‘<code class="Li">#</code>’ indicates the beginning of a - comment; characters up to the end of the line are not interpreted by - routines which search the file.</p> -<p class="Pp">Bluetooth addresses are specified as six hex bytes separated by - columns (BD_ADDR). Host names may contain any printable character other than - a field delimiter, newline, or comment character.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/bluetooth/hosts</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">bluetooth(3)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Maksim Yevmenkin</span> - <<a class="Mt" href="mailto:m_evmenkin@yahoo.com">m_evmenkin@yahoo.com</a>></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">May 8, 2003</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/bluetooth.protocols.5 4.html b/static/freebsd/man5/bluetooth.protocols.5 4.html deleted file mode 100644 index e4c9cc72..00000000 --- a/static/freebsd/man5/bluetooth.protocols.5 4.html +++ /dev/null @@ -1,56 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">BLUETOOTH.PROTOCOLS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">BLUETOOTH.PROTOCOLS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">bluetooth.protocols</code> — - <span class="Nd">Bluetooth Protocol Service Multiplexor database</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <span class="Pa">/etc/bluetooth/protocols</span> file contains - information regarding the known Bluetooth Protocol Service Multiplexor - values. For each Bluetooth Protocol Service Multiplexor a single line should - be present with the following information:</p> -<div class="Bd Pp Bd-indent"> -<pre>official Protocol Service Multiplexor name -official Protocol Service Multiplexor value -aliases</pre> -</div> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A ‘<code class="Li">#</code>’ indicates the beginning of a - comment; characters up to the end of the line are not interpreted by - routines which search the file.</p> -<p class="Pp">Bluetooth Protocol Service Multiplexor names may contain any - printable character other than a field delimiter, newline, or comment - character.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/bluetooth/protocols</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">bluetooth(3)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Maksim Yevmenkin</span> - <<a class="Mt" href="mailto:m_evmenkin@yahoo.com">m_evmenkin@yahoo.com</a>></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">May 8, 2003</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/boot.config.5 3.html b/static/freebsd/man5/boot.config.5 3.html deleted file mode 100644 index 4a9ec4ec..00000000 --- a/static/freebsd/man5/boot.config.5 3.html +++ /dev/null @@ -1,83 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">BOOT.CONFIG(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">BOOT.CONFIG(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">boot.config</code> — - <span class="Nd">Configuration file for the legacy boot blocks</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">boot.config</code> file contains options for - the <span class="Ux">FreeBSD</span> boot block code.</p> -<p class="Pp">When the first- and second-stage <span class="Ux">FreeBSD</span> - boot loaders run, they search the “<code class="Li">a</code>” - slice of the boot partition for a <code class="Nm">boot.config</code> file - (as a result, slices which are missing an - “<code class="Li">a</code>” partition require user - intervention during the boot process). If the - <code class="Nm">boot.config</code> file is found, its contents are used as - the default configuration options for the boot block code and are echoed to - the system console.</p> -<p class="Pp">A valid format of this file is to put BIOS drive number, a - controller type, a unit number, a partition, a kernel file name, and any - other valid <a class="Xr">boot(8)</a> option on a single line, as it is done - at the “<code class="Li">boot:</code>” prompt.</p> -<p class="Pp">The options related to the boot image selection described below - and all the other options available for <code class="Nm">boot.config</code> - are documented in detail in the <a class="Xr">boot(8)</a> manual page.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/boot.config</span></dt> - <dd>parameters for the boot blocks (optional)</dd> - <dt><span class="Pa">/boot/config</span></dt> - <dd>alternate location for boot config information</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">The command:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># echo "-P" > /boot.config</pre> -</div> -<p class="Pp">will activate the serial console of - <span class="Ux">FreeBSD</span> if no keyboard is present, otherwise video - console will be used.</p> -<p class="Pp">The command:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># echo "1:ad(1,a)/boot/loader" > /boot.config</pre> -</div> -<p class="Pp">will instruct the second stage of <a class="Xr">boot(8)</a> on the - first disk to boot with the third <a class="Xr">boot(8)</a> stage from the - second disk.</p> -<p class="Pp">The command:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># echo "1:ad(1,a)/boot/loader -P" > /boot.config</pre> -</div> -<p class="Pp">will do both of the above.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">boot(8)</a>, <a class="Xr">loader(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Daniel - Gerzo</span> - <<a class="Mt" href="mailto:danger@FreeBSD.org">danger@FreeBSD.org</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 14, 2025</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/core.5 3.html b/static/freebsd/man5/core.5 3.html deleted file mode 100644 index 167df948..00000000 --- a/static/freebsd/man5/core.5 3.html +++ /dev/null @@ -1,153 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">CORE(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">CORE(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">core</code> — <span class="Nd">memory - image file format</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">sys/param.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">A small number of signals which cause abnormal termination of a - process also cause a record of the process's in-core state to be written to - disk for later examination by one of the available debuggers. (See - <a class="Xr">sigaction(2)</a>.) This memory image is written to a file - named by default <code class="Nm">programname.core</code> in the working - directory; provided the terminated process had write permission in the - directory, and provided the abnormality did not cause a system crash. (In - this event, the decision to save the core file is arbitrary, see - <a class="Xr">savecore(8)</a>.)</p> -<p class="Pp">The name of the file is controlled via the - <a class="Xr">sysctl(8)</a> variable <var class="Va">kern.corefile</var>. - The contents of this variable describes a filename to store the core image - to. This filename can be absolute, or relative (which will resolve to the - current working directory of the program generating it).</p> -<p class="Pp">The following format specifiers may be used in the - <var class="Va">kern.corefile</var> sysctl to insert additional information - into the resulting core filename:</p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt id="_H"><a class="permalink" href="#_H"><i class="Em">%H</i></a></dt> - <dd>Machine hostname.</dd> - <dt id="_I"><a class="permalink" href="#_I"><i class="Em">%I</i></a></dt> - <dd>An index starting at zero until the sysctl - <a class="permalink" href="#debug.ncores"><i class="Em" id="debug.ncores">debug.ncores</i></a> - is reached. This can be useful for limiting the number of corefiles - generated by a particular process.</dd> - <dt id="_N"><a class="permalink" href="#_N"><i class="Em">%N</i></a></dt> - <dd>process name.</dd> - <dt id="_P"><a class="permalink" href="#_P"><i class="Em">%P</i></a></dt> - <dd>processes PID.</dd> - <dt id="_S"><a class="permalink" href="#_S"><i class="Em">%S</i></a></dt> - <dd>signal during core.</dd> - <dt id="_U"><a class="permalink" href="#_U"><i class="Em">%U</i></a></dt> - <dd>process UID.</dd> -</dl> -</div> -<p class="Pp" id="_N.core">The name defaults to - <a class="permalink" href="#_N.core"><i class="Em">%N.core</i></a>, yielding - the traditional <span class="Ux">FreeBSD</span> behaviour.</p> -<p class="Pp">The maximum size of a core file is limited by the - <code class="Dv">RLIMIT_CORE</code> <a class="Xr">setrlimit(2)</a> limit. - Files which would be larger than the limit are not created.</p> -<p class="Pp">With a large limit, a process that had mapped a very large, and - perhaps sparsely populated, virtual memory region, could take a very long - time to create core dumps. The system ignores all signals sent to a process - writing a core file, except <code class="Dv">SIGKILL</code> which terminates - the writing and causes immediate exit of the process. The behavior of - <code class="Dv">SIGKILL</code> can be disabled by setting tunable - <a class="Xr">sysctl(8)</a> variable - <var class="Va">kern.core_dump_can_intr</var> to zero.</p> -<p class="Pp">By default, a process that changes user or group credentials - whether real or effective will not create a corefile. This behaviour can be - changed to generate a core dump by setting the <a class="Xr">sysctl(8)</a> - variable <var class="Va">kern.sugid_coredump</var> to 1.</p> -<p class="Pp">Corefiles can be compressed by the kernel if one of the following - items are included in the kernel configuration file:</p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt>options</dt> - <dd>GZIO</dd> - <dt>options</dt> - <dd>ZSTDIO</dd> -</dl> -</div> -<p class="Pp">The following sysctl control core file compression:</p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt id="kern.compress_user_cores"><a class="permalink" href="#kern.compress_user_cores"><i class="Em">kern.compress_user_cores</i></a></dt> - <dd>Enable compression of user cores. A value of 1 configures - <a class="Xr">gzip(1)</a> compression, and a value of 2 configures - <a class="Xr">zstd(1)</a> compression. Compressed core files will have a - suffix of ‘<code class="Li">.gz</code>’ or - ‘<code class="Li">.zst</code>’ appended to their filenames - depending on the selected format.</dd> - <dt id="kern.compress_user_cores_level"><a class="permalink" href="#kern.compress_user_cores_level"><i class="Em">kern.compress_user_cores_level</i></a></dt> - <dd>Compression level. Defaults to 6.</dd> -</dl> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="NOTES"><a class="permalink" href="#NOTES">NOTES</a></h1> -<p class="Pp">Corefiles are written with open file descriptor information as an - ELF note. By default, file paths are packed to only use as much space as - needed. However, file paths can change at any time, including during core - dump, and this can result in truncated file descriptor data.</p> -<p class="Pp">All file descriptor information can be preserved by disabling - packing. This potentially wastes up to PATH_MAX bytes per open fd. Packing - is disabled with</p> -<div class="Bd Bd-indent"><code class="Li">sysctl - kern.coredump_pack_fileinfo=0</code></div> -. -<p class="Pp">Similarly, corefiles are written with vmmap information as an ELF - note, which contains file paths. By default, they are packed to only use as - much space as needed. By the same mechanism as for the open files note, - these paths can also change at any time and result in a truncated note.</p> -<p class="Pp">All vmmap information can be preserved by disabling packing. Like - the file information, this potentially wastes up to PATH_MAX bytes per - mapped object. Packing is disabled with</p> -<div class="Bd Bd-indent"><code class="Li">sysctl - kern.coredump_pack_vmmapinfo=0</code></div> -. -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">In order to store all core images in per-user private areas under - <span class="Pa">/var/coredumps</span> (assuming the appropriate - subdirectories exist and are writable by users), the following - <a class="Xr">sysctl(8)</a> command can be used:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">sysctl - kern.corefile=/var/coredumps/%U/%N.core</code></div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">gdb(1)</a> - (<span class="Pa">ports/devel/gdb</span>), <a class="Xr">gzip(1)</a>, - <a class="Xr">kgdb(1)</a> (<span class="Pa">ports/devel/gdb</span>), - <a class="Xr">setrlimit(2)</a>, <a class="Xr">sigaction(2)</a>, - <a class="Xr">sysctl(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">A <code class="Nm">core</code> file format appeared in - <span class="Ux">Version 1 AT&T UNIX</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">July 17, 2025</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/devfs.conf.5 3.html b/static/freebsd/man5/devfs.conf.5 3.html deleted file mode 100644 index d0871cd2..00000000 --- a/static/freebsd/man5/devfs.conf.5 3.html +++ /dev/null @@ -1,101 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">DEVFS.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">DEVFS.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">devfs.conf</code> — - <span class="Nd">boot-time devfs configuration information</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">devfs.conf</code> file provides an easy way - to set ownership and permissions, or create links for devices available at - boot.</p> -<p class="Pp">It does not work for devices plugged in and out after the system - is up and running, e.g. USB devices. See <a class="Xr">devfs.rules(5)</a> - for setting ownership and permissions for all device nodes, and - <a class="Xr">devd.conf(5)</a> for actions to be taken when devices are - attached or detached.</p> -<p class="Pp">Lines starting with a hash sign - (‘<code class="Li">#</code>’) and empty lines are ignored. The - lines that specify <code class="Nm">devfs.conf</code> rules consist of three - parameters separated by whitespace:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">action</var></dt> - <dd>The action to take for the device. The action names are only significant - to the first unique character.</dd> - <dt><var class="Ar">devname</var></dt> - <dd>The name of the device created by <a class="Xr">devfs(4)</a>.</dd> - <dt><var class="Ar">arg</var></dt> - <dd>The argument of the <var class="Ar">action</var>.</dd> -</dl> -<p class="Pp">The actions currently supported are:</p> -<dl class="Bl-tag"> - <dt id="link"><a class="permalink" href="#link"><code class="Ic">link</code></a></dt> - <dd>This action creates a symbolic link named <var class="Ar">arg</var> that - points to <var class="Ar">devname</var>, the name of the device created by - <a class="Xr">devfs(4)</a>.</dd> - <dt id="own"><a class="permalink" href="#own"><code class="Ic">own</code></a></dt> - <dd>This action changes the ownership of <var class="Ar">devname</var>. The - <var class="Ar">arg</var> parameter must be in the form of an - <var class="Ar">owner</var>:<var class="Ar">group</var> pair, in the same - format used by <a class="Xr">chown(8)</a>.</dd> - <dt id="perm"><a class="permalink" href="#perm"><code class="Ic">perm</code></a></dt> - <dd>This action changes the permissions of <var class="Ar">devname</var>. The - <var class="Ar">arg</var> parameter must be a <var class="Ar">mode</var> - as explained in <a class="Xr">chmod(1)</a>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/devfs.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/share/examples/etc/devfs.conf</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">To create a <span class="Pa">/dev/cdrom</span> link that points to - the first CD-ROM, the following may be added to - <code class="Nm">devfs.conf</code>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>link cd0 cdrom</pre> -</div> -<p class="Pp">To set the owner of a device, the <code class="Ic">own</code> - action may be specified:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>own cd0 root:cdrom</pre> -</div> -<p class="Pp">To set the permissions of a device, a <code class="Ic">perm</code> - action should be used:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>perm cd0 0660</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">chmod(1)</a>, <a class="Xr">devfs(4)</a>, - <a class="Xr">devd.conf(5)</a>, <a class="Xr">devfs.rules(5)</a>, - <a class="Xr">chown(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Roland - Smith</span> - <<a class="Mt" href="mailto:rsmith@xs4all.nl">rsmith@xs4all.nl</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">May 25, 2019</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/devfs.rules.5 3.html b/static/freebsd/man5/devfs.rules.5 3.html deleted file mode 100644 index e494c989..00000000 --- a/static/freebsd/man5/devfs.rules.5 3.html +++ /dev/null @@ -1,102 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">DEVFS.RULES(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">DEVFS.RULES(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">devfs.rules</code> — - <span class="Nd">devfs configuration information</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">devfs.rules</code> file provides an easy way - to create and apply <a class="Xr">devfs(8)</a> rules, even for devices that - are not available at boot.</p> -<p class="Pp">For devices available at boot, see - <a class="Xr">devfs.conf(5)</a>.</p> -<p class="Pp">The format of this file is simple. Empty lines and lines beginning - with a hash sign (‘<code class="Li">#</code>’) are ignored. A - line between brackets denotes the start of a ruleset. In the brackets should - be the name of the ruleset and its number, separated by an equal sign.</p> -<p class="Pp">Other lines are rule specifications as documented in - <a class="Xr">devfs(8)</a>, in the section - <a class="Sx" href="#Rule_Specification">Rule Specification</a>. These lines - are prepended with “<code class="Li">rule</code>” and are - passed to <a class="Xr">devfs(8)</a> by the startup scripts of the system. - It is important to put path elements that contain <a class="Xr">glob(3)</a> - special characters between quotes.</p> -<p class="Pp">Rulesets should have a unique name and number.</p> -<p class="Pp">All rules that follow a ruleset declaration belong to that - ruleset, until a new ruleset is started.</p> -<p class="Pp">One custom ruleset has to be enabled in - <span class="Pa">/etc/rc.conf</span>, otherwise it will not be applied to - the <span class="Pa">/dev</span> file system by the default system startup - process. For example, to enable a - “<code class="Li">localrules</code>” ruleset for the - <span class="Pa">/dev</span> file system, you would have to use something - like this in your <span class="Pa">rc.conf</span> file:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>devfs_system_ruleset="localrules"</pre> -</div> -<p class="Pp">The rules are loaded at boot via the devfs service. To load - modified rules after the system has booted, run the command:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>service devfs restart</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/defaults/devfs.rules</span></dt> - <dd>Default <code class="Nm">devfs.rules</code> configuration file.</dd> - <dt><span class="Pa">/etc/devfs.rules</span></dt> - <dd>Local <code class="Nm">devfs.rules</code> configuration file. Rulesets in - here override those in <span class="Pa">/etc/defaults/devfs.rules</span> - with the same ruleset number, otherwise the two files are effectively - merged.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">To make all the partitions of <a class="Xr">da(4)</a> devices - readable and writable by their owner and the - “<code class="Li">usb</code>” group, the following rule may be - used:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">[localrules=10]</code></div> -<div class="Bd Bd-indent"><code class="Li">add path 'da*s*' mode 0660 group - usb</code></div> -<p class="Pp">The first line declares and starts a new ruleset, with the name - <var class="Va">localrules</var> and the number 10.</p> -<p class="Pp">To give <a class="Xr">usbconfig(8)</a> and - <a class="Xr">libusb(3)</a> enabled applications permission to all usb - devices for their owner and the “<code class="Li">usb</code>” - group, a similar rule may be used:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">add path 'usb/*' mode 0660 group - usb</code></div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">glob(3)</a>, <a class="Xr">devfs(4)</a>, - <a class="Xr">devfs.conf(5)</a>, <a class="Xr">devfs(8)</a>, - <a class="Xr">service(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Roland - Smith</span> - <<a class="Mt" href="mailto:rsmith@xs4all.nl">rsmith@xs4all.nl</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">December 1, 2020</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/device.hints.5 3.html b/static/freebsd/man5/device.hints.5 3.html deleted file mode 100644 index 7f5bf403..00000000 --- a/static/freebsd/man5/device.hints.5 3.html +++ /dev/null @@ -1,122 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">DEVICE.HINTS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">DEVICE.HINTS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">device.hints</code> — - <span class="Nd">device resource hints</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">device.hints</code> file is read in by the - boot <a class="Xr">loader(8)</a> when the system is about to start, and its - contents are passed to the kernel. It contains various variables to control - the boot behavior of the kernel. These variables are typically - “device hints”, but can include any kernel tunable values.</p> -<p class="Pp">The file contains one variable per line. Lines starting with the - ‘<code class="Li">#</code>’ character are comments and are - ignored by the boot loader.</p> -<p class="Pp">After the file is read by the boot loader, you may examine the - variables with the <code class="Ic">show</code> command, and may add a new - variable, modify an existing one, or delete a variable with the - <code class="Ic">set</code> and <code class="Ic">unset</code> commands of - the boot loader (see <a class="Xr">loader(8)</a>).</p> -<p class="Pp">After the system has started, you can dump these variables with - the <a class="Xr">kenv(1)</a> command.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DEVICE_HINTS"><a class="permalink" href="#DEVICE_HINTS">DEVICE - HINTS</a></h1> -<p class="Pp">Device hint variables are used by device drivers to set up the - device. They are most often used by ISA device drivers to specify where the - driver will probe for the relevant devices, and what resources it will - attempt to use.</p> -<p class="Pp">A device hint line looks like:</p> -<p class="Pp"></p> -<div class="Bd - Bd-indent"><code class="Li">hint.</code><var class="Ar">driver</var>.<var class="Ar">unit</var>.<var class="Ar">keyword</var><code class="Li">=</code>"<var class="Ar">value</var>"</div> -<p class="Pp">where <var class="Ar">driver</var> is the name of a device driver, - <var class="Ar">unit</var> is the unit number, and - <var class="Ar">keyword</var> is the keyword of the hint. The keyword may - be:</p> -<p class="Pp"></p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt id="at"><a class="permalink" href="#at"><code class="Li">at</code></a></dt> - <dd>specifies a bus to which the device is attached.</dd> - <dt id="port"><a class="permalink" href="#port"><code class="Li">port</code></a></dt> - <dd>specifies the start address of I/O ports to be used by the device.</dd> - <dt id="portsize"><a class="permalink" href="#portsize"><code class="Li">portsize</code></a></dt> - <dd>specifies the number of ports used by the device.</dd> - <dt id="irq"><a class="permalink" href="#irq"><code class="Li">irq</code></a></dt> - <dd>is the interrupt line number to be used.</dd> - <dt id="drq"><a class="permalink" href="#drq"><code class="Li">drq</code></a></dt> - <dd>is the DMA channel number.</dd> - <dt id="maddr"><a class="permalink" href="#maddr"><code class="Li">maddr</code></a></dt> - <dd>specifies the physical memory address used by the device.</dd> - <dt id="msize"><a class="permalink" href="#msize"><code class="Li">msize</code></a></dt> - <dd>specifies the physical memory size used by the device.</dd> - <dt id="flags"><a class="permalink" href="#flags"><code class="Li">flags</code></a></dt> - <dd>sets various flag bits for the device.</dd> - <dt id="disabled"><a class="permalink" href="#disabled"><code class="Li">disabled</code></a></dt> - <dd>can be set to "1" to disable the device.</dd> -</dl> -</div> -<p class="Pp">A device driver may require one or more hint lines with these - keywords, and may accept other keywords not listed here, through - <a class="Xr">resource_int_value(9)</a>. Consult individual device drivers' - manual pages for available keywords and their possible values.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/boot/device.hints</span></dt> - <dd>Device resource hints file.</dd> - <dt><span class="Pa">/sys/</span><var class="Ar">ARCH</var><span class="Pa">/conf/GENERIC.hints</span></dt> - <dd>Sample resource hints for the <span class="Pa">GENERIC</span> kernel.</dd> - <dt><span class="Pa">/sys/</span><var class="Ar">ARCH</var><span class="Pa">/conf/NOTES</span></dt> - <dd>Notes on the kernel configuration file and device resource hints.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">The following example sets up resources for the - <a class="Xr">uart(4)</a> driver on the ISA bus:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>hint.uart.0.at="isa" -hint.uart.0.port="0x3F8" -hint.uart.0.flags="0x10" -hint.uart.0.irq="4"</pre> -</div> -<p class="Pp">The following example disables the ACPI driver:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>hint.acpi.0.disabled="1"</pre> -</div> -<p class="Pp">Setting a tunable variable:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>vm.pmap.pg_ps_enabled=1</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">kenv(1)</a>, <a class="Xr">loader.conf(5)</a>, - <a class="Xr">loader(8)</a>, <a class="Xr">resource_int_value(9)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">device.hints</code> file first appeared in - <span class="Ux">FreeBSD 5.0</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 19, 2019</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/dir.5 3.html b/static/freebsd/man5/dir.5 3.html deleted file mode 100644 index 26114da9..00000000 --- a/static/freebsd/man5/dir.5 3.html +++ /dev/null @@ -1,141 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">DIR(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">DIR(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">dir</code>, <code class="Nm">dirent</code> - — <span class="Nd">directory file format</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">dirent.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">Directories provide a convenient hierarchical method of grouping - files while obscuring the underlying details of the storage medium. A - directory file is differentiated from a plain file by a flag in its - <a class="Xr">inode(5)</a> entry. It consists of records (directory entries) - each of which contains information about a file and a pointer to the file - itself. Directory entries may contain other directories as well as plain - files; such nested directories are referred to as subdirectories. A - hierarchy of directories and files is formed in this manner and is called a - file system (or referred to as a file system tree).</p> -<p class="Pp">Each directory file contains two special directory entries; one is - a pointer to the directory itself called dot - ‘<code class="Li">.</code>’ and the other a pointer to its - parent directory called dot-dot ‘<code class="Li">..</code>’. - Dot and dot-dot are valid pathnames, however, the system root directory - ‘<code class="Li">/</code>’, has no parent and dot-dot points - to itself like dot.</p> -<p class="Pp">File system nodes are ordinary directory files on which has been - grafted a file system object, such as a physical disk or a partitioned area - of such a disk. (See <a class="Xr">mount(2)</a> and - <a class="Xr">mount(8)</a>.)</p> -<p class="Pp">The directory entry format is defined in the file - <code class="In"><<a class="In">sys/dirent.h</a>></code> (which should - not be included directly by applications):</p> -<div class="Bd Pp Li"> -<pre>#ifndef _SYS_DIRENT_H_ -#define _SYS_DIRENT_H_ - -#include <machine/ansi.h> - -/* - * The dirent structure defines the format of directory entries returned by - * the getdirentries(2) system call. - * - * A directory entry has a struct dirent at the front of it, containing its - * inode number, the length of the entry, and the length of the name - * contained in the entry. These are followed by the name padded to a 8 - * byte boundary with null bytes. All names are guaranteed null terminated. - * The maximum length of a name in a directory is MAXNAMLEN. - * Explicit pad is added between the last member of the header and - * d_name, to avoid having the ABI padding in the end of dirent on - * LP64 arches. There is code depending on d_name being last. Also, - * keeping this pad for ILP32 architectures simplifies compat32 layer. - */ - -struct dirent { - ino_t d_fileno; /* file number of entry */ - off_t d_off; /* directory offset of the next entry */ - __uint16_t d_reclen; /* length of this record */ - __uint8_t d_type; /* file type, see below */ - __uint8_t d_namlen; /* length of string in d_name */ - __uint32_t d_pad0; -#if __BSD_VISIBLE -#define MAXNAMLEN 255 - char d_name[MAXNAMLEN + 1]; /* name must be no longer than this */ -#else - char d_name[255 + 1]; /* name must be no longer than this */ -#endif -}; - -/* - * File types - */ -#define DT_UNKNOWN 0 -#define DT_FIFO 1 -#define DT_CHR 2 -#define DT_DIR 4 -#define DT_BLK 6 -#define DT_REG 8 -#define DT_LNK 10 -#define DT_SOCK 12 -#define DT_WHT 14 - -/* - * Convert between stat structure types and directory types. - */ -#define IFTODT(mode) (((mode) & 0170000) >> 12) -#define DTTOIF(dirtype) ((dirtype) << 12) - -/* - * The _GENERIC_DIRSIZ macro gives the minimum record length which will hold - * the directory entry. This returns the amount of space in struct direct - * without the d_name field, plus enough space for the name with a terminating - * null byte (dp->d_namlen+1), rounded up to a 8 byte boundary. - * - * XXX although this macro is in the implementation namespace, it requires - * a manifest constant that is not. - */ -#define _GENERIC_DIRLEN(namlen) ((__offsetof(struct dirent, d_name) + (namlen) + 1 + 7) & ~7) -#define _GENERIC_DIRSIZ(dp) _GENERIC_DIRLEN((dp)->d_namlen) -#endif /* __BSD_VISIBLE */ - -#ifdef _KERNEL -#define GENERIC_DIRSIZ(dp) _GENERIC_DIRSIZ(dp) -#endif - -#endif /* !_SYS_DIRENT_H_ */</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">fs(5)</a>, <a class="Xr">inode(5)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">A <code class="Nm">dir</code> file format appeared in - <span class="Ux">Version 7 AT&T UNIX</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">The usage of the member d_type of struct dirent is unportable as - it is <span class="Ux">FreeBSD</span>-specific. It also may fail on certain - file systems, for example the cd9660 file system.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 14, 2018</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/disktab.5 3.html b/static/freebsd/man5/disktab.5 3.html deleted file mode 100644 index 7370497d..00000000 --- a/static/freebsd/man5/disktab.5 3.html +++ /dev/null @@ -1,333 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">DISKTAB(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">DISKTAB(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">disktab</code> — <span class="Nd">disk - description file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">disklabel.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp"><code class="Nm">Disktab</code> is a simple database which - describes disk geometries and disk partition characteristics. It is used to - initialize the disk label on the disk. The format is patterned after the - <a class="Xr">termcap(5)</a> terminal data base. Entries in - <code class="Nm">disktab</code> consist of a number of `:'-separated fields. - The first field for each entry gives the names by which a disk's entry may - be selected, separated by `|' characters. The last name given should be a - long name fully identifying the disk.</p> -<p class="Pp">The optional fields for each entry are:</p> -<table class="Bl-column"> - <tr id="ID"> - <td><a class="permalink" href="#ID"><b class="Sy">ID</b></a></td> - <td>Type</td> - <td>Description</td> - </tr> - <tr> - <td>ty</td> - <td>str</td> - <td>Type of disk (e.g. removable, winchester)</td> - </tr> - <tr> - <td>dt</td> - <td>str</td> - <td>Type of controller (e.g. SMD, ESDI, floppy)</td> - </tr> - <tr> - <td>ns</td> - <td>num</td> - <td>Number of sectors per track</td> - </tr> - <tr> - <td>nt</td> - <td>num</td> - <td>Number of tracks per cylinder</td> - </tr> - <tr> - <td>nc</td> - <td>num</td> - <td>Total number of cylinders on the disk</td> - </tr> - <tr> - <td>sc</td> - <td>num</td> - <td>Number of sectors per cylinder, ns*nt default</td> - </tr> - <tr> - <td>su</td> - <td>num</td> - <td>Number of sectors per unit, sc*nc default</td> - </tr> - <tr> - <td>se</td> - <td>num</td> - <td>Sector size in bytes, <code class="Dv">DEV_BSIZE</code> default</td> - </tr> - <tr> - <td>sf</td> - <td>bool</td> - <td>Controller supports bad144-style bad sector forwarding</td> - </tr> - <tr> - <td>rm</td> - <td>num</td> - <td>Rotation speed, rpm, 3600 default</td> - </tr> - <tr> - <td>sk</td> - <td>num</td> - <td>Sector skew per track, default 0</td> - </tr> - <tr> - <td>cs</td> - <td>num</td> - <td>Sector skew per cylinder, default 0</td> - </tr> - <tr> - <td>hs</td> - <td>num</td> - <td>Headswitch time, usec, default 0</td> - </tr> - <tr> - <td>ts</td> - <td>num</td> - <td>One-cylinder seek time, usec, default 0</td> - </tr> - <tr> - <td>il</td> - <td>num</td> - <td>Sector interleave (n:1), 1 default</td> - </tr> - <tr> - <td>d[0-4]</td> - <td>num</td> - <td>Drive-type-dependent parameters</td> - </tr> - <tr> - <td>bs</td> - <td>num</td> - <td>Boot block size, default <code class="Dv">BBSIZE</code></td> - </tr> - <tr> - <td>sb</td> - <td>num</td> - <td>Superblock size, default 0</td> - </tr> - <tr> - <td>ba</td> - <td>num</td> - <td>Block size for partition `a' (bytes)</td> - </tr> - <tr> - <td>bd</td> - <td>num</td> - <td>Block size for partition `d' (bytes)</td> - </tr> - <tr> - <td>be</td> - <td>num</td> - <td>Block size for partition `e' (bytes)</td> - </tr> - <tr> - <td>bf</td> - <td>num</td> - <td>Block size for partition `f' (bytes)</td> - </tr> - <tr> - <td>bg</td> - <td>num</td> - <td>Block size for partition `g' (bytes)</td> - </tr> - <tr> - <td>bh</td> - <td>num</td> - <td>Block size for partition `h' (bytes)</td> - </tr> - <tr> - <td>fa</td> - <td>num</td> - <td>Fragment size for partition `a' (bytes)</td> - </tr> - <tr> - <td>fd</td> - <td>num</td> - <td>Fragment size for partition `d' (bytes)</td> - </tr> - <tr> - <td>fe</td> - <td>num</td> - <td>Fragment size for partition `e' (bytes)</td> - </tr> - <tr> - <td>ff</td> - <td>num</td> - <td>Fragment size for partition `f' (bytes)</td> - </tr> - <tr> - <td>fg</td> - <td>num</td> - <td>Fragment size for partition `g' (bytes)</td> - </tr> - <tr> - <td>fh</td> - <td>num</td> - <td>Fragment size for partition `h' (bytes)</td> - </tr> - <tr> - <td>oa</td> - <td>num</td> - <td>Offset of partition `a' in sectors</td> - </tr> - <tr> - <td>ob</td> - <td>num</td> - <td>Offset of partition `b' in sectors</td> - </tr> - <tr> - <td>oc</td> - <td>num</td> - <td>Offset of partition `c' in sectors</td> - </tr> - <tr> - <td>od</td> - <td>num</td> - <td>Offset of partition `d' in sectors</td> - </tr> - <tr> - <td>oe</td> - <td>num</td> - <td>Offset of partition `e' in sectors</td> - </tr> - <tr> - <td>of</td> - <td>num</td> - <td>Offset of partition `f' in sectors</td> - </tr> - <tr> - <td>og</td> - <td>num</td> - <td>Offset of partition `g' in sectors</td> - </tr> - <tr> - <td>oh</td> - <td>num</td> - <td>Offset of partition `h' in sectors</td> - </tr> - <tr> - <td>pa</td> - <td>num</td> - <td>Size of partition `a' in sectors</td> - </tr> - <tr> - <td>pb</td> - <td>num</td> - <td>Size of partition `b' in sectors</td> - </tr> - <tr> - <td>pc</td> - <td>num</td> - <td>Size of partition `c' in sectors</td> - </tr> - <tr> - <td>pd</td> - <td>num</td> - <td>Size of partition `d' in sectors</td> - </tr> - <tr> - <td>pe</td> - <td>num</td> - <td>Size of partition `e' in sectors</td> - </tr> - <tr> - <td>pf</td> - <td>num</td> - <td>Size of partition `f' in sectors</td> - </tr> - <tr> - <td>pg</td> - <td>num</td> - <td>Size of partition `g' in sectors</td> - </tr> - <tr> - <td>ph</td> - <td>num</td> - <td>Size of partition `h' in sectors</td> - </tr> - <tr> - <td>ta</td> - <td>str</td> - <td>Partition type of partition `a' (<span class="Ux">4.2BSD</span> file - system, swap, etc)</td> - </tr> - <tr> - <td>tb</td> - <td>str</td> - <td>Partition type of partition `b'</td> - </tr> - <tr> - <td>tc</td> - <td>str</td> - <td>Partition type of partition `c'</td> - </tr> - <tr> - <td>td</td> - <td>str</td> - <td>Partition type of partition `d'</td> - </tr> - <tr> - <td>te</td> - <td>str</td> - <td>Partition type of partition `e'</td> - </tr> - <tr> - <td>tf</td> - <td>str</td> - <td>Partition type of partition `f'</td> - </tr> - <tr> - <td>tg</td> - <td>str</td> - <td>Partition type of partition `g'</td> - </tr> - <tr> - <td>th</td> - <td>str</td> - <td>Partition type of partition `h'</td> - </tr> -</table> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/disktab</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">getdiskbyname(3)</a>, <a class="Xr">bsdlabel(8)</a>, - <a class="Xr">newfs(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">disktab</code> description file appeared in - <span class="Ux">4.2BSD</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 14, 2006</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/elf.5 3.html b/static/freebsd/man5/elf.5 3.html deleted file mode 100644 index 195189f0..00000000 --- a/static/freebsd/man5/elf.5 3.html +++ /dev/null @@ -1,1172 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">ELF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">ELF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">elf</code> — <span class="Nd">format of - ELF executable binary files</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">elf.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The header file - <code class="In"><<a class="In">elf.h</a>></code> defines the format - of ELF executable binary files. Amongst these files are normal executable - files, relocatable object files, core files and shared libraries.</p> -<p class="Pp">An executable file using the ELF file format consists of an ELF - header, followed by a program header table or a section header table, or - both. The ELF header is always at offset zero of the file. The program - header table and the section header table's offset in the file are defined - in the ELF header. The two tables describe the rest of the particularities - of the file.</p> -<p class="Pp">Applications which wish to process ELF binary files for their - native architecture only should include - <code class="In"><<a class="In">elf.h</a>></code> in their source - code. These applications should need to refer to all the types and - structures by their generic names “Elf_xxx” and to the macros - by “ELF_xxx”. Applications written this way can be compiled on - any architecture, regardless whether the host is 32-bit or 64-bit.</p> -<p class="Pp">Should an application need to process ELF files of an unknown - architecture then the application needs to include both - <code class="In"><<a class="In">sys/elf32.h</a>></code> and - <code class="In"><<a class="In">sys/elf64.h</a>></code> instead of - <code class="In"><<a class="In">elf.h</a>></code>. Furthermore, all - types and structures need to be identified by either - “Elf32_xxx” or “Elf64_xxx”. The macros need to - be identified by “ELF32_xxx” or “ELF64_xxx”.</p> -<p class="Pp">Whatever the system's architecture is, it will always include - <code class="In"><<a class="In">sys/elf_common.h</a>></code> as well - as <code class="In"><<a class="In">sys/elf_generic.h</a>></code>.</p> -<p class="Pp">These header files describe the above mentioned headers as C - structures and also include structures for dynamic sections, relocation - sections and symbol tables.</p> -<p class="Pp">The following types are being used for 32-bit architectures:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>Elf32_Addr Unsigned 32-bit program address -Elf32_Half Unsigned 16-bit field -Elf32_Lword Unsigned 64-bit field -Elf32_Off Unsigned 32-bit file offset -Elf32_Sword Signed 32-bit field or integer -Elf32_Word Unsigned 32-bit field or integer</pre> -</div> -<p class="Pp">For 64-bit architectures we have the following types:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>Elf64_Addr Unsigned 64-bit program address -Elf64_Half Unsigned 16-bit field -Elf64_Lword Unsigned 64-bit field -Elf64_Off Unsigned 64-bit file offset -Elf64_Sword Signed 32-bit field -Elf64_Sxword Signed 64-bit field or integer -Elf64_Word Unsigned 32-bit field -Elf64_Xword Unsigned 64-bit field or integer</pre> -</div> -<p class="Pp">All data structures that the file format defines follow the - “natural” size and alignment guidelines for the relevant - class. If necessary, data structures contain explicit padding to ensure - 4-byte alignment for 4-byte objects, to force structure sizes to a multiple - of 4, etc.</p> -<p class="Pp">The ELF header is described by the type Elf32_Ehdr or - Elf64_Ehdr:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - unsigned char e_ident[EI_NIDENT]; - Elf32_Half e_type; - Elf32_Half e_machine; - Elf32_Word e_version; - Elf32_Addr e_entry; - Elf32_Off e_phoff; - Elf32_Off e_shoff; - Elf32_Word e_flags; - Elf32_Half e_ehsize; - Elf32_Half e_phentsize; - Elf32_Half e_phnum; - Elf32_Half e_shentsize; - Elf32_Half e_shnum; - Elf32_Half e_shstrndx; -} Elf32_Ehdr;</pre> -</div> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - unsigned char e_ident[EI_NIDENT]; - Elf64_Half e_type; - Elf64_Half e_machine; - Elf64_Word e_version; - Elf64_Addr e_entry; - Elf64_Off e_phoff; - Elf64_Off e_shoff; - Elf64_Word e_flags; - Elf64_Half e_ehsize; - Elf64_Half e_phentsize; - Elf64_Half e_phnum; - Elf64_Half e_shentsize; - Elf64_Half e_shnum; - Elf64_Half e_shstrndx; -} Elf64_Ehdr;</pre> -</div> -<p class="Pp">The fields have the following meanings:</p> -<p class="Pp"></p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt id="e_ident"><a class="permalink" href="#e_ident"><code class="Dv">e_ident</code></a></dt> - <dd>This array of bytes specifies to interpret the file, independent of the - processor or the file's remaining contents. Within this array everything - is named by macros, which start with the prefix - <a class="permalink" href="#EI_"><b class="Sy" id="EI_">EI_</b></a> and - may contain values which start with the prefix - <a class="permalink" href="#ELF"><b class="Sy" id="ELF">ELF</b></a>. The - following macros are defined: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="EI_MAG0"><a class="permalink" href="#EI_MAG0"><code class="Dv">EI_MAG0</code></a></dt> - <dd>The first byte of the magic number. It must be filled with - <a class="permalink" href="#ELFMAG0"><b class="Sy" id="ELFMAG0">ELFMAG0</b></a>.</dd> - <dt id="EI_MAG1"><a class="permalink" href="#EI_MAG1"><code class="Dv">EI_MAG1</code></a></dt> - <dd>The second byte of the magic number. It must be filled with - <a class="permalink" href="#ELFMAG1"><b class="Sy" id="ELFMAG1">ELFMAG1</b></a>.</dd> - <dt id="EI_MAG2"><a class="permalink" href="#EI_MAG2"><code class="Dv">EI_MAG2</code></a></dt> - <dd>The third byte of the magic number. It must be filled with - <a class="permalink" href="#ELFMAG2"><b class="Sy" id="ELFMAG2">ELFMAG2</b></a>.</dd> - <dt id="EI_MAG3"><a class="permalink" href="#EI_MAG3"><code class="Dv">EI_MAG3</code></a></dt> - <dd>The fourth byte of the magic number. It must be filled with - <a class="permalink" href="#ELFMAG3"><b class="Sy" id="ELFMAG3">ELFMAG3</b></a>.</dd> - <dt id="EI_CLASS"><a class="permalink" href="#EI_CLASS"><code class="Dv">EI_CLASS</code></a></dt> - <dd>The fifth byte identifies the architecture for this binary: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="ELFCLASSNONE"><a class="permalink" href="#ELFCLASSNONE"><code class="Dv">ELFCLASSNONE</code></a></dt> - <dd>This class is invalid.</dd> - <dt id="ELFCLASS32"><a class="permalink" href="#ELFCLASS32"><code class="Dv">ELFCLASS32</code></a></dt> - <dd>This defines the 32-bit architecture. It supports machines with - files and virtual address spaces up to 4 Gigabytes.</dd> - <dt id="ELFCLASS64"><a class="permalink" href="#ELFCLASS64"><code class="Dv">ELFCLASS64</code></a></dt> - <dd>This defines the 64-bit architecture.</dd> - </dl> - </dd> - <dt id="EI_DATA"><a class="permalink" href="#EI_DATA"><code class="Dv">EI_DATA</code></a></dt> - <dd>The sixth byte specifies the data encoding of the processor-specific - data in the file. Currently these encodings are supported: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="ELFDATANONE"><a class="permalink" href="#ELFDATANONE"><code class="Dv">ELFDATANONE</code></a></dt> - <dd>Unknown data format.</dd> - <dt id="ELFDATA2LSB"><a class="permalink" href="#ELFDATA2LSB"><code class="Dv">ELFDATA2LSB</code></a></dt> - <dd>Two's complement, little-endian.</dd> - <dt id="ELFDATA2MSB"><a class="permalink" href="#ELFDATA2MSB"><code class="Dv">ELFDATA2MSB</code></a></dt> - <dd>Two's complement, big-endian.</dd> - </dl> - </dd> - <dt id="EI_VERSION"><a class="permalink" href="#EI_VERSION"><code class="Dv">EI_VERSION</code></a></dt> - <dd>The version number of the ELF specification: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="EV_NONE"><a class="permalink" href="#EV_NONE"><code class="Dv">EV_NONE</code></a></dt> - <dd>Invalid version.</dd> - <dt id="EV_CURRENT"><a class="permalink" href="#EV_CURRENT"><code class="Dv">EV_CURRENT</code></a></dt> - <dd>Current version.</dd> - </dl> - </dd> - <dt id="EI_OSABI"><a class="permalink" href="#EI_OSABI"><code class="Dv">EI_OSABI</code></a></dt> - <dd>This byte identifies the operating system and ABI to which the object - is targeted. Some fields in other ELF structures have flags and values - that have platform specific meanings; the interpretation of those - fields is determined by the value of this byte. The following values - are currently defined: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="ELFOSABI_SYSV"><a class="permalink" href="#ELFOSABI_SYSV"><code class="Dv">ELFOSABI_SYSV</code></a></dt> - <dd>UNIX System V ABI.</dd> - <dt id="ELFOSABI_HPUX"><a class="permalink" href="#ELFOSABI_HPUX"><code class="Dv">ELFOSABI_HPUX</code></a></dt> - <dd>HP-UX operating system ABI.</dd> - <dt id="ELFOSABI_NETBSD"><a class="permalink" href="#ELFOSABI_NETBSD"><code class="Dv">ELFOSABI_NETBSD</code></a></dt> - <dd><span class="Ux">NetBSD</span> operating system ABI.</dd> - <dt id="ELFOSABI_LINUX"><a class="permalink" href="#ELFOSABI_LINUX"><code class="Dv">ELFOSABI_LINUX</code></a></dt> - <dd>GNU/Linux operating system ABI.</dd> - <dt id="ELFOSABI_HURD"><a class="permalink" href="#ELFOSABI_HURD"><code class="Dv">ELFOSABI_HURD</code></a></dt> - <dd>GNU/Hurd operating system ABI.</dd> - <dt id="ELFOSABI_86OPEN"><a class="permalink" href="#ELFOSABI_86OPEN"><code class="Dv">ELFOSABI_86OPEN</code></a></dt> - <dd>86Open Common IA32 ABI.</dd> - <dt id="ELFOSABI_SOLARIS"><a class="permalink" href="#ELFOSABI_SOLARIS"><code class="Dv">ELFOSABI_SOLARIS</code></a></dt> - <dd>Solaris operating system ABI.</dd> - <dt id="ELFOSABI_MONTEREY"><a class="permalink" href="#ELFOSABI_MONTEREY"><code class="Dv">ELFOSABI_MONTEREY</code></a></dt> - <dd>Monterey project ABI.</dd> - <dt id="ELFOSABI_IRIX"><a class="permalink" href="#ELFOSABI_IRIX"><code class="Dv">ELFOSABI_IRIX</code></a></dt> - <dd>IRIX operating system ABI.</dd> - <dt id="ELFOSABI_FREEBSD"><a class="permalink" href="#ELFOSABI_FREEBSD"><code class="Dv">ELFOSABI_FREEBSD</code></a></dt> - <dd><span class="Ux">FreeBSD</span> operating system ABI.</dd> - <dt id="ELFOSABI_TRU64"><a class="permalink" href="#ELFOSABI_TRU64"><code class="Dv">ELFOSABI_TRU64</code></a></dt> - <dd>TRU64 UNIX operating system ABI.</dd> - <dt id="ELFOSABI_ARM"><a class="permalink" href="#ELFOSABI_ARM"><code class="Dv">ELFOSABI_ARM</code></a></dt> - <dd>ARM architecture ABI.</dd> - <dt id="ELFOSABI_STANDALONE"><a class="permalink" href="#ELFOSABI_STANDALONE"><code class="Dv">ELFOSABI_STANDALONE</code></a></dt> - <dd>Standalone (embedded) ABI.</dd> - </dl> - </dd> - <dt id="EI_ABIVERSION"><a class="permalink" href="#EI_ABIVERSION"><code class="Dv">EI_ABIVERSION</code></a></dt> - <dd>This byte identifies the version of the ABI to which the object is - targeted. This field is used to distinguish among incompatible - versions of an ABI. The interpretation of this version number is - dependent on the ABI identified by the EI_OSABI field. Applications - conforming to this specification use the value 0.</dd> - <dt id="EI_PAD"><a class="permalink" href="#EI_PAD"><code class="Dv">EI_PAD</code></a></dt> - <dd>Start of padding. These bytes are reserved and set to zero. Programs - which read them should ignore them. The value for EI_PAD will change - in the future if currently unused bytes are given meanings.</dd> - <dt id="EI_BRAND"><a class="permalink" href="#EI_BRAND"><code class="Dv">EI_BRAND</code></a></dt> - <dd>Start of architecture identification.</dd> - <dt id="EI_NIDENT"><a class="permalink" href="#EI_NIDENT"><code class="Dv">EI_NIDENT</code></a></dt> - <dd>The size of the e_ident array.</dd> - </dl> - <p class="Pp"></p> - </dd> - <dt id="e_type"><a class="permalink" href="#e_type"><code class="Dv">e_type</code></a></dt> - <dd>This member of the structure identifies the object file type: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="ET_NONE"><a class="permalink" href="#ET_NONE"><code class="Dv">ET_NONE</code></a></dt> - <dd>An unknown type.</dd> - <dt id="ET_REL"><a class="permalink" href="#ET_REL"><code class="Dv">ET_REL</code></a></dt> - <dd>A relocatable file.</dd> - <dt id="ET_EXEC"><a class="permalink" href="#ET_EXEC"><code class="Dv">ET_EXEC</code></a></dt> - <dd>An executable file.</dd> - <dt id="ET_DYN"><a class="permalink" href="#ET_DYN"><code class="Dv">ET_DYN</code></a></dt> - <dd>A shared object.</dd> - <dt id="ET_CORE"><a class="permalink" href="#ET_CORE"><code class="Dv">ET_CORE</code></a></dt> - <dd>A core file.</dd> - </dl> - <p class="Pp"></p> - </dd> - <dt id="e_machine"><a class="permalink" href="#e_machine"><code class="Dv">e_machine</code></a></dt> - <dd>This member specifies the required architecture for an individual file: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="EM_NONE"><a class="permalink" href="#EM_NONE"><code class="Dv">EM_NONE</code></a></dt> - <dd>An unknown machine.</dd> - <dt id="EM_M32"><a class="permalink" href="#EM_M32"><code class="Dv">EM_M32</code></a></dt> - <dd>AT&T WE 32100.</dd> - <dt id="EM_SPARC"><a class="permalink" href="#EM_SPARC"><code class="Dv">EM_SPARC</code></a></dt> - <dd>Sun Microsystems SPARC.</dd> - <dt id="EM_386"><a class="permalink" href="#EM_386"><code class="Dv">EM_386</code></a></dt> - <dd>Intel 80386.</dd> - <dt id="EM_68K"><a class="permalink" href="#EM_68K"><code class="Dv">EM_68K</code></a></dt> - <dd>Motorola 68000.</dd> - <dt id="EM_88K"><a class="permalink" href="#EM_88K"><code class="Dv">EM_88K</code></a></dt> - <dd>Motorola 88000.</dd> - <dt id="EM_486"><a class="permalink" href="#EM_486"><code class="Dv">EM_486</code></a></dt> - <dd>Intel 80486.</dd> - <dt id="EM_860"><a class="permalink" href="#EM_860"><code class="Dv">EM_860</code></a></dt> - <dd>Intel 80860.</dd> - <dt id="EM_MIPS"><a class="permalink" href="#EM_MIPS"><code class="Dv">EM_MIPS</code></a></dt> - <dd>MIPS RS3000 (big-endian only).</dd> - <dt id="EM_MIPS_RS4_BE"><a class="permalink" href="#EM_MIPS_RS4_BE"><code class="Dv">EM_MIPS_RS4_BE</code></a></dt> - <dd>MIPS RS4000 (big-endian only).</dd> - <dt id="EM_SPARC64"><a class="permalink" href="#EM_SPARC64"><code class="Dv">EM_SPARC64</code></a></dt> - <dd>SPARC v9 64-bit unofficial.</dd> - <dt id="EM_PARISC"><a class="permalink" href="#EM_PARISC"><code class="Dv">EM_PARISC</code></a></dt> - <dd>HPPA.</dd> - <dt id="EM_PPC"><a class="permalink" href="#EM_PPC"><code class="Dv">EM_PPC</code></a></dt> - <dd>PowerPC.</dd> - <dt id="EM_ALPHA"><a class="permalink" href="#EM_ALPHA"><code class="Dv">EM_ALPHA</code></a></dt> - <dd>Compaq [DEC] Alpha.</dd> - </dl> - <p class="Pp"></p> - </dd> - <dt id="e_version"><a class="permalink" href="#e_version"><code class="Dv">e_version</code></a></dt> - <dd>This member identifies the file version: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="EV_NONE~2"><a class="permalink" href="#EV_NONE~2"><code class="Dv">EV_NONE</code></a></dt> - <dd>Invalid version</dd> - <dt id="EV_CURRENT~2"><a class="permalink" href="#EV_CURRENT~2"><code class="Dv">EV_CURRENT</code></a></dt> - <dd>Current version</dd> - </dl> - </dd> - <dt id="e_entry"><a class="permalink" href="#e_entry"><code class="Dv">e_entry</code></a></dt> - <dd>This member gives the virtual address to which the system first transfers - control, thus starting the process. If the file has no associated entry - point, this member holds zero.</dd> - <dt id="e_phoff"><a class="permalink" href="#e_phoff"><code class="Dv">e_phoff</code></a></dt> - <dd>This member holds the program header table's file offset in bytes. If the - file has no program header table, this member holds zero.</dd> - <dt id="e_shoff"><a class="permalink" href="#e_shoff"><code class="Dv">e_shoff</code></a></dt> - <dd>This member holds the section header table's file offset in bytes. If the - file has no section header table this member holds zero.</dd> - <dt id="e_flags"><a class="permalink" href="#e_flags"><code class="Dv">e_flags</code></a></dt> - <dd>This member holds processor-specific flags associated with the file. Flag - names take the form EF_`machine_flag'. Currently no flags have been - defined.</dd> - <dt id="e_ehsize"><a class="permalink" href="#e_ehsize"><code class="Dv">e_ehsize</code></a></dt> - <dd>This member holds the ELF header's size in bytes.</dd> - <dt id="e_phentsize"><a class="permalink" href="#e_phentsize"><code class="Dv">e_phentsize</code></a></dt> - <dd>This member holds the size in bytes of one entry in the file's program - header table; all entries are the same size.</dd> - <dt id="e_phnum"><a class="permalink" href="#e_phnum"><code class="Dv">e_phnum</code></a></dt> - <dd>This member holds the number of entries in the program header table. If - the file is using extended program header numbering, then the - <b class="Sy">e_phnum</b> member will contain the value - <code class="Dv">PN_XNUM</code> and the actual number of program header - table entries will be stored in the <b class="Sy">sh_info</b> member of - the section header at index <code class="Dv">SHN_UNDEF</code>. The product - of <b class="Sy">e_phentsize</b> and the number of program header table - entries gives the program header table's size in bytes. If a file has no - program header, <b class="Sy">e_phnum</b> holds the value zero.</dd> - <dt id="e_shentsize"><a class="permalink" href="#e_shentsize"><code class="Dv">e_shentsize</code></a></dt> - <dd>This member holds a sections header's size in bytes. A section header is - one entry in the section header table; all entries are the same size.</dd> - <dt id="e_shnum"><a class="permalink" href="#e_shnum"><code class="Dv">e_shnum</code></a></dt> - <dd>This member holds the number of entries in the section header table. If - the file is using extended section numbering, then the - <b class="Sy">e_shnum</b> member will be zero and the actual section - number will be stored in the <b class="Sy">sh_size</b> member of the - section header at index <code class="Dv">SHN_UNDEF</code>. If a file has - no section header table, both the <b class="Sy">e_shnum</b> and the - <b class="Sy">e_shoff</b> fields of the ELF header will be zero. The - product of <b class="Sy">e_shentsize</b> and the number of sections in the - file gives the section header table's size in bytes.</dd> - <dt id="e_shstrndx"><a class="permalink" href="#e_shstrndx"><code class="Dv">e_shstrndx</code></a></dt> - <dd>This member holds the section header table index of the entry associated - with the section name string table. If extended section numbering is being - used, this field will hold the value - <a class="permalink" href="#SHN_XINDEX"><b class="Sy" id="SHN_XINDEX">SHN_XINDEX</b></a>, - and the actual section header table index will be present in the - <b class="Sy">sh_link</b> field of the section header entry at index - <code class="Dv">SHN_UNDEF</code>. If the file has no section name string - table, this member holds the value <b class="Sy">SHN_UNDEF</b>.</dd> -</dl> -</div> -<p class="Pp" id="segment">An executable or shared object file's program header - table is an array of structures, each describing a segment or other - information the system needs to prepare the program for execution. An object - file <a class="permalink" href="#segment"><i class="Em">segment</i></a> - contains one or more - <a class="permalink" href="#sections"><i class="Em" id="sections">sections</i></a>. - Program headers are meaningful only for executable and shared object files. - A file specifies its own program header size with the ELF header's - <b class="Sy">e_phentsize</b> and <b class="Sy">e_phnum</b> members. As with - the Elf executable header, the program header also has different versions - depending on the architecture:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf32_Word p_type; - Elf32_Off p_offset; - Elf32_Addr p_vaddr; - Elf32_Addr p_paddr; - Elf32_Word p_filesz; - Elf32_Word p_memsz; - Elf32_Word p_flags; - Elf32_Word p_align; -} Elf32_Phdr;</pre> -</div> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf64_Word p_type; - Elf64_Word p_flags; - Elf64_Off p_offset; - Elf64_Addr p_vaddr; - Elf64_Addr p_paddr; - Elf64_Xword p_filesz; - Elf64_Xword p_memsz; - Elf64_Xword p_align; -} Elf64_Phdr;</pre> -</div> -<p class="Pp">The main difference between the 32-bit and the 64-bit program - header lies only in the location of a <b class="Sy">p_flags</b> member in - the total struct.</p> -<p class="Pp"></p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt id="p_type"><a class="permalink" href="#p_type"><code class="Dv">p_type</code></a></dt> - <dd>This member of the Phdr struct tells what kind of segment this array - element describes or how to interpret the array element's information. - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="PT_NULL"><a class="permalink" href="#PT_NULL"><code class="Dv">PT_NULL</code></a></dt> - <dd>The array element is unused and the other members' values are - undefined. This lets the program header have ignored entries.</dd> - <dt id="PT_LOAD"><a class="permalink" href="#PT_LOAD"><code class="Dv">PT_LOAD</code></a></dt> - <dd>The array element specifies a loadable segment, described by - <b class="Sy">p_filesz</b> and <b class="Sy">p_memsz</b>. The bytes - from the file are mapped to the beginning of the memory segment. If - the segment's memory size (<b class="Sy">p_memsz</b>) is larger than - the file size (<b class="Sy">p_filesz</b>), the “extra” - bytes are defined to hold the value 0 and to follow the segment's - initialized area. The file size may not be larger than the memory - size. Loadable segment entries in the program header table appear in - ascending order, sorted on the <b class="Sy">p_vaddr</b> member.</dd> - <dt id="PT_DYNAMIC"><a class="permalink" href="#PT_DYNAMIC"><code class="Dv">PT_DYNAMIC</code></a></dt> - <dd>The array element specifies dynamic linking information.</dd> - <dt id="PT_INTERP"><a class="permalink" href="#PT_INTERP"><code class="Dv">PT_INTERP</code></a></dt> - <dd>The array element specifies the location and size of a null-terminated - path name to invoke as an interpreter. This segment type is meaningful - only for executable files (though it may occur for shared objects). - However it may not occur more than once in a file. If it is present it - must precede any loadable segment entry.</dd> - <dt id="PT_NOTE"><a class="permalink" href="#PT_NOTE"><code class="Dv">PT_NOTE</code></a></dt> - <dd>The array element specifies the location and size for auxiliary - information.</dd> - <dt id="PT_SHLIB"><a class="permalink" href="#PT_SHLIB"><code class="Dv">PT_SHLIB</code></a></dt> - <dd>This segment type is reserved but has unspecified semantics. Programs - that contain an array element of this type do not conform to the - ABI.</dd> - <dt id="PT_PHDR"><a class="permalink" href="#PT_PHDR"><code class="Dv">PT_PHDR</code></a></dt> - <dd>The array element, if present, specifies the location and size of the - program header table itself, both in the file and in the memory image - of the program. This segment type may not occur more than once in a - file. Moreover, it may only occur if the program header table is part - of the memory image of the program. If it is present it must precede - any loadable segment entry.</dd> - <dt id="PT_LOPROC"><a class="permalink" href="#PT_LOPROC"><code class="Dv">PT_LOPROC</code></a></dt> - <dd>This value up to and including <b class="Sy">PT_HIPROC</b> are - reserved for processor-specific semantics.</dd> - <dt id="PT_HIPROC"><a class="permalink" href="#PT_HIPROC"><code class="Dv">PT_HIPROC</code></a></dt> - <dd>This value down to and including <b class="Sy">PT_LOPROC</b> are - reserved for processor-specific semantics.</dd> - </dl> - <p class="Pp"></p> - </dd> - <dt id="p_offset"><a class="permalink" href="#p_offset"><code class="Dv">p_offset</code></a></dt> - <dd>This member holds the offset from the beginning of the file at which the - first byte of the segment resides.</dd> - <dt id="p_vaddr"><a class="permalink" href="#p_vaddr"><code class="Dv">p_vaddr</code></a></dt> - <dd>This member holds the virtual address at which the first byte of the - segment resides in memory.</dd> - <dt id="p_paddr"><a class="permalink" href="#p_paddr"><code class="Dv">p_paddr</code></a></dt> - <dd>On systems for which physical addressing is relevant, this member is - reserved for the segment's physical address. Under - <span class="Ux">BSD</span> this member is not used and must be zero.</dd> - <dt id="p_filesz"><a class="permalink" href="#p_filesz"><code class="Dv">p_filesz</code></a></dt> - <dd>This member holds the number of bytes in the file image of the segment. It - may be zero.</dd> - <dt id="p_memsz"><a class="permalink" href="#p_memsz"><code class="Dv">p_memsz</code></a></dt> - <dd>This member holds the number of bytes in the memory image of the segment. - It may be zero.</dd> - <dt id="p_flags"><a class="permalink" href="#p_flags"><code class="Dv">p_flags</code></a></dt> - <dd>This member holds flags relevant to the segment: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="PF_X"><a class="permalink" href="#PF_X"><code class="Dv">PF_X</code></a></dt> - <dd>An executable segment.</dd> - <dt id="PF_W"><a class="permalink" href="#PF_W"><code class="Dv">PF_W</code></a></dt> - <dd>A writable segment.</dd> - <dt id="PF_R"><a class="permalink" href="#PF_R"><code class="Dv">PF_R</code></a></dt> - <dd>A readable segment.</dd> - </dl> - <p class="Pp">A text segment commonly has the flags <b class="Sy">PF_X</b> - and <b class="Sy">PF_R</b>. A data segment commonly has - <b class="Sy">PF_X</b>, <b class="Sy">PF_W</b> and - <b class="Sy">PF_R</b>.</p> - </dd> - <dt id="p_align"><a class="permalink" href="#p_align"><code class="Dv">p_align</code></a></dt> - <dd>This member holds the value to which the segments are aligned in memory - and in the file. Loadable process segments must have congruent values for - <b class="Sy">p_vaddr</b> and <b class="Sy">p_offset</b>, modulo the page - size. Values of zero and one mean no alignment is required. Otherwise, - <b class="Sy">p_align</b> should be a positive, integral power of two, and - <b class="Sy">p_vaddr</b> should equal <b class="Sy">p_offset</b>, modulo - <b class="Sy">p_align</b>.</dd> -</dl> -</div> -<p class="Pp">An file's section header table lets one locate all the file's - sections. The section header table is an array of Elf32_Shdr or Elf64_Shdr - structures. The ELF header's <b class="Sy">e_shoff</b> member gives the byte - offset from the beginning of the file to the section header table. - <b class="Sy">e_shnum</b> holds the number of entries the section header - table contains. <b class="Sy">e_shentsize</b> holds the size in bytes of - each entry.</p> -<p class="Pp">A section header table index is a subscript into this array. Some - section header table indices are reserved. An object file does not have - sections for these special indices:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="SHN_UNDEF"><a class="permalink" href="#SHN_UNDEF"><code class="Dv">SHN_UNDEF</code></a></dt> - <dd>This value marks an undefined, missing, irrelevant, or otherwise - meaningless section reference. For example, a symbol - “defined” relative to section number - <b class="Sy">SHN_UNDEF</b> is an undefined symbol.</dd> - <dt id="SHN_LORESERVE"><a class="permalink" href="#SHN_LORESERVE"><code class="Dv">SHN_LORESERVE</code></a></dt> - <dd>This value specifies the lower bound of the range of reserved - indices.</dd> - <dt id="SHN_LOPROC"><a class="permalink" href="#SHN_LOPROC"><code class="Dv">SHN_LOPROC</code></a></dt> - <dd>This value up to and including <b class="Sy">SHN_HIPROC</b> are reserved - for processor-specific semantics.</dd> - <dt id="SHN_HIPROC"><a class="permalink" href="#SHN_HIPROC"><code class="Dv">SHN_HIPROC</code></a></dt> - <dd>This value down to and including <b class="Sy">SHN_LOPROC</b> are reserved - for processor-specific semantics.</dd> - <dt id="SHN_ABS"><a class="permalink" href="#SHN_ABS"><code class="Dv">SHN_ABS</code></a></dt> - <dd>This value specifies absolute values for the corresponding reference. For - example, symbols defined relative to section number - <b class="Sy">SHN_ABS</b> have absolute values and are not affected by - relocation.</dd> - <dt id="SHN_COMMON"><a class="permalink" href="#SHN_COMMON"><code class="Dv">SHN_COMMON</code></a></dt> - <dd>Symbols defined relative to this section are common symbols, such as - FORTRAN COMMON or unallocated C external variables.</dd> - <dt id="SHN_HIRESERVE"><a class="permalink" href="#SHN_HIRESERVE"><code class="Dv">SHN_HIRESERVE</code></a></dt> - <dd>This value specifies the upper bound of the range of reserved indices. The - system reserves indices between <b class="Sy">SHN_LORESERVE</b> and - <b class="Sy">SHN_HIRESERVE</b>, inclusive. The section header table does - not contain entries for the reserved indices.</dd> -</dl> -<p class="Pp">The section header has the following structure:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf32_Word sh_name; - Elf32_Word sh_type; - Elf32_Word sh_flags; - Elf32_Addr sh_addr; - Elf32_Off sh_offset; - Elf32_Word sh_size; - Elf32_Word sh_link; - Elf32_Word sh_info; - Elf32_Word sh_addralign; - Elf32_Word sh_entsize; -} Elf32_Shdr;</pre> -</div> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf64_Word sh_name; - Elf64_Word sh_type; - Elf64_Xword sh_flags; - Elf64_Addr sh_addr; - Elf64_Off sh_offset; - Elf64_Xword sh_size; - Elf64_Word sh_link; - Elf64_Word sh_info; - Elf64_Xword sh_addralign; - Elf64_Xword sh_entsize; -} Elf64_Shdr;</pre> -</div> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="sh_name"><a class="permalink" href="#sh_name"><code class="Dv">sh_name</code></a></dt> - <dd>This member specifies the name of the section. Its value is an index into - the section header string table section, giving the location of a - null-terminated string.</dd> - <dt id="sh_type"><a class="permalink" href="#sh_type"><code class="Dv">sh_type</code></a></dt> - <dd>This member categorizes the section's contents and semantics. - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="SHT_NULL"><a class="permalink" href="#SHT_NULL"><code class="Dv">SHT_NULL</code></a></dt> - <dd>This value marks the section header as inactive. It does not have an - associated section. Other members of the section header have undefined - values.</dd> - <dt id="SHT_PROGBITS"><a class="permalink" href="#SHT_PROGBITS"><code class="Dv">SHT_PROGBITS</code></a></dt> - <dd>The section holds information defined by the program, whose format and - meaning are determined solely by the program.</dd> - <dt id="SHT_SYMTAB"><a class="permalink" href="#SHT_SYMTAB"><code class="Dv">SHT_SYMTAB</code></a></dt> - <dd>This section holds a symbol table. Typically, - <b class="Sy">SHT_SYMTAB</b> provides symbols for link editing, though - it may also be used for dynamic linking. As a complete symbol table, - it may contain many symbols unnecessary for dynamic linking. An object - file can also contain a - <a class="permalink" href="#SHN_DYNSYM"><b class="Sy" id="SHN_DYNSYM">SHN_DYNSYM</b></a> - section.</dd> - <dt id="SHT_STRTAB"><a class="permalink" href="#SHT_STRTAB"><code class="Dv">SHT_STRTAB</code></a></dt> - <dd>This section holds a string table. An object file may have multiple - string table sections.</dd> - <dt id="SHT_RELA"><a class="permalink" href="#SHT_RELA"><code class="Dv">SHT_RELA</code></a></dt> - <dd>This section holds relocation entries with explicit addends, such as - type - <a class="permalink" href="#Elf32_Rela"><b class="Sy" id="Elf32_Rela">Elf32_Rela</b></a> - for the 32-bit class of object files. An object may have multiple - relocation sections.</dd> - <dt id="SHT_HASH"><a class="permalink" href="#SHT_HASH"><code class="Dv">SHT_HASH</code></a></dt> - <dd>This section holds a symbol hash table. All object participating in - dynamic linking must contain a symbol hash table. An object file may - have only one hash table.</dd> - <dt id="SHT_DYNAMIC"><a class="permalink" href="#SHT_DYNAMIC"><code class="Dv">SHT_DYNAMIC</code></a></dt> - <dd>This section holds information for dynamic linking. An object file may - have only one dynamic section.</dd> - <dt id="SHT_NOTE"><a class="permalink" href="#SHT_NOTE"><code class="Dv">SHT_NOTE</code></a></dt> - <dd>This section holds information that marks the file in some way.</dd> - <dt id="SHT_NOBITS"><a class="permalink" href="#SHT_NOBITS"><code class="Dv">SHT_NOBITS</code></a></dt> - <dd>A section of this type occupies no space in the file but otherwise - resembles - <a class="permalink" href="#SHN_PROGBITS"><b class="Sy" id="SHN_PROGBITS">SHN_PROGBITS</b></a>. - Although this section contains no bytes, the - <b class="Sy">sh_offset</b> member contains the conceptual file - offset.</dd> - <dt id="SHT_REL"><a class="permalink" href="#SHT_REL"><code class="Dv">SHT_REL</code></a></dt> - <dd>This section holds relocation offsets without explicit addends, such - as type - <a class="permalink" href="#Elf32_Rel"><b class="Sy" id="Elf32_Rel">Elf32_Rel</b></a> - for the 32-bit class of object files. An object file may have multiple - relocation sections.</dd> - <dt id="SHT_SHLIB"><a class="permalink" href="#SHT_SHLIB"><code class="Dv">SHT_SHLIB</code></a></dt> - <dd>This section is reserved but has unspecified semantics.</dd> - <dt id="SHT_DYNSYM"><a class="permalink" href="#SHT_DYNSYM"><code class="Dv">SHT_DYNSYM</code></a></dt> - <dd>This section holds a minimal set of dynamic linking symbols. An object - file can also contain a - <a class="permalink" href="#SHN_SYMTAB"><b class="Sy" id="SHN_SYMTAB">SHN_SYMTAB</b></a> - section.</dd> - <dt id="SHT_LOPROC"><a class="permalink" href="#SHT_LOPROC"><code class="Dv">SHT_LOPROC</code></a></dt> - <dd>This value up to and including <b class="Sy">SHT_HIPROC</b> are - reserved for processor-specific semantics.</dd> - <dt id="SHT_HIPROC"><a class="permalink" href="#SHT_HIPROC"><code class="Dv">SHT_HIPROC</code></a></dt> - <dd>This value down to and including <b class="Sy">SHT_LOPROC</b> are - reserved for processor-specific semantics.</dd> - <dt id="SHT_LOUSER"><a class="permalink" href="#SHT_LOUSER"><code class="Dv">SHT_LOUSER</code></a></dt> - <dd>This value specifies the lower bound of the range of indices reserved - for application programs.</dd> - <dt id="SHT_HIUSER"><a class="permalink" href="#SHT_HIUSER"><code class="Dv">SHT_HIUSER</code></a></dt> - <dd>This value specifies the upper bound of the range of indices reserved - for application programs. Section types between - <b class="Sy">SHT_LOUSER</b> and <b class="Sy">SHT_HIUSER</b> may be - used by the application, without conflicting with current or future - system-defined section types.</dd> - </dl> - <p class="Pp"></p> - </dd> - <dt id="sh_flags"><a class="permalink" href="#sh_flags"><code class="Dv">sh_flags</code></a></dt> - <dd>Sections support one-bit flags that describe miscellaneous attributes. If - a flag bit is set in <b class="Sy">sh_flags</b>, the attribute is - “on” for the section. Otherwise, the attribute is - “off” or does not apply. Undefined attributes are set to - zero. - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="SHF_WRITE"><a class="permalink" href="#SHF_WRITE"><code class="Dv">SHF_WRITE</code></a></dt> - <dd>This section contains data that should be writable during process - execution.</dd> - <dt id="SHF_ALLOC"><a class="permalink" href="#SHF_ALLOC"><code class="Dv">SHF_ALLOC</code></a></dt> - <dd>The section occupies memory during process execution. Some control - sections do not reside in the memory image of an object file. This - attribute is off for those sections.</dd> - <dt id="SHF_EXECINSTR"><a class="permalink" href="#SHF_EXECINSTR"><code class="Dv">SHF_EXECINSTR</code></a></dt> - <dd>The section contains executable machine instructions.</dd> - <dt id="SHF_MASKPROC"><a class="permalink" href="#SHF_MASKPROC"><code class="Dv">SHF_MASKPROC</code></a></dt> - <dd>All bits included in this mask are reserved for processor-specific - semantics.</dd> - <dt id="SHF_COMPRESSED"><a class="permalink" href="#SHF_COMPRESSED"><code class="Dv">SHF_COMPRESSED</code></a></dt> - <dd>The section data is compressed.</dd> - </dl> - <p class="Pp"></p> - </dd> - <dt id="sh_addr"><a class="permalink" href="#sh_addr"><code class="Dv">sh_addr</code></a></dt> - <dd>If the section will appear in the memory image of a process, this member - holds the address at which the section's first byte should reside. - Otherwise, the member contains zero.</dd> - <dt id="sh_offset"><a class="permalink" href="#sh_offset"><code class="Dv">sh_offset</code></a></dt> - <dd>This member's value holds the byte offset from the beginning of the file - to the first byte in the section. One section type, - <b class="Sy">SHT_NOBITS</b>, occupies no space in the file, and its - <b class="Sy">sh_offset</b> member locates the conceptual placement in the - file.</dd> - <dt id="sh_size"><a class="permalink" href="#sh_size"><code class="Dv">sh_size</code></a></dt> - <dd>This member holds the section's size in bytes. Unless the section type is - <b class="Sy">SHT_NOBITS</b>, the section occupies - <b class="Sy">sh_size</b> bytes in the file. A section of type - <b class="Sy">SHT_NOBITS</b> may have a non-zero size, but it occupies no - space in the file.</dd> - <dt id="sh_link"><a class="permalink" href="#sh_link"><code class="Dv">sh_link</code></a></dt> - <dd>This member holds a section header table index link, whose interpretation - depends on the section type.</dd> - <dt id="sh_info"><a class="permalink" href="#sh_info"><code class="Dv">sh_info</code></a></dt> - <dd>This member holds extra information, whose interpretation depends on the - section type.</dd> - <dt id="sh_addralign"><a class="permalink" href="#sh_addralign"><code class="Dv">sh_addralign</code></a></dt> - <dd>Some sections have address alignment constraints. If a section holds a - doubleword, the system must ensure doubleword alignment for the entire - section. That is, the value of <b class="Sy">sh_addr</b> must be congruent - to zero, modulo the value of <b class="Sy">sh_addralign</b>. Only zero and - positive integral powers of two are allowed. Values of zero or one mean - the section has no alignment constraints.</dd> - <dt id="sh_entsize"><a class="permalink" href="#sh_entsize"><code class="Dv">sh_entsize</code></a></dt> - <dd>Some sections hold a table of fixed-sized entries, such as a symbol table. - For such a section, this member gives the size in bytes for each entry. - This member contains zero if the section does not hold a table of - fixed-size entries.</dd> -</dl> -<p class="Pp">Various sections hold program and control information:</p> -<dl class="Bl-tag Bl-compact"> - <dt>.bss</dt> - <dd>(Block Started by Symbol) This section holds uninitialized data that - contributes to the program's memory image. By definition, the system - initializes the data with zeros when the program begins to run. This - section is of type <b class="Sy">SHT_NOBITS</b>. The attributes types are - <b class="Sy">SHF_ALLOC</b> and <b class="Sy">SHF_WRITE</b>.</dd> - <dt>.comment</dt> - <dd>This section holds version control information. This section is of type - <b class="Sy">SHT_PROGBITS</b>. No attribute types are used.</dd> - <dt>.ctors</dt> - <dd>This legacy section holds pointers to initialization routines, executed - before calling the main program entry point. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attributes used are - <b class="Sy">SHF_ALLOC</b>.</dd> - <dt>.data</dt> - <dd>This section holds initialized data that contribute to the program's - memory image. This section is of type <b class="Sy">SHT_PROGBITS</b>. The - attribute types are <b class="Sy">SHF_ALLOC</b> and - <b class="Sy">SHF_WRITE</b>.</dd> - <dt>.data1</dt> - <dd>This section holds initialized data that contribute to the program's - memory image. This section is of type <b class="Sy">SHT_PROGBITS</b>. The - attribute types are <b class="Sy">SHF_ALLOC</b> and - <b class="Sy">SHF_WRITE</b>.</dd> - <dt>.debug</dt> - <dd>This section holds information for symbolic debugging. The contents are - unspecified. This section is of type <b class="Sy">SHT_PROGBITS</b>. No - attribute types are used.</dd> - <dt>.dtors</dt> - <dd>This legacy section holds pointers to finalization routines, executed when - the program exits normally. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attributes used are - <b class="Sy">SHF_ALLOC</b>.</dd> - <dt>.dynamic</dt> - <dd>This section holds dynamic linking information. The section's attributes - will include the <b class="Sy">SHF_ALLOC</b> bit. Whether the - <b class="Sy">SHF_WRITE</b> bit is set is processor-specific. This section - is of type <b class="Sy">SHT_DYNAMIC</b>. See the attributes above.</dd> - <dt>.dynstr</dt> - <dd>This section holds strings needed for dynamic linking, most commonly the - strings that represent the names associated with symbol table entries. - This section is of type <b class="Sy">SHT_STRTAB</b>. The attribute type - used is <b class="Sy">SHF_ALLOC</b>.</dd> - <dt>.dynsym</dt> - <dd>This section holds the dynamic linking symbol table. This section is of - type <b class="Sy">SHT_DYNSYM</b>. The attribute used is - <b class="Sy">SHF_ALLOC</b>.</dd> - <dt>.fini</dt> - <dd>This legacy section holds executable instructions that contribute to the - process termination code. When a program exits normally the system - arranges to execute the code in this section. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attributes used are - <b class="Sy">SHF_ALLOC</b> and <b class="Sy">SHF_EXECINSTR</b>.</dd> - <dt id="SHT_FINI_ARRAY">.fini_array</dt> - <dd>This section holds pointers to finalization routines. When a program exits - normally <a class="Xr">rtld(1)</a> executes the code referenced by this - section. This section is of type - <a class="permalink" href="#SHT_FINI_ARRAY"><b class="Sy">SHT_FINI_ARRAY</b></a>. - The attributes used are <b class="Sy">SHF_ALLOC</b>. Refer to - <code class="Dv">NT_FREEBSD_NOINIT_TAG</code> (below) for a description of - how initialization and finalization code is invoked.</dd> - <dt>.got</dt> - <dd>This section holds the global offset table. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attributes are - processor-specific.</dd> - <dt>.hash</dt> - <dd>This section holds a symbol hash table. This section is of type - <b class="Sy">SHT_HASH</b>. The attribute used is - <b class="Sy">SHF_ALLOC</b>.</dd> - <dt>.init</dt> - <dd>This legacy section holds executable instructions that contribute to the - process initialization code. When a program starts to run the system - arranges to execute the code in this section before calling the main - program entry point. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attributes used are - <b class="Sy">SHF_ALLOC</b> and <b class="Sy">SHF_EXECINSTR</b>.</dd> - <dt id="SHT_INIT_ARRAY">.init_array</dt> - <dd>This section holds pointers to initialization routines. When a program - starts to run <a class="Xr">rtld(1)</a> executes the code referenced by - this section before calling the program entry point. This section is of - type - <a class="permalink" href="#SHT_INIT_ARRAY"><b class="Sy">SHT_INIT_ARRAY</b></a>. - The attributes used are <b class="Sy">SHF_ALLOC</b>. Refer to - <code class="Dv">NT_FREEBSD_NOINIT_TAG</code> (below) for a description of - how initialization and finalization code is invoked.</dd> - <dt>.interp</dt> - <dd>This section holds the pathname of a program interpreter. If the file has - a loadable segment that includes the section, the section's attributes - will include the <b class="Sy">SHF_ALLOC</b> bit. Otherwise, that bit will - be off. This section is of type <b class="Sy">SHT_PROGBITS</b>.</dd> - <dt>.line</dt> - <dd>This section holds line number information for symbolic debugging, which - describes the correspondence between the program source and the machine - code. The contents are unspecified. This section is of type - <b class="Sy">SHT_PROGBITS</b>. No attribute types are used.</dd> - <dt>.note</dt> - <dd>This section holds information in the “Note Section” format - described below. This section is of type <b class="Sy">SHT_NOTE</b>. No - attribute types are used.</dd> - <dt>.plt</dt> - <dd>This section holds the procedure linkage table. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attributes are - processor-specific.</dd> - <dt id=".rel.text">.relNAME</dt> - <dd>This section holds relocation information as described below. If the file - has a loadable segment that includes relocation, the section's attributes - will include the <b class="Sy">SHF_ALLOC</b> bit. Otherwise the bit will - be off. By convention, “NAME” is supplied by the section to - which the relocations apply. Thus a relocation section for - <b class="Sy">.text</b> normally would have the name - <a class="permalink" href="#.rel.text"><b class="Sy">.rel.text</b></a>. - This section is of type <b class="Sy">SHT_REL</b>.</dd> - <dt id=".rela.text">.relaNAME</dt> - <dd>This section holds relocation information as described below. If the file - has a loadable segment that includes relocation, the section's attributes - will include the <b class="Sy">SHF_ALLOC</b> bit. Otherwise the bit will - be off. By convention, “NAME” is supplied by the section to - which the relocations apply. Thus a relocation section for - <b class="Sy">.text</b> normally would have the name - <a class="permalink" href="#.rela.text"><b class="Sy">.rela.text</b></a>. - This section is of type <b class="Sy">SHT_RELA</b>.</dd> - <dt>.rodata</dt> - <dd>This section holds read-only data that typically contributes to a - non-writable segment in the process image. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attribute used is - <b class="Sy">SHF_ALLOC</b>.</dd> - <dt>.rodata1</dt> - <dd>This section holds read-only data that typically contributes to a - non-writable segment in the process image. This section is of type - <b class="Sy">SHT_PROGBITS</b>. The attribute used is - <b class="Sy">SHF_ALLOC</b>.</dd> - <dt>.shstrtab</dt> - <dd>This section holds section names. This section is of type - <b class="Sy">SHT_STRTAB</b>. No attribute types are used.</dd> - <dt>.strtab</dt> - <dd>This section holds strings, most commonly the strings that represent the - names associated with symbol table entries. If the file has a loadable - segment that includes the symbol string table, the section's attributes - will include the <b class="Sy">SHF_ALLOC</b> bit. Otherwise the bit will - be off. This section is of type <b class="Sy">SHT_STRTAB</b>.</dd> - <dt>.symtab</dt> - <dd>This section holds a symbol table. If the file has a loadable segment that - includes the symbol table, the section's attributes will include the - <b class="Sy">SHF_ALLOC</b> bit. Otherwise the bit will be off. This - section is of type <b class="Sy">SHT_SYMTAB</b>.</dd> - <dt>.text</dt> - <dd>This section holds the “text”, or executable instructions, - of a program. This section is of type <b class="Sy">SHT_PROGBITS</b>. The - attributes used are <b class="Sy">SHF_ALLOC</b> and - <b class="Sy">SHF_EXECINSTR</b>.</dd> - <dt>.jcr</dt> - <dd>This section holds information about Java classes that must be registered. - It is obsolete and binaries created for <span class="Ux">FreeBSD 15</span> - or later do not process it.</dd> - <dt>.eh_frame</dt> - <dd>This section holds information used for C++ exception-handling.</dd> -</dl> -<p class="Pp">A section with the <code class="Dv">SHF_COMPRESSED</code> flag set - contains a compressed copy of the section data. Compressed section data - begins with an <var class="Vt">Elf64_Chdr</var> or - <var class="Vt">Elf32_Chdr structure</var> which encodes the compression - algorithm and some characteristics of the uncompressed data.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf32_Word ch_type; - Elf32_Word ch_size; - Elf32_Word ch_addralign; -} Elf32_Chdr;</pre> -</div> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf64_Word ch_type; - Elf64_Word ch_reserved; - Elf64_Xword ch_size; - Elf64_Xword ch_addralign; -} Elf64_Chdr;</pre> -</div> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="ch_type"><a class="permalink" href="#ch_type"><code class="Dv">ch_type</code></a></dt> - <dd>The compression algorithm used. A value of - <code class="Dv">ELFCOMPRESS_ZLIB</code> indicates that the data is - compressed using <a class="Xr">zlib(3)</a>. A value of - <code class="Dv">ELFCOMPRESS_ZSTD</code> indicates that the data is - compressed using Zstandard.</dd> - <dt id="ch_size"><a class="permalink" href="#ch_size"><code class="Dv">ch_size</code></a></dt> - <dd>The size, in bytes, of the uncompressed section data. This corresponds to - the <b class="Sy">sh_size</b> field of a section header containing - uncompressed data.</dd> - <dt id="ch_addralign"><a class="permalink" href="#ch_addralign"><code class="Dv">ch_addralign</code></a></dt> - <dd>The address alignment of the uncompressed section data. This corresponds - to the <b class="Sy">sh_addralign</b> field of a section header containing - uncompressed data.</dd> -</dl> -<p class="Pp">String table sections hold null-terminated character sequences, - commonly called strings. The object file uses these strings to represent - symbol and section names. One references a string as an index into the - string table section. The first byte, which is index zero, is defined to - hold a null character. Similarly, a string table's last byte is defined to - hold a null character, ensuring null termination for all strings.</p> -<p class="Pp">An object file's symbol table holds information needed to locate - and relocate a program's symbolic definitions and references. A symbol table - index is a subscript into this array.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf32_Word st_name; - Elf32_Addr st_value; - Elf32_Word st_size; - unsigned char st_info; - unsigned char st_other; - Elf32_Half st_shndx; -} Elf32_Sym;</pre> -</div> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf64_Word st_name; - unsigned char st_info; - unsigned char st_other; - Elf64_Half st_shndx; - Elf64_Addr st_value; - Elf64_Xword st_size; -} Elf64_Sym;</pre> -</div> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="st_name"><a class="permalink" href="#st_name"><code class="Dv">st_name</code></a></dt> - <dd>This member holds an index into the object file's symbol string table, - which holds character representations of the symbol names. If the value is - non-zero, it represents a string table index that gives the symbol name. - Otherwise, the symbol table has no name.</dd> - <dt id="st_value"><a class="permalink" href="#st_value"><code class="Dv">st_value</code></a></dt> - <dd>This member gives the value of the associated symbol.</dd> - <dt id="st_size"><a class="permalink" href="#st_size"><code class="Dv">st_size</code></a></dt> - <dd>Many symbols have associated sizes. This member holds zero if the symbol - has no size or an unknown size.</dd> - <dt id="st_info"><a class="permalink" href="#st_info"><code class="Dv">st_info</code></a></dt> - <dd>This member specifies the symbol's type and binding attributes: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="STT_NOTYPE"><a class="permalink" href="#STT_NOTYPE"><code class="Dv">STT_NOTYPE</code></a></dt> - <dd>The symbol's type is not defined.</dd> - <dt id="STT_OBJECT"><a class="permalink" href="#STT_OBJECT"><code class="Dv">STT_OBJECT</code></a></dt> - <dd>The symbol is associated with a data object.</dd> - <dt id="STT_FUNC"><a class="permalink" href="#STT_FUNC"><code class="Dv">STT_FUNC</code></a></dt> - <dd>The symbol is associated with a function or other executable - code.</dd> - <dt id="STT_SECTION"><a class="permalink" href="#STT_SECTION"><code class="Dv">STT_SECTION</code></a></dt> - <dd>The symbol is associated with a section. Symbol table entries of this - type exist primarily for relocation and normally have - <b class="Sy">STB_LOCAL</b> bindings.</dd> - <dt id="STT_FILE"><a class="permalink" href="#STT_FILE"><code class="Dv">STT_FILE</code></a></dt> - <dd>By convention the symbol's name gives the name of the source file - associated with the object file. A file symbol has - <b class="Sy">STB_LOCAL</b> bindings, its section index is - <b class="Sy">SHN_ABS</b>, and it precedes the other - <b class="Sy">STB_LOCAL</b> symbols of the file, if it is - present.</dd> - <dt id="STT_LOPROC"><a class="permalink" href="#STT_LOPROC"><code class="Dv">STT_LOPROC</code></a></dt> - <dd>This value up to and including <b class="Sy">STT_HIPROC</b> are - reserved for processor-specific semantics.</dd> - <dt id="STT_HIPROC"><a class="permalink" href="#STT_HIPROC"><code class="Dv">STT_HIPROC</code></a></dt> - <dd>This value down to and including <b class="Sy">STT_LOPROC</b> are - reserved for processor-specific semantics.</dd> - </dl> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="STB_LOCAL"><a class="permalink" href="#STB_LOCAL"><code class="Dv">STB_LOCAL</code></a></dt> - <dd>Local symbols are not visible outside the object file containing their - definition. Local symbols of the same name may exist in multiple file - without interfering with each other.</dd> - <dt id="STB_GLOBAL"><a class="permalink" href="#STB_GLOBAL"><code class="Dv">STB_GLOBAL</code></a></dt> - <dd>Global symbols are visible to all object files being combined. One - file's definition of a global symbol will satisfy another file's - undefined reference to the same symbol.</dd> - <dt id="STB_WEAK"><a class="permalink" href="#STB_WEAK"><code class="Dv">STB_WEAK</code></a></dt> - <dd>Weak symbols resemble global symbols, but their definitions have lower - precedence.</dd> - <dt id="STB_LOPROC"><a class="permalink" href="#STB_LOPROC"><code class="Dv">STB_LOPROC</code></a></dt> - <dd>This value up to and including <b class="Sy">STB_HIPROC</b> are - reserved for processor-specific semantics.</dd> - <dt id="STB_HIPROC"><a class="permalink" href="#STB_HIPROC"><code class="Dv">STB_HIPROC</code></a></dt> - <dd>This value down to and including <b class="Sy">STB_LOPROC</b> are - reserved for processor-specific semantics. - <p class="Pp">There are macros for packing and unpacking the binding and - type fields:</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="ELF32_ST_BIND"><a class="permalink" href="#ELF32_ST_BIND"><code class="Fn">ELF32_ST_BIND</code></a>(<var class="Fa">info</var>)</dt> - <dd>or - <a class="permalink" href="#ELF64_ST_BIND"><code class="Fn" id="ELF64_ST_BIND">ELF64_ST_BIND</code></a>(<var class="Fa">info</var>) - extract a binding from an st_info value.</dd> - <dt id="ELF64_ST_TYPE"><a class="permalink" href="#ELF64_ST_TYPE"><code class="Fn">ELF64_ST_TYPE</code></a>(<var class="Fa">info</var>)</dt> - <dd>or - <a class="permalink" href="#ELF32_ST_TYPE"><code class="Fn" id="ELF32_ST_TYPE">ELF32_ST_TYPE</code></a>(<var class="Fa">info</var>) - extract a type from an st_info value.</dd> - <dt id="ELF32_ST_INFO"><a class="permalink" href="#ELF32_ST_INFO"><code class="Fn">ELF32_ST_INFO</code></a>(<var class="Fa">bind</var>, - <var class="Fa">type</var>)</dt> - <dd>or - <a class="permalink" href="#ELF64_ST_INFO"><code class="Fn" id="ELF64_ST_INFO">ELF64_ST_INFO</code></a>(<var class="Fa">bind</var>, - <var class="Fa">type</var>) convert a binding and a type into an - st_info value.</dd> - </dl> - </dd> - </dl> - <p class="Pp"></p> - </dd> - <dt id="st_other"><a class="permalink" href="#st_other"><code class="Dv">st_other</code></a></dt> - <dd>This member currently holds zero and has no defined meaning.</dd> - <dt id="st_shndx"><a class="permalink" href="#st_shndx"><code class="Dv">st_shndx</code></a></dt> - <dd>Every symbol table entry is “defined” in relation to some - section. This member holds the relevant section header table index.</dd> -</dl> -<p class="Pp">Relocation is the process of connecting symbolic references with - symbolic definitions. Relocatable files must have information that describes - how to modify their section contents, thus allowing executable and shared - object files to hold the right information for a process' program image. - Relocation entries are these data.</p> -<p class="Pp">Relocation structures that do not need an addend:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf32_Addr r_offset; - Elf32_Word r_info; -} Elf32_Rel;</pre> -</div> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf64_Addr r_offset; - Elf64_Xword r_info; -} Elf64_Rel;</pre> -</div> -<p class="Pp">Relocation structures that need an addend:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf32_Addr r_offset; - Elf32_Word r_info; - Elf32_Sword r_addend; -} Elf32_Rela;</pre> -</div> -<div class="Bd Pp Bd-indent Li"> -<pre>typedef struct { - Elf64_Addr r_offset; - Elf64_Xword r_info; - Elf64_Sxword r_addend; -} Elf64_Rela;</pre> -</div> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="r_offset"><a class="permalink" href="#r_offset"><code class="Dv">r_offset</code></a></dt> - <dd>This member gives the location at which to apply the relocation action. - For a relocatable file, the value is the byte offset from the beginning of - the section to the storage unit affected by the relocation. For an - executable file or shared object, the value is the virtual address of the - storage unit affected by the relocation.</dd> - <dt id="r_info"><a class="permalink" href="#r_info"><code class="Dv">r_info</code></a></dt> - <dd>This member gives both the symbol table index with respect to which the - relocation must be made and the type of relocation to apply. Relocation - types are processor-specific. When the text refers to a relocation entry's - relocation type or symbol table index, it means the result of applying - <a class="permalink" href="#ELF__32_64__R_TYPE"><b class="Sy" id="ELF__32_64__R_TYPE">ELF_[32|64]_R_TYPE</b></a> - or - <a class="permalink" href="#ELF_32_64__R_SYM"><b class="Sy" id="ELF_32_64__R_SYM">ELF[32|64]_R_SYM</b></a>, - respectively to the entry's <b class="Sy">r_info</b> member.</dd> - <dt id="r_addend"><a class="permalink" href="#r_addend"><code class="Dv">r_addend</code></a></dt> - <dd>This member specifies a constant addend used to compute the value to be - stored into the relocatable field.</dd> -</dl> -<section class="Ss"> -<h2 class="Ss" id="Note_Section"><a class="permalink" href="#Note_Section">Note - Section</a></h2> -<p class="Pp">ELF note sections consist of entries with the following - format:</p> -<table class="Bl-column Bd-indent"> - <tr id="Field"> - <td><a class="permalink" href="#Field"><b class="Sy">Field</b></a></td> - <td><a class="permalink" href="#Size"><b class="Sy" id="Size">Size</b></a></td> - <td><a class="permalink" href="#Description"><b class="Sy" id="Description">Description</b></a></td> - </tr> - <tr id="namesz"> - <td><var class="Va">namesz</var></td> - <td>32 bits</td> - <td>Size of name</td> - </tr> - <tr id="descsz"> - <td><var class="Va">descsz</var></td> - <td>32 bits</td> - <td>Size of desc</td> - </tr> - <tr id="type"> - <td><var class="Va">type</var></td> - <td>32 bits</td> - <td>OS-dependent note type</td> - </tr> - <tr id="name"> - <td><var class="Va">name</var></td> - <td><var class="Va">namesz</var></td> - <td>Null-terminated originator name</td> - </tr> - <tr id="desc"> - <td><var class="Va">desc</var></td> - <td><var class="Va">descsz</var></td> - <td>OS-dependent note data</td> - </tr> -</table> -<p class="Pp">The <var class="Va">name</var> and <var class="Va">desc</var> - fields are padded to ensure 4-byte alignment. <var class="Va">namesz</var> - and <var class="Va">descsz</var> specify the unpadded length.</p> -<p class="Pp"><span class="Ux">FreeBSD</span> defines the following ELF note - types (with corresponding interpretation of <var class="Va">desc</var>):</p> -<dl class="Bl-tag"> - <dt id="NT_FREEBSD_ABI_TAG"><a class="permalink" href="#NT_FREEBSD_ABI_TAG"><code class="Dv">NT_FREEBSD_ABI_TAG</code></a> - (Value: 1)</dt> - <dd>Indicates the OS ABI version in a form of a 32-bit integer containing - expected ABI version (i.e., - <code class="Dv">__FreeBSD_version</code>).</dd> - <dt id="NT_FREEBSD_NOINIT_TAG"><a class="permalink" href="#NT_FREEBSD_NOINIT_TAG"><code class="Dv">NT_FREEBSD_NOINIT_TAG</code></a> - (Value: 2)</dt> - <dd>Indicates that the C startup does not call initialization routines, and - thus <a class="Xr">rtld(1)</a> must do so. <var class="Va">desc</var> is - ignored.</dd> - <dt id="NT_FREEBSD_ARCH_TAG"><a class="permalink" href="#NT_FREEBSD_ARCH_TAG"><code class="Dv">NT_FREEBSD_ARCH_TAG</code></a> - (Value: 3)</dt> - <dd>Contains the MACHINE_ARCH that the executable was built for.</dd> - <dt id="NT_FREEBSD_FEATURE_CTL"><a class="permalink" href="#NT_FREEBSD_FEATURE_CTL"><code class="Dv">NT_FREEBSD_FEATURE_CTL</code></a> - (Value: 4)</dt> - <dd>Contains a bitmask of mitigations and features to enable: - <dl class="Bl-tag"> - <dt>NT_FREEBSD_FCTL_ASLR_DISABLE (Value: 0x01)</dt> - <dd>Request that address randomization (ASLR) not be performed. See - <a class="Xr">security(7)</a>.</dd> - <dt>NT_FREEBSD_FCTL_PROTMAX_DISABLE (Value: 0x02)</dt> - <dd>Request that <a class="Xr">mmap(2)</a> calls not set PROT_MAX to the - initial value of the <var class="Fa">prot</var> argument.</dd> - <dt>NT_FREEBSD_FCTL_STKGAP_DISABLE (Value: 0x04)</dt> - <dd>Disable stack gap.</dd> - <dt>NT_FREEBSD_FCTL_WXNEEDED (Value: 0x08)</dt> - <dd>Indicate that the binary requires mappings that are simultaneously - writeable and executable.</dd> - <dt>NT_FREEBSD_FCTL_LA48 (Value: 0x10)</dt> - <dd>Request 48-bit linear address space on amd64.</dd> - <dt>NT_FREEBSD_FCTL_LA57 (Value: 0x40)</dt> - <dd>Accept 57-bit linear address space on amd64.</dd> - </dl> - </dd> -</dl> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">as(1)</a>, <a class="Xr">gdb(1)</a> - (<span class="Pa">ports/devel/gdb</span>), <a class="Xr">ld(1)</a>, - <a class="Xr">objdump(1)</a>, <a class="Xr">readelf(1)</a>, - <a class="Xr">execve(2)</a>, <a class="Xr">zlib(3)</a>, - <a class="Xr">ar(5)</a>, <a class="Xr">core(5)</a></p> -<p class="Pp"><cite class="Rs"><span class="RsA">Hewlett Packard</span>, - <i class="RsB">Elf-64 Object File Format</i>.</cite></p> -<p class="Pp"><cite class="Rs"><span class="RsA">Santa Cruz Operation</span>, - <i class="RsB">System V Application Binary Interface</i>.</cite></p> -<p class="Pp"><cite class="Rs"><span class="RsA">Unix System - Laboratories</span>, <span class="RsT">Object Files</span>, - <i class="RsB">Executable and Linking Format (ELF)</i>.</cite></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The ELF header files made their appearance in - <span class="Ux">FreeBSD 2.2.6</span>. ELF in itself first appeared in - <span class="Ux">AT&T System V UNIX</span>. The ELF format is an - adopted standard.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Jeroen Ruigrok - van der Werven</span> - <<a class="Mt" href="mailto:asmodai@FreeBSD.org">asmodai@FreeBSD.org</a>> - with inspiration from BSDi's <span class="Ux">BSD/OS</span> - <code class="Nm">elf</code> manpage.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">May 26, 2025</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/ethers.5 4.html b/static/freebsd/man5/ethers.5 4.html deleted file mode 100644 index 63f2c7cf..00000000 --- a/static/freebsd/man5/ethers.5 4.html +++ /dev/null @@ -1,67 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">ETHERS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">ETHERS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">ethers</code> — <span class="Nd">ethernet - address database</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">ethers</code> database contains information - regarding known 48-bit ethernet addresses of hosts on an Internetwork. The - data is stored in a file called <span class="Pa">/etc/ethers</span> in the - following format:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><var class="Ar">ethernet-address - fully-qualified-host-name</var></div> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A ``#'' at the start of a line indicates the beginning of a comment that - extends to the end of the line. A ``+'' at the start of a line will cause - the <a class="Xr">ethers(3)</a> library functions to use data stored in the - NIS <span class="Pa">ethers.byname</span> and - <span class="Pa">ethers.byaddr</span> maps in addition to the data in the - <span class="Pa">/etc/ethers</span> file.</p> -<p class="Pp">An ethernet address is expressed in ASCII form as - "x:x:x:x:x:x" where <var class="Ar">x</var> is a hexadecimal value - between 0x00 and 0xFF. The address values should be in network order. - Hostnames specified in the <span class="Pa">/etc/ethers</span> database - should correspond to entries in the <a class="Xr">hosts(5)</a> file.</p> -<p class="Pp" id="ether_line">The - <a class="permalink" href="#ether_line"><code class="Fn">ether_line</code></a>() - function in the standard C library can be used to break individual lines in - the <span class="Pa">/etc/ethers</span> database into their individual - components: a binary Ethernet address stored as an - <span class="Pa">ether_addr</span> structure, and a hostname stored as a - character string.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/ethers</span></dt> - <dd>The <code class="Nm">ethers</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">ethers(3)</a>, <a class="Xr">yp(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">ethers</code> format is based on the format - used in SunOS 4.1.x.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 12, 1995</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/eui64.5 4.html b/static/freebsd/man5/eui64.5 4.html deleted file mode 100644 index ee689d30..00000000 --- a/static/freebsd/man5/eui64.5 4.html +++ /dev/null @@ -1,60 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">EUI64(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">EUI64(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">eui64</code> — <span class="Nd">IEEE - EUI-64 address database</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">eui64</code> database contains information - regarding known IEEE EUI-64s of hosts. The data is stored in a file called - <span class="Pa">/etc/eui64</span> in the following format:</p> -<div class="Bd Pp - Bd-indent"><a class="permalink" href="#EUI-64"><i class="Em" id="EUI-64">EUI-64 - host-name</i></a></div> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A ‘<code class="Li">#</code>’ at the start of a line indicates - the beginning of a comment that extends to the end of the line. Valid lines - may also contain comments. A ‘<code class="Li">+</code>’ at - the start of a line will cause the <a class="Xr">eui64(3)</a> library - functions to use data stored in the NIS <span class="Pa">eui64.byname</span> - and <span class="Pa">eui64.byid</span> maps in addition to the data in the - <span class="Pa">/etc/eui64</span> file.</p> -<p class="Pp">An EUI-64 is expressed in ASCII form as - "x-x-x-x-x-x-x-x" where <var class="Ar">x</var> is a hexadecimal - value between 0x00 and 0xFF. The address values should be in network order. - Hostnames specified in the <span class="Pa">/etc/eui64</span> database - should correspond to entries in the <a class="Xr">hosts(5)</a> file.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/eui64</span></dt> - <dd>The <code class="Nm">eui64</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">eui64(3)</a>, <a class="Xr">yp(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">eui64</code> format is based on the - <a class="Xr">ethers(5)</a> format.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">May 11, 2004</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/fbtab.5 4.html b/static/freebsd/man5/fbtab.5 4.html deleted file mode 100644 index c60a8edd..00000000 --- a/static/freebsd/man5/fbtab.5 4.html +++ /dev/null @@ -1,55 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">FBTAB(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">FBTAB(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">fbtab</code> — <span class="Nd">change - device protection upon login</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">fbtab</code> file contains a number of lines - specifying a device together with a list of devices with associated - protections. Comments start with a ‘<code class="Li">#</code>’ - and extend to the end of the line.</p> -<p class="Pp">Blank lines or lines with only a comment are ignored.</p> -<p class="Pp">All other lines consist of three fields delimited by whitespace: a - login device (<span class="Pa">/dev/ttyv0</span>), an octal permission - number (0600), and a colon (‘<code class="Li">:</code>’) - delimited list of device patterns (<span class="Pa">/dev/console</span>, - <span class="Pa">/dev/dsp*</span>). All device patterns are absolute - paths.</p> -<p class="Pp">If the tty argument (relative path) matches a login device name - (absolute path), the permissions of the devices in the colon-delimited list - are set as specified in the second field, and their ownership is changed to - that of the UID and GID arguments.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/fbtab</span></dt> - <dd>The <code class="Nm">fbtab</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">login(1)</a>, <a class="Xr">getty(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Guido van Rooij</span></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">August 22, 1994</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/forward.5 4.html b/static/freebsd/man5/forward.5 4.html deleted file mode 100644 index 0a492aed..00000000 --- a/static/freebsd/man5/forward.5 4.html +++ /dev/null @@ -1,65 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">FORWARD(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">FORWARD(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">forward</code> — <span class="Nd">mail - forwarding instructions</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">.forward</code> file contains a list of mail - addresses or programs that the user's mail should be redirected to. If the - file is not present, then no mail forwarding will be done. Mail may also be - forwarded as the standard input to a program by prefixing the line with the - normal shell pipe symbol (|). If arguments are to be passed to the command, - then the entire line should be enclosed in quotes. For security reasons, the - <code class="Nm">.forward</code> file must be owned by the user the mail is - being sent to, or by root, and the user's shell must be listed in - <span class="Pa">/etc/shells</span>.</p> -<p class="Pp">For example, if a <code class="Nm">.forward</code> file contained - the following lines:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>nobody@FreeBSD.org -"|/usr/bin/vacation nobody"</pre> -</div> -<p class="Pp">Mail would be forwarded to ⟨nobody@FreeBSD.org⟩ and - to the program <span class="Pa">/usr/bin/vacation</span> with the single - argument <var class="Ar">nobody</var>.</p> -<p class="Pp">If a local user address is prefixed with a backslash character, - mail is delivered directly to the user's mail spool file, bypassing further - redirection.</p> -<p class="Pp">For example, if user chris had a <code class="Nm">.forward</code> - file containing the following lines:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>chris@otherhost -\chris</pre> -</div> -<p class="Pp">One copy of mail would be forwarded to - <var class="Ar">chris@otherhost</var> and another copy would be retained as - mail for local user chris.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">$HOME/.forward</span></dt> - <dd>The user's forwarding instructions.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">aliases(5)</a>, <a class="Xr">sendmail(8)</a></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">July 2, 1996</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/freebsd-update.conf.5 3.html b/static/freebsd/man5/freebsd-update.conf.5 3.html deleted file mode 100644 index 99427e01..00000000 --- a/static/freebsd/man5/freebsd-update.conf.5 3.html +++ /dev/null @@ -1,198 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">FREEBSD-UPDATE.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">FREEBSD-UPDATE.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">freebsd-update.conf</code> — - <span class="Nd">configuration file for - <a class="Xr">freebsd-update(8)</a></span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">freebsd-update.conf</code> file controls the - behaviour of the <a class="Xr">freebsd-update(8)</a> utility. The file - contains lines consisting of a case-sensitive option name and zero or more - parameters. Empty lines and any part of a line following a - ‘<code class="Li">#</code>’ character are ignored. Unless - stated otherwise, specifying an option multiple times is an error.</p> -<p class="Pp">The possible options and their meanings are as follows:</p> -<dl class="Bl-tag"> - <dt id="AllowAdd"><a class="permalink" href="#AllowAdd"><code class="Cm">AllowAdd</code></a></dt> - <dd>The single parameter following this keyword must be “yes” or - “no” and specifies whether - <a class="Xr">freebsd-update(8)</a> is allowed to create new files, - directories, and symlinks if these are part of updates downloaded. Note - that <a class="Xr">freebsd-update(8)</a> will not re-add files which have - been deleted from a <span class="Ux">FreeBSD</span> installation unless - those files were previously added as part of an update.</dd> - <dt id="AllowDelete"><a class="permalink" href="#AllowDelete"><code class="Cm">AllowDelete</code></a></dt> - <dd>The single parameter following this keyword must be “yes” or - “no” and specifies whether - <a class="Xr">freebsd-update(8)</a> is allowed to delete files, - directories, and symlinks as part of updates downloaded.</dd> - <dt id="BackupKernel"><a class="permalink" href="#BackupKernel"><code class="Cm">BackupKernel</code></a></dt> - <dd>The single parameter following this keyword must be “yes” or - “no” and specifies whether - <a class="Xr">freebsd-update(8)</a> will create a backup of the old kernel - before installing a new kernel. This backup kernel can be used to recover - a system where the newly installed kernel somehow did not work. Note that - the backup kernel is not reverted to its original state by the - <a class="Xr">freebsd-update(8)</a> rollback command.</dd> - <dt id="BackupKernelDir"><a class="permalink" href="#BackupKernelDir"><code class="Cm">BackupKernelDir</code></a></dt> - <dd>This keyword sets the directory which is used to store a backup kernel, if - the BackupKernel feature is enabled. If the directory already exist, and - it was not created by <a class="Xr">freebsd-update(8)</a>, the directory - is skipped. In the case of the primary directory name not being usable, a - number starting with ‘1’ is appended to the directory name. - Like with the primary directory name, the constructed directory name is - only used if the path name does not exist, or if the directory was - previously created by <a class="Xr">freebsd-update(8)</a>. If the - constructed directory still exist the appended number is incremented with - 1 and the directory search process restarted. Should the number increment - go above 9, <a class="Xr">freebsd-update(8)</a> will abort.</dd> - <dt id="BackupKernelSymbolFiles"><a class="permalink" href="#BackupKernelSymbolFiles"><code class="Cm">BackupKernelSymbolFiles</code></a></dt> - <dd>The single parameter following this keyword must be “yes” or - “no” and specifies whether - <a class="Xr">freebsd-update(8)</a> will also backup kernel symbol files, - if they exist. The kernel symbol files takes up a lot of disk space and - are not needed for recovery purposes. If the symbol files are needed, - after recovering a system using the backup kernel, the - <a class="Xr">freebsd-update(8)</a> rollback command will recreate the - symbol files along with the old kernel.</dd> - <dt id="Components"><a class="permalink" href="#Components"><code class="Cm">Components</code></a></dt> - <dd>The parameters following this keyword are the components or sub-components - of <span class="Ux">FreeBSD</span> which will be updated. The components - are “src” (source code), “world” (non-kernel - binaries), and “kernel”; the sub-components are the - individual distribution sets generated as part of the release process - (e.g., “src/base”, “src/sys”, - “world/base”, “world/catpages”, - “kernel/smp”). Note that prior to <span class="Ux">FreeBSD - 6.1</span>, the “kernel” component was distributed as part - of “world/base”. - <p class="Pp">This option can be specified multiple times, and the - parameters accumulate.</p> - </dd> - <dt id="CreateBootEnv"><a class="permalink" href="#CreateBootEnv"><code class="Cm">CreateBootEnv</code></a></dt> - <dd>The single parameter following this keyword must be “yes” or - “no” and specifies whether - <a class="Xr">freebsd-update(8)</a> will create a new boot environment - using <a class="Xr">bectl(8)</a> when installing patches. - <p class="Pp">The name of the new boot environment consists of the current - <span class="Ux">FreeBSD</span> version:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>freebsd-version -ku | sort -V | tail -n 1</pre> - </div> - <p class="Pp">and a timestamp:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>date +"%Y-%m-%d_%H%M%S"</pre> - </div> - <p class="Pp">separated by a single dash, e.g.:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>13.0-RELEASE-p7_2022-02-16_141502</pre> - </div> - <p class="Pp"><a class="Xr">freebsd-update(8)</a> does not attempt to create - a boot environment if any of the following applies:</p> - <p class="Pp"></p> - <ul class="Bl-dash Bl-compact"> - <li>ZFS is not used.</li> - <li>The ZFS root is not set up for boot environments (see the check - command of <a class="Xr">bectl(8)</a> for details).</li> - <li><a class="Xr">freebsd-update(8)</a> is running in a - <a class="Xr">jail(8)</a>.</li> - <li><a class="Xr">freebsd-update(8)</a> is updating a root directory - selected via the basedir (<code class="Fl">-b</code>) or jail - (<code class="Fl">-j</code>) flags.</li> - </ul> - </dd> - <dt id="IDSIgnorePaths"><a class="permalink" href="#IDSIgnorePaths"><code class="Cm">IDSIgnorePaths</code></a></dt> - <dd>The parameters following this keyword are regular expressions; paths which - start with a string matching one of these regular expressions will be - ignored by <a class="Xr">freebsd-update(8)</a> IDS. - <p class="Pp">This option can be specified multiple times, and the - parameters accumulate.</p> - </dd> - <dt id="IgnorePaths"><a class="permalink" href="#IgnorePaths"><code class="Cm">IgnorePaths</code></a></dt> - <dd>The parameters following this keyword are regular expressions; updates to - paths which start with a string matching one of these regular expressions - will be ignored. - <p class="Pp">This option can be specified multiple times, and the - parameters accumulate.</p> - </dd> - <dt id="KeepModifiedMetadata"><a class="permalink" href="#KeepModifiedMetadata"><code class="Cm">KeepModifiedMetadata</code></a></dt> - <dd>The single parameter following this keyword must be “yes” or - “no” and specifies whether - <a class="Xr">freebsd-update(8)</a> should keep existing file ownership, - permissions, and flags when installing updates if these have been modified - locally.</dd> - <dt id="KeyPrint"><a class="permalink" href="#KeyPrint"><code class="Cm">KeyPrint</code></a></dt> - <dd>The single parameter following this keyword is the SHA256 hash of the RSA - key which will be trusted to sign updates.</dd> - <dt id="MailTo"><a class="permalink" href="#MailTo"><code class="Cm">MailTo</code></a></dt> - <dd>The single parameter following this keyword is the address to which - <a class="Xr">cron(8)</a> output will be mailed.</dd> - <dt id="MergeChanges"><a class="permalink" href="#MergeChanges"><code class="Cm">MergeChanges</code></a></dt> - <dd>The parameters following this keyword are regular expressions; updates to - paths which start with a string matching one of these regular expressions - will be merged with local modifications. - <p class="Pp">This option can be specified multiple times, and the - parameters accumulate.</p> - </dd> - <dt id="ServerName"><a class="permalink" href="#ServerName"><code class="Cm">ServerName</code></a></dt> - <dd>The single parameter following this keyword is the name of the server or - server pool from which updates will be downloaded.</dd> - <dt id="StrictComponents"><a class="permalink" href="#StrictComponents"><code class="Cm">StrictComponents</code></a></dt> - <dd>The single parameter following this keyword must be “yes” or - “no” and specifies whether - <a class="Xr">freebsd-update(8)</a> should interpret the list of - components of <span class="Ux">FreeBSD</span> specified via the - <code class="Cm">Components</code> option strictly as a list of components - installed which should be upgraded when the - <code class="Cm">upgrade</code> command is used ("yes"), or - merely as a list of components which might be installed, of which - <a class="Xr">freebsd-update(8)</a> should identify which in fact are - present ("no").</dd> - <dt id="UpdateIfUnmodified"><a class="permalink" href="#UpdateIfUnmodified"><code class="Cm">UpdateIfUnmodified</code></a></dt> - <dd>The parameters following this keyword are regular expressions; updates to - paths which start with a string matching one of these regular expressions - will be ignored if the files have been modified locally (unless they are - merged — see the <code class="Cm">MergeChanges</code> option). - <p class="Pp">This option can be specified multiple times, and the - parameters accumulate.</p> - </dd> - <dt id="WorkDir"><a class="permalink" href="#WorkDir"><code class="Cm">WorkDir</code></a></dt> - <dd>The single parameter following this keyword is the directory in which - temporary files and downloaded updates will be stored.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag"> - <dt><span class="Pa">/etc/freebsd-update.conf</span></dt> - <dd>Default location of the <a class="Xr">freebsd-update(8)</a> configuration - file.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">sha256(1)</a>, <a class="Xr">bectl(8)</a>, - <a class="Xr">freebsd-update(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Colin Percival</span> - <<a class="Mt" href="mailto:cperciva@FreeBSD.org">cperciva@FreeBSD.org</a>></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">February 17, 2022</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/fs.5 3.html b/static/freebsd/man5/fs.5 3.html deleted file mode 100644 index 239ca996..00000000 --- a/static/freebsd/man5/fs.5 3.html +++ /dev/null @@ -1,336 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">FS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">FS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">fs</code>, <code class="Nm">inode</code> — - <span class="Nd">format of file system volume</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">sys/param.h</a>></code> - <br/> - <code class="In">#include <<a class="In">ufs/ffs/fs.h</a>></code></p> -<p class="Pp"> - <br/> - <code class="In">#include <<a class="In">sys/types.h</a>></code> - <br/> - <code class="In">#include <<a class="In">sys/lock.h</a>></code> - <br/> - <code class="In">#include <<a class="In">sys/extattr.h</a>></code> - <br/> - <code class="In">#include <<a class="In">sys/acl.h</a>></code> - <br/> - <code class="In">#include <<a class="In">ufs/ufs/quota.h</a>></code> - <br/> - <code class="In">#include <<a class="In">ufs/ufs/dinode.h</a>></code> - <br/> - <code class="In">#include - <<a class="In">ufs/ufs/extattr.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The files <code class="In"><<a class="In">fs.h</a>></code> - and <code class="In"><<a class="In">inode.h</a>></code> declare - several structures, defined variables and macros which are used to create - and manage the underlying format of file system objects on random access - devices (disks).</p> -<p class="Pp">The block size and number of blocks which comprise a file system - are parameters of the file system. Sectors beginning at - <code class="Dv">BBLOCK</code> and continuing for - <code class="Dv">BBSIZE</code> are used for a disklabel and for some - hardware primary and secondary bootstrapping programs.</p> -<p class="Pp" id="super-block">The actual file system begins at sector - <code class="Dv">SBLOCK</code> with the - <a class="permalink" href="#super-block"><i class="Em">super-block</i></a> - that is of size <code class="Dv">SBLOCKSIZE</code>. The following structure - describes the super-block and is from the file - <code class="In"><<a class="In">ufs/ffs/fs.h</a>></code>:</p> -<div class="Bd Pp Li"> -<pre>/* - * Super block for an FFS filesystem. - */ -struct fs { - int32_t fs_firstfield; /* historic filesystem linked list, */ - int32_t fs_unused_1; /* used for incore super blocks */ - int32_t fs_sblkno; /* offset of super-block in filesys */ - int32_t fs_cblkno; /* offset of cyl-block in filesys */ - int32_t fs_iblkno; /* offset of inode-blocks in filesys */ - int32_t fs_dblkno; /* offset of first data after cg */ - int32_t fs_old_cgoffset; /* cylinder group offset in cylinder */ - int32_t fs_old_cgmask; /* used to calc mod fs_ntrak */ - int32_t fs_old_time; /* last time written */ - int32_t fs_old_size; /* number of blocks in fs */ - int32_t fs_old_dsize; /* number of data blocks in fs */ - int32_t fs_ncg; /* number of cylinder groups */ - int32_t fs_bsize; /* size of basic blocks in fs */ - int32_t fs_fsize; /* size of frag blocks in fs */ - int32_t fs_frag; /* number of frags in a block in fs */ -/* these are configuration parameters */ - int32_t fs_minfree; /* minimum percentage of free blocks */ - int32_t fs_old_rotdelay; /* num of ms for optimal next block */ - int32_t fs_old_rps; /* disk revolutions per second */ -/* these fields can be computed from the others */ - int32_t fs_bmask; /* ``blkoff'' calc of blk offsets */ - int32_t fs_fmask; /* ``fragoff'' calc of frag offsets */ - int32_t fs_bshift; /* ``lblkno'' calc of logical blkno */ - int32_t fs_fshift; /* ``numfrags'' calc number of frags */ -/* these are configuration parameters */ - int32_t fs_maxcontig; /* max number of contiguous blks */ - int32_t fs_maxbpg; /* max number of blks per cyl group */ -/* these fields can be computed from the others */ - int32_t fs_fragshift; /* block to frag shift */ - int32_t fs_fsbtodb; /* fsbtodb and dbtofsb shift constant */ - int32_t fs_sbsize; /* actual size of super block */ - int32_t fs_spare1[2]; /* old fs_csmask */ - /* old fs_csshift */ - int32_t fs_nindir; /* value of NINDIR */ - int32_t fs_inopb; /* value of INOPB */ - int32_t fs_old_nspf; /* value of NSPF */ -/* yet another configuration parameter */ - int32_t fs_optim; /* optimization preference, see below */ - int32_t fs_old_npsect; /* # sectors/track including spares */ - int32_t fs_old_interleave; /* hardware sector interleave */ - int32_t fs_old_trackskew; /* sector 0 skew, per track */ - int32_t fs_id[2]; /* unique filesystem id */ -/* sizes determined by number of cylinder groups and their sizes */ - int32_t fs_old_csaddr; /* blk addr of cyl grp summary area */ - int32_t fs_cssize; /* size of cyl grp summary area */ - int32_t fs_cgsize; /* cylinder group size */ - int32_t fs_spare2; /* old fs_ntrak */ - int32_t fs_old_nsect; /* sectors per track */ - int32_t fs_old_spc; /* sectors per cylinder */ - int32_t fs_old_ncyl; /* cylinders in filesystem */ - int32_t fs_old_cpg; /* cylinders per group */ - int32_t fs_ipg; /* inodes per group */ - int32_t fs_fpg; /* blocks per group * fs_frag */ -/* this data must be re-computed after crashes */ - struct csum fs_old_cstotal; /* cylinder summary information */ -/* these fields are cleared at mount time */ - int8_t fs_fmod; /* super block modified flag */ - int8_t fs_clean; /* filesystem is clean flag */ - int8_t fs_ronly; /* mounted read-only flag */ - int8_t fs_old_flags; /* old FS_ flags */ - u_char fs_fsmnt[MAXMNTLEN]; /* name mounted on */ - u_char fs_volname[MAXVOLLEN]; /* volume name */ - uint64_t fs_swuid; /* system-wide uid */ - int32_t fs_pad; /* due to alignment of fs_swuid */ -/* these fields retain the current block allocation info */ - int32_t fs_cgrotor; /* last cg searched */ - void *fs_ocsp[NOCSPTRS]; /* padding; was list of fs_cs buffers */ - uint8_t *fs_contigdirs; /* # of contiguously allocated dirs */ - struct csum *fs_csp; /* cg summary info buffer for fs_cs */ - int32_t *fs_maxcluster; /* max cluster in each cyl group */ - u_int *fs_active; /* used by snapshots to track fs */ - int32_t fs_old_cpc; /* cyl per cycle in postbl */ - int32_t fs_maxbsize; /* maximum blocking factor permitted */ - int64_t fs_unrefs; /* number of unreferenced inodes */ - int64_t fs_sparecon64[16]; /* old rotation block list head */ - int64_t fs_sblockloc; /* byte offset of standard superblock */ - struct csum_total fs_cstotal; /* cylinder summary information */ - ufs_time_t fs_time; /* last time written */ - int64_t fs_size; /* number of blocks in fs */ - int64_t fs_dsize; /* number of data blocks in fs */ - ufs2_daddr_t fs_csaddr; /* blk addr of cyl grp summary area */ - int64_t fs_pendingblocks; /* blocks in process of being freed */ - int32_t fs_pendinginodes; /* inodes in process of being freed */ - int32_t fs_snapinum[FSMAXSNAP]; /* list of snapshot inode numbers */ - int32_t fs_avgfilesize; /* expected average file size */ - int32_t fs_avgfpdir; /* expected # of files per directory */ - int32_t fs_save_cgsize; /* save real cg size to use fs_bsize */ - int32_t fs_sparecon32[26]; /* reserved for future constants */ - int32_t fs_flags; /* see FS_ flags below */ - int32_t fs_contigsumsize; /* size of cluster summary array */ - int32_t fs_maxsymlinklen; /* max length of an internal symlink */ - int32_t fs_old_inodefmt; /* format of on-disk inodes */ - uint64_t fs_maxfilesize; /* maximum representable file size */ - int64_t fs_qbmask; /* ~fs_bmask for use with 64-bit size */ - int64_t fs_qfmask; /* ~fs_fmask for use with 64-bit size */ - int32_t fs_state; /* validate fs_clean field */ - int32_t fs_old_postblformat; /* format of positional layout tables */ - int32_t fs_old_nrpos; /* number of rotational positions */ - int32_t fs_spare5[2]; /* old fs_postbloff */ - /* old fs_rotbloff */ - int32_t fs_magic; /* magic number */ -}; - -/* - * Filesystem identification - */ -#define FS_UFS1_MAGIC 0x011954 /* UFS1 fast filesystem magic number */ -#define FS_UFS2_MAGIC 0x19540119 /* UFS2 fast filesystem magic number */ -#define FS_OKAY 0x7c269d38 /* superblock checksum */ -#define FS_42INODEFMT -1 /* 4.2BSD inode format */ -#define FS_44INODEFMT 2 /* 4.4BSD inode format */ - -/* - * Preference for optimization. - */ -#define FS_OPTTIME 0 /* minimize allocation time */ -#define FS_OPTSPACE 1 /* minimize disk fragmentation */</pre> -</div> -<p class="Pp">Each disk drive contains some number of file systems. A file - system consists of a number of cylinder groups. Each cylinder group has - inodes and data.</p> -<p class="Pp">A file system is described by its super-block, which in turn - describes the cylinder groups. The super-block is critical data and is - replicated in each cylinder group to protect against catastrophic loss. This - is done at file system creation time and the critical super-block data does - not change, so the copies need not be referenced further unless disaster - strikes.</p> -<p class="Pp">Addresses stored in inodes are capable of addressing fragments of - `blocks'. File system blocks of at most size - <code class="Dv">MAXBSIZE</code> can be optionally broken into 2, 4, or 8 - pieces, each of which is addressable; these pieces may be - <code class="Dv">DEV_BSIZE</code>, or some multiple of a - <code class="Dv">DEV_BSIZE</code> unit.</p> -<p class="Pp" id="blksize">Large files consist of exclusively large data blocks. - To avoid undue wasted disk space, the last data block of a small file is - allocated as only as many fragments of a large block as are necessary. The - file system format retains only a single pointer to such a fragment, which - is a piece of a single large block that has been divided. The size of such a - fragment is determinable from information in the inode, using the - <a class="permalink" href="#blksize"><code class="Fn">blksize</code></a>(<var class="Fa">fs</var>, - <var class="Fa">ip</var>, <var class="Fa">lbn</var>) macro.</p> -<p class="Pp">The file system records space availability at the fragment level; - to determine block availability, aligned fragments are examined.</p> -<p class="Pp">The root inode is the root of the file system. Inode 0 cannot be - used for normal purposes and historically bad blocks were linked to inode 1, - thus the root inode is 2 (inode 1 is no longer used for this purpose, - however numerous dump tapes make this assumption, so we are stuck with - it).</p> -<p class="Pp">The <var class="Fa">fs_minfree</var> element gives the minimum - acceptable percentage of file system blocks that may be free. If the - freelist drops below this level only the super-user may continue to allocate - blocks. The <var class="Fa">fs_minfree</var> element may be set to 0 if no - reserve of free blocks is deemed necessary, however severe performance - degradations will be observed if the file system is run at greater than 90% - full; thus the default value of <var class="Fa">fs_minfree</var> is 8%.</p> -<p class="Pp">Empirically the best trade-off between block fragmentation and - overall disk utilization at a loading of 90% comes with a fragmentation of - 8, thus the default fragment size is an eighth of the block size.</p> -<p class="Pp">The element <var class="Fa">fs_optim</var> specifies whether the - file system should try to minimize the time spent allocating blocks, or if - it should attempt to minimize the space fragmentation on the disk. If the - value of fs_minfree (see above) is less than 8%, then the file system - defaults to optimizing for space to avoid running out of full sized blocks. - If the value of minfree is greater than or equal to 8%, fragmentation is - unlikely to be problematical, and the file system defaults to optimizing for - time.</p> -<p class="Pp" id="Cylinder"><a class="permalink" href="#Cylinder"><i class="Em">Cylinder - group related limits</i></a>: Each cylinder keeps track of the availability - of blocks at different rotational positions, so that sequential blocks can - be laid out with minimum rotational latency. With the default of 8 - distinguished rotational positions, the resolution of the summary - information is 2ms for a typical 3600 rpm drive.</p> -<p class="Pp">The element <var class="Fa">fs_old_rotdelay</var> gives the - minimum number of milliseconds to initiate another disk transfer on the same - cylinder. It is used in determining the rotationally optimal layout for disk - blocks within a file; the default value for - <var class="Fa">fs_old_rotdelay</var> is 2ms.</p> -<p class="Pp">Each file system has a statically allocated number of inodes. An - inode is allocated for each <code class="Dv">NBPI</code> bytes of disk - space. The inode allocation strategy is extremely conservative.</p> -<p class="Pp"><code class="Dv">MINBSIZE</code> is the smallest allowable block - size. With a <code class="Dv">MINBSIZE</code> of 4096 it is possible to - create files of size 2^32 with only two levels of indirection. - <code class="Dv">MINBSIZE</code> must be big enough to hold a cylinder group - block, thus changes to (<var class="Fa">struct cg</var>) must keep its size - within <code class="Dv">MINBSIZE</code>. Note that super-blocks are never - more than size <code class="Dv">SBLOCKSIZE</code>.</p> -<p class="Pp">The path name on which the file system is mounted is maintained in - <var class="Fa">fs_fsmnt</var>. <code class="Dv">MAXMNTLEN</code> defines - the amount of space allocated in the super-block for this name. The limit on - the amount of summary information per file system is defined by - <code class="Dv">MAXCSBUFS</code>. For a 4096 byte block size, it is - currently parameterized for a maximum of two million cylinders.</p> -<p class="Pp">Per cylinder group information is summarized in blocks allocated - from the first cylinder group's data blocks. These blocks are read in from - <var class="Fa">fs_csaddr</var> (size <var class="Fa">fs_cssize</var>) in - addition to the super-block.</p> -<p class="Pp" id="N.B."><a class="permalink" href="#N.B."><b class="Sy">N.B.</b></a>: - <a class="permalink" href="#sizeof"><code class="Fn" id="sizeof">sizeof</code></a>(<var class="Fa">struct - csum</var>) must be a power of two in order for the - <a class="permalink" href="#fs_cs"><code class="Fn" id="fs_cs">fs_cs</code></a>() - macro to work.</p> -<p class="Pp" id="Super-block">The - <a class="permalink" href="#Super-block"><i class="Em">Super-block for a - file system</i></a>: The size of the rotational layout tables is limited by - the fact that the super-block is of size <code class="Dv">SBLOCKSIZE</code>. - The size of these tables is - <a class="permalink" href="#inversely"><i class="Em" id="inversely">inversely</i></a> - proportional to the block size of the file system. The size of the tables is - increased when sector sizes are not powers of two, as this increases the - number of cylinders included before the rotational pattern repeats - (<var class="Fa">fs_cpc</var>). The size of the rotational layout tables is - derived from the number of bytes remaining in (<var class="Fa">struct - fs</var>).</p> -<p class="Pp">The number of blocks of data per cylinder group is limited because - cylinder groups are at most one block. The inode and free block tables must - fit into a single block after deducting space for the cylinder group - structure (<var class="Fa">struct cg</var>).</p> -<p class="Pp" id="Inode">The - <a class="permalink" href="#Inode"><i class="Em">Inode</i></a>: The inode is - the focus of all file activity in the <span class="Ux">UNIX</span> file - system. There is a unique inode allocated for each active file, each current - directory, each mounted-on file, text file, and the root. An inode is - `named' by its device/i-number pair. For further information, see the - include file - <code class="In"><<a class="In">ufs/ufs/inode.h</a>></code>.</p> -<p class="Pp">The format of an external attribute is defined by the extattr - structure:</p> -<div class="Bd Pp Li"> -<pre>struct extattr { - uint32_t ea_length; /* length of this attribute */ - uint8_t ea_namespace; /* name space of this attribute */ - uint8_t ea_contentpadlen; /* bytes of padding at end of attribute */ - uint8_t ea_namelength; /* length of attribute name */ - char ea_name[1]; /* attribute name (NOT nul-terminated) */ - /* padding, if any, to align attribute content to 8 byte boundary */ - /* extended attribute content follows */ -};</pre> -</div> -<p class="Pp">Several macros are defined to manipulate these structures. Each - macro takes a pointer to an extattr structure.</p> -<dl class="Bl-tag"> - <dt id="EXTATTR_NEXT(eap)"><a class="permalink" href="#EXTATTR_NEXT(eap)"><code class="Dv">EXTATTR_NEXT(eap)</code></a></dt> - <dd>Returns a pointer to the next extended attribute following - <var class="Fa">eap</var>.</dd> - <dt id="EXTATTR_CONTENT(eap)"><a class="permalink" href="#EXTATTR_CONTENT(eap)"><code class="Dv">EXTATTR_CONTENT(eap)</code></a></dt> - <dd>Returns a pointer to the extended attribute content referenced by - <var class="Fa">eap</var>.</dd> - <dt id="EXTATTR_CONTENT_SIZE(eap)"><a class="permalink" href="#EXTATTR_CONTENT_SIZE(eap)"><code class="Dv">EXTATTR_CONTENT_SIZE(eap)</code></a></dt> - <dd>Returns the size of the extended attribute content referenced by - <var class="Fa">eap</var>.</dd> -</dl> -<p class="Pp">The following code identifies an ACL:</p> -<div class="Bd Pp Li"> -<pre> if (eap->ea_namespace == EXTATTR_NAMESPACE_SYSTEM && - eap->ea_namelength == sizeof(POSIX1E_ACL_ACCESS_EXTATTR_NAME) - 1 && - strncmp(eap->ea_name, POSIX1E_ACL_ACCESS_EXTATTR_NAME, - sizeof(POSIX1E_ACL_ACCESS_EXTATTR_NAME) - 1) == 0) { - aclp = EXTATTR_CONTENT(eap); - acllen = EXTATTR_CONTENT_SIZE(eap); - ... - }</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">A super-block structure named filsys appeared in - <span class="Ux">Version 6 AT&T UNIX</span>. The file system - described in this manual appeared in <span class="Ux">4.2BSD</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">January 16, 2017</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/fstab.5 3.html b/static/freebsd/man5/fstab.5 3.html deleted file mode 100644 index d5f862a0..00000000 --- a/static/freebsd/man5/fstab.5 3.html +++ /dev/null @@ -1,272 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">FSTAB(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">FSTAB(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">fstab</code> — <span class="Nd">static - information about the file systems</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">fstab.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <code class="Nm">fstab</code> contains descriptive - information about the various file systems. <code class="Nm">fstab</code> is - only read by programs, and not written; it is the duty of the system - administrator to properly create and maintain this file. Each file system is - described on a separate line; fields on each line are separated by tabs or - spaces. The order of records in <code class="Nm">fstab</code> is important - because <a class="Xr">fsck(8)</a>, <a class="Xr">mount(8)</a>, and - <a class="Xr">umount(8)</a> sequentially iterate through - <code class="Nm">fstab</code> doing their thing.</p> -<p class="Pp">The first field, (<var class="Fa">fs_spec</var>), describes the - special device or remote file system to be mounted. The contents are decoded - by the <a class="Xr">strunvis(3)</a> function. This allows using spaces or - tabs in the device name which would be interpreted as field separators - otherwise.</p> -<p class="Pp">The second field, (<var class="Fa">fs_file</var>), describes the - mount point for the file system. For swap partitions, this field should be - specified as “none”. The contents are decoded by the - <a class="Xr">strunvis(3)</a> function, as above.</p> -<p class="Pp">The third field, (<var class="Fa">fs_vfstype</var>), describes the - type of the file system. The system can support various file system types. - Only the root, /usr, and /tmp file systems need be statically compiled into - the kernel; everything else will be automatically loaded at mount time. - (Exception: the FFS cannot currently be demand-loaded.) Some people still - prefer to statically compile other file systems as well.</p> -<p class="Pp">The fourth field, (<var class="Fa">fs_mntops</var>), describes the - mount options associated with the file system. It is formatted as a comma - separated list of options. It contains at least the type of mount (see - <var class="Fa">fs_type</var> below) plus any additional options appropriate - to the file system type. See the options flag (<code class="Fl">-o</code>) - in the <a class="Xr">mount(8)</a> page and the file system specific page, - such as <a class="Xr">mount_nfs(8)</a>, for additional options that may be - specified. All options that can be given to the file system specific mount - commands can be used in <code class="Nm">fstab</code> as well. They just - need to be formatted a bit differently. The arguments of the - <code class="Fl">-o</code> option can be used without the preceding - <code class="Fl">-o</code> flag. Other options need both the file system - specific flag and its argument, separated by an equal sign. For example, - mounting an <a class="Xr">msdosfs(4)</a> filesystem, the options</p> -<div class="Bd Pp Bd-indent Li"> -<pre>-o sync -o noatime -m 644 -M 755 -u foo -g bar</pre> -</div> -<p class="Pp">should be written as</p> -<div class="Bd Pp Bd-indent Li"> -<pre>sync,noatime,-m=644,-M=755,-u=foo,-g=bar</pre> -</div> -<p class="Pp">in the option field of <code class="Nm">fstab</code>.</p> -<p class="Pp">If the options “userquota” and/or - “groupquota” are specified, the file system is automatically - processed by the <a class="Xr">quotacheck(8)</a> command, and user and/or - group disk quotas are enabled with <a class="Xr">quotaon(8)</a>. By default, - file system quotas are maintained in files named - <span class="Pa">quota.user</span> and <span class="Pa">quota.group</span> - which are located at the root of the associated file system. These defaults - may be overridden by putting an equal sign and an alternative absolute - pathname following the quota option. Thus, if the user quota file for - <span class="Pa">/tmp</span> is stored in - <span class="Pa">/var/quotas/tmp.user</span>, this location can be specified - as:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>userquota=/var/quotas/tmp.user</pre> -</div> -<p class="Pp">If the option “failok” is specified, the system will - ignore any error which happens during the mount of that filesystem, which - would otherwise cause the system to drop into single user mode. This option - is implemented by the <a class="Xr">mount(8)</a> command and will not be - passed to the kernel.</p> -<p class="Pp">If the option “noauto” is specified, the file system - will not be automatically mounted at system startup. Note that, for network - file systems of third party types (i.e., types supported by additional - software not included in the base system) to be automatically mounted at - system startup, the <var class="Va">extra_netfs_types</var> - <a class="Xr">rc.conf(5)</a> variable must be used to extend the - <a class="Xr">rc(8)</a> startup script's list of network file system - types.</p> -<p class="Pp">If the option “late” is specified, the file system - will be automatically mounted at a stage of system startup after remote - mount points are mounted. For more detail about this option, see the - <a class="Xr">mount(8)</a> manual page.</p> -<p class="Pp">If the option “update” is specified, it indicates - that the status of an already mounted file system should be changed - accordingly. This allows, for example, file systems mounted read-only to be - upgraded read-write and vice-versa. By default, an entry corresponding to a - file systems that is already mounted is going to be skipped over when - processing <code class="Nm">fstab</code>, unless it's a root file system, in - which case logic similar to “update” is applied - automatically.</p> -<p class="Pp">The “update” option is typically used in conjunction - with two <code class="Nm">fstab</code> files. The first - <code class="Nm">fstab</code> file is used to set up the initial set of file - systems. The second <code class="Nm">fstab</code> file is then run to update - the initial set of file systems and to add additional file systems.</p> -<p class="Pp">The type of the mount is extracted from the - <var class="Fa">fs_mntops</var> field and stored separately in the - <var class="Fa">fs_type</var> field (it is not deleted from the - <var class="Fa">fs_mntops</var> field). If <var class="Fa">fs_type</var> is - “rw” or “ro” then the file system whose name is - given in the <var class="Fa">fs_file</var> field is normally mounted - read-write or read-only on the specified special file.</p> -<p class="Pp">If <var class="Fa">fs_type</var> is “sw” then the - special file is made available as a piece of swap space by the - <a class="Xr">swapon(8)</a> command at the end of the system reboot - procedure. For swap devices, the keyword “trimonce” triggers - the delivery of a <code class="Dv">BIO_DELETE</code> command to the device. - This command marks the device's blocks as unused, except those that might - store a disk label. This marking can erase a crash dump. To delay - <code class="Nm">swapon</code> for a device until after - <code class="Nm">savecore</code> has copied the crash dump to another - location, use the “late” option. For vnode-backed swap spaces, - “file” is supported in the <var class="Fa">fs_mntops</var> - field. When <var class="Fa">fs_spec</var> is an <a class="Xr">md(4)</a> - device file (“md” or “md[0-9]*”) and - “file” is specified in <var class="Fa">fs_mntopts</var>, an - <a class="Xr">md(4)</a> device is created with the specified file used as - backing store, and then the new device is used as swap space. Swap entries - on <span class="Pa">.eli</span> devices will cause automatic creation of - encrypted devices. The “ealgo”, “aalgo”, - “keylen”, “notrim”, and - “sectorsize” options may be passed to control those - <a class="Xr">geli(8)</a> parameters. The fields other than - <var class="Fa">fs_spec</var> and <var class="Fa">fs_type</var> are unused. - If <var class="Fa">fs_type</var> is specified as “xx” the - entry is ignored. This is useful to show disk partitions which are currently - unused.</p> -<p class="Pp">The fifth field, (<var class="Fa">fs_freq</var>), is used for - these file systems by the <a class="Xr">dump(8)</a> command to determine - which file systems need to be dumped. If the fifth field is not present, a - value of zero is returned and <code class="Nm">dump</code> will assume that - the file system does not need to be dumped. If the fifth field is greater - than 0, then it specifies the number of days between dumps for this file - system.</p> -<p class="Pp">The sixth field, (<var class="Fa">fs_passno</var>), is used by the - <a class="Xr">fsck(8)</a> and <a class="Xr">quotacheck(8)</a> programs to - determine the order in which file system and quota checks are done at reboot - time. The <var class="Fa">fs_passno</var> field can be any value between 0 - and ‘<code class="Li">INT_MAX-1</code>’.</p> -<p class="Pp">The root file system should be specified with a - <var class="Fa">fs_passno</var> of 1, and other file systems should have a - <var class="Fa">fs_passno</var> of 2 or greater. A file system with a - <var class="Fa">fs_passno</var> value of 1 is always checked sequentially - and be completed before another file system is processed, and it will be - processed before all file systems with a larger - <var class="Fa">fs_passno</var>.</p> -<p class="Pp">For any given value of <var class="Fa">fs_passno</var>, file - systems within a drive will be checked sequentially, but file systems on - different drives will be checked at the same time to utilize parallelism - available in the hardware. Once all file system checks are complete for the - current <var class="Fa">fs_passno</var>, the same process will start over - for the next <var class="Fa">fs_passno</var>.</p> -<p class="Pp">If the sixth field is not present or is zero, a value of zero is - returned and <a class="Xr">fsck(8)</a> and <a class="Xr">quotacheck(8)</a> - will assume that the file system does not need to be checked.</p> -<p class="Pp">The <var class="Fa">fs_passno</var> field can be used to implement - finer control when the system utilities may determine that the file system - resides on a different physical device, when it actually does not, as with a - <a class="Xr">ccd(4)</a> device. All file systems with a lower - <var class="Fa">fs_passno</var> value will be completed before starting on - file systems with a higher <var class="Fa">fs_passno</var> value. E.g. all - file systems with a <var class="Fa">fs_passno</var> of 2 will be completed - before any file systems with a <var class="Fa">fs_passno</var> of 3 or - greater are started. Gaps are allowed between the different - <var class="Fa">fs_passno</var> values. E.g. file systems listed in - <span class="Pa">/etc/fstab</span> may have <var class="Fa">fs_passno</var> - values such as 0, 1, 2, 15, 100, 200, 300, and may appear in any order - within <span class="Pa">/etc/fstab</span>.</p> -<div class="Bd Pp Li"> -<pre>#define FSTAB_RW "rw" /* read/write device */ -#define FSTAB_RQ "rq" /* read/write with quotas */ -#define FSTAB_RO "ro" /* read-only device */ -#define FSTAB_SW "sw" /* swap device */ -#define FSTAB_XX "xx" /* ignore totally */ - -struct fstab { - char *fs_spec; /* block special device name */ - char *fs_file; /* file system path prefix */ - char *fs_vfstype; /* File system type, ufs, nfs */ - char *fs_mntops; /* Mount options ala -o */ - char *fs_type; /* FSTAB_* from fs_mntops */ - int fs_freq; /* dump frequency, in days */ - int fs_passno; /* pass number on parallel fsck */ -};</pre> -</div> -<p class="Pp">The proper way to read records from <span class="Pa">fstab</span> - is to use the routines <a class="Xr">getfsent(3)</a>, - <a class="Xr">getfsspec(3)</a>, <a class="Xr">getfstype(3)</a>, and - <a class="Xr">getfsfile(3)</a>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/fstab</span></dt> - <dd>The file <code class="Nm">fstab</code> resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<div class="Bd Li"> -<pre># Device Mountpoint FStype Options Dump Pass# -# -# UFS file system. -/dev/da0p2 / ufs rw 1 1 -# -# Swap space on a block device. -/dev/da0p1 none swap sw 0 0 -# -# Swap space using a block device with GELI encryption. -# aalgo, ealgo, keylen, sectorsize options are available -# for .eli devices. -/dev/da1p2.eli none swap sw 0 0 -# -# tmpfs. -tmpfs /tmp tmpfs rw,size=1g,mode=1777 0 0 -# -# UFS file system on a swap-backed md(4). /dev/md10 is -# automatically created. If it is "md", a unit number -# will be automatically selected. -md10 /scratch mfs rw,-s1g 0 0 -# -# Swap space on a vnode-backed md(4). -md11 none swap sw,file=/swapfile 0 0 -# -# CDROM. "noauto" option is typically used because the -# media is removable. -/dev/cd0 /cdrom cd9660 ro,noauto 0 0 -# -# NFS-exported file system. "serv" is an NFS server name -# or IP address. -serv:/export /nfs nfs rw,noinet6 0 0</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">getfsent(3)</a>, <a class="Xr">getvfsbyname(3)</a>, - <a class="Xr">strunvis(3)</a>, <a class="Xr">ccd(4)</a>, - <a class="Xr">dump(8)</a>, <a class="Xr">fsck(8)</a>, - <a class="Xr">geli(8)</a>, <a class="Xr">mount(8)</a>, - <a class="Xr">quotacheck(8)</a>, <a class="Xr">quotaon(8)</a>, - <a class="Xr">swapon(8)</a>, <a class="Xr">umount(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">fstab</code> file format appeared in - <span class="Ux">4.0BSD</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 14, 2014</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/group.5 3.html b/static/freebsd/man5/group.5 3.html deleted file mode 100644 index 1cf3cefd..00000000 --- a/static/freebsd/man5/group.5 3.html +++ /dev/null @@ -1,103 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">GROUP(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">GROUP(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">group</code> — <span class="Nd">format of - the group permissions file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">group</code> file is the local source of - group information. It can be used in conjunction with the Hesiod domain - `group', and the NIS maps `group.byname' and `group.bygid', as controlled by - <a class="Xr">nsswitch.conf(5)</a>.</p> -<p class="Pp">The file <code class="Nm">group</code> consists of newline - separated ASCII records, one per group, containing four colon - ‘<code class="Li">:</code>’ separated fields. These fields are - as follows:</p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt>group</dt> - <dd>Name of the group.</dd> - <dt>passwd</dt> - <dd>Group's <i class="Em">encrypted</i> password.</dd> - <dt>gid</dt> - <dd>The group's decimal ID.</dd> - <dt>member</dt> - <dd>Group members.</dd> -</dl> -</div> -<p class="Pp">Lines whose first non-whitespace character is a pound-sign (#) are - comments, and are ignored. Blank lines that consist only of spaces, tabs or - newlines are also ignored.</p> -<p class="Pp">The <var class="Ar">group</var> field is the group name used for - granting file access to users who are members of the group. The - <var class="Ar">gid</var> field is the number associated with the group - name. They should both be unique across the system (and often across a group - of systems) since they control file access. The <var class="Ar">passwd</var> - field is an optional <i class="Em">encrypted</i> password. This field is - rarely used and an asterisk is normally placed in it rather than leaving it - blank. The <var class="Ar">member</var> field contains the names of users - granted the privileges of <var class="Ar">group</var>. The member names are - separated by commas without spaces or newlines. A user is automatically in a - group if that group was specified in their - <span class="Pa">/etc/passwd</span> entry and does not need to be added to - that group in the <code class="Nm">group</code> file.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="IMPLEMENTATION_NOTES"><a class="permalink" href="#IMPLEMENTATION_NOTES">IMPLEMENTATION - NOTES</a></h1> -<p class="Pp">The <a class="Xr">passwd(1)</a> command does not change the - <code class="Nm">group</code> passwords. The <a class="Xr">pw(8)</a> - utility's <code class="Cm">groupmod</code> command should be used - instead.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="LIMITS"><a class="permalink" href="#LIMITS">LIMITS</a></h1> -<p class="Pp">There are various limitations which are explained in the function - where they occur; see section <a class="Sx" href="#SEE_ALSO">SEE - ALSO</a>.</p> -<p class="Pp">In older implementations, a group cannot have more than 200 - members. The maximum line length of <span class="Pa">/etc/group</span> is - 1024 characters. Longer lines will be skipped. This limitation disappeared - in <span class="Ux">FreeBSD 3.0</span>. Older binaries that are statically - linked, depend on old shared libraries, or - <span class="No">non-</span><span class="Ux">FreeBSD</span> binaries in - compatibility mode may still have this limit.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/group</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">newgrp(1)</a>, <a class="Xr">passwd(1)</a>, - <a class="Xr">setcred(2)</a>, <a class="Xr">setgroups(2)</a>, - <a class="Xr">crypt(3)</a>, <a class="Xr">getgrent(3)</a>, - <a class="Xr">initgroups(3)</a>, <a class="Xr">nsswitch.conf(5)</a>, - <a class="Xr">passwd(5)</a>, <a class="Xr">chkgrp(8)</a>, - <a class="Xr">pw(8)</a>, <a class="Xr">yp(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">A <code class="Nm">group</code> file format appeared in - <span class="Ux">Version 6 AT&T UNIX</span>. Support for comments - first appeared in <span class="Ux">FreeBSD 3.0</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">August 29, 2025</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/hesiod.conf.5 4.html b/static/freebsd/man5/hesiod.conf.5 4.html deleted file mode 100644 index 8cbb9ca6..00000000 --- a/static/freebsd/man5/hesiod.conf.5 4.html +++ /dev/null @@ -1,59 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">HESIOD.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">HESIOD.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">hesiod.conf</code> — - <span class="Nd">configuration file for the Hesiod library</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <code class="Nm">hesiod.conf</code> determines the - behavior of the Hesiod library. Blank lines and lines beginning with a - ‘<code class="Li">#</code>’ character are ignored. All other - lines should be of the form <var class="Ar">variable</var> = - <var class="Ar">value</var>, where the <var class="Ar">value</var> should be - a single word. Possible <var class="Ar">variables</var> and - <var class="Ar">values</var> are:</p> -<dl class="Bl-tag"> - <dt id="lhs"><a class="permalink" href="#lhs"><code class="Ic">lhs</code></a></dt> - <dd>Specifies the domain prefix used for Hesiod queries. In almost all cases, - you should specify “<code class="Li">lhs=.ns</code>”. The - default value if you do not specify an lhs value is no domain prefix, - which is not compatible with most Hesiod domains.</dd> - <dt id="rhs"><a class="permalink" href="#rhs"><code class="Ic">rhs</code></a></dt> - <dd>Specifies the default Hesiod domain; this value may be overridden by the - <code class="Ev">HES_DOMAIN</code> environment variable. You must specify - an rhs line for the Hesiod library to work properly.</dd> - <dt id="classes"><a class="permalink" href="#classes"><code class="Ic">classes</code></a></dt> - <dd>Specifies which DNS classes Hesiod should do lookups in. Possible values - are <code class="Cm">IN</code> (the preferred class) and - <code class="Cm">HS</code> (the deprecated class, still used by some - sites). You may specify both classes separated by a comma to try one class - first and then the other if no entry is available in the first class. The - default value of the classes variable is - “<code class="Li">IN,HS</code>”.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">hesiod(3)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">The default value for <code class="Ic">lhs</code> should probably - be more reasonable.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 30, 1996</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/hosts.5 3.html b/static/freebsd/man5/hosts.5 3.html deleted file mode 100644 index 2e4a7b96..00000000 --- a/static/freebsd/man5/hosts.5 3.html +++ /dev/null @@ -1,66 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">HOSTS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">HOSTS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">hosts</code> — <span class="Nd">host name - data base</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">hosts</code> file contains information - regarding the known hosts on the network. It can be used in conjunction with - DNS, and the NIS maps `hosts.byaddr' and `hosts.byname', as controlled by - <a class="Xr">nsswitch.conf(5)</a>. For each host a single line should be - present with the following information:</p> -<div class="Bd Pp Bd-indent"> -<pre>Internet address -official host name -aliases</pre> -</div> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A ``#'' indicates the beginning of a comment; characters up to the end of - the line are not interpreted by routines which search the file.</p> -<p class="Pp">This file provides a backup used when the name server is not - running. For the name server, it is suggested that only a few addresses be - included in this file. These include addresses for the local interfaces that - <a class="Xr">ifconfig(8)</a> needs at boot time and a few machines on the - local network.</p> -<p class="Pp">Network addresses are specified in either the conventional ``.'' - (dot) notation for IPv4 or colon hexadecimal notation for IPv6, as - understood by the <a class="Xr">inet_pton(3)</a> routine from the Internet - address manipulation library, <a class="Xr">inet(3)</a>. Host names may - contain any printable character other than a field delimiter, newline, or - comment character.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/hosts</span></dt> - <dd>The <code class="Nm">hosts</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">gethostbyname(3)</a>, <a class="Xr">inet(3)</a>, - <a class="Xr">nsswitch.conf(5)</a>, <a class="Xr">ifconfig(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">hosts</code> file format appeared in - <span class="Ux">4.1cBSD</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">September 15, 2022</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/hosts.equiv.5 3.html b/static/freebsd/man5/hosts.equiv.5 3.html deleted file mode 100644 index 74ecd989..00000000 --- a/static/freebsd/man5/hosts.equiv.5 3.html +++ /dev/null @@ -1,92 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">HOSTS.EQUIV(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">HOSTS.EQUIV(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">hosts.equiv</code>, - <code class="Nm">rhosts</code> — <span class="Nd">trusted remote host - and user name data base</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <span class="Pa">hosts.equiv</span> and - <span class="Pa">.rhosts</span> files contain information regarding trusted - hosts and users on the network. For each host a single line should be - present with the following information:</p> -<p class="Pp">simple</p> -<div class="Bd Pp Bd-indent"> -<pre>hostname [username]</pre> -</div> -<p class="Pp">or the more verbose</p> -<div class="Bd Pp Bd-indent"> -<pre>[+-][hostname|@netgroup] [[+-][username|@netgroup]]</pre> -</div> -<p class="Pp">A “@” indicates a host by netgroup or user by - netgroup. A single “+” matches all hosts or users. A host name - with a leading “-” will reject all matching hosts and all - their users. A user name with leading “-” will reject all - matching users from matching hosts.</p> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A “#” indicates the beginning of a comment; characters up to - the end of the line are not interpreted by routines which search the - file.</p> -<p class="Pp">Host names are specified in the conventional Internet DNS - dotted-domains “.” (dot) notation using the - <a class="Xr">inet_addr(3)</a> routine from the Internet address - manipulation library, <a class="Xr">inet(3)</a>. Host names may contain any - printable character other than a field delimiter, newline, or comment - character.</p> -<p class="Pp">For security reasons, a user's <code class="Nm">.rhosts</code> - file will be ignored if it is not a regular file, or if it is not owned by - the user, or if it is writable by anyone other than the user.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/hosts.equiv</span></dt> - <dd>The <code class="Nm">hosts.equiv</code> file resides in - <span class="Pa">/etc</span>.</dd> - <dt><span class="Pa">$HOME/.rhosts</span></dt> - <dd><code class="Nm">.rhosts</code> file resides in - <span class="Pa">$HOME</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<div class="Bd Bd-indent"><code class="Li">bar.com foo</code></div> -<p class="Pp">Trust user “foo” from host - “bar.com”.</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">+@allclient</code></div> -<p class="Pp">Trust all hosts from netgroup “allclient”.</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">+@allclient -@dau</code></div> -<p class="Pp">Trust all hosts from netgroup “allclient” and their - users except users from netgroup “dau”.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">gethostbyname(3)</a>, <a class="Xr">inet(3)</a>, - <a class="Xr">innetgr(3)</a>, <a class="Xr">ruserok(3)</a>, - <a class="Xr">netgroup(5)</a>, <a class="Xr">ifconfig(8)</a>, - <a class="Xr">yp(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">This manual page is incomplete. For more information read the - source in <span class="Pa">src/lib/libc/net/rcmd.c</span> or the SunOS - manual page.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 23, 2026</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/hosts.lpd.5 4.html b/static/freebsd/man5/hosts.lpd.5 4.html deleted file mode 100644 index 953da126..00000000 --- a/static/freebsd/man5/hosts.lpd.5 4.html +++ /dev/null @@ -1,42 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">HOSTS.LPD(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">HOSTS.LPD(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">hosts.lpd</code> — - <span class="Nd">trusted hosts that may use local print services</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">hosts.lpd</code> file contains a list of - hostnames or IP addresses that are allowed to use your local print services. - List every hostname or IP address on a line itself.</p> -<p class="Pp">If you want to allow access for any and all host, you can usually - use the NIS netgroups feature to do this by adding a line with a single - ‘<code class="Li">+</code>’ character.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/hosts.lpd</span></dt> - <dd>The <code class="Nm">hosts.lpd</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">printcap(5)</a>, <a class="Xr">lpd(8)</a></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 1, 1996</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/intro.5 4.html b/static/freebsd/man5/intro.5 4.html deleted file mode 100644 index 13d27fd1..00000000 --- a/static/freebsd/man5/intro.5 4.html +++ /dev/null @@ -1,52 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">INTRO(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">INTRO(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">intro</code> — - <span class="Nd">introduction to file formats</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">This section contains information about the file formats which - comprise most data structures in the <span class="Ux">BSD</span> - environment, including:</p> -<p class="Pp"></p> -<ul class="Bl-bullet Bl-compact"> - <li><a class="Xr">ascii(7)</a> configuration and resource files</li> - <li>system binary file and stream structures</li> - <li>composition of database files</li> -</ul> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/</span></dt> - <dd>base system software configuration files</dd> - <dt><span class="Pa">/usr/local/etc/</span></dt> - <dd>locally installed software configuration files</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">apropos(1)</a>, <a class="Xr">intro(1)</a>, - <a class="Xr">hier(7)</a>, <a class="Xr">intro(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">intro</code>(5) manual page first appeared in - <span class="Ux">FreeBSD 2.2</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 17, 2024</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/libmap.conf.5 3.html b/static/freebsd/man5/libmap.conf.5 3.html deleted file mode 100644 index 3b0b78b8..00000000 --- a/static/freebsd/man5/libmap.conf.5 3.html +++ /dev/null @@ -1,153 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">LIBMAP.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">LIBMAP.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">libmap.conf</code> — - <span class="Nd">configuration file for dynamic object dependency - mapping</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">libmap</code> functionality of - <a class="Xr">ld-elf.so.1(1)</a> allows dynamic object dependencies to be - mapped to arbitrary names.</p> -<p class="Pp">Each line in <span class="Pa">/etc/libmap.conf</span> can have one - of five forms:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">origin</var> <var class="Ar">target</var></dt> - <dd>Whenever a dependency on <var class="Ar">origin</var> is encountered while - loading a dynamic object, use <var class="Ar">target</var> instead of - searching for <var class="Ar">origin</var> in the normal library search - paths.</dd> - <dt><var class="Ar">path1</var> <var class="Ar">path2</var></dt> - <dd>When iterating through a library search path, replace any element that - matches <var class="Ar">path1</var> exactly with - <var class="Ar">path2</var>.</dd> - <dt>[<var class="Ar">constraint</var>]</dt> - <dd>Apply <var class="Ar">constraint</var> to all subsequent mappings until - the next constraint line or the end of the file. See the - <a class="Sx" href="#Constraints">Constraints</a> section for - details.</dd> - <dt id="include"><a class="permalink" href="#include"><code class="Cm">include</code></a> - <var class="Ar">file</var></dt> - <dd>Parse the contents of <var class="Ar">file</var> before continuing with - the current file. Nesting depth is limited only by available memory, but - each file encountered is processed only once, and loops are silently - ignored.</dd> - <dt id="includedir"><a class="permalink" href="#includedir"><code class="Cm">includedir</code></a> - <var class="Ar">dir</var></dt> - <dd>Recurse through <var class="Ar">dir</var> and parse the contents of any - file that ends in <span class="Pa">.conf</span> before continuing with the - current file. Nesting depth is limited only by available memory, but each - directory or file encountered is processed only once, and loops are - silently ignored.</dd> -</dl> -<section class="Ss"> -<h2 class="Ss" id="Constraints"><a class="permalink" href="#Constraints">Constraints</a></h2> -<p class="Pp">Constrained mappings only apply when processing binaries or - libraries that satisfy the constraint. There are three types of - constraints:</p> -<dl class="Bl-tag"> - <dt>Exact</dt> - <dd>The constraint is matched literally so that only an executable with an - identical fully qualified pathname will satisfy the constraint. This means - that the executable <span class="Pa">/usr/bin/foo</span> will not satisfy - the constraint [<span class="Pa">/usr/bin/./foo</span>], and vice-versa. - This is the default constraint type.</dd> - <dt>Basename</dt> - <dd>A constraint with no path is matched against the basename of the - executable. For instance, the constraint [<span class="Pa">foo</span>] - will match <span class="Pa">/bin/foo</span>, - <span class="Pa">/usr/local/sbin/foo</span>, or any other executable named - <span class="Pa">foo</span>, no matter what directory it is in.</dd> - <dt>Directory</dt> - <dd>A constraint with a trailing slash is satisfied if the full pathname - begins with the constraint string. For instance, the constraint - [<span class="Pa">/usr/bin/</span>] will match any executable with a path - starting with <span class="Pa">/usr/bin/</span>.</dd> -</dl> -<p class="Pp">Note that the constraints are matched against the path that was - passed as the first argument to whichever <a class="Xr">exec(3)</a> function - was used to execute the binary in question. Most programs executed from a - shell are run without a full path, via <a class="Xr">execvp(3)</a> or - similar, so the basename constraint type is the most useful.</p> -<p class="Pp"></p> -<div class="Bf Sy">WARNING! Constraints apply to all mappings until the next - constraint or the end of the file. Hence, unconstrained mappings must be - placed at the top of the file.</div> -</section> -<section class="Ss"> -<h2 class="Ss" id="ABI_compatibility"><a class="permalink" href="#ABI_compatibility">ABI - compatibility</a></h2> -<p class="Pp">On 64-bit architectures that provide 32-bit binary compatibility, - the mappings in <span class="Pa">/etc/libmap.conf</span> apply only to - 64-bit binaries. Mappings for 32-bit binaries must be placed in - <span class="Pa">/etc/libmap32.conf</span>.</p> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/libmap.conf</span></dt> - <dd>The libmap configuration file.</dd> - <dt><span class="Pa">/etc/libmap32.conf</span></dt> - <dd>The libmap configuration file for 32-bit binaries on 64-bit system.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<div class="Bd Li"> -<pre># -# origin target -# -libc_r.so.6 libpthread.so.2 # Everything that uses 'libc_r' -libc_r.so libpthread.so # now uses 'libpthread' - -[/tmp/mplayer] # Test version of mplayer uses libc_r -libpthread.so.2 libc_r.so.6 -libpthread.so libc_r.so - -[/usr/local/jdk1.4.1/] # All Java 1.4.1 programs use libthr - # This works because "javavms" executes - # programs with the full pathname -libpthread.so.2 libthr.so.2 -libpthread.so libthr.so - -# Glue for Linux-only EPSON printer .so to be loaded into cups, etc. -[/usr/local/lib/pips/libsc80c.so] -libc.so.6 pluginwrapper/pips.so -libdl.so.2 pluginwrapper/pips.so</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">ldd(1)</a>, <a class="Xr">rtld(1)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">libmap</code> mechanism first appeared in - <span class="Ux">FreeBSD 5.1</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Matthew N. - Dodd</span> - <<a class="Mt" href="mailto:winter@jurai.net">winter@jurai.net</a>> - and extensively rewritten by <span class="An">Dag-Erling - Smørgrav</span> - <<a class="Mt" href="mailto:des@FreeBSD.org">des@FreeBSD.org</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">September 16, 2013</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/link.5 3.html b/static/freebsd/man5/link.5 3.html deleted file mode 100644 index 8155158a..00000000 --- a/static/freebsd/man5/link.5 3.html +++ /dev/null @@ -1,493 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">LINK(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">LINK(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">link</code> — <span class="Nd">dynamic - loader and link editor interface</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">sys/types.h</a>></code> - <br/> - <code class="In">#include <<a class="In">nlist.h</a>></code> - <br/> - <code class="In">#include <<a class="In">link.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The include file - <code class="In"><<a class="In">link.h</a>></code> declares several - structures that are present in dynamically linked programs and libraries. - The structures define the interface between several components of the - link-editor and loader mechanism. The layout of a number of these structures - within the binaries resembles the a.out format in many places as it serves - such similar functions as symbol definitions (including the accompanying - string table) and relocation records needed to resolve references to - external entities. It also records a number of data structures unique to the - dynamic loading and linking process. These include references to other - objects that are required to complete the link-editing process and - indirection tables to facilitate - <a class="permalink" href="#Position"><i class="Em" id="Position">Position - Independent Code</i></a> (PIC for short) to improve sharing of code pages - among different processes. The collection of data structures described here - will be referred to as the - <a class="permalink" href="#Run-time"><i class="Em" id="Run-time">Run-time - Relocation Section (RRS)</i></a> and is embedded in the standard text and - data segments of the dynamically linked program or shared object image as - the existing <a class="Xr">a.out(5)</a> format offers no room for it - elsewhere.</p> -<p class="Pp">Several utilities cooperate to ensure that the task of getting a - program ready to run can complete successfully in a way that optimizes the - use of system resources. The compiler emits PIC code from which shared - libraries can be built by <a class="Xr">ld(1)</a>. The compiler also - includes size information of any initialized data items through the .size - assembler directive. PIC code differs from conventional code in that it - accesses data variables through an indirection table, the Global Offset - Table, by convention accessible by the reserved name - <code class="Dv">_GLOBAL_OFFSET_TABLE_</code>. The exact mechanism used for - this is machine dependent, usually a machine register is reserved for the - purpose. The rational behind this construct is to generate code that is - independent of the actual load address. Only the values contained in the - Global Offset Table may need updating at run-time depending on the load - addresses of the various shared objects in the address space.</p> -<p class="Pp">Likewise, procedure calls to globally defined functions are - redirected through the Procedure Linkage Table (PLT) residing in the data - segment of the core image. Again, this is done to avoid run-time - modifications to the text segment.</p> -<p class="Pp" id="_DYNAMIC">The linker-editor allocates the Global Offset Table - and Procedure Linkage Table when combining PIC object files into an image - suitable for mapping into the process address space. It also collects all - symbols that may be needed by the run-time link-editor and stores these - along with the image's text and data bits. Another reserved symbol, - <a class="permalink" href="#_DYNAMIC"><i class="Em">_DYNAMIC</i></a> is used - to indicate the presence of the run-time linker structures. Whenever - _DYNAMIC is relocated to 0, there is no need to invoke the run-time - link-editor. If this symbol is non-zero, it points at a data structure from - which the location of the necessary relocation- and symbol information can - be derived. This is most notably used by the start-up module, - <a class="permalink" href="#crt0"><i class="Em" id="crt0">crt0</i></a>. The - _DYNAMIC structure is conventionally located at the start of the data - segment of the image to which it pertains.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DATA_STRUCTURES"><a class="permalink" href="#DATA_STRUCTURES">DATA - STRUCTURES</a></h1> -<p class="Pp">The data structures supporting dynamic linking and run-time - relocation reside both in the text and data segments of the image they apply - to. The text segments contain read-only data such as symbols descriptions - and names, while the data segments contain the tables that need to be - modified by during the relocation process.</p> -<p class="Pp">The _DYNAMIC symbol references a <var class="Fa">_dynamic</var> - structure:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct _dynamic { - int d_version; - struct so_debug *d_debug; - union { - struct section_dispatch_table *d_sdt; - } d_un; - struct ld_entry *d_entry; -};</pre> -</div> -<dl class="Bl-tag"> - <dt id="LD_VERSION_SUN"><var class="Fa">d_version</var></dt> - <dd>This field provides for different versions of the dynamic linking - implementation. The current version numbers understood by - <a class="Xr">ld(1)</a> and <a class="Xr">ld.so(1)</a> are - <a class="permalink" href="#LD_VERSION_SUN"><i class="Em">LD_VERSION_SUN - (3)</i></a>, which is used by the SunOS 4.x releases, and - <a class="permalink" href="#LD_VERSION_BSD"><i class="Em" id="LD_VERSION_BSD">LD_VERSION_BSD - (8)</i></a>, which has been in use since <span class="Ux">FreeBSD - 1.1</span>.</dd> - <dt id="d_version"><var class="Fa">d_un</var></dt> - <dd>Refers to a - <a class="permalink" href="#d_version"><i class="Em">d_version</i></a> - dependent data structure.</dd> - <dt><var class="Fa">so_debug</var></dt> - <dd>this field provides debuggers with a hook to access symbol tables of - shared objects loaded as a result of the actions of the run-time - link-editor.</dd> -</dl> -<p class="Pp">The <var class="Fa">section_dispatch_table</var> structure is the - main “dispatcher” table, containing offsets into the image's - segments where various symbol and relocation information is located.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct section_dispatch_table { - struct so_map *sdt_loaded; - long sdt_sods; - long sdt_filler1; - long sdt_got; - long sdt_plt; - long sdt_rel; - long sdt_hash; - long sdt_nzlist; - long sdt_filler2; - long sdt_buckets; - long sdt_strings; - long sdt_str_sz; - long sdt_text_sz; - long sdt_plt_sz; -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">sdt_loaded</var></dt> - <dd>A pointer to the first link map loaded (see below). This field is set by - <code class="Nm">ld.so</code></dd> - <dt id="this"><var class="Fa">sdt_sods</var></dt> - <dd>The start of a (linked) list of shared object descriptors needed by - <a class="permalink" href="#this"><i class="Em">this</i></a> object.</dd> - <dt><var class="Fa">sdt_filler1</var></dt> - <dd>Deprecated (used by SunOS to specify library search rules).</dd> - <dt><var class="Fa">sdt_got</var></dt> - <dd>The location of the Global Offset Table within this image.</dd> - <dt><var class="Fa">sdt_plt</var></dt> - <dd>The location of the Procedure Linkage Table within this image.</dd> - <dt><var class="Fa">sdt_rel</var></dt> - <dd>The location of an array of <var class="Fa">relocation_info</var> - structures (see <a class="Xr">a.out(5)</a>) specifying run-time - relocations.</dd> - <dt><var class="Fa">sdt_hash</var></dt> - <dd>The location of the hash table for fast symbol lookup in this object's - symbol table.</dd> - <dt><var class="Fa">sdt_nzlist</var></dt> - <dd>The location of the symbol table.</dd> - <dt><var class="Fa">sdt_filler2</var></dt> - <dd>Currently unused.</dd> - <dt><var class="Fa">sdt_buckets</var></dt> - <dd>The number of buckets in <var class="Fa">sdt_hash</var></dd> - <dt><var class="Fa">sdt_strings</var></dt> - <dd>The location of the symbol string table that goes with - <var class="Fa">sdt_nzlist</var>.</dd> - <dt><var class="Fa">sdt_str_sz</var></dt> - <dd>The size of the string table.</dd> - <dt><var class="Fa">sdt_text_sz</var></dt> - <dd>The size of the object's text segment.</dd> - <dt><var class="Fa">sdt_plt_sz</var></dt> - <dd>The size of the Procedure Linkage Table.</dd> -</dl> -<p class="Pp">A <var class="Fa">sod</var> structure describes a shared object - that is needed to complete the link edit process of the object containing - it. A list of such objects (chained through <var class="Fa">sod_next</var>) - is pointed at by the <var class="Fa">sdt_sods</var> in the - section_dispatch_table structure.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct sod { - long sod_name; - u_int sod_library : 1, - sod_reserved : 31; - short sod_major; - short sod_minor; - long sod_next; -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">sod_name</var></dt> - <dd>The offset in the text segment of a string describing this link - object.</dd> - <dt id="lib"><var class="Fa">sod_library</var></dt> - <dd>If set, <var class="Fa">sod_name</var> specifies a library that is to be - searched for by <code class="Nm">ld.so</code>. The path name is obtained - by searching a set of directories (see also <a class="Xr">ldconfig(8)</a>) - for a shared object matching - <a class="permalink" href="#lib"><i class="Em">lib<sod_name>.so.n.m</i></a>. - If not set, <var class="Fa">sod_name</var> should point at a full path - name for the desired shared object.</dd> - <dt><var class="Fa">sod_major</var></dt> - <dd>Specifies the major version number of the shared object to load.</dd> - <dt><var class="Fa">sod_minor</var></dt> - <dd>Specifies the preferred minor version number of the shared object to - load.</dd> -</dl> -<p class="Pp" id="link">The run-time link-editor maintains a list of structures - called <a class="permalink" href="#link"><i class="Em">link maps</i></a> to - keep track of all shared objects loaded into a process' address space. These - structures are only used at run-time and do not occur within the text or - data segment of an executable or shared library.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct so_map { - caddr_t som_addr; - char *som_path; - struct so_map *som_next; - struct sod *som_sod; - caddr_t som_sodbase; - u_int som_write : 1; - struct _dynamic *som_dynamic; - caddr_t som_spd; -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">som_addr</var></dt> - <dd>The address at which the shared object associated with this link map has - been loaded.</dd> - <dt><var class="Fa">som_path</var></dt> - <dd>The full path name of the loaded object.</dd> - <dt><var class="Fa">som_next</var></dt> - <dd>Pointer to the next link map.</dd> - <dt><var class="Fa">som_sod</var></dt> - <dd>The <var class="Fa">sod</var> structure that was responsible for loading - this shared object.</dd> - <dt><var class="Fa">som_sodbase</var></dt> - <dd>Tossed out in later versions of the run-time linker.</dd> - <dt><var class="Fa">som_write</var></dt> - <dd>Set if (some portion of) this object's text segment is currently - writable.</dd> - <dt><var class="Fa">som_dynamic</var></dt> - <dd>Pointer to this object's <var class="Fa">_dynamic</var> structure.</dd> - <dt><var class="Fa">som_spd</var></dt> - <dd>Hook for attaching private data maintained by the run-time - link-editor.</dd> -</dl> -<p class="Pp">Symbol description with size. This is simply an - <var class="Fa">nlist</var> structure with one field - (<var class="Fa">nz_size</var>) added. Used to convey size information on - items in the data segment of shared objects. An array of these lives in the - shared object's text segment and is addressed by the - <var class="Fa">sdt_nzlist</var> field of - <var class="Fa">section_dispatch_table</var>.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct nzlist { - struct nlist nlist; - u_long nz_size; -#define nz_un nlist.n_un -#define nz_strx nlist.n_un.n_strx -#define nz_name nlist.n_un.n_name -#define nz_type nlist.n_type -#define nz_value nlist.n_value -#define nz_desc nlist.n_desc -#define nz_other nlist.n_other -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">nlist</var></dt> - <dd>(see <a class="Xr">nlist(3)</a>).</dd> - <dt><var class="Fa">nz_size</var></dt> - <dd>The size of the data represented by this symbol.</dd> -</dl> -<p class="Pp">A hash table is included within the text segment of shared object - to facilitate quick lookup of symbols during run-time link-editing. The - <var class="Fa">sdt_hash</var> field of the - <var class="Fa">section_dispatch_table</var> structure points at an array of - <var class="Fa">rrs_hash</var> structures:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct rrs_hash { - int rh_symbolnum; /* symbol number */ - int rh_next; /* next hash entry */ -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">rh_symbolnum</var></dt> - <dd>The index of the symbol in the shared object's symbol table (as given by - the <var class="Fa">ld_symbols</var> field).</dd> - <dt><var class="Fa">rh_next</var></dt> - <dd>In case of collisions, this field is the offset of the next entry in this - hash table bucket. It is zero for the last bucket element.</dd> -</dl> -The <var class="Fa">rt_symbol</var> structure is used to keep track of run-time - allocated commons and data items copied from shared objects. These items are - kept on linked list and is exported through the <var class="Fa">dd_cc</var> - field in the <var class="Fa">so_debug</var> structure (see below) for use by - debuggers. -<div class="Bd Pp Bd-indent Li"> -<pre>struct rt_symbol { - struct nzlist *rt_sp; - struct rt_symbol *rt_next; - struct rt_symbol *rt_link; - caddr_t rt_srcaddr; - struct so_map *rt_smp; -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">rt_sp</var></dt> - <dd>The symbol description.</dd> - <dt><var class="Fa">rt_next</var></dt> - <dd>Virtual address of next rt_symbol.</dd> - <dt><var class="Fa">rt_link</var></dt> - <dd>Next in hash bucket. Used internally by - <code class="Nm">ld.so</code>.</dd> - <dt><var class="Fa">rt_srcaddr</var></dt> - <dd>Location of the source of initialized data within a shared object.</dd> - <dt><var class="Fa">rt_smp</var></dt> - <dd>The shared object which is the original source of the data that this - run-time symbol describes.</dd> -</dl> -<p class="Pp">The <var class="Fa">so_debug</var> structure is used by debuggers - to gain knowledge of any shared objects that have been loaded in the - process's address space as a result of run-time link-editing. Since the - run-time link-editor runs as a part of process initialization, a debugger - that wishes to access symbols from shared objects can only do so after the - link-editor has been called from crt0. A dynamically linked binary contains - a <var class="Fa">so_debug</var> structure which can be located by means of - the <var class="Fa">d_debug</var> field in - <var class="Fa">_dynamic</var>.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct so_debug { - int dd_version; - int dd_in_debugger; - int dd_sym_loaded; - char *dd_bpt_addr; - int dd_bpt_shadow; - struct rt_symbol *dd_cc; -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">dd_version</var></dt> - <dd>Version number of this interface.</dd> - <dt><var class="Fa">dd_in_debugger</var></dt> - <dd>Set by the debugger to indicate to the run-time linker that the program is - run under control of a debugger.</dd> - <dt><var class="Fa">dd_sym_loaded</var></dt> - <dd>Set by the run-time linker whenever it adds symbols by loading shared - objects.</dd> - <dt><var class="Fa">dd_bpt_addr</var></dt> - <dd>The address where a breakpoint will be set by the run-time linker to - divert control to the debugger. This address is determined by the start-up - module, <span class="Pa">crt0.o</span>, to be some convenient place before - the call to _main.</dd> - <dt><var class="Fa">dd_bpt_shadow</var></dt> - <dd>Contains the original instruction that was at - <var class="Fa">dd_bpt_addr</var>. The debugger is expected to put this - instruction back before continuing the program.</dd> - <dt><var class="Fa">dd_cc</var></dt> - <dd>A pointer to the linked list of run-time allocated symbols that the - debugger may be interested in.</dd> -</dl> -<p class="Pp" id="ld_entry">The - <a class="permalink" href="#ld_entry"><i class="Em">ld_entry</i></a> - structure defines a set of service routines within - <code class="Nm">ld.so</code>.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct ld_entry { - void *(*dlopen)(char *, int); - int (*dlclose)(void *); - void *(*dlsym)(void *, char *); - char *(*dlerror)(void); -};</pre> -</div> -<p class="Pp">The <var class="Fa">crt_ldso</var> structure defines the interface - between the start-up code in crt0 and <code class="Nm">ld.so</code>.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct crt_ldso { - int crt_ba; - int crt_dzfd; - int crt_ldfd; - struct _dynamic *crt_dp; - char **crt_ep; - caddr_t crt_bp; - char *crt_prog; - char *crt_ldso; - struct ld_entry *crt_ldentry; -}; -#define CRT_VERSION_SUN 1 -#define CRT_VERSION_BSD_2 2 -#define CRT_VERSION_BSD_3 3 -#define CRT_VERSION_BSD_4 4</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">crt_ba</var></dt> - <dd>The virtual address at which <code class="Nm">ld.so</code> was loaded by - crt0.</dd> - <dt><var class="Fa">crt_dzfd</var></dt> - <dd>On SunOS systems, this field contains an open file descriptor to - “<span class="Pa">/dev/zero</span>” used to get demand paged - zeroed pages. On <span class="Ux">FreeBSD</span> systems it contains - -1.</dd> - <dt><var class="Fa">crt_ldfd</var></dt> - <dd>Contains an open file descriptor that was used by crt0 to load - <code class="Nm">ld.so</code>.</dd> - <dt><var class="Fa">crt_dp</var></dt> - <dd>A pointer to main's <var class="Fa">_dynamic</var> structure.</dd> - <dt><var class="Fa">crt_ep</var></dt> - <dd>A pointer to the environment strings.</dd> - <dt><var class="Fa">crt_bp</var></dt> - <dd>The address at which a breakpoint will be placed by the run-time linker if - the main program is run by a debugger. See - <var class="Fa">so_debug</var></dd> - <dt><var class="Fa">crt_prog</var></dt> - <dd>The name of the main program as determined by crt0 (CRT_VERSION_BSD3 - only).</dd> - <dt><var class="Fa">crt_ldso</var></dt> - <dd>The path of the run-time linker as mapped by crt0 (CRT_VERSION_BSD4 - only).</dd> -</dl> -<p class="Pp">The <var class="Fa">hints_header</var> and - <var class="Fa">hints_bucket</var> structures define the layout of the - library hints, normally found in - “<span class="Pa">/var/run/ld.so.hints</span>”, which is used - by <code class="Nm">ld.so</code> to quickly locate the shared object images - in the file system. The organization of the hints file is not unlike that of - an “a.out” object file, in that it contains a header - determining the offset and size of a table of fixed sized hash buckets and a - common string pool.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>struct hints_header { - long hh_magic; -#define HH_MAGIC 011421044151 - long hh_version; -#define LD_HINTS_VERSION_1 1 - long hh_hashtab; - long hh_nbucket; - long hh_strtab; - long hh_strtab_sz; - long hh_ehints; -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">hh_magic</var></dt> - <dd>Hints file magic number.</dd> - <dt><var class="Fa">hh_version</var></dt> - <dd>Interface version number.</dd> - <dt><var class="Fa">hh_hashtab</var></dt> - <dd>Offset of hash table.</dd> - <dt><var class="Fa">hh_strtab</var></dt> - <dd>Offset of string table.</dd> - <dt><var class="Fa">hh_strtab_sz</var></dt> - <dd>Size of strings.</dd> - <dt><var class="Fa">hh_ehints</var></dt> - <dd>Maximum usable offset in hints file.</dd> -</dl> -<div class="Bd Pp Bd-indent Li"> -<pre>/* - * Hash table element in hints file. - */ -struct hints_bucket { - int hi_namex; - int hi_pathx; - int hi_dewey[MAXDEWEY]; - int hi_ndewey; -#define hi_major hi_dewey[0] -#define hi_minor hi_dewey[1] - int hi_next; -};</pre> -</div> -<dl class="Bl-tag"> - <dt><var class="Fa">hi_namex</var></dt> - <dd>Index of the string identifying the library.</dd> - <dt><var class="Fa">hi_pathx</var></dt> - <dd>Index of the string representing the full path name of the library.</dd> - <dt><var class="Fa">hi_dewey</var></dt> - <dd>The version numbers of the shared library.</dd> - <dt><var class="Fa">hi_ndewey</var></dt> - <dd>The number of valid entries in <var class="Fa">hi_dewey</var>.</dd> - <dt><var class="Fa">hi_next</var></dt> - <dd>Next bucket in case of hashing collisions.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="CAVEATS"><a class="permalink" href="#CAVEATS">CAVEATS</a></h1> -<p class="Pp">Only the (GNU) C compiler currently supports the creation of - shared libraries. Other programming languages cannot be used.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 23, 1993</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/mailer.conf.5 3.html b/static/freebsd/man5/mailer.conf.5 3.html deleted file mode 100644 index 3957d277..00000000 --- a/static/freebsd/man5/mailer.conf.5 3.html +++ /dev/null @@ -1,127 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">MAILER.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">MAILER.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">mailer.conf</code> — - <span class="Nd">configuration file for - <a class="Xr">mailwrapper(8)</a></span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <span class="Pa">/etc/mail/mailer.conf</span> contains a - series of lines of the form</p> -<p class="Pp"><var class="Ar">name</var> <var class="Ar">program</var> - [<var class="Ar">arguments ...</var>]</p> -<p class="Pp">The first word of each line is the <var class="Ar">name</var> of a - program invoking <a class="Xr">mailwrapper(8)</a>. (For example, on a - typical system <span class="Pa">/usr/sbin/sendmail</span> would be a - symbolic link to <a class="Xr">mailwrapper(8)</a>, as would - <a class="Xr">newaliases(1)</a> and <a class="Xr">mailq(1)</a>. Thus, - <var class="Ar">name</var> might be - “<code class="Li">sendmail</code>” or - “<code class="Li">newaliases</code>” etc.)</p> -<p class="Pp">The second word of each line is the name of the - <var class="Ar">program</var> to actually execute when the first name is - invoked.</p> -<p class="Pp">The further <var class="Ar">arguments</var>, if any, are passed to - the <var class="Ar">program</var>, followed by the arguments - <a class="Xr">mailwrapper(8)</a> was called with.</p> -<p class="Pp">The file may also contain comment lines, denoted by a - ‘<code class="Li">#</code>’ mark in the first column of any - line.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag"> - <dt><span class="Pa">/etc/mail/mailer.conf</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">This example shows how to set up - <code class="Nm">mailer.conf</code> to invoke the traditional - <a class="Xr">sendmail(8)</a> program:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Execute the "real" sendmail program located in -# /usr/libexec/sendmail/sendmail -sendmail /usr/libexec/sendmail/sendmail -mailq /usr/libexec/sendmail/sendmail -newaliases /usr/libexec/sendmail/sendmail</pre> -</div> -<p class="Pp">Using <code class="Nm">Postfix</code> (from ports) to replace - <a class="Xr">sendmail(8)</a>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Emulate sendmail using postfix -sendmail /usr/local/sbin/sendmail -mailq /usr/local/sbin/sendmail -newaliases /usr/local/sbin/sendmail</pre> -</div> -<p class="Pp">Using <code class="Nm">Exim</code> (from ports) to replace - <a class="Xr">sendmail(8)</a>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Emulate sendmail using exim -sendmail /usr/local/sbin/exim -mailq /usr/local/sbin/exim -bp -newaliases /usr/bin/true -rmail /usr/local/sbin/exim -i -oee</pre> -</div> -<p class="Pp">Using <code class="Nm">mini_sendmail</code> (from ports) to - replace <a class="Xr">sendmail(8)</a>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Send outgoing mail to a smart relay using mini_sendmail -sendmail /usr/local/bin/mini_sendmail -srelayhost</pre> -</div> -<p class="Pp">Using <a class="Xr">dma(8)</a> to replace - <a class="Xr">sendmail(8)</a>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Execute dma instead of sendmail -sendmail /usr/libexec/dma -mailq /usr/libexec/dma -newaliases /usr/libexec/dma -rmail /usr/libexec/dma</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">mail(1)</a>, <a class="Xr">mailq(1)</a>, - <a class="Xr">newaliases(1)</a>, <a class="Xr">dma(8)</a>, - <a class="Xr">mailwrapper(8)</a>, <a class="Xr">sendmail(8)</a></p> -<p class="Pp"><a class="Xr">postfix(1)</a> - (<span class="Pa">ports/mail/postfix</span>), <a class="Xr">dma(8)</a> - (<span class="Pa">ports/mail/dma</span>), <a class="Xr">exim(8)</a> - (<span class="Pa">ports/mail/exim</span>), - <a class="Xr">mini_sendmail(8)</a> - (<span class="Pa">ports/mail/mini_sendmail</span>)</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp"><code class="Nm">mailer.conf</code> appeared in - <span class="Ux">NetBSD 1.4</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Perry E. Metzger</span> - <<a class="Mt" href="mailto:perry@piermont.com">perry@piermont.com</a>></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">The entire reason this program exists is a crock. Instead, a - command for how to submit mail should be standardized, and all the - "behave differently if invoked with a different name" behavior of - things like <a class="Xr">mailq(1)</a> should go away.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">December 26, 2017</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/make.conf.5 3.html b/static/freebsd/man5/make.conf.5 3.html deleted file mode 100644 index 1e631072..00000000 --- a/static/freebsd/man5/make.conf.5 3.html +++ /dev/null @@ -1,468 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">MAKE.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">MAKE.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">make.conf</code> — <span class="Nd">system - build information</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <code class="Nm">make.conf</code> contains system-wide - settings that will apply to every build using <a class="Xr">make(1)</a> and - the standard <span class="Pa">sys.mk</span> file. This is achieved as - follows: <a class="Xr">make(1)</a> processes the system makefile - <span class="Pa">sys.mk</span> before any other file by default, and - <span class="Pa">sys.mk</span> includes - <code class="Nm">make.conf</code>.</p> -<p class="Pp">The file <code class="Nm">make.conf</code> uses the standard - makefile syntax. However, <code class="Nm">make.conf</code> should not - specify any dependencies to <a class="Xr">make(1)</a>. Instead, - <code class="Nm">make.conf</code> is to set <a class="Xr">make(1)</a> - variables that control the actions of other makefiles.</p> -<p class="Pp">The default location of <code class="Nm">make.conf</code> is - <span class="Pa">/etc/make.conf</span>, though an alternative location can - be specified in the <a class="Xr">make(1)</a> variable - <var class="Va">__MAKE_CONF</var>. You may need to override the location of - <code class="Nm">make.conf</code> if the system-wide settings are not - suitable for a particular build. For instance, setting - <var class="Va">__MAKE_CONF</var> to <span class="Pa">/dev/null</span> - effectively resets all build controls to their defaults.</p> -<p class="Pp">The primary purpose of <code class="Nm">make.conf</code> is to - control the compilation of the <span class="Ux">FreeBSD</span> sources, - documentation, and ported applications, which are usually found in - <span class="Pa">/usr/src</span>, <span class="Pa">/usr/doc</span>, and - <span class="Pa">/usr/ports</span>. As a rule, the system administrator - creates <code class="Nm">make.conf</code> when the values of certain control - variables need to be changed from their defaults.</p> -<p class="Pp">The system build procedures occur in four broad areas: the world, - the kernel, documentation and ports. Variables set in - <code class="Nm">make.conf</code> may be applicable in one, two, or all four - of these areas. In addition, control variables can be specified for a - particular build via the <code class="Fl">-D</code> option of - <a class="Xr">make(1)</a> or in <a class="Xr">environ(7)</a>. In the case of - world and kernel builds it is possible to put these variables into - <a class="Xr">src.conf(5)</a> instead of <code class="Nm">make.conf</code>. - This way the environment for documentation and ports builds is not polluted - by unrelated variables.</p> -<p class="Pp">The following lists provide a name and short description for each - variable you can use during the indicated builds. The values of variables - flagged as <var class="Vt">bool</var> are ignored; the variable being set at - all (even to “<code class="Li">FALSE</code>” or - “<code class="Li">NO</code>”) causes it to be treated as if it - were set.</p> -<p class="Pp">The following list provides a name and short description for - variables that are used for all builds, or are used by the - <span class="Pa">makefiles</span> for things other than builds.</p> -<dl class="Bl-tag"> - <dt id="ALWAYS_CHECK_MAKE"><var class="Va">ALWAYS_CHECK_MAKE</var></dt> - <dd>(<var class="Vt">bool</var>) Instructs the top-level makefile in the - source tree (normally <span class="Pa">/usr/src</span>) to always check if - <a class="Xr">make(1)</a> is up-to-date. Normally this is only done for - the world and buildworld targets to handle upgrades from older versions of - <span class="Ux">FreeBSD</span>.</dd> - <dt id="CFLAGS"><var class="Va">CFLAGS</var></dt> - <dd>(<var class="Vt">str</var>) Controls the compiler setting when compiling C - code. Optimization levels other than <code class="Fl">-O</code> and - <code class="Fl">-O2</code> are not supported.</dd> - <dt id="CPUTYPE"><var class="Va">CPUTYPE</var></dt> - <dd>(<var class="Vt">str</var>) Controls which processor should be targeted - for generated code. This controls processor-specific optimizations in - certain code (currently only OpenSSL) as well as modifying the value of - <var class="Va">CFLAGS</var> and <var class="Va">COPTFLAGS</var> to - contain the appropriate optimization directive to <a class="Xr">cc(1)</a>. - To set the <var class="Va">CPUTYPE</var> value, use - “<code class="Li">?=</code>” instead of - “<code class="Li">=</code>” so that it can be overridden by - <a class="Xr">make(1)</a> targets. The automatic setting of - <var class="Va">CFLAGS</var> may be overridden using the - <var class="Va">NO_CPU_CFLAGS</var> variable. Refer to - <span class="Pa">/usr/share/examples/etc/make.conf</span> for a list of - recognized <var class="Va">CPUTYPE</var> options.</dd> - <dt id="CXXFLAGS"><var class="Va">CXXFLAGS</var></dt> - <dd>(<var class="Vt">str</var>) Controls the compiler settings when compiling - C++ code. <var class="Va">CXXFLAGS</var> is initially set to the value of - <var class="Va">CFLAGS</var>. If you want to add to the - <var class="Va">CXXFLAGS</var> value, use - “<code class="Li">+=</code>” instead of - “<code class="Li">=</code>”.</dd> - <dt id="DTC"><var class="Va">DTC</var></dt> - <dd>(<var class="Vt">str</var>) Select the compiler for DTS (Device Tree - Syntax) file. <var class="Va">DTC</var> is initially set to the value of - dtc</dd> - <dt id="INSTALL"><var class="Va">INSTALL</var></dt> - <dd>(<var class="Vt">str</var>) the default install command. To install only - files for which the target differs or does not exist, use - <div class="Bd Pp Bd-indent Li"> - <pre>INSTALL+= -C</pre> - </div> - Note that some makefiles (including those in - <span class="Pa">/usr/share/mk</span>) may hardcode options for the - supplied install command.</dd> - <dt id="LOCAL_DIRS"><var class="Va">LOCAL_DIRS</var></dt> - <dd>(<var class="Vt">str</var>) List any directories that should be entered - when doing make's in <span class="Pa">/usr/src</span> in this - variable.</dd> - <dt id="MAKE_SHELL"><var class="Va">MAKE_SHELL</var></dt> - <dd>(<var class="Vt">str</var>) Controls the shell used internally by - <a class="Xr">make(1)</a> to process the command scripts in makefiles. - <a class="Xr">sh(1)</a>, <a class="Xr">ksh(1)</a>, and - <a class="Xr">csh(1)</a> all currently supported. - <p class="Pp"></p> - <div class="Bd Bd-indent"><code class="Li">MAKE_SHELL?=sh</code></div> - </dd> - <dt id="MTREE_FOLLOWS_SYMLINKS"><var class="Va">MTREE_FOLLOWS_SYMLINKS</var></dt> - <dd>(<var class="Vt">str</var>) Set this to - “<code class="Fl">-L</code>” to cause - <a class="Xr">mtree(8)</a> to follow symlinks.</dd> - <dt id="NO_CPU_CFLAGS"><var class="Va">NO_CPU_CFLAGS</var></dt> - <dd>(<var class="Vt">str</var>) Setting this variable will prevent CPU - specific compiler flags from being automatically added to - <var class="Va">CFLAGS</var> during compile time.</dd> -</dl> -<section class="Ss"> -<h2 class="Ss" id="BUILDING_THE_KERNEL"><a class="permalink" href="#BUILDING_THE_KERNEL">BUILDING - THE KERNEL</a></h2> -<p class="Pp">The following list provides a name and short description for - variables that are only used doing a kernel build:</p> -<dl class="Bl-tag"> - <dt id="BOOTWAIT"><var class="Va">BOOTWAIT</var></dt> - <dd>(<var class="Vt">int</var>) Controls the amount of time the kernel waits - for a console keypress before booting the default kernel. The value is - approximately milliseconds. Keypresses are accepted by the BIOS before - booting from disk, making it possible to give custom boot parameters even - when this is set to 0.</dd> - <dt id="COPTFLAGS"><var class="Va">COPTFLAGS</var></dt> - <dd>(<var class="Vt">str</var>) Controls the compiler settings when building - the kernel. Optimization levels above [<code class="Fl">-O</code> - (<code class="Fl">-O2</code>, <span class="No">...</span>)] are not - guaranteed to work.</dd> - <dt id="KERNCONF"><var class="Va">KERNCONF</var></dt> - <dd>(<var class="Vt">str</var>) Controls which kernel configurations will be - built by “<code class="Li">${MAKE} buildkernel</code>” and - installed by “<code class="Li">${MAKE} - installkernel</code>”. For example, - <div class="Bd Pp Bd-indent Li"> - <pre>KERNCONF=MINE DEBUG GENERIC OTHERMACHINE</pre> - </div> - <p class="Pp">will build the kernels specified by the config files - <span class="Pa">MINE</span>, <span class="Pa">DEBUG</span>, - <span class="Pa">GENERIC</span>, and - <span class="Pa">OTHERMACHINE</span>, and install the kernel specified - by the config file <span class="Pa">MINE</span>. It defaults to - <span class="Pa">GENERIC</span>.</p> - </dd> - <dt id="MODULES_OVERRIDE"><var class="Va">MODULES_OVERRIDE</var></dt> - <dd>(<var class="Vt">str</var>) Set to a list of modules to build instead of - all of them.</dd> - <dt id="NO_KERNELCLEAN"><var class="Va">NO_KERNELCLEAN</var></dt> - <dd>(<var class="Vt">bool</var>) Set this to skip running - “<code class="Li">${MAKE} clean</code>” during - “<code class="Li">${MAKE} buildkernel</code>”.</dd> - <dt id="NO_KERNELCONFIG"><var class="Va">NO_KERNELCONFIG</var></dt> - <dd>(<var class="Vt">bool</var>) Set this to skip running - <a class="Xr">config(8)</a> during “<code class="Li">${MAKE} - buildkernel</code>”.</dd> - <dt id="NO_KERNELOBJ"><var class="Va">NO_KERNELOBJ</var></dt> - <dd>(<var class="Vt">bool</var>) Set this to skip running - “<code class="Li">${MAKE} obj</code>” during - “<code class="Li">${MAKE} buildkernel</code>”.</dd> - <dt id="NO_MODULES"><var class="Va">NO_MODULES</var></dt> - <dd>(<var class="Vt">bool</var>) Set to not build modules with the - kernel.</dd> - <dt id="PORTS_MODULES"><var class="Va">PORTS_MODULES</var></dt> - <dd>Set this to the list of ports you wish to rebuild every time the kernel is - built.</dd> - <dt id="WITHOUT_MODULES"><var class="Va">WITHOUT_MODULES</var></dt> - <dd>(<var class="Vt">str</var>) Set to a list of modules to exclude from the - build. This provides a somewhat easier way to exclude modules you are - certain you will never need than specifying - <var class="Va">MODULES_OVERRIDE</var>. This is applied - <a class="permalink" href="#after"><i class="Em" id="after">after</i></a> - <var class="Va">MODULES_OVERRIDE</var>.</dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="BUILDING_THE_WORLD"><a class="permalink" href="#BUILDING_THE_WORLD">BUILDING - THE WORLD</a></h2> -<p class="Pp">The following list provides a name and short description for - variables that are used during the world build:</p> -<dl class="Bl-tag"> - <dt id="BOOT_COMCONSOLE_PORT"><var class="Va">BOOT_COMCONSOLE_PORT</var></dt> - <dd>(<var class="Vt">str</var>) The port address to use for the console if the - boot blocks have been configured to use a serial console instead of the - keyboard/video card.</dd> - <dt id="BOOT_COMCONSOLE_SPEED"><var class="Va">BOOT_COMCONSOLE_SPEED</var></dt> - <dd>(<var class="Vt">int</var>) The baud rate to use for the console if the - boot blocks have been configured to use a serial console instead of the - keyboard/video card.</dd> - <dt id="BOOT_PXELDR_ALWAYS_SERIAL"><var class="Va">BOOT_PXELDR_ALWAYS_SERIAL</var></dt> - <dd>(<var class="Vt">bool</var>) Compile in the code into - <a class="Xr">pxeboot(8)</a> that forces the use of a serial console. This - is analogous to the <code class="Fl">-h</code> option in - <a class="Xr">boot(8)</a> blocks.</dd> - <dt id="BOOT_PXELDR_PROBE_KEYBOARD"><var class="Va">BOOT_PXELDR_PROBE_KEYBOARD</var></dt> - <dd>(<var class="Vt">bool</var>) Compile in the code into - <a class="Xr">pxeboot(8)</a> that probes the keyboard. If no keyboard is - found, boot with the dual console configuration. This is analogous to the - <code class="Fl">-D</code> option in <a class="Xr">boot(8)</a> - blocks.</dd> - <dt id="ENABLE_SUID_K5SU"><var class="Va">ENABLE_SUID_K5SU</var></dt> - <dd>(<var class="Vt">bool</var>) Set this if you wish to use the ksu utility. - Otherwise, it will be installed without the set-user-ID bit set.</dd> - <dt id="ENABLE_SUID_NEWGRP"><var class="Va">ENABLE_SUID_NEWGRP</var></dt> - <dd>(<var class="Vt">bool</var>) Set this to install - <a class="Xr">newgrp(1)</a> with the set-user-ID bit set. Otherwise, - <a class="Xr">newgrp(1)</a> will not be able to change users' groups.</dd> - <dt id="LOADER_TFTP_SUPPORT"><var class="Va">LOADER_TFTP_SUPPORT</var></dt> - <dd>(<var class="Vt">bool</var>) By default the <a class="Xr">pxeboot(8)</a> - loader retrieves the kernel via NFS. Defining this and recompiling - <span class="Pa">/usr/src/stand</span> will cause it to retrieve the - kernel via TFTP. This allows <a class="Xr">pxeboot(8)</a> to load a custom - BOOTP diskless kernel yet still mount the server's - <span class="Pa">/</span> rather than load the server's kernel.</dd> - <dt id="LOADER_FIREWIRE_SUPPORT"><var class="Va">LOADER_FIREWIRE_SUPPORT</var></dt> - <dd>(<var class="Vt">bool</var>) Defining this and recompiling - <span class="Pa">/usr/src/stand/i386</span> will add - <a class="Xr">dcons(4)</a> console driver to <a class="Xr">loader(8)</a> - and allow access over FireWire(IEEE1394) using - <a class="Xr">dconschat(8)</a>. Currently, only i386 and amd64 are - supported.</dd> - <dt id="MAN_ARCH"><var class="Va">MAN_ARCH</var></dt> - <dd>(<var class="Vt">str</var>) Space-delimited list of one or more MACHINE - and/or MACHINE_ARCH values for which section 4 man pages will be - installed. The special value ‘all’ installs all available - architectures. It is also the default value.</dd> - <dt id="MODULES_WITH_WORLD"><var class="Va">MODULES_WITH_WORLD</var></dt> - <dd>(<var class="Vt">bool</var>) Set to build modules with the system instead - of the kernel.</dd> - <dt id="NO_CLEAN"><var class="Va">NO_CLEAN</var></dt> - <dd>(<var class="Vt">bool</var>) Set this to disable cleaning during - “<code class="Li">make buildworld</code>”. This should not - be set unless you know what you are doing.</dd> - <dt id="NO_CLEANDIR"><var class="Va">NO_CLEANDIR</var></dt> - <dd>(<var class="Vt">bool</var>) Set this to run - “<code class="Li">${MAKE} clean</code>” instead of - “<code class="Li">${MAKE} cleandir</code>”.</dd> - <dt id="WITH_MANCOMPRESS"><var class="Va">WITH_MANCOMPRESS</var></dt> - <dd>(<var class="Vt">defined</var>) Set to install manual pages - compressed.</dd> - <dt id="WITHOUT_MANCOMPRESS"><var class="Va">WITHOUT_MANCOMPRESS</var></dt> - <dd>(<var class="Vt">defined</var>) Set to install manual pages - uncompressed.</dd> - <dt id="NO_SHARE"><var class="Va">NO_SHARE</var></dt> - <dd>(<var class="Vt">bool</var>) Set to not build in the - <span class="Pa">share</span> subdir.</dd> - <dt id="NO_SHARED"><var class="Va">NO_SHARED</var></dt> - <dd>(<var class="Vt">bool</var>) Set to build <span class="Pa">/bin</span> and - <span class="Pa">/sbin</span> statically linked, this can be bad. If set, - every utility that uses <span class="Pa">bsd.prog.mk</span> will be linked - statically.</dd> - <dt id="PKG_REPO_SIGNING_KEY"><var class="Va">PKG_REPO_SIGNING_KEY</var></dt> - <dd>(<var class="Vt">str</var>) Path to rsa private key passed to - <a class="Xr">pkg-repo(8)</a> to sign packages created when building the - <var class="Ar">packages</var> target, i.e.: pkgbase. The variable is - named the same in <a class="Xr">poudriere(8)</a> so it will automatically - be picked up when building pkgbase with poudriere.</dd> - <dt id="PPP_NO_NAT"><var class="Va">PPP_NO_NAT</var></dt> - <dd>(<var class="Vt">bool</var>) Build <a class="Xr">ppp(8)</a> without - support for network address translation (NAT).</dd> - <dt id="PPP_NO_NETGRAPH"><var class="Va">PPP_NO_NETGRAPH</var></dt> - <dd>(<var class="Vt">bool</var>) Set to build <a class="Xr">ppp(8)</a> without - support for Netgraph.</dd> - <dt id="PPP_NO_RADIUS"><var class="Va">PPP_NO_RADIUS</var></dt> - <dd>(<var class="Vt">bool</var>) Set to build <a class="Xr">ppp(8)</a> without - support for RADIUS.</dd> - <dt id="PPP_NO_SUID"><var class="Va">PPP_NO_SUID</var></dt> - <dd>(<var class="Vt">bool</var>) Set to disable the installation of - <a class="Xr">ppp(8)</a> as a set-user-ID root program.</dd> - <dt id="SENDMAIL_ADDITIONAL_MC"><var class="Va">SENDMAIL_ADDITIONAL_MC</var></dt> - <dd>(<var class="Vt">str</var>) Additional <span class="Pa">.mc</span> files - which should be built into <span class="Pa">.cf</span> files at build - time. The value should include the full path to the - <span class="Pa">.mc</span> file(s), e.g., - <span class="Pa">/etc/mail/foo.mc</span>, - <span class="Pa">/etc/mail/bar.mc</span>.</dd> - <dt id="SENDMAIL_ALIASES"><var class="Va">SENDMAIL_ALIASES</var></dt> - <dd>(<var class="Vt">str</var>) List of <a class="Xr">aliases(5)</a> files to - rebuild when using <span class="Pa">/etc/mail/Makefile</span>. The default - value is <span class="Pa">/etc/mail/aliases</span>.</dd> - <dt id="SENDMAIL_CFLAGS"><var class="Va">SENDMAIL_CFLAGS</var></dt> - <dd>(<var class="Vt">str</var>) Flags to pass to the compile command when - building <a class="Xr">sendmail(8)</a>. The - <var class="Va">SENDMAIL_*</var> flags can be used to provide SASL support - with setting such as: - <div class="Bd Pp Bd-indent Li"> - <pre>SENDMAIL_CFLAGS=-I/usr/local/include -DSASL -SENDMAIL_LDFLAGS=-L/usr/local/lib -SENDMAIL_LDADD=-lsasl</pre> - </div> - </dd> - <dt id="SENDMAIL_CF_DIR"><var class="Va">SENDMAIL_CF_DIR</var></dt> - <dd>(<var class="Vt">str</var>) Override the default location for the - <a class="Xr">m4(1)</a> configuration files used to build a - <span class="Pa">.cf</span> file from a <span class="Pa">.mc</span> - file.</dd> - <dt id="SENDMAIL_DPADD"><var class="Va">SENDMAIL_DPADD</var></dt> - <dd>(<var class="Vt">str</var>) Extra dependencies to add when building - <a class="Xr">sendmail(8)</a>.</dd> - <dt id="SENDMAIL_LDADD"><var class="Va">SENDMAIL_LDADD</var></dt> - <dd>(<var class="Vt">str</var>) Flags to add to the end of the - <a class="Xr">ld(1)</a> command when building - <a class="Xr">sendmail(8)</a>.</dd> - <dt id="SENDMAIL_LDFLAGS"><var class="Va">SENDMAIL_LDFLAGS</var></dt> - <dd>(<var class="Vt">str</var>) Flags to pass to the <a class="Xr">ld(1)</a> - command when building <a class="Xr">sendmail(8)</a>.</dd> - <dt id="SENDMAIL_M4_FLAGS"><var class="Va">SENDMAIL_M4_FLAGS</var></dt> - <dd>(<var class="Vt">str</var>) Flags passed to <a class="Xr">m4(1)</a> when - building a <span class="Pa">.cf</span> file from a - <span class="Pa">.mc</span> file.</dd> - <dt id="SENDMAIL_MAP_PERMS"><var class="Va">SENDMAIL_MAP_PERMS</var></dt> - <dd>(<var class="Vt">str</var>) Mode to use when generating alias and map - database files using <span class="Pa">/etc/mail/Makefile</span>. The - default value is 0640.</dd> - <dt id="SENDMAIL_MAP_SRC"><var class="Va">SENDMAIL_MAP_SRC</var></dt> - <dd>(<var class="Vt">str</var>) Additional maps to rebuild when using - <span class="Pa">/etc/mail/Makefile</span>. The - <span class="Pa">access</span>, <span class="Pa">bitdomain</span>, - <span class="Pa">domaintable</span>, - <span class="Pa">genericstable</span>, - <span class="Pa">mailertable</span>, <span class="Pa">uucpdomain</span>, - and <span class="Pa">virtusertable</span> maps are always rebuilt if they - exist.</dd> - <dt id="SENDMAIL_MAP_TYPE"><var class="Va">SENDMAIL_MAP_TYPE</var></dt> - <dd>(<var class="Vt">str</var>) Database map type to use when generating map - database files using <span class="Pa">/etc/mail/Makefile</span>. The - default value is hash. The alternative is btree.</dd> - <dt id="SENDMAIL_MC"><var class="Va">SENDMAIL_MC</var></dt> - <dd>(<var class="Vt">str</var>) The default <a class="Xr">m4(1)</a> - configuration file to use at install time. The value should include the - full path to the <span class="Pa">.mc</span> file, e.g., - <span class="Pa">/etc/mail/myconfig.mc</span>. Use with caution as a make - install will overwrite any existing - <span class="Pa">/etc/mail/sendmail.cf</span>. Note that - <var class="Va">SENDMAIL_CF</var> is deprecated.</dd> - <dt id="SENDMAIL_SET_USER_ID"><var class="Va">SENDMAIL_SET_USER_ID</var></dt> - <dd>(<var class="Vt">bool</var>) If set, install <a class="Xr">sendmail(8)</a> - as a set-user-ID root binary instead of a set-group-ID binary and do not - install <span class="Pa">/etc/mail/submit.{cf,mc}</span>. Use of this flag - is not recommended and the alternative advice in - <span class="Pa">/etc/mail/README</span> should be followed instead if at - all possible.</dd> - <dt id="SENDMAIL_START_SCRIPT"><var class="Va">SENDMAIL_START_SCRIPT</var></dt> - <dd>(<var class="Vt">str</var>) The script used by - <span class="Pa">/etc/mail/Makefile</span> to start, stop, and restart - <a class="Xr">sendmail(8)</a>. The default value is - <span class="Pa">/etc/rc.d/sendmail</span>.</dd> - <dt id="SENDMAIL_SUBMIT_MC"><var class="Va">SENDMAIL_SUBMIT_MC</var></dt> - <dd>(<var class="Vt">str</var>) The default <a class="Xr">m4(1)</a> - configuration file for mail submission to use at install time. The value - should include the full path to the <span class="Pa">.mc</span> file, - e.g., <span class="Pa">/etc/mail/mysubmit.mc</span>. Use with caution as a - make install will overwrite any existing - <span class="Pa">/etc/mail/submit.cf</span>.</dd> - <dt id="TOP_TABLE_SIZE"><var class="Va">TOP_TABLE_SIZE</var></dt> - <dd>(<var class="Vt">int</var>) <a class="Xr">top(1)</a> uses a hash table for - the user names. The size of this hash can be tuned to match the number of - local users. The table size should be a prime number approximately twice - as large as the number of lines in <span class="Pa">/etc/passwd</span>. - The default number is 20011.</dd> - <dt id="WANT_FORCE_OPTIMIZATION_DOWNGRADE"><var class="Va">WANT_FORCE_OPTIMIZATION_DOWNGRADE</var></dt> - <dd>(<var class="Vt">int</var>) Causes the system compiler to be built such - that it forces high optimization levels to a lower one. - <a class="Xr">cc(1)</a> <code class="Fl">-O2</code> and above is known to - trigger known optimizer bugs at various times. The value assigned is the - highest optimization value used.</dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="BUILDING_DOCUMENTATION"><a class="permalink" href="#BUILDING_DOCUMENTATION">BUILDING - DOCUMENTATION</a></h2> -<p class="Pp">The following list provides a name and short description for - variables that are used when building documentation.</p> -<dl class="Bl-tag"> - <dt id="DOC_LANG"><var class="Va">DOC_LANG</var></dt> - <dd>(<var class="Vt">str</var>) The list of languages to build and install - when building documentation in <span class="Pa">/usr/doc</span>.</dd> - <dt id="PRINTERDEVICE"><var class="Va">PRINTERDEVICE</var></dt> - <dd>(<var class="Vt">str</var>) The default format for system documentation in - <span class="Pa">/usr/src/share/doc</span>, depends on your printer. This - can be set to “<code class="Li">ascii</code>” for simple - printers, or “<code class="Li">ps</code>” for postscript or - graphics printers with a ghostscript filter, or both.</dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="BUILDING_PORTS"><a class="permalink" href="#BUILDING_PORTS">BUILDING - PORTS</a></h2> -<p class="Pp">Several make variables can be set that affect the building of - ports. These variables and their effects are documented in - <a class="Xr">ports(7)</a>, <span class="Pa">${PORTSDIR}/Mk/*</span> and the - <span class="Ux">FreeBSD</span> Porter's Handbook.</p> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/make.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/doc/Makefile</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/ports/Makefile</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/share/examples/etc/make.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/share/mk/sys.mk</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/src/Makefile</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/src/Makefile.inc1</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">cc(1)</a>, <a class="Xr">install(1)</a>, - <a class="Xr">make(1)</a>, <a class="Xr">src.conf(5)</a>, - <a class="Xr">style.Makefile(5)</a>, <a class="Xr">environ(7)</a>, - <a class="Xr">ports(7)</a>, <a class="Xr">sendmail(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">make.conf</code> file appeared sometime - before <span class="Ux">FreeBSD 4.0</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Mike W. - Meyer</span> - <<a class="Mt" href="mailto:mwm@mired.org">mwm@mired.org</a>>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="CAVEATS"><a class="permalink" href="#CAVEATS">CAVEATS</a></h1> -<p class="Pp">Note, that <code class="Ev">MAKEOBJDIRPREFIX</code> and - <code class="Ev">MAKEOBJDIR</code> are environment variables and should not - be set in <code class="Nm">make.conf</code> or as command line arguments to - <a class="Xr">make(1)</a>, but in make's environment.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">This manual page may occasionally be out of date with respect to - the options currently available for use in - <code class="Nm">make.conf</code>. Please check the - <span class="Pa">/usr/share/examples/etc/make.conf</span> file for the - latest options which are available.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 15, 2022</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/moduli.5 3.html b/static/freebsd/man5/moduli.5 3.html deleted file mode 100644 index 75c76048..00000000 --- a/static/freebsd/man5/moduli.5 3.html +++ /dev/null @@ -1,105 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">MODULI(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">MODULI(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">moduli</code> — - <span class="Nd">Diffie-Hellman moduli</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <span class="Pa">/etc/ssh/moduli</span> file contains prime - numbers and generators for use by <a class="Xr">sshd(8)</a> in the - Diffie-Hellman Group Exchange key exchange method.</p> -<p class="Pp" id="candidate">New moduli may be generated with - <a class="Xr">ssh-keygen(1)</a> using a two-step process. An initial - <a class="permalink" href="#candidate"><i class="Em">candidate - generation</i></a> pass, using <code class="Ic">ssh-keygen -G</code>, - calculates numbers that are likely to be useful. A second - <a class="permalink" href="#primality"><i class="Em" id="primality">primality - testing</i></a> pass, using <code class="Ic">ssh-keygen -T</code>, provides - a high degree of assurance that the numbers are prime and are safe for use - in Diffie-Hellman operations by <a class="Xr">sshd(8)</a>. This - <code class="Nm">moduli</code> format is used as the output from each - pass.</p> -<p class="Pp">The file consists of newline-separated records, one per modulus, - containing seven space-separated fields. These fields are as follows:</p> -<div class="Bd-indent"> -<dl class="Bl-tag"> - <dt>timestamp</dt> - <dd>The time that the modulus was last processed as YYYYMMDDHHMMSS.</dd> - <dt>type</dt> - <dd>Decimal number specifying the internal structure of the prime modulus. - Supported types are: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt>0</dt> - <dd>Unknown, not tested.</dd> - <dt>2</dt> - <dd>"Safe" prime; (p-1)/2 is also prime.</dd> - <dt>4</dt> - <dd>Sophie Germain; 2p+1 is also prime.</dd> - </dl> - <p class="Pp">Moduli candidates initially produced by - <a class="Xr">ssh-keygen(1)</a> are Sophie Germain primes (type 4). - Further primality testing with <a class="Xr">ssh-keygen(1)</a> produces - safe prime moduli (type 2) that are ready for use in - <a class="Xr">sshd(8)</a>. Other types are not used by OpenSSH.</p> - </dd> - <dt>tests</dt> - <dd>Decimal number indicating the type of primality tests that the number has - been subjected to represented as a bitmask of the following values: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt>0x00</dt> - <dd>Not tested.</dd> - <dt>0x01</dt> - <dd>Composite number – not prime.</dd> - <dt>0x02</dt> - <dd>Sieve of Eratosthenes.</dd> - <dt>0x04</dt> - <dd>Probabilistic Miller-Rabin primality tests.</dd> - </dl> - <p class="Pp">The <a class="Xr">ssh-keygen(1)</a> moduli candidate - generation uses the Sieve of Eratosthenes (flag 0x02). Subsequent - <a class="Xr">ssh-keygen(1)</a> primality tests are Miller-Rabin tests - (flag 0x04).</p> - </dd> - <dt>trials</dt> - <dd>Decimal number indicating the number of primality trials that have been - performed on the modulus.</dd> - <dt>size</dt> - <dd>Decimal number indicating the size of the prime in bits.</dd> - <dt>generator</dt> - <dd>The recommended generator for use with this modulus (hexadecimal).</dd> - <dt>modulus</dt> - <dd>The modulus itself in hexadecimal.</dd> -</dl> -</div> -<p class="Pp">When performing Diffie-Hellman Group Exchange, - <a class="Xr">sshd(8)</a> first estimates the size of the modulus required - to produce enough Diffie-Hellman output to sufficiently key the selected - symmetric cipher. <a class="Xr">sshd(8)</a> then randomly selects a modulus - from <var class="Fa">/etc/ssh/moduli</var> that best meets the size - requirement.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">ssh-keygen(1)</a>, <a class="Xr">sshd(8)</a></p> -<p class="Pp"><cite class="Rs"><span class="RsT">Diffie-Hellman Group Exchange - for the Secure Shell (SSH) Transport Layer Protocol</span>, - <span class="RsR">RFC 4419</span>, <span class="RsD">2006</span>.</cite></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">July 19, 2012</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/motd.5 4.html b/static/freebsd/man5/motd.5 4.html deleted file mode 100644 index 0f47d19a..00000000 --- a/static/freebsd/man5/motd.5 4.html +++ /dev/null @@ -1,68 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">MOTD(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">MOTD(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">motd</code> — <span class="Nd">file - containing message(s) of the day</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <span class="Pa">/var/run/motd</span> is normally - displayed by <a class="Xr">login(1)</a> after a user has logged in but - before the shell is run. It is generally used for important system-wide - announcements. During system startup, a line containing the kernel version - string is prepended to <span class="Pa">/etc/motd.template</span> and the - contents are written to <span class="Pa">/var/run/motd</span>.</p> -<p class="Pp"><span class="Pa">/var/run/motd</span> can be updated without a - system reboot by manually restarting the motd service after updating - <span class="Pa">/etc/motd.template</span>:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">service motd restart</code></div> -<p class="Pp">Individual users may suppress the display of this file by creating - a file named “<span class="Pa">.hushlogin</span>” in their - home directories or through <a class="Xr">login.conf(5)</a>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/motd</span></dt> - <dd>Symbolic link to <span class="Pa">/var/run/motd</span>.</dd> - <dt><span class="Pa">/etc/motd.template</span></dt> - <dd>The template file that system administrators can edit.</dd> - <dt><span class="Pa">/var/run/motd</span></dt> - <dd>The message of the day.</dd> - <dt><span class="Pa">$HOME/.hushlogin</span></dt> - <dd>Suppresses output of <span class="Pa">/var/run/motd</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<div class="Bd Li"> -<pre>FreeBSD 12.1-RELEASE (GENERIC) #0: Sun Dec 29 03:08:31 PST 2019 - -/home is full. Please cleanup your directories.</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">login(1)</a>, <a class="Xr">login.conf(5)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">Prior to <span class="Ux">FreeBSD 13.0</span>, - <code class="Nm">motd</code> lived in <span class="Pa">/etc</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">December 14, 2024</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/mount.conf.5 3.html b/static/freebsd/man5/mount.conf.5 3.html deleted file mode 100644 index f1004644..00000000 --- a/static/freebsd/man5/mount.conf.5 3.html +++ /dev/null @@ -1,185 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">MOUNT.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">MOUNT.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">mount.conf</code> — <span class="Nd">root - file system mount configuration file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><span class="Pa">/.mount.conf</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">During the bootup process, the <span class="Ux">FreeBSD</span> - kernel will try to mount the root file system using the logic in the - <a class="permalink" href="#vfs_mountroot"><code class="Fn" id="vfs_mountroot">vfs_mountroot</code></a>() - function in <span class="Pa">src/sys/kern/vfs_mountroot.c</span>. The root - mount logic can be described as follows:</p> -<ol class="Bl-enum"> - <li id="vfs_mountroot_conf0">The kernel will synthesize in memory a config - file with default directives for mounting the root file system. The logic - for this is in - <a class="permalink" href="#vfs_mountroot_conf0"><code class="Fn">vfs_mountroot_conf0</code></a>().</li> - <li>The kernel will first mount <a class="Xr">devfs(4)</a> as the root file - system.</li> - <li>Next, the kernel will parse the in-memory config file created in step 1 - and try to mount the actual root file system. See - <a class="Sx" href="#FILE_FORMAT">FILE FORMAT</a> for the format of the - config file.</li> - <li>When the actual root file system is mounted, <a class="Xr">devfs(4)</a> - will be re-mounted on the <span class="Pa">/dev</span> directory.</li> - <li>If a <span class="Pa">/.mount.conf</span> file does not exist in the root - file system which was just mounted, the root mount logic stops here.</li> - <li>If a <span class="Pa">/.mount.conf</span> file exists in the root file - system which was just mounted, this file will be parsed, and the kernel - will use this new config file to try to re-mount the root file system. See - <a class="Sx" href="#FILE_FORMAT">FILE FORMAT</a> for the format of the - config file.</li> - <li>If the new root file system has a <span class="Pa">/.mount</span> - directory, the old root file system will be re-mounted on - <span class="Pa">/.mount</span>.</li> - <li>The root mount logic will go back to step 4.</li> -</ol> -<p class="Pp">The root mount logic is recursive, and step 8 will be repeated as - long as each new root file system which is mounted has a - <span class="Pa">/.mount.conf</span> file.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILE_FORMAT"><a class="permalink" href="#FILE_FORMAT">FILE - FORMAT</a></h1> -<p class="Pp">The kernel parses each line in <span class="Pa">.mount.conf</span> - and then tries to perform the action specified on that line as soon as it is - parsed.</p> -<dl class="Bl-tag"> - <dt id="_"><a class="permalink" href="#_"><code class="Ic">#</code></a></dt> - <dd>A line beginning with a # is a comment and is ignored.</dd> - <dt id="_FS_:_MOUNTPOINT_"><a class="permalink" href="#_FS_:_MOUNTPOINT_"><code class="Ic">{FS}:{MOUNTPOINT} - {OPTIONS}</code></a></dt> - <dd>The kernel will try to mount this in an operation equivalent to: - <div class="Bd Pp Bd-indent Li"> - <pre>mount -t {FS} -o {OPTIONS} {MOUNTPOINT} /</pre> - </div> - <p class="Pp">If this is successfully mounted, further lines in - <span class="Pa">.mount.conf</span> are ignored. If all lines in - <span class="Pa">.mount.conf</span> have been processed and no root file - system has been successfully mounted, then the action specified by - <code class="Ic">.onfail</code> is performed.</p> - </dd> - <dt id=".ask"><a class="permalink" href="#.ask"><code class="Ic">.ask</code></a></dt> - <dd>When the kernel processes this line, a - <code class="Li">mountroot></code> command-line prompt is displayed. At - this prompt, the operator can enter the root mount.</dd> - <dt id=".md"><a class="permalink" href="#.md"><code class="Ic">.md</code></a> - <var class="Ar">file</var></dt> - <dd>Create a memory backed <a class="Xr">md(4)</a> virtual disk, using - <var class="Ar">file</var> as the backing store.</dd> - <dt id=".onfail"><a class="permalink" href="#.onfail"><code class="Ic">.onfail</code></a> - <var class="Ar">[panic|reboot|retry|continue]</var></dt> - <dd>If after parsing all the lines in <span class="Pa">.mount.conf</span> the - kernel is unable to mount a root file system, the - <code class="Ic">.onfail</code> directive tells the kernel what action to - perform.</dd> - <dt id=".timeout"><a class="permalink" href="#.timeout"><code class="Ic">.timeout</code></a> - <var class="Ar">N</var></dt> - <dd>Before trying to mount a root file system, if the root mount device does - not exist, wait at most <var class="Ar">N</var> seconds for the device to - appear before trying to mount it. If <code class="Ic">.timeout</code> is - not specified, the default timeout is 3 seconds.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">The following example <span class="Pa">.mount.conf</span> will - direct the kernel to try mounting the root file system first as an ISO - CD9660 file system on <span class="Pa">/dev/cd0</span>, then if that does - not work, as an ISO CD9660 file system on <span class="Pa">/dev/cd1</span>, - and then if that does not work, as a UFS file system on - <span class="Pa">/dev/ada0s1a</span>. If that does not work, a - <code class="Li">mountroot></code> command-line prompt will be displayed - where the operator can manually enter the root file system to mount. Finally - if that does not work, the kernel will panic.</p> -<div class="Bd Pp Bd-indent Li"> -<pre><code class="Li">.onfail panic</code> -<code class="Li">.timeout 3</code> -cd9660:/dev/cd0 ro -<code class="Li">.timeout 0</code> -cd9660:/dev/cd1 ro -<code class="Li">.timeout 3</code> -ufs:/dev/ada0s1a -<code class="Li">.ask</code></pre> -</div> -<p class="Pp">The following example <span class="Pa">.mount.conf</span> will - direct the kernel to create a <a class="Xr">md(4)</a> memory disk attached - to the file <span class="Pa">/data/OS-1.0.iso</span> and then mount the ISO - CD9660 file system on the md device which was just created. The last line is - a comment which is ignored.</p> -<div class="Bd Pp Bd-indent Li"> -<pre><code class="Li">.timeout 3</code> -<code class="Li">.md /data/OS-1.0.iso</code> -<code class="Li">cd9600:/dev/md# ro</code> -<code class="Li"># Can also use cd9660:/dev/md0 ro</code></pre> -</div> -<p class="Pp">The following example <span class="Pa">.mount.conf</span> will - direct the kernel to create a <a class="Xr">md(4)</a> memory disk attached - to the file <span class="Pa">/data/base.ufs.uzip</span> and then mount the - UFS file system on the md uzip device which was just created by the - <a class="Xr">geom_uzip(4)</a> driver.</p> -<div class="Bd Pp Bd-indent Li"> -<pre><code class="Li">.md /data/base.ufs.uzip</code> -<code class="Li">ufs:/dev/md#.uzip ro</code> -<code class="Li"># Can also use ufs:/dev/md0.uzip ro</code></pre> -</div> -<p class="Pp">The following example <span class="Pa">.mount.conf</span> will - direct the kernel to do a unionfs mount on a directory - <span class="Pa">/jail/freebsd-8-stable</span> which has a - <a class="Xr">chroot(2)</a> environment.</p> -<div class="Bd Pp Bd-indent Li"> -<pre><code class="Li">.timeout 3</code> -<code class="Li">unionfs:/jail/freebsd-8-stable</code></pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="NOTES"><a class="permalink" href="#NOTES">NOTES</a></h1> -<p class="Pp">For each root file system which is mounted, a - <span class="Pa">/dev</span> directory - <a class="permalink" href="#must"><i class="Em" id="must">must</i></a> exist - so that the root mount logic can properly re-mount - <a class="Xr">devfs(4)</a>. If this directory does not exist, the system may - hang during the bootup process.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">nmount(2)</a>, <a class="Xr">md(4)</a>, - <a class="Xr">boot.config(5)</a>, <a class="Xr">fstab(5)</a>, - <a class="Xr">boot(8)</a>, <a class="Xr">loader(8)</a>, - <a class="Xr">mount(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">mount.conf</code> file first appeared in - <span class="Ux">FreeBSD 9.0</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">The root mount logic in the <span class="Ux">FreeBSD</span> kernel - which parses <span class="Pa">/.mount.conf</span> was written by - <span class="An">Marcel Moolenaar</span> - <<a class="Mt" href="mailto:marcel@FreeBSD.org">marcel@FreeBSD.org</a>>. - This man page was written by <span class="An">Craig Rodrigues</span> - <<a class="Mt" href="mailto:rodrigc@FreeBSD.org">rodrigc@FreeBSD.org</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 17, 2013</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/networks.5 4.html b/static/freebsd/man5/networks.5 4.html deleted file mode 100644 index 329d1a20..00000000 --- a/static/freebsd/man5/networks.5 4.html +++ /dev/null @@ -1,65 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">NETWORKS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">NETWORKS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">networks</code> — <span class="Nd">network - name data base</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">networks</code> file contains information - regarding the known networks which comprise the DARPA Internet. For each - network a single line should be present with the following information:</p> -<div class="Bd Pp Bd-indent"> -<pre>official network name -network number -aliases</pre> -</div> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A ``#'' indicates the beginning of a comment; characters up to the end of - the line are not interpreted by routines which search the file. This file is - normally created from the official network data base maintained at the - Network Information Control Center (NIC), though local changes may be - required to bring it up to date regarding unofficial aliases and/or unknown - networks.</p> -<p class="Pp">Network numbers may be specified in the conventional ``.'' (dot) - notation using the <a class="Xr">inet_network(3)</a> routine from the - Internet address manipulation library, <a class="Xr">inet(3)</a>. Network - names may contain any printable character other than a field delimiter, - newline, or comment character.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/networks</span></dt> - <dd>The <code class="Nm">networks</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">getnetent(3)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">networks</code> file format appeared in - <span class="Ux">4.2BSD</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">A name server should be used instead of a static file.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 5, 1993</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/nsmb.conf.5 3.html b/static/freebsd/man5/nsmb.conf.5 3.html deleted file mode 100644 index 9a525ae5..00000000 --- a/static/freebsd/man5/nsmb.conf.5 3.html +++ /dev/null @@ -1,179 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">NSMB.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">NSMB.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">nsmb.conf</code> — - <span class="Nd">configuration file for server message block (SMB1/CIFS) - requests</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">nsmb.conf</code> file contains information - about the computers, users, and shares or mount points for the SMB network - protocol.</p> -<p class="Pp">The configuration files are loaded in the following order:</p> -<p class="Pp"></p> -<ol class="Bl-enum Bd-indent Bl-compact"> - <li><span class="Pa">~/.nsmbrc</span></li> - <li><span class="Pa">/etc/nsmb.conf</span></li> -</ol> -<p class="Pp">As a result, <span class="Pa">/etc/nsmb.conf</span> settings - override those in <span class="Pa">~/.nsmbrc</span>.</p> -<p class="Pp">The configuration hierarchy is made up of several sections, each - section containing a few or several lines of parameters and their assigned - values. Each of these sections must begin with a section name enclosed - within square brackets, similar to:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent">[<var class="Ar">section_name</var>]</div> -<p class="Pp">The end of each section is marked by either the start of a new - section, or by the abrupt ending of the file, commonly referred to as the - EOF. Each section may contain zero or more parameters such as:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent">[<var class="Ar">section_name</var>]</div> -<div class="Bd - Bd-indent"><var class="Ar">key</var>=<var class="Ar">value</var></div> -<p class="Pp">where <var class="Ar">key</var> represents a parameter name, and - <var class="Ar">value</var> would be the parameter's assigned value.</p> -<p class="Pp">The SMB library uses the following information for section - names:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="A)"><a class="permalink" href="#A)"><code class="Ic">A)</code></a></dt> - <dd>[<code class="Li">default</code>]</dd> - <dt id="B)"><a class="permalink" href="#B)"><code class="Ic">B)</code></a></dt> - <dd>[<var class="Ar">SERVER</var>]</dd> - <dt id="C)"><a class="permalink" href="#C)"><code class="Ic">C)</code></a></dt> - <dd>[<var class="Ar">SERVER</var>:<var class="Ar">USER</var>]</dd> - <dt id="D)"><a class="permalink" href="#D)"><code class="Ic">D)</code></a></dt> - <dd>[<var class="Ar">SERVER</var>:<var class="Ar">USER</var>:<var class="Ar">SHARE</var>]</dd> -</dl> -<p class="Pp">Possible keywords may include:</p> -<table class="Bl-column"> - <tr id="Keyword"> - <td><a class="permalink" href="#Keyword"><b class="Sy">Keyword</b></a></td> - <td>Section</td> - <td>Comment</td> - </tr> - <tr> - <td><b class="Sy"></b></td> - <td>A B C D</td> - </tr> - <tr id="addr"> - <td><var class="Va">addr</var></td> - <td>- + - -</td> - <td>IP address of SMB server</td> - </tr> - <tr id="charsets"> - <td><var class="Va">charsets</var></td> - <td>- + + +</td> - <td>local:remote charset pair</td> - </tr> - <tr id="nbns"> - <td><var class="Va">nbns</var></td> - <td>+ + - -</td> - <td>address of NetBIOS name server (WINS)</td> - </tr> - <tr id="nbscope"> - <td><var class="Va">nbscope</var></td> - <td>+ + - -</td> - <td>NetBIOS scope</td> - </tr> - <tr id="nbtimeout"> - <td><var class="Va">nbtimeout</var></td> - <td>+ + - -</td> - <td>timeout for NetBIOS name servers</td> - </tr> - <tr id="password"> - <td><var class="Va">password</var></td> - <td>- - + +</td> - <td>plain text or simple encrypted password used to access the given - share</td> - </tr> - <tr id="retry_count"> - <td><var class="Va">retry_count</var></td> - <td>+ + - -</td> - <td>number of retries before connection is marked as broken</td> - </tr> - <tr id="timeout"> - <td><var class="Va">timeout</var></td> - <td>+ + - -</td> - <td>SMB request timeout</td> - </tr> - <tr id="workgroup"> - <td><var class="Va">workgroup</var></td> - <td>+ + + +</td> - <td>workgroup name</td> - </tr> -</table> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag"> - <dt><span class="Pa">/etc/nsmb.conf</span></dt> - <dd>The default remote mount-point configuration file.</dd> - <dt><span class="Pa">~/.nsmbrc</span></dt> - <dd>The user specific remote mount-point configuration file.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">What follows is a sample configuration file which may, or may not - match your environment:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Configuration file for example.com -[default] -workgroup=SALES -# The 'FSERVER' is an NT server. -[FSERVER] -charsets=koi8-r:cp866 -addr=fserv.example.com -# User specific data for FSERVER -[FSERVER:MYUSER] -password=$$16144562c293a0314e6e1</pre> -</div> -<p class="Pp">All lines which begin with the - ‘<code class="Li">#</code>’ character are comments and will - not be parsed. The “<code class="Li">default</code>” section - describes the default workgroup or domain, in this case - “<code class="Li">SALES</code>”. The next section depicted - here as “<code class="Li">FSERVER</code>”, defines a server - section and then assigns it a charset which is only required when Cyrillic - characters are not used. The hostname value, - “<code class="Li">fserv.example.com</code>”, is also assigned - in this section. “<code class="Li">FSERVER:USER</code>”, - defines the user settings and is useful for saving the password used during - a specific connection. The password may be plaintext or obfuscated using - simple encryption. The simple encrypted password starts with the `$$1' - symbols. Warning: the encryption function is very weak and intended only to - hide clear text passwords. If the use of simple encryption is desired, the - following command may be used on a password:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>smbutil crypt</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">smbutil(1)</a>, <a class="Xr">mount_smbfs(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Sergey - Osokin</span> - <<a class="Mt" href="mailto:osa@FreeBSD.org">osa@FreeBSD.org</a>> and - <span class="An">Tom Rhodes</span> - <<a class="Mt" href="mailto:trhodes@FreeBSD.org">trhodes@FreeBSD.org</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 2, 2018</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/nsswitch.conf.5 3.html b/static/freebsd/man5/nsswitch.conf.5 3.html deleted file mode 100644 index db072fdf..00000000 --- a/static/freebsd/man5/nsswitch.conf.5 3.html +++ /dev/null @@ -1,306 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">NSSWITCH.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">NSSWITCH.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">nsswitch.conf</code> — - <span class="Nd">name-service switch configuration file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">nsswitch.conf</code> file specifies how the - <a class="Xr">nsdispatch(3)</a> (name-service switch dispatcher) routines in - the C library should operate.</p> -<p class="Pp">The configuration file controls how a process looks up various - databases containing information regarding hosts, users (passwords), groups, - etc. Each database comes from a source (such as local files, DNS, NIS , and - cache), and the order to look up the sources is specified in - <code class="Nm">nsswitch.conf</code>.</p> -<p class="Pp">Each entry in <code class="Nm">nsswitch.conf</code> consists of a - database name, and a space separated list of sources. Each source can have - an optional trailing criterion that determines whether the next listed - source is used, or the search terminates at the current source. Each - criterion consists of one or more status codes, and actions to take if that - status code occurs.</p> -<section class="Ss"> -<h2 class="Ss" id="Sources"><a class="permalink" href="#Sources">Sources</a></h2> -<p class="Pp">The following sources are implemented as part of the base - system:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="Source"><a class="permalink" href="#Source"><b class="Sy">Source</b></a></dt> - <dd><a class="permalink" href="#Description"><b class="Sy" id="Description">Description</b></a></dd> - <dt>files</dt> - <dd>Local files, such as <span class="Pa">/etc/hosts</span>, and - <span class="Pa">/etc/passwd</span>.</dd> - <dt>db</dt> - <dd>Local database.</dd> - <dt id="IN">dns</dt> - <dd>Internet Domain Name System. “hosts” and - ‘networks’ use - <a class="permalink" href="#IN"><b class="Sy">IN</b></a> class entries, - all other databases use - <a class="permalink" href="#HS"><b class="Sy" id="HS">HS</b></a> class - (Hesiod) entries.</dd> - <dt>nis</dt> - <dd>NIS (formerly YP)</dd> - <dt>compat</dt> - <dd>support ‘+/-’ in the “passwd” and - “group” databases. If this is present, it must be the only - source for that entry.</dd> - <dt>cache</dt> - <dd>makes use of the <a class="Xr">nscd(8)</a> daemon.</dd> -</dl> -<p class="Pp">Additional sources might be provided by third party software.</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="Databases"><a class="permalink" href="#Databases">Databases</a></h2> -<p class="Pp">The following databases are used by the following C library - functions:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="Database"><a class="permalink" href="#Database"><b class="Sy">Database</b></a></dt> - <dd><a class="permalink" href="#Used"><b class="Sy" id="Used">Used - by</b></a></dd> - <dt>group</dt> - <dd><a class="Xr">getgrent(3)</a>, <a class="Xr">getgrent_r(3)</a>, - <a class="Xr">getgrgid_r(3)</a>, <a class="Xr">getgrnam_r(3)</a>, - <a class="Xr">setgrent(3)</a>, <a class="Xr">endgrent(3)</a></dd> - <dt>hosts</dt> - <dd><a class="Xr">getaddrinfo(3)</a>, <a class="Xr">gethostbyaddr(3)</a>, - <a class="Xr">gethostbyaddr_r(3)</a>, <a class="Xr">gethostbyname(3)</a>, - <a class="Xr">gethostbyname2(3)</a>, <a class="Xr">gethostbyname_r(3)</a>, - <a class="Xr">getipnodebyaddr(3)</a>, - <a class="Xr">getipnodebyname(3)</a></dd> - <dt>networks</dt> - <dd><a class="Xr">getnetbyaddr(3)</a>, <a class="Xr">getnetbyaddr_r(3)</a>, - <a class="Xr">getnetbyname(3)</a>, - <a class="Xr">getnetbyname_r(3)</a></dd> - <dt>passwd</dt> - <dd><a class="Xr">getpwent(3)</a>, <a class="Xr">getpwent_r(3)</a>, - <a class="Xr">getpwnam_r(3)</a>, <a class="Xr">getpwuid_r(3)</a>, - <a class="Xr">setpwent(3)</a>, <a class="Xr">endpwent(3)</a></dd> - <dt>shells</dt> - <dd><a class="Xr">getusershell(3)</a></dd> - <dt>services</dt> - <dd><a class="Xr">getservent(3)</a></dd> - <dt>rpc</dt> - <dd><a class="Xr">getrpcbyname(3)</a>, <a class="Xr">getrpcbynumber(3)</a>, - <a class="Xr">getrpcent(3)</a></dd> - <dt>proto</dt> - <dd><a class="Xr">getprotobyname(3)</a>, - <a class="Xr">getprotobynumber(3)</a>, - <a class="Xr">getprotoent(3)</a></dd> - <dt>netgroup</dt> - <dd><a class="Xr">getnetgrent(3)</a>, <a class="Xr">getnetgrent_r(3)</a>, - <a class="Xr">setnetgrent(3)</a>, <a class="Xr">endnetgrent(3)</a>, - <a class="Xr">innetgr(3)</a></dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="Status_codes"><a class="permalink" href="#Status_codes">Status - codes</a></h2> -<p class="Pp">The following status codes are available:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="Status"><a class="permalink" href="#Status"><b class="Sy">Status</b></a></dt> - <dd><a class="permalink" href="#Description~2"><b class="Sy" id="Description~2">Description</b></a></dd> - <dt>success</dt> - <dd>The requested entry was found.</dd> - <dt>notfound</dt> - <dd>The entry is not present at this source.</dd> - <dt>tryagain</dt> - <dd>The source is busy, and may respond to retries.</dd> - <dt>unavail</dt> - <dd>The source is not responding, or entry is corrupt.</dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="Actions"><a class="permalink" href="#Actions">Actions</a></h2> -<p class="Pp">For each of the status codes, one of two actions is possible:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="Action"><a class="permalink" href="#Action"><b class="Sy">Action</b></a></dt> - <dd><a class="permalink" href="#Description~3"><b class="Sy" id="Description~3">Description</b></a></dd> - <dt>continue</dt> - <dd>Try the next source</dd> - <dt>return</dt> - <dd>Return with the current result</dd> -</dl> -</section> -<section class="Ss"> -<h2 class="Ss" id="Format_of_file"><a class="permalink" href="#Format_of_file">Format - of file</a></h2> -<p class="Pp">A BNF description of the syntax of - <code class="Nm">nsswitch.conf</code> is:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt><entry></dt> - <dd>::= <database> ":" [<source> - [<criteria>]]*</dd> - <dt><criteria></dt> - <dd>::= "[" <criterion>+ "]"</dd> - <dt><criterion></dt> - <dd>::= <status> "=" <action></dd> - <dt><status></dt> - <dd>::= "success" | "notfound" | "unavail" | - "tryagain"</dd> - <dt><action></dt> - <dd>::= "return" | "continue"</dd> -</dl> -<p class="Pp">Each entry starts on a new line in the file. A ‘#’ - delimits a comment to end of line. Blank lines are ignored. A - ‘\’ at the end of a line escapes the newline, and causes the - next line to be a continuation of the current line. All entries are - case-insensitive.</p> -<p class="Pp">The default criteria is to return on “success”, and - continue on anything else (i.e, <code class="Li">[success=return - notfound=continue unavail=continue tryagain=continue]</code>).</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="Cache"><a class="permalink" href="#Cache">Cache</a></h2> -<p class="Pp">You can enable caching for the particular database by specifying - “cache” in the <code class="Nm">nsswitch.conf</code> file. It - should come after “files”, but before remote sources like - “nis”. You should also enable caching for this database in - <a class="Xr">nscd.conf(5)</a>. If for a particular query - “cache” source returns success, then no further sources are - queried. On the other hand, if there are no previously cached data, the - query result will be placed into the cache right after all other sources are - processed. Note that “cache” requires the - <a class="Xr">nscd(8)</a> daemon to be running.</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="Compat_mode:_+/-_syntax"><a class="permalink" href="#Compat_mode:_+/-_syntax">Compat - mode: +/- syntax</a></h2> -<p class="Pp">In historical multi-source implementations, the ‘+’ - and ‘-’ characters are used to specify the importing of user - password and group information from NIS . Although - <code class="Nm">nsswitch.conf</code> provides alternative methods of - accessing distributed sources such as NIS , specifying a sole source of - “compat” will provide the historical behaviour.</p> -<p class="Pp">An alternative source for the information accessed via - ‘+/-’ can be used by specifying “passwd_compat: - source”. “source” in this case can be - ‘dns’, ‘nis’, or any other source except for - ‘files’ and ‘compat’.</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="Notes"><a class="permalink" href="#Notes">Notes</a></h2> -<p class="Pp">Historically, many of the databases had enumeration functions, - often of the form - <a class="permalink" href="#getXXXent"><code class="Fn" id="getXXXent">getXXXent</code></a>(). - These made sense when the databases were in local files, but do not make - sense or have lesser relevance when there are possibly multiple sources, - each of an unknown size. The interfaces are still provided for - compatibility, but the source may not be able to provide complete entries, - or duplicate entries may be retrieved if multiple sources that contain - similar information are specified.</p> -<p class="Pp">To ensure compatibility with previous and current implementations, - the “compat” source must appear alone for a given - database.</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="Default_source_lists"><a class="permalink" href="#Default_source_lists">Default - source lists</a></h2> -<p class="Pp">If, for any reason, <code class="Nm">nsswitch.conf</code> does not - exist, or it has missing or corrupt entries, <a class="Xr">nsdispatch(3)</a> - will default to an entry of “files” for the requested - database. Exceptions are:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="Database~2"><a class="permalink" href="#Database~2"><b class="Sy">Database</b></a></dt> - <dd><a class="permalink" href="#Default"><b class="Sy" id="Default">Default - source list</b></a></dd> - <dt>group</dt> - <dd>compat</dd> - <dt>group_compat</dt> - <dd>nis</dd> - <dt>hosts</dt> - <dd>files dns</dd> - <dt>passwd</dt> - <dd>compat</dd> - <dt>passwd_compat</dt> - <dd>nis</dd> - <dt>services</dt> - <dd>compat</dd> - <dt>services_compat</dt> - <dd>nis</dd> -</dl> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/nsswitch.conf</span></dt> - <dd>The file <code class="Nm">nsswitch.conf</code> resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">To lookup hosts in <span class="Pa">/etc/hosts</span> , then in - cache, and then from the DNS, and lookup user information from NIS then - files, use:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt>hosts:</dt> - <dd>files cache dns</dd> - <dt>passwd:</dt> - <dd>nis [notfound=return] files</dd> - <dt>group:</dt> - <dd>nis [notfound=return] files</dd> -</dl> -<p class="Pp">The criteria “[notfound=return]” sets a policy of - "if the user is notfound in nis, do not try files." This treats - nis as the authoritative source of information, except when the server is - down.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="NOTES"><a class="permalink" href="#NOTES">NOTES</a></h1> -<p class="Pp">The <code class="Nm">nsswitch.conf</code> file is parsed by each - program only once. Subsequent changes will not be applied until the program - is restarted.</p> -<p class="Pp">If system got compiled with <var class="Va">WITHOUT_NIS</var> you - have to remove ‘nis’ entries.</p> -<p class="Pp"><span class="Ux">FreeBSD</span>'s <span class="Lb">Standard - C Library (libc, -lc)</span> provides stubs for compatibility with - NSS modules written for the GNU C Library <code class="Nm">nsswitch</code> - interface. However, these stubs only support the use of the - “<code class="Li">passwd</code>” and - “<code class="Li">group</code>” databases.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">nsdispatch(3)</a>, <a class="Xr">nscd.conf(5)</a>, - <a class="Xr">resolv.conf(5)</a>, <a class="Xr">nscd(8)</a>, - <a class="Xr">ypbind(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">nsswitch.conf</code> file format first - appeared in <span class="Ux">FreeBSD 5.0</span>. It was imported from the - <span class="Ux">NetBSD</span> Project, where it appeared first in - <span class="Ux">NetBSD 1.4</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Luke Mewburn</span> - <<a class="Mt" href="mailto:lukem@netbsd.org">lukem@netbsd.org</a>> - wrote this freely distributable name-service switch implementation, using - ideas from the ULTRIX <a class="Xr">svc.conf(5)</a> and Solaris - <a class="Xr">nsswitch.conf(4)</a> manual pages.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">September 6, 2020</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/os-release.5 3.html b/static/freebsd/man5/os-release.5 3.html deleted file mode 100644 index be3bfd31..00000000 --- a/static/freebsd/man5/os-release.5 3.html +++ /dev/null @@ -1,115 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">OS-RELEASE(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">OS-RELEASE(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">os-release</code> — <span class="Nd">file - describing the current OS and some of its attributes</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">os-release</code> file is a new-line - separated list of key value pairs. The syntax of this file is a reduced - <a class="Xr">sh(1)</a> variable assignment with the following - restrictions:</p> -<ul class="Bl-bullet"> - <li>Strings cannot be concatenated together</li> - <li>No variable expansion is done</li> - <li>All shell special characters must be quoted as documented in - <a class="Xr">sh(1)</a></li> - <li>Variable assignments must be included inside of double quotes if they - contain characters outside of A-Z, a-z and 0-9</li> - <li>All strings should be UTF-8 format</li> - <li>Non-printable characters should not be used in the strings</li> -</ul> -<p class="Pp">Lines starting with the character - ‘<code class="Li">#</code>’ are ignored as comments.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="VARIABLES"><a class="permalink" href="#VARIABLES">VARIABLES</a></h1> -<p class="Pp">The following variables are defined by the standard.</p> -<dl class="Bl-tag Bl-compact"> - <dt id="NAME~2"><a class="permalink" href="#NAME~2"><code class="Dv">NAME</code></a></dt> - <dd>A string describing the preferred OS name.</dd> - <dt id="VERSION"><a class="permalink" href="#VERSION"><code class="Dv">VERSION</code></a></dt> - <dd>Version string for the OS, in its usual and customary format.</dd> - <dt id="ID"><a class="permalink" href="#ID"><code class="Dv">ID</code></a></dt> - <dd>Lower case version of the name with only a-z, 0-9, - ‘<code class="Li">.</code>’, - ‘<code class="Li">-</code>’, and - ‘<code class="Li">_</code>’.</dd> - <dt id="VERSION_ID"><a class="permalink" href="#VERSION_ID"><code class="Dv">VERSION_ID</code></a></dt> - <dd>Lower case version of the version with only a-z, 0-9, - ‘<code class="Li">.</code>’, - ‘<code class="Li">-</code>’, and - ‘<code class="Li">_</code>’.</dd> - <dt id="PRETTY_NAME"><a class="permalink" href="#PRETTY_NAME"><code class="Dv">PRETTY_NAME</code></a></dt> - <dd>A pretty version of the name presented to the user. May contain release - information.</dd> - <dt id="ANSI_COLOR"><a class="permalink" href="#ANSI_COLOR"><code class="Dv">ANSI_COLOR</code></a></dt> - <dd>Suggested color presentation for the OS. This string should be suitable - for inclusion within an ESC [ m ANSI/ECMA-48 escape sequence to render the - OS in its preferred color. This variable is optional.</dd> - <dt id="CPE_NAME"><a class="permalink" href="#CPE_NAME"><code class="Dv">CPE_NAME</code></a></dt> - <dd>A CPE name for the operating system. This field shall follow the NIST - Common Platform Enumeration specification.</dd> - <dt id="HOME_URL"><a class="permalink" href="#HOME_URL"><code class="Dv">HOME_URL</code></a></dt> - <dd style="width: auto;"> </dd> - <dt id="SUPPORT_URL"><a class="permalink" href="#SUPPORT_URL"><code class="Dv">SUPPORT_URL</code></a></dt> - <dd style="width: auto;"> </dd> - <dt id="BUG_REPORT_URL"><a class="permalink" href="#BUG_REPORT_URL"><code class="Dv">BUG_REPORT_URL</code></a></dt> - <dd style="width: auto;"> </dd> - <dt id="PRIVACY_POLICY_URL"><a class="permalink" href="#PRIVACY_POLICY_URL"><code class="Dv">PRIVACY_POLICY_URL</code></a></dt> - <dd>Links on the internet, in RFC 3986 format for different aspects of this - OS. These variables are optional.</dd> - <dt id="BUILD_ID"><a class="permalink" href="#BUILD_ID"><code class="Dv">BUILD_ID</code></a></dt> - <dd>A string identifying the build. This variable is optional.</dd> - <dt id="VARIANT"><a class="permalink" href="#VARIANT"><code class="Dv">VARIANT</code></a></dt> - <dd>A string describing the variant of this operating system. This variable is - optional.</dd> - <dt id="VARIANT_ID"><a class="permalink" href="#VARIANT_ID"><code class="Dv">VARIANT_ID</code></a></dt> - <dd>Lower case version of the variant with only a-z, 0-9, - ‘<code class="Li">.</code>’, - ‘<code class="Li">-</code>’, and - ‘<code class="Li">_</code>’. This variable is optional.</dd> -</dl> -<p class="Pp">All other variables have no standard-defined meaning.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/os-release</span></dt> - <dd>Symbolic link to actual <span class="Pa">os-release</span> file.</dd> - <dt><span class="Pa">/var/run/os-release</span></dt> - <dd>Generated os-release file describing the currently running system.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt>CPE Specification</dt> - <dd><a class="Lk" href="https://csrc.nist.gov/projects/security-content-automation-protocol/scap-specifications/cpe">https://csrc.nist.gov/projects/security-content-automation-protocol/scap-specifications/cpe</a></dd> - <dt>RFC 3986</dt> - <dd><a class="Lk" href="https://tools.ietf.org/html/rfc3986">https://tools.ietf.org/html/rfc3986</a></dd> - <dt>os-release Specification</dt> - <dd><a class="Lk" href="https://www.linux.org/docs/man5/os-release.html">https://www.linux.org/docs/man5/os-release.html</a></dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">This file first appeared in <span class="Ux">FreeBSD - 13.0</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">November 23, 2021</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/passwd.5 3.html b/static/freebsd/man5/passwd.5 3.html deleted file mode 100644 index 713b1d4e..00000000 --- a/static/freebsd/man5/passwd.5 3.html +++ /dev/null @@ -1,282 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PASSWD(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PASSWD(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">passwd</code>, - <code class="Nm">master.passwd</code>, <code class="Nm">pwd.db</code>, - <code class="Nm">spwd.db</code> — <span class="Nd">format of the - password file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">passwd</code> files are the local source of - password information. They can be used in conjunction with the Hesiod - domains ‘<code class="Li">passwd</code>’ and - ‘<code class="Li">uid</code>’, and the NIS maps - ‘<code class="Li">passwd.byname</code>’, - ‘<code class="Li">passwd.byuid</code>’, - ‘<code class="Li">master.passwd.byname</code>’, and - ‘<code class="Li">master.passwd.byuid</code>’, as controlled - by <a class="Xr">nsswitch.conf(5)</a>.</p> -<p class="Pp">For consistency, none of these files should ever be modified - manually.</p> -<p class="Pp">The <code class="Nm">master.passwd</code> file is readable only by - root, and consists of newline separated records, one per user, containing - ten colon (‘<code class="Li">:</code>’) separated fields. - These fields are as follows:</p> -<div class="Bd-indent"> -<dl class="Bl-tag"> - <dt><var class="Ar">name</var></dt> - <dd>User's login name.</dd> - <dt><var class="Ar">password</var></dt> - <dd>User's <i class="Em">encrypted</i> password.</dd> - <dt><var class="Ar">uid</var></dt> - <dd>User's id.</dd> - <dt><var class="Ar">gid</var></dt> - <dd>User's login group id.</dd> - <dt><var class="Ar">class</var></dt> - <dd>User's login class.</dd> - <dt><var class="Ar">change</var></dt> - <dd>Password change time.</dd> - <dt><var class="Ar">expire</var></dt> - <dd>Account expiration time.</dd> - <dt><var class="Ar">gecos</var></dt> - <dd>General information about the user.</dd> - <dt><var class="Ar">home_dir</var></dt> - <dd>User's home directory.</dd> - <dt><var class="Ar">shell</var></dt> - <dd>User's login shell.</dd> -</dl> -</div> -<p class="Pp">The <code class="Nm">passwd</code> file is generated from the - <code class="Nm">master.passwd</code> file by <a class="Xr">pwd_mkdb(8)</a>, - has the <var class="Ar">class</var>, <var class="Ar">change</var>, and - <var class="Ar">expire</var> fields removed, and the - <var class="Ar">password</var> field replaced by a - ‘<code class="Li">*</code>’ character.</p> -<p class="Pp">The <var class="Ar">name</var> field is the login used to access - the computer account, and the <var class="Ar">uid</var> field is the number - associated with it. They should both be unique across the system (and often - across a group of systems) since they control file access.</p> -<p class="Pp">While it is possible to have multiple entries with identical login - names and/or identical user id's, it is usually a mistake to do so. Routines - that manipulate these files will often return only one of the multiple - entries, and that one by random selection.</p> -<p class="Pp">The login name must not begin with a hyphen - (‘<code class="Li">-</code>’), and cannot contain 8-bit - characters, tabs or spaces, or any of these symbols: - ‘<code class="Li">,:+&#%^()!@~*?<>=|\/";</code>’. - The dollar symbol (‘<code class="Li">$</code>’) is allowed - only as the last character for use with Samba. No field may contain a colon - (‘<code class="Li">:</code>’) as this has been used - historically to separate the fields in the user database.</p> -<p class="Pp">Case is significant. Login names - ‘<code class="Li">Lrrr</code>’ and - ‘<code class="Li">lrrr</code>’ represent different users. Be - aware of this when interoperating with systems that do not have - case-sensitive login names.</p> -<p class="Pp">In the <code class="Nm">master.passwd</code> file, the - <var class="Ar">password</var> field is the <i class="Em">encrypted</i> form - of the password, see <a class="Xr">crypt(3)</a>. If the - <var class="Ar">password</var> field is empty, no password will be required - to gain access to the machine. This is almost invariably a mistake, so - authentication components such as PAM can forcibly disallow remote access to - passwordless accounts. Because this file contains the encrypted user - passwords, it should not be readable by anyone without appropriate - privileges.</p> -<p class="Pp">A password of ‘<code class="Li">*</code>’ indicates - that password authentication is disabled for that account (logins through - other forms of authentication, e.g., using <a class="Xr">ssh(1)</a> keys, - will still work). The field only contains encrypted passwords, and - ‘<code class="Li">*</code>’ can never be the result of - encrypting a password.</p> -<p class="Pp">An encrypted password prefixed by - ‘<code class="Li">*LOCKED*</code>’ means that the account is - temporarily locked out and no one can log into it using any authentication. - For a convenient command-line interface to account locking, see - <a class="Xr">pw(8)</a>.</p> -<p class="Pp">The <var class="Ar">group</var> field is the group that the user - will be placed in upon login. Since this system supports multiple groups - (see <a class="Xr">groups(1)</a>) this field currently has little special - meaning.</p> -<p class="Pp">The <var class="Ar">class</var> field is a key for a user's login - class. Login classes are defined in <a class="Xr">login.conf(5)</a>, which - is a <a class="Xr">termcap(5)</a> style database of user attributes, - accounting, resource, and environment settings.</p> -<p class="Pp">The <var class="Ar">change</var> field is the number of seconds - from the epoch, <code class="Dv">UTC</code>, until the password for the - account must be changed. This field may be left empty to turn off the - password aging feature; a value of zero is equivalent to leaving the field - empty.</p> -<p class="Pp">The <var class="Ar">expire</var> field is the number of seconds - from the epoch, <code class="Dv">UTC</code>, until the account expires. This - field may be left empty to turn off the account aging feature; a value of - zero is equivalent to leaving the field empty.</p> -<p class="Pp">The <var class="Ar">gecos</var> field normally contains comma - (‘<code class="Li">,</code>’) separated subfields as - follows:</p> -<p class="Pp"></p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">name</var></dt> - <dd>user's full name</dd> - <dt><var class="Ar">office</var></dt> - <dd>user's office number</dd> - <dt><var class="Ar">wphone</var></dt> - <dd>user's work phone number</dd> - <dt><var class="Ar">hphone</var></dt> - <dd>user's home phone number</dd> -</dl> -</div> -<p class="Pp">The full <var class="Ar">name</var> may contain an ampersand - (‘<code class="Li">&</code>’) which will be replaced by - the capitalized login <var class="Ar">name</var> when the - <var class="Ar">gecos</var> field is displayed or used by various programs - such as <a class="Xr">finger(1)</a>, <a class="Xr">sendmail(8)</a>, etc.</p> -<p class="Pp">The <var class="Ar">office</var> and phone number subfields are - used by the <a class="Xr">finger(1)</a> program, and possibly other - applications.</p> -<p class="Pp">The user's home directory, <var class="Ar">home_dir</var>, is the - full <span class="Ux">UNIX</span> path name where the user will be placed on - login.</p> -<p class="Pp">The <var class="Ar">shell</var> field is the command interpreter - the user prefers. If there is nothing in the <var class="Ar">shell</var> - field, the Bourne shell (<span class="Pa">/bin/sh</span>) is assumed. The - conventional way to disable logging into an account once and for all, as it - is done for system accounts, is to set its <var class="Ar">shell</var> to - <span class="Pa">/sbin/nologin</span> (see - <a class="Xr">nologin(8)</a>).</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HESIOD_SUPPORT"><a class="permalink" href="#HESIOD_SUPPORT">HESIOD - SUPPORT</a></h1> -<p class="Pp">If ‘<code class="Li">dns</code>’ is specified for - the ‘<code class="Li">passwd</code>’ database in - <a class="Xr">nsswitch.conf(5)</a>, then <code class="Nm">passwd</code> - lookups occur from the ‘<code class="Li">passwd</code>’ Hesiod - domain.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="NIS_SUPPORT"><a class="permalink" href="#NIS_SUPPORT">NIS - SUPPORT</a></h1> -<p class="Pp">If ‘<code class="Li">nis</code>’ is specified for - the ‘<code class="Li">passwd</code>’ database in - <a class="Xr">nsswitch.conf(5)</a>, then <code class="Nm">passwd</code> - lookups occur from the - ‘<code class="Li">passwd.byname</code>’, - ‘<code class="Li">passwd.byuid</code>’, - ‘<code class="Li">master.passwd.byname</code>’, and - ‘<code class="Li">master.passwd.byuid</code>’ NIS maps.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="COMPAT_SUPPORT"><a class="permalink" href="#COMPAT_SUPPORT">COMPAT - SUPPORT</a></h1> -<p class="Pp">If ‘<code class="Li">compat</code>’ is specified for - the ‘<code class="Li">passwd</code>’ database, and either - ‘<code class="Li">dns</code>’ or - ‘<code class="Li">nis</code>’ is specified for the - ‘<code class="Li">passwd_compat</code>’ database in - <a class="Xr">nsswitch.conf(5)</a>, then the <code class="Nm">passwd</code> - file also supports standard - ‘<code class="Li">+</code>/<code class="Li">-</code>’ - exclusions and inclusions, based on user names and netgroups.</p> -<p class="Pp">Lines beginning with a ‘<code class="Li">-</code>’ - (minus sign) are entries marked as being excluded from any following - inclusions, which are marked with a - ‘<code class="Li">+</code>’ (plus sign).</p> -<p class="Pp">If the second character of the line is a - ‘<code class="Li">@</code>’ (at sign), the operation involves - the user fields of all entries in the netgroup specified by the remaining - characters of the <var class="Ar">name</var> field. Otherwise, the remainder - of the <var class="Ar">name</var> field is assumed to be a specific user - name.</p> -<p class="Pp">The ‘<code class="Li">+</code>’ token may also be - alone in the <var class="Ar">name</var> field, which causes all users from - either the Hesiod domain <code class="Nm">passwd</code> (with - ‘<code class="Li">passwd_compat: dns</code>’) or - ‘<code class="Li">passwd.byname</code>’ and - ‘<code class="Li">passwd.byuid</code>’ NIS maps (with - ‘<code class="Li">passwd_compat: nis</code>’) to be - included.</p> -<p class="Pp">If the entry contains non-empty <var class="Ar">uid</var> or - <var class="Ar">gid</var> fields, the specified numbers will override the - information retrieved from the Hesiod domain or the NIS maps. Likewise, if - the <var class="Ar">gecos</var>, <var class="Ar">dir</var> or - <var class="Ar">shell</var> entries contain text, it will override the - information included via Hesiod or NIS . On some systems, the - <var class="Ar">passwd</var> field may also be overridden.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/passwd</span></dt> - <dd>ASCII password file, with passwords removed</dd> - <dt><span class="Pa">/etc/pwd.db</span></dt> - <dd><a class="Xr">db(3)</a>-format password database, with passwords - removed</dd> - <dt><span class="Pa">/etc/master.passwd</span></dt> - <dd>ASCII password file, with passwords intact</dd> - <dt><span class="Pa">/etc/spwd.db</span></dt> - <dd><a class="Xr">db(3)</a>-format password database, with passwords - intact</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="COMPATIBILITY"><a class="permalink" href="#COMPATIBILITY">COMPATIBILITY</a></h1> -<p class="Pp">The password file format has changed since - <span class="Ux">4.3BSD</span>. The following awk script can be used to - convert your old-style password file into a new style password file. The - additional fields <var class="Ar">class</var>, <var class="Ar">change</var> - and <var class="Ar">expire</var> are added, but are turned off by default - (setting these fields to zero is equivalent to leaving them blank). Class is - currently not implemented, but change and expire are; to set them, use the - current day in seconds from the epoch + whatever number of seconds of offset - you want.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>BEGIN { FS = ":"} -{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">chpass(1)</a>, <a class="Xr">login(1)</a>, - <a class="Xr">passwd(1)</a>, <a class="Xr">crypt(3)</a>, - <a class="Xr">getpwent(3)</a>, <a class="Xr">login.conf(5)</a>, - <a class="Xr">netgroup(5)</a>, <a class="Xr">nsswitch.conf(5)</a>, - <a class="Xr">adduser(8)</a>, <a class="Xr">nologin(8)</a>, - <a class="Xr">pw(8)</a>, <a class="Xr">pwd_mkdb(8)</a>, - <a class="Xr">vipw(8)</a>, <a class="Xr">yp(8)</a></p> -<p class="Pp"><span class="RsT">Managing NFS and NIS</span> (O'Reilly & - Associates)</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">A <code class="Nm">passwd</code> file format first appeared in - <span class="Ux">Version 1 AT&T UNIX</span>.</p> -<p class="Pp">The NIS <code class="Nm">passwd</code> file format first appeared - in SunOS.</p> -<p class="Pp">The Hesiod support first appeared in <span class="Ux">FreeBSD - 4.1</span>. It was imported from the <span class="Ux">NetBSD</span> Project, - where it first appeared in <span class="Ux">NetBSD 1.4</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">User information should (and eventually will) be stored - elsewhere.</p> -<p class="Pp">Placing ‘<code class="Li">compat</code>’ exclusions - in the file after any inclusions will have unexpected results.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">May 16, 2023</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/pbm.5 3.html b/static/freebsd/man5/pbm.5 3.html deleted file mode 100644 index 25d01fce..00000000 --- a/static/freebsd/man5/pbm.5 3.html +++ /dev/null @@ -1,78 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PBM(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PBM(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">pbm</code> — <span class="Nd">portable - bitmap file format</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The portable bitmap format is a lowest common denominator - monochrome file format. It was originally designed to make it reasonable to - mail bitmaps between different types of machines using the typical stupid - network mailers we have today. Now it serves as the common language of a - large family of bitmap conversion filters. The definition is as follows:</p> -<p class="Pp"></p> -<ul class="Bl-bullet Bl-compact"> - <li>A "magic number" for identifying the file type. A pbm file's - magic number is the two characters "P1".</li> - <li>Whitespace (blanks, TABs, CRs, LFs).</li> - <li>A width, formatted as ASCII characters in decimal.</li> - <li>Whitespace.</li> - <li>A height, again in ASCII decimal.</li> - <li>Whitespace.</li> - <li>Width * height bits, each either '1' or '0', starting at the top-left - corner of the bitmap, proceeding in normal English reading order.</li> - <li>The character '1' means black, '0' means white.</li> - <li>Whitespace in the bits section is ignored.</li> - <li>Characters from a "#" to the next end-of-line are ignored - (comments).</li> - <li>No line should be longer than 70 characters.</li> -</ul> -<p class="Pp">Here is an example of a small bitmap in this format:</p> -<div class="Bd Pp Li"> -<pre>P1 -# feep.pbm -24 7 -0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 -0 1 1 1 1 0 0 1 1 1 1 0 0 1 1 1 1 0 0 1 1 1 1 0 -0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 1 0 -0 1 1 1 0 0 0 1 1 1 0 0 0 1 1 1 0 0 0 1 1 1 1 0 -0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 -0 1 0 0 0 0 0 1 1 1 1 0 0 1 1 1 1 0 0 1 0 0 0 0 -0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0</pre> -</div> -<p class="Pp">Programs that read this format should be as lenient as possible, - accepting anything that looks remotely like a bitmap.</p> -<p class="Pp">There is also a variant on the format, available by setting the - RAWBITS option at compile time. This variant is different in the following - ways:</p> -<p class="Pp"></p> -<ul class="Bl-bullet Bl-compact"> - <li>The "magic number" is "P4" instead of - "P1".</li> - <li>The bits are stored eight per byte, high bit first low bit last.</li> - <li>No whitespace is allowed in the bits section, and only a single character - of whitespace (typically a newline) is allowed after the height.</li> - <li>The files are eight times smaller and many times faster to read and - write.</li> -</ul> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">Copyright (C) 1989, 1991 by <span class="An">Jef - Poskanzer</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">September 27, 1991</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/periodic.conf.5 3.html b/static/freebsd/man5/periodic.conf.5 3.html deleted file mode 100644 index 351533f1..00000000 --- a/static/freebsd/man5/periodic.conf.5 3.html +++ /dev/null @@ -1,744 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PERIODIC.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PERIODIC.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">periodic.conf</code> — - <span class="Nd">periodic job configuration information</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <code class="Nm">periodic.conf</code> contains a - description of how daily, weekly and monthly system maintenance jobs should - run. It resides in the <span class="Pa">/etc/defaults</span> directory and - parts may be overridden by a file of the same name in - <span class="Pa">/etc</span>, which itself may be overridden by the - <span class="Pa">/etc/periodic.conf.local</span> file.</p> -<p class="Pp">The <code class="Nm">periodic.conf</code> file is actually sourced - as a shell script from each of the periodic scripts and is intended to - simply provide default configuration variables.</p> -<p class="Pp">The following variables are used by <a class="Xr">periodic(8)</a> - itself:</p> -<div class="Bd-indent"> -<dl class="Bl-tag"> - <dt id="local_periodic"><var class="Va">local_periodic</var></dt> - <dd>(<var class="Vt">str</var>) List of directories to search for periodic - scripts. This list is always prefixed with - <span class="Pa">/etc/periodic</span>, and is only used when an argument - to <a class="Xr">periodic(8)</a> is not an absolute directory name.</dd> - <dt>⟨<var class="Ar">dir</var>⟩<var class="Va">_output</var></dt> - <dd>(<var class="Vt">path</var> <span class="No">or</span> - <var class="Vt">list</var>) What to do with the output of the scripts - executed from the directory <var class="Ar">dir</var>. If this variable is - set to an absolute path name, output is logged to that file, otherwise it - is taken as one or more space separated email addresses and mailed to - those users. If this variable is not set or is empty, output is sent to - standard output. - <p class="Pp">For an unattended machine, suitable values for - <var class="Va">daily_output</var>, <var class="Va">weekly_output</var>, - and <var class="Va">monthly_output</var> might be - “<code class="Li">/var/log/daily.log</code>”, - “<code class="Li">/var/log/weekly.log</code>”, and - “<code class="Li">/var/log/monthly.log</code>” - respectively, as <a class="Xr">newsyslog(8)</a> will rotate these files - (if they exists) at the appropriate times.</p> - </dd> - <dt>⟨<var class="Ar">dir</var>⟩<var class="Va">_show_success</var></dt> - <dd style="width: auto;"> </dd> - <dt>⟨<var class="Ar">dir</var>⟩<var class="Va">_show_info</var></dt> - <dd style="width: auto;"> </dd> - <dt>⟨<var class="Ar">dir</var>⟩<var class="Va">_show_badconfig</var></dt> - <dd>(<var class="Vt">bool</var>) These variables control whether - <a class="Xr">periodic(8)</a> will mask the output of the executed scripts - based on their return code (where <var class="Ar">dir</var> is the base - directory name in which each script resides). If the return code of a - script is ‘0’ and - ⟨<var class="Ar">dir</var>⟩<var class="Va">_show_success</var> - is set to “<code class="Li">NO</code>”, - <a class="Xr">periodic(8)</a> will mask the script's output. If the return - code of a script is ‘1’ and - ⟨<var class="Ar">dir</var>⟩<var class="Va">_show_info</var> - is set to “<code class="Li">NO</code>”, - <a class="Xr">periodic(8)</a> will mask the script's output. If the return - code of a script is ‘2’ and - ⟨<var class="Ar">dir</var>⟩<var class="Va">_show_badconfig</var> - is set to “<code class="Li">NO</code>”, - <a class="Xr">periodic(8)</a> will mask the script's output. If these - variables are set to neither “<code class="Li">YES</code>” - nor “<code class="Li">NO</code>”, they default to - “<code class="Li">YES</code>”, - “<code class="Li">YES</code>” and - “<code class="Li">NO</code>” respectively. - <p class="Pp">Refer to the <a class="Xr">periodic(8)</a> manual page for how - script return codes are interpreted.</p> - </dd> - <dt id="anticongestion_sleeptime"><var class="Va">anticongestion_sleeptime</var></dt> - <dd>(<var class="Vt">int</var>) The maximum number of seconds to randomly - sleep in order to smooth bursty loads on a shared resource, such as a - download mirror.</dd> -</dl> -</div> -<p class="Pp">The following variables are used by the standard scripts that - reside in <span class="Pa">/etc/periodic/daily</span>:</p> -<div class="Bd-indent"> -<dl class="Bl-tag"> - <dt id="daily_clean_disks_enable"><var class="Va">daily_clean_disks_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to remove all - files matching <var class="Va">daily_clean_disks_files</var> daily.</dd> - <dt id="daily_clean_disks_files"><var class="Va">daily_clean_disks_files</var></dt> - <dd>(<var class="Vt">str</var>) Set to a list of file names to match. Wild - cards are permitted.</dd> - <dt id="daily_clean_disks_days"><var class="Va">daily_clean_disks_days</var></dt> - <dd>(<var class="Vt">num</var>) When - <var class="Va">daily_clean_disks_enable</var> is set to - “<code class="Li">YES</code>”, this must also be set to the - number of days old that a file's access and modification times must be - before it is deleted.</dd> - <dt id="daily_clean_disks_verbose"><var class="Va">daily_clean_disks_verbose</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want the removed files - to be reported in your daily output.</dd> - <dt id="daily_clean_tmps_enable"><var class="Va">daily_clean_tmps_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to clear temporary - directories daily.</dd> - <dt id="daily_clean_tmps_dirs"><var class="Va">daily_clean_tmps_dirs</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of directories to clear if - <var class="Va">daily_clean_tmps_enable</var> is set to - “<code class="Li">YES</code>”.</dd> - <dt id="daily_clean_tmps_days"><var class="Va">daily_clean_tmps_days</var></dt> - <dd>(<var class="Vt">num</var>) When - <var class="Va">daily_clean_tmps_enable</var> is set, this must also be - set to the number of days old that a file's access and modification times - must be before it is deleted.</dd> - <dt id="daily_clean_tmps_ignore"><var class="Va">daily_clean_tmps_ignore</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of files that should not be - deleted when <var class="Va">daily_clean_tmps_enable</var> is set to - “<code class="Li">YES</code>”. Wild card characters are - permitted.</dd> - <dt id="daily_clean_tmps_verbose"><var class="Va">daily_clean_tmps_verbose</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want the removed files - to be reported in your daily output.</dd> - <dt id="daily_clean_preserve_enable"><var class="Va">daily_clean_preserve_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you wish to remove old - files from <span class="Pa">/var/preserve</span>.</dd> - <dt id="daily_clean_preserve_days"><var class="Va">daily_clean_preserve_days</var></dt> - <dd>(<var class="Vt">num</var>) Set to the number of days that files must not - have been modified before they are deleted.</dd> - <dt id="daily_clean_preserve_verbose"><var class="Va">daily_clean_preserve_verbose</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want the removed files - to be reported in your daily output.</dd> - <dt id="daily_clean_msgs_enable"><var class="Va">daily_clean_msgs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you wish old system - messages to be purged.</dd> - <dt id="daily_clean_msgs_days"><var class="Va">daily_clean_msgs_days</var></dt> - <dd>(<var class="Vt">num</var>) Set to the number of days that files must not - have been modified before they are deleted. If this variable is left - blank, the <a class="Xr">msgs(1)</a> default is used.</dd> - <dt id="daily_clean_rwho_enable"><var class="Va">daily_clean_rwho_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you wish old files in - <span class="Pa">/var/who</span> to be purged.</dd> - <dt id="daily_clean_rwho_days"><var class="Va">daily_clean_rwho_days</var></dt> - <dd>(<var class="Vt">num</var>) Set to the number of days that files must not - have been modified before they are deleted.</dd> - <dt id="daily_clean_rwho_verbose"><var class="Va">daily_clean_rwho_verbose</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want the removed files - to be reported in your daily output.</dd> - <dt id="daily_clean_hoststat_enable"><var class="Va">daily_clean_hoststat_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to run - <code class="Nm">sendmail</code> <code class="Fl">-bH</code> to - automatically purge stale entries from <a class="Xr">sendmail(8)</a>'s - host status cache. Files will be deleted using the same criteria as - <a class="Xr">sendmail(8)</a> would normally use when determining whether - to believe the cached information, as configured in - <span class="Pa">/etc/mail/sendmail.cf</span>.</dd> - <dt id="daily_backup_efi_enable"><var class="Va">daily_backup_efi_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to create backup of EFI System - Partition (ESP).</dd> - <dt id="daily_backup_gmirror_enable"><var class="Va">daily_backup_gmirror_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to create backup of gmirror - information (i.e., output of <code class="Nm">gmirror</code> - <code class="Cm">list</code>), see <a class="Xr">gmirror(8)</a>.</dd> - <dt id="daily_backup_gmirror_verbose"><var class="Va">daily_backup_gmirror_verbose</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to report a diff between the - new backup and the existing backup in the daily output.</dd> - <dt id="daily_backup_gpart_enable"><var class="Va">daily_backup_gpart_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to create backups of partition - tables, and bootcode partition contents.</dd> - <dt id="daily_backup_gpart_verbose"><var class="Va">daily_backup_gpart_verbose</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to be verbose if existing - backups for kern.geom.conftxt or the partition tables differ from the new - backups.</dd> - <dt id="daily_backup_passwd_enable"><var class="Va">daily_backup_passwd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want the - <span class="Pa">/etc/master.passwd</span> and - <span class="Pa">/etc/group</span> files backed up and reported on. - Reporting consists of checking both files for modifications and running - <a class="Xr">chkgrp(8)</a> on the <span class="Pa">group</span> - file.</dd> - <dt id="daily_backup_aliases_enable"><var class="Va">daily_backup_aliases_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want the - <span class="Pa">/etc/mail/aliases</span> file backed up and modifications - to be displayed in your daily output.</dd> - <dt id="daily_backup_zfs_enable"><var class="Va">daily_backup_zfs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to create backup of the output - generated from the <a class="Xr">zfs-list(8)</a> and - <a class="Xr">zpool-list(8)</a> utilities.</dd> - <dt id="daily_backup_zfs_list_flags"><var class="Va">daily_backup_zfs_list_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments for the - <a class="Xr">zfs-list(8)</a> utility. The default is standard - behavior.</dd> - <dt id="daily_backup_zpool_list_flags"><var class="Va">daily_backup_zpool_list_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments for the - <a class="Xr">zpool-list(8)</a> utility. The default is - <code class="Fl">-v</code>.</dd> - <dt id="daily_backup_zfs_props_enable"><var class="Va">daily_backup_zfs_props_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to create backup of the output - generated from the <a class="Xr">zfs-get(8)</a> and - <a class="Xr">zpool-get(8)</a> utilities.</dd> - <dt id="daily_backup_zfs_get_flags"><var class="Va">daily_backup_zfs_get_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments for the - <a class="Xr">zfs-get(8)</a> utility. The default is - <code class="Cm">all</code>.</dd> - <dt id="daily_backup_zpool_get_flags"><var class="Va">daily_backup_zpool_get_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments for the - <a class="Xr">zpool-get(8)</a> utility. The default is - <code class="Cm">all</code>.</dd> - <dt id="daily_backup_zfs_verbose"><var class="Va">daily_backup_zfs_verbose</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to report a diff between the - new backup and the existing backup in the daily output.</dd> - <dt id="daily_calendar_enable"><var class="Va">daily_calendar_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">calendar</code> <code class="Fl">-a</code> daily.</dd> - <dt id="daily_accounting_enable"><var class="Va">daily_accounting_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to rotate your - daily process accounting files. No rotations are necessary unless - <var class="Va">accounting_enable</var> is enabled in - <a class="Xr">rc.conf(5)</a>.</dd> - <dt id="daily_accounting_compress"><var class="Va">daily_accounting_compress</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want your daily - accounting files to be compressed using <a class="Xr">gzip(1)</a>.</dd> - <dt id="daily_accounting_save"><var class="Va">daily_accounting_save</var></dt> - <dd>(<var class="Vt">num</var>) When - <var class="Va">daily_accounting_enable</var> is set, this may also be set - to the number of daily accounting files that are to be saved. The default - is “<code class="Li">3</code>”.</dd> - <dt id="daily_accounting_flags"><var class="Va">daily_accounting_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments to pass to the - <a class="Xr">sa(8)</a> utility (in addition to - <code class="Fl">-s</code>) when - <var class="Va">daily_accounting_enable</var> is set to - “<code class="Li">YES</code>”. The default is - <code class="Fl">-q</code>.</dd> - <dt id="daily_status_disks_enable"><var class="Va">daily_status_disks_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <a class="Xr">df(1)</a> (with the arguments supplied in - <var class="Va">daily_status_disks_df_flags</var>) and - <code class="Nm">dump</code> <code class="Fl">-W</code>.</dd> - <dt id="daily_status_disks_df_flags"><var class="Va">daily_status_disks_df_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments for the - <a class="Xr">df(1)</a> utility when - <var class="Va">daily_status_disks_enable</var> is set to - “<code class="Li">YES</code>”. The default is - <code class="Fl">-l</code> <code class="Fl">-h</code>.</dd> - <dt id="daily_status_zfs_enable"><var class="Va">daily_status_zfs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">zpool</code> <code class="Cm">status</code> on your - <a class="Xr">zfs(8)</a> pools.</dd> - <dt id="daily_status_zfs_zpool_list_enable"><var class="Va">daily_status_zfs_zpool_list_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">zpool</code> <code class="Cm">list</code> on your - <a class="Xr">zfs(8)</a> pools. Requires - <var class="Va">daily_status_zfs_enable</var> to be set to - <code class="Li">YES</code>.</dd> - <dt id="daily_status_gmirror_enable"><var class="Va">daily_status_gmirror_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">gmirror</code> <code class="Cm">status</code> on your - <a class="Xr">gmirror(8)</a> devices.</dd> - <dt id="daily_status_graid3_enable"><var class="Va">daily_status_graid3_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">graid3</code> <code class="Cm">status</code> on your - <a class="Xr">graid3(8)</a> devices.</dd> - <dt id="daily_status_gstripe_enable"><var class="Va">daily_status_gstripe_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">gstripe</code> <code class="Cm">status</code> on your - <a class="Xr">gstripe(8)</a> devices.</dd> - <dt id="daily_status_gconcat_enable"><var class="Va">daily_status_gconcat_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">gconcat</code> <code class="Cm">status</code> on your - <a class="Xr">gconcat(8)</a> devices.</dd> - <dt id="daily_status_mfi_enable"><var class="Va">daily_status_mfi_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">mfiutil</code> <code class="Cm">status</code> on your - <a class="Xr">mfi(4)</a> devices.</dd> - <dt id="daily_status_network_enable"><var class="Va">daily_status_network_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <code class="Nm">netstat</code> <code class="Fl">-i</code>.</dd> - <dt id="daily_status_network_netstat_flags"><var class="Va">daily_status_network_netstat_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to additional arguments for the - <a class="Xr">netstat(1)</a> utility when - <var class="Va">daily_status_network_enable</var> is set to - “<code class="Li">YES</code>”. The default is - <code class="Fl">-d</code> <code class="Fl">-W</code>.</dd> - <dt id="daily_status_network_usedns"><var class="Va">daily_status_network_usedns</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <a class="Xr">netstat(1)</a> without the <code class="Fl">-n</code> option - (to do DNS lookups).</dd> - <dt id="daily_status_uptime_enable"><var class="Va">daily_status_uptime_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <a class="Xr">uptime(1)</a> (or <a class="Xr">ruptime(1)</a> if - <var class="Va">rwhod_enable</var> is set to - “<code class="Li">YES</code>” in - <span class="Pa">/etc/rc.conf</span>).</dd> - <dt id="daily_status_mailq_enable"><var class="Va">daily_status_mailq_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <a class="Xr">mailq(1)</a>.</dd> - <dt id="daily_status_mailq_shorten"><var class="Va">daily_status_mailq_shorten</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to shorten the - <a class="Xr">mailq(1)</a> output when - <var class="Va">daily_status_mailq_enable</var> is set to - “<code class="Li">YES</code>”.</dd> - <dt id="daily_status_include_submit_mailq"><var class="Va">daily_status_include_submit_mailq</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you also want to run - <a class="Xr">mailq(1)</a> on the submit mail queue when - <var class="Va">daily_status_mailq_enable</var> is set to - “<code class="Li">YES</code>”. This may not work with MTAs - other than <a class="Xr">sendmail(8)</a>.</dd> - <dt id="daily_status_security_enable"><var class="Va">daily_status_security_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run the - security check. The security check is another set of - <a class="Xr">periodic(8)</a> scripts. The system defaults are in - <span class="Pa">/etc/periodic/security</span>. Local scripts should be - placed in <span class="Pa">/usr/local/etc/periodic/security</span>. See - the <a class="Xr">periodic(8)</a> manual page for more information.</dd> - <dt id="daily_status_security_inline"><var class="Va">daily_status_security_inline</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want the security check - output inline. The default is to either mail or log the output according - to the value of <var class="Va">daily_status_security_output</var>.</dd> - <dt id="daily_status_security_output"><var class="Va">daily_status_security_output</var></dt> - <dd>(<var class="Vt">str</var>) Where to send the output of the security check - if <var class="Va">daily_status_security_inline</var> is set to - “<code class="Li">NO</code>”. This variable behaves in the - same way as the <var class="Va">*_output</var> variables above, namely it - can be set either to one or more email addresses or to an absolute file - name.</dd> - <dt id="daily_status_mail_rejects_enable"><var class="Va">daily_status_mail_rejects_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to summarise mail - rejections logged to <span class="Pa">/var/log/maillog</span> for the - previous day.</dd> - <dt id="daily_status_mail_rejects_logs"><var class="Va">daily_status_mail_rejects_logs</var></dt> - <dd>(<var class="Vt">num</var>) Set to the number of maillog files that should - be checked for yesterday's mail rejects.</dd> - <dt id="daily_status_ntpd_enable"><var class="Va">daily_status_ntpd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to enable NTP - status check.</dd> - <dt id="daily_status_world_kernel"><var class="Va">daily_status_world_kernel</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to check the running userland - and kernel are in sync.</dd> - <dt id="daily_queuerun_enable"><var class="Va">daily_queuerun_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to manually run - the mail queue at least once a day.</dd> - <dt id="daily_submit_queuerun"><var class="Va">daily_submit_queuerun</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you also want to manually - run the submit mail queue at least once a day when - <var class="Va">daily_queuerun_enable</var> is set to - “<code class="Li">YES</code>”.</dd> - <dt id="daily_scrub_zfs_enable"><var class="Va">daily_scrub_zfs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run a zfs scrub - periodically.</dd> - <dt id="daily_scrub_zfs_pools"><var class="Va">daily_scrub_zfs_pools</var></dt> - <dd>(<var class="Vt">str</var>) A space separated list of names of zfs pools - to scrub. If the list is empty or not set, all zfs pools are - scrubbed.</dd> - <dt id="daily_scrub_zfs_default_threshold"><var class="Va">daily_scrub_zfs_default_threshold</var></dt> - <dd>(<var class="Vt">int</var>) Number of days between a scrub if no - pool-specific threshold is set. If not set, the default value is 35, - corresponding to 5 weeks.</dd> - <dt id="daily_scrub_zfs_"><var class="Va">daily_scrub_zfs_</var>⟨<var class="Ar">poolname</var>⟩<var class="Va">_threshold</var></dt> - <dd>(<var class="Vt">int</var>) The same as - <var class="Va">daily_scrub_zfs_default_threshold</var> but specific to - the pool ⟨<var class="Ar">poolname</var>⟩.</dd> - <dt id="daily_trim_zfs_enable"><var class="Va">daily_trim_zfs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run a zfs trim - daily.</dd> - <dt id="daily_trim_zfs_pools"><var class="Va">daily_trim_zfs_pools</var></dt> - <dd>(<var class="Vt">str</var>) A space separated list of names of zfs pools - to trim. If the list is empty or not set, all zfs pools are trimmed.</dd> - <dt id="daily_local"><var class="Va">daily_local</var></dt> - <dd>(<var class="Vt">str</var>) Set to a list of extra scripts that should be - run after all other daily scripts. All scripts must be absolute path - names.</dd> - <dt id="daily_diff_flags"><var class="Va">daily_diff_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments to pass to the - <a class="Xr">diff(1)</a> utility when generating differences. The default - is <code class="Fl">-b</code> <code class="Fl">-U</code> - <code class="Cm">0</code>.</dd> -</dl> -</div> -<p class="Pp">The following variables are used by the standard scripts that - reside in <span class="Pa">/etc/periodic/weekly</span>:</p> -<div class="Bd-indent"> -<dl class="Bl-tag"> - <dt id="weekly_locate_enable"><var class="Va">weekly_locate_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <span class="Pa">/usr/libexec/locate.updatedb</span>. This script is run - using <code class="Nm">nice</code> <code class="Fl">-5</code> as user - “<code class="Li">nobody</code>”, and generates the table - used by the <a class="Xr">locate(1)</a> command.</dd> - <dt id="weekly_whatis_enable"><var class="Va">weekly_whatis_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to run - <span class="Pa">/usr/libexec/makewhatis.local</span>. This script - regenerates the database used by the <a class="Xr">apropos(1)</a> - command.</dd> - <dt id="weekly_noid_enable"><var class="Va">weekly_noid_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to locate orphaned - files on the system. An orphaned file is one with an invalid owner or - group.</dd> - <dt id="weekly_noid_dirs"><var class="Va">weekly_noid_dirs</var></dt> - <dd>(<var class="Vt">str</var>) A list of directories under which orphaned - files are searched for. This would usually be set to - <span class="Pa">/</span>.</dd> - <dt id="weekly_status_security_enable"><var class="Va">weekly_status_security_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Weekly counterpart of - <var class="Va">daily_status_security_enable</var>.</dd> - <dt id="weekly_status_security_inline"><var class="Va">weekly_status_security_inline</var></dt> - <dd>(<var class="Vt">bool</var>) Weekly counterpart of - <var class="Va">daily_status_security_inline</var>.</dd> - <dt id="weekly_status_security_output"><var class="Va">weekly_status_security_output</var></dt> - <dd>(<var class="Vt">str</var>) Weekly counterpart of - <var class="Va">daily_status_security_output</var>.</dd> - <dt id="weekly_status_pkg_enable"><var class="Va">weekly_status_pkg_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to use - <a class="Xr">pkg-version(8)</a> to list installed packages which are out - of date.</dd> - <dt id="pkg_version"><var class="Va">pkg_version</var></dt> - <dd>(<var class="Vt">str</var>) When - <var class="Va">weekly_status_pkg_enable</var> is set to - “<code class="Li">YES</code>”, this variable specifies the - program that is used to determine the out of date packages. If unset, the - <a class="Xr">pkg-version(8)</a> program is used. As an example, this - variable might be set to - “<code class="Li">portversion</code>” if the - <span class="Pa">ports/sysutils/portupgrade</span> port has been - installed.</dd> - <dt id="pkg_version_index"><var class="Va">pkg_version_index</var></dt> - <dd>(<var class="Vt">str</var>) This variable specifies the - <span class="Pa">INDEX</span> file from <span class="Pa">/usr/ports</span> - that should be used by <a class="Xr">pkg-version(8)</a>. Because the - dependency tree may be substantially different between versions of - <span class="Ux">FreeBSD</span>, there may be more than one - <span class="Pa">INDEX</span> file in <span class="Pa">/usr/ports</span>. - <p class="Pp">Note, if the <var class="Va">pkg_version</var> variable is set - to “<code class="Li">portversion</code>”, it will also be - necessary to arrange that the correct <span class="Pa">INDEX</span> file - is specified using environment variables and that - <var class="Va">pkg_version_index</var> is cleared in - <span class="Pa">/etc/periodic.conf</span> - (“<code class="Li">pkg_version_index=</code>”).</p> - </dd> - <dt id="weekly_local"><var class="Va">weekly_local</var></dt> - <dd>(<var class="Vt">str</var>) Set to a list of extra scripts that should be - run after all other weekly scripts. All scripts must be absolute path - names.</dd> -</dl> -</div> -<p class="Pp">The following variables are used by the standard scripts that - reside in <span class="Pa">/etc/periodic/monthly</span>:</p> -<div class="Bd-indent"> -<dl class="Bl-tag"> - <dt id="monthly_accounting_enable"><var class="Va">monthly_accounting_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to do login - accounting using the <a class="Xr">ac(8)</a> command.</dd> - <dt id="monthly_status_security_enable"><var class="Va">monthly_status_security_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Monthly counterpart of - <var class="Va">daily_status_security_enable</var>.</dd> - <dt id="monthly_status_security_inline"><var class="Va">monthly_status_security_inline</var></dt> - <dd>(<var class="Vt">bool</var>) Monthly counterpart of - <var class="Va">daily_status_security_inline</var>.</dd> - <dt id="monthly_status_security_output"><var class="Va">monthly_status_security_output</var></dt> - <dd>(<var class="Vt">str</var>) Monthly counterpart of - <var class="Va">daily_status_security_output</var>.</dd> - <dt id="monthly_local"><var class="Va">monthly_local</var></dt> - <dd>(<var class="Vt">str</var>) Set to a list of extra scripts that should be - run after all other monthly scripts. All scripts must be absolute path - names.</dd> -</dl> -</div> -<p class="Pp">The following variables are used by the standard scripts that - reside in <span class="Pa">/etc/periodic/security</span>. Those scripts are - usually run from daily (<var class="Va">daily_status_security_enable</var>), - weekly (<var class="Va">weekly_status_security_enable</var>), and monthly - (<var class="Va">monthly_status_security_enable</var>) periodic hooks. The - <var class="Va">..._period</var> of each script can be configured as - “daily”, “weekly”, “monthly” or - “NO”. Note that when periodic security scripts are run from - <a class="Xr">crontab(5)</a>, they will be always run unless their - <var class="Va">..._enable</var> or <var class="Va">..._period</var> - variable is set to “NO”.</p> -<div class="Bd-indent"> -<dl class="Bl-tag"> - <dt id="security_status_diff_flags"><var class="Va">security_status_diff_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to the arguments to pass to the - <a class="Xr">diff(1)</a> utility when generating differences. The default - is <code class="Fl">-b</code> <code class="Fl">-U</code> - <code class="Cm">0</code>.</dd> - <dt id="security_status_chksetuid_enable"><var class="Va">security_status_chksetuid_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to compare the modes and - modification times of setuid executables with the previous day's - values.</dd> - <dt id="security_status_chksetuid_period"><var class="Va">security_status_chksetuid_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_chkportsum_enable"><var class="Va">security_status_chkportsum_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to verify checksums of all - installed packages against the known checksums in - <span class="Pa">/var/db/pkg</span>.</dd> - <dt id="security_status_chkportsum_period"><var class="Va">security_status_chkportsum_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_neggrpperm_enable"><var class="Va">security_status_neggrpperm_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to check for files where the - group of a file has less permissions than the world at large. When users - are in more than 14 supplemental groups these negative permissions may not - be enforced via NFS shares.</dd> - <dt id="security_status_neggrpperm_period"><var class="Va">security_status_neggrpperm_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_chkmounts_enable"><var class="Va">security_status_chkmounts_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to check for changes mounted - file systems to the previous day's values.</dd> - <dt id="security_status_chkmounts_period"><var class="Va">security_status_chkmounts_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_noamd"><var class="Va">security_status_noamd</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” if you want to ignore - <a class="Xr">amd(8)</a> mounts when comparing against yesterday's file - system mounts in the - <var class="Va">security_status_chkmounts_enable</var> check.</dd> - <dt id="security_status_chkuid0_enable"><var class="Va">security_status_chkuid0_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to check - <span class="Pa">/etc/master.passwd</span> for accounts with UID 0.</dd> - <dt id="security_status_chkuid0_period"><var class="Va">security_status_chkuid0_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_passwdless_enable"><var class="Va">security_status_passwdless_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to check - <span class="Pa">/etc/master.passwd</span> for accounts with empty - passwords.</dd> - <dt id="security_status_passwdless_period"><var class="Va">security_status_passwdless_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_logincheck_enable"><var class="Va">security_status_logincheck_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to check - <span class="Pa">/etc/login.conf</span> ownership, see - <a class="Xr">login.conf(5)</a> for more information.</dd> - <dt id="security_status_logincheck_period"><var class="Va">security_status_logincheck_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_ipfwdenied_enable"><var class="Va">security_status_ipfwdenied_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to show log entries for - packets denied by <a class="Xr">ipfw(8)</a> since yesterday's check.</dd> - <dt id="security_status_ipfwdenied_period"><var class="Va">security_status_ipfwdenied_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_ipfdenied_enable"><var class="Va">security_status_ipfdenied_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to show log entries for - packets denied by <a class="Xr">ipf(8)</a> since yesterday's check.</dd> - <dt id="security_status_ipfdenied_period"><var class="Va">security_status_ipfdenied_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_pfdenied_enable"><var class="Va">security_status_pfdenied_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to show log entries for - packets denied by <a class="Xr">pf(4)</a> since yesterday's check.</dd> - <dt id="security_status_pfdenied_additionalanchors"><var class="Va">security_status_pfdenied_additionalanchors</var></dt> - <dd>(<var class="Vt">str</var>) Space-separated list of additional anchors - whose denied packets log entries to show. The main ruleset (i.e., the - empty-string anchor) and any <a class="Xr">blocklistd(8)</a> anchors, if - present, are always shown.</dd> - <dt id="security_status_pfdenied_period"><var class="Va">security_status_pfdenied_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_ipfwlimit_enable"><var class="Va">security_status_ipfwlimit_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to display - <a class="Xr">ipfw(8)</a> rules that have reached their verbosity - limit.</dd> - <dt id="security_status_ipfwlimit_period"><var class="Va">security_status_ipfwlimit_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_kernelmsg_enable"><var class="Va">security_status_kernelmsg_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to show new - <a class="Xr">dmesg(8)</a> entries since yesterday's check.</dd> - <dt id="security_status_kernelmsg_period"><var class="Va">security_status_kernelmsg_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_loginfail_enable"><var class="Va">security_status_loginfail_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to display failed logins from - <span class="Pa">/var/log/messages</span> in the previous day.</dd> - <dt id="security_status_loginfail_period"><var class="Va">security_status_loginfail_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> - <dt id="security_status_tcpwrap_enable"><var class="Va">security_status_tcpwrap_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to display connections denied - by tcpwrappers (see <a class="Xr">hosts_access(5)</a>) from - <span class="Pa">/var/log/messages</span> during the previous day.</dd> - <dt id="security_status_tcpwrap_period"><var class="Va">security_status_tcpwrap_period</var></dt> - <dd>(<var class="Vt">str</var>) Set to either - “<code class="Li">daily</code>”, - “<code class="Li">weekly</code>”, - “<code class="Li">monthly</code>” or - “<code class="Li">NO</code>”.</dd> -</dl> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag"> - <dt><span class="Pa">/etc/defaults/periodic.conf</span></dt> - <dd>The default configuration file. This file contains all default variables - and values.</dd> - <dt><span class="Pa">/etc/periodic.conf</span></dt> - <dd>The usual system specific variable override file.</dd> - <dt><span class="Pa">/etc/periodic.conf.local</span></dt> - <dd>An additional override file, useful when - <span class="Pa">/etc/periodic.conf</span> is shared or distributed.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">apropos(1)</a>, <a class="Xr">calendar(1)</a>, - <a class="Xr">df(1)</a>, <a class="Xr">diff(1)</a>, - <a class="Xr">gzip(1)</a>, <a class="Xr">locate(1)</a>, - <a class="Xr">man(1)</a>, <a class="Xr">msgs(1)</a>, - <a class="Xr">netstat(1)</a>, <a class="Xr">nice(1)</a>, - <a class="Xr">login.conf(5)</a>, <a class="Xr">rc.conf(5)</a>, - <a class="Xr">ac(8)</a>, <a class="Xr">chkgrp(8)</a>, - <a class="Xr">dump(8)</a>, <a class="Xr">newsyslog(8)</a>, - <a class="Xr">periodic(8)</a>, <a class="Xr">pkg-version(8)</a>, - <a class="Xr">sendmail(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">periodic.conf</code> file appeared in - <span class="Ux">FreeBSD 4.1</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Brian Somers</span> - <<a class="Mt" href="mailto:brian@Awfulhak.org">brian@Awfulhak.org</a>></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 9, 2024</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/pf.conf.5 3.html b/static/freebsd/man5/pf.conf.5 3.html deleted file mode 100644 index dfa40f42..00000000 --- a/static/freebsd/man5/pf.conf.5 3.html +++ /dev/null @@ -1,3028 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PF.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PF.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">pf.conf</code> — <span class="Nd">packet - filter configuration file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <a class="Xr">pf(4)</a> packet filter modifies, drops or - passes packets according to rules or definitions specified in - <code class="Nm">pf.conf</code>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="STATEMENT_ORDER"><a class="permalink" href="#STATEMENT_ORDER">STATEMENT - ORDER</a></h1> -<p class="Pp">There are eight types of statements in - <code class="Nm">pf.conf</code>:</p> -<dl class="Bl-tag"> - <dt id="Macros"><a class="permalink" href="#Macros"><code class="Cm">Macros</code></a></dt> - <dd>User-defined variables may be defined and used later, simplifying the - configuration file. Macros must be defined before they are referenced in - <code class="Nm">pf.conf</code>.</dd> - <dt id="Tables"><a class="permalink" href="#Tables"><code class="Cm">Tables</code></a></dt> - <dd>Tables provide a mechanism for increasing the performance and flexibility - of rules with large numbers of source or destination addresses.</dd> - <dt id="Options"><a class="permalink" href="#Options"><code class="Cm">Options</code></a></dt> - <dd>Options tune the behaviour of the packet filtering engine.</dd> - <dt id="Ethernet"><a class="permalink" href="#Ethernet"><code class="Cm">Ethernet - Filtering</code></a></dt> - <dd>Ethernet filtering provides rule-based blocking or passing of Ethernet - packets.</dd> - <dt id="Traffic"><a class="permalink" href="#Traffic"><code class="Cm">Traffic - Normalization</code></a> <code class="Li">(e.g.</code> - <a class="permalink" href="#scrub"><i class="Em" id="scrub">scrub</i></a>)</dt> - <dd>Traffic normalization protects internal machines against inconsistencies - in Internet protocols and implementations.</dd> - <dt id="Queueing"><a class="permalink" href="#Queueing"><code class="Cm">Queueing</code></a></dt> - <dd>Queueing provides rule-based bandwidth control.</dd> - <dt id="Translation"><a class="permalink" href="#Translation"><code class="Cm">Translation</code></a> - <code class="Li">(Various forms of NAT)</code></dt> - <dd>Translation rules specify how addresses are to be mapped or redirected to - other addresses.</dd> - <dt id="Packet"><a class="permalink" href="#Packet"><code class="Cm">Packet - Filtering</code></a></dt> - <dd>Packet filtering provides rule-based blocking or passing of packets.</dd> -</dl> -<p class="Pp">With the exception of <code class="Cm">macros</code> and - <code class="Cm">tables</code>, the types of statements should be grouped - and appear in <code class="Nm">pf.conf</code> in the order shown above, as - this matches the operation of the underlying packet filtering engine. By - default <a class="Xr">pfctl(8)</a> enforces this order (see - <var class="Ar">set require-order</var> below).</p> -<p class="Pp">Comments can be put anywhere in the file using a hash mark - (‘#’), and extend to the end of the current line.</p> -<p class="Pp">Additional configuration files can be included with the - <code class="Ic">include</code> keyword, for example:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>include "/etc/pf/sub.filter.conf"</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="MACROS"><a class="permalink" href="#MACROS">MACROS</a></h1> -<p class="Pp">A macro is defined with a command of the form - <var class="Ar">name</var>=<var class="Ar">value</var>. The macro - <var class="Ar">name</var> can contain letters, digits, and underscores and - cannot be a reserved word (for example, <var class="Ar">pass</var>, - <var class="Ar">in</var>, or <var class="Ar">out</var>). Within unquoted - arguments, the string $<var class="Ar">name</var> is later expanded to - <var class="Ar">value</var>. Ranges of network addresses used in macros that - will be expanded in lists later on must be quoted with additional simple - quotes.</p> -<p class="Pp">For example,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>ext_if = "kue0" -all_ifs = "{" $ext_if lo0 "}" -pass out on $ext_if from any to any -pass in on $ext_if proto tcp from any to any port 25 - -usr_lan_range = "'192.0.2.0/24'" -srv_lan_range = "'198.51.100.0 - 198.51.100.255'" -nat_ranges = "{" $usr_lan_range $srv_lan_range "}" -nat on $ext_if from $nat_ranges to any -> ($ext_if)</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="TABLES"><a class="permalink" href="#TABLES">TABLES</a></h1> -<p class="Pp">Tables are named structures which can hold a collection of - addresses and networks. Lookups against tables in <a class="Xr">pf(4)</a> - are relatively fast, making a single rule with tables much more efficient, - in terms of processor usage and memory consumption, than a large number of - rules which differ only in IP address (either created explicitly or - automatically by rule expansion).</p> -<p class="Pp">Tables can be used as the source or destination of filter rules, - <var class="Ar">scrub</var> rules or translation rules such as - <var class="Ar">nat</var> or <var class="Ar">rdr</var> (see below for - details on the various rule types). Tables can also be used for the redirect - address of <var class="Ar">nat</var> and <var class="Ar">rdr</var> and in - the routing options of filter rules, but not for - <var class="Ar">bitmask</var> pools.</p> -<p class="Pp">Tables can be defined with any of the following - <a class="Xr">pfctl(8)</a> mechanisms. As with macros, reserved words may - not be used as table names.</p> -<dl class="Bl-tag"> - <dt><var class="Ar">manually</var></dt> - <dd>Persistent tables can be manually created with the - <var class="Ar">add</var> or <var class="Ar">replace</var> option of - <a class="Xr">pfctl(8)</a>, before or after the ruleset has been - loaded.</dd> - <dt><span class="Pa">pf.conf</span></dt> - <dd>Table definitions can be placed directly in this file, and loaded at the - same time as other rules are loaded, atomically. Table definitions inside - <code class="Nm">pf.conf</code> use the <var class="Ar">table</var> - statement, and are especially useful to define non-persistent tables. The - contents of a pre-existing table defined without a list of addresses to - initialize it is not altered when <code class="Nm">pf.conf</code> is - loaded. A table initialized with the empty list, <code class="Li">{ - }</code>, will be cleared on load.</dd> -</dl> -<p class="Pp">Tables may be defined with the following attributes:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">persist</var></dt> - <dd>The <var class="Ar">persist</var> flag forces the kernel to keep the table - even when no rules refer to it. If the flag is not set, the kernel will - automatically remove the table when the last rule referring to it is - flushed.</dd> - <dt><var class="Ar">const</var></dt> - <dd>The <var class="Ar">const</var> flag prevents the user from altering the - contents of the table once it has been created. Without that flag, - <a class="Xr">pfctl(8)</a> can be used to add or remove addresses from the - table at any time, even when running with <a class="Xr">securelevel(7)</a> - = 2.</dd> - <dt><var class="Ar">counters</var></dt> - <dd>The <var class="Ar">counters</var> flag enables per-address packet and - byte counters which can be displayed with <a class="Xr">pfctl(8)</a>. Note - that this feature carries significant memory overhead for large - tables.</dd> -</dl> -<p class="Pp">For example,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>table <private> const { 10/8, 172.16/12, 192.168/16 } -table <badhosts> persist -block on fxp0 from { <private>, <badhosts> } to any</pre> -</div> -<p class="Pp">creates a table called private, to hold RFC 1918 private network - blocks, and a table called badhosts, which is initially empty. A filter rule - is set up to block all traffic coming from addresses listed in either table. - The private table cannot have its contents changed and the badhosts table - will exist even when no active filter rules reference it. Addresses may - later be added to the badhosts table, so that traffic from these hosts can - be blocked by using</p> -<div class="Bd Pp Bd-indent Li"> -<pre># pfctl -t badhosts -Tadd 204.92.77.111</pre> -</div> -<p class="Pp">A table can also be initialized with an address list specified in - one or more external files, using the following syntax:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>table <spam> persist file "/etc/spammers" file "/etc/openrelays" -block on fxp0 from <spam> to any</pre> -</div> -<p class="Pp" id="all">The files <span class="Pa">/etc/spammers</span> and - <span class="Pa">/etc/openrelays</span> list IP addresses, one per line. Any - lines beginning with a # are treated as comments and ignored. In addition to - being specified by IP address, hosts may also be specified by their - hostname. When the resolver is called to add a hostname to a table, - <a class="permalink" href="#all"><i class="Em">all</i></a> resulting IPv4 - and IPv6 addresses are placed into the table. IP addresses can also be - entered in a table by specifying a valid interface name, a valid interface - group or the - <a class="permalink" href="#self"><i class="Em" id="self">self</i></a> - keyword, in which case all addresses assigned to the interface(s) will be - added to the table.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1> -<p class="Pp"><a class="Xr">pf(4)</a> may be tuned for various situations using - the <var class="Ar">set</var> command.</p> -<dl class="Bl-tag"> - <dt><var class="Ar">set timeout</var></dt> - <dd> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">interval</var></dt> - <dd>Interval between purging expired states and fragments.</dd> - <dt><var class="Ar">frag</var></dt> - <dd>Seconds before an unassembled fragment is expired.</dd> - <dt><var class="Ar">src.track</var></dt> - <dd>Length of time to retain a source tracking entry after the last state - expires.</dd> - </dl> - <p class="Pp">When a packet matches a stateful connection, the seconds to - live for the connection will be updated to that of the - <var class="Ar">proto.modifier</var> which corresponds to the connection - state. Each packet which matches this state will reset the TTL. Tuning - these values may improve the performance of the firewall at the risk of - dropping valid idle connections. Alternatively, these values may be - adjusted collectively in a manner suitable for a specific environment - using <code class="Cm">set optimization</code> (see above).</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">tcp.first</var></dt> - <dd>The state after the first packet.</dd> - <dt><var class="Ar">tcp.opening</var></dt> - <dd>The state after the second packet but before both endpoints have - acknowledged the connection.</dd> - <dt><var class="Ar">tcp.tsdiff</var></dt> - <dd>Maximum allowed time difference between RFC 1323 compliant packet - timestamps. 30 seconds by default.</dd> - <dt><var class="Ar">tcp.established</var></dt> - <dd>The fully established state.</dd> - <dt><var class="Ar">tcp.closing</var></dt> - <dd>The state after the first FIN has been sent.</dd> - <dt><var class="Ar">tcp.finwait</var></dt> - <dd>The state after both FINs have been exchanged and the connection is - closed. Some hosts (notably web servers on Solaris) send TCP packets - even after closing the connection. Increasing - <var class="Ar">tcp.finwait</var> (and possibly - <var class="Ar">tcp.closing</var>) can prevent blocking of such - packets.</dd> - <dt><var class="Ar">tcp.closed</var></dt> - <dd>The state after one endpoint sends an RST.</dd> - </dl> - <p class="Pp">SCTP timeout are handled similar to TCP, but with its own set - of states:</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">sctp.first</var></dt> - <dd>The state after the first packet.</dd> - <dt><var class="Ar">sctp.opening</var></dt> - <dd>The state before the destination host ever sends a packet.</dd> - <dt><var class="Ar">sctp.established</var></dt> - <dd>The fully established state.</dd> - <dt><var class="Ar">sctp.closing</var></dt> - <dd>The state after the first SHUTDOWN chunk has been sent.</dd> - <dt><var class="Ar">sctp.closed</var></dt> - <dd>The state after SHUTDOWN_ACK has been exchanged and the connection is - closed.</dd> - </dl> - <p class="Pp">ICMP and UDP are handled in a fashion similar to TCP, but with - a much more limited set of states:</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">udp.first</var></dt> - <dd>The state after the first packet.</dd> - <dt><var class="Ar">udp.single</var></dt> - <dd>The state if the source host sends more than one packet but the - destination host has never sent one back.</dd> - <dt><var class="Ar">udp.multiple</var></dt> - <dd>The state if both hosts have sent packets.</dd> - <dt><var class="Ar">icmp.first</var></dt> - <dd>The state after the first packet.</dd> - <dt><var class="Ar">icmp.error</var></dt> - <dd>The state after an ICMP error came back in response to an ICMP - packet.</dd> - </dl> - <p class="Pp">Other protocols are handled similarly to UDP:</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">other.first</var></dt> - <dd style="width: auto;"> </dd> - <dt><var class="Ar">other.single</var></dt> - <dd style="width: auto;"> </dd> - <dt><var class="Ar">other.multiple</var></dt> - <dd style="width: auto;"> </dd> - </dl> - <p class="Pp">Timeout values can be reduced adaptively as the number of - state table entries grows.</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">adaptive.start</var></dt> - <dd>When the number of state entries exceeds this value, adaptive scaling - begins. All timeout values are scaled linearly with factor - (adaptive.end - number of states) / (adaptive.end - - adaptive.start).</dd> - <dt><var class="Ar">adaptive.end</var></dt> - <dd>When reaching this number of state entries, all timeout values become - zero, effectively purging all state entries immediately. This value is - used to define the scale factor, it should not actually be reached - (set a lower state limit, see below).</dd> - </dl> - <p class="Pp">Adaptive timeouts are enabled by default, with an - adaptive.start value equal to 60% of the state limit, and an - adaptive.end value equal to 120% of the state limit. They can be - disabled by setting both adaptive.start and adaptive.end to 0.</p> - <p class="Pp">The adaptive timeout values can be defined both globally and - for each rule. When used on a per-rule basis, the values relate to the - number of states created by the rule, otherwise to the total number of - states.</p> - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set timeout tcp.first 120 -set timeout tcp.established 86400 -set timeout { adaptive.start 60000, adaptive.end 120000 } -set limit states 100000</pre> - </div> - <p class="Pp">With 90000 state table entries, the timeout values are scaled - to 50% (tcp.first 60, tcp.established 43200).</p> - </dd> - <dt><var class="Ar">set loginterface</var></dt> - <dd>Enable collection of packet and byte count statistics for the given - interface or interface group. These statistics can be viewed using - <div class="Bd Pp Bd-indent Li"> - <pre># pfctl -s info</pre> - </div> - <p class="Pp">In this example <a class="Xr">pf(4)</a> collects statistics on - the interface named dc0:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set loginterface dc0</pre> - </div> - <p class="Pp">One can disable the loginterface using:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set loginterface none</pre> - </div> - </dd> - <dt><var class="Ar">set limit</var></dt> - <dd>Sets hard limits on the memory pools used by the packet filter. See - <a class="Xr">zone(9)</a> for an explanation of memory pools. - <p class="Pp">Limits can be set on the following:</p> - <dl class="Bl-tag"> - <dt id="states"><a class="permalink" href="#states"><code class="Cm">states</code></a></dt> - <dd>Set the maximum number of entries in the memory pool used by state - table entries (those generated by <var class="Ar">pass</var> rules - which do not specify <code class="Cm">no state</code>). The default is - 100000.</dd> - <dt id="src-nodes"><a class="permalink" href="#src-nodes"><code class="Cm">src-nodes</code></a></dt> - <dd>Set the maximum number of entries in the memory pool used for tracking - source IP addresses (generated by the - <var class="Ar">sticky-address</var> and - <var class="Ar">src.track</var> options). The default is 10000.</dd> - <dt id="table-entries"><a class="permalink" href="#table-entries"><code class="Cm">table-entries</code></a></dt> - <dd>Set the number of addresses that can be stored in tables. The default - is 200000.</dd> - <dt id="anchors"><a class="permalink" href="#anchors"><code class="Cm">anchors</code></a></dt> - <dd>Set the number of anchors that can exist. The default is 512.</dd> - <dt id="eth-anchors"><a class="permalink" href="#eth-anchors"><code class="Cm">eth-anchors</code></a></dt> - <dd>Set the number of anchors that can exist. The default is 512.</dd> - </dl> - <p class="Pp">Multiple limits can be combined on a single line:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set limit { states 20000, frags 2000, src-nodes 2000 }</pre> - </div> - </dd> - <dt><var class="Ar">set ruleset-optimization</var></dt> - <dd> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">none</var></dt> - <dd>Disable the ruleset optimizer.</dd> - <dt><var class="Ar">basic</var></dt> - <dd>Enable basic ruleset optimization. This is the default behaviour. - Basic ruleset optimization does four things to improve the performance - of ruleset evaluations: - <p class="Pp"></p> - <ol class="Bl-enum Bl-compact"> - <li>remove duplicate rules</li> - <li>remove rules that are a subset of another rule</li> - <li>combine multiple rules into a table when advantageous</li> - <li>re-order the rules to improve evaluation performance</li> - </ol> - <p class="Pp"></p> - </dd> - <dt><var class="Ar">profile</var></dt> - <dd>Uses the currently loaded ruleset as a feedback profile to tailor the - ordering of quick rules to actual network traffic.</dd> - </dl> - <p class="Pp">It is important to note that the ruleset optimizer will modify - the ruleset to improve performance. A side effect of the ruleset - modification is that per-rule accounting statistics will have different - meanings than before. If per-rule accounting is important for billing - purposes or whatnot, either the ruleset optimizer should not be used or - a label field should be added to all of the accounting rules to act as - optimization barriers.</p> - <p class="Pp">Optimization can also be set as a command-line argument to - <a class="Xr">pfctl(8)</a>, overriding the settings in - <code class="Nm">pf.conf</code>.</p> - </dd> - <dt><var class="Ar">set optimization</var></dt> - <dd>Optimize state timeouts for one of the following network environments: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">normal</var></dt> - <dd>A normal network environment. Suitable for almost all networks.</dd> - <dt><var class="Ar">high-latency</var></dt> - <dd>A high-latency environment (such as a satellite connection).</dd> - <dt><var class="Ar">satellite</var></dt> - <dd>Alias for <var class="Ar">high-latency</var>.</dd> - <dt><var class="Ar">aggressive</var></dt> - <dd>Aggressively expire connections. This can greatly reduce the memory - usage of the firewall at the cost of dropping idle connections - early.</dd> - <dt><var class="Ar">conservative</var></dt> - <dd>Extremely conservative settings. Avoid dropping legitimate connections - at the expense of greater memory utilization (possibly much greater on - a busy network) and slightly increased processor utilization.</dd> - </dl> - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set optimization aggressive</pre> - </div> - </dd> - <dt><var class="Ar">set reassemble yes</var> | <var class="Ar">no</var> - [<code class="Cm">no-df</code>]</dt> - <dd>The <code class="Cm">reassemble</code> option is used to enable or disable - the reassembly of fragmented packets, and can be set to - <code class="Cm">yes</code> or <code class="Cm">no</code>. If - <code class="Cm">no-df</code> is also specified, fragments with the - “dont-fragment” bit set are reassembled too, instead of - being dropped; the reassembled packet will have the - “dont-fragment” bit cleared. The default value is - <code class="Cm">no</code>. - <p class="Pp">This option is ignored if there are pre-FreeBSD 14 - <code class="Cm">scrub</code> rules present.</p> - </dd> - <dt><var class="Ar">set block-policy</var></dt> - <dd>The <var class="Ar">block-policy</var> option sets the default behaviour - for the packet <var class="Ar">block</var> action: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">drop</var></dt> - <dd>Packet is silently dropped.</dd> - <dt><var class="Ar">return</var></dt> - <dd>A TCP RST is returned for blocked TCP packets, an SCTP ABORT chunk is - returned for blocked SCTP packets, an ICMP UNREACHABLE is returned for - blocked UDP packets, and all other packets are silently dropped.</dd> - </dl> - <p class="Pp">The default value is <code class="Cm">drop</code>.</p> - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set block-policy return</pre> - </div> - </dd> - <dt><var class="Ar">set fail-policy</var></dt> - <dd>The <var class="Ar">fail-policy</var> option sets the behaviour of rules - which should pass a packet but were unable to do so. This might happen - when a nat or route-to rule uses an empty table as list of targets or if a - rule fails to create state or source node. The following - <var class="Ar">block</var> actions are possible: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">drop</var></dt> - <dd>Incoming packet is silently dropped.</dd> - <dt><var class="Ar">return</var></dt> - <dd>Incoming packet is dropped and TCP RST is returned for TCP packets, an - SCTP ABORT chunk is returned for blocked SCTP packets, an ICMP - UNREACHABLE is returned for UDP packets, and no response is sent for - other packets.</dd> - </dl> - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set fail-policy return</pre> - </div> - </dd> - <dt><var class="Ar">set state-policy</var></dt> - <dd>The <var class="Ar">state-policy</var> option sets the default behaviour - for states: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">if-bound</var></dt> - <dd>States are bound to interface.</dd> - <dt><var class="Ar">floating</var></dt> - <dd>States can match packets on any interfaces (the default).</dd> - </dl> - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>set state-policy if-bound</pre> - </div> - </dd> - <dt><var class="Ar">set syncookies never</var> | <var class="Ar">always</var> - | <var class="Ar">adaptive</var></dt> - <dd>When <code class="Cm">syncookies</code> are active, pf will answer each - incoming TCP SYN with a syncookie SYNACK, without allocating any - resources. Upon reception of the client's ACK in response to the syncookie - SYNACK, pf will evaluate the ruleset and create state if the ruleset - permits it, complete the three way handshake with the target host and - continue the connection with synproxy in place. This allows pf to be - resilient against large synflood attacks which would run the state table - against its limits otherwise. Due to the blind answers to every incoming - SYN syncookies share the caveats of synproxy, namely seemingly accepting - connections that will be dropped later on. - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="never"><a class="permalink" href="#never"><code class="Cm">never</code></a></dt> - <dd>pf will never send syncookie SYNACKs (the default).</dd> - <dt id="always"><a class="permalink" href="#always"><code class="Cm">always</code></a></dt> - <dd>pf will always send syncookie SYNACKs.</dd> - <dt id="adaptive"><a class="permalink" href="#adaptive"><code class="Cm">adaptive</code></a></dt> - <dd>pf will enable syncookie mode when a given percentage of the state - table is used up by half-open TCP connections, as in, those that saw - the initial SYN but didn't finish the three way handshake. The - thresholds for entering and leaving syncookie mode can be specified - using - <div class="Bd Pp Bd-indent Li"> - <pre>set syncookies adaptive (start 25%, end 12%)</pre> - </div> - </dd> - </dl> - </dd> - <dt><var class="Ar">set state-defaults</var></dt> - <dd>The <var class="Ar">state-defaults</var> option sets the state options for - states created from rules without an explicit <var class="Ar">keep - state</var>. For example: - <div class="Bd Pp Bd-indent Li"> - <pre>set state-defaults no-sync</pre> - </div> - </dd> - <dt><var class="Ar">set hostid</var></dt> - <dd>The 32-bit <var class="Ar">hostid</var> identifies this firewall's state - table entries to other firewalls in a <a class="Xr">pfsync(4)</a> failover - cluster. By default the hostid is set to a pseudo-random value, however it - may be desirable to manually configure it, for example to more easily - identify the source of state table entries. - <div class="Bd Pp Bd-indent Li"> - <pre>set hostid 1</pre> - </div> - <p class="Pp">The hostid may be specified in either decimal or - hexadecimal.</p> - </dd> - <dt id="options"><var class="Ar">set require-order</var></dt> - <dd>By default <a class="Xr">pfctl(8)</a> enforces an ordering of the - statement types in the ruleset to: - <a class="permalink" href="#options"><i class="Em">options</i></a>, - <a class="permalink" href="#normalization"><i class="Em" id="normalization">normalization</i></a>, - <a class="permalink" href="#queueing"><i class="Em" id="queueing">queueing</i></a>, - <a class="permalink" href="#translation"><i class="Em" id="translation">translation</i></a>, - <a class="permalink" href="#filtering"><i class="Em" id="filtering">filtering</i></a>. - Setting this option to <var class="Ar">no</var> disables this enforcement. - There may be non-trivial and non-obvious implications to an out of order - ruleset. Consider carefully before disabling the order enforcement.</dd> - <dt><var class="Ar">set fingerprints</var></dt> - <dd>Load fingerprints of known operating systems from the given filename. By - default fingerprints of known operating systems are automatically loaded - from <a class="Xr">pf.os(5)</a> in <span class="Pa">/etc</span> but can be - overridden via this option. Setting this option may leave a small period - of time where the fingerprints referenced by the currently active ruleset - are inconsistent until the new ruleset finishes loading. The default - location for fingerprints is <span class="Pa">/etc/pf.os</span>. - <p class="Pp">For example:</p> - <p class="Pp"></p> - <div class="Bd Bd-indent"><code class="Li">set fingerprints - "/etc/pf.os.devel"</code></div> - </dd> - <dt><var class="Ar">set skip on</var> - ⟨<var class="Ar">ifspec</var>⟩</dt> - <dd>List interfaces for which packets should not be filtered. Packets passing - in or out on such interfaces are passed as if pf was disabled, i.e. pf - does not process them in any way. This can be useful on loopback and other - virtual interfaces, when packet filtering is not desired and can have - unexpected effects. For example: - <p class="Pp"></p> - <div class="Bd Bd-indent"><code class="Li">set skip on lo0</code></div> - </dd> - <dt><var class="Ar">set debug</var></dt> - <dd>Set the debug <var class="Ar">level</var> to one of the following: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">none</var></dt> - <dd>Don't generate debug messages.</dd> - <dt><var class="Ar">urgent</var></dt> - <dd>Generate debug messages only for serious errors.</dd> - <dt><var class="Ar">misc</var></dt> - <dd>Generate debug messages for various errors.</dd> - <dt><var class="Ar">loud</var></dt> - <dd>Generate debug messages for common conditions.</dd> - </dl> - </dd> - <dt><var class="Ar">set keepcounters</var></dt> - <dd>Preserve rule counters across rule updates. Usually rule counters are - reset to zero on every update of the ruleset. With - <var class="Ar">keepcounters</var> set pf will attempt to find matching - rules between old and new rulesets and preserve the rule counters.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="ETHERNET_FILTERING"><a class="permalink" href="#ETHERNET_FILTERING">ETHERNET - FILTERING</a></h1> -<p class="Pp"><a class="Xr">pf(4)</a> has the ability to - <var class="Ar">block</var> and <var class="Ar">pass</var> packets based on - attributes of their Ethernet (layer 2) header.</p> -<p class="Pp">Each time a packet processed by the packet filter comes in on or - goes out through an interface, the filter rules are evaluated in sequential - order, from first to last. The last matching rule decides what action is - taken. If no rule matches the packet, the default action is to pass the - packet without creating a state.</p> -<p class="Pp">The following actions can be used in the filter:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">block</var></dt> - <dd>The packet is blocked. Unlike for layer 3 traffic the packet is always - silently dropped.</dd> - <dt><var class="Ar">pass</var></dt> - <dd>The packet is passed; no state is created for layer 2 traffic.</dd> -</dl> -<section class="Ss"> -<h2 class="Ss" id="Parameters_applicable_to_layer_2_rules"><a class="permalink" href="#Parameters_applicable_to_layer_2_rules">Parameters - applicable to layer 2 rules</a></h2> -<p class="Pp">The rule parameters specify the packets to which a rule applies. A - packet always comes in on, or goes out through, one interface. Most - parameters are optional. If a parameter is specified, the rule only applies - to packets with matching attributes. The matching for some parameters can be - inverted with the <code class="Cm">!</code> operator. Certain parameters can - be expressed as lists, in which case <a class="Xr">pfctl(8)</a> generates - all needed rule combinations.</p> -<dl class="Bl-tag"> - <dt><var class="Ar">in</var> <span class="No">or</span> - <var class="Ar">out</var></dt> - <dd>This rule applies to incoming or outgoing packets. If neither - <var class="Ar">in</var> nor <var class="Ar">out</var> are specified, the - rule will match packets in both directions.</dd> - <dt><var class="Ar">quick</var></dt> - <dd>If a packet matches a rule which has the <var class="Ar">quick</var> - option set, this rule is considered the last matching rule, and evaluation - of subsequent rules is skipped.</dd> - <dt><var class="Ar">on</var> ⟨<var class="Ar">ifspec</var>⟩</dt> - <dd>This rule applies only to packets coming in on, or going out through, this - particular interface or interface group. For more information on interface - groups, see the <code class="Ic">group</code> keyword in - <a class="Xr">ifconfig(8)</a>. <var class="Ar">any</var> will match any - existing interface except loopback ones.</dd> - <dt><var class="Ar">bridge-to</var> ⟨interface⟩</dt> - <dd>Packets matching this rule will be sent out of the specified interface - without further processing.</dd> - <dt><var class="Ar">proto</var> - ⟨<var class="Ar">protocol</var>⟩</dt> - <dd>This rule applies only to packets of this protocol. Note that Ethernet - protocol numbers are different from those used in <a class="Xr">ip(4)</a> - and <a class="Xr">ip6(4)</a>.</dd> - <dt><var class="Ar">from</var> ⟨<var class="Ar">source</var>⟩ - <var class="Ar">to</var> ⟨<var class="Ar">dest</var>⟩</dt> - <dd>This rule applies only to packets with the specified source and - destination MAC addresses.</dd> - <dt><var class="Ar">queue</var> - ⟨<var class="Ar">queue</var>⟩</dt> - <dd>Packets matching this rule will be assigned to the specified queue. See - <a class="Sx" href="#QUEUEING">QUEUEING</a> for setup details.</dd> - <dt><var class="Ar">tag</var> - ⟨<var class="Ar">string</var>⟩</dt> - <dd>Packets matching this rule will be tagged with the specified string. The - tag acts as an internal marker that can be used to identify these packets - later on. This can be used, for example, to provide trust between - interfaces and to determine if packets have been processed by translation - rules. Tags are "sticky", meaning that the packet will be tagged - even if the rule is not the last matching rule. Further matching rules can - replace the tag with a new one but will not remove a previously applied - tag. A packet is only ever assigned one tag at a time.</dd> - <dt><var class="Ar">tagged</var> - ⟨<var class="Ar">string</var>⟩</dt> - <dd>Used to specify that packets must already be tagged with the given tag in - order to match the rule. Inverse tag matching can also be done by - specifying the ! operator before the tagged keyword.</dd> -</dl> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="TRAFFIC_NORMALIZATION"><a class="permalink" href="#TRAFFIC_NORMALIZATION">TRAFFIC - NORMALIZATION</a></h1> -<p class="Pp">Traffic normalization is a broad umbrella term for aspects of the - packet filter which deal with verifying packets, packet fragments, spoofed - traffic, and other irregularities.</p> -<section class="Ss"> -<h2 class="Ss" id="Scrub"><a class="permalink" href="#Scrub">Scrub</a></h2> -<p class="Pp">Scrub involves sanitising packet content in such a way that there - are no ambiguities in packet interpretation on the receiving side. It is - invoked with the <code class="Cm">scrub</code> option, added to filter - rules.</p> -<p class="Pp">Parameters are specified enclosed in parentheses. At least one of - the following parameters must be specified:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">no-df</var></dt> - <dd>Clears the <var class="Ar">dont-fragment</var> bit from a matching IP - packet. Some operating systems are known to generate fragmented packets - with the <var class="Ar">dont-fragment</var> bit set. This is particularly - true with NFS. <var class="Ar">Scrub</var> will drop such fragmented - <var class="Ar">dont-fragment</var> packets unless - <var class="Ar">no-df</var> is specified. - <p class="Pp">Unfortunately some operating systems also generate their - <var class="Ar">dont-fragment</var> packets with a zero IP - identification field. Clearing the <var class="Ar">dont-fragment</var> - bit on packets with a zero IP ID may cause deleterious results if an - upstream router later fragments the packet. Using the - <var class="Ar">random-id</var> modifier (see below) is recommended in - combination with the <var class="Ar">no-df</var> modifier to ensure - unique IP identifiers.</p> - </dd> - <dt><var class="Ar">min-ttl</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Enforces a minimum TTL for matching IP packets.</dd> - <dt><var class="Ar">max-mss</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Reduces the maximum segment size (MSS) on TCP SYN packets to be no greater - than <var class="Ar">number</var>. This is sometimes required in scenarios - where the two endpoints of a TCP connection are not able to carry similar - sized packets and the resulting mismatch can lead to packet fragmentation - or loss. Note that setting the MSS this way can have undesirable effects, - such as interfering with the OS detection features of - <a class="Xr">pf(4)</a>.</dd> - <dt><var class="Ar">set-tos</var> ⟨<var class="Ar">string</var>⟩ - | ⟨<var class="Ar">number</var>⟩</dt> - <dd>Enforces a <i class="Em">TOS</i> for matching IP packets. - <i class="Em">TOS</i> may be given as one of - <var class="Ar">critical</var>, <var class="Ar">inetcontrol</var>, - <var class="Ar">lowdelay</var>, <var class="Ar">netcontrol</var>, - <var class="Ar">throughput</var>, <var class="Ar">reliability</var>, or - one of the DiffServ Code Points: <var class="Ar">ef</var>, - <var class="Ar">va</var>, <var class="Ar">af11</var> - <span class="No">...</span> <var class="Ar">af43</var>, - <var class="Ar">cs0</var> <span class="No">...</span> - <var class="Ar">cs7</var>; or as either hex or decimal.</dd> - <dt><var class="Ar">random-id</var></dt> - <dd>Replaces the IP identification field with random values to compensate for - predictable values generated by many hosts. This option only applies to - packets that are not fragmented after the optional fragment - reassembly.</dd> - <dt><var class="Ar">reassemble tcp</var></dt> - <dd>Statefully normalizes TCP connections. <var class="Ar">reassemble - tcp</var> performs the following normalizations: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt>ttl</dt> - <dd>Neither side of the connection is allowed to reduce their IP TTL. An - attacker may send a packet such that it reaches the firewall, affects - the firewall state, and expires before reaching the destination host. - <var class="Ar">reassemble tcp</var> will raise the TTL of all packets - back up to the highest value seen on the connection.</dd> - <dt>timestamp modulation</dt> - <dd>Modern TCP stacks will send a timestamp on every TCP packet and echo - the other endpoint's timestamp back to them. Many operating systems - will merely start the timestamp at zero when first booted, and - increment it several times a second. The uptime of the host can be - deduced by reading the timestamp and multiplying by a constant. Also - observing several different timestamps can be used to count hosts - behind a NAT device. And spoofing TCP packets into a connection - requires knowing or guessing valid timestamps. Timestamps merely need - to be monotonically increasing and not derived off a guessable base - time. <var class="Ar">reassemble tcp</var> will cause - <var class="Ar">scrub</var> to modulate the TCP timestamps with a - random number.</dd> - <dt>extended PAWS checks</dt> - <dd>There is a problem with TCP on long fat pipes, in that a packet might - get delayed for longer than it takes the connection to wrap its 32-bit - sequence space. In such an occurrence, the old packet would be - indistinguishable from a new packet and would be accepted as such. The - solution to this is called PAWS: Protection Against Wrapped Sequence - numbers. It protects against it by making sure the timestamp on each - packet does not go backwards. <var class="Ar">reassemble tcp</var> - also makes sure the timestamp on the packet does not go forward more - than the RFC allows. By doing this, <a class="Xr">pf(4)</a> - artificially extends the security of TCP sequence numbers by 10 to 18 - bits when the host uses appropriately randomized timestamps, since a - blind attacker would have to guess the timestamp as well.</dd> - </dl> - </dd> -</dl> -<p class="Pp">For example,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>match in all scrub (no-df random-id max-mss 1440)</pre> -</div> -</section> -<section class="Ss"> -<h2 class="Ss" id="Scrub_ruleset_(pre-FreeBSD_14)"><a class="permalink" href="#Scrub_ruleset_(pre-FreeBSD_14)">Scrub - ruleset (pre-FreeBSD 14)</a></h2> -<p class="Pp">In order to maintain compatibility with older releases of FreeBSD - <var class="Ar">scrub</var> rules can also be specified in their own - ruleset. In such case they are invoked with the <var class="Ar">scrub</var> - directive. If there are such rules present they determine packet reassembly - behaviour. When no such rules are present the option <var class="Ar">set - reassembly</var> takes precedence. The <var class="Ar">scrub</var> rules can - take all parameters specified above for a <var class="Ar">scrub</var> option - of filter rules and 2 more parameters controlling fragment reassembly:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">fragment reassemble</var></dt> - <dd>Using <var class="Ar">scrub</var> rules, fragments can be reassembled by - normalization. In this case, fragments are buffered until they form a - complete packet, and only the completed packet is passed on to the filter. - The advantage is that filter rules have to deal only with complete - packets, and can ignore fragments. The drawback of caching fragments is - the additional memory cost. This is the default behaviour unless no - fragment reassemble is specified.</dd> - <dt><var class="Ar">no fragment reassemble</var></dt> - <dd>Do not reassemble fragments.</dd> -</dl> -<p class="Pp">For example,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>scrub in on $ext_if all fragment reassemble</pre> -</div> -<p class="Pp">The <var class="Ar">no</var> option prefixed to a scrub rule - causes matching packets to remain unscrubbed, much in the same way as - <var class="Ar">drop quick</var> works in the packet filter (see below). - This mechanism should be used when it is necessary to exclude specific - packets from broader scrub rules.</p> -<p class="Pp"><var class="Ar">scrub</var> rules in the - <var class="Ar">scrub</var> ruleset are evaluated for every packet before - stateful filtering. This means excessive usage of them will cause - performance penalty. <var class="Ar">scrub reassemble tcp</var> rules must - not have the direction (in/out) specified.</p> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="QUEUEING_with_ALTQ"><a class="permalink" href="#QUEUEING_with_ALTQ">QUEUEING - with ALTQ</a></h1> -<p class="Pp">The ALTQ system is currently not available in the GENERIC kernel - nor as loadable modules. In order to use the herein after called queueing - options one has to use a custom built kernel. Please refer to - <a class="Xr">altq(4)</a> to learn about the related kernel options.</p> -<p class="Pp">Packets can be assigned to queues for the purpose of bandwidth - control. At least two declarations are required to configure queues, and - later any packet filtering rule can reference the defined queues by name. - During the filtering component of <code class="Nm">pf.conf</code>, the last - referenced <var class="Ar">queue</var> name is where any packets from - <var class="Ar">pass</var> rules will be queued, while for - <var class="Ar">block</var> rules it specifies where any resulting ICMP or - TCP RST packets should be queued. The <var class="Ar">scheduler</var> - defines the algorithm used to decide which packets get delayed, dropped, or - sent out immediately. There are three <var class="Ar">schedulers</var> - currently supported.</p> -<dl class="Bl-tag"> - <dt><var class="Ar">cbq</var></dt> - <dd>Class Based Queueing. <var class="Ar">Queues</var> attached to an - interface build a tree, thus each <var class="Ar">queue</var> can have - further child <var class="Ar">queues</var>. Each queue can have a - <var class="Ar">priority</var> and a <var class="Ar">bandwidth</var> - assigned. <var class="Ar">Priority</var> mainly controls the time packets - take to get sent out, while <var class="Ar">bandwidth</var> has primarily - effects on throughput. <var class="Ar">cbq</var> achieves both - partitioning and sharing of link bandwidth by hierarchically structured - classes. Each class has its own <var class="Ar">queue</var> and is - assigned its share of <var class="Ar">bandwidth</var>. A child class can - borrow bandwidth from its parent class as long as excess bandwidth is - available (see the option <var class="Ar">borrow</var>, below).</dd> - <dt><var class="Ar">priq</var></dt> - <dd>Priority Queueing. <var class="Ar">Queues</var> are flat attached to the - interface, thus, <var class="Ar">queues</var> cannot have further child - <var class="Ar">queues</var>. Each <var class="Ar">queue</var> has a - unique <var class="Ar">priority</var> assigned, ranging from 0 to 15. - Packets in the <var class="Ar">queue</var> with the highest - <var class="Ar">priority</var> are processed first.</dd> - <dt><var class="Ar">hfsc</var></dt> - <dd>Hierarchical Fair Service Curve. <var class="Ar">Queues</var> attached to - an interface build a tree, thus each <var class="Ar">queue</var> can have - further child <var class="Ar">queues</var>. Each queue can have a - <var class="Ar">priority</var> and a <var class="Ar">bandwidth</var> - assigned. <var class="Ar">Priority</var> mainly controls the time packets - take to get sent out, while <var class="Ar">bandwidth</var> primarily - affects throughput. <var class="Ar">hfsc</var> supports both link-sharing - and guaranteed real-time services. It employs a service curve based QoS - model, and its unique feature is an ability to decouple - <var class="Ar">delay</var> and <var class="Ar">bandwidth</var> - allocation.</dd> -</dl> -<p class="Pp">The interfaces on which queueing should be activated are declared - using the <var class="Ar">altq on</var> declaration. <var class="Ar">altq - on</var> has the following keywords:</p> -<dl class="Bl-tag"> - <dt>⟨<var class="Ar">interface</var>⟩</dt> - <dd>Queueing is enabled on the named interface.</dd> - <dt>⟨<var class="Ar">scheduler</var>⟩</dt> - <dd>Specifies which queueing scheduler to use. Currently supported values are - <var class="Ar">cbq</var> for Class Based Queueing, - <var class="Ar">priq</var> for Priority Queueing and - <var class="Ar">hfsc</var> for the Hierarchical Fair Service Curve - scheduler.</dd> - <dt><var class="Ar">bandwidth</var> - ⟨<var class="Ar">bw</var>⟩</dt> - <dd>The maximum bitrate for all queues on an interface may be specified using - the <var class="Ar">bandwidth</var> keyword. The value can be specified as - an absolute value or as a percentage of the interface bandwidth. When - using an absolute value, the suffixes <var class="Ar">b</var>, - <var class="Ar">Kb</var>, <var class="Ar">Mb</var>, and - <var class="Ar">Gb</var> are used to represent bits, kilobits, megabits, - and gigabits per second, respectively. The value must not exceed the - interface bandwidth. If <var class="Ar">bandwidth</var> is not specified, - the interface bandwidth is used (but take note that some interfaces do not - know their bandwidth, or can adapt their bandwidth rates).</dd> - <dt><var class="Ar">qlimit</var> - ⟨<var class="Ar">limit</var>⟩</dt> - <dd>The maximum number of packets held in the queue. The default is 50.</dd> - <dt><var class="Ar">tbrsize</var> - ⟨<var class="Ar">size</var>⟩</dt> - <dd>Adjusts the size, in bytes, of the token bucket regulator. If not - specified, heuristics based on the interface bandwidth are used to - determine the size.</dd> - <dt><var class="Ar">queue</var> - ⟨<var class="Ar">list</var>⟩</dt> - <dd>Defines a list of subqueues to create on an interface.</dd> -</dl> -<p class="Pp">In the following example, the interface dc0 should queue up to - 5Mbps in four second-level queues using Class Based Queueing. Those four - queues will be shown in a later example.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>altq on dc0 cbq bandwidth 5Mb queue { std, http, mail, ssh }</pre> -</div> -<p class="Pp">Once interfaces are activated for queueing using the - <var class="Ar">altq</var> directive, a sequence of - <var class="Ar">queue</var> directives may be defined. The name associated - with a <var class="Ar">queue</var> must match a queue defined in the - <var class="Ar">altq</var> directive (e.g. mail), or, except for the - <var class="Ar">priq</var> <var class="Ar">scheduler</var>, in a parent - <var class="Ar">queue</var> declaration. The following keywords can be - used:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">on</var> - ⟨<var class="Ar">interface</var>⟩</dt> - <dd>Specifies the interface the queue operates on. If not given, it operates - on all matching interfaces.</dd> - <dt><var class="Ar">bandwidth</var> - ⟨<var class="Ar">bw</var>⟩</dt> - <dd>Specifies the maximum bitrate to be processed by the queue. This value - must not exceed the value of the parent <var class="Ar">queue</var> and - can be specified as an absolute value or a percentage of the parent - queue's bandwidth. If not specified, defaults to 100% of the parent - queue's bandwidth. The <var class="Ar">priq</var> scheduler does not - support bandwidth specification.</dd> - <dt><var class="Ar">priority</var> - ⟨<var class="Ar">level</var>⟩</dt> - <dd>Between queues a priority level can be set. For <var class="Ar">cbq</var> - and <var class="Ar">hfsc</var>, the range is 0 to 7 and for - <var class="Ar">priq</var>, the range is 0 to 15. The default for all is - 1. <var class="Ar">Priq</var> queues with a higher priority are always - served first. <var class="Ar">Cbq</var> and <var class="Ar">Hfsc</var> - queues with a higher priority are preferred in the case of overload.</dd> - <dt><var class="Ar">qlimit</var> - ⟨<var class="Ar">limit</var>⟩</dt> - <dd>The maximum number of packets held in the queue. The default is 50.</dd> -</dl> -<p class="Pp">The <var class="Ar">scheduler</var> can get additional parameters - with ⟨<var class="Ar">scheduler</var>⟩ - (⟨<var class="Ar">parameters</var>⟩). Parameters are as - follows:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">default</var></dt> - <dd>Packets not matched by another queue are assigned to this one. Exactly one - default queue is required.</dd> - <dt><var class="Ar">red</var></dt> - <dd>Enable RED (Random Early Detection) on this queue. RED drops packets with - a probability proportional to the average queue length.</dd> - <dt><var class="Ar">rio</var></dt> - <dd>Enables RIO on this queue. RIO is RED with IN/OUT, thus running RED two - times more than RIO would achieve the same effect. RIO is currently not - supported in the GENERIC kernel.</dd> - <dt><var class="Ar">ecn</var></dt> - <dd>Enables ECN (Explicit Congestion Notification) on this queue. ECN implies - RED.</dd> -</dl> -<p class="Pp">The <var class="Ar">cbq</var> <var class="Ar">scheduler</var> - supports an additional option:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">borrow</var></dt> - <dd>The queue can borrow bandwidth from the parent.</dd> -</dl> -<p class="Pp">The <var class="Ar">hfsc</var> <var class="Ar">scheduler</var> - supports some additional options:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">realtime</var> - ⟨<var class="Ar">sc</var>⟩</dt> - <dd>The minimum required bandwidth for the queue.</dd> - <dt><var class="Ar">upperlimit</var> - ⟨<var class="Ar">sc</var>⟩</dt> - <dd>The maximum allowed bandwidth for the queue.</dd> - <dt><var class="Ar">linkshare</var> - ⟨<var class="Ar">sc</var>⟩</dt> - <dd>The bandwidth share of a backlogged queue.</dd> -</dl> -<p class="Pp">⟨<var class="Ar">sc</var>⟩ is an acronym for - <var class="Ar">service curve</var>.</p> -<p class="Pp">The format for service curve specifications is - (<var class="Ar">m1</var>, <var class="Ar">d</var>, - <var class="Ar">m2</var>). <var class="Ar">m2</var> controls the bandwidth - assigned to the queue. <var class="Ar">m1</var> and <var class="Ar">d</var> - are optional and can be used to control the initial bandwidth assignment. - For the first <var class="Ar">d</var> milliseconds the queue gets the - bandwidth given as <var class="Ar">m1</var>, afterwards the value given in - <var class="Ar">m2</var>.</p> -<p class="Pp">Furthermore, with <var class="Ar">cbq</var> and - <var class="Ar">hfsc</var>, child queues can be specified as in an - <var class="Ar">altq</var> declaration, thus building a tree of queues using - a part of their parent's bandwidth.</p> -<p class="Pp">Packets can be assigned to queues based on filter rules by using - the <var class="Ar">queue</var> keyword. Normally only one - <var class="Ar">queue</var> is specified; when a second one is specified it - will instead be used for packets which have a <i class="Em">TOS</i> of - <i class="Em">lowdelay</i> and for TCP ACKs with no data payload.</p> -<p class="Pp">To continue the previous example, the examples below would specify - the four referenced queues, plus a few child queues. Interactive - <a class="Xr">ssh(1)</a> sessions get priority over bulk transfers like - <a class="Xr">scp(1)</a> and <a class="Xr">sftp(1)</a>. The queues may then - be referenced by filtering rules (see - <a class="Sx" href="#PACKET_FILTERING">PACKET FILTERING</a> below).</p> -<div class="Bd Pp Li"> -<pre>queue std bandwidth 10% cbq(default) -queue http bandwidth 60% priority 2 cbq(borrow red) \ - { employees, developers } -queue developers bandwidth 75% cbq(borrow) -queue employees bandwidth 15% -queue mail bandwidth 10% priority 0 cbq(borrow ecn) -queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk } -queue ssh_interactive bandwidth 50% priority 7 cbq(borrow) -queue ssh_bulk bandwidth 50% priority 0 cbq(borrow) - -block return out on dc0 inet all queue std -pass out on dc0 inet proto tcp from $developerhosts to any port 80 \ - queue developers -pass out on dc0 inet proto tcp from $employeehosts to any port 80 \ - queue employees -pass out on dc0 inet proto tcp from any to any port 22 \ - queue(ssh_bulk, ssh_interactive) -pass out on dc0 inet proto tcp from any to any port 25 \ - queue mail</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="QUEUEING_with_dummynet"><a class="permalink" href="#QUEUEING_with_dummynet">QUEUEING - with dummynet</a></h1> -<p class="Pp">Queueing can also be done with <a class="Xr">dummynet(4)</a>. - Queues and pipes can be created with <a class="Xr">dnctl(8)</a>.</p> -<p class="Pp">Packets can be assigned to queues and pipes using - <var class="Ar">dnqueue</var> and <var class="Ar">dnpipe</var> - respectively.</p> -<p class="Pp">Both <var class="Ar">dnqueue</var> and - <var class="Ar">dnpipe</var> take either a single pipe or queue number or - two numbers as arguments. The first pipe or queue number will be used to - shape the traffic in the rule direction, the second will be used to shape - the traffic in the reverse direction. If the rule does not specify a - direction the first packet to create state will be shaped according to the - first number, and the response traffic according to the second.</p> -<p class="Pp">If the <a class="Xr">dummynet(4)</a> module is not loaded any - traffic sent into a queue or pipe will be dropped.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="TRANSLATION"><a class="permalink" href="#TRANSLATION">TRANSLATION</a></h1> -<p class="Pp">Translation options modify either the source or destination - address and port of the packets associated with a stateful connection. - <a class="Xr">pf(4)</a> modifies the specified address and/or port in the - packet and recalculates IP, TCP, and UDP checksums as necessary.</p> -<p class="Pp">If specified on a <code class="Ic">match</code> rule, subsequent - rules will see packets as they look after any addresses and ports have been - translated. These rules will therefore have to filter based on the - translated address and port number.</p> -<p class="Pp">The state entry created permits <a class="Xr">pf(4)</a> to keep - track of the original address for traffic associated with that state and - correctly direct return traffic for that connection.</p> -<p class="Pp">Various types of translation are possible with pf:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">af-to</var></dt> - <dd>Translation between different address families (NAT64) is handled using - <var class="Ar">af-to</var> rules. Because address family translation - overrides the routing table, it's only possible to use - <var class="Ar">af-to</var> on inbound rules, and a source address of the - resulting translation must always be specified. - <p class="Pp">The optional second argument is the host or subnet the - original addresses are translated into for the destination. The lowest - bits of the original destination address form the host part of the new - destination address according to the specified subnet. It is possible to - embed a complete IPv4 address into an IPv6 address using a network - prefix of /96 or smaller.</p> - <p class="Pp">When a destination address is not specified, it is assumed - that the host part is 32-bit long. For IPv6 to IPv4 translation this - would mean using only the lower 32 bits of the original IPv6 destination - address. For IPv4 to IPv6 translation the destination subnet defaults to - the subnet of the new IPv6 source address with a prefix length of /96. - See RFC 6052 Section 2.2 for details on how the prefix determines the - destination address encoding.</p> - <p class="Pp">For example, the following rules are identical:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>pass in inet af-to inet6 from 2001:db8::1 to 2001:db8::/96 -pass in inet af-to inet6 from 2001:db8::1</pre> - </div> - <p class="Pp">In the above example the matching IPv4 packets will be - modified to have a source address of 2001:db8::1 and a destination - address will get prefixed with 2001:db8::/96, e.g. 198.51.100.100 will - be translated to 2001:db8::c633:6464.</p> - <p class="Pp">In the reverse case the following rules are identical:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>pass in inet6 from any to 64:ff9b::/96 af-to inet \ - from 198.51.100.1 to 0.0.0.0/0 -pass in inet6 from any to 64:ff9b::/96 af-to inet \ - from 198.51.100.1</pre> - </div> - <p class="Pp">The destination IPv4 address is assumed to be embedded inside - the original IPv6 destination address, e.g. 64:ff9b::c633:6464 will be - translated to 198.51.100.100.</p> - <p class="Pp">The current implementation will only extract IPv4 addresses - from the IPv6 addresses with a prefix length of /96 and greater.</p> - </dd> - <dt><var class="Ar">binat-to</var></dt> - <dd>A <var class="Ar">binat-to</var> rule specifies a bidirectional mapping - between an external IP netblock and an internal IP netblock. It expands to - an outbound <var class="Ar">nat-to</var> rule and an inbound - <var class="Ar">rdr-to</var> rule.</dd> - <dt><var class="Ar">nat-to</var></dt> - <dd>A <var class="Ar">nat-to</var> option specifies that IP addresses are to - be changed as the packet traverses the given interface. This technique - allows one or more IP addresses on the translating host to support network - traffic for a larger range of machines on an "inside" network. - Although in theory any IP address can be used on the inside, it is - strongly recommended that one of the address ranges defined by RFC 1918 be - used. These netblocks are: - <div class="Bd Pp Bd-indent Li"> - <pre>10.0.0.0 - 10.255.255.255 (all of net 10.0.0.0, i.e., 10.0.0.0/8) -172.16.0.0 - 172.31.255.255 (i.e., 172.16.0.0/12) -192.168.0.0 - 192.168.255.255 (i.e., 192.168.0.0/16)</pre> - </div> - <p class="Pp"><var class="Ar">nat-to</var> is usually applied outbound. If - applied inbound, nat-to to a local IP address is not supported.</p> - </dd> - <dt><span class="Pa">rdr-to</span></dt> - <dd>The packet is redirected to another destination and possibly a different - port. <var class="Ar">rdr-to</var> can optionally specify port ranges - instead of single ports. For instance: - <div class="Bd Pp Bd-indent Li"> - <pre>match in ... port 2000:2999 rdr-to ... port 4000</pre> - </div> - redirects ports 2000 to 2999 (inclusive) to port 4000. - <div class="Bd Pp Bd-indent Li"> - <pre>qmatch in ... port 2000:2999 rdr-to ... port 4000:*</pre> - </div> - redirects port 2000 to 4000, 2001 to 4001, ..., 2999 to 4999.</dd> -</dl> -<p class="Pp"><var class="Ar">rdr-to</var> is usually applied inbound. If - applied outbound, rdr-to to a local IP address is not supported. In addition - to modifying the address, some translation rules may modify source or - destination ports for <a class="Xr">tcp(4)</a> or <a class="Xr">udp(4)</a> - connections; implicitly in the case of <var class="Ar">nat-to</var> options - and both implicitly and explicitly in the case of - <var class="Ar">rdr-to</var> ones. A <var class="Ar">rdr-to</var> option may - cause the source port to be modified if doing so avoids a conflict with an - existing connection. A random source port in the range 50001-65535 is chosen - in this case. Port numbers are never translated with a - <var class="Ar">binat-to</var> option.</p> -<p class="Pp">Note that redirecting external incoming connections to the - loopback address, as in</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass in on egress proto tcp from any to any port smtp \ - rdr-to 127.0.0.1 port spamd</pre> -</div> -<p class="Pp">will effectively allow an external host to connect to daemons - bound solely to the loopback address, circumventing the traditional blocking - of such connections on a real interface. Unless this effect is desired, any - of the local non-loopback addresses should be used as redirection target - instead, which allows external connections only to daemons bound to this - address or not bound to any address.</p> -<p class="Pp">See <a class="Sx" href="#TRANSLATION_EXAMPLES">TRANSLATION - EXAMPLES</a> below.</p> -<section class="Ss"> -<h2 class="Ss" id="NAT_ruleset_(pre-FreeBSD_15)"><a class="permalink" href="#NAT_ruleset_(pre-FreeBSD_15)">NAT - ruleset (pre-FreeBSD 15)</a></h2> -<p class="Pp">In order to maintain compatibility with older releases of FreeBSD - <var class="Ar">NAT</var> rules can also be specified in their own ruleset. - A stateful connection is automatically created to track packets matching - such a rule as long as they are not blocked by the filtering section of - <code class="Nm">pf.conf</code>. Since translation occurs before filtering - the filter engine will see packets as they look after any addresses and - ports have been translated. Filter rules will therefore have to filter based - on the translated address and port number. Packets that match a translation - rule are only automatically passed if the <var class="Ar">pass</var> - modifier is given, otherwise they are still subject to - <var class="Ar">block</var> and <var class="Ar">pass</var> rules.</p> -<p class="Pp">The following rules can be defined in the NAT ruleset: - <var class="Ar">binat</var>, <var class="Ar">nat</var>, and - <var class="Ar">rdr</var>. They have the same effect as - <var class="Ar">binat-to</var>, <var class="Ar">nat-to</var> and - <var class="Ar">rdr-to</var> options for filter rules.</p> -<p class="Pp">The <var class="Ar">no</var> option prefixed to a translation rule - causes packets to remain untranslated, much in the same way as - <var class="Ar">drop quick</var> works in the packet filter. If no rule - matches the packet it is passed to the filter engine unmodified.</p> -<p class="Pp">Evaluation order of the translation rules is dependent on the type - of the translation rules and of the direction of a packet. - <var class="Ar">binat</var> rules are always evaluated first. Then either - the <var class="Ar">rdr</var> rules are evaluated on an inbound packet or - the <var class="Ar">nat</var> rules on an outbound packet. Rules of the same - type are evaluated in the same order in which they appear in the ruleset. - The first matching rule decides what action is taken.</p> -<p class="Pp">Translation rules apply only to packets that pass through the - specified interface, and if no interface is specified, translation is - applied to packets on all interfaces. For instance, redirecting port 80 on - an external interface to an internal web server will only work for - connections originating from the outside. Connections to the address of the - external interface from local hosts will not be redirected, since such - packets do not actually pass through the external interface. Redirections - cannot reflect packets back through the interface they arrive on, they can - only be redirected to hosts connected to different interfaces or to the - firewall itself.</p> -<p class="Pp">See - <a class="Sx" href="#COMPATIBILITY_TRANSLATION_EXAMPLES">COMPATIBILITY - TRANSLATION EXAMPLES</a> below.</p> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="PACKET_FILTERING"><a class="permalink" href="#PACKET_FILTERING">PACKET - FILTERING</a></h1> -<p class="Pp"><a class="Xr">pf(4)</a> has the ability to - <var class="Ar">block</var> , <var class="Ar">pass</var> and - <var class="Ar">match</var> packets based on attributes of their layer 3 - (see <a class="Xr">ip(4)</a> and <a class="Xr">ip6(4)</a>) and layer 4 (see - <a class="Xr">icmp(4)</a>, <a class="Xr">icmp6(4)</a>, - <a class="Xr">tcp(4)</a>, <a class="Xr">sctp(4)</a>, - <a class="Xr">udp(4)</a>) headers. In addition, packets may also be assigned - to queues for the purpose of bandwidth control.</p> -<p class="Pp">For each packet processed by the packet filter, the filter rules - are evaluated in sequential order, from first to last. For - <var class="Ar">block</var> and <var class="Ar">pass</var> , the last - matching rule decides what action is taken. For <var class="Ar">match</var> - , rules are evaluated every time they match; the pass/block state of a - packet remains unchanged. If no rule matches the packet, the default action - is to pass the packet.</p> -<p class="Pp">The following actions can be used in the filter:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">block</var></dt> - <dd>The packet is blocked. There are a number of ways in which a - <var class="Ar">block</var> rule can behave when blocking a packet. The - default behaviour is to <var class="Ar">drop</var> packets silently, - however this can be overridden or made explicit either globally, by - setting the <var class="Ar">block-policy</var> option, or on a per-rule - basis with one of the following options: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">drop</var></dt> - <dd>The packet is silently dropped.</dd> - <dt><var class="Ar">return-rst</var></dt> - <dd>This applies only to <a class="Xr">tcp(4)</a> packets, and issues a - TCP RST which closes the connection.</dd> - <dt><var class="Ar">return-icmp</var></dt> - <dd style="width: auto;"> </dd> - <dt><var class="Ar">return-icmp6</var></dt> - <dd>This causes ICMP messages to be returned for packets which match the - rule. By default this is an ICMP UNREACHABLE message, however this can - be overridden by specifying a message as a code or number.</dd> - <dt><var class="Ar">return</var></dt> - <dd>This causes a TCP RST to be returned for <a class="Xr">tcp(4)</a> - packets, an SCTP ABORT for SCTP and an ICMP UNREACHABLE for UDP and - other packets.</dd> - </dl> - <p class="Pp">Options returning ICMP packets currently have no effect if - <a class="Xr">pf(4)</a> operates on a <a class="Xr">if_bridge(4)</a>, as - the code to support this feature has not yet been implemented.</p> - <p class="Pp">The simplest mechanism to block everything by default and only - pass packets that match explicit rules is specify a first filter rule - of:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>block all</pre> - </div> - </dd> - <dt><var class="Ar">match</var></dt> - <dd>The packet is matched. This mechanism is used to provide fine grained - filtering without altering the block/pass state of a packet. - <var class="Ar">match</var> rules differ from <var class="Ar">block</var> - and <var class="Ar">pass</var> rules in that parameters are set for every - rule a packet matches, not only on the last matching rule. For the - following parameters, this means that the parameter effectively becomes - "sticky" until explicitly overridden: - <var class="Ar">nat-to</var>, <var class="Ar">binat-to</var>, - <var class="Ar">rdr-to</var>, <var class="Ar">queue</var>, - <var class="Ar">dnpipe</var>, <var class="Ar">dnqueue</var>, - <var class="Ar">rtable</var>, <var class="Ar">scrub</var></dd> - <dt><var class="Ar">pass</var></dt> - <dd>The packet is passed; state is created unless the <var class="Ar">no - state</var> option is specified.</dd> -</dl> -<p class="Pp">By default <a class="Xr">pf(4)</a> filters packets statefully; the - first time a packet matches a <var class="Ar">pass</var> rule, a state entry - is created; for subsequent packets the filter checks whether the packet - matches any state. If it does, the packet is passed without evaluation of - any rules. After the connection is closed or times out, the state entry is - automatically removed.</p> -<p class="Pp">This has several advantages. For TCP connections, comparing a - packet to a state involves checking its sequence numbers, as well as TCP - timestamps if a <var class="Ar">scrub reassemble tcp</var> rule applies to - the connection. If these values are outside the narrow windows of expected - values, the packet is dropped. This prevents spoofing attacks, such as when - an attacker sends packets with a fake source address/port but does not know - the connection's sequence numbers. Similarly, <a class="Xr">pf(4)</a> knows - how to match ICMP replies to states. For example,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass out inet proto icmp all icmp-type echoreq</pre> -</div> -<p class="Pp">allows echo requests (such as those created by - <a class="Xr">ping(8)</a>) out statefully, and matches incoming echo replies - correctly to states.</p> -<p class="Pp">Also, looking up states is usually faster than evaluating - rules.</p> -<p class="Pp">Furthermore, correct handling of ICMP error messages is critical - to many protocols, particularly TCP. <a class="Xr">pf(4)</a> matches ICMP - error messages to the correct connection, checks them against connection - parameters, and passes them if appropriate. For example if an ICMP source - quench message referring to a stateful TCP connection arrives, it will be - matched to the state and get passed.</p> -<p class="Pp">Finally, state tracking is required for <var class="Ar">nat</var>, - <var class="Ar">binat</var> <span class="No">and</span> - <var class="Ar">rdr</var> rules, in order to track address and port - translations and reverse the translation on returning packets.</p> -<p class="Pp"><a class="Xr">pf(4)</a> will also create state for other protocols - which are effectively stateless by nature. UDP packets are matched to states - using only host addresses and ports, and other protocols are matched to - states using only the host addresses.</p> -<p class="Pp">If stateless filtering of individual packets is desired, the - <var class="Ar">no state</var> keyword can be used to specify that state - will not be created if this is the last matching rule. A number of - parameters can also be set to affect how <a class="Xr">pf(4)</a> handles - state tracking. See <a class="Sx" href="#STATEFUL_TRACKING_OPTIONS">STATEFUL - TRACKING OPTIONS</a> below for further details.</p> -<section class="Ss"> -<h2 class="Ss" id="Parameters"><a class="permalink" href="#Parameters">Parameters</a></h2> -<p class="Pp">The rule parameters specify the packets to which a rule applies. A - packet always comes in on, or goes out through, one interface. Most - parameters are optional. If a parameter is specified, the rule only applies - to packets with matching attributes. Certain parameters can be expressed as - lists, in which case <a class="Xr">pfctl(8)</a> generates all needed rule - combinations.</p> -<dl class="Bl-tag"> - <dt><var class="Ar">in</var> <span class="No">or</span> - <var class="Ar">out</var></dt> - <dd>This rule applies to incoming or outgoing packets. If neither - <var class="Ar">in</var> nor <var class="Ar">out</var> are specified, the - rule will match packets in both directions.</dd> - <dt><var class="Ar">log</var> (<code class="Cm">all</code> | - <code class="Cm">matches</code> | <code class="Cm">to</code> - ⟨<var class="Ar">interface</var>⟩ | - <code class="Cm">user</code>)</dt> - <dd>In addition to any action specified, log the packet. Only the packet that - establishes the state is logged, unless the <var class="Ar">no state</var> - option is specified. The logged packets are sent to a - <a class="Xr">pflog(4)</a> interface, by default pflog0; pflog0 is - monitored by the <a class="Xr">pflogd(8)</a> logging daemon which logs to - the file <span class="Pa">/var/log/pflog</span> in - <a class="Xr">pcap(3)</a> binary format. - <p class="Pp">The keywords <code class="Cm">all</code>, - <code class="Cm">matches</code>, <code class="Cm">to</code>, and - <code class="Cm">user</code> are optional and can be combined using - commas, but must be enclosed in parentheses if given.</p> - <p class="Pp">Use <code class="Cm">all</code> to force logging of all - packets for a connection. This is not necessary when <var class="Ar">no - state</var> is explicitly specified.</p> - <p class="Pp">If <code class="Cm">matches</code> is specified, it logs the - packet on all subsequent matching rules. It is often combined with - <code class="Cm">to</code> - ⟨<var class="Ar">interface</var>⟩ to avoid adding noise to - the default log file.</p> - <p class="Pp">The keyword <code class="Cm">user</code> logs the - <span class="Ux">UNIX</span> user ID of the user that owns the socket - and the PID of the process that has the socket open where the packet is - sourced from or destined to (depending on which socket is local). This - is in addition to the normal information logged.</p> - <p class="Pp">Only the first packet logged via <var class="Ar">log (all, - user)</var> will have the user credentials logged when using stateful - matching.</p> - <p class="Pp">To specify a logging interface other than pflog0, use the - syntax <code class="Cm">to</code> - ⟨<var class="Ar">interface</var>⟩.</p> - </dd> - <dt><var class="Ar">quick</var></dt> - <dd>If a packet matches a rule which has the <var class="Ar">quick</var> - option set, this rule is considered the last matching rule, and evaluation - of subsequent rules is skipped.</dd> - <dt><var class="Ar">on</var> - ⟨<var class="Ar">interface</var>⟩</dt> - <dd>This rule applies only to packets coming in on, or going out through, this - particular interface or interface group. For more information on interface - groups, see the <code class="Ic">group</code> keyword in - <a class="Xr">ifconfig(8)</a>. <var class="Ar">any</var> will match any - existing interface except loopback ones.</dd> - <dt>⟨<var class="Ar">af</var>⟩</dt> - <dd>This rule applies only to packets of this address family. Supported values - are <var class="Ar">inet</var> and <var class="Ar">inet6</var>.</dd> - <dt><var class="Ar">proto</var> - ⟨<var class="Ar">protocol</var>⟩</dt> - <dd>This rule applies only to packets of this protocol. Common protocols are - <a class="Xr">icmp(4)</a>, <a class="Xr">icmp6(4)</a>, - <a class="Xr">tcp(4)</a>, <a class="Xr">sctp(4)</a>, and - <a class="Xr">udp(4)</a>. For a list of all the protocol name to number - mappings used by <a class="Xr">pfctl(8)</a>, see the file - <span class="Pa">/etc/protocols</span>.</dd> - <dt><var class="Ar">from</var> ⟨<var class="Ar">source</var>⟩ - <var class="Ar">port</var> ⟨<var class="Ar">source</var>⟩ - <var class="Ar">os</var> ⟨<var class="Ar">source</var>⟩ - <var class="Ar">to</var> ⟨<var class="Ar">dest</var>⟩ - <var class="Ar">port</var> ⟨<var class="Ar">dest</var>⟩</dt> - <dd>This rule applies only to packets with the specified source and - destination addresses and ports. - <p class="Pp">Addresses can be specified in CIDR notation (matching - netblocks), as symbolic host names, interface names or interface group - names, or as any of the following keywords:</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">any</var></dt> - <dd>Any address.</dd> - <dt><var class="Ar">no-route</var></dt> - <dd>Any address which is not currently routable.</dd> - <dt><var class="Ar">urpf-failed</var></dt> - <dd>Any source address that fails a unicast reverse path forwarding (URPF) - check, i.e. packets coming in on an interface other than that which - holds the route back to the packet's source address.</dd> - <dt><var class="Ar">self</var></dt> - <dd>Expands to all addresses assigned to all interfaces.</dd> - <dt>⟨<var class="Ar">table</var>⟩</dt> - <dd>Any address that matches the given table.</dd> - </dl> - <p class="Pp">Ranges of addresses are specified by using the - ‘-’ operator. For instance: “10.1.1.10 - - 10.1.1.12” means all addresses from 10.1.1.10 to 10.1.1.12, hence - addresses 10.1.1.10, 10.1.1.11, and 10.1.1.12.</p> - <p class="Pp">Interface names and interface group names, and - <var class="Ar">self</var> can have modifiers appended:</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">:network</var></dt> - <dd>Translates to the network(s) attached to the interface.</dd> - <dt><var class="Ar">:broadcast</var></dt> - <dd>Translates to the interface's broadcast address(es).</dd> - <dt><var class="Ar">:peer</var></dt> - <dd>Translates to the point-to-point interface's peer address(es).</dd> - <dt><var class="Ar">:0</var></dt> - <dd>Do not include interface aliases.</dd> - </dl> - <p class="Pp">Host names may also have the <var class="Ar">:0</var> option - appended to restrict the name resolution to the first of each v4 and - non-link-local v6 address found.</p> - <p class="Pp">Host name resolution and interface to address translation are - done at ruleset load-time. When the address of an interface (or host - name) changes (under DHCP or PPP, for instance), the ruleset must be - reloaded for the change to be reflected in the kernel. Surrounding the - interface name (and optional modifiers) in parentheses changes this - behaviour. When the interface name is surrounded by parentheses, the - rule is automatically updated whenever the interface changes its - address. The ruleset does not need to be reloaded. This is especially - useful with <var class="Ar">nat</var>.</p> - <p class="Pp" id="www">Ports can be specified either by number or by name. - For example, port 80 can be specified as - <a class="permalink" href="#www"><i class="Em">www</i></a>. For a list - of all port name to number mappings used by <a class="Xr">pfctl(8)</a>, - see the file <span class="Pa">/etc/services</span>.</p> - <p class="Pp">Ports and ranges of ports are specified by using these - operators:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>= (equal) -!= (unequal) -< (less than) -<= (less than or equal) -> (greater than) ->= (greater than or equal) -: (range including boundaries) ->< (range excluding boundaries) -<> (except range)</pre> - </div> - <p class="Pp">‘><’, ‘<>’ and - ‘:’ are binary operators (they take two arguments). For - instance:</p> - <dl class="Bl-tag"> - <dt><var class="Ar">port 2000:2004</var></dt> - <dd>means ‘all ports >= 2000 and <= 2004’, hence ports - 2000, 2001, 2002, 2003 and 2004.</dd> - <dt><var class="Ar">port 2000 >< 2004</var></dt> - <dd>means ‘all ports > 2000 and < 2004’, hence ports - 2001, 2002 and 2003.</dd> - <dt><var class="Ar">port 2000 <> 2004</var></dt> - <dd>means ‘all ports < 2000 or > 2004’, hence ports - 1-1999 and 2005-65535.</dd> - </dl> - <p class="Pp">The operating system of the source host can be specified in - the case of TCP rules with the <var class="Ar">OS</var> modifier. See - the <a class="Sx" href="#OPERATING_SYSTEM_FINGERPRINTING">OPERATING - SYSTEM FINGERPRINTING</a> section for more information.</p> - <p class="Pp">The host, port and OS specifications are optional, as in the - following examples:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>pass in all -pass in from any to any -pass in proto tcp from any port < 1024 to any -pass in proto tcp from any to any port 25 -pass in proto tcp from 10.0.0.0/8 port >= 1024 \ - to ! 10.1.2.3 port != ssh -pass in proto tcp from any os "OpenBSD"</pre> - </div> - </dd> - <dt><var class="Ar">all</var></dt> - <dd>This is equivalent to "from any to any".</dd> - <dt><var class="Ar">group</var> - ⟨<var class="Ar">group</var>⟩</dt> - <dd>Similar to <var class="Ar">user</var>, this rule only applies to packets - of sockets owned by the specified group.</dd> - <dt><var class="Ar">user</var> ⟨<var class="Ar">user</var>⟩</dt> - <dd>This rule only applies to packets of sockets owned by the specified user. - For outgoing connections initiated from the firewall, this is the user - that opened the connection. For incoming connections to the firewall - itself, this is the user that listens on the destination port. For - forwarded connections, where the firewall is not a connection endpoint, - the user and group are <i class="Em">unknown</i>. - <p class="Pp">All packets, both outgoing and incoming, of one connection are - associated with the same user and group. Only TCP and UDP packets can be - associated with users; for other protocols these parameters are - ignored.</p> - <p class="Pp">User and group refer to the effective (as opposed to the real) - IDs, in case the socket is created by a setuid/setgid process. User and - group IDs are stored when a socket is created; when a process creates a - listening socket as root (for instance, by binding to a privileged port) - and subsequently changes to another user ID (to drop privileges), the - credentials will remain root.</p> - <p class="Pp">User and group IDs can be specified as either numbers or - names. The syntax is similar to the one for ports. The value - <i class="Em">unknown</i> matches packets of forwarded connections. - <i class="Em">unknown</i> can only be used with the operators - <code class="Cm">=</code> and <code class="Cm">!=</code>. Other - constructs like <code class="Cm">user ≥ unknown</code> are - invalid. Forwarded packets with unknown user and group ID match only - rules that explicitly compare against <i class="Em">unknown</i> with the - operators <code class="Cm">=</code> or <code class="Cm">!=</code>. For - instance <code class="Cm">user ≥ 0</code> does not match - forwarded packets. The following example allows only selected users to - open outgoing connections:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>block out proto { tcp, udp } all -pass out proto { tcp, udp } all user { < 1000, dhartmei }</pre> - </div> - <p class="Pp">The example below permits users with uid between 1000 and 1500 - to open connections:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>block out proto tcp all -pass out proto tcp from self user { 999 >< 1501 }</pre> - </div> - <p class="Pp">The ‘:’ operator, which works for port number - matching, does not work for <code class="Cm">user</code> and - <code class="Cm">group</code> match.</p> - </dd> - <dt><var class="Ar">flags</var> ⟨<var class="Ar">a</var>⟩ - /⟨<var class="Ar">b</var>⟩ | - <span class="No">/</span>⟨<var class="Ar">b</var>⟩ | - <span class="No">any</span></dt> - <dd>This rule only applies to TCP packets that have the flags - ⟨<var class="Ar">a</var>⟩ set out of set - ⟨<var class="Ar">b</var>⟩. Flags not specified in - ⟨<var class="Ar">b</var>⟩ are ignored. For stateful - connections, the default is <var class="Ar">flags S/SA</var>. To indicate - that flags should not be checked at all, specify <var class="Ar">flags - any</var>. The flags are: (F)IN, (S)YN, (R)ST, (P)USH, (A)CK, (U)RG, - (E)CE, and C(W)R. - <dl class="Bl-tag"> - <dt><var class="Ar">flags S/S</var></dt> - <dd>Flag SYN is set. The other flags are ignored.</dd> - <dt><var class="Ar">flags S/SA</var></dt> - <dd>This is the default setting for stateful connections. Out of SYN and - ACK, exactly SYN may be set. SYN, SYN+PSH and SYN+RST match, but - SYN+ACK, ACK and ACK+RST do not. This is more restrictive than the - previous example.</dd> - <dt><var class="Ar">flags /SFRA</var></dt> - <dd>If the first set is not specified, it defaults to none. All of SYN, - FIN, RST and ACK must be unset.</dd> - </dl> - <p class="Pp">Because <var class="Ar">flags S/SA</var> is applied by default - (unless <var class="Ar">no state</var> is specified), only the initial - SYN packet of a TCP handshake will create a state for a TCP connection. - It is possible to be less restrictive, and allow state creation from - intermediate (non-SYN) packets, by specifying <var class="Ar">flags - any</var>. This will cause <a class="Xr">pf(4)</a> to synchronize to - existing connections, for instance if one flushes the state table. - However, states created from such intermediate packets may be missing - connection details such as the TCP window scaling factor. States which - modify the packet flow, such as those affected by - <var class="Ar">af-to</var>, <var class="Ar">nat</var>, - <var class="Ar">binat or</var> <var class="Ar">rdr</var> rules, - <var class="Ar">modulate</var> <span class="No">or</span> - <var class="Ar">synproxy state</var> options, or scrubbed with - <var class="Ar">reassemble tcp</var> will also not be recoverable from - intermediate packets. Such connections will stall and time out.</p> - </dd> - <dt><var class="Ar">icmp-type</var> ⟨<var class="Ar">type</var>⟩ - <var class="Ar">file ...</var> [code - ⟨<var class="Ar">code</var>⟩]</dt> - <dd style="width: auto;"> </dd> - <dt><var class="Ar">icmp6-type</var> - ⟨<var class="Ar">type</var>⟩ <var class="Ar">file ...</var> - [code ⟨<var class="Ar">code</var>⟩]</dt> - <dd>This rule only applies to ICMP or ICMPv6 packets with the specified type - and code. Text names for ICMP types and codes are listed in - <a class="Xr">icmp(4)</a> and <a class="Xr">icmp6(4)</a>. This parameter - is only valid for rules that cover protocols ICMP or ICMP6. The protocol - and the ICMP type indicator (<var class="Ar">icmp-type</var> or - <var class="Ar">icmp6-type</var>) must match.</dd> - <dt><var class="Ar">tos</var> ⟨<var class="Ar">string</var>⟩ | - ⟨<var class="Ar">number</var>⟩</dt> - <dd>This rule applies to packets with the specified <i class="Em">TOS</i> bits - set. <i class="Em">TOS</i> may be given as one of - <var class="Ar">critical</var>, <var class="Ar">inetcontrol</var>, - <var class="Ar">lowdelay</var>, <var class="Ar">netcontrol</var>, - <var class="Ar">throughput</var>, <var class="Ar">reliability</var>, or - one of the DiffServ Code Points: <var class="Ar">ef</var>, - <var class="Ar">va</var>, <var class="Ar">af11</var> - <span class="No">...</span> <var class="Ar">af43</var>, - <var class="Ar">cs0</var> <span class="No">...</span> - <var class="Ar">cs7</var>; or as either hex or decimal. - <p class="Pp">For example, the following rules are identical:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>pass all tos lowdelay -pass all tos 0x10 -pass all tos 16</pre> - </div> - </dd> - <dt><var class="Ar">allow-opts</var></dt> - <dd>By default, packets with IPv4 options or IPv6 hop-by-hop or destination - options header are blocked. When <var class="Ar">allow-opts</var> is - specified for a <var class="Ar">pass</var> rule, packets that pass the - filter based on that rule (last matching) do so even if they contain - options. For packets that match state, the rule that initially created the - state is used. The implicit <var class="Ar">pass</var> rule, that is used - when a packet does not match any rules, does not allow IP options or - option headers. Note that IPv6 packets with type 0 routing headers are - always dropped.</dd> - <dt><var class="Ar">label</var> - ⟨<var class="Ar">string</var>⟩</dt> - <dd>Adds a label (name) to the rule, which can be used to identify the rule. - For instance, pfctl -s labels shows per-rule statistics for rules that - have labels. - <p class="Pp">The following macros can be used in labels:</p> - <p class="Pp"></p> - <div class="Bd-indent"> - <dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">$if</var></dt> - <dd>The interface.</dd> - <dt><var class="Ar">$srcaddr</var></dt> - <dd>The source IP address.</dd> - <dt><var class="Ar">$dstaddr</var></dt> - <dd>The destination IP address.</dd> - <dt><var class="Ar">$srcport</var></dt> - <dd>The source port specification.</dd> - <dt><var class="Ar">$dstport</var></dt> - <dd>The destination port specification.</dd> - <dt><var class="Ar">$proto</var></dt> - <dd>The protocol name.</dd> - <dt><var class="Ar">$nr</var></dt> - <dd>The rule number.</dd> - </dl> - </div> - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>ips = "{ 1.2.3.4, 1.2.3.5 }" -pass in proto tcp from any to $ips \ - port > 1023 label "$dstaddr:$dstport"</pre> - </div> - <p class="Pp">expands to</p> - <div class="Bd Pp Bd-indent Li"> - <pre>pass in inet proto tcp from any to 1.2.3.4 \ - port > 1023 label "1.2.3.4:>1023" -pass in inet proto tcp from any to 1.2.3.5 \ - port > 1023 label "1.2.3.5:>1023"</pre> - </div> - <p class="Pp">The macro expansion for the <var class="Ar">label</var> - directive occurs only at configuration file parse time, not during - runtime.</p> - </dd> - <dt><var class="Ar">ridentifier</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Add an identifier (number) to the rule, which can be used to correlate the - rule to pflog entries, even after ruleset updates.</dd> - <dt id="max-pkt-rate"><a class="permalink" href="#max-pkt-rate"><code class="Cm">max-pkt-rate</code></a> - <var class="Ar">number</var>/<var class="Ar">seconds</var></dt> - <dd>Measure the rate of packets matching the rule and states created by it. - When the specified rate is exceeded, the rule stops matching. Only packets - in the direction in which the state was created are considered, so that - typically requests are counted and replies are not. For example, to pass - up to 100 ICMP packets per 10 seconds: - <div class="Bd Pp Bd-indent Li"> - <pre>block in proto icmp -pass in proto icmp max-pkt-rate 100/10</pre> - </div> - <p class="Pp">When the rate is exceeded, all ICMP is blocked until the rate - falls below 100 per 10 seconds again.</p> - </dd> - <dt><var class="Ar">max-pkt-size</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Limit each packet to be no more than the specified number of bytes. This - includes the IP header, but not any layer 2 header.</dd> - <dt><var class="Ar">once</var></dt> - <dd>Create a one shot rule. The first matching packet marks the rule as - expired. Expired rules are skipped and hidden, unless - <a class="Xr">pfctl(8)</a> is used in debug or verbose mode.</dd> - <dt><var class="Ar">queue</var> ⟨<var class="Ar">queue</var>⟩ | - (⟨<var class="Ar">queue</var>⟩, - ⟨<var class="Ar">queue</var>⟩)</dt> - <dd>Packets matching this rule will be assigned to the specified queue. If two - queues are given, packets which have a <i class="Em">TOS</i> of - <i class="Em">lowdelay</i> and TCP ACKs with no data payload will be - assigned to the second one. See - <a class="Sx" href="#QUEUEING">QUEUEING</a> for setup details. - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>pass in proto tcp to port 25 queue mail -pass in proto tcp to port 22 queue(ssh_bulk, ssh_prio)</pre> - </div> - </dd> - <dt id="set"><a class="permalink" href="#set"><code class="Cm">set - prio</code></a> <var class="Ar">priority</var> | - (<var class="Ar">priority</var>, <var class="Ar">priority</var>)</dt> - <dd>Packets matching this rule will be assigned a specific queueing priority. - Priorities are assigned as integers 0 through 7. If the packet is - transmitted on a <a class="Xr">vlan(4)</a> interface, the queueing - priority will be written as the priority code point in the 802.1Q VLAN - header. If two priorities are given, TCP ACKs with no data payload and - packets which have a TOS of <code class="Cm">lowdelay</code> will be - assigned to the second one. - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>pass in proto tcp to port 25 set prio 2 -pass in proto tcp to port 22 set prio (2, 5)</pre> - </div> - </dd> - <dt>[<code class="Cm">!</code>]<code class="Cm">received-on</code> - <var class="Ar">interface</var></dt> - <dd>Only match packets which were received on the specified - <var class="Ar">interface</var> (or interface group). - <var class="Ar">any</var> will match any existing interface except - loopback ones.</dd> - <dt><var class="Ar">tag</var> - ⟨<var class="Ar">string</var>⟩</dt> - <dd>Packets matching this rule will be tagged with the specified string. The - tag acts as an internal marker that can be used to identify these packets - later on. This can be used, for example, to provide trust between - interfaces and to determine if packets have been processed by translation - rules. Tags are "sticky", meaning that the packet will be tagged - even if the rule is not the last matching rule. Further matching rules can - replace the tag with a new one but will not remove a previously applied - tag. A packet is only ever assigned one tag at a time. Packet tagging can - be done during <var class="Ar">nat</var>, <var class="Ar">rdr</var>, - <var class="Ar">binat</var> or <var class="Ar">ether</var> rules in - addition to filter rules. Tags take the same macros as labels (see - above).</dd> - <dt><var class="Ar">tagged</var> - ⟨<var class="Ar">string</var>⟩</dt> - <dd>Used with filter, translation or scrub rules to specify that packets must - already be tagged with the given tag in order to match the rule.</dd> - <dt><var class="Ar">rtable</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Used to select an alternate routing table for the routing lookup. Only - effective before the route lookup happened, i.e. when filtering - inbound.</dd> - <dt><var class="Ar">divert-to</var> ⟨<var class="Ar">host</var>⟩ - <var class="Ar">port</var> ⟨<var class="Ar">port</var>⟩</dt> - <dd>Used to <a class="Xr">divert(4)</a> packets to the given divert - <var class="Ar">port</var>. Historically <span class="Ux">OpenBSD - pf</span> has another meaning for this, and <span class="Ux">FreeBSD - pf</span> uses this syntax to support <a class="Xr">divert(4)</a> instead. - Hence, <var class="Ar">host</var> has no meaning and can be set to - anything like 127.0.0.1. If a packet is re-injected and does not change - direction then it will not be re-diverted.</dd> - <dt><var class="Ar">divert-reply</var></dt> - <dd>It has no meaning in <span class="Ux">FreeBSD pf</span>.</dd> - <dt><var class="Ar">probability</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>A probability attribute can be attached to a rule, with a value set - between 0 and 1, bounds not included. In that case, the rule will be - honoured using the given probability value only. For example, the - following rule will drop 20% of incoming ICMP packets: - <div class="Bd Pp Bd-indent Li"> - <pre>block in proto icmp probability 20%</pre> - </div> - </dd> - <dt id="state"><a class="permalink" href="#state"><code class="Cm">state - limiter</code></a> <var class="Ar">name</var> [<code class="Cm">(limiter - options)</code>]</dt> - <dd>Use the specified state limiter to restrict the creation of states by this - rule. By default if capacity is not available, the packet gets blocked and - ruleset evaluation stops. Use <code class="Ic">no-match</code> option to - change default behavior such rule is ignored and ruleset evaluation - continues with next rule. See the - <a class="Sx" href="#State_Limiters">State Limiters</a> section for more - information.</dd> - <dt id="source"><a class="permalink" href="#source"><code class="Cm">source - limiter</code></a> <var class="Ar">name</var> [<code class="Cm">(limiter - options)</code>]</dt> - <dd>Use the specified source limiter to restrict the creation of states by - this rule. By default if capacity is not available, the packet gets - blocked and ruleset evaluation stops. Use <code class="Ic">no-match</code> - option to change default behavior such rule is ignored and ruleset - evaluation continues with next rule. See the - <a class="Sx" href="#Source_Limiters">Source Limiters</a> section for more - information.</dd> - <dt><var class="Ar">prio</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Only match packets which have the given queueing priority assigned.</dd> -</dl> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="ROUTING"><a class="permalink" href="#ROUTING">ROUTING</a></h1> -<p class="Pp">If a packet matches a rule with a route option set, the packet - filter will route the packet according to the type of route option. When - such a rule creates state, the route option is also applied to all packets - matching the same connection.</p> -<dl class="Bl-tag"> - <dt><var class="Ar">route-to</var></dt> - <dd>The <var class="Ar">route-to</var> option routes the packet to the - specified interface with an address for the next hop. When a - <var class="Ar">route-to</var> rule creates state, only packets that pass - in the same direction as the filter rule specifies will be routed in this - way. Packets passing in the opposite direction (replies) are not affected - and are routed normally.</dd> - <dt><var class="Ar">reply-to</var></dt> - <dd>The <var class="Ar">reply-to</var> option is similar to - <var class="Ar">route-to</var>, but routes packets that pass in the - opposite direction (replies) to the specified interface. Opposite - direction is only defined in the context of a state entry, and - <var class="Ar">reply-to</var> is useful only in rules that create state. - It can be used on systems with multiple external connections to route all - outgoing packets of a connection through the interface the incoming - connection arrived through (symmetric routing enforcement).</dd> - <dt><var class="Ar">dup-to</var></dt> - <dd>The <var class="Ar">dup-to</var> option creates a duplicate of the packet - and routes it like <var class="Ar">route-to</var>. The original packet - gets routed as it normally would.</dd> -</dl> -<p class="Pp">Unlike the kernel's normal forwarding path, the route option - forwarding path does not drop broadcast or multicast traffic when the output - interface has been overridden by a route option. If a - <var class="Ar">route-to</var>, <var class="Ar">reply-to</var>, or - <var class="Ar">dup-to</var> rule matches traffic destined to a broadcast - address (either the limited broadcast or a subnet-directed broadcast) or to - an IPv4/IPv6 multicast address, the packet is forwarded out the specified - interface, which may cross broadcast domains.</p> -<p class="Pp">Rulesets that use <var class="Ar">route-to</var>, - <var class="Ar">reply-to</var>, or <var class="Ar">dup-to</var> with a - permissive destination (e.g. <code class="Li">from any to any</code>) can - plug this leak with explicit <var class="Ar">block out</var> rules on the - route option's target interface. To avoid blocking the router's own - broadcast or multicast traffic, scope the block rules to forwarded packets - with the <var class="Ar">received-on any</var> qualifier. For example, - assuming <code class="Li">$wan</code> is the <var class="Ar">route-to</var> - target interface:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>block out quick on $wan inet from any to 255.255.255.255 received-on any -block out quick on $wan inet from any to ($wan:broadcast) received-on any -block out quick on $wan inet from any to 224.0.0.0/4 received-on any -block out quick on $wan inet6 from any to ff00::/8 received-on any</pre> -</div> -<p class="Pp">One block-out rule set is needed per interface that may be used as - a route option target.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="POOL_OPTIONS"><a class="permalink" href="#POOL_OPTIONS">POOL - OPTIONS</a></h1> -<p class="Pp">For <var class="Ar">nat</var> and <var class="Ar">rdr</var> rules, - (as well as for the <var class="Ar">route-to</var>, - <var class="Ar">reply-to</var> and <var class="Ar">dup-to</var> rule - options) for which there is a single redirection address which has a subnet - mask smaller than 32 for IPv4 or 128 for IPv6 (more than one IP address), a - variety of different methods for assigning this address can be used:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">bitmask</var></dt> - <dd>The <var class="Ar">bitmask</var> option applies the network portion of - the redirection address to the address to be modified (source with - <var class="Ar">nat</var>, destination with - <var class="Ar">rdr</var>).</dd> - <dt><var class="Ar">random</var></dt> - <dd>The <var class="Ar">random</var> option selects an address at random - within the defined block of addresses.</dd> - <dt><var class="Ar">source-hash</var></dt> - <dd>The <var class="Ar">source-hash</var> option uses a hash of the source - address to determine the redirection address, ensuring that the - redirection address is always the same for a given source. An optional key - can be specified after this keyword either in hex or as a string; by - default <a class="Xr">pfctl(8)</a> randomly generates a key for - source-hash every time the ruleset is reloaded.</dd> - <dt><var class="Ar">round-robin</var></dt> - <dd>The <var class="Ar">round-robin</var> option loops through the redirection - address(es). - <p class="Pp">When more than one redirection address is specified, - <var class="Ar">bitmask</var> is not permitted as a pool type.</p> - </dd> - <dt><var class="Ar">static-port</var></dt> - <dd>With <var class="Ar">nat</var> rules, the - <var class="Ar">static-port</var> option prevents <a class="Xr">pf(4)</a> - from modifying the source port on TCP and UDP packets.</dd> - <dt><var class="Ar">map-e-portset</var> - ⟨<var class="Ar">psid-offset</var>⟩ <span class="No">/</span> - ⟨<var class="Ar">psid-len</var>⟩ <span class="No">/</span> - ⟨<var class="Ar">psid</var>⟩</dt> - <dd>With <var class="Ar">nat</var> rules, the - <var class="Ar">map-e-portset</var> option enables the source port - translation of MAP-E (RFC 7597) Customer Edge. In order to make the host - act as a MAP-E Customer Edge, setting up a tunneling interface and pass - rules for encapsulated packets are required in addition to the - map-e-portset nat rule. - <p class="Pp">For example:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>nat on $gif_mape_if from $int_if:network to any \ - -> $ipv4_mape_src map-e-portset 6/8/0x34</pre> - </div> - <p class="Pp">sets PSID offset 6, PSID length 8, PSID 0x34.</p> - </dd> - <dt><var class="Ar">endpoint-independent</var></dt> - <dd>With <var class="Ar">nat</var> rules, the - <var class="Ar">endpoint-independent</var> option caues - <a class="Xr">pf(4)</a> to always map connections from a UDP source - address and port to the same NAT address and port. This feature implements - "full-cone" NAT behavior.</dd> -</dl> -<p class="Pp">Additionally, options <var class="Ar">sticky-address</var> and - <var class="Ar">prefer-ipv6-nexthop</var> can be specified to influence how - IP addresses selected from pools.</p> -<p class="Pp">The <var class="Ar">sticky-address</var> option can be specified - to help ensure that multiple connections from the same source are mapped to - the same redirection address. This option can be used with the - <var class="Ar">random</var> and <var class="Ar">round-robin</var> pool - options. Note that by default these associations are destroyed as soon as - there are no longer states which refer to them; in order to make the - mappings last beyond the lifetime of the states, increase the global options - with <var class="Ar">set timeout src.track</var>. See - <a class="Sx" href="#STATEFUL_TRACKING_OPTIONS">STATEFUL TRACKING - OPTIONS</a> for more ways to control the source tracking.</p> -<p class="Pp">The <var class="Ar">prefer-ipv6-nexthop</var> option allows for - IPv6 addresses to be used as the nexthop for IPv4 packets routed with the - <var class="Ar">route-to</var> rule option. If a table is used with IPv4 and - IPv6 addresses, first the IPv6 addresses will be used in round-robin - fashion, then IPv4 addresses.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="STATE_MODULATION"><a class="permalink" href="#STATE_MODULATION">STATE - MODULATION</a></h1> -<p class="Pp">Much of the security derived from TCP is attributable to how well - the initial sequence numbers (ISNs) are chosen. Some popular stack - implementations choose - <a class="permalink" href="#very"><i class="Em" id="very">very</i></a> poor - ISNs and thus are normally susceptible to ISN prediction exploits. By - applying a <var class="Ar">modulate state</var> rule to a TCP connection, - <a class="Xr">pf(4)</a> will create a high quality random sequence number - for each connection endpoint.</p> -<p class="Pp">The <var class="Ar">modulate state</var> directive implicitly - keeps state on the rule and is only applicable to TCP connections.</p> -<p class="Pp">For instance:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>block all -pass out proto tcp from any to any modulate state -pass in proto tcp from any to any port 25 flags S/SFRA modulate state</pre> -</div> -<p class="Pp">Note that modulated connections will not recover when the state - table is lost (firewall reboot, flushing the state table, etc...). - <a class="Xr">pf(4)</a> will not be able to infer a connection again after - the state table flushes the connection's modulator. When the state is lost, - the connection may be left dangling until the respective endpoints time out - the connection. It is possible on a fast local network for the endpoints to - start an ACK storm while trying to resynchronize after the loss of the - modulator. The default <var class="Ar">flags</var> settings (or a more - strict equivalent) should be used on <var class="Ar">modulate state</var> - rules to prevent ACK storms.</p> -<p class="Pp">Note that alternative methods are available to prevent loss of the - state table and allow for firewall failover. See <a class="Xr">carp(4)</a> - and <a class="Xr">pfsync(4)</a> for further information.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYN_PROXY"><a class="permalink" href="#SYN_PROXY">SYN - PROXY</a></h1> -<p class="Pp">By default, <a class="Xr">pf(4)</a> passes packets that are part - of a <a class="Xr">tcp(4)</a> handshake between the endpoints. The - <var class="Ar">synproxy state</var> option can be used to cause - <a class="Xr">pf(4)</a> itself to complete the handshake with the active - endpoint, perform a handshake with the passive endpoint, and then forward - packets between the endpoints.</p> -<p class="Pp">No packets are sent to the passive endpoint before the active - endpoint has completed the handshake, hence so-called SYN floods with - spoofed source addresses will not reach the passive endpoint, as the sender - can't complete the handshake.</p> -<p class="Pp">The proxy is transparent to both endpoints, they each see a single - connection from/to the other endpoint. <a class="Xr">pf(4)</a> chooses - random initial sequence numbers for both handshakes. Once the handshakes are - completed, the sequence number modulators (see previous section) are used to - translate further packets of the connection. <var class="Ar">synproxy - state</var> includes <var class="Ar">modulate state</var>.</p> -<p class="Pp">Rules with <var class="Ar">synproxy</var> will not work if - <a class="Xr">pf(4)</a> operates on a <a class="Xr">bridge(4)</a>. Also they - act on incoming SYN packets only.</p> -<p class="Pp">Example:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass in proto tcp from any to any port www synproxy state</pre> -</div> -<section class="Ss"> -<h2 class="Ss" id="State_Limiters"><a class="permalink" href="#State_Limiters">State - Limiters</a></h2> -<p class="Pp">State limiters provide a mechanism to limit the number of states - created, or the rate of state creation, by a set of rules. State limiters - are configured and loaded with the main ruleset, but can be used by rules in - any anchor. The overall number of states is still subject to the limit set - with <code class="Cm">set limit states</code>, but the number of states - created by a subset of rules can be provided by a state limiter.</p> -<p class="Pp">A state limiter is configured with the following statement:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="state~2"><a class="permalink" href="#state~2"><code class="Cm">state - limiter</code></a> <var class="Ar">name</var></dt> - <dd>Each state limiter is identified by a unique name.</dd> -</dl> -<p class="Pp">State limiters support the following configuration:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="id"><a class="permalink" href="#id"><code class="Cm">id</code></a> - <var class="Ar">number</var></dt> - <dd>A unique identifier between 1 and 255. This configuration is - required.</dd> - <dt id="limit"><a class="permalink" href="#limit"><code class="Cm">limit</code></a> - <var class="Ar">number</var></dt> - <dd>Specify the maximum number of states. This configuration is required.</dd> - <dt id="rate"><a class="permalink" href="#rate"><code class="Cm">rate</code></a> - <var class="Ar">number</var>/<var class="Ar">seconds</var></dt> - <dd>Limit the rate at which states can be created over a time interval. The - connection rate is an approximation calculated as a moving average.</dd> -</dl> -<p class="Pp">Pass rules can specify a state limiter using the - <code class="Cm">state limiter</code> <var class="Ar">name</var> option. If - the number of states allowed has hit the limit, the pass rule does not match - and ruleset evaluation continues past it.</p> -<p class="Pp">An example use case for a state limiter is to restrict the number - of connections allowed to a service that is accessible via multiple - protocols, e.g. a DNS server that can be accessed by both TCP and UDP on - port 53, DNS-over-TLS on TCP port 853, and DNS-over-HTTPS on TCP port 443 - can be limited to 1000 concurrent connections:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent Li"> -<pre>state limiter "dns-server" id 1 limit 1000 - -pass in proto { tcp udp } to port domain state limiter "dns-server" -pass in proto tcp to port { 853 443 } state limiter "dns-server"</pre> -</div> -</section> -<section class="Ss"> -<h2 class="Ss" id="Source_Limiters"><a class="permalink" href="#Source_Limiters">Source - Limiters</a></h2> -<p class="Pp">Source limiters apply limits on the number of states, or the rate - of state creation, for connections coming from a source address or network - for a set of rules. Source limiters are configured and loaded with the main - ruleset, but can be used by rules in any anchor. The overall number of - states is still subject to the limit set with <code class="Cm">set limit - states</code>, but limits on states for a subset of source addresses and - rules can be provided with source limiters.</p> -<p class="Pp">Source address entries in source pools are created on demand, and - are used to account for the states created for each source address or - network. A source limiter specifies the maximum number of source address - entries it will track, and can be configured to mask bits in network - prefixes to have source entries cover larger portions of the address space - if needed.</p> -<p class="Pp">A source limiter is configured with the following statement:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="source~2"><a class="permalink" href="#source~2"><code class="Cm">source - limiter</code></a> <var class="Ar">name</var></dt> - <dd>Each source limiter is uniquely identified by the specified name.</dd> -</dl> -<p class="Pp">Source limiter support the following configuration:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt id="id~2"><a class="permalink" href="#id~2"><code class="Cm">id</code></a> - <var class="Ar">number</var></dt> - <dd>A unique identifier between 1 and 255. This configuration is - required.</dd> - <dt id="entries"><a class="permalink" href="#entries"><code class="Cm">entries</code></a> - <var class="Ar">number</var></dt> - <dd>Specify the maximum number of source address entries. This configuration - is required.</dd> - <dt id="limit~2"><a class="permalink" href="#limit~2"><code class="Cm">limit</code></a> - <var class="Ar">number</var></dt> - <dd>Specify the maximum number of states for each source address entry. This - configuration is required.</dd> - <dt id="rate~2"><a class="permalink" href="#rate~2"><code class="Cm">rate</code></a> - <var class="Ar">number</var>/<var class="Ar">seconds</var></dt> - <dd>Limit the rate at which states can be created by each source address entry - over a time interval. The connection rate is an approximation calculated - as a moving average.</dd> - <dt id="inet"><a class="permalink" href="#inet"><code class="Cm">inet - mask</code></a> <var class="Ar">prefixlen</var></dt> - <dd>Mask IPv4 source addresses using the prefix length specified with - <var class="Ar">prefixlen</var> when creating an address entry. The - default IPv4 prefix length is 32 bits.</dd> - <dt id="inet6"><a class="permalink" href="#inet6"><code class="Cm">inet6 - mask</code></a> <var class="Ar">prefixlen</var></dt> - <dd>Mask IPv6 source addresses using the prefix length specified with - <var class="Ar">prefixlen</var> when creating an address entry. The - default IPv6 prefix length is 128 bits.</dd> - <dt id="table"><a class="permalink" href="#table"><code class="Cm">table - <</code></a><var class="Ar">table</var>> <code class="Cm">above</code> - <var class="Ar">hwm</var> [<code class="Cm">below</code> - <var class="Ar">lwm</var>]</dt> - <dd>Add the address to the specified <var class="Ar">table</var> when the - number of states goes above the <var class="Ar">hwm</var> high water mark. - The address will be removed from the table when the number of states drops - below the <var class="Ar">lwm</var> low water mark. The default low water - mark is 0.</dd> -</dl> -<p class="Pp">Pass rules can specify a source limiter using the - <code class="Cm">source limiter</code> <var class="Ar">name</var> - option.</p> -<p class="Pp">An example use for a source limiter is the mitigation of denial of - service caused by the exhaustion of firewall resources by network or port - scans from outside the network. The states created by any one scanner from - any one source address can be limited to avoid impacting other sources. - Below, up to 10000 IPv4 hosts and IPv6 /64 networks from the external - network are each limited to a maximum of 1000 connections, and are rate - limited to creating 100 states over a 10 second interval:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent Li"> -<pre>source limiter "internet" id 1 entries 10000 \ - limit 1000 rate 100/10 \ - inet6 mask 64 - -block in on egress -pass in on egress source limiter "internet"</pre> -</div> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="STATEFUL_TRACKING_OPTIONS"><a class="permalink" href="#STATEFUL_TRACKING_OPTIONS">STATEFUL - TRACKING OPTIONS</a></h1> -<p class="Pp">A number of options related to stateful tracking can be applied on - a per-rule basis. <var class="Ar">keep state</var>, <var class="Ar">modulate - state</var> and <var class="Ar">synproxy state</var> support these options, - and <var class="Ar">keep state</var> must be specified explicitly to apply - options to a rule.</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">max</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Limits the number of concurrent states the rule may create. When this - limit is reached, further packets that would create state are dropped - until existing states time out.</dd> - <dt><var class="Ar">no-sync</var></dt> - <dd>Prevent state changes for states created by this rule from appearing on - the <a class="Xr">pfsync(4)</a> interface.</dd> - <dt>⟨<var class="Ar">timeout</var>⟩ - ⟨<var class="Ar">seconds</var>⟩</dt> - <dd>Changes the timeout values used for states created by this rule. For a - list of all valid timeout names, see - <a class="Sx" href="#OPTIONS">OPTIONS</a> above.</dd> - <dt><var class="Ar">sloppy</var></dt> - <dd>Uses a sloppy TCP connection tracker that does not check sequence numbers - at all, which makes insertion and ICMP teardown attacks way easier. This - is intended to be used in situations where one does not see all packets of - a connection, e.g. in asymmetric routing situations. Cannot be used with - modulate or synproxy state.</dd> - <dt><var class="Ar">pflow</var></dt> - <dd>States created by this rule are exported on the <a class="Xr">pflow(4)</a> - interface.</dd> - <dt><var class="Ar">allow-related</var></dt> - <dd>Automatically allow connections related to this one, regardless of rules - that might otherwise affect them. This currently only applies to SCTP - multihomed connection.</dd> -</dl> -<p class="Pp">Multiple options can be specified, separated by commas:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass in proto tcp from any to any \ - port www keep state \ - (max 100, source-track rule, max-src-nodes 75, \ - max-src-states 3, tcp.established 60, tcp.closing 5)</pre> -</div> -<p class="Pp">When the <var class="Ar">source-track</var> keyword is specified, - the number of states per source IP is tracked.</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">source-track rule</var></dt> - <dd>The maximum number of states created by this rule is limited by the rule's - <var class="Ar">max-src-nodes</var> and - <var class="Ar">max-src-states</var> options. Only state entries created - by this particular rule count toward the rule's limits.</dd> - <dt><var class="Ar">source-track global</var></dt> - <dd>The number of states created by all rules that use this option is limited. - Each rule can specify different <var class="Ar">max-src-nodes</var> and - <var class="Ar">max-src-states</var> options, however state entries - created by any participating rule count towards each individual rule's - limits.</dd> -</dl> -<p class="Pp">The following limits can be set:</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">max-src-nodes</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Limits the maximum number of source addresses which can simultaneously - have state table entries.</dd> - <dt><var class="Ar">max-src-states</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Limits the maximum number of simultaneous state entries that a single - source address can create with this rule.</dd> -</dl> -<p class="Pp">For stateful TCP connections, limits on established connections - (connections which have completed the TCP 3-way handshake) can also be - enforced per source IP.</p> -<p class="Pp"></p> -<dl class="Bl-tag Bl-compact"> - <dt><var class="Ar">max-src-conn</var> - ⟨<var class="Ar">number</var>⟩</dt> - <dd>Limits the maximum number of simultaneous TCP connections which have - completed the 3-way handshake that a single host can make.</dd> - <dt><var class="Ar">max-src-conn-rate</var> - ⟨<var class="Ar">number</var>⟩ <span class="No">/</span> - ⟨<var class="Ar">seconds</var>⟩</dt> - <dd>Limit the rate of new connections over a time interval. The connection - rate is an approximation calculated as a moving average.</dd> -</dl> -<p class="Pp">When one of these limits is reached, further packets that would - create state are dropped until existing states time out.</p> -<p class="Pp">Because the 3-way handshake ensures that the source address is not - being spoofed, more aggressive action can be taken based on these limits. - With the <var class="Ar">overload</var> - ⟨<var class="Ar">table</var>⟩ state option, source IP - addresses which hit either of the limits on established connections will be - added to the named table. This table can be used in the ruleset to block - further activity from the offending host, redirect it to a tarpit process, - or restrict its bandwidth.</p> -<p class="Pp">The optional <var class="Ar">flush</var> keyword kills all states - created by the matching rule which originate from the host which exceeds - these limits. The <var class="Ar">global</var> modifier to the flush command - kills all states originating from the offending host, regardless of which - rule created the state.</p> -<p class="Pp">For example, the following rules will protect the webserver - against hosts making more than 100 connections in 10 seconds. Any host which - connects faster than this rate will have its address added to the - ⟨bad_hosts⟩ table and have all states originating from it - flushed. Any new packets arriving from this host will be dropped - unconditionally by the block rule.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>block quick from <bad_hosts> -pass in on $ext_if proto tcp to $webserver port www keep state \ - (max-src-conn-rate 100/10, overload <bad_hosts> flush global)</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="OPERATING_SYSTEM_FINGERPRINTING"><a class="permalink" href="#OPERATING_SYSTEM_FINGERPRINTING">OPERATING - SYSTEM FINGERPRINTING</a></h1> -<p class="Pp">Passive OS Fingerprinting is a mechanism to inspect nuances of a - TCP connection's initial SYN packet and guess at the host's operating - system. Unfortunately these nuances are easily spoofed by an attacker so the - fingerprint is not useful in making security decisions. But the fingerprint - is typically accurate enough to make policy decisions upon.</p> -<p class="Pp">The fingerprints may be specified by operating system class, by - version, or by subtype/patchlevel. The class of an operating system is - typically the vendor or genre and would be <span class="Ux">OpenBSD</span> - for the <a class="Xr">pf(4)</a> firewall itself. The version of the oldest - available <span class="Ux">OpenBSD</span> release on the main FTP site would - be 2.6 and the fingerprint would be written</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">"OpenBSD 2.6"</code></div> -<p class="Pp">The subtype of an operating system is typically used to describe - the patchlevel if that patch led to changes in the TCP stack behavior. In - the case of <span class="Ux">OpenBSD</span>, the only subtype is for a - fingerprint that was normalized by the <var class="Ar">no-df</var> scrub - option and would be specified as</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">"OpenBSD 3.3 - no-df"</code></div> -<p class="Pp">Fingerprints for most popular operating systems are provided by - <a class="Xr">pf.os(5)</a>. Once <a class="Xr">pf(4)</a> is running, a - complete list of known operating system fingerprints may be listed by - running:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li"># pfctl -so</code></div> -<p class="Pp">Filter rules can enforce policy at any level of operating system - specification assuming a fingerprint is present. Policy could limit traffic - to approved operating systems or even ban traffic from hosts that aren't at - the latest service pack.</p> -<p class="Pp">The <var class="Ar">unknown</var> class can also be used as the - fingerprint which will match packets for which no operating system - fingerprint is known.</p> -<p class="Pp">Examples:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass out proto tcp from any os OpenBSD -block out proto tcp from any os Doors -block out proto tcp from any os "Doors PT" -block out proto tcp from any os "Doors PT SP3" -block out from any os "unknown" -pass on lo0 proto tcp from any os "OpenBSD 3.3 lo0"</pre> -</div> -<p class="Pp">Operating system fingerprinting is limited only to the TCP SYN - packet. This means that it will not work on other protocols and will not - match a currently established connection.</p> -<p class="Pp">Caveat: operating system fingerprints are occasionally wrong. - There are three problems: an attacker can trivially craft packets to appear - as any operating system; an operating system patch could change the stack - behavior and no fingerprints will match it until the database is updated; - and multiple operating systems may have the same fingerprint.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BLOCKING_SPOOFED_TRAFFIC"><a class="permalink" href="#BLOCKING_SPOOFED_TRAFFIC">BLOCKING - SPOOFED TRAFFIC</a></h1> -<p class="Pp">"Spoofing" is the faking of IP addresses, typically for - malicious purposes. The <var class="Ar">antispoof</var> directive expands to - a set of filter rules which will block all traffic with a source IP from the - network(s) directly connected to the specified interface(s) from entering - the system through any other interface.</p> -<p class="Pp">For example, the line</p> -<div class="Bd Pp Bd-indent Li"> -<pre>antispoof for lo0</pre> -</div> -<p class="Pp">expands to</p> -<div class="Bd Pp Bd-indent Li"> -<pre>block drop in on ! lo0 inet from 127.0.0.1/8 to any -block drop in on ! lo0 inet6 from ::1 to any</pre> -</div> -<p class="Pp">For non-loopback interfaces, there are additional rules to block - incoming packets with a source IP address identical to the interface's - IP(s). For example, assuming the interface wi0 had an IP address of 10.0.0.1 - and a netmask of 255.255.255.0, the line</p> -<div class="Bd Pp Bd-indent Li"> -<pre>antispoof for wi0 inet</pre> -</div> -<p class="Pp">expands to</p> -<div class="Bd Pp Bd-indent Li"> -<pre>block drop in on ! wi0 inet from 10.0.0.0/24 to any -block drop in inet from 10.0.0.1 to any</pre> -</div> -<p class="Pp">Caveat: Rules created by the <var class="Ar">antispoof</var> - directive interfere with packets sent over loopback interfaces to local - addresses. One should pass these explicitly.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FRAGMENT_HANDLING"><a class="permalink" href="#FRAGMENT_HANDLING">FRAGMENT - HANDLING</a></h1> -<p class="Pp">The size of IP datagrams (packets) can be significantly larger - than the maximum transmission unit (MTU) of the network. In cases when it is - necessary or more efficient to send such large packets, the large packet - will be fragmented into many smaller packets that will each fit onto the - wire. Unfortunately for a firewalling device, only the first logical - fragment will contain the necessary header information for the subprotocol - that allows <a class="Xr">pf(4)</a> to filter on things such as TCP ports or - to perform NAT.</p> -<p class="Pp">Besides the use of <var class="Ar">set reassemble</var> option or - <var class="Ar">scrub</var> rules as described in - <a class="Sx" href="#TRAFFIC_NORMALIZATION">TRAFFIC NORMALIZATION</a> above, - there are three options for handling fragments in the packet filter.</p> -<p class="Pp">One alternative is to filter individual fragments with filter - rules. If no <var class="Ar">scrub</var> rule applies to a fragment or - <var class="Ar">set reassemble</var> is set to <code class="Cm">no</code> , - it is passed to the filter. Filter rules with matching IP header parameters - decide whether the fragment is passed or blocked, in the same way as - complete packets are filtered. Without reassembly, fragments can only be - filtered based on IP header fields (source/destination address, protocol), - since subprotocol header fields are not available (TCP/UDP port numbers, - ICMP code/type). The <var class="Ar">fragment</var> option can be used to - restrict filter rules to apply only to fragments, but not complete packets. - Filter rules without the <var class="Ar">fragment</var> option still apply - to fragments, if they only specify IP header fields. For instance, the - rule</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass in proto tcp from any to any port 80</pre> -</div> -<p class="Pp">never applies to a fragment, even if the fragment is part of a TCP - packet with destination port 80, because without reassembly this information - is not available for each fragment. This also means that fragments cannot - create new or match existing state table entries, which makes stateful - filtering and address translation (NAT, redirection) for fragments - impossible.</p> -<p class="Pp">It's also possible to reassemble only certain fragments by - specifying source or destination addresses or protocols as parameters in - <var class="Ar">scrub</var> rules.</p> -<p class="Pp">In most cases, the benefits of reassembly outweigh the additional - memory cost, and it's recommended to use <var class="Ar">set - reassemble</var> option or <var class="Ar">scrub</var> rules with the - <var class="Ar">fragment reassemble</var> modifier to reassemble all - fragments.</p> -<p class="Pp">The memory allocated for fragment caching can be limited using - <a class="Xr">pfctl(8)</a>. Once this limit is reached, fragments that would - have to be cached are dropped until other entries time out. The timeout - value can also be adjusted.</p> -<p class="Pp">When forwarding reassembled IPv6 packets, pf refragments them with - the original maximum fragment size. This allows the sender to determine the - optimal fragment size by path MTU discovery.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="ANCHORS"><a class="permalink" href="#ANCHORS">ANCHORS</a></h1> -<p class="Pp">Besides the main ruleset, <a class="Xr">pfctl(8)</a> can load - rulesets into <var class="Ar">anchor</var> attachment points. An - <var class="Ar">anchor</var> is a container that can hold rules, address - tables, and other anchors.</p> -<p class="Pp">An <var class="Ar">anchor</var> has a name which specifies the - path where <a class="Xr">pfctl(8)</a> can be used to access the anchor to - perform operations on it, such as attaching child anchors to it or loading - rules into it. Anchors may be nested, with components separated by - ‘/’ characters, similar to how file system hierarchies are - laid out. The main ruleset is actually the default anchor, so filter and - translation rules, for example, may also be contained in any anchor.</p> -<p class="Pp">An anchor can reference another <var class="Ar">anchor</var> - attachment point using the following kinds of rules:</p> -<dl class="Bl-tag"> - <dt><var class="Ar">nat-anchor</var> - ⟨<var class="Ar">name</var>⟩</dt> - <dd>Evaluates the <var class="Ar">nat</var> rules in the specified - <var class="Ar">anchor</var>.</dd> - <dt><var class="Ar">rdr-anchor</var> - ⟨<var class="Ar">name</var>⟩</dt> - <dd>Evaluates the <var class="Ar">rdr</var> rules in the specified - <var class="Ar">anchor</var>.</dd> - <dt><var class="Ar">binat-anchor</var> - ⟨<var class="Ar">name</var>⟩</dt> - <dd>Evaluates the <var class="Ar">binat</var> rules in the specified - <var class="Ar">anchor</var>.</dd> - <dt><var class="Ar">anchor</var> - ⟨<var class="Ar">name</var>⟩</dt> - <dd>Evaluates the filter rules in the specified - <var class="Ar">anchor</var>.</dd> - <dt><var class="Ar">load anchor</var> - ⟨<var class="Ar">name</var>⟩ <var class="Ar">from</var> - ⟨<var class="Ar">file</var>⟩</dt> - <dd>Loads the rules from the specified file into the anchor - <var class="Ar">name</var>.</dd> -</dl> -<p class="Pp">When evaluation of the main ruleset reaches an - <var class="Ar">anchor</var> rule, <a class="Xr">pf(4)</a> will proceed to - evaluate all rules specified in that anchor.</p> -<p class="Pp">Matching filter and translation rules marked with the - <var class="Ar">quick</var> option are final and abort the evaluation of the - rules in other anchors and the main ruleset. If the - <var class="Ar">anchor</var> itself is marked with the - <var class="Ar">quick</var> option, ruleset evaluation will terminate when - the anchor is exited if the packet is matched by any rule within the - anchor.</p> -<p class="Pp"><var class="Ar">anchor</var> rules are evaluated relative to the - anchor in which they are contained. For example, all - <var class="Ar">anchor</var> rules specified in the main ruleset will - reference anchor attachment points underneath the main ruleset, and - <var class="Ar">anchor</var> rules specified in a file loaded from a - <var class="Ar">load anchor</var> rule will be attached under that anchor - point.</p> -<p class="Pp">Rules may be contained in <var class="Ar">anchor</var> attachment - points which do not contain any rules when the main ruleset is loaded, and - later such anchors can be manipulated through <a class="Xr">pfctl(8)</a> - without reloading the main ruleset or other anchors. For example,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>ext_if = "kue0" -block on $ext_if all -anchor spam -pass out on $ext_if all -pass in on $ext_if proto tcp from any \ - to $ext_if port smtp</pre> -</div> -<p class="Pp">blocks all packets on the external interface by default, then - evaluates all rules in the <var class="Ar">anchor</var> named - "spam", and finally passes all outgoing connections and incoming - connections to port 25.</p> -<div class="Bd Pp Bd-indent Li"> -<pre># echo "block in quick from 1.2.3.4 to any" | \ - pfctl -a spam -f -</pre> -</div> -<p class="Pp">This loads a single rule into the <var class="Ar">anchor</var>, - which blocks all packets from a specific address.</p> -<p class="Pp">The anchor can also be populated by adding a <var class="Ar">load - anchor</var> rule after the <var class="Ar">anchor</var> rule:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>anchor spam -load anchor spam from "/etc/pf-spam.conf"</pre> -</div> -<p class="Pp">When <a class="Xr">pfctl(8)</a> loads - <code class="Nm">pf.conf</code>, it will also load all the rules from the - file <span class="Pa">/etc/pf-spam.conf</span> into the anchor.</p> -<p class="Pp">Optionally, <var class="Ar">anchor</var> rules can specify packet - filtering parameters using the same syntax as filter rules. When parameters - are used, the <var class="Ar">anchor</var> rule is only evaluated for - matching packets. This allows conditional evaluation of anchors, like:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>block on $ext_if all -anchor spam proto tcp from any to any port smtp -pass out on $ext_if all -pass in on $ext_if proto tcp from any to $ext_if port smtp</pre> -</div> -<p class="Pp">The rules inside <var class="Ar">anchor</var> spam are only - evaluated for <var class="Ar">tcp</var> packets with destination port 25. - Hence,</p> -<div class="Bd Pp Bd-indent Li"> -<pre># echo "block in quick from 1.2.3.4 to any" | \ - pfctl -a spam -f -</pre> -</div> -<p class="Pp">will only block connections from 1.2.3.4 to port 25.</p> -<p class="Pp">Anchors may end with the asterisk (‘*’) character, - which signifies that all anchors attached at that point should be evaluated - in the alphabetical ordering of their anchor name. For example,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>anchor "spam/*"</pre> -</div> -<p class="Pp">will evaluate each rule in each anchor attached to the - <code class="Li">spam</code> anchor. Note that it will only evaluate anchors - that are directly attached to the <code class="Li">spam</code> anchor, and - will not descend to evaluate anchors recursively.</p> -<p class="Pp">Since anchors are evaluated relative to the anchor in which they - are contained, there is a mechanism for accessing the parent and ancestor - anchors of a given anchor. Similar to file system path name resolution, if - the sequence “..” appears as an anchor path component, the - parent anchor of the current anchor in the path evaluation at that point - will become the new current anchor. As an example, consider the - following:</p> -<div class="Bd Pp Bd-indent Li"> -<pre># echo ' anchor "spam/allowed" ' | pfctl -f - -# echo -e ' anchor "../banned" \n pass' | \ - pfctl -a spam/allowed -f -</pre> -</div> -<p class="Pp">Evaluation of the main ruleset will lead into the - <code class="Li">spam/allowed</code> anchor, which will evaluate the rules - in the <code class="Li">spam/banned</code> anchor, if any, before finally - evaluating the <var class="Ar">pass</var> rule.</p> -<p class="Pp">An <var class="Ar">anchor</var> rule can also contain a filter - ruleset in a brace-delimited block. In that case, no separate loading of - rules into the anchor is required. Brace delimited blocks may contain rules - or other brace-delimited blocks. When an anchor is populated this way, the - anchor name becomes optional.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>anchor "external" on $ext_if { - block - anchor out { - pass proto tcp from any to port { 25, 80, 443 } - } - pass in proto tcp to any port 22 -}</pre> -</div> -<p class="Pp">Since the parser specification for anchor names is a string, any - reference to an anchor name containing ‘/’ characters will - require double quote (‘"’) characters around the anchor - name.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SCTP_CONSIDERATIONS"><a class="permalink" href="#SCTP_CONSIDERATIONS">SCTP - CONSIDERATIONS</a></h1> -<p class="Pp"><a class="Xr">pf(4)</a> supports <a class="Xr">sctp(4)</a> - connections. It can match ports, track state and NAT SCTP traffic. However, - it will not alter port numbers during nat or rdr translations. Doing so - would break SCTP multihoming.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="TRANSLATION_EXAMPLES"><a class="permalink" href="#TRANSLATION_EXAMPLES">TRANSLATION - EXAMPLES</a></h1> -<p class="Pp">This example maps incoming requests on port 80 to port 8080, on - which a daemon is running (because, for example, it is not run as root, and - therefore lacks permission to bind to port 80).</p> -<div class="Bd Pp Bd-indent Li"> -<pre># use a macro for the interface name, so it can be changed easily -ext_if = "ne3" - -# map daemon on 8080 to appear to be on 80 -match in on $ext_if proto tcp from any to any port 80 \ - rdr-to 127.0.0.1 port 8080</pre> -</div> -<p class="Pp">If a <var class="Ar">pass</var> rule is used with the - <var class="Ar">quick</var> modifier, packets matching the translation rule - are passed without inspecting subsequent filter rules:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass in quick on $ext_if proto tcp from any to any port 80 \ - rdr-to 127.0.0.1 port 8080</pre> -</div> -<p class="Pp">In the example below, vlan12 is configured as 192.168.168.1; the - machine translates all packets coming from 192.168.168.0/24 to 204.92.77.111 - when they are going out any interface except vlan12. This has the net effect - of making traffic from the 192.168.168.0/24 network appear as though it is - the Internet routable address 204.92.77.111 to nodes behind any interface on - the router except for the nodes on vlan12. (Thus, 192.168.168.1 can talk to - the 192.168.168.0/24 nodes.)</p> -<div class="Bd Pp Bd-indent Li"> -<pre>match out on ! vlan12 from 192.168.168.0/24 to any nat-to 204.92.77.111</pre> -</div> -<p class="Pp">This longer example uses both a NAT and a redirection. The - external interface has the address 157.161.48.183. On localhost, we are - running <a class="Xr">ftp-proxy(8)</a>, waiting for FTP sessions to be - redirected to it. The three mandatory anchors for - <a class="Xr">ftp-proxy(8)</a> are omitted from this example; see the - <a class="Xr">ftp-proxy(8)</a> manpage.</p> -<div class="Bd Pp Bd-indent Li"> -<pre># NAT -# Translate outgoing packets' source addresses (any protocol). -# In this case, any address but the gateway's external address is mapped. -pass out on $ext_if inet from ! ($ext_if) to any nat-to ($ext_if) - -# NAT PROXYING -# Map outgoing packets' source port to an assigned proxy port instead of -# an arbitrary port. -# In this case, proxy outgoing isakmp with port 500 on the gateway. -pass out on $ext_if inet proto udp from any port = isakmp to any \ - nat-to ($ext_if) port 500 - -# BINAT -# Translate outgoing packets' source address (any protocol). -# Translate incoming packets' destination address to an internal machine -# (bidirectional). -pass on $ext_if from 10.1.2.150 to any binat-to $ext_if - -# Translate packets arriving on $peer_if addressed to 172.22.16.0/20 -# to the corresponding address in 172.21.16.0/20 (bidirectional). -pass on $peer_if from 172.21.16.0/20 to any binat-to 172.22.16.0/20 - -# RDR -# Translate incoming packets' destination addresses. -# As an example, redirect a TCP and UDP port to an internal machine. -pass in on $ext_if inet proto tcp from any to ($ext_if) port 8080 \ - rdr-to 10.1.2.151 port 22 -pass in on $ext_if inet proto udp from any to ($ext_if) port 8080 \ - rdr-to 10.1.2.151 port 53 - -# RDR -# Translate outgoing ftp control connections to send them to localhost -# for proxying with ftp-proxy(8) running on port 8021. -pass in on $int_if proto tcp from any to any port 21 \ - rdr-to 127.0.0.1 port 8021</pre> -</div> -<p class="Pp">In this example, a NAT gateway is set up to translate internal - addresses using a pool of public addresses (192.0.2.16/28) and to redirect - incoming web server connections to a group of web servers on the internal - network.</p> -<div class="Bd Pp Bd-indent Li"> -<pre># NAT LOAD BALANCE -# Translate outgoing packets' source addresses using an address pool. -# A given source address is always translated to the same pool address by -# using the source-hash keyword. -pass out on $ext_if inet from any to any nat-to 192.0.2.16/28 source-hash - -# RDR ROUND ROBIN -# Translate incoming web server connections to a group of web servers on -# the internal network. -pass in on $ext_if proto tcp from any to any port 80 \ - rdr-to { 10.1.2.155, 10.1.2.160, 10.1.2.161 } round-robin</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="COMPATIBILITY_TRANSLATION_EXAMPLES"><a class="permalink" href="#COMPATIBILITY_TRANSLATION_EXAMPLES">COMPATIBILITY - TRANSLATION EXAMPLES</a></h1> -<p class="Pp">In the example below, the machine sits between a fake internal - 144.19.74.* network, and a routable external IP of 204.92.77.100. The - <var class="Ar">no nat</var> rule excludes protocol AH from being - translated.</p> -<div class="Bd Pp Bd-indent Li"> -<pre># NAT -no nat on $ext_if proto ah from 144.19.74.0/24 to any -nat on $ext_if from 144.19.74.0/24 to any -> 204.92.77.100</pre> -</div> -<p class="Pp">In the example below, packets bound for one specific server, as - well as those generated by the sysadmins are not proxied; all other - connections are.</p> -<div class="Bd Pp Bd-indent Li"> -<pre># RDR -no rdr on $int_if proto { tcp, udp } from any to $server port 80 -no rdr on $int_if proto { tcp, udp } from $sysadmins to any port 80 -rdr on $int_if proto { tcp, udp } from any to any port 80 \ - -> 127.0.0.1 port 80</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILTER_EXAMPLES"><a class="permalink" href="#FILTER_EXAMPLES">FILTER - EXAMPLES</a></h1> -<div class="Bd Bd-indent Li"> -<pre># The external interface is kue0 -# (157.161.48.183, the only routable address) -# and the private network is 10.0.0.0/8, for which we are doing NAT. - -# Reassemble incoming traffic -set reassemble yes - -# use a macro for the interface name, so it can be changed easily -ext_if = "kue0" - -# block and log everything by default -block return log on $ext_if all - -# block anything coming from source we have no back routes for -block in from no-route to any - -# block packets whose ingress interface does not match the one in -# the route back to their source address -block in from urpf-failed to any - -# block and log outgoing packets that do not have our address as source, -# they are either spoofed or something is misconfigured (NAT disabled, -# for instance), we want to be nice and do not send out garbage. -block out log quick on $ext_if from ! 157.161.48.183 to any - -# silently drop broadcasts (cable modem noise) -block in quick on $ext_if from any to 255.255.255.255 - -# block and log incoming packets from reserved address space and invalid -# addresses, they are either spoofed or misconfigured, we cannot reply to -# them anyway (hence, no return-rst). -block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, \ - 192.168.0.0/16, 255.255.255.255/32 } to any - -# ICMP - -# pass out/in certain ICMP queries and keep state (ping) -# state matching is done on host addresses and ICMP id (not type/code), -# so replies (like 0/0 for 8/0) will match queries -# ICMP error messages (which always refer to a TCP/UDP packet) are -# handled by the TCP/UDP states -pass on $ext_if inet proto icmp all icmp-type 8 code 0 - -# UDP - -# pass out all UDP connections and keep state -pass out on $ext_if proto udp all - -# pass in certain UDP connections and keep state (DNS) -pass in on $ext_if proto udp from any to any port domain - -# TCP - -# pass out all TCP connections and modulate state -pass out on $ext_if proto tcp all modulate state - -# pass in certain TCP connections and keep state (SSH, SMTP, DNS, IDENT) -pass in on $ext_if proto tcp from any to any port { ssh, smtp, domain, \ - auth } - -# Do not allow Windows 9x SMTP connections since they are typically -# a viral worm. Alternately we could limit these OSes to 1 connection each. -block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \ - to any port smtp - -# IPv6 -# pass in/out all IPv6 traffic: note that we have to enable this in two -# different ways, on both our physical interface and our tunnel -pass quick on gif0 inet6 -pass quick on $ext_if proto ipv6 - -# Packet Tagging - -# three interfaces: $int_if, $ext_if, and $wifi_if (wireless). NAT is -# being done on $ext_if for all outgoing packets. tag packets in on -# $int_if and pass those tagged packets out on $ext_if. all other -# outgoing packets (i.e., packets from the wireless network) are only -# permitted to access port 80. - -pass in on $int_if from any to any tag INTNET -pass in on $wifi_if from any to any - -block out on $ext_if from any to any -pass out quick on $ext_if tagged INTNET -pass out on $ext_if proto tcp from any to any port 80 - -# tag incoming packets as they are redirected to spamd(8). use the tag -# to pass those packets through the packet filter. - -rdr on $ext_if inet proto tcp from <spammers> to port smtp \ - tag SPAMD -> 127.0.0.1 port spamd - -block in on $ext_if -pass in on $ext_if inet proto tcp tagged SPAMD</pre> -</div> -<p class="Pp">In the example below, a router handling both address families - translates an internal IPv4 subnet to IPv6 using the well-known 64:ff9b::/96 - prefix:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass in on $v4_if inet af-to inet6 from ($v6_if) to 64:ff9b::/96</pre> -</div> -<p class="Pp">Paired with the example above, the example below can be used on - another router handling both address families to translate back to IPv4:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>pass in on $v6_if inet6 to 64:ff9b::/96 af-to inet from ($v4_if)</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="GRAMMAR"><a class="permalink" href="#GRAMMAR">GRAMMAR</a></h1> -<p class="Pp">Syntax for <code class="Nm">pf.conf</code> in BNF:</p> -<div class="Bd Pp Li"> -<pre>line = ( option | ether-rule | pf-rule | nat-rule | binat-rule | - rdr-rule | antispoof-rule | altq-rule | queue-rule | - trans-anchors | anchor-rule | anchor-close | load-anchor | - table-rule | include ) - -option = "set" ( [ "timeout" ( timeout | "{" timeout-list "}" ) ] | - [ "ruleset-optimization" [ "none" | "basic" | "profile" ]] | - [ "optimization" [ "default" | "normal" | - "high-latency" | "satellite" | - "aggressive" | "conservative" ] ] - [ "limit" ( limit-item | "{" limit-list "}" ) ] | - [ "loginterface" ( interface-name | "none" ) ] | - [ "block-policy" ( "drop" | "return" ) ] | - [ "state-policy" ( "if-bound" | "floating" ) ] - [ "state-defaults" state-opts ] - [ "require-order" ( "yes" | "no" ) ] - [ "fingerprints" filename ] | - [ "skip on" ifspec ] | - [ "debug" ( "none" | "urgent" | "misc" | "loud" ) ] - [ "keepcounters" ] ) - -ether-rule = "ether" etheraction [ ( "in" | "out" ) ] - [ "quick" ] [ "on" ifspec ] [ "bridge-to" interface-name ] - [ etherprotospec ] [ etherhosts ] [ "l3" hosts ] - [ etherfilteropt-list ] - -pf-rule = action [ ( "in" | "out" ) ] - [ "log" [ "(" logopts ")"] ] [ "quick" ] - [ "on" ifspec ] [ route ] [ af ] [ protospec ] - [ hosts ] [ filteropt-list ] - -logopts = logopt [ "," logopts ] -logopt = "all" | "matches" | "user" | "to" interface-name - -etherfilteropt-list = etherfilteropt-list etherfilteropt | etherfilteropt -etherfilteropt = "tag" string | "tagged" string | "queue" ( string ) | - "ridentifier" number | "label" string - -filteropt-list = filteropt-list filteropt | filteropt -filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | - "af-to" af "from" ( redirhost | "{" redirhost-list "}" ) - [ "to" ( redirhost | "{" redirhost-list "}" ) ] | - ( "no" | "keep" | "modulate" | "synproxy" ) "state" - [ "(" state-opts ")" ] | - "fragment" | "no-df" | "min-ttl" number | "set-tos" tos | - "max-mss" number | "random-id" | "reassemble tcp" | - fragmentation | "allow-opts" | "once" | - "label" string | "tag" string | [ "!" ] "tagged" string | - "max-pkt-rate" number "/" seconds | - "set prio" ( number | "(" number [ [ "," ] number ] ")" ) | - "max-pkt-size" number | - "queue" ( string | "(" string [ [ "," ] string ] ")" ) | - "rtable" number | "probability" number"%" | "prio" number | - "state limiter" name | - "state limiter" name "(" limiter-opts ")" | - "source limiter" name | - "source limiter" name "(" limiter-opts ")" | "prio" number | - "dnpipe" ( number | "(" number "," number ")" ) | - "dnqueue" ( number | "(" number "," number ")" ) | - "ridentifier" number | - "binat-to" ( redirhost | "{" redirhost-list "}" ) - [ portspec ] [ pooltype ] | - "rdr-to" ( redirhost | "{" redirhost-list "}" ) - [ portspec ] [ pooltype ] | - "nat-to" ( redirhost | "{" redirhost-list "}" ) - [ portspec ] [ pooltype ] [ "static-port" ] | - [ ! ] "received-on" ( interface-name | interface-group ) - -nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] - [ "on" ifspec ] [ af ] - [ protospec ] hosts [ "tag" string ] [ "tagged" string ] - [ "->" ( redirhost | "{" redirhost-list "}" ) - [ portspec ] [ pooltype ] [ "static-port" ] - [ "map-e-portset" number "/" number "/" number ] ] - -binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] - [ "on" interface-name ] [ af ] - [ "proto" ( proto-name | proto-number ) ] - "from" address [ "/" mask-bits ] "to" ipspec - [ "tag" string ] [ "tagged" string ] - [ "->" address [ "/" mask-bits ] ] - -rdr-rule = [ "no" ] "rdr" [ "pass" [ "log" [ "(" logopts ")" ] ] ] - [ "on" ifspec ] [ af ] - [ protospec ] hosts [ "tag" string ] [ "tagged" string ] - [ "->" ( redirhost | "{" redirhost-list "}" ) - [ portspec ] [ pooltype ] ] - -antispoof-rule = "antispoof" [ "log" ] [ "quick" ] - "for" ifspec [ af ] [ "label" string ] - [ "ridentifier" number ] - -table-rule = "table" "<" string ">" [ tableopts-list ] -tableopts-list = tableopts-list tableopts | tableopts -tableopts = "persist" | "const" | "counters" | "file" string | - "{" [ tableaddr-list ] "}" -tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec -tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ] -tableaddr = hostname | ifspec | "self" | - ipv4-dotted-quad | ipv6-coloned-hex - -altq-rule = "altq on" interface-name queueopts-list - "queue" subqueue -queue-rule = "queue" string [ "on" interface-name ] queueopts-list - subqueue - -anchor-rule = "anchor" [ string ] [ ( "in" | "out" ) ] [ "on" ifspec ] - [ af ] [ protospec ] [ hosts ] [ filteropt-list ] [ "{" ] - -anchor-close = "}" - -trans-anchors = ( "nat-anchor" | "rdr-anchor" | "binat-anchor" ) string - [ "on" ifspec ] [ af ] [ "proto" ] [ protospec ] [ hosts ] - -load-anchor = "load anchor" string "from" filename - -queueopts-list = queueopts-list queueopts | queueopts -queueopts = [ "bandwidth" bandwidth-spec ] | - [ "qlimit" number ] | [ "tbrsize" number ] | - [ "priority" number ] | [ schedulers ] -schedulers = ( cbq-def | priq-def | hfsc-def ) -bandwidth-spec = "number" ( "b" | "Kb" | "Mb" | "Gb" | "%" ) - -etheraction = "pass" | "block" -action = "pass" | "match" | "block" [ return ] | [ "no" ] "scrub" -return = "drop" | "return" | "return-rst" [ "( ttl" number ")" ] | - "return-icmp" [ "(" icmpcode [ [ "," ] icmp6code ] ")" ] | - "return-icmp6" [ "(" icmp6code ")" ] -icmpcode = ( icmp-code-name | icmp-code-number ) -icmp6code = ( icmp6-code-name | icmp6-code-number ) - -ifspec = ( [ "!" ] ( interface-name | interface-group ) ) | - "{" interface-list "}" -interface-list = [ "!" ] ( interface-name | interface-group ) - [ [ "," ] interface-list ] -route = ( "route-to" | "reply-to" | "dup-to" ) - ( routehost | "{" routehost-list "}" ) - [ pooltype ] -af = "inet" | "inet6" - -etherprotospec = "proto" ( proto-number | "{" etherproto-list "}" ) -etherproto-list = proto-number [ [ "," ] etherproto-list ] -protospec = "proto" ( proto-name | proto-number | - "{" proto-list "}" ) -proto-list = ( proto-name | proto-number ) [ [ "," ] proto-list ] - -etherhosts = "from" macaddress "to" macaddress -macaddress = mac | mac "/" masklen | mac "&" mask - -hosts = "all" | - "from" ( "any" | "no-route" | "urpf-failed" | "self" | host | - "{" host-list "}" ) [ port ] [ os ] - "to" ( "any" | "no-route" | "self" | host | - "{" host-list "}" ) [ port ] - -ipspec = "any" | host | "{" host-list "}" -host = [ "!" ] ( address [ "/" mask-bits ] | "<" string ">" ) -redirhost = address [ "/" mask-bits ] -routehost = "(" interface-name address [ "/" mask-bits ] ")" -address = ( interface-name | interface-group | - "(" ( interface-name | interface-group ) ")" | - hostname | ipv4-dotted-quad | ipv6-coloned-hex ) -host-list = host [ [ "," ] host-list ] -redirhost-list = redirhost [ [ "," ] redirhost-list ] -routehost-list = routehost [ [ "," ] routehost-list ] - -port = "port" ( unary-op | binary-op | "{" op-list "}" ) -portspec = "port" ( number | name ) [ ":" ( "*" | number | name ) ] -os = "os" ( os-name | "{" os-list "}" ) -user = "user" ( unary-op | binary-op | "{" op-list "}" ) -group = "group" ( unary-op | binary-op | "{" op-list "}" ) - -unary-op = [ "=" | "!=" | "<" | "<=" | ">" | ">=" ] - ( name | number ) -binary-op = number ( "<>" | "><" | ":" ) number -op-list = ( unary-op | binary-op ) [ [ "," ] op-list ] - -os-name = operating-system-name -os-list = os-name [ [ "," ] os-list ] - -flags = "flags" ( [ flag-set ] "/" flag-set | "any" ) -flag-set = [ "F" ] [ "S" ] [ "R" ] [ "P" ] [ "A" ] [ "U" ] [ "E" ] - [ "W" ] - -icmp-type = "icmp-type" ( icmp-type-code | "{" icmp-list "}" ) -icmp6-type = "icmp6-type" ( icmp-type-code | "{" icmp-list "}" ) -icmp-type-code = ( icmp-type-name | icmp-type-number ) - [ "code" ( icmp-code-name | icmp-code-number ) ] -icmp-list = icmp-type-code [ [ "," ] icmp-list ] - -tos = ( "lowdelay" | "throughput" | "reliability" | - [ "0x" ] number ) - -state-opts = state-opt [ [ "," ] state-opts ] -state-opt = ( "max" number | "no-sync" | timeout | "sloppy" | - "source-track" [ ( "rule" | "global" ) ] | - "max-src-nodes" number | "max-src-states" number | - "max-src-conn" number | - "max-src-conn-rate" number "/" number | - "overload" "<" string ">" [ "flush" ] | - "if-bound" | "floating" | "pflow" ) - -fragmentation = [ "fragment reassemble" ] - -timeout-list = timeout [ [ "," ] timeout-list ] -timeout = ( "tcp.first" | "tcp.opening" | "tcp.established" | - "tcp.closing" | "tcp.finwait" | "tcp.closed" | "tcp.tsdiff" | - "sctp.first" | "sctp.opening" | "sctp.established" | - "sctp.closing" | "sctp.closed" | - "udp.first" | "udp.single" | "udp.multiple" | - "icmp.first" | "icmp.error" | - "other.first" | "other.single" | "other.multiple" | - "frag" | "interval" | "src.track" | - "adaptive.start" | "adaptive.end" ) number - -limit-list = limit-item [ [ "," ] limit-list ] -limit-item = ( "states" | "frags" | "src-nodes" ) number - -pooltype = ( "bitmask" | "random" | - "source-hash" [ ( hex-key | string-key ) ] | - "round-robin" ) [ sticky-address | prefer-ipv6-nexthop ] - -subqueue = string | "{" queue-list "}" -queue-list = string [ [ "," ] string ] -cbq-def = "cbq" [ "(" cbq-opt [ [ "," ] cbq-opt ] ")" ] -priq-def = "priq" [ "(" priq-opt [ [ "," ] priq-opt ] ")" ] -hfsc-def = "hfsc" [ "(" hfsc-opt [ [ "," ] hfsc-opt ] ")" ] -cbq-opt = ( "default" | "borrow" | "red" | "ecn" | "rio" ) -priq-opt = ( "default" | "red" | "ecn" | "rio" ) -hfsc-opt = ( "default" | "red" | "ecn" | "rio" | - linkshare-sc | realtime-sc | upperlimit-sc ) -linkshare-sc = "linkshare" sc-spec -realtime-sc = "realtime" sc-spec -upperlimit-sc = "upperlimit" sc-spec -sc-spec = ( bandwidth-spec | - "(" bandwidth-spec number bandwidth-spec ")" ) -limiter-opts = "block" | "no-match" -include = "include" filename</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/hosts</span></dt> - <dd>Host name database.</dd> - <dt><span class="Pa">/etc/pf.conf</span></dt> - <dd>Default location of the ruleset file. The file has to be created manually - as it is not installed with a standard installation.</dd> - <dt><span class="Pa">/etc/pf.os</span></dt> - <dd>Default location of OS fingerprints.</dd> - <dt><span class="Pa">/etc/protocols</span></dt> - <dd>Protocol name database.</dd> - <dt><span class="Pa">/etc/services</span></dt> - <dd>Service name database.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">altq(4)</a>, <a class="Xr">carp(4)</a>, - <a class="Xr">icmp(4)</a>, <a class="Xr">icmp6(4)</a>, - <a class="Xr">ip(4)</a>, <a class="Xr">ip6(4)</a>, <a class="Xr">pf(4)</a>, - <a class="Xr">pflow(4)</a>, <a class="Xr">pfsync(4)</a>, - <a class="Xr">sctp(4)</a>, <a class="Xr">tcp(4)</a>, - <a class="Xr">udp(4)</a>, <a class="Xr">hosts(5)</a>, - <a class="Xr">pf.os(5)</a>, <a class="Xr">protocols(5)</a>, - <a class="Xr">services(5)</a>, <a class="Xr">ftp-proxy(8)</a>, - <a class="Xr">pfctl(8)</a>, <a class="Xr">pflogd(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">pf.conf</code> file format first appeared in - <span class="Ux">OpenBSD 3.0</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 22, 2026</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/pf.os.5 3.html b/static/freebsd/man5/pf.os.5 3.html deleted file mode 100644 index d3edd8b3..00000000 --- a/static/freebsd/man5/pf.os.5 3.html +++ /dev/null @@ -1,168 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PF.OS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PF.OS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">pf.os</code> — <span class="Nd">format of - the operating system fingerprints file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <a class="Xr">pf(4)</a> firewall and the - <a class="Xr">tcpdump(1)</a> program can both fingerprint the operating - system of hosts that originate an IPv4 TCP connection. The file consists of - newline-separated records, one per fingerprint, containing nine colon - (‘<code class="Li">:</code>’) separated fields. These fields - are as follows:</p> -<p class="Pp"></p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt>window</dt> - <dd>The TCP window size.</dd> - <dt>TTL</dt> - <dd>The IP time to live.</dd> - <dt>df</dt> - <dd>The presence of the IPv4 don't fragment bit.</dd> - <dt>packet size</dt> - <dd>The size of the initial TCP packet.</dd> - <dt>TCP options</dt> - <dd>An ordered list of the TCP options.</dd> - <dt>class</dt> - <dd>The class of operating system.</dd> - <dt>version</dt> - <dd>The version of the operating system.</dd> - <dt>subtype</dt> - <dd>The subtype of patchlevel of the operating system.</dd> - <dt>description</dt> - <dd>The overall textual description of the operating system, version and - subtype.</dd> -</dl> -</div> -<p class="Pp">The <var class="Ar">window</var> field corresponds to the - th->th_win field in the TCP header and is the source host's advertised - TCP window size. It may be between zero and 65,535 inclusive. The window - size may be given as a multiple of a constant by prepending the size with a - percent sign ‘%’ and the value will be used as a modulus. - Three special values may be used for the window size:</p> -<p class="Pp"></p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt>*</dt> - <dd>An asterisk will wildcard the value so any window size will match.</dd> - <dt>S</dt> - <dd>Allow any window size which is a multiple of the maximum segment size - (MSS).</dd> - <dt>T</dt> - <dd>Allow any window size which is a multiple of the maximum transmission unit - (MTU).</dd> -</dl> -</div> -<p class="Pp">The <var class="Ar">ttl</var> value is the initial time to live in - the IP header. The fingerprint code will account for the volatility of the - packet's TTL as it traverses a network.</p> -<p class="Pp">The <var class="Ar">df</var> bit corresponds to the Don't Fragment - bit in an IPv4 header. It tells intermediate routers not to fragment the - packet and is used for path MTU discovery. It may be either a zero or a - one.</p> -<p class="Pp">The <var class="Ar">packet size</var> is the literal size of the - full IP packet and is a function of all of the IP and TCP options.</p> -<p class="Pp">The <var class="Ar">TCP options</var> field is an ordered list of - the individual TCP options that appear in the SYN packet. Each option is - described by a single character separated by a comma and certain ones may - include a value. The options are:</p> -<p class="Pp"></p> -<div class="Bd-indent"> -<dl class="Bl-tag Bl-compact"> - <dt>Mnnn</dt> - <dd>maximum segment size (MSS) option. The value is the maximum packet size of - the network link which may include the ‘%’ modulus or match - all MSSes with the ‘*’ value.</dd> - <dt>N</dt> - <dd>the NOP option (NO Operation).</dd> - <dt>T[0]</dt> - <dd>the timestamp option. Certain operating systems always start with a zero - timestamp in which case a zero value is added to the option; otherwise no - value is appended.</dd> - <dt>S</dt> - <dd>the Selective ACKnowledgement OK (SACKOK) option.</dd> - <dt>Wnnn</dt> - <dd>window scaling option. The value is the size of the window scaling which - may include the ‘%’ modulus or match all window scalings - with the ‘*’ value.</dd> -</dl> -</div> -<p class="Pp">No TCP options in the fingerprint may be given with a single dot - ‘.’.</p> -<p class="Pp">An example of OpenBSD's TCP options are:</p> -<p class="Pp"></p> -<div class="Bd Bd-indent"><code class="Li">M*,N,N,S,N,W0,N,N,T</code></div> -<p class="Pp">The first option <var class="Ar">M*</var> is the MSS option and - will match all values. The second and third options <var class="Ar">N</var> - will match two NOPs. The fourth option <var class="Ar">S</var> will match - the SACKOK option. The fifth <var class="Ar">N</var> will match another NOP. - The sixth <var class="Ar">W0</var> will match a window scaling option with a - zero scaling size. The seventh and eighth <var class="Ar">N</var> options - will match two NOPs. And the ninth and final option <var class="Ar">T</var> - will match the timestamp option with any time value.</p> -<p class="Pp">The TCP options in a fingerprint will only match packets with the - exact same TCP options in the same order.</p> -<p class="Pp">The <var class="Ar">class</var> field is the class, genre or - vendor of the operating system.</p> -<p class="Pp">The <var class="Ar">version</var> is the version of the operating - system. It is used to distinguish between different fingerprints of - operating systems of the same class but different versions.</p> -<p class="Pp">The <var class="Ar">subtype</var> is the subtype or patch level of - the operating system version. It is used to distinguish between different - fingerprints of operating systems of the same class and same version but - slightly different patches or tweaking.</p> -<p class="Pp">The <var class="Ar">description</var> is a general description of - the operating system, its version, patchlevel and any further useful - details.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">The fingerprint of a plain <span class="Ux">OpenBSD 3.3</span> - host is:</p> -<div class="Bd Pp Li"> -<pre> 16384:64:1:64:M*,N,N,S,N,W0,N,N,T:OpenBSD:3.3::OpenBSD 3.3</pre> -</div> -<p class="Pp">The fingerprint of an <span class="Ux">OpenBSD 3.3</span> host - behind a PF scrubbing firewall with a no-df rule would be:</p> -<div class="Bd Pp Li"> -<pre> 16384:64:0:64:M*,N,N,S,N,W0,N,N,T:OpenBSD:3.3:!df:OpenBSD 3.3 scrub no-df</pre> -</div> -<p class="Pp">An absolutely braindead embedded operating system fingerprint - could be:</p> -<div class="Bd Pp Li"> -<pre> 65535:255:0:40:.:DUMMY:1.1:p3:Dummy embedded OS v1.1p3</pre> -</div> -<p class="Pp">The <a class="Xr">tcpdump(1)</a> output of</p> -<div class="Bd Pp Li"> -<pre> # tcpdump -s128 -c1 -nv 'tcp[13] == 2' - 03:13:48.118526 10.0.0.1.3377 > 10.0.0.2.80: S [tcp sum ok] \ - 534596083:534596083(0) win 57344 <mss 1460> (DF) [tos 0x10] \ - (ttl 64, id 11315, len 44)</pre> -</div> -<p class="Pp">almost translates into the following fingerprint</p> -<div class="Bd Pp Li"> -<pre> 57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">tcpdump(1)</a>, <a class="Xr">pf(4)</a>, - <a class="Xr">pf.conf(5)</a>, <a class="Xr">pfctl(8)</a></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">May 31, 2007</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/phones.5 4.html b/static/freebsd/man5/phones.5 4.html deleted file mode 100644 index e0a46d28..00000000 --- a/static/freebsd/man5/phones.5 4.html +++ /dev/null @@ -1,55 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PHONES(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PHONES(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">phones</code> — <span class="Nd">remote - host phone number data base</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <span class="Pa">/etc/phones</span> contains the - system-wide private phone numbers for the <a class="Xr">tip(1)</a> program. - This file is normally unreadable, and so may contain privileged information. - The format of the file is a series of lines of the form: - <system-name>[ \t]*<phone-number>. The system name is one - of those defined in the <a class="Xr">remote(5)</a> file and the phone - number is constructed from any sequence of characters terminated only by - ``,'' or the end of the line. The ``='' and ``*'' characters are indicators - to the auto call units to pause and wait for a second dial tone (when going - through an exchange). The ``='' is required by the DF02-AC and the ``*'' is - required by the BIZCOMP 1030.</p> -<p class="Pp">Only one phone number per line is permitted. However, if more than - one line in the file contains the same system name <a class="Xr">tip(1)</a> - will attempt to dial each one in turn, until it establishes a - connection.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/phones</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">tip(1)</a>, <a class="Xr">remote(5)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">phones</code> file appeared in - <span class="Ux">4.2BSD</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 5, 1993</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/portindex.5 3.html b/static/freebsd/man5/portindex.5 3.html deleted file mode 100644 index 15319e1a..00000000 --- a/static/freebsd/man5/portindex.5 3.html +++ /dev/null @@ -1,89 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PORTINDEX(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PORTINDEX(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">INDEX</code> — <span class="Nd">File - containing information about the state of the ports tree</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The port index file in <span class="Pa">/usr/ports</span> contains - various bits of information about the ports tree. Each major branch of - <span class="Ux">FreeBSD</span> has a separate index file, named - “INDEX-<var class="Ar">N</var>”, where <var class="Ar">N</var> - is the major version number of the <span class="Ux">FreeBSD</span> branch, - i.e.: <span class="Pa">INDEX-7</span>, or - <span class="Pa">INDEX-8</span>.</p> -<dl class="Bl-tag"> - <dt id="name"><a class="permalink" href="#name"><code class="Cm">name</code></a></dt> - <dd>The name of the package.</dd> - <dt id="path"><a class="permalink" href="#path"><code class="Cm">path</code></a></dt> - <dd>The path to the port directory.</dd> - <dt id="install"><a class="permalink" href="#install"><code class="Cm">install - prefix</code></a></dt> - <dd>The default install prefix.</dd> - <dt id="short"><a class="permalink" href="#short"><code class="Cm">short - description</code></a></dt> - <dd>A short description.</dd> - <dt id="full"><a class="permalink" href="#full"><code class="Cm">full - description</code></a></dt> - <dd>The path to the full description.</dd> - <dt id="maintainer"><a class="permalink" href="#maintainer"><code class="Cm">maintainer - email</code></a></dt> - <dd>The email address of the maintainer.</dd> - <dt id="index"><a class="permalink" href="#index"><code class="Cm">index</code></a></dt> - <dd>The categories this port is part of.</dd> - <dt id="build"><a class="permalink" href="#build"><code class="Cm">build - dependencies</code></a></dt> - <dd>Ports required to be installed prior to building this port.</dd> - <dt id="run"><a class="permalink" href="#run"><code class="Cm">run - dependencies</code></a></dt> - <dd>Ports required to be installed for this port to run.</dd> - <dt id="website"><a class="permalink" href="#website"><code class="Cm">website</code></a></dt> - <dd>The project website for the port.</dd> - <dt id="e-deps"><a class="permalink" href="#e-deps"><code class="Cm">e-deps</code></a></dt> - <dd>Ports that may be required to extract this port.</dd> - <dt id="p-deps"><a class="permalink" href="#p-deps"><code class="Cm">p-deps</code></a></dt> - <dd>Ports that may be required to patch this port.</dd> - <dt id="f-deps"><a class="permalink" href="#f-deps"><code class="Cm">f-deps</code></a></dt> - <dd>Ports that may be required to fetch this port.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag"> - <dt><span class="Pa">/usr/ports/INDEX-</span><var class="Ar">N</var></dt> - <dd>where <var class="Ar">N</var> is the major version number of the - <span class="Ux">FreeBSD</span> branch.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<div class="Bd Li"> -<pre>vim-6.3.15|/usr/ports/editors/vim|/usr/local|Vi "workalike", with many additional features|/usr/ports/editors/vim/pkg-descr|obrien@FreeBSD.org|editors|libiconv-1.9.2_1|libiconv-1.9.2_1|http://www.vim.org/|||</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">build(7)</a>, <a class="Xr">ports(7)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Paul - Armstrong</span> and <span class="An">Thomas Abthorpe</span> - <<a class="Mt" href="mailto:tabthorpe@FreeBSD.org">tabthorpe@FreeBSD.org</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 14, 2012</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/protocols.5 4.html b/static/freebsd/man5/protocols.5 4.html deleted file mode 100644 index 88e9deb4..00000000 --- a/static/freebsd/man5/protocols.5 4.html +++ /dev/null @@ -1,67 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">PROTOCOLS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">PROTOCOLS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">protocols</code> — - <span class="Nd">protocol name data base</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">protocols</code> file contains information - regarding the assigned protocol numbers used by IPv4 and IPv6 to identify - the next level protocol. For each protocol a single line should be present - with the following information:</p> -<div class="Bd Pp Bd-indent"> -<pre>official protocol name -protocol number -aliases</pre> -</div> -<p class="Pp">Items are separated by any number of blanks and/or tab characters. - A ``#'' indicates the beginning of a comment; characters up to the end of - the line are not interpreted by routines which search the file.</p> -<p class="Pp">Protocol names may contain any printable character other than a - field delimiter, newline, or comment character.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/protocols</span></dt> - <dd>The <code class="Nm">protocols</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">getprotoent(3)</a></p> -<p class="Pp"><cite class="Rs"><span class="RsT">IANA Allocation Guidelines For - Values In the Internet Protocol and Related Headers</span>, - <span class="RsR">RFC 2780</span>, <span class="RsD">March - 2000</span>.</cite></p> -<p class="Pp"><cite class="Rs"><span class="RsT">IANA Allocation Guidelines for - the Protocol Field</span>, <span class="RsR">RFC 5237</span>, - <span class="RsD">February 2008</span>.</cite></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">protocols</code> file format appeared in - <span class="Ux">4.2BSD</span>, describing the "known protocols used in - the DARPA Internet".</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">A name server should be used instead of a static file.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">December 7, 2020</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/quota.user.5 3.html b/static/freebsd/man5/quota.user.5 3.html deleted file mode 100644 index da3d0d45..00000000 --- a/static/freebsd/man5/quota.user.5 3.html +++ /dev/null @@ -1,80 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">QUOTA.USER(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">QUOTA.USER(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">quota.user</code>, - <code class="Nm">quota.group</code> — <span class="Nd">per file - system quota database</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">Each file system with active quotas should contain a - <span class="Pa">quota.user</span> and <span class="Pa">quota.group</span> - file in the file system root. These files are created by - <a class="Xr">quotacheck(8)</a>, and should be edited with - <a class="Xr">edquota(8)</a>. It is possible to specify a different location - and file name with the “<code class="Li">userquota</code>” and - “<code class="Li">groupquota</code>” options in the - <a class="Xr">fstab(5)</a> file.</p> -<p class="Pp">The data files contain the following information:</p> -<p class="Pp"></p> -<ul class="Bl-bullet Bd-indent Bl-compact"> - <li>Current block usage</li> - <li>Current number of files</li> - <li>Soft block limit</li> - <li>Soft file limit</li> - <li>Hard block limit</li> - <li>Hard file limit</li> - <li>Block grace time remaining if over the soft limit</li> - <li>File grace time remaining if over the soft limit</li> -</ul> -<p class="Pp">See <a class="Xr">edquota(8)</a> for an explanation on the various - limits and grace periods.</p> -<p class="Pp">During normal quota operations the <a class="Xr">quotactl(2)</a> - interface is used to query or set quota information and the kernel will - maintain the data files as needed. If quotas are disabled on a file system, - but marked as having quotas enabled in <a class="Xr">fstab(5)</a>, then the - quota data files will be used directly.</p> -<p class="Pp">The data files are stored as an array of - “<code class="Li">struct dqblk</code>” structures, as defined - in <code class="In"><<a class="In">ufs/ufs/quota.h</a>></code>, and - indexed by UID or GID. The data files will be written as a sparse file if - possible. Data is only maintained for ids that have either non-zero usage or - non-zero quota limits. If an attempt is made to access data for an id that - would exist past the end of the current data file, a quota structure with - all values set to zero will be created, and the data file extended as - needed. The <a class="Xr">quotacheck(8)</a> utility will truncate the data - files to the minimum size needed to store the highest id with either - non-zero file usage or non-zero quota limits.</p> -<p class="Pp">The data record for id 0 has special meaning. If the - “<code class="Dv">dqb_btime</code>” or - “<code class="Dv">dbq_itime</code>” fields are non-zero, they - are used to indicate the grace period on that file system for users who have - exceeded their soft limit. These times can be set by - <a class="Xr">edquota(8)</a> with the <code class="Fl">-t</code> flag. If no - explicit grace period has been set with <a class="Xr">edquota(8)</a>, then - the default value of 7 days will be used. The default values are defined by - <code class="Dv">MAX_DQ_TIME</code> and <code class="Dv">MAX_IQ_TIME</code> - in <code class="In"><<a class="In">ufs/ufs/quota.h</a>></code>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">quota(1)</a>, <a class="Xr">quotactl(2)</a>, - <a class="Xr">fstab(5)</a>, <a class="Xr">edquota(8)</a>, - <a class="Xr">quotacheck(8)</a>, <a class="Xr">quotaoff(8)</a>, - <a class="Xr">quotaon(8)</a>, <a class="Xr">repquota(8)</a></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 30, 2007</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/rc.conf.5 3.html b/static/freebsd/man5/rc.conf.5 3.html deleted file mode 100644 index 90b6a018..00000000 --- a/static/freebsd/man5/rc.conf.5 3.html +++ /dev/null @@ -1,3187 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">RC.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">RC.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">rc.conf</code> — <span class="Nd">system - configuration information</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <code class="Nm">rc.conf</code> contains descriptive - information about the local host name, configuration details for any - potential network interfaces and which services should be started up at - system initial boot time. In new installations, the - <code class="Nm">rc.conf</code> file is generally initialized by the system - installation utility.</p> -<p class="Pp">The purpose of <code class="Nm">rc.conf</code> is not to run - commands or perform system startup actions directly. Instead, it is included - by the various generic startup scripts in <span class="Pa">/etc</span> which - conditionalize their internal actions according to the settings found - there.</p> -<p class="Pp">The <span class="Pa">/etc/rc.conf</span> file is included from the - file <span class="Pa">/etc/defaults/rc.conf</span>, which specifies the - default settings for all the available options. Options need only be - specified in <span class="Pa">/etc/rc.conf</span> when the system - administrator wishes to override these defaults. The file - <span class="Pa">/etc/defaults/vendor.conf</span> allows vendors to override - <span class="Ux">FreeBSD</span> defaults. The file - <span class="Pa">/etc/rc.conf.local</span> is used to override settings in - <span class="Pa">/etc/rc.conf</span> for historical reasons.</p> -<p class="Pp">The sysrc(8) command provides a scripting interface to modify - system config files.</p> -<p class="Pp">In addition to <span class="Pa">/etc/rc.conf.local</span> you can - also place smaller configuration files for each <a class="Xr">rc(8)</a> - script in the <span class="Pa">/etc/rc.conf.d</span> directory or - ⟨<var class="Ar">dir</var>⟩<span class="Pa">/rc.conf.d</span> - directories (where ⟨<var class="Ar">dir</var>⟩ is each entry - specified in <var class="Va">local_startup</var>, but with any trailing - <span class="Pa">/rc.d</span> stripped), which will be included by the - <var class="Va">load_rc_config</var> function. For jail configurations you - could use the file <span class="Pa">/etc/rc.conf.d/jail</span> to store - jail-specific configuration options. If <var class="Va">local_startup</var> - contains <span class="Pa">/usr/local/etc/rc.d</span> and - <span class="Pa">/opt/conf</span>, - <span class="Pa">/usr/local/etc/rc.conf.d/jail</span> and - <span class="Pa">/opt/conf/rc.conf.d/jail</span> will be loaded. If - ⟨<var class="Ar">dir</var>⟩<span class="Pa">/rc.conf.d/</span>⟨<var class="Ar">name</var>⟩ - is a directory then all of the files in the directory will be loaded. See - also the <var class="Va">rc_conf_files</var> variable below.</p> -<p class="Pp">Options are set with - “<var class="Ar">name</var><code class="Li">=</code><var class="Ar">value</var>” - assignments that use <a class="Xr">sh(1)</a> syntax. The following list - provides a name and short description for each variable that can be set in - the <code class="Nm">rc.conf</code> file:</p> -<dl class="Bl-tag"> - <dt id="rc_debug"><var class="Va">rc_debug</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable output of debug - messages from rc scripts. This variable can be helpful in diagnosing - mistakes when editing or integrating new scripts. Beware that this - produces copious output to the terminal and - <a class="Xr">syslog(3)</a>.</dd> - <dt id="rc_info"><var class="Va">rc_info</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">NO</code>”, disable informational messages - from the rc scripts. Informational messages are displayed when a condition - that is not serious enough to warrant a warning or an error occurs.</dd> - <dt id="rc_startmsgs"><var class="Va">rc_startmsgs</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, show “Starting - foo:” when faststart is used (e.g., at boot time).</dd> - <dt id="early_late_divider"><var class="Va">early_late_divider</var></dt> - <dd>(<var class="Vt">str</var>) The name of the script that should be used as - the delimiter between the “early” and “late” - stages of the boot process. The early stage should contain all the - services needed to get the disks (local or remote) mounted so that the - late stage can include scripts contained in the directories listed in the - <var class="Va">local_startup</var> variable (see below). Thus, the two - likely candidates for this value are - <span class="Pa">mountcritlocal</span> for the typical system, and - <span class="Pa">mountcritremote</span> if the system needs remote file - systems mounted to get access to the <var class="Va">local_startup</var> - directories; for example when <span class="Pa">/usr/local</span> is NFS - mounted. For <span class="Pa">rc.conf</span> within a - <a class="Xr">jail(8)</a> <span class="Pa">NETWORKING</span> is likely to - be an appropriate value. Extreme care should be taken when changing this - value, and before changing it one should ensure that there are adequate - provisions to recover from a failed boot (such as physical contact with - the machine, or reliable remote console access).</dd> - <dt id="always_force_depends"><var class="Va">always_force_depends</var></dt> - <dd>(<var class="Vt">bool</var>) Various <span class="Pa">rc.d</span> scripts - use the force_depend function to check whether required services are - already running, and to start them if necessary. By default during boot - time this check is bypassed if the required service is enabled in - <span class="Pa">/etc/rc.conf[.local]</span>. Setting this option will - bypass that check at boot time and always test whether or not the service - is actually running. Enabling this option is likely to increase your boot - time if services are enabled that utilize the force_depend check.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_audit_user</var></dt> - <dd>(<var class="Vt">str</var>) A user name or UID to use as the - <a class="Xr">audit(4)</a> user for the service. Run the chrooted service - under this system group. By default, when an unprvileged user restarts a - service using a utility such as sudo or doas, the service's will audit - session will point to the unprivileged user, which may be undesirable. In - that case, this variable can be used to override the audit user using - <a class="Xr">setaudit(8)</a>.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_chroot</var></dt> - <dd>(<var class="Vt">str</var>) <a class="Xr">chroot(8)</a> to this directory - before running the service.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_cpuset</var></dt> - <dd>(<var class="Vt">str</var>) A list of CPUs to run the service on. Passed - to <a class="Xr">cpuset(1)</a> using the <code class="Fl">-l</code> - flag.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_fib</var></dt> - <dd>(<var class="Vt">int</var>) The <a class="Xr">setfib(1)</a> value to run - the service under.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_group</var></dt> - <dd>(<var class="Vt">str</var>) Unlike the - ⟨<var class="Ar">name</var>⟩<var class="Va">_user</var> - setting, this setting has no effect if the service is not chrooted.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_limits</var></dt> - <dd>(<var class="Vt">str</var>) Resource limits to apply to the service using - <a class="Xr">limits(1)</a>. By default, resource limits are based on the - login class defined in - ⟨<var class="Ar">name</var>⟩<var class="Va">_login_class</var>.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_login_class</var></dt> - <dd>(<var class="Vt">str</var>) Login class to be used with - ⟨<var class="Ar">name</var>⟩<var class="Va">_limits</var>. - Defaults to “<code class="Li">daemon</code>”.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_nice</var></dt> - <dd>(<var class="Vt">int</var>) The <a class="Xr">nice(1)</a> value to run the - service under.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_oomprotect</var></dt> - <dd>(<var class="Vt">str</var>) Use <a class="Xr">protect(1)</a> to prevent - the service from being killed when swap space is exhausted. Use - “<code class="Li">YES</code>” to protect only the service - itself, and “<code class="Li">ALL</code>” to protect the - service and all its child processes. - <p class="Pp">Please note that rc scripts which redefine</p> - <div class="Bd Bd-indent"><code class="Li">${argument}_cmd</code></div> - (see <a class="Xr">rc.subr(8)</a>) such as PostgreSQL will not inherit the - OOM killer protection. - <p class="Pp">This variable has no effect on services running within a - <a class="Xr">jail(8)</a>.</p> - </dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_setup</var></dt> - <dd>(<var class="Vt">str</var>) Run the specified setup script right before - starting the actual service command. Useful for automatic configuration - file generation.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_umask</var></dt> - <dd>(<var class="Vt">int</var>) Run the service using this - <a class="Xr">umask(1)</a> value.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_user</var></dt> - <dd>(<var class="Vt">str</var>) Run the service under this user account.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, auto-jail the service with - inherited filesystem and other jail properties depending on - ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var>.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_ipaddrs</var></dt> - <dd>(<var class="Vt">str</var>) A list of IP addresses that the service jail - will be permitted to use. If this is not specified, the service jail will - be permitted to use all assigned IP addresses if networking is enabled in - the jail.</dd> - <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var></dt> - <dd>(<var class="Vt">str</var>) A list of jail properties for the service. See - <a class="Sx" href="#SERVICE_JAILS">SERVICE JAILS</a> for a list of valid - properties.</dd> - <dt id="apm_enable"><var class="Va">apm_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable support for Automatic - Power Management with the <a class="Xr">apm(8)</a> command.</dd> - <dt id="apmd_enable"><var class="Va">apmd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Run <a class="Xr">apmd(8)</a> to handle APM - event from userland. This also enables support for APM.</dd> - <dt id="apmd_flags"><var class="Va">apmd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">apmd_enable</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">apmd(8)</a> daemon.</dd> - <dt id="devd_enable"><var class="Va">devd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Run <a class="Xr">devd(8)</a> to handle - device added, removed or unknown events from the kernel.</dd> - <dt id="ddb_enable"><var class="Va">ddb_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Run <a class="Xr">ddb(8)</a> to install - <a class="Xr">ddb(4)</a> scripts at boot time.</dd> - <dt id="ddb_config"><var class="Va">ddb_config</var></dt> - <dd>(<var class="Vt">str</var>) Configuration file for - <a class="Xr">ddb(8)</a>. Default - <span class="Pa">/etc/ddb.conf</span>.</dd> - <dt id="devmatch_enable"><var class="Va">devmatch_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">NO</code>”, disable auto-loading of kernel - modules with <a class="Xr">devmatch(8)</a>.</dd> - <dt id="devmatch_blocklist"><var class="Va">devmatch_blocklist</var></dt> - <dd>(<var class="Vt">str</var>) A whitespace-separated list of kernel modules - to be ignored by <a class="Xr">devmatch(8)</a>. In addition, the - <a class="Xr">kenv(1)</a> <var class="Va">devmatch_blocklist</var> is - appended to this variable to allow disabling of - <a class="Xr">devmatch(8)</a> loaded modules from the boot loader.</dd> - <dt id="devmatch_blacklist"><var class="Va">devmatch_blacklist</var></dt> - <dd>(<var class="Vt">str</var>) This variable is deprecated. Use - <var class="Va">devmatch_blocklist</var> instead. A whitespace-separated - list of kernel modules to be ignored by - <a class="Xr">devmatch(8)</a>.</dd> - <dt id="kld_list"><var class="Va">kld_list</var></dt> - <dd>(<var class="Vt">str</var>) A whitespace-separated list of kernel modules - to load right after the local disks are mounted, without any - <span class="Pa">.ko</span> extension or path.</dd> - <dt id="kldxref_enable"><var class="Va">kldxref_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Set to - “<code class="Li">YES</code>” to automatically rebuild - <span class="Pa">linker.hints</span> files with - <a class="Xr">kldxref(8)</a> at boot time.</dd> - <dt id="kldxref_clobber"><var class="Va">kldxref_clobber</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. If - <var class="Va">kldxref_enable</var> is true, setting to - “<code class="Li">YES</code>” will overwrite existing - <span class="Pa">linker.hints</span> files at boot time. Otherwise, only - missing <span class="Pa">linker.hints</span> files are generated.</dd> - <dt id="kldxref_module_path"><var class="Va">kldxref_module_path</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. A semi-colon - (‘<code class="Li">;</code>’) delimited list of paths - containing <a class="Xr">kld(4)</a> modules. If empty, the contents of the - <var class="Va">kern.module_path</var> <a class="Xr">sysctl(8)</a> are - used.</dd> - <dt id="powerd_enable"><var class="Va">powerd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable the system power - control facility with the <a class="Xr">powerd(8)</a> daemon.</dd> - <dt id="powerd_flags"><var class="Va">powerd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">powerd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">powerd(8)</a> daemon.</dd> - <dt id="svcj_all_enable"><var class="Va">svcj_all_enable</var></dt> - <dd>Enable auto-jailing of all services which are not explicitly excluded. See - <a class="Sx" href="#SERVICE_JAILS">SERVICE JAILS</a> for more info.</dd> - <dt id="tmpmfs"><var class="Va">tmpmfs</var></dt> - <dd>Controls the creation of a <span class="Pa">/tmp</span> memory file - system. Always happens if set to - “<code class="Li">YES</code>” and never happens if set to - “<code class="Li">NO</code>”. If set to anything else, a - memory file system is created if <span class="Pa">/tmp</span> is not - writable.</dd> - <dt id="tmpsize"><var class="Va">tmpsize</var></dt> - <dd>Controls the size of a created <span class="Pa">/tmp</span> memory file - system.</dd> - <dt id="tmpmfs_flags"><var class="Va">tmpmfs_flags</var></dt> - <dd>Extra options passed to the <a class="Xr">mdmfs(8)</a> utility when the - memory file system for <span class="Pa">/tmp</span> is created. The - default is “<code class="Li">-S</code>”, which inhibits the - use of softupdates on <span class="Pa">/tmp</span> so that file system - space is freed without delay after file truncation or deletion. See - <a class="Xr">mdmfs(8)</a> for other options you can use in - <var class="Va">tmpmfs_flags</var>.</dd> - <dt id="varmfs"><var class="Va">varmfs</var></dt> - <dd>Controls the creation of a <span class="Pa">/var</span> memory file - system. Always happens if set to - “<code class="Li">YES</code>” and never happens if set to - “<code class="Li">NO</code>”. If set to anything else, a - memory file system is created if <span class="Pa">/var</span> is not - writable.</dd> - <dt id="varsize"><var class="Va">varsize</var></dt> - <dd>Controls the size of a created <span class="Pa">/var</span> memory file - system.</dd> - <dt id="varmfs_flags"><var class="Va">varmfs_flags</var></dt> - <dd>Extra options passed to the <a class="Xr">mdmfs(8)</a> utility when the - memory file system for <span class="Pa">/var</span> is created. The - default is “<code class="Li">-S</code>”, which inhibits the - use of softupdates on <span class="Pa">/var</span> so that file system - space is freed without delay after file truncation or deletion. See - <a class="Xr">mdmfs(8)</a> for other options you can use in - <var class="Va">varmfs_flags</var>.</dd> - <dt id="populate_var"><var class="Va">populate_var</var></dt> - <dd>Controls the automatic population of the <span class="Pa">/var</span> file - system. Always happens if set to - “<code class="Li">YES</code>” and never happens if set to - “<code class="Li">NO</code>”. If set to anything else, a - memory file system is created if <span class="Pa">/var</span> is not - writable. Note that this process requires access to certain commands in - <span class="Pa">/usr</span> before <span class="Pa">/usr</span> is - mounted on normal systems.</dd> - <dt id="cleanvar_enable"><var class="Va">cleanvar_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Clean the <span class="Pa">/var</span> - directory.</dd> - <dt id="var_run_enable"><var class="Va">var_run_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to "YES" to enable saving of - the <span class="Pa">/var/run</span> directory structure into an mtree - file at shutdown and the reload of the <span class="Pa">/var/run</span> - directory structure at boot.</dd> - <dt id="var_run_autosave"><var class="Va">var_run_autosave</var></dt> - <dd>(<var class="Vt">bool</var>) In some cases it may be undesirable to save - <span class="Pa">/var/run</span> at shutdown. When set to "NO" - <span class="Pa">/var/run</span> is loaded at reboot but not saved at - shutdown. Typically in this scenario ‘<code class="Li">service - var_run save</code>’ would be performed to save a copy of the - <span class="Pa">/var/run</span> directory structure once, to be reloaded - during all subsequent reboots.</dd> - <dt id="var_run_mtree"><var class="Va">var_run_mtree</var></dt> - <dd>(<var class="Vt">str</var>) Where to save the - <span class="Pa">/var/run</span> mtree. The default location is - <span class="Pa">/var/db/mtree/BSD.var-run.mtree</span>.</dd> - <dt id="local_startup"><var class="Va">local_startup</var></dt> - <dd>(<var class="Vt">str</var>) List of directories to search for startup - script files.</dd> - <dt id="script_name_sep"><var class="Va">script_name_sep</var></dt> - <dd>(<var class="Vt">str</var>) The field separator to use for breaking down - the list of startup script files into individual filenames. The default is - a space. It is not necessary to change this unless there are startup - scripts with names containing spaces.</dd> - <dt id="hostapd_enable"><var class="Va">hostapd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start - <a class="Xr">hostapd(8)</a> at system boot time.</dd> - <dt id="hostname"><var class="Va">hostname</var></dt> - <dd>(<var class="Vt">str</var>) The fully qualified domain name (FQDN) of this - host on the network. This should almost certainly be set to something - meaningful, even if there is no network connection. If - <a class="Xr">dhclient(8)</a> is used to set the hostname via DHCP, this - variable should be set to an empty string. Within a - <a class="Xr">jail(8)</a> the hostname is generally already set and this - variable may be absent. If this value remains unset when the system is - done booting your console login will display the default hostname of - “Amnesiac”.</dd> - <dt id="nisdomainname"><var class="Va">nisdomainname</var></dt> - <dd>(<var class="Vt">str</var>) The NIS domain name of this host, or - “<code class="Li">NO</code>” if NIS is not used.</dd> - <dt id="hostid_enable"><var class="Va">hostid_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">NO</code>”, disable the generation or - saving of the <span class="Pa">hostid</span> and - <span class="Pa">machine-id</span> files at system boot and shutdown.</dd> - <dt id="hostid_file"><var class="Va">hostid_file</var></dt> - <dd>(<var class="Vt">str</var>) Path to the <span class="Pa">hostid</span> - file, default <span class="Pa">/etc/hostid</span>.</dd> - <dt id="hostid_uuidgen_flags"><var class="Va">hostid_uuidgen_flags</var></dt> - <dd>(<var class="Vt">str</var>) Flags passed to <a class="Xr">uuidgen(1)</a> - when generating a software host UUID. This is used only if the system - cannot determine a hardware UUID. Set to - “<code class="Li">-r</code>” by default.</dd> - <dt id="machine_id_file"><var class="Va">machine_id_file</var></dt> - <dd>(<var class="Vt">str</var>) Path to the <span class="Pa">machine-id</span> - file, default <span class="Pa">/etc/machine-id</span>.</dd> - <dt id="dhclient_program"><var class="Va">dhclient_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to the DHCP client program, defaulting to - <span class="Pa">/sbin/dhclient</span>.</dd> - <dt id="dhclient_flags"><var class="Va">dhclient_flags</var></dt> - <dd>(<var class="Vt">str</var>) Additional flags to pass to the DHCP client - program. See the <a class="Xr">dhclient(8)</a> manpage for a description - of the command line options available.</dd> - <dt id="dhclient_flags_"><var class="Va">dhclient_flags_</var>⟨<var class="Ar">iface</var>⟩</dt> - <dd>Additional flags to pass to the DHCP client program running on - <var class="Ar">iface</var> only. When specified, this variable overrides - <var class="Va">dhclient_flags</var>.</dd> - <dt id="background_dhclient"><var class="Va">background_dhclient</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start the DHCP client in - background. This can cause trouble with applications depending on a - working network, but it will provide a faster startup in many cases.</dd> - <dt id="background_dhclient_"><var class="Va">background_dhclient_</var>⟨<var class="Ar">iface</var>⟩</dt> - <dd>When specified, this variable overrides the - <var class="Va">background_dhclient</var> variable for interface - <var class="Ar">iface</var> only.</dd> - <dt id="dhclient_arpwait"><var class="Va">dhclient_arpwait</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” to stop - <a class="Xr">dhclient(8)</a> from waiting for ARP resolution, to make the - system boot faster. This may be done on networks where the DHCP server is - certain to know whether an address is available.</dd> - <dt id="synchronous_dhclient"><var class="Va">synchronous_dhclient</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start - <a class="Xr">dhclient(8)</a> synchronously at startup. This behavior can - be overridden on a per-interface basis by replacing the - “<code class="Li">DHCP</code>” keyword in the - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variable with “<code class="Li">SYNCDHCP</code>” or - “<code class="Li">NOSYNCDHCP</code>”.</dd> - <dt id="defaultroute_delay"><var class="Va">defaultroute_delay</var></dt> - <dd>(<var class="Vt">int</var>) When set to a positive value, wait up to this - long after configuring DHCP interfaces at startup to give the interfaces - time to receive a lease.</dd> - <dt id="firewall_enable"><var class="Va">firewall_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to load firewall rules at - startup. If the kernel was not built with <code class="Cd">options - IPFIREWALL</code>, the <span class="Pa">ipfw.ko</span> kernel module will - be loaded. See also <var class="Va">ipfilter_enable</var>.</dd> - <dt id="firewall_script"><var class="Va">firewall_script</var></dt> - <dd>(<var class="Vt">str</var>) This variable specifies the full path to the - firewall script to run. The default is - <span class="Pa">/etc/rc.firewall</span>.</dd> - <dt id="firewall_type"><var class="Va">firewall_type</var></dt> - <dd>(<var class="Vt">str</var>) Names the firewall type from the selection in - <span class="Pa">/etc/rc.firewall</span>, or the file which contains the - local firewall ruleset. Valid selections from - <span class="Pa">/etc/rc.firewall</span> are: - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="open"><a class="permalink" href="#open"><code class="Li">open</code></a></dt> - <dd>unrestricted IP access</dd> - <dt id="closed"><a class="permalink" href="#closed"><code class="Li">closed</code></a></dt> - <dd>all IP services disabled, except via - “<code class="Li">lo0</code>”</dd> - <dt id="client"><a class="permalink" href="#client"><code class="Li">client</code></a></dt> - <dd>basic protection for a workstation</dd> - <dt id="workstation"><a class="permalink" href="#workstation"><code class="Li">workstation</code></a></dt> - <dd>basic protection for a workstation using stateful firewalling</dd> - <dt id="simple"><a class="permalink" href="#simple"><code class="Li">simple</code></a></dt> - <dd>basic protection for a LAN.</dd> - </dl> - <p class="Pp">If a filename is specified, the full path must be given.</p> - <p class="Pp">Most of the predefined rulesets define additional - configuration variables. These are documented in - <span class="Pa">/etc/rc.firewall</span>.</p> - </dd> - <dt id="firewall_quiet"><var class="Va">firewall_quiet</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to disable the display of - firewall rules on the console during boot.</dd> - <dt id="firewall_logging"><var class="Va">firewall_logging</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to enable firewall event - logging. This is equivalent to the - <code class="Dv">IPFIREWALL_VERBOSE</code> kernel option.</dd> - <dt id="firewall_logif"><var class="Va">firewall_logif</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to create pseudo interface - <code class="Li">ipfw0</code> for logging. For more details, see - <a class="Xr">ipfw(8)</a> manual page.</dd> - <dt id="firewall_flags"><var class="Va">firewall_flags</var></dt> - <dd>(<var class="Vt">str</var>) Flags passed to <a class="Xr">ipfw(8)</a> if - <var class="Va">firewall_type</var> specifies a filename.</dd> - <dt id="firewall_coscripts"><var class="Va">firewall_coscripts</var></dt> - <dd>(<var class="Vt">str</var>) List of executables and/or rc scripts to run - after firewall starts/stops. Default is empty.</dd> - <dt id="firewall_nat_enable"><var class="Va">firewall_nat_enable</var></dt> - <dd>(<var class="Vt">bool</var>) The <a class="Xr">ipfw(8)</a> equivalent of - <var class="Va">natd_enable</var>. Setting this to - “<code class="Li">YES</code>” will automatically load the - <a class="Xr">ipfw(8)</a> NAT kernel module if - <var class="Va">firewall_enable</var> is also set to - “<code class="Li">YES</code>”.</dd> - <dt id="firewall_nat_interface"><var class="Va">firewall_nat_interface</var></dt> - <dd>(<var class="Vt">str</var>) The <a class="Xr">ipfw(8)</a> equivalent of - <var class="Va">natd_interface</var>. This is the name of the public - interface or IP address on which kernel NAT should run.</dd> - <dt id="firewall_nat_flags"><var class="Va">firewall_nat_flags</var></dt> - <dd>(<var class="Vt">str</var>) Additional configuration parameters for kernel - NAT should be placed here.</dd> - <dt id="firewall_nat64_enable"><var class="Va">firewall_nat64_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Setting this to - “<code class="Li">YES</code>” will automatically load the - <a class="Xr">ipfw(8)</a> NAT64 kernel module if - <var class="Va">firewall_enable</var> is also set to - “<code class="Li">YES</code>”.</dd> - <dt id="firewall_nptv6_enable"><var class="Va">firewall_nptv6_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Setting this to - “<code class="Li">YES</code>” will automatically load the - <a class="Xr">ipfw(8)</a> NPTv6 kernel module if - <var class="Va">firewall_enable</var> is also set to - “<code class="Li">YES</code>”.</dd> - <dt id="firewall_pmod_enable"><var class="Va">firewall_pmod_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Setting this to - “<code class="Li">YES</code>” will automatically load the - <a class="Xr">ipfw(8)</a> pmod kernel module if - <var class="Va">firewall_enable</var> is also set to - “<code class="Li">YES</code>”.</dd> - <dt id="dummynet_enable"><var class="Va">dummynet_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Setting this to - “<code class="Li">YES</code>” will automatically load the - <a class="Xr">dummynet(4)</a> module if - <var class="Va">firewall_enable</var> is also set to - “<code class="Li">YES</code>”.</dd> - <dt id="ipfw_netflow_enable"><var class="Va">ipfw_netflow_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Setting this to - “<code class="Li">YES</code>” will enable netflow logging - via <a class="Xr">ng_netflow(4)</a>. - <p class="Pp">By default a ipfw rule is inserted and all packets are - duplicated with the ngtee command and netflow packets are sent to - 127.0.0.1 on the netflow port using protocol version 5.</p> - </dd> - <dt id="ipfw_netflow_hook"><var class="Va">ipfw_netflow_hook</var></dt> - <dd>(<var class="Vt">int</var>) netflow hook name, must be numerical (default - <span class="Pa">9995</span>).</dd> - <dt id="ipfw_netflow_rule"><var class="Va">ipfw_netflow_rule</var></dt> - <dd>(<var class="Vt">int</var>) ipfw rule number (default - <span class="Pa">1000</span>).</dd> - <dt id="ipfw_netflow_ip"><var class="Va">ipfw_netflow_ip</var></dt> - <dd>(<var class="Vt">str</var>) Destination server ip for receiving netflow - data (default <span class="Pa">127.0.0.1</span>).</dd> - <dt id="ipfw_netflow_port"><var class="Va">ipfw_netflow_port</var></dt> - <dd>(<var class="Vt">int</var>) Destination server port for receiving netflow - data (default <span class="Pa">9995</span>).</dd> - <dt id="ipfw_netflow_version"><var class="Va">ipfw_netflow_version</var></dt> - <dd>(<var class="Vt">int</var>) Do not set for using version 5 of the netflow - protocol, set it to 9 for using version 9.</dd> - <dt id="ipfw_netflow_fib"><var class="Va">ipfw_netflow_fib</var></dt> - <dd>(<var class="Vt">int</var>) Only match packet in FIB - <span class="Pa">ipfw_netflow_fib</span> (default is undefined meaning all - FIBs).</dd> - <dt id="natd_program"><var class="Va">natd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">natd(8)</a>.</dd> - <dt id="natd_enable"><var class="Va">natd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to enable - <a class="Xr">natd(8)</a>. <var class="Va">firewall_enable</var> must also - be set to “<code class="Li">YES</code>”, and - <a class="Xr">divert(4)</a> sockets must be enabled in the kernel. If the - kernel was not built with <code class="Cd">options IPDIVERT</code>, the - <span class="Pa">ipdivert.ko</span> kernel module will be loaded.</dd> - <dt id="natd_interface"><var class="Va">natd_interface</var></dt> - <dd>(<var class="Vt">str</var>) This is the name of the public interface on - which <a class="Xr">natd(8)</a> should run. The interface may be given as - an interface name or as an IP address.</dd> - <dt id="natd_flags"><var class="Va">natd_flags</var></dt> - <dd>(<var class="Vt">str</var>) Additional <a class="Xr">natd(8)</a> flags - should be placed here. The <code class="Fl">-n</code> or - <code class="Fl">-a</code> flag is automatically added with the above - <var class="Va">natd_interface</var> as an argument.</dd> - <dt id="ipfilter_enable"><var class="Va">ipfilter_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting this to - “<code class="Li">YES</code>” enables - <a class="Xr">ipf(8)</a> packet filtering. - <p class="Pp">Typical usage will require putting</p> - <div class="Bd Pp Li"> - <pre>ipfilter_enable="YES" -ipnat_enable="YES" -ipmon_enable="YES" -ipfs_enable="YES"</pre> - </div> - <p class="Pp">into <span class="Pa">/etc/rc.conf</span> and editing - <span class="Pa">/etc/ipf.rules</span> and - <span class="Pa">/etc/ipnat.rules</span> appropriately.</p> - <p class="Pp">Note that <var class="Va">ipfilter_enable</var> and - <var class="Va">ipnat_enable</var> can be enabled independently. - <var class="Va">ipmon_enable</var> and <var class="Va">ipfs_enable</var> - both require at least one of <var class="Va">ipfilter_enable</var> and - <var class="Va">ipnat_enable</var> to be enabled.</p> - <p class="Pp">Having</p> - <div class="Bd Pp Li"> - <pre>options IPFILTER -options IPFILTER_LOG -options IPFILTER_DEFAULT_BLOCK</pre> - </div> - <p class="Pp">in the kernel configuration file is a good idea, too.</p> - </dd> - <dt id="ipfilter_program"><var class="Va">ipfilter_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipf(8)</a> (default - <span class="Pa">/sbin/ipf</span>).</dd> - <dt id="ipfilter_rules"><var class="Va">ipfilter_rules</var></dt> - <dd>(<var class="Vt">str</var>) Set to <span class="Pa">/etc/ipf.rules</span> - by default. This variable contains the name of the filter rule definition - file. The file is expected to be readable for the <a class="Xr">ipf(8)</a> - command to execute.</dd> - <dt id="ipfilter_flags"><var class="Va">ipfilter_flags</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable contains flags - passed to the <a class="Xr">ipf(8)</a> program.</dd> - <dt id="ipnat_enable"><var class="Va">ipnat_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Set it to - “<code class="Li">YES</code>” to enable - <a class="Xr">ipnat(8)</a> network address translation. See - <var class="Va">ipfilter_enable</var> for a detailed discussion.</dd> - <dt id="ipnat_program"><var class="Va">ipnat_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipnat(8)</a> (default - <span class="Pa">/sbin/ipnat</span>).</dd> - <dt id="ipnat_rules"><var class="Va">ipnat_rules</var></dt> - <dd>(<var class="Vt">str</var>) Set to - <span class="Pa">/etc/ipnat.rules</span> by default. This variable - contains the name of the file holding the network address translation - definition. This file is expected to be readable for the - <a class="Xr">ipnat(8)</a> command to execute.</dd> - <dt id="ipnat_flags"><var class="Va">ipnat_flags</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable contains flags - passed to the <a class="Xr">ipnat(8)</a> program.</dd> - <dt id="ipmon_enable"><var class="Va">ipmon_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Set it to - “<code class="Li">YES</code>” to enable - <a class="Xr">ipmon(8)</a> monitoring (logging <a class="Xr">ipf(8)</a> - and <a class="Xr">ipnat(8)</a> events). Setting this variable needs - setting <var class="Va">ipfilter_enable</var> or - <var class="Va">ipnat_enable</var> too. See - <var class="Va">ipfilter_enable</var> for a detailed discussion.</dd> - <dt id="ipmon_program"><var class="Va">ipmon_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipmon(8)</a> (default - <span class="Pa">/sbin/ipmon</span>).</dd> - <dt id="ipmon_flags"><var class="Va">ipmon_flags</var></dt> - <dd>(<var class="Vt">str</var>) Set to - “<code class="Li">-Ds</code>” by default. This variable - contains flags passed to the <a class="Xr">ipmon(8)</a> program. Another - typical example would be “<code class="Fl">-D</code> - <span class="Pa">/var/log/ipflog</span>” to have - <a class="Xr">ipmon(8)</a> log directly to a file bypassing - <a class="Xr">syslogd(8)</a>. Make sure to adjust - <span class="Pa">/etc/newsyslog.conf</span> in such case like this: - <div class="Bd Pp Li"> - <pre>/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid</pre> - </div> - </dd> - <dt id="ipfs_enable"><var class="Va">ipfs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Set it to - “<code class="Li">YES</code>” to enable - <a class="Xr">ipfs(8)</a> saving the filter and NAT state tables during - shutdown and reloading them during startup again. Setting this variable - needs setting <var class="Va">ipfilter_enable</var> or - <var class="Va">ipnat_enable</var> to - “<code class="Li">YES</code>” too. See - <var class="Va">ipfilter_enable</var> for a detailed discussion. Note that - if <var class="Va">kern_securelevel</var> is set to 3, - <var class="Va">ipfs_enable</var> cannot be used because the raised - securelevel will prevent <a class="Xr">ipfs(8)</a> from saving the state - tables at shutdown time.</dd> - <dt id="ipfs_program"><var class="Va">ipfs_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipfs(8)</a> (default - <span class="Pa">/sbin/ipfs</span>).</dd> - <dt id="ipfs_flags"><var class="Va">ipfs_flags</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable contains flags - passed to the <a class="Xr">ipfs(8)</a> program.</dd> - <dt id="pf_enable"><var class="Va">pf_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting this to - “<code class="Li">YES</code>” enables - <a class="Xr">pf(4)</a> packet filtering. - <p class="Pp">Typical usage will require putting</p> - <p class="Pp"></p> - <div class="Bd - Bd-indent"><code class="Li">pf_enable="YES"</code></div> - <p class="Pp">into <span class="Pa">/etc/rc.conf</span> and editing - <span class="Pa">/etc/pf.conf</span> appropriately. Adding</p> - <p class="Pp"></p> - <div class="Bd Bd-indent"><code class="Li">device pf</code></div> - <p class="Pp">builds support for <a class="Xr">pf(4)</a> into the kernel, - otherwise the kernel module will be loaded.</p> - </dd> - <dt id="pf_rules"><var class="Va">pf_rules</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">pf(4)</a> ruleset - configuration file (default <span class="Pa">/etc/pf.conf</span>).</dd> - <dt id="pf_program"><var class="Va">pf_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">pfctl(8)</a> (default - <span class="Pa">/sbin/pfctl</span>).</dd> - <dt id="pf_flags"><var class="Va">pf_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">pf_enable</var> is set to - “<code class="Li">YES</code>”, these flags are passed to the - <a class="Xr">pfctl(8)</a> program when loading the ruleset.</dd> - <dt id="pf_fallback_rules_enable"><var class="Va">pf_fallback_rules_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting this to - “<code class="Li">YES</code>” enables loading - <var class="Va">pf_fallback_rules_file</var> or - <var class="Va">pf_fallback_rules</var> in case of a problem when loading - the ruleset in <var class="Va">pf_rules</var>.</dd> - <dt id="pf_fallback_rules_file"><var class="Va">pf_fallback_rules_file</var></dt> - <dd>(<var class="Vt">str</var>) Path to a pf ruleset to load in case of - failure when loading the ruleset in <var class="Va">pf_rules</var> - (default <span class="Pa">/etc/pf-fallback.conf</span>).</dd> - <dt id="pf_fallback_rules"><var class="Va">pf_fallback_rules</var></dt> - <dd>(<var class="Vt">str</var>) A pf ruleset to load in case of failure when - loading the ruleset in <var class="Va">pf_rules</var> and - <var class="Va">pf_fallback_rules_file</var> is not found. Multiple rules - can be set as follows: - <div class="Bd Pp Li"> - <pre>pf_fallback_rules=" - block drop log all - pass in quick on em0" - - </pre> - </div> - The default fallback rule is “block drop log all”</dd> - <dt id="pflog_enable"><var class="Va">pflog_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting this to - “<code class="Li">YES</code>” enables - <a class="Xr">pflogd(8)</a> which logs packets from the - <a class="Xr">pf(4)</a> packet filter.</dd> - <dt id="pflog_logfile"><var class="Va">pflog_logfile</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">pflog_enable</var> is set - to “<code class="Li">YES</code>” this controls where - <a class="Xr">pflogd(8)</a> stores the logfile (default - <span class="Pa">/var/log/pflog</span>). Check - <span class="Pa">/etc/newsyslog.conf</span> to adjust logfile rotation for - this.</dd> - <dt id="pflog_program"><var class="Va">pflog_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">pflogd(8)</a> (default - <span class="Pa">/sbin/pflogd</span>).</dd> - <dt id="pflog_flags"><var class="Va">pflog_flags</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable contains - additional flags passed to the <a class="Xr">pflogd(8)</a> program.</dd> - <dt id="pflog_instances"><var class="Va">pflog_instances</var></dt> - <dd>(<var class="Vt">str</var>) If logging to more than one - <a class="Xr">pflog(4)</a> interface is desired, - <var class="Va">pflog_instances</var> is set to the list of - <a class="Xr">pflogd(8)</a> instances that should be started at system - boot time. If <var class="Va">pflog_instances</var> is set, for each - whitespace-separated <var class="Ar">element</var> in the list, - ⟨<var class="Ar">element</var>⟩<var class="Va">_dev</var> - and - ⟨<var class="Ar">element</var>⟩<var class="Va">_logfile</var> - elements are assumed to exist. - ⟨<var class="Ar">element</var>⟩<var class="Va">_dev</var> - must contain the <a class="Xr">pflog(4)</a> interface to be watched by the - named <a class="Xr">pflogd(8)</a> instance. - ⟨<var class="Ar">element</var>⟩<var class="Va">_logfile</var> - must contain the name of the logfile that will be used by the - <a class="Xr">pflogd(8)</a> instance.</dd> - <dt id="ftpproxy_enable"><var class="Va">ftpproxy_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting this to - “<code class="Li">YES</code>” enables - <a class="Xr">ftp-proxy(8)</a> which supports the <a class="Xr">pf(4)</a> - packet filter in translating ftp connections.</dd> - <dt id="ftpproxy_flags"><var class="Va">ftpproxy_flags</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable contains - additional flags passed to the <a class="Xr">ftp-proxy(8)</a> - program.</dd> - <dt id="ftpproxy_instances"><var class="Va">ftpproxy_instances</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. If multiple instances of - <a class="Xr">ftp-proxy(8)</a> are desired at boot time, - <var class="Va">ftpproxy_instances</var> should contain a - whitespace-separated list of instance names. For each - <var class="Ar">element</var> in the list, a variable named - ⟨<var class="Ar">element</var>⟩<var class="Va">_flags</var> - should be defined, containing the command-line flags to be passed to the - <a class="Xr">ftp-proxy(8)</a> instance.</dd> - <dt id="pfsync_enable"><var class="Va">pfsync_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting this to - “<code class="Li">YES</code>” enables exposing - <a class="Xr">pf(4)</a> state changes to other hosts over the network by - means of <a class="Xr">pfsync(4)</a>. The - <var class="Va">pfsync_syncdev</var> variable must also be set then.</dd> - <dt id="pfsync_syncdev"><var class="Va">pfsync_syncdev</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable specifies the - name of the network interface <a class="Xr">pfsync(4)</a> should operate - through. It must be set accordingly if <var class="Va">pfsync_enable</var> - is set to “<code class="Li">YES</code>”.</dd> - <dt id="pfsync_syncpeer"><var class="Va">pfsync_syncpeer</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable is optional. - By default, state change messages are sent out on the synchronisation - interface using IP multicast packets. The protocol is IP protocol 240, - PFSYNC, and the multicast group used is 224.0.0.240. When a peer address - is specified using the <var class="Va">pfsync_syncpeer</var> option, the - peer address is used as a destination for the pfsync traffic, and the - traffic can then be protected using <a class="Xr">ipsec(4)</a>. See the - <a class="Xr">pfsync(4)</a> manpage for more details about using - <a class="Xr">ipsec(4)</a> with <a class="Xr">pfsync(4)</a> - interfaces.</dd> - <dt id="pfsync_ifconfig"><var class="Va">pfsync_ifconfig</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable can contain - additional options to be passed to the <a class="Xr">ifconfig(8)</a> - command used to set up <a class="Xr">pfsync(4)</a>.</dd> - <dt id="tcp_extensions"><var class="Va">tcp_extensions</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” by default. Setting this to - “<code class="Li">NO</code>” disables certain TCP options as - described by <cite class="Rs"><span class="RsT">RFC 1323</span>.</cite> - Setting this to “<code class="Li">NO</code>” might help - remedy such problems with connections as randomly hanging or other weird - behavior. Some network devices are known to be broken with respect to - these options.</dd> - <dt id="log_in_vain"><var class="Va">log_in_vain</var></dt> - <dd>(<var class="Vt">int</var>) Set to 0 by default. The - <a class="Xr">sysctl(8)</a> variables, - <var class="Va">net.inet.tcp.log_in_vain</var> and - <var class="Va">net.inet.udp.log_in_vain</var>, as described in - <a class="Xr">tcp(4)</a> and <a class="Xr">udp(4)</a>, are set to the - given value.</dd> - <dt id="tcp_keepalive"><var class="Va">tcp_keepalive</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” by default. Setting to - “<code class="Li">NO</code>” will disable probing idle TCP - connections to verify that the peer is still up and reachable.</dd> - <dt id="tcp_drop_synfin"><var class="Va">tcp_drop_synfin</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting to - “<code class="Li">YES</code>” will cause the kernel to - ignore TCP frames that have both the SYN and FIN flags set. This prevents - OS fingerprinting, but may break some legitimate applications.</dd> - <dt id="icmp_drop_redirect"><var class="Va">icmp_drop_redirect</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">AUTO</code>” by default. This setting will - be identical to “<code class="Li">YES</code>”, if a dynamic - routing daemon is enabled, because redirect processing may cause - performance issues for large routing tables. If no such service is - enabled, this setting behaves like a - “<code class="Li">NO</code>”. Setting to - “<code class="Li">YES</code>” will cause the kernel to - ignore ICMP REDIRECT packets. Setting to - “<code class="Li">NO</code>” will cause the kernel to - process ICMP REDIRECT packets. Refer to <a class="Xr">icmp(4)</a> for more - information.</dd> - <dt id="icmp_log_redirect"><var class="Va">icmp_log_redirect</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” by default. Setting to - “<code class="Li">YES</code>” will cause the kernel to log - ICMP REDIRECT packets. Note that the log messages are not rate-limited, so - this option should only be used for troubleshooting networks. Refer to - <a class="Xr">icmp(4)</a> for more information.</dd> - <dt id="icmp_bmcastecho"><var class="Va">icmp_bmcastecho</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to respond to broadcast or - multicast ICMP ping packets. Refer to <a class="Xr">icmp(4)</a> for more - information.</dd> - <dt id="ip_portrange_first"><var class="Va">ip_portrange_first</var></dt> - <dd>(<var class="Vt">int</var>) If not set to - “<code class="Li">NO</code>”, this is the first port in the - default portrange. Refer to <a class="Xr">ip(4)</a> for more - information.</dd> - <dt id="ip_portrange_last"><var class="Va">ip_portrange_last</var></dt> - <dd>(<var class="Vt">int</var>) If not set to - “<code class="Li">NO</code>”, this is the last port in the - default portrange. Refer to <a class="Xr">ip(4)</a> for more - information.</dd> - <dt id="network_interfaces"><var class="Va">network_interfaces</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of network interfaces to - configure on this host or “<code class="Li">AUTO</code>” - (the default) for all current interfaces. Setting the - <var class="Va">network_interfaces</var> variable to anything other than - the default is deprecated. Interfaces that the administrator wishes to - store configuration for, but not start at boot should be configured with - the “<code class="Li">NOAUTO</code>” keyword in their - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variables as described below. - <p class="Pp">An - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variable is assumed to exist for each value of - <var class="Ar">interface</var>. When an interface name contains any of - the characters “<code class="Li">.-/+</code>” they are - translated to “<code class="Li">_</code>” before lookup. - For example, the interface <var class="Va">em0.102</var> would be - configured using the variable - <var class="Va">ifconfig_em0_102</var>.</p> - <p class="Pp">The variable can contain arguments to - <a class="Xr">ifconfig(8)</a>, as well as special case-insensitive - keywords described below. Such keywords are removed before passing the - value to <a class="Xr">ifconfig(8)</a> while the order of the other - arguments is preserved.</p> - <p class="Pp">For example, to assign the IPv4 address 192.0.2.1/24 to the - interface em0:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0="inet 192.0.2.1/24 up"</pre> - </div> - <p class="Pp">If the variable - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<span class="Pa">_ipv6</span> - is set, then - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - does not need to be set unless an IPv4 address should also be assigned - to the interface.</p> - <p class="Pp">It is possible to add IP alias entries using - <a class="Xr">ifconfig(8)</a> syntax with the address family keyword - such as <code class="Li">inet</code>. Assuming that the interface in - question was <code class="Li">em0</code>, it might look something like - this:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_alias0="inet 127.0.0.253/32" -ifconfig_em0_alias1="inet 127.0.0.254/32"</pre> - </div> - <p class="Pp">It also possible to configure multiple IP addresses in - Classless Inter-Domain Routing (CIDR) address notation, whose each - address component can be a range like <code class="Li">inet - 192.0.2.5-23/24</code> or <code class="Li">inet6 - 2001:db8:1-f::1/64</code>. This notation allows address and prefix - length part only, not the other address modifiers. Note that the maximum - number of the generated addresses from a range specification is limited - to an integer value specified in - <var class="Va">netif_ipexpand_max</var> in - <code class="Nm">rc.conf</code> because a small typo can unexpectedly - generate a large number of addresses. The default value is - <code class="Li">2048</code>. It can be increased by adding the - following line into <code class="Nm">rc.conf</code>:</p> - <div class="Bd Pp Li"> - <pre>netif_ipexpand_max="4096"</pre> - </div> - <p class="Pp">In the case of <code class="Li">192.0.2.5-23/24</code>, the - address 192.0.2.5 will be configured with the prefix length /24 and the - addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length - /32 as explained in the <a class="Xr">ifconfig(8)</a> alias section. - Note that this special CIDR handling is only for - <code class="Li">inet</code>, not for the other address families such as - <code class="Li">inet6</code>.</p> - <p class="Pp">With the interface in question being - <code class="Li">em0</code>, an example could look like:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_alias2="inet 192.0.2.129/27" -ifconfig_em0_alias3="inet 192.0.2.1-5/28"</pre> - </div> - <p class="Pp">and so on.</p> - <p class="Pp">Note that deprecated - <var class="Va">ipv4_addrs_</var>⟨<var class="Ar">interface</var>⟩ - variable was supported for IPv4 CIDR address notation. The - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ - variable replaces it, though - <var class="Va">ipv4_addrs_</var>⟨<var class="Ar">interface</var>⟩ - is still supported for backward compatibility.</p> - <p class="Pp">For each - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ - entry with an address family keyword, its contents are passed to - <a class="Xr">ifconfig(8)</a>. Execution stops at the first unsuccessful - access, so if something like this is present:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_alias0="inet 127.0.0.251/32" -ifconfig_em0_alias1="inet 127.0.0.252/32" -ifconfig_em0_alias2="inet 127.0.0.253/32" -ifconfig_em0_alias4="inet 127.0.0.254/32"</pre> - </div> - <p class="Pp" id="not">Then note that alias4 would - <a class="permalink" href="#not"><i class="Em">not</i></a> be added - since the search would stop with the missing - “<code class="Li">alias3</code>” entry. Because of this - difficult to manage behavior, there is - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_aliases</var> - variable, which has the same functionality as - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ - and can have all of the entries in a variable like the following:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_aliases="\ - inet 127.0.0.251/32 \ - inet 127.0.0.252/32 \ - inet 127.0.0.253/32 \ - inet 127.0.0.254/32"</pre> - </div> - <p class="Pp">It also supports netmask notation for backward - compatibility.</p> - <p class="Pp">If the - <span class="Pa">/etc/start_if</span>.⟨<var class="Ar">interface</var>⟩ - file is present, it is read and executed by the <a class="Xr">sh(1)</a> - interpreter before configuring the interface as specified in the - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - and - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ - variables.</p> - <p class="Pp">If a - <var class="Va">vlans_</var>⟨<var class="Ar">interface</var>⟩ - variable is set, a <a class="Xr">vlan(4)</a> interface will be created - for each item in the list with the <var class="Ar">vlandev</var> - argument set to <var class="Ar">interface</var>. If a vlan interface's - name is a number, then that number is used as the vlan tag and the new - vlan interface is named - <var class="Ar">interface</var>.<var class="Ar">tag</var>. Otherwise, - the vlan tag must be specified via a <var class="Va">vlan</var> - parameter in the - <var class="Va">create_args_</var>⟨<var class="Ar">interface</var>⟩ - variable.</p> - <p class="Pp">To create a vlan device named <code class="Li">em0.101</code> - on <code class="Li">em0</code> with the vlan tag 101 and the optional - IPv4 address 192.0.2.1/24:</p> - <div class="Bd Pp Li"> - <pre>vlans_em0="101" -ifconfig_em0_101="inet 192.0.2.1/24"</pre> - </div> - <p class="Pp">To create a vlan device named <code class="Li">myvlan</code> - on <code class="Li">em0</code> with the vlan tag 102:</p> - <div class="Bd Pp Li"> - <pre>vlans_em0="myvlan" -create_args_myvlan="vlan 102"</pre> - </div> - <p class="Pp">If a - <var class="Va">wlans_</var>⟨<var class="Ar">interface</var>⟩ - variable is set, an <a class="Xr">wlan(4)</a> interface will be created - for each item in the list with the <var class="Ar">wlandev</var> - argument set to <var class="Ar">interface</var>. Further wlan cloning - arguments may be passed to the <a class="Xr">ifconfig(8)</a> - <code class="Cm">create</code> command by setting the - <var class="Va">create_args_</var>⟨<var class="Ar">interface</var>⟩ - variable. One or more <a class="Xr">wlan(4)</a> devices must be created - for each wireless device as of <span class="Ux">FreeBSD 8.0</span>. - Debugging flags for <a class="Xr">wlan(4)</a> devices as set by - <a class="Xr">wlandebug(8)</a> may be specified with an - <var class="Va">wlandebug_</var>⟨<var class="Ar">interface</var>⟩ - variable. The contents of this variable will be passed directly to - <a class="Xr">wlandebug(8)</a>.</p> - <p class="Pp">If the - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - contains the keyword “<code class="Li">NOAUTO</code>” then - the interface will not be configured at boot or by - <span class="Pa">/etc/pccard_ether</span> when - <var class="Va">network_interfaces</var> is set to - “<code class="Li">AUTO</code>”.</p> - <p class="Pp">It is possible to bring up an interface with DHCP by adding - “<code class="Li">DHCP</code>” to the - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variable. For instance, to initialize the <code class="Li">em0</code> - device via DHCP, it is possible to use something like:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0="DHCP"</pre> - </div> - <p class="Pp">If you want to configure your wireless interface with - <a class="Xr">wpa_supplicant(8)</a> for use with WPA, EAP/LEAP or WEP, - you need to add “<code class="Li">WPA</code>” to the - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variable.</p> - <p class="Pp">On the other hand, if you want to configure your wireless - interface with <a class="Xr">hostapd(8)</a>, you need to add - “<code class="Li">HOSTAP</code>” to the - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variable. <a class="Xr">hostapd(8)</a> will use the settings from - <span class="Pa">/etc/hostapd-</span>⟨<var class="Ar">interface</var>⟩.conf</p> - <p class="Pp">Finally, you can add <a class="Xr">ifconfig(8)</a> options in - this variable, in addition to the - <span class="Pa">/etc/start_if</span>.⟨<var class="Ar">interface</var>⟩ - file. For instance, to configure an <a class="Xr">ath(4)</a> wireless - device in station mode with an address obtained via DHCP, using WPA - authentication and 802.11b mode, it is possible to use something - like:</p> - <div class="Bd Pp Li"> - <pre>wlans_ath0="wlan0" -ifconfig_wlan0="DHCP WPA mode 11b"</pre> - </div> - <p class="Pp">In addition to the - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - form, a fallback variable <var class="Va">ifconfig_DEFAULT</var> may be - configured. It will be used for all interfaces with no - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variable.</p> - <p class="Pp">It is also possible to rename an interface by doing:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_name="net0" -ifconfig_net0="inet 192.0.2.1/24"</pre> - </div> - </dd> - <dt id="ipv6_enable"><var class="Va">ipv6_enable</var></dt> - <dd>(<var class="Vt">bool</var>) This variable is deprecated. Use - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - and <var class="Va">ipv6_activate_all_interfaces</var> if necessary. - <p class="Pp">If the variable is - “<code class="Li">YES</code>”, - “<code class="Li">inet6 accept_rtadv</code>” is added to - all of - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - and the <var class="Va">ipv6_activate_all_interfaces</var> variable is - defined as “<code class="Li">YES</code>”.</p> - </dd> - <dt id="ipv6_prefer"><var class="Va">ipv6_prefer</var></dt> - <dd>(<var class="Vt">bool</var>) This variable is deprecated. Use - <var class="Va">ip6addrctl_policy</var> instead. - <p class="Pp">If the variable is - “<code class="Li">YES</code>”, the default address - selection policy table set by <a class="Xr">ip6addrctl(8)</a> will be - IPv6-preferred.</p> - <p class="Pp">If the variable is “<code class="Li">NO</code>”, - the default address selection policy table set by - <a class="Xr">ip6addrctl(8)</a> will be IPv4-preferred.</p> - </dd> - <dt id="ipv6_activate_all_interfaces"><var class="Va">ipv6_activate_all_interfaces</var></dt> - <dd>(<var class="Vt">bool</var>) This controls initial configuration on - IPv6-capable interfaces with no corresponding - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - variable. Note that it is not always necessary to set this variable to - “YES” to use IPv6 functionality on - <span class="Ux">FreeBSD</span>. In most cases, just configuring - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - variables works. - <p class="Pp">If the variable is “<code class="Li">NO</code>”, - all interfaces which do not have a corresponding - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - variable will be marked as - “<code class="Li">IFDISABLED</code>” at creation. This - means that all IPv6 functionality on that interface is completely - disabled to enforce a security policy. If the variable is set to - “YES”, the flag will be cleared on all of the - interfaces.</p> - <p class="Pp">In most cases, just defining an - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - for an IPv6-capable interface should be sufficient. However, if an - interface is added dynamically (by some tunneling protocols such as PPP, - for example), it is often difficult to define the variable in advance. - In such a case, configuring the - “<code class="Li">IFDISABLED</code>” flag can be disabled - by setting this variable to “YES”.</p> - <p class="Pp">For more details of the - “<code class="Li">IFDISABLED</code>” flag and keywords - “<code class="Li">inet6 ifdisabled</code>”, see - <a class="Xr">ifconfig(8)</a>.</p> - <p class="Pp">Default is “<code class="Li">NO</code>”.</p> - </dd> - <dt id="ipv6_privacy"><var class="Va">ipv6_privacy</var></dt> - <dd>(<var class="Vt">bool</var>) If the variable is - “<code class="Li">YES</code>” privacy addresses will be - generated for each IPv6 interface as described in RFC 4941.</dd> - <dt id="ipv6_network_interfaces"><var class="Va">ipv6_network_interfaces</var></dt> - <dd>(<var class="Vt">str</var>) This is the IPv6 equivalent of - <var class="Va">network_interfaces</var>. Normally manual configuration of - this variable is not needed.</dd> - <dt id="ipv6_cpe_wanif"><var class="Va">ipv6_cpe_wanif</var></dt> - <dd>(<var class="Vt">str</var>) If the variable is set to an interface name, - the <a class="Xr">ifconfig(8)</a> options “inet6 -no_radr - accept_rtadv” will be added to the specified interface - automatically before evaluating - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6, - and two <a class="Xr">sysctl(8)</a> variables - <var class="Va">net.inet6.ip6.rfc6204w3</var> and - <var class="Va">net.inet6.ip6.no_radr</var> will be set to 1. - <p class="Pp">This means the specified interface will accept ICMPv6 Router - Advertisement messages on that link and add the discovered routers into - the Default Router List. While the other interfaces can still accept RA - messages if the “inet6 accept_rtadv” option is specified, - adding routes into the Default Router List will be disabled by - “inet6 no_radr” option by default. See - <a class="Xr">ifconfig(8)</a> for more details.</p> - <p class="Pp">Note that ICMPv6 Router Advertisement messages will be - accepted even when <var class="Va">net.inet6.ip6.forwarding</var> is 1 - (packet forwarding is enabled) when - <var class="Va">net.inet6.ip6.rfc6204w3</var> is set to 1.</p> - <p class="Pp">Default is “<code class="Li">NO</code>”.</p> - </dd> - <dt id="ifconfig_"><var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_descr</dt> - <dd>(<var class="Vt">str</var>) This assigns arbitrary description to an - interface. The <a class="Xr">sysctl(8)</a> variable - <var class="Va">net.ifdescr_maxlen</var> limits its length. This static - setting may be overridden by commands started with dynamic interface - configuration utilities like <a class="Xr">dhclient(8)</a> hooks. The - description can be seen with <a class="Xr">ifconfig(8)</a> command and it - may be exported with <a class="Xr">bsnmpd(1)</a> daemon using its MIB-2 - module.</dd> - <dt id="ifconfig_~2"><var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6</dt> - <dd>(<var class="Vt">str</var>) IPv6 functionality on an interface should be - configured by - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6, - instead of setting ifconfig parameters in - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩. - If this variable is empty, all IPv6 configurations on the specified - interface by other variables such as - <var class="Va">ipv6_prefix_</var>⟨<var class="Ar">interface</var>⟩ - will be ignored. - <p class="Pp">Aliases should be set by - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ - with “<code class="Li">inet6</code>” keyword. For - example:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" -ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"</pre> - </div> - <p class="Pp">Interfaces that have an “<code class="Li">inet6 - accept_rtadv</code>” keyword in - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - setting will be automatically configured by SLAAC (StateLess Address - AutoConfiguration) described in <cite class="Rs"><span class="RsT">RFC - 4862</span>.</cite></p> - <p class="Pp">Note that a link-local address will be automatically - configured in addition to the configured global-scope addresses because - the IPv6 specifications require it on each link. The address is - calculated from the MAC address by using an algorithm defined in - <cite class="Rs"><span class="RsT">RFC 4862</span>, - <span class="RsO">Section 5.3</span>.</cite></p> - <p class="Pp">If only a link-local address is needed on the interface, the - following configuration can be used:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_ipv6="inet6 auto_linklocal"</pre> - </div> - <p class="Pp">A link-local address can also be configured manually. This is - useful for the default router address of an IPv6 router so that it does - not change when the network interface card is replaced. For example:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"</pre> - </div> - </dd> - <dt id="ipv6_prefix_"><var class="Va">ipv6_prefix_</var>⟨<var class="Ar">interface</var>⟩</dt> - <dd>(<var class="Vt">str</var>) If one or more prefixes are defined in - <var class="Va">ipv6_prefix_</var>⟨<var class="Ar">interface</var>⟩ - addresses based on each prefix and the EUI-64 interface index will be - configured on that interface. Note that this variable will be ignored when - <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 - is empty. - <p class="Pp">For example, the following configuration</p> - <div class="Bd Pp Li"> - <pre>ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"</pre> - </div> - <p class="Pp">is equivalent to the following:</p> - <div class="Bd Pp Li"> - <pre>ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" -ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" -ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" -ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"</pre> - </div> - <p class="Pp">These Subnet-Router anycast addresses will be added only when - <var class="Va">ipv6_gateway_enable</var> is YES.</p> - </dd> - <dt id="ipv6_default_interface"><var class="Va">ipv6_default_interface</var></dt> - <dd>(<var class="Vt">str</var>) If not set to - “<code class="Li">NO</code>”, this is the default output - interface for scoped addresses. This works only with - ipv6_gateway_enable="NO".</dd> - <dt id="ip6addrctl_enable"><var class="Va">ip6addrctl_enable</var></dt> - <dd>(<var class="Vt">bool</var>) This variable is to enable configuring - default address selection policy table (RFC 3484). The table can be - specified in another variable <var class="Va">ip6addrctl_policy</var>. For - <var class="Va">ip6addrctl_policy</var> the following keywords can be - specified: “<code class="Li">ipv4_prefer</code>”, - “<code class="Li">ipv6_prefer</code>”, or - “<code class="Li">AUTO</code>”. - <p class="Pp">If “<code class="Li">ipv4_prefer</code>” or - “<code class="Li">ipv6_prefer</code>” is specified, - <a class="Xr">ip6addrctl(8)</a> installs a pre-defined policy table - described in Section 10.3 (IPv4-preferred) or 2.1 (IPv6-preferred) of - RFC 3484.</p> - <p class="Pp">If “<code class="Li">AUTO</code>” is specified, - it attempts to read a file <span class="Pa">/etc/ip6addrctl.conf</span> - first. If this file is found, <a class="Xr">ip6addrctl(8)</a> reads and - installs it. If not found, a policy is automatically set according to - <var class="Va">ipv6_activate_all_interfaces</var> variable; if the - variable is set to “<code class="Li">YES</code>” the - IPv6-preferred one is used. Otherwise IPv4-preferred.</p> - <p class="Pp">The default value of <var class="Va">ip6addrctl_enable</var> - and <var class="Va">ip6addrctl_policy</var> are - “<code class="Li">YES</code>” and - “<code class="Li">AUTO</code>”, respectively.</p> - </dd> - <dt id="cloned_interfaces"><var class="Va">cloned_interfaces</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of clonable network interfaces - to create on this host. Further cloning arguments may be passed to the - <a class="Xr">ifconfig(8)</a> <code class="Cm">create</code> command for - each interface by setting the - <var class="Va">create_args_</var>⟨<var class="Ar">interface</var>⟩ - variable. If an interface name is specified with “:sticky” - keyword, the interface will not be destroyed even when - <span class="Pa">rc.d/netif</span> script is invoked with - “stop” argument. This is useful when reconfiguring the - interface without destroying it. Entries in - <var class="Va">cloned_interfaces</var> are automatically appended to - <var class="Va">network_interfaces</var> for configuration.</dd> - <dt id="cloned_interfaces_sticky"><var class="Va">cloned_interfaces_sticky</var></dt> - <dd>(<var class="Vt">bool</var>) This variable is to globally enable - functionality of “:sticky” keyword in - <var class="Va">cloned_interfaces</var> for all interfaces. The default - value is “NO”. Even if this variable is specified to - “YES”, “:nosticky” keyword can be used to - override it on per interface basis.</dd> - <dt id="gif_interfaces"><var class="Va">gif_interfaces</var></dt> - <dd>Set to the list of <a class="Xr">gif(4)</a> tunnel interfaces to configure - on this host. A - <var class="Va">gifconfig_</var>⟨<var class="Ar">interface</var>⟩ - variable is assumed to exist for each value of - <var class="Ar">interface</var>. The value of this variable is used to - configure the link layer of the tunnel using the - <code class="Cm">tunnel</code> option to <a class="Xr">ifconfig(8)</a>. - Additionally, this option ensures that each listed interface is created - via the <code class="Cm">create</code> option to - <a class="Xr">ifconfig(8)</a> before attempting to configure it. - <p class="Pp">For example, configure two <a class="Xr">gif(4)</a> interfaces - with:</p> - <div class="Bd Pp Li"> - <pre>gif_interfaces="gif0 gif1" -gifconfig_gif0="100.64.0.1 100.64.0.2" -ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" -gifconfig_gif1="inet6 2a00::1 2a01::1" -ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2"</pre> - </div> - </dd> - <dt id="ppp_enable"><var class="Va">ppp_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">ppp(8)</a> daemon.</dd> - <dt id="ppp_profile"><var class="Va">ppp_profile</var></dt> - <dd>(<var class="Vt">str</var>) The name of the profile to use from - <span class="Pa">/etc/ppp/ppp.conf</span>. Also used for per-profile - overrides of <var class="Va">ppp_mode</var> and - <var class="Va">ppp_nat</var>, and - <var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_unit. - When the profile name contains any of the characters - “<code class="Li">.-/+</code>” they are translated to - “<code class="Li">_</code>” for the proposes of the override - variable names.</dd> - <dt id="ppp_mode"><var class="Va">ppp_mode</var></dt> - <dd>(<var class="Vt">str</var>) Mode in which to run the - <a class="Xr">ppp(8)</a> daemon.</dd> - <dt id="ppp_"><var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_mode</dt> - <dd>(<var class="Vt">str</var>) Overrides the global - <var class="Va">ppp_mode</var> for <var class="Ar">profile</var>. Accepted - modes are “<code class="Li">auto</code>”, - “<code class="Li">ddial</code>”, - “<code class="Li">direct</code>” and - “<code class="Li">dedicated</code>”. See the manual for a - full description.</dd> - <dt id="ppp_nat"><var class="Va">ppp_nat</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enables network address - translation. Used in conjunction with <var class="Va">gateway_enable</var> - allows hosts on private network addresses access to the Internet using - this host as a network address translating router. Default is - “<code class="Li">YES</code>”.</dd> - <dt id="ppp_~2"><var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_nat</dt> - <dd>(<var class="Vt">str</var>) Overrides the global - <var class="Va">ppp_nat</var> for <var class="Ar">profile</var>.</dd> - <dt id="ppp_~3"><var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_unit</dt> - <dd>(<var class="Vt">int</var>) Set the unit number to be used for this - profile. See the manual description of - <code class="Fl">-unit</code><var class="Ar">N</var> for details.</dd> - <dt id="ppp_user"><var class="Va">ppp_user</var></dt> - <dd>(<var class="Vt">str</var>) The name of the user under which - <a class="Xr">ppp(8)</a> should be started. By default, - <a class="Xr">ppp(8)</a> is started as - “<code class="Li">root</code>”.</dd> - <dt id="rc_conf_files"><var class="Va">rc_conf_files</var></dt> - <dd>(<var class="Vt">str</var>) This option is used to specify a list of files - that will override the settings in - <span class="Pa">/etc/defaults/rc.conf</span>. The files will be read in - the order in which they are specified and should include the full path to - the file. By default, the files specified are - <span class="Pa">/etc/rc.conf</span> and - <span class="Pa">/etc/rc.conf.local</span>.</dd> - <dt id="zfs_enable"><var class="Va">zfs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, - <span class="Pa">/etc/rc.d/zfs</span> will attempt to automatically mount - ZFS file systems and initialize ZFS volumes (ZVOLs).</dd> - <dt id="zpool_reguid"><var class="Va">zpool_reguid</var></dt> - <dd>(<var class="Vt">str</var>) A space-separated list of ZFS pool names for - which new pool GUIDs should be assigned upon first boot. This is useful - when using a ZFS pool copied from a template, such as a virtual machine - image.</dd> - <dt id="zpool_upgrade"><var class="Va">zpool_upgrade</var></dt> - <dd>(<var class="Vt">str</var>) A space-separated list of ZFS pool names for - which the version should be upgraded upon first boot. This is useful when - using a ZFS pool generated by the <a class="Xr">makefs(8)</a> - utility.</dd> - <dt id="gptboot_enable"><var class="Va">gptboot_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, - <span class="Pa">/etc/rc.d/gptboot</span> will log if the system - successfully (or not) booted from a GPT partition, which had the - <var class="Ar">bootonce</var> attribute set using - <a class="Xr">gpart(8)</a> utility.</dd> - <dt id="geli_devices"><var class="Va">geli_devices</var></dt> - <dd>(<var class="Vt">str</var>) List of devices to automatically attach on - boot. Note that .eli devices from <span class="Pa">/etc/fstab</span> are - automatically appended to this list.</dd> - <dt id="geli_groups"><var class="Va">geli_groups</var></dt> - <dd>(<var class="Vt">str</var>) List of groups containing devices to - automatically attach on boot with the same keyfiles and passphrase. This - must be accompanied with a corresponding - <var class="Va">geli_</var>⟨<var class="Ar">group</var>⟩<var class="Va">_devices</var> - variable.</dd> - <dt id="geli_tries"><var class="Va">geli_tries</var></dt> - <dd>(<var class="Vt">int</var>) Number of times user is asked for the - pass-phrase. If empty, it will be taken from - <var class="Va">kern.geom.eli.tries</var> sysctl variable.</dd> - <dt id="geli_default_flags"><var class="Va">geli_default_flags</var></dt> - <dd>(<var class="Vt">str</var>) Default flags to use by - <a class="Xr">geli(8)</a> when configuring disk encryption. Flags can be - configured for every device separately by defining the - <var class="Va">geli_</var>⟨<var class="Ar">device</var>⟩<var class="Va">_flags</var> - variable, and for every group separately by defining the - <var class="Va">geli_</var>⟨<var class="Ar">group</var>⟩<var class="Va">_flags</var> - variable.</dd> - <dt id="geli_autodetach"><var class="Va">geli_autodetach</var></dt> - <dd>(<var class="Vt">str</var>) Specifies if GELI devices should be marked for - detach on last close after file systems are mounted. Default is - “<code class="Li">YES</code>”. This can be changed for every - device separately by defining the - <var class="Va">geli_</var>⟨<var class="Ar">device</var>⟩<var class="Va">_autodetach</var> - variable.</dd> - <dt id="root_rw_mount"><var class="Va">root_rw_mount</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” by default. After the file - systems are checked at boot time, the root file system is remounted as - read-write if this is set to “<code class="Li">YES</code>”. - Diskless systems that mount their root file system from a read-only remote - NFS share should set this to “<code class="Li">NO</code>” in - their <span class="Pa">rc.conf</span>.</dd> - <dt id="fsck_y_enable"><var class="Va">fsck_y_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, <a class="Xr">fsck(8)</a> - will be run with the <code class="Fl">-y</code> flag if the initial preen - of the file systems fails.</dd> - <dt id="background_fsck"><var class="Va">background_fsck</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">NO</code>”, the system will not attempt to - run <a class="Xr">fsck(8)</a> in the background where possible.</dd> - <dt id="background_fsck_delay"><var class="Va">background_fsck_delay</var></dt> - <dd>(<var class="Vt">int</var>) The amount of time in seconds to sleep before - starting a background <a class="Xr">fsck(8)</a>. It defaults to sixty - seconds to allow large applications such as the X server to start before - disk I/O bandwidth is monopolized by <a class="Xr">fsck(8)</a>. If set to - a negative number, the background file system check will be delayed - indefinitely to allow the administrator to run it at a more convenient - time. For example it may be run from <a class="Xr">cron(8)</a> by adding a - line like - <p class="Pp"></p> - <div class="Bd Bd-indent"><code class="Li">0 4 * * * root /etc/rc.d/bgfsck - forcestart</code></div> - <p class="Pp">to <span class="Pa">/etc/crontab</span>.</p> - </dd> - <dt id="netfs_types"><var class="Va">netfs_types</var></dt> - <dd>(<var class="Vt">str</var>) List of file system types that are - network-based. This list should generally not be modified by end users. - Use <var class="Va">extra_netfs_types</var> instead.</dd> - <dt id="extra_netfs_types"><var class="Va">extra_netfs_types</var></dt> - <dd>(<var class="Vt">str</var>) If set to something other than - “<code class="Li">NO</code>” (the default), this variable - extends the list of file system types for which automatic mounting at - startup by <a class="Xr">rc(8)</a> should be delayed until the network is - initialized. It should contain a whitespace-separated list of network file - system descriptor pairs, each consisting of a file system type as passed - to <a class="Xr">mount(8)</a> and a human-readable, one-word description, - joined with a colon (‘<code class="Li">:</code>’). Extending - the default list in this way is only necessary when third party file - system types are used.</dd> - <dt id="syslogd_enable"><var class="Va">syslogd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">syslogd(8)</a> daemon. Note, the - <var class="Va">syslogd_oomprotect</var> variable is set to - “<code class="Li">YES</code>” by default in - <span class="Pa">/etc/defaults/rc.conf</span>.</dd> - <dt id="syslogd_program"><var class="Va">syslogd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">syslogd(8)</a> (default - <span class="Pa">/usr/sbin/syslogd</span>).</dd> - <dt id="syslogd_flags"><var class="Va">syslogd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">syslogd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to <a class="Xr">syslogd(8)</a>.</dd> - <dt id="inetd_enable"><var class="Va">inetd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">inetd(8)</a> daemon.</dd> - <dt id="inetd_program"><var class="Va">inetd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">inetd(8)</a> (default - <span class="Pa">/usr/sbin/inetd</span>).</dd> - <dt id="inetd_flags"><var class="Va">inetd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">inetd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to <a class="Xr">inetd(8)</a>.</dd> - <dt id="hastd_enable"><var class="Va">hastd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">hastd(8)</a> daemon.</dd> - <dt id="hastd_program"><var class="Va">hastd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">hastd(8)</a> (default - <span class="Pa">/sbin/hastd</span>).</dd> - <dt id="hastd_flags"><var class="Va">hastd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">hastd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to <a class="Xr">hastd(8)</a>.</dd> - <dt id="local_unbound_enable"><var class="Va">local_unbound_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">unbound(8)</a> daemon as a local caching DNS resolver. Note, - the <var class="Va">local_unbound_oomprotect</var> variable is set to - “<code class="Li">YES</code>” by default in - <span class="Pa">/etc/defaults/rc.conf</span>.</dd> - <dt id="nscd_enable"><var class="Va">nscd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start the - <a class="Xr">nscd(8)</a> caching daemon for the - <code class="Nm">nsswitch</code> subsystem.</dd> - <dt id="nscd_flags"><var class="Va">nscd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nscd_enable</var> is set to - “<code class="Li">YES</code>”, these flags are passed to - <a class="Xr">nscd(8)</a>.</dd> - <dt id="kdc_enable"><var class="Va">kdc_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start a Kerberos 5 - authentication server at boot time.</dd> - <dt id="kdc_program"><var class="Va">kdc_program</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">kdc_enable</var> is set to - “<code class="Li">YES</code>” this is the path to Kerberos 5 - Authentication Server.</dd> - <dt id="kdc_flags"><var class="Va">kdc_flags</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable contains - additional flags to be passed to the Kerberos 5 authentication - server.</dd> - <dt id="kadmind_enable"><var class="Va">kadmind_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start - <a class="Xr">kadmind(8)</a>, the Kerberos 5 Administration Daemon; set to - “<code class="Li">NO</code>” on a slave server.</dd> - <dt id="kadmind_program"><var class="Va">kadmind_program</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">kadmind_enable</var> is set - to “<code class="Li">YES</code>” this is the path to - Kerberos 5 Administration Daemon.</dd> - <dt id="kpasswdd_enable"><var class="Va">kpasswdd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start - <a class="Xr">kpasswdd(8)</a>, the Kerberos 5 Password-Changing Daemon; - set to “<code class="Li">NO</code>” on a slave server.</dd> - <dt id="kpasswdd_program"><var class="Va">kpasswdd_program</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">kpasswdd_enable</var> is - set to “<code class="Li">YES</code>” this is the path to - Kerberos 5 Password-Changing Daemon.</dd> - <dt id="kfd_enable"><var class="Va">kfd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start - <a class="Xr">kfd(8)</a>, the Kerberos 5 ticket forwarding daemon, at the - boot time.</dd> - <dt id="kfd_program"><var class="Va">kfd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">kfd(8)</a> (default - <span class="Pa">/usr/libexec/kfd</span>).</dd> - <dt id="rwhod_enable"><var class="Va">rwhod_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rwhod(8)</a> daemon at boot time.</dd> - <dt id="rwhod_flags"><var class="Va">rwhod_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rwhod_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to it.</dd> - <dt id="update_motd"><var class="Va">update_motd</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, - <span class="Pa">/var/run/motd</span> will be updated at boot time to - reflect the kernel release being run. If set to - “<code class="Li">NO</code>”, - <span class="Pa">/var/run/motd</span> will not be updated.</dd> - <dt id="nfs_client_enable"><var class="Va">nfs_client_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the NFS client daemons at - boot time.</dd> - <dt id="nfs_access_cache"><var class="Va">nfs_access_cache</var></dt> - <dd>(<var class="Vt">int</var>) If <var class="Va">nfs_client_enable</var> is - set to “<code class="Li">YES</code>”, this can be set to - “<code class="Li">0</code>” to disable NFS ACCESS RPC - caching, or to the number of seconds for which NFS ACCESS results should - be cached. A value of 2-10 seconds will substantially reduce network - traffic for many NFS operations.</dd> - <dt id="nfs_server_enable"><var class="Va">nfs_server_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the NFS server daemons at - boot time.</dd> - <dt id="nfs_server_flags"><var class="Va">nfs_server_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nfs_server_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">nfsd(8)</a> daemon.</dd> - <dt id="nfsv4_server_enable"><var class="Va">nfsv4_server_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If <var class="Va">nfs_server_enable</var> is - set to “<code class="Li">YES</code>” and - <var class="Va">nfsv4_server_enable</var> is set to - “<code class="Li">YES</code>”, enable the server for NFSv4 - as well as NFSv2 and NFSv3.</dd> - <dt id="nfsv4_server_only"><var class="Va">nfsv4_server_only</var></dt> - <dd>(<var class="Vt">bool</var>) If <var class="Va">nfs_server_enable</var> is - set to “<code class="Li">YES</code>” and - <var class="Va">nfsv4_server_only</var> is set to - “<code class="Li">YES</code>”, enable the NFS server for - NFSv4 only.</dd> - <dt id="nfs_server_maxio"><var class="Va">nfs_server_maxio</var></dt> - <dd>(<var class="Vt">int</var>) value to set vfs.nfsd.srvmaxio to, which is - the maximum I/O size for the NFS server.</dd> - <dt id="tlsclntd_enable"><var class="Va">tlsclntd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rpc.tlsclntd(8)</a> daemon, which is needed for NFS-over-TLS - NFS mounts.</dd> - <dt id="tlsservd_enable"><var class="Va">tlsservd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rpc.tlsservd(8)</a> daemon, which is needed for the - <a class="Xr">nfsd(8)</a> to support NFS-over-TLS NFS mounts.</dd> - <dt id="nfsuserd_enable"><var class="Va">nfsuserd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If <var class="Va">nfsuserd_enable</var> is - set to “<code class="Li">YES</code>”, run the nfsuserd - daemon, which is needed for NFSv4 in order to map between user/group names - vs uid/gid numbers. If <var class="Va">nfsv4_server_enable</var> is set to - “<code class="Li">YES</code>”, this will be forced - enabled.</dd> - <dt id="nfsuserd_flags"><var class="Va">nfsuserd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nfsuserd_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">nfsuserd(8)</a> daemon.</dd> - <dt id="nfscbd_enable"><var class="Va">nfscbd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If <var class="Va">nfscbd_enable</var> is set - to “<code class="Li">YES</code>”, run the nfscbd daemon, - which enables callbacks/delegations for the NFSv4 client.</dd> - <dt id="nfscbd_flags"><var class="Va">nfscbd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nfscbd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">nfscbd(8)</a> daemon.</dd> - <dt id="mountd_enable"><var class="Va">mountd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, and no - <var class="Va">nfs_server_enable</var> is set, start - <a class="Xr">mountd(8)</a>, but not <a class="Xr">nfsd(8)</a> daemon. It - is commonly needed to run CFS without real NFS used.</dd> - <dt id="mountd_flags"><var class="Va">mountd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">mountd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">mountd(8)</a> daemon.</dd> - <dt id="weak_mountd_authentication"><var class="Va">weak_mountd_authentication</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, allow services like PCNFSD to - make non-privileged mount requests.</dd> - <dt id="nfs_reserved_port_only"><var class="Va">nfs_reserved_port_only</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, provide NFS services only on - a secure port.</dd> - <dt id="nfs_bufpackets"><var class="Va">nfs_bufpackets</var></dt> - <dd>(<var class="Vt">int</var>) If set to a number, indicates the number of - packets worth of socket buffer space to reserve on an NFS client. The - kernel default is typically 4. Using a higher number may be useful on - gigabit networks to improve performance. The minimum value is 2 and the - maximum is 64.</dd> - <dt id="rpc_lockd_enable"><var class="Va">rpc_lockd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>” and also an NFS server or - client, run <a class="Xr">rpc.lockd(8)</a> at boot time.</dd> - <dt id="rpc_lockd_flags"><var class="Va">rpc_lockd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rpc_lockd_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">rpc.lockd(8)</a> daemon.</dd> - <dt id="rpc_statd_enable"><var class="Va">rpc_statd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>” and also an NFS server or - client, run <a class="Xr">rpc.statd(8)</a> at boot time.</dd> - <dt id="rpc_statd_flags"><var class="Va">rpc_statd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rpc_statd_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">rpc.statd(8)</a> daemon.</dd> - <dt id="rpcbind_program"><var class="Va">rpcbind_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">rpcbind(8)</a> (default - <span class="Pa">/usr/sbin/rpcbind</span>).</dd> - <dt id="rpcbind_enable"><var class="Va">rpcbind_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rpcbind(8)</a> service at boot time.</dd> - <dt id="rpcbind_flags"><var class="Va">rpcbind_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rpcbind_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">rpcbind(8)</a> daemon.</dd> - <dt id="pppoed_enable"><var class="Va">pppoed_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">pppoed(8)</a> daemon at boot time to provide PPP over - Ethernet services.</dd> - <dt id="pppoed_"><var class="Va">pppoed_</var>⟨<var class="Ar">provider</var>⟩</dt> - <dd>(<var class="Vt">str</var>) <a class="Xr">pppoed(8)</a> listens to - requests to this <var class="Ar">provider</var> and ultimately runs - <a class="Xr">ppp(8)</a> with a <var class="Ar">system</var> argument of - the same name.</dd> - <dt id="pppoed_flags"><var class="Va">pppoed_flags</var></dt> - <dd>(<var class="Vt">str</var>) Additional flags to pass to - <a class="Xr">pppoed(8)</a>.</dd> - <dt id="pppoed_interface"><var class="Va">pppoed_interface</var></dt> - <dd>(<var class="Vt">str</var>) The network interface to run - <a class="Xr">pppoed(8)</a> on. This is mandatory when - <var class="Va">pppoed_enable</var> is set to - “<code class="Li">YES</code>”.</dd> - <dt id="ntpdate_enable"><var class="Va">ntpdate_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run - <a class="Xr">ntpdate(8)</a> at system startup. This command is intended - to synchronize the system clock only - <a class="permalink" href="#once"><i class="Em" id="once">once</i></a> - from some standard reference. - <p class="Pp">Note that the use of the - <var class="Va">ntpd_sync_on_start</var> variable is a preferred - alternative to the <a class="Xr">ntpdate(8)</a> utility as - <a class="Xr">ntpdate(8)</a> is to be retired from the NTP - distribution.</p> - </dd> - <dt id="ntpdate_config"><var class="Va">ntpdate_config</var></dt> - <dd>(<var class="Vt">str</var>) Configuration file for - <a class="Xr">ntpdate(8)</a>. Default - <span class="Pa">/etc/ntp.conf</span>.</dd> - <dt id="ntpdate_hosts"><var class="Va">ntpdate_hosts</var></dt> - <dd>(<var class="Vt">str</var>) A whitespace-separated list of NTP servers to - synchronize with at startup. The default is to use the servers listed in - <var class="Va">ntpdate_config</var>, if that file exists.</dd> - <dt id="ntpdate_program"><var class="Va">ntpdate_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ntpdate(8)</a> (default - <span class="Pa">/usr/sbin/ntpdate</span>).</dd> - <dt id="ntpdate_flags"><var class="Va">ntpdate_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">ntpdate_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">ntpdate(8)</a> command (typically a - hostname).</dd> - <dt id="ntpd_enable"><var class="Va">ntpd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">ntpd(8)</a> command at boot time.</dd> - <dt id="ntpd_program"><var class="Va">ntpd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ntpd(8)</a> (default - <span class="Pa">/usr/sbin/ntpd</span>).</dd> - <dt id="ntpd_config"><var class="Va">ntpd_config</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ntpd(8)</a> - configuration file. Default <span class="Pa">/etc/ntp.conf</span>.</dd> - <dt id="ntpd_flags"><var class="Va">ntpd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">ntpd_enable</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">ntpd(8)</a> daemon.</dd> - <dt id="ntpd_sync_on_start"><var class="Va">ntpd_sync_on_start</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, <a class="Xr">ntpd(8)</a> is - run with the <code class="Fl">-g</code> flag, which syncs the system's - clock on startup. See <a class="Xr">ntpd(8)</a> for more information - regarding the <code class="Fl">-g</code> option. This is a preferred - alternative to using <a class="Xr">ntpdate(8)</a> or specifying the - <var class="Va">ntpdate_enable</var> variable.</dd> - <dt id="nis_client_enable"><var class="Va">nis_client_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">ypbind(8)</a> service at system boot time.</dd> - <dt id="nis_client_flags"><var class="Va">nis_client_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nis_client_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">ypbind(8)</a> service.</dd> - <dt id="nis_ypldap_enable"><var class="Va">nis_ypldap_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">ypldap(8)</a> daemon at system boot time.</dd> - <dt id="nis_ypldap_flags"><var class="Va">nis_ypldap_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nis.ypldap_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">ypldap(8)</a> daemon.</dd> - <dt id="nis_ypset_enable"><var class="Va">nis_ypset_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">ypset(8)</a> daemon at system boot time.</dd> - <dt id="nis_ypset_flags"><var class="Va">nis_ypset_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nis_ypset_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">ypset(8)</a> daemon.</dd> - <dt id="nis_server_enable"><var class="Va">nis_server_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">ypserv(8)</a> daemon at system boot time.</dd> - <dt id="nis_server_flags"><var class="Va">nis_server_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nis_server_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">ypserv(8)</a> daemon.</dd> - <dt id="nis_ypxfrd_enable"><var class="Va">nis_ypxfrd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rpc.ypxfrd(8)</a> daemon at system boot time.</dd> - <dt id="nis_ypxfrd_flags"><var class="Va">nis_ypxfrd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nis_ypxfrd_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">rpc.ypxfrd(8)</a> daemon.</dd> - <dt id="nis_yppasswdd_enable"><var class="Va">nis_yppasswdd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rpc.yppasswdd(8)</a> daemon at system boot time.</dd> - <dt id="nis_yppasswdd_flags"><var class="Va">nis_yppasswdd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">nis_yppasswdd_enable</var> - is set to “<code class="Li">YES</code>”, these are the flags - to pass to the <a class="Xr">rpc.yppasswdd(8)</a> daemon.</dd> - <dt id="rpc_ypupdated_enable"><var class="Va">rpc_ypupdated_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <code class="Nm">rpc.ypupdated</code> daemon at system boot time.</dd> - <dt id="bsnmpd_enable"><var class="Va">bsnmpd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">bsnmpd(1)</a> daemon at system boot time. Be sure to - understand the security implications of running an SNMP daemon on your - host.</dd> - <dt id="bsnmpd_flags"><var class="Va">bsnmpd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">bsnmpd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">bsnmpd(1)</a> daemon.</dd> - <dt id="defaultrouter"><var class="Va">defaultrouter</var></dt> - <dd>(<var class="Vt">str</var>) If not set to - “<code class="Li">NO</code>”, create a default route to this - host name or IP address (use an IP address if this router is also required - to get to the name server!).</dd> - <dt id="defaultrouter_fibN"><var class="Va">defaultrouter_fibN</var></dt> - <dd>(<var class="Vt">str</var>) If not set to - “<code class="Li">NO</code>”, create a default route in FIB - N to this host name or IP address.</dd> - <dt id="ipv6_defaultrouter"><var class="Va">ipv6_defaultrouter</var></dt> - <dd>(<var class="Vt">str</var>) The IPv6 equivalent of - <var class="Va">defaultrouter</var>.</dd> - <dt id="ipv6_defaultrouter_fibN"><var class="Va">ipv6_defaultrouter_fibN</var></dt> - <dd>(<var class="Vt">str</var>) The IPv6 equivalent of - <var class="Va">defaultrouter_fibN</var>.</dd> - <dt id="static_arp_pairs"><var class="Va">static_arp_pairs</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of static ARP pairs that are - to be added at system boot time. For each whitespace separated - <var class="Ar">element</var> in the value, a - <var class="Va">static_arp_</var>⟨<var class="Ar">element</var>⟩ - variable is assumed to exist whose contents will later be passed to a - “<code class="Nm">arp</code> <code class="Cm">-S</code>” - operation. For example - <div class="Bd Pp Li"> - <pre>static_arp_pairs="gw" -static_arp_gw="192.168.1.1 00:01:02:03:04:05"</pre> - </div> - </dd> - <dt id="static_ndp_pairs"><var class="Va">static_ndp_pairs</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of static NDP pairs that are - to be added at system boot time. For each whitespace separated - <var class="Ar">element</var> in the value, a - <var class="Va">static_ndp_</var>⟨<var class="Ar">element</var>⟩ - variable is assumed to exist whose contents will later be passed to a - “<code class="Nm">ndp</code> <code class="Cm">-s</code>” - operation. For example - <div class="Bd Pp Li"> - <pre>static_ndp_pairs="gw" -static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"</pre> - </div> - </dd> - <dt id="static_routes"><var class="Va">static_routes</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of static routes that are to - be added at system boot time. If not set to - “<code class="Li">NO</code>” then for each whitespace - separated <var class="Ar">element</var> in the value, a - <var class="Va">route_</var>⟨<var class="Ar">element</var>⟩ - variable is assumed to exist whose contents will later be passed to a - “<code class="Nm">route</code> <code class="Cm">add</code>” - operation. For example: - <div class="Bd Pp Li"> - <pre>static_routes="ext mcast:gif0 gif0local:gif0" -route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" -route_mcast="-net 224.0.0.0/4 -iface gif0" -route_gif0local="-host 169.254.1.1 -iface lo0"</pre> - </div> - <p class="Pp">When an <var class="Ar">element</var> is in the form of - <code class="Li">name:ifname</code>, the route is specific to the - interface <code class="Li">ifname</code>.</p> - </dd> - <dt id="ipv6_static_routes"><var class="Va">ipv6_static_routes</var></dt> - <dd>(<var class="Vt">str</var>) The IPv6 equivalent of - <var class="Va">static_routes</var>. If not set to - “<code class="Li">NO</code>” then for each whitespace - separated <var class="Ar">element</var> in the value, a - <var class="Va">ipv6_route_</var>⟨<var class="Ar">element</var>⟩ - variable is assumed to exist whose contents will later be passed to a - “<code class="Nm">route</code> <code class="Cm">add</code> - <code class="Fl">-inet6</code>” operation.</dd> - <dt id="gateway_enable"><var class="Va">gateway_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, configure host to act as an - IP router, e.g. to forward packets between interfaces.</dd> - <dt id="ipv6_gateway_enable"><var class="Va">ipv6_gateway_enable</var></dt> - <dd>(<var class="Vt">bool</var>) The IPv6 equivalent of - <var class="Va">gateway_enable</var>.</dd> - <dt id="routed_enable"><var class="Va">routed_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run a routing daemon of some - sort, based on the settings of <var class="Va">routed_program</var> and - <var class="Va">routed_flags</var>.</dd> - <dt id="route6d_enable"><var class="Va">route6d_enable</var></dt> - <dd>(<var class="Vt">bool</var>) The IPv6 equivalent of - <var class="Va">routed_enable</var>. If set to - “<code class="Li">YES</code>”, run a routing daemon of some - sort, based on the settings of <var class="Va">route6d_program</var> and - <var class="Va">route6d_flags</var>.</dd> - <dt id="routed_program"><var class="Va">routed_program</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">routed_enable</var> is set - to “<code class="Li">YES</code>”, this is the name of the - routing daemon to use. The default is <a class="Xr">routed(8)</a>.</dd> - <dt id="route6d_program"><var class="Va">route6d_program</var></dt> - <dd>(<var class="Vt">str</var>) The IPv6 equivalent of - <var class="Va">routed_program</var>. The default is - <a class="Xr">route6d(8)</a>.</dd> - <dt id="routed_flags"><var class="Va">routed_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">routed_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the routing daemon.</dd> - <dt id="route6d_flags"><var class="Va">route6d_flags</var></dt> - <dd>(<var class="Vt">str</var>) The IPv6 equivalent of - <var class="Va">routed_flags</var>.</dd> - <dt id="rtadvd_enable"><var class="Va">rtadvd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rtadvd(8)</a> daemon at boot time. The - <a class="Xr">rtadvd(8)</a> utility sends ICMPv6 Router Advertisement - messages to the interfaces specified in - <var class="Va">rtadvd_interfaces</var>. This should only be enabled with - great care. You may want to fine-tune - <a class="Xr">rtadvd.conf(5)</a>.</dd> - <dt id="rtadvd_flags"><var class="Va">rtadvd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rtadvd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to <a class="Xr">rtadvd(8)</a>.</dd> - <dt id="rtadvd_interfaces"><var class="Va">rtadvd_interfaces</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rtadvd_enable</var> is set - to “<code class="Li">YES</code>” this is the list of - interfaces to use.</dd> - <dt id="arpproxy_all"><var class="Va">arpproxy_all</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable global proxy ARP.</dd> - <dt id="forward_sourceroute"><var class="Va">forward_sourceroute</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>” and - <var class="Va">gateway_enable</var> is also set to - “<code class="Li">YES</code>”, source-routed packets are - forwarded.</dd> - <dt id="accept_sourceroute"><var class="Va">accept_sourceroute</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, the system will accept - source-routed packets directed at it.</dd> - <dt id="rarpd_enable"><var class="Va">rarpd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">rarpd(8)</a> daemon at system boot time.</dd> - <dt id="rarpd_flags"><var class="Va">rarpd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rarpd_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">rarpd(8)</a> daemon.</dd> - <dt id="bootparamd_enable"><var class="Va">bootparamd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">bootparamd(8)</a> daemon at system boot time.</dd> - <dt id="bootparamd_flags"><var class="Va">bootparamd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">bootparamd_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">bootparamd(8)</a> daemon.</dd> - <dt id="stf_interface_ipv4addr"><var class="Va">stf_interface_ipv4addr</var></dt> - <dd>(<var class="Vt">str</var>) If not set to - “<code class="Li">NO</code>”, this is the local IPv4 address - for 6to4 (IPv6 over IPv4 tunneling interface). Specify this entry to - enable the 6to4 interface.</dd> - <dt id="stf_interface_ipv4plen"><var class="Va">stf_interface_ipv4plen</var></dt> - <dd>(<var class="Vt">int</var>) Prefix length for 6to4 IPv4 addresses, to - limit peer address range. An effective value is 0-31.</dd> - <dt id="stf_interface_ipv6_ifid"><var class="Va">stf_interface_ipv6_ifid</var></dt> - <dd>(<var class="Vt">str</var>) IPv6 interface ID for - <a class="Xr">stf(4)</a>. This can be set to - “<code class="Li">AUTO</code>”.</dd> - <dt id="stf_interface_ipv6_slaid"><var class="Va">stf_interface_ipv6_slaid</var></dt> - <dd>(<var class="Vt">str</var>) IPv6 Site Level Aggregator for - <a class="Xr">stf(4)</a>.</dd> - <dt id="ipv6_ipv4mapping"><var class="Va">ipv6_ipv4mapping</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>” this enables IPv4 mapped IPv6 - address communication (like <code class="Li">::ffff:a.b.c.d</code>).</dd> - <dt id="rtsold_enable"><var class="Va">rtsold_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to enable the - <a class="Xr">rtsold(8)</a> daemon to send ICMPv6 Router Solicitation - messages.</dd> - <dt id="rtsold_flags"><var class="Va">rtsold_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">rtsold_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to <a class="Xr">rtsold(8)</a>.</dd> - <dt id="rtsol_flags"><var class="Va">rtsol_flags</var></dt> - <dd>(<var class="Vt">str</var>) For interfaces configured with the - “<code class="Li">inet6 accept_rtadv</code>” keyword, these - are the flags to pass to <a class="Xr">rtsol(8)</a>. - <p class="Pp">Note that <var class="Va">rtsold_enable</var> is mutually - exclusive to <var class="Va">rtsol_flags</var>; - <var class="Va">rtsold_enable</var> takes precedence.</p> - </dd> - <dt id="keybell"><var class="Va">keybell</var></dt> - <dd>(<var class="Vt">str</var>) The keyboard bell sound. Set to - “<code class="Li">normal</code>”, - “<code class="Li">visual</code>”, - “<code class="Li">off</code>”, or - “<code class="Li">NO</code>” if the default behavior is - desired. For details, refer to the <a class="Xr">kbdcontrol(1)</a> - manpage.</dd> - <dt id="keyboard"><var class="Va">keyboard</var></dt> - <dd>(<var class="Vt">str</var>) If set to a non-null string, the virtual - console's keyboard input is set to this device.</dd> - <dt id="keymap"><var class="Va">keymap</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">NO</code>”, no keymap is installed, - otherwise the value is used to install the keymap file found in - <span class="Pa">/usr/share/syscons/keymaps/</span>⟨<var class="Ar">value</var>⟩<span class="Pa">.kbd</span> - (if using <a class="Xr">syscons(4)</a>) or - <span class="Pa">/usr/share/vt/keymaps/</span>⟨<var class="Ar">value</var>⟩<span class="Pa">.kbd</span> - (if using <a class="Xr">vt(4)</a>).</dd> - <dt id="keyrate"><var class="Va">keyrate</var></dt> - <dd>(<var class="Vt">str</var>) The keyboard repeat speed. Set to - “<code class="Li">slow</code>”, - “<code class="Li">normal</code>”, - “<code class="Li">fast</code>”, or - “<code class="Li">NO</code>” if the default behavior is - desired.</dd> - <dt id="keychange"><var class="Va">keychange</var></dt> - <dd>(<var class="Vt">str</var>) If not set to - “<code class="Li">NO</code>”, attempt to program the - function keys with the value. The value should be a single string of the - form: “<var class="Ar">funkey_number new_value</var> - [<var class="Ar">funkey_number new_value ...</var>]”.</dd> - <dt id="cursor"><var class="Va">cursor</var></dt> - <dd>(<var class="Vt">str</var>) Can be set to the value of - “<code class="Li">normal</code>”, - “<code class="Li">blink</code>”, - “<code class="Li">destructive</code>”, or - “<code class="Li">NO</code>” to set the cursor behavior - explicitly or choose the default behavior.</dd> - <dt id="scrnmap"><var class="Va">scrnmap</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">NO</code>”, no screen map is installed, - otherwise the value is used to install the screen map file in - <span class="Pa">/usr/share/syscons/scrnmaps/</span>⟨<var class="Ar">value</var>⟩. - This parameter is ignored when using <a class="Xr">vt(4)</a> as the - console driver.</dd> - <dt id="font8x16"><var class="Va">font8x16</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">NO</code>”, the default 8x16 font value is - used for screen size requests, otherwise the value in - <span class="Pa">/usr/share/syscons/fonts/</span>⟨<var class="Ar">value</var>⟩ - or - <span class="Pa">/usr/share/vt/fonts/</span>⟨<var class="Ar">value</var>⟩ - is used (depending on the console driver being used).</dd> - <dt id="font8x14"><var class="Va">font8x14</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">NO</code>”, the default 8x14 font value is - used for screen size requests, otherwise the value in - <span class="Pa">/usr/share/syscons/fonts/</span>⟨<var class="Ar">value</var>⟩ - or - <span class="Pa">/usr/share/vt/fonts/</span>⟨<var class="Ar">value</var>⟩ - is used (depending on the console driver being used).</dd> - <dt id="font8x8"><var class="Va">font8x8</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">NO</code>”, the default 8x8 font value is - used for screen size requests, otherwise the value in - <span class="Pa">/usr/share/syscons/fonts/</span>⟨<var class="Ar">value</var>⟩ - or - <span class="Pa">/usr/share/vt/fonts/</span>⟨<var class="Ar">value</var>⟩ - is used (depending on the console driver being used).</dd> - <dt id="blanktime"><var class="Va">blanktime</var></dt> - <dd>(<var class="Vt">int</var>) If set to - “<code class="Li">NO</code>”, the default screen blanking - interval is used, otherwise it is set to <var class="Ar">value</var> - seconds.</dd> - <dt id="saver"><var class="Va">saver</var></dt> - <dd>(<var class="Vt">str</var>) If not set to - “<code class="Li">NO</code>”, this is the actual screen - saver to use (<code class="Li">blank</code>, - <code class="Li">snake</code>, <code class="Li">daemon</code>, etc).</dd> - <dt id="moused_nondefault_enable"><var class="Va">moused_nondefault_enable</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">NO</code>”, the mouse device specified on - the command line is not automatically treated as enabled by the - <span class="Pa">/etc/rc.d/moused</span> script. Having this variable set - to “<code class="Li">YES</code>” allows a - <a class="Xr">usb(4)</a> mouse, for example, to be enabled as soon as it - is plugged in.</dd> - <dt id="moused_enable"><var class="Va">moused_enable</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">YES</code>”, the - <a class="Xr">moused(8)</a> daemon is started for doing cut/paste - selection on the console.</dd> - <dt id="moused_type"><var class="Va">moused_type</var></dt> - <dd>(<var class="Vt">str</var>) This is the protocol type of the mouse - connected to this host. This variable must be set if - <var class="Va">moused_enable</var> is set to - “<code class="Li">YES</code>”, but defaults to - “<code class="Li">auto</code>” as the - <a class="Xr">moused(8)</a> daemon is able to detect the appropriate mouse - type automatically in many cases. Set this variable to one from the - following list if the automatic detection fails. - <p class="Pp">If the mouse is attached to the PS/2 mouse port, choose - “<code class="Li">auto</code>” or - “<code class="Li">ps/2</code>”, regardless of the brand - and model of the mouse. Likewise, if the mouse is attached to the bus - mouse port, choose “<code class="Li">auto</code>” or - “<code class="Li">busmouse</code>”. All other protocols - are for serial mice and will not work with the PS/2 and bus mice. If - this is a USB mouse, “<code class="Li">auto</code>” is the - only protocol type which will work.</p> - <p class="Pp"></p> - <dl class="Bl-tag Bl-compact"> - <dt id="microsoft"><a class="permalink" href="#microsoft"><code class="Li">microsoft</code></a></dt> - <dd>Microsoft mouse (serial)</dd> - <dt id="intellimouse"><a class="permalink" href="#intellimouse"><code class="Li">intellimouse</code></a></dt> - <dd>Microsoft IntelliMouse (serial)</dd> - <dt id="mousesystems"><a class="permalink" href="#mousesystems"><code class="Li">mousesystems</code></a></dt> - <dd>Mouse systems Corp. mouse (serial)</dd> - <dt id="mmseries"><a class="permalink" href="#mmseries"><code class="Li">mmseries</code></a></dt> - <dd>MM Series mouse (serial)</dd> - <dt id="logitech"><a class="permalink" href="#logitech"><code class="Li">logitech</code></a></dt> - <dd>Logitech mouse (serial)</dd> - <dt id="busmouse"><a class="permalink" href="#busmouse"><code class="Li">busmouse</code></a></dt> - <dd>A bus mouse</dd> - <dt id="mouseman"><a class="permalink" href="#mouseman"><code class="Li">mouseman</code></a></dt> - <dd>Logitech MouseMan and TrackMan (serial)</dd> - <dt id="glidepoint"><a class="permalink" href="#glidepoint"><code class="Li">glidepoint</code></a></dt> - <dd>ALPS GlidePoint (serial)</dd> - <dt id="thinkingmouse"><a class="permalink" href="#thinkingmouse"><code class="Li">thinkingmouse</code></a></dt> - <dd>Kensington ThinkingMouse (serial)</dd> - <dt id="ps/2"><a class="permalink" href="#ps/2"><code class="Li">ps/2</code></a></dt> - <dd>PS/2 mouse</dd> - <dt id="mmhittab"><a class="permalink" href="#mmhittab"><code class="Li">mmhittab</code></a></dt> - <dd>MM HitTablet (serial)</dd> - <dt id="x10mouseremote"><a class="permalink" href="#x10mouseremote"><code class="Li">x10mouseremote</code></a></dt> - <dd>X10 MouseRemote (serial)</dd> - <dt id="versapad"><a class="permalink" href="#versapad"><code class="Li">versapad</code></a></dt> - <dd>Interlink VersaPad (serial)</dd> - </dl> - <p class="Pp">Even if the mouse is not in the above list, it may be - compatible with one in the list. Refer to the manual page for - <a class="Xr">moused(8)</a> for compatibility information.</p> - <p class="Pp">It should also be noted that while this is enabled, any other - client of the mouse (such as an X server) should access the mouse - through the virtual mouse device, <span class="Pa">/dev/sysmouse</span>, - and configure it as a “<code class="Li">sysmouse</code>” - type mouse, since all mouse data is converted to this single canonical - format when using <a class="Xr">moused(8)</a>. If the client program - does not support the “<code class="Li">sysmouse</code>” - type, specify the “<code class="Li">mousesystems</code>” - type. It is the second preferred type.</p> - </dd> - <dt id="moused_port"><var class="Va">moused_port</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">moused_enable</var> is set - to “<code class="Li">YES</code>”, this is the actual port - the mouse is on. It might be <span class="Pa">/dev/cuau0</span> for a COM1 - serial mouse, or <span class="Pa">/dev/psm0</span> for a PS/2 mouse, for - example.</dd> - <dt id="moused_flags"><var class="Va">moused_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">moused_flags</var> is set, - its value is used as an additional set of flags to pass to the - <a class="Xr">moused(8)</a> daemon.</dd> - <dt id="moused_"><var class="Va">moused_</var><var class="Ar">XXX</var><var class="Va">_flags</var></dt> - <dd>When <var class="Va">moused_nondefault_enable</var> is enabled, and a - <a class="Xr">moused(8)</a> daemon is started for a non-default port, the - <var class="Va">moused_</var><var class="Ar">XXX</var><var class="Va">_flags</var> - set of options has precedence over and replaces the default - <var class="Va">moused_flags</var> (where <var class="Ar">XXX</var> is the - name of the non-default port, i.e., <var class="Ar">ums0</var>). By - setting - <var class="Va">moused_</var><var class="Ar">XXX</var><var class="Va">_flags</var> - it is possible to set up a different set of default flags for each - <a class="Xr">moused(8)</a> instance. For example, you can use - “<code class="Li">-3</code>” for the default - <var class="Va">moused_flags</var> to make your laptop's touchpad more - comfortable to use, but an empty set of options for - <var class="Va">moused_ums0_flags</var> when your <a class="Xr">usb(4)</a> - mouse has three or more buttons.</dd> - <dt id="mousechar_start"><var class="Va">mousechar_start</var></dt> - <dd>(<var class="Vt">int</var>) If set to - “<code class="Li">NO</code>”, the default mouse cursor - character range <code class="Li">0xd0</code>-<code class="Li">0xd3</code> - is used, otherwise the range start is set to <var class="Ar">value</var> - character, see <a class="Xr">vidcontrol(1)</a>. Use if the default range - is occupied in the language code table.</dd> - <dt id="allscreens_flags"><var class="Va">allscreens_flags</var></dt> - <dd>(<var class="Vt">str</var>) If set, <a class="Xr">vidcontrol(1)</a> is run - with these options for each of the virtual terminals - (<span class="Pa">/dev/ttyv*</span>). For example, - “<code class="Fl">-m</code> <code class="Cm">on</code>” will - enable the mouse pointer on all virtual terminals if - <var class="Va">moused_enable</var> is set to - “<code class="Li">YES</code>”.</dd> - <dt id="allscreens_kbdflags"><var class="Va">allscreens_kbdflags</var></dt> - <dd>(<var class="Vt">str</var>) If set, <a class="Xr">kbdcontrol(1)</a> is run - with these options for each of the virtual terminals - (<span class="Pa">/dev/ttyv*</span>). For example, - “<code class="Fl">-h</code> <code class="Li">200</code>” - will set the <a class="Xr">syscons(4)</a> or <a class="Xr">vt(4)</a> - scrollback (history) buffer to 200 lines.</dd> - <dt id="cron_enable"><var class="Va">cron_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">cron(8)</a> daemon at system boot time.</dd> - <dt id="cron_program"><var class="Va">cron_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">cron(8)</a> (default - <span class="Pa">/usr/sbin/cron</span>).</dd> - <dt id="cron_flags"><var class="Va">cron_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">cron_enable</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to <a class="Xr">cron(8)</a>.</dd> - <dt id="cron_dst"><var class="Va">cron_dst</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable the special handling - of transitions to and from the Daylight Saving Time in - <a class="Xr">cron(8)</a> (equivalent to using the flag - <code class="Fl">-s</code>).</dd> - <dt id="lpd_program"><var class="Va">lpd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">lpd(8)</a> (default - <span class="Pa">/usr/sbin/lpd</span>).</dd> - <dt id="lpd_enable"><var class="Va">lpd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">lpd(8)</a> daemon at system boot time.</dd> - <dt id="lpd_flags"><var class="Va">lpd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">lpd_enable</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">lpd(8)</a> daemon.</dd> - <dt id="chkprintcap_enable"><var class="Va">chkprintcap_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">chkprintcap(8)</a> command before starting the - <a class="Xr">lpd(8)</a> daemon.</dd> - <dt id="chkprintcap_flags"><var class="Va">chkprintcap_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">lpd_enable</var> and - <var class="Va">chkprintcap_enable</var> are set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">chkprintcap(8)</a> program. The default is - “<code class="Li">-d</code>”, which causes missing - directories to be created.</dd> - <dt id="dumpdev"><var class="Va">dumpdev</var></dt> - <dd>(<var class="Vt">str</var>) Indicates the device (usually a swap - partition) to which a crash dump should be written in the event of a - system crash. If the value of this variable is - “<code class="Li">AUTO</code>”, the first suitable swap - device listed in <span class="Pa">/etc/fstab</span> will be used as dump - device. Otherwise, the value of this variable is passed as the argument to - <a class="Xr">dumpon(8)</a> and <a class="Xr">savecore(8)</a>. To disable - crash dumps, set this variable to - “<code class="Li">NO</code>”.</dd> - <dt id="dumpon_flags"><var class="Va">dumpon_flags</var></dt> - <dd>(<var class="Vt">str</var>) Flags to pass to <a class="Xr">dumpon(8)</a> - when configuring <var class="Va">dumpdev</var> as the system dump - device.</dd> - <dt id="dumpdir"><var class="Va">dumpdir</var></dt> - <dd>(<var class="Vt">str</var>) When the system reboots after a crash and a - crash dump is found on the device specified by the - <var class="Va">dumpdev</var> variable, <a class="Xr">savecore(8)</a> will - save that crash dump and a copy of the kernel to the directory specified - by the <var class="Va">dumpdir</var> variable. The default value is - <span class="Pa">/var/crash</span>. Set to - “<code class="Li">NO</code>” to not run - <a class="Xr">savecore(8)</a> at boot time when - <var class="Va">dumpdir</var> is set.</dd> - <dt id="savecore_enable"><var class="Va">savecore_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">NO</code>”, disable automatic extraction - of the crash dump from the <var class="Va">dumpdev</var>.</dd> - <dt id="savecore_flags"><var class="Va">savecore_flags</var></dt> - <dd>(<var class="Vt">str</var>) If crash dumps are enabled, these are the - flags to pass to the <a class="Xr">savecore(8)</a> utility.</dd> - <dt id="quota_enable"><var class="Va">quota_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to turn on user and group disk - quotas on system startup via the <a class="Xr">quotaon(8)</a> command for - all file systems marked as having quotas enabled in - <span class="Pa">/etc/fstab</span>. The kernel must be built with - <code class="Cd">options QUOTA</code> for disk quotas to function.</dd> - <dt id="check_quotas"><var class="Va">check_quotas</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to enable user and group disk - quota checking via the <a class="Xr">quotacheck(8)</a> command.</dd> - <dt id="quotacheck_flags"><var class="Va">quotacheck_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">quota_enable</var> is set - to “<code class="Li">YES</code>”, and - <var class="Va">check_quotas</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">quotacheck(8)</a> utility. The default is - “<code class="Li">-a</code>”, which checks quotas for all - file systems with quotas enabled in - <span class="Pa">/etc/fstab</span>.</dd> - <dt id="quotaon_flags"><var class="Va">quotaon_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">quota_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">quotaon(8)</a> utility. The default is - “<code class="Li">-a</code>”, which enables quotas for all - file systems with quotas enabled in - <span class="Pa">/etc/fstab</span>.</dd> - <dt id="quotaoff_flags"><var class="Va">quotaoff_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">quota_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">quotaoff(8)</a> utility when shutting down the - quota system. The default is “<code class="Li">-a</code>”, - which disables quotas for all file systems with quotas enabled in - <span class="Pa">/etc/fstab</span>.</dd> - <dt id="accounting_enable"><var class="Va">accounting_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to enable system accounting - through the <a class="Xr">accton(8)</a> facility.</dd> - <dt id="firstboot_sentinel"><var class="Va">firstboot_sentinel</var></dt> - <dd>(<var class="Vt">str</var>) This variable specifies the full path to a - “first boot” sentinel file. If a file exists with this path, - <span class="Pa">rc.d</span> scripts with the “firstboot” - keyword will be run on startup and the sentinel file will be deleted after - the boot process completes. The sentinel file must be located on a - writable file system which is mounted no later than - <var class="Va">early_late_divider</var> to function properly. The default - is <span class="Pa">/firstboot</span>.</dd> - <dt id="linux_enable"><var class="Va">linux_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to enable Linux/ELF binary - emulation at system initial boot time.</dd> - <dt id="sysvipc_enable"><var class="Va">sysvipc_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, load System V IPC primitives - at boot time.</dd> - <dt id="clear_tmp_enable"><var class="Va">clear_tmp_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to have - <span class="Pa">/tmp</span> cleaned at startup.</dd> - <dt id="clear_tmp_X"><var class="Va">clear_tmp_X</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” to disable removing of X11 lock - files, and the removal and (secure) recreation of the various socket - directories for X11 related programs.</dd> - <dt id="ldconfig_paths"><var class="Va">ldconfig_paths</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of shared library paths to use - with <a class="Xr">ldconfig(8)</a>. NOTE: <span class="Pa">/lib</span> and - <span class="Pa">/usr/lib</span> will always be added first, so they need - not appear in this list.</dd> - <dt id="ldconfig32_paths"><var class="Va">ldconfig32_paths</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of 32-bit compatibility shared - library paths to use with <a class="Xr">ldconfig(8)</a>.</dd> - <dt id="ldconfig_insecure"><var class="Va">ldconfig_insecure</var></dt> - <dd>(<var class="Vt">bool</var>) The <a class="Xr">ldconfig(8)</a> utility - normally refuses to use directories which are writable by anyone except - root. Set this variable to “<code class="Li">YES</code>” to - disable that security check during system startup.</dd> - <dt id="ldconfig_local_dirs"><var class="Va">ldconfig_local_dirs</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of local - <a class="Xr">ldconfig(8)</a> directories. The names of all files in the - directories listed will be passed as arguments to - <a class="Xr">ldconfig(8)</a>.</dd> - <dt id="ldconfig_local32_dirs"><var class="Va">ldconfig_local32_dirs</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of local 32-bit compatibility - <a class="Xr">ldconfig(8)</a> directories. The names of all files in the - directories listed will be passed as arguments to - “<code class="Nm">ldconfig</code> - <code class="Fl">-32</code>”.</dd> - <dt id="kern_securelevel_enable"><var class="Va">kern_securelevel_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to set the kernel security - level at system startup.</dd> - <dt id="kern_securelevel"><var class="Va">kern_securelevel</var></dt> - <dd>(<var class="Vt">int</var>) The kernel security level to set at startup. - The allowed range of <var class="Ar">value</var> ranges from -1 (the - compile time default) to 3 (the most secure). See - <a class="Xr">security(7)</a> for the list of possible security levels and - their effect on system operation.</dd> - <dt id="sshd_program"><var class="Va">sshd_program</var></dt> - <dd>(<var class="Vt">str</var>) Path to the SSH server program - (<span class="Pa">/usr/sbin/sshd</span> is the default).</dd> - <dt id="sshd_enable"><var class="Va">sshd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to start - <a class="Xr">sshd(8)</a> at system boot time. Note, the - <var class="Va">sshd_oomprotect</var> variable is set to - “<code class="Li">YES</code>” by default in - <span class="Pa">/etc/defaults/rc.conf</span>.</dd> - <dt id="sshd_flags"><var class="Va">sshd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">sshd_enable</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">sshd(8)</a> daemon.</dd> - <dt id="watchdogd_enable"><var class="Va">watchdogd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, start the - <a class="Xr">watchdogd(8)</a> daemon at boot time. This requires that the - kernel have been compiled with a <a class="Xr">watchdog(4)</a> compatible - device.</dd> - <dt id="watchdogd_flags"><var class="Va">watchdogd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">watchdogd_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags - passed to the <a class="Xr">watchdogd(8)</a> daemon.</dd> - <dt id="watchdogd_timeout"><var class="Va">watchdogd_timeout</var></dt> - <dd>(<var class="Vt">int</var>) If <var class="Va">watchdogd_enable</var> is - set to “<code class="Li">YES</code>”, this is a timeout that - will be used by the <a class="Xr">watchdogd(8)</a> daemon. If this option - is set, it overrides <code class="Fl">-t</code> in - <var class="Va">watchdogd_flags</var>.</dd> - <dt id="watchdogd_shutdown_timeout"><var class="Va">watchdogd_shutdown_timeout</var></dt> - <dd>(<var class="Vt">int</var>) If <var class="Va">watchdogd_enable</var> is - set to “<code class="Li">YES</code>”, this is a timeout that - will be set by the <a class="Xr">watchdogd(8)</a> daemon when it exits - during the system shutdown. This timeout will not be set when returning to - the single-user mode or when the watchdogd service is stopped individually - using the <a class="Xr">service(8)</a> command or the rc.d script. Note - that the timeout will be applied if <a class="Xr">watchdogd(8)</a> is - stopped outside of <a class="Xr">rc(8)</a> framework. If this option is - set, it overrides <code class="Fl">-x</code> in - <var class="Va">watchdogd_flags</var>.</dd> - <dt id="devfs_rulesets"><var class="Va">devfs_rulesets</var></dt> - <dd>(<var class="Vt">str</var>) List of files containing sets of rules for - <a class="Xr">devfs(8)</a>.</dd> - <dt id="devfs_system_ruleset"><var class="Va">devfs_system_ruleset</var></dt> - <dd>(<var class="Vt">str</var>) Rule name(s) to apply to the system - <span class="Pa">/dev</span> itself.</dd> - <dt id="devfs_set_rulesets"><var class="Va">devfs_set_rulesets</var></dt> - <dd>(<var class="Vt">str</var>) Pairs of already-mounted - <span class="Pa">dev</span> directories and rulesets that should be - applied to them. For example: /mount/dev=ruleset_name</dd> - <dt id="devfs_load_rulesets"><var class="Va">devfs_load_rulesets</var></dt> - <dd>(<var class="Vt">bool</var>) If set, always load the default rulesets - listed in <var class="Va">devfs_rulesets</var>.</dd> - <dt id="performance_cx_lowest"><var class="Va">performance_cx_lowest</var></dt> - <dd>(<var class="Vt">str</var>) CPU idle state to use while on AC power. The - string “<code class="Li">LOW</code>” indicates that - <a class="Xr">acpi(4)</a> should use the lowest power state available - while “<code class="Li">HIGH</code>” indicates that the - lowest latency state (less power savings) should be used.</dd> - <dt id="performance_cpu_freq"><var class="Va">performance_cpu_freq</var></dt> - <dd>(<var class="Vt">str</var>) CPU clock frequency to use while on AC power. - The string “<code class="Li">LOW</code>” indicates that - <a class="Xr">cpufreq(4)</a> should use the lowest frequency available - while “<code class="Li">HIGH</code>” indicates that the - highest frequency (less power savings) should be used.</dd> - <dt id="economy_cx_lowest"><var class="Va">economy_cx_lowest</var></dt> - <dd>(<var class="Vt">str</var>) CPU idle state to use when off AC power. The - string “<code class="Li">LOW</code>” indicates that - <a class="Xr">acpi(4)</a> should use the lowest power state available - while “<code class="Li">HIGH</code>” indicates that the - lowest latency state (less power savings) should be used.</dd> - <dt id="economy_cpu_freq"><var class="Va">economy_cpu_freq</var></dt> - <dd>(<var class="Vt">str</var>) CPU clock frequency to use when off AC power. - The string “<code class="Li">LOW</code>” indicates that - <a class="Xr">cpufreq(4)</a> should use the lowest frequency available - while “<code class="Li">HIGH</code>” indicates that the - highest frequency (less power savings) should be used.</dd> - <dt id="jail_enable"><var class="Va">jail_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">NO</code>”, any configured jails will not - be started.</dd> - <dt id="jail_conf"><var class="Va">jail_conf</var></dt> - <dd>(<var class="Vt">str</var>) The configuration filename used by - <a class="Xr">jail(8)</a> utility. The default value is - <span class="Pa">/etc/jail.conf</span>. - <span class="Pa">/etc/jail.</span>⟨<var class="Va">jname</var>⟩<span class="Pa">.conf</span> - and - <span class="Pa">/etc/jail.conf.d/</span>⟨<var class="Va">jname</var>⟩<span class="Pa">.conf</span> - will also be used if ⟨<var class="Va">jname</var>⟩ is set in - <var class="Va">jail_list</var>.</dd> - <dt id="jail_parallel_start"><var class="Va">jail_parallel_start</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, all configured jails will be - started in the background (in parallel).</dd> - <dt id="jail_flags"><var class="Va">jail_flags</var></dt> - <dd>(<var class="Vt">str</var>) Unset by default. When set, use as default - value for - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_flags</var> - for every jail in <var class="Va">jail_list</var>.</dd> - <dt id="jail_list"><var class="Va">jail_list</var></dt> - <dd>(<var class="Vt">str</var>) A space-delimited list of jail names. When - left empty, all of the <a class="Xr">jail(8)</a> instances defined in the - configuration file are started. The names specified in this list control - the jail startup order. <a class="Xr">jail(8)</a> instances missing from - <var class="Va">jail_list</var> must be started manually. Note that a - jail's <var class="Va">depend</var> parameter in the configuration file - may override this list.</dd> - <dt id="jail_reverse_stop"><var class="Va">jail_reverse_stop</var></dt> - <dd>(<var class="Vt">bool</var>) When set to - “<code class="Li">YES</code>”, all configured jails in - <var class="Va">jail_list</var> are stopped in reverse order.</dd> - <dt id="jail_"><var class="Va">jail_</var>* variables</dt> - <dd>Note that older releases supported per-jail configuration via - <code class="Nm">rc.conf</code> variables. For example, hostname of a jail - named <code class="Li">vjail</code> was able to be set by - <code class="Li">jail_vjail_hostname</code>. These per-jail configuration - variables are now obsolete in favor of <a class="Xr">jail(8)</a> - configuration file. For backward compatibility, when per-jail - configuration variables are defined, <a class="Xr">jail(8)</a> - configuration files are created as - <span class="Pa">/var/run/jail</span>.⟨<var class="Ar">jname</var>⟩<span class="Pa">.conf</span> - and used. - <p class="Pp">The following per-jail parameters are handled by - <span class="Pa">rc.d/jail</span> script out of their corresponding - <code class="Nm">rc.conf</code> variables. In addition to them, - parameters in - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_parameters</var> - will be added to the configuration file. They must be a semi-colon - (‘<code class="Li">;</code>’) delimited list of - “key=value”. For more details, see - <a class="Xr">jail(8)</a> manual page.</p> - <div class="Bd-indent"> - <dl class="Bl-tag"> - <dt id="path"><a class="permalink" href="#path"><code class="Li">path</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_rootdir</var></dd> - <dt id="host.hostname"><a class="permalink" href="#host.hostname"><code class="Li">host.hostname</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_hostname</var></dd> - <dt id="exec.consolelog"><a class="permalink" href="#exec.consolelog"><code class="Li">exec.consolelog</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_consolelog</var>. - The default value is - <span class="Pa">/var/log/jail_</span>⟨<var class="Ar">jname</var>⟩<span class="Pa">_console.log</span>.</dd> - <dt id="interface"><a class="permalink" href="#interface"><code class="Li">interface</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_interface</var>.</dd> - <dt id="vnet.interface"><a class="permalink" href="#vnet.interface"><code class="Li">vnet.interface</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_vnet_interface</var>. - This implies <code class="Li">vnet</code> parameter will be enabled - and cannot be specified with - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_interface</var>, - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip</var> - and/or - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip_multi</var>⟨<var class="Ar">n</var>⟩ - at the same time.</dd> - <dt id="fstab"><a class="permalink" href="#fstab"><code class="Li">fstab</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_fstab</var></dd> - <dt id="mount"><a class="permalink" href="#mount"><code class="Li">mount</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_procfs_enable</var>.</dd> - <dt id="exec.fib"><a class="permalink" href="#exec.fib"><code class="Li">exec.fib</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_fib</var></dd> - <dt id="exec.start"><a class="permalink" href="#exec.start"><code class="Li">exec.start</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_start</var>. - The parameter name was <code class="Li">command</code> in some older - releases.</dd> - <dt id="exec.prestart"><a class="permalink" href="#exec.prestart"><code class="Li">exec.prestart</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_prestart</var></dd> - <dt id="exec.poststart"><a class="permalink" href="#exec.poststart"><code class="Li">exec.poststart</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_poststart</var></dd> - <dt id="exec.stop"><a class="permalink" href="#exec.stop"><code class="Li">exec.stop</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_stop</var></dd> - <dt id="exec.prestop"><a class="permalink" href="#exec.prestop"><code class="Li">exec.prestop</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_prestop</var></dd> - <dt id="exec.poststop"><a class="permalink" href="#exec.poststop"><code class="Li">exec.poststop</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_poststop</var></dd> - <dt id="ip4.addr"><a class="permalink" href="#ip4.addr"><code class="Li">ip4.addr</code></a></dt> - <dd>set if - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip</var> - or - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip_multi</var>⟨<var class="Ar">n</var>⟩ - contain IPv4 addresses</dd> - <dt id="ip6.addr"><a class="permalink" href="#ip6.addr"><code class="Li">ip6.addr</code></a></dt> - <dd>set if - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip</var> - or - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip_multi</var>⟨<var class="Ar">n</var>⟩ - contain IPv6 addresses</dd> - <dt id="allow.mount"><a class="permalink" href="#allow.mount"><code class="Li">allow.mount</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_mount_enable</var></dd> - <dt id="mount.devfs"><a class="permalink" href="#mount.devfs"><code class="Li">mount.devfs</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_devfs_enable</var></dd> - <dt id="devfs_ruleset"><a class="permalink" href="#devfs_ruleset"><code class="Li">devfs_ruleset</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_devfs_ruleset</var>. - This must be an integer, not a string.</dd> - <dt id="mount.fdescfs"><a class="permalink" href="#mount.fdescfs"><code class="Li">mount.fdescfs</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_fdescfs_enable</var></dd> - <dt id="allow.set_hostname"><a class="permalink" href="#allow.set_hostname"><code class="Li">allow.set_hostname</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_set_hostname_allow</var></dd> - <dt id="allow.rawsocket"><a class="permalink" href="#allow.rawsocket"><code class="Li">allow.rawsocket</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_socket_unixiproute_only</var></dd> - <dt id="allow.sysvipc"><a class="permalink" href="#allow.sysvipc"><code class="Li">allow.sysvipc</code></a></dt> - <dd>set from - <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_sysvipc_allow</var></dd> - </dl> - </div> - </dd> - <dt id="harvest_mask"><var class="Va">harvest_mask</var></dt> - <dd>(<var class="Vt">int</var>) Set to a bit-mask representing the entropy - sources you wish to harvest. Refer to <a class="Xr">random(4)</a> for more - information.</dd> - <dt id="entropy_dir"><var class="Va">entropy_dir</var></dt> - <dd>(<var class="Vt">str</var>) Set to - “<code class="Li">NO</code>” to disable caching entropy via - <a class="Xr">cron(8)</a>. Otherwise set to the directory in which the - entropy files are stored. To be useful, there must be a system cron job - that regularly writes and rotates files here. All files found will be used - at boot time. The default is <span class="Pa">/var/db/entropy</span>.</dd> - <dt id="entropy_file"><var class="Va">entropy_file</var></dt> - <dd>(<var class="Vt">str</var>) Set to - “<code class="Li">NO</code>” to disable caching entropy - through reboots. Otherwise set to the name of a file used to store cached - entropy. This file should be located on a file system that is readable - before all the volumes specified in <a class="Xr">fstab(5)</a> are - mounted. By default, <span class="Pa">/entropy</span> is used, but if - <span class="Pa">/var/db/entropy-file</span> is found it will also be - used. This will be of some use to <a class="Xr">bsdinstall(8)</a>.</dd> - <dt id="entropy_boot_file"><var class="Va">entropy_boot_file</var></dt> - <dd>(<var class="Vt">str</var>) Set to - “<code class="Li">NO</code>” to disable very early caching - entropy through reboots. Otherwise set to the filename used to read very - early reboot cached entropy. This file should be located where - <a class="Xr">loader(8)</a> can read it. See also - <a class="Xr">loader.conf(5)</a>. The default location is - <span class="Pa">/boot/entropy</span>.</dd> - <dt id="entropy_save_sz"><var class="Va">entropy_save_sz</var></dt> - <dd>(<var class="Vt">int</var>) Size of the entropy cache files saved by - <code class="Nm">save-entropy</code> periodically.</dd> - <dt id="entropy_save_num"><var class="Va">entropy_save_num</var></dt> - <dd>(<var class="Vt">int</var>) Number of entropy cache files to save by - <code class="Nm">save-entropy</code> periodically.</dd> - <dt id="ipsec_enable"><var class="Va">ipsec_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to run - <a class="Xr">setkey(8)</a> on <var class="Va">ipsec_file</var> at boot - time.</dd> - <dt id="ipsec_file"><var class="Va">ipsec_file</var></dt> - <dd>(<var class="Vt">str</var>) Configuration file for - <a class="Xr">setkey(8)</a>.</dd> - <dt id="dmesg_enable"><var class="Va">dmesg_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to save - <a class="Xr">dmesg(8)</a> to <span class="Pa">/var/run/dmesg.boot</span> - on boot.</dd> - <dt id="rcshutdown_timeout"><var class="Va">rcshutdown_timeout</var></dt> - <dd>(<var class="Vt">int</var>) If set, start a watchdog timer in the - background which will terminate <span class="Pa">rc.shutdown</span> if - <a class="Xr">shutdown(8)</a> has not completed within the specified time - (in seconds). Notice that in addition to this soft timeout, - <a class="Xr">init(8)</a> also applies a hard timeout for the execution of - <span class="Pa">rc.shutdown</span>. This is configured via - <a class="Xr">sysctl(8)</a> variable - <var class="Va">kern.init_shutdown_timeout</var> and defaults to 120 - seconds. Setting the value of <var class="Va">rcshutdown_timeout</var> to - more than 120 seconds will have no effect until the - <a class="Xr">sysctl(8)</a> variable - <var class="Va">kern.init_shutdown_timeout</var> is also increased.</dd> - <dt id="virecover_enable"><var class="Va">virecover_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">NO</code>” to prevent the system from - trying to recover prematurely terminated <a class="Xr">vi(1)</a> - sessions.</dd> - <dt id="ugidfw_enable"><var class="Va">ugidfw_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to load the - <a class="Xr">mac_bsdextended(4)</a> module upon system initialization and - load a default ruleset file.</dd> - <dt id="bsdextended_script"><var class="Va">bsdextended_script</var></dt> - <dd>(<var class="Vt">str</var>) The default - <a class="Xr">mac_bsdextended(4)</a> ruleset file to load. The default - value of this variable is - <span class="Pa">/etc/rc.bsdextended</span>.</dd> - <dt id="newsyslog_enable"><var class="Va">newsyslog_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run - <a class="Xr">newsyslog(8)</a> command at startup.</dd> - <dt id="newsyslog_flags"><var class="Va">newsyslog_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">newsyslog_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">newsyslog(8)</a> program. The default is - “<code class="Li">-CN</code>”, which causes log files - flagged with a <code class="Cm">C</code> to be created.</dd> - <dt id="mdconfig_md"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩</dt> - <dd>(<var class="Vt">str</var>) Arguments to <a class="Xr">mdconfig(8)</a> for - <a class="Xr">md(4)</a> device <var class="Ar">X</var>. At minimum a - <code class="Fl">-t</code> <var class="Ar">type</var> must be specified - and either a <code class="Fl">-s</code> <var class="Ar">size</var> for - malloc or swap backed <a class="Xr">md(4)</a> devices or a - <code class="Fl">-f</code> <var class="Ar">file</var> for vnode backed - <a class="Xr">md(4)</a> devices. Note that - <var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩ - variables are evaluated until one variable is unset or null.</dd> - <dt id="mdconfig_md~2"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_newfs</var></dt> - <dd>(<var class="Vt">str</var>) Optional arguments passed to - <a class="Xr">newfs(8)</a> to initialize <a class="Xr">md(4)</a> device - <var class="Ar">X</var>.</dd> - <dt id="mdconfig_md~3"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_owner</var></dt> - <dd>(<var class="Vt">str</var>) An ownership specification passed to - <a class="Xr">chown(8)</a> after the specified <a class="Xr">md(4)</a> - device <var class="Ar">X</var> has been mounted. Both the - <a class="Xr">md(4)</a> device and the mount point will be changed.</dd> - <dt id="mdconfig_md~4"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_perms</var></dt> - <dd>(<var class="Vt">str</var>) A mode string passed to - <a class="Xr">chmod(1)</a> after the specified <a class="Xr">md(4)</a> - device <var class="Ar">X</var> has been mounted. Both the - <a class="Xr">md(4)</a> device and the mount point will be changed.</dd> - <dt id="mdconfig_md~5"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_files</var></dt> - <dd>(<var class="Vt">str</var>) Files to be copied to the mount point of the - <a class="Xr">md(4)</a> device <var class="Ar">X</var> after it has been - mounted.</dd> - <dt id="mdconfig_md~6"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_cmd</var></dt> - <dd>(<var class="Vt">str</var>) Command to execute after the specified - <a class="Xr">md(4)</a> device <var class="Ar">X</var> has been mounted. - Note that the command is passed to <code class="Ic">eval</code> and that - both <var class="Va">_dev</var> and <var class="Va">_mp</var> variables - can be used to reference respectively the <a class="Xr">md(4)</a> device - and the mount point. Assuming that the <a class="Xr">md(4)</a> device is - <code class="Li">md0</code>, one could set the following: - <div class="Bd Pp Li"> - <pre>mdconfig_md0_cmd="tar xfzC /var/file.tgz \${_mp}"</pre> - </div> - </dd> - <dt id="autobridge_interfaces"><var class="Va">autobridge_interfaces</var></dt> - <dd>(<var class="Vt">str</var>) Set to the list of bridge interfaces that will - have newly arriving interfaces checked against to be automatically added. - If not set to “<code class="Li">NO</code>” then for each - whitespace separated <var class="Ar">element</var> in the value, a - <var class="Va">autobridge_</var>⟨<var class="Ar">element</var>⟩ - variable is assumed to exist which has a whitespace separated list of - interface names to match, these names can use wildcards. For example: - <div class="Bd Pp Li"> - <pre>autobridge_interfaces="bridge0" -autobridge_bridge0="tap* dc0 vlan[345]"</pre> - </div> - </dd> - <dt id="mixer_enable"><var class="Va">mixer_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable support for sound - mixer.</dd> - <dt id="hcsecd_enable"><var class="Va">hcsecd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable Bluetooth security - daemon.</dd> - <dt id="hcsecd_config"><var class="Va">hcsecd_config</var></dt> - <dd>(<var class="Vt">str</var>) Configuration file for - <a class="Xr">hcsecd(8)</a>. Default - <span class="Pa">/etc/bluetooth/hcsecd.conf</span>.</dd> - <dt id="sdpd_enable"><var class="Va">sdpd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable Bluetooth Service - Discovery Protocol daemon.</dd> - <dt id="sdpd_control"><var class="Va">sdpd_control</var></dt> - <dd>(<var class="Vt">str</var>) Path to <a class="Xr">sdpd(8)</a> control - socket. Default <span class="Pa">/var/run/sdp</span>.</dd> - <dt id="sdpd_groupname"><var class="Va">sdpd_groupname</var></dt> - <dd>(<var class="Vt">str</var>) Sets <a class="Xr">sdpd(8)</a> group to run as - after it initializes. Default - “<code class="Li">nobody</code>”.</dd> - <dt id="sdpd_username"><var class="Va">sdpd_username</var></dt> - <dd>(<var class="Vt">str</var>) Sets <a class="Xr">sdpd(8)</a> user to run as - after it initializes. Default - “<code class="Li">nobody</code>”.</dd> - <dt id="bthidd_enable"><var class="Va">bthidd_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable Bluetooth Human - Interface Device daemon.</dd> - <dt id="bthidd_config"><var class="Va">bthidd_config</var></dt> - <dd>(<var class="Vt">str</var>) Configuration file for - <a class="Xr">bthidd(8)</a>. Default - <span class="Pa">/etc/bluetooth/bthidd.conf</span>.</dd> - <dt id="bthidd_hids"><var class="Va">bthidd_hids</var></dt> - <dd>(<var class="Vt">str</var>) Path to a file, where - <a class="Xr">bthidd(8)</a> will store information about known HID - devices. Default <span class="Pa">/var/db/bthidd.hids</span>.</dd> - <dt id="rfcomm_pppd_server_enable"><var class="Va">rfcomm_pppd_server_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable Bluetooth RFCOMM PPP - wrapper daemon.</dd> - <dt id="rfcomm_pppd_server_profile"><var class="Va">rfcomm_pppd_server_profile</var></dt> - <dd>(<var class="Vt">str</var>) The name of the profile to use from - <span class="Pa">/etc/ppp/ppp.conf</span>. Multiple profiles can be - specified here. Also used to specify per-profile overrides. When the - profile name contains any of the characters - “<code class="Li">.-/+</code>” they are translated to - “<code class="Li">_</code>” for the proposes of the override - variable names.</dd> - <dt id="rfcomm_pppd_server_"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_bdaddr</dt> - <dd>(<var class="Vt">str</var>) Overrides local address to listen on. By - default <a class="Xr">rfcomm_pppd(8)</a> will listen on - “<code class="Li">ANY</code>” address. The address can be - specified as BD_ADDR or name.</dd> - <dt id="rfcomm_pppd_server_~2"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_channel</dt> - <dd>(<var class="Vt">str</var>) Overrides local RFCOMM channel to listen on. - By default <a class="Xr">rfcomm_pppd(8)</a> will listen on RFCOMM channel - 1. Must set properly if multiple profiles used in the same time.</dd> - <dt id="rfcomm_pppd_server_~3"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_register_sp</dt> - <dd>(<var class="Vt">bool</var>) Tells <a class="Xr">rfcomm_pppd(8)</a> if it - should register Serial Port service on the specified RFCOMM channel. - Default “<code class="Li">NO</code>”.</dd> - <dt id="rfcomm_pppd_server_~4"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_register_dun</dt> - <dd>(<var class="Vt">bool</var>) Tells <a class="Xr">rfcomm_pppd(8)</a> if it - should register Dial-Up Networking service on the specified RFCOMM - channel. Default “<code class="Li">NO</code>”.</dd> - <dt id="ubthidhci_enable"><var class="Va">ubthidhci_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, change the USB Bluetooth - controller from HID mode to HCI mode. You also need to specify the - location of USB Bluetooth controller with the - <var class="Va">ubthidhci_busnum</var> and - <var class="Va">ubthidhci_addr</var> variables.</dd> - <dt id="ubthidhci_busnum"><var class="Va">ubthidhci_busnum</var></dt> - <dd>Bus number where the USB Bluetooth controller is located. Check the output - of <a class="Xr">usbconfig(8)</a> on your system to find this - information.</dd> - <dt id="ubthidhci_addr"><var class="Va">ubthidhci_addr</var></dt> - <dd>Bus address of the USB Bluetooth controller. Check the output of - <a class="Xr">usbconfig(8)</a> on your system to find this - information.</dd> - <dt id="utx_enable"><var class="Va">utx_enable</var></dt> - <dd>(<var class="Vt">bool</var>) Set to - “<code class="Li">YES</code>” to enable user accounting - through the <a class="Xr">utx(8)</a> facility.</dd> - <dt id="netwait_enable"><var class="Va">netwait_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, delays the start of - network-reliant services until <var class="Va">netwait_if</var> is up, - duplicate address discovery (DAD) has completed, and ICMP packets to a - destination defined in <var class="Va">netwait_ip</var> are flowing. Link - state is examined first, followed by DAD, then - “<code class="Li">pinging</code>” an IP address to verify - network usability. If no destination can be reached or timeouts are - exceeded, network services are started anyway with no guarantee that the - network is usable.</dd> - <dt id="netwait_ip"><var class="Va">netwait_ip</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. This variable contains a - space-delimited list of IP addresses to <a class="Xr">ping(8)</a>. DNS - hostnames should not be used as resolution is not guaranteed to be - functional at this point. If multiple IP addresses are specified, each - will be tried until one is successful or the list is exhausted.</dd> - <dt id="netwait_timeout"><var class="Va">netwait_timeout</var></dt> - <dd>(<var class="Vt">int</var>) Indicates the total number of seconds to - perform a “<code class="Li">ping</code>” against each IP - address in <var class="Va">netwait_ip</var>, at a rate of one ping per - second. If any of the pings are successful, full network connectivity is - considered reliable. The default is 60.</dd> - <dt id="netwait_if"><var class="Va">netwait_if</var></dt> - <dd>(<var class="Vt">str</var>) Empty by default. Defines the name of the - network interface on which watch for link. <a class="Xr">ifconfig(8)</a> - is used to monitor the interface, looking for - “<code class="Li">status: no carrier</code>”. Once gone, the - link is considered up. This can be a <a class="Xr">vlan(4)</a> interface - if desired.</dd> - <dt id="netwait_if_timeout"><var class="Va">netwait_if_timeout</var></dt> - <dd>(<var class="Vt">int</var>) Defines the total number of seconds to wait - for link to become usable, polled at a 1-second interval. The default is - 30.</dd> - <dt id="netwait_dad"><var class="Va">netwait_dad</var></dt> - <dd>(<var class="Vt">str</var>) Set to - “<code class="Li">NO</code>” by default. Set to - “<code class="Li">YES</code>” to enable waiting for DAD to - complete.</dd> - <dt id="netwait_dad_timeout"><var class="Va">netwait_dad_timeout</var></dt> - <dd>(<var class="Vt">int</var>) Unset by default. Indicates the maximum number - of seconds to wait for DAD to complete. If zero or unset, the timeout will - be one more than the value of the - <var class="Va">net.inet6.ip6.dad_count</var> sysctl variable.</dd> - <dt id="rctl_enable"><var class="Va">rctl_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, load - <a class="Xr">rctl(8)</a> rules from the defined ruleset. The kernel must - be built with <code class="Cd">options RACCT</code> and - <code class="Cd">options RCTL</code>.</dd> - <dt id="rctl_rules"><var class="Va">rctl_rules</var></dt> - <dd>(<var class="Vt">str</var>) Set to <span class="Pa">/etc/rctl.conf</span> - by default. This variables contains the <a class="Xr">rctl.conf(5)</a> - ruleset to load for <a class="Xr">rctl(8)</a>.</dd> - <dt id="iovctl_files"><var class="Va">iovctl_files</var></dt> - <dd>(<var class="Vt">str</var>) A space-separated list of configuration files - used by <a class="Xr">iovctl(8)</a>. The default value is an empty - string.</dd> - <dt id="autofs_enable"><var class="Va">autofs_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, start the - <a class="Xr">automount(8)</a> utility and the - <a class="Xr">automountd(8)</a> and <a class="Xr">autounmountd(8)</a> - daemons at boot time.</dd> - <dt id="automount_flags"><var class="Va">automount_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">autofs_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">automount(8)</a> program. By default no flags - are passed.</dd> - <dt id="automountd_flags"><var class="Va">automountd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">autofs_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">automountd(8)</a> daemon. By default no flags - are passed.</dd> - <dt id="autounmountd_flags"><var class="Va">autounmountd_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">autofs_enable</var> is set - to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">autounmountd(8)</a> daemon. By default no flags - are passed.</dd> - <dt id="ctld_enable"><var class="Va">ctld_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, start the - <a class="Xr">ctld(8)</a> daemon at boot time.</dd> - <dt id="iscsid_enable"><var class="Va">iscsid_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, start the - <a class="Xr">iscsid(8)</a> daemon at boot time.</dd> - <dt id="iscsictl_enable"><var class="Va">iscsictl_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, start the - <a class="Xr">iscsictl(8)</a> utility at boot time.</dd> - <dt id="iscsictl_flags"><var class="Va">iscsictl_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">iscsictl_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">iscsictl(8)</a> program. The default is - “<code class="Li">-Aa</code>”, which configures sessions - based on the <span class="Pa">/etc/iscsi.conf</span> configuration - file.</dd> - <dt id="cfumass_enable"><var class="Va">cfumass_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, create and export an USB LUN - using <a class="Xr">cfumass(4)</a> at boot time.</dd> - <dt id="cfumass_dir"><var class="Va">cfumass_dir</var></dt> - <dd>(<var class="Vt">str</var>) The directory where the files exported by USB - LUN are located. The default directory is - <span class="Pa">/var/cfumass</span>.</dd> - <dt id="service_delete_empty"><var class="Va">service_delete_empty</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, - ‘<code class="Li"><code class="Li">service - delete</code></code>’ removes empty - “<code class="Li">rc.conf.d</code>” files.</dd> - <dt id="zfs_bootonce_activate"><var class="Va">zfs_bootonce_activate</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, and a boot environment marked - bootonce is successfully booted, it will be made permanently active.</dd> - <dt id="zfskeys_enable"><var class="Va">zfskeys_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, enable auto-loading of - encryption keys for encrypted ZFS datasets. For every dataset the script - will first load the appropriate encryption key and then attempt to unlock - the dataset. - <p class="Pp">The script operates only on datasets which are encrypted with - ZFS native encryption and have a ZFS - “<code class="Li">keylocation</code>” dataset property - beginning with “<code class="Li">file://</code>”.</p> - </dd> - <dt id="zfskeys_datasets"><var class="Va">zfskeys_datasets</var></dt> - <dd>(<var class="Vt">str</var>) A whitespace-separated list of ZFS datasets to - unlock. The list is empty by default, which means that the script will - attempt to unlock all datasets.</dd> - <dt id="zfskeys_timeout"><var class="Va">zfskeys_timeout</var></dt> - <dd>(<var class="Vt">int</var>) Define the total number of seconds to wait for - the zfskeys script to unlock an encrypted dataset. The default is 10.</dd> - <dt id="sendmail_enable"><var class="Va">sendmail_enable</var></dt> - <dd>(<var class="Vt">str</var>) If set to - “<code class="Li">YES</code>”, run the - <a class="Xr">sendmail(8)</a> daemon at system boot time. If set to - “<code class="Li">NO</code>”, do not run a - <a class="Xr">sendmail(8)</a> daemon to listen for incoming network mail. - This does not preclude a <a class="Xr">sendmail(8)</a> daemon listening on - the SMTP port of the loopback interface. The - “<code class="Li">NONE</code>” option sets each - <var class="Va">sendmail_enable</var>, - <var class="Va">sendmail_submit_enable</var>, - <var class="Va">sendmail_outbound_enable</var>, - <var class="Va">sendmail_msp_queue_enable</var> to - “<code class="Li">NO</code>”.</dd> - <dt id="sendmail_cert_create"><var class="Va">sendmail_cert_create</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is - set to “<code class="Li">YES</code>”, create a signed - certificate <span class="Pa">/etc/mail/certs/host.cert</span> representing - <span class="Pa">/etc/mail/certs/host.key</span> by the CA certificate in - <span class="Pa">/etc/mail/certs/cacert.pem</span>. This will enable - connecting hosts to negotiate STARTTLS allowing incoming email to be - encrypted in transit. <a class="Xr">sendmail(8)</a> needs to be configured - to use these generated files. The default configuration in - <span class="Pa">/etc/mail/freebsd.mc</span> has the required options in - it.</dd> - <dt id="sendmail_cert_cn"><var class="Va">sendmail_cert_cn</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is - set to “<code class="Li">YES</code>” and - <var class="Va">sendmail_cert_create</var> is set to - “<code class="Li">YES</code>”, this is the Common Name (CN) - of the certificate that will be created. If - <var class="Va">sendmail_cert_cn</var> is not set, the system's hostname - will be used. If there is no hostname set, - “<code class="Li">amnesiac</code>” will be used.</dd> - <dt id="sendmail_flags"><var class="Va">sendmail_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is - set to “<code class="Li">YES</code>”, these are the flags to - pass to the <a class="Xr">sendmail(8)</a> daemon.</dd> - <dt id="sendmail_submit_enable"><var class="Va">sendmail_submit_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>” and - <var class="Va">sendmail_enable</var> is set to - “<code class="Li">NO</code>”, run - <a class="Xr">sendmail(8)</a> using - <var class="Va">sendmail_submit_flags</var> instead of - <var class="Va">sendmail_flags</var>. This is intended to allow local mail - submission via a localhost-only listening SMTP service required for - running <a class="Xr">sendmail(8)</a> as a non-set-user-ID binary. Note - that this does not work inside <a class="Xr">jail(2)</a> systems, as jails - do not allow binding to just the localhost interface.</dd> - <dt id="sendmail_submit_flags"><var class="Va">sendmail_submit_flags</var></dt> - <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is - set to “<code class="Li">NO</code>” and - <var class="Va">sendmail_submit_enable</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">sendmail(8)</a> daemon.</dd> - <dt id="sendmail_outbound_enable"><var class="Va">sendmail_outbound_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>” and both - <var class="Va">sendmail_enable</var> and - <var class="Va">sendmail_submit_enable</var> are set to - “<code class="Li">NO</code>”, run - <a class="Xr">sendmail(8)</a> using - <var class="Va">sendmail_outbound_flags</var> instead of - <var class="Va">sendmail_flags</var>. This is intended to allow local mail - queue management for systems that do not offer a listening SMTP - service.</dd> - <dt id="sendmail_outbound_flags"><var class="Va">sendmail_outbound_flags</var></dt> - <dd>(<var class="Vt">str</var>) If both <var class="Va">sendmail_enable</var> - and <var class="Va">sendmail_submit_enable</var> are set to - “<code class="Li">NO</code>” and - <var class="Va">sendmail_outbound_enable</var> is set to - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">sendmail(8)</a> daemon.</dd> - <dt id="sendmail_msp_queue_enable"><var class="Va">sendmail_msp_queue_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, start a client (MSP) queue - runner <a class="Xr">sendmail(8)</a> daemon at system boot time. As of - sendmail 8.12, a separate queue is used for command line submissions. The - client queue runner ensures that nothing is left behind in the submission - queue.</dd> - <dt id="sendmail_msp_queue_flags"><var class="Va">sendmail_msp_queue_flags</var></dt> - <dd>(<var class="Vt">str</var>) If - <var class="Va">sendmail_msp_queue_enable</var> is set to daemon. - “<code class="Li">YES</code>”, these are the flags to pass - to the <a class="Xr">sendmail(8)</a></dd> - <dt id="precious_machine"><var class="Va">precious_machine</var></dt> - <dd>If set to “<code class="Li">YES</code>”, some destructive - actions require removal of the action-specific safe-belts before being - allowed. For instance, the file - <span class="Pa">/var/run/noshutdown</span> is created to prevent - <a class="Xr">shutdown(8)</a> targeted at the wrong machine.</dd> - <dt id="virtual_oss_enable"><var class="Va">virtual_oss_enable</var></dt> - <dd>(<var class="Vt">bool</var>) If set to - “<code class="Li">YES</code>”, run one - <a class="Xr">virtual_oss(8)</a> instance for each configuration defined - in <span class="Pa">virtual_oss_configs</span>.</dd> - <dt id="virtual_oss_configs"><var class="Va">virtual_oss_configs</var></dt> - <dd>(<var class="Vt">str</var>) Space-separated list of - <a class="Xr">virtual_oss(8)</a> configurations. For example: - <div class="Bd Pp Li"> - <pre>virtual_oss_configs="foo bar"</pre> - </div> - <p class="Pp">Configurations need to be defined in - <span class="Pa">virtual_oss_</span>⟨<var class="Ar">config_name</var>⟩. - By default, there is a <span class="Pa">dsp</span> configuration which - replaces the <span class="Pa">/dev/dsp</span> device created by - <a class="Xr">sound(4)</a> with a <a class="Xr">virtual_oss(8)</a> one. - It can be redefined by setting the - <span class="Pa">virtual_oss_dsp</span> variable.</p> - </dd> - <dt id="virtual_oss_"><var class="Va">virtual_oss_</var>⟨<var class="Ar">config_name</var>⟩</dt> - <dd>(<var class="Vt">str</var>) <a class="Xr">virtual_oss(8)</a> argument list - for configuration ⟨<var class="Ar">config_name</var>⟩.</dd> - <dt id="virtual_oss_default_control_device"><var class="Va">virtual_oss_default_control_device</var></dt> - <dd>(<var class="Vt">str</var>) The <a class="Xr">virtual_oss(8)</a> control - device's name corresponding to the default configuration, - <span class="Pa">virtual_oss_dsp</span>. This is set by default to - <span class="Pa">vdsp.ctl</span>. When - <span class="Pa">virtual_oss_dsp</span> is set, it is strongly encouraged - to set this variable as well, and use it as the <code class="Fl">-t</code> - option's argument in <span class="Pa">virtual_oss_dsp</span>, because it - is used by other programs and scripts, such as - <span class="Pa">/etc/devd/snd.conf</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SERVICE_JAILS"><a class="permalink" href="#SERVICE_JAILS">SERVICE - JAILS</a></h1> -<p class="Pp">The service jails part of the rc system automatically puts a - service into a jail. This jail inherits the filesystem and various other - parts of the parent (if you allow child-jails in your jails, service jails - can be used in jails) depending on the content of the - ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var> - variable. Typically this variable is set inside rc scripts, but it can be - overridden in the rc config. Valid options for - ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var> - are:</p> -<dl class="Bl-tag"> - <dt>mlock</dt> - <dd>Allows to lock memory pages into the physical memory.</dd> - <dt>netv4</dt> - <dd>Allows IPv4 network access and the ability to bind to reserved ports. If - ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_ipaddrs</var> - is set, only the IPv4 addresses listed there will be visible to the jail, - otherwise all assigned IPv4 addresses will be visible. This can not be - combined with <span class="Pa">netv6</span>.</dd> - <dt>netv6</dt> - <dd>Allows IPv6 network access and the ability to bind to reserved ports. If - ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_ipaddrs</var> - is set, only the IPv6 addresses listed there will be visible to the jail, - otherwise all assigned IPv6 addresses will be visible. This can not be - combined with <span class="Pa">netv4</span>.</dd> - <dt>net_basic</dt> - <dd>Equivalent to enabling both <span class="Pa">netv6</span> and - <span class="Pa">netv4</span>.</dd> - <dt>net_raw</dt> - <dd>Allow to open raw sockets. This option can be combined with - <span class="Pa">netv4</span>, <span class="Pa">netv6</span>, - <span class="Pa">net_basic</span>.</dd> - <dt>net_all</dt> - <dd>Allows IPv6 and IPv4 network access as for <span class="Pa">netv4</span> - and <span class="Pa">netv6</span>, allows to open raw sockets, and allows - to open sockets of protocol stacks that have not had jail functionality - added to them.</dd> - <dt>nfsd</dt> - <dd>Allows to run nfsd and affiliated daemons.</dd> - <dt>routing</dt> - <dd>Allows to modify the system routing table.</dd> - <dt>settime</dt> - <dd>Allows to set and slew the system time.</dd> - <dt>sysvipc</dt> - <dd>Inherits the SysV semaphores, SysV shared memory and SysV messages from - the host or the parent jail.</dd> - <dt>sysvipcnew</dt> - <dd>Creates a new namespace for SysV semaphores, SysV shared memory and SysV - messages for this particular service jail.</dd> - <dt>vmm</dt> - <dd>Allows access to <a class="Xr">vmm(4)</a>. This option is only available - when <a class="Xr">vmm(4)</a> is enabled in the kernel.</dd> -</dl> -<p class="Pp">All non-network options can be combined with all other options. - From the SysV options only one option can be specified.</p> -<p class="Pp">If the - ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var> - variable is set to “<code class="Li">YES</code>”, this - particular service is started in a service jail named - <var class="Va">svcj-</var><var class="Ar">name</var>.</p> -<p class="Pp">The <var class="Va">svcj_all_enable</var> variable allows to - enable service jails for all services of the system at once. Services which - have ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var> - set to “<code class="Li">NO</code>” are excluded. Some - services may set - ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var> to - “<code class="Li">NO</code>” in the script to either prevent - service jails for this service at all, or may set it to - “<code class="Li">NO</code>” if it is not set in the rc - config, to exclude it from <var class="Va">svcj_all_enable</var> but allow - to explicitly enable it. The sshd service for example would not see other - jails, if it would run as a service jail. This may or may not be what is - needed, and as such it is excluded from - <var class="Va">svcj_all_enable</var> but can be enabled via setting - <var class="Va">sshd_svcj</var> to - “<code class="Li">YES</code>”.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/defaults/rc.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/etc/defaults/vendor.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/etc/rc.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/etc/rc.conf.local</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/etc/rc.conf.d/</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">chmod(1)</a>, <a class="Xr">cpuset(1)</a>, - <a class="Xr">gdb(1)</a> (<span class="Pa">ports/devel/gdb</span>), - <a class="Xr">kbdcontrol(1)</a>, <a class="Xr">limits(1)</a>, - <a class="Xr">protect(1)</a>, <a class="Xr">sh(1)</a>, - <a class="Xr">umask(1)</a>, <a class="Xr">uuidgen(1)</a>, - <a class="Xr">vi(1)</a>, <a class="Xr">vidcontrol(1)</a>, - <a class="Xr">bridge(4)</a>, <a class="Xr">dummynet(4)</a>, - <a class="Xr">ip(4)</a>, <a class="Xr">ipf(4)</a>, - <a class="Xr">ipfw(4)</a>, <a class="Xr">ipnat(4)</a>, - <a class="Xr">kld(4)</a>, <a class="Xr">pf(4)</a>, - <a class="Xr">pflog(4)</a>, <a class="Xr">pfsync(4)</a>, - <a class="Xr">tcp(4)</a>, <a class="Xr">udp(4)</a>, - <a class="Xr">exports(5)</a>, <a class="Xr">fstab(5)</a>, - <a class="Xr">ipf(5)</a>, <a class="Xr">ipnat(5)</a>, - <a class="Xr">jail.conf(5)</a>, <a class="Xr">loader.conf(5)</a>, - <a class="Xr">login.conf(5)</a>, <a class="Xr">motd(5)</a>, - <a class="Xr">newsyslog.conf(5)</a>, <a class="Xr">pf.conf(5)</a>, - <a class="Xr">firewall(7)</a>, <a class="Xr">growfs(7)</a>, - <a class="Xr">security(7)</a>, <a class="Xr">tuning(7)</a>, - <a class="Xr">accton(8)</a>, <a class="Xr">apm(8)</a>, - <a class="Xr">bsdinstall(8)</a>, <a class="Xr">bthidd(8)</a>, - <a class="Xr">chkprintcap(8)</a>, <a class="Xr">chown(8)</a>, - <a class="Xr">cron(8)</a>, <a class="Xr">devfs(8)</a>, - <a class="Xr">dhclient(8)</a>, <a class="Xr">geli(8)</a>, - <a class="Xr">hcsecd(8)</a>, <a class="Xr">ifconfig(8)</a>, - <a class="Xr">inetd(8)</a>, <a class="Xr">iovctl(8)</a>, - <a class="Xr">ipf(8)</a>, <a class="Xr">ipfw(8)</a>, - <a class="Xr">ipnat(8)</a>, <a class="Xr">jail(8)</a>, - <a class="Xr">kldxref(8)</a>, <a class="Xr">loader(8)</a>, - <a class="Xr">lpd(8)</a>, <a class="Xr">makewhatis(8)</a>, - <a class="Xr">mdconfig(8)</a>, <a class="Xr">mdmfs(8)</a>, - <a class="Xr">mixer(8)</a>, <a class="Xr">mountd(8)</a>, - <a class="Xr">moused(8)</a>, <a class="Xr">newfs(8)</a>, - <a class="Xr">newsyslog(8)</a>, <a class="Xr">nfsd(8)</a>, - <a class="Xr">ntpd(8)</a>, <a class="Xr">ntpdate(8)</a>, - <a class="Xr">pfctl(8)</a>, <a class="Xr">pflogd(8)</a>, - <a class="Xr">ping(8)</a>, <a class="Xr">powerd(8)</a>, - <a class="Xr">quotacheck(8)</a>, <a class="Xr">quotaon(8)</a>, - <a class="Xr">rc(8)</a>, <a class="Xr">rc.subr(8)</a>, - <a class="Xr">rcorder(8)</a>, <a class="Xr">rfcomm_pppd(8)</a>, - <a class="Xr">route(8)</a>, <a class="Xr">route6d(8)</a>, - <a class="Xr">routed(8)</a>, <a class="Xr">rpc.lockd(8)</a>, - <a class="Xr">rpc.statd(8)</a>, <a class="Xr">rpc.tlsclntd(8)</a>, - <a class="Xr">rpc.tlsservd(8)</a>, <a class="Xr">rpcbind(8)</a>, - <a class="Xr">rwhod(8)</a>, <a class="Xr">savecore(8)</a>, - <a class="Xr">sdpd(8)</a>, <a class="Xr">sendmail(8)</a>, - <a class="Xr">service(8)</a>, <a class="Xr">sshd(8)</a>, - <a class="Xr">swapon(8)</a>, <a class="Xr">sysctl(8)</a>, - <a class="Xr">syslogd(8)</a>, <a class="Xr">sysrc(8)</a>, - <a class="Xr">unbound(8)</a>, <a class="Xr">usbconfig(8)</a>, - <a class="Xr">utx(8)</a>, <a class="Xr">virtual_oss(8)</a>, - <a class="Xr">wlandebug(8)</a>, <a class="Xr">yp(8)</a>, - <a class="Xr">ypbind(8)</a>, <a class="Xr">ypserv(8)</a>, - <a class="Xr">ypset(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">rc.conf</code> file appeared in - <span class="Ux">FreeBSD 2.2.2</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Jordan K. Hubbard</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 2, 2026</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/rctl.conf.5 4.html b/static/freebsd/man5/rctl.conf.5 4.html deleted file mode 100644 index 8e70342e..00000000 --- a/static/freebsd/man5/rctl.conf.5 4.html +++ /dev/null @@ -1,59 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">RCTL.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">RCTL.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">rctl.conf</code> — - <span class="Nd">resource limits database defaults</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <span class="Pa">/etc/rctl.conf</span> file is read in when - the system goes into multi-user mode to set default contents of the RCTL - database. The <span class="Pa">/etc/rctl.conf</span> is in the format of the - <a class="Xr">rctl(8)</a> command, i.e.</p> -<div class="Bd Pp Bd-indent Li"> -<pre>subject:subject-id:resource:action=amount/per</pre> -</div> -<p class="Pp">Comments are denoted by a “#” at the beginning of a - line. Comments can also exist at the end of a line, as seen in the - <a class="Sx" href="#EXAMPLES">EXAMPLES</a> section, below.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/rctl.conf</span></dt> - <dd>Initial settings for <a class="Xr">rctl(8)</a>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">To limit the number of processes for users in login class - "testing", use a rule like</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Resource limits for the "testing" class. -loginclass:testing:maxproc:deny=100/user # At most 100 processes per user</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">rctl(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">rctl.conf</code> file appeared in - <span class="Ux">FreeBSD 9.0</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 6, 2023</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/regdomain.5 4.html b/static/freebsd/man5/regdomain.5 4.html deleted file mode 100644 index ba75d887..00000000 --- a/static/freebsd/man5/regdomain.5 4.html +++ /dev/null @@ -1,40 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">REGDOMAIN(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">REGDOMAIN(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">regdomain.xml</code> — - <span class="Nd">802.11 wireless regulatory definitions</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">regdomain.xml</code> file describes - regulations for the operation of IEEE 802.11 wireless radios.</p> -<p class="Pp">This information is used by the <a class="Xr">ifconfig(8)</a> - program to construct regulatory state for download to the system. This file - should be changed only to reflect changes in regulations.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/regdomain.xml</span></dt> - <dd>XML database of 802.11 regulatory constraints</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">wlan(4)</a>, <a class="Xr">ifconfig(8)</a></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 13, 2008</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/remote.5 3.html b/static/freebsd/man5/remote.5 3.html deleted file mode 100644 index 1af768cb..00000000 --- a/static/freebsd/man5/remote.5 3.html +++ /dev/null @@ -1,148 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">REMOTE(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">REMOTE(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">remote</code> — <span class="Nd">remote - host description file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The systems known by <a class="Xr">tip(1)</a> and their attributes - are stored in an ASCII file which is structured somewhat like the - <a class="Xr">termcap(5)</a> file. Each line in the file provides a - description for a single - <a class="permalink" href="#system"><i class="Em" id="system">system</i></a>. - Fields are separated by a colon (``:''). Lines ending in a \ character with - an immediately following newline are continued on the next line.</p> -<p class="Pp">The first entry is the name(s) of the host system. If there is - more than one name for a system, the names are separated by vertical bars. - After the name of the system comes the fields of the description. A field - name followed by an `=' sign indicates a string value. A field name followed - by a `#' sign indicates a numeric value.</p> -<p class="Pp">Entries named ``tip*'' and ``cu*'' are used as default entries by - <a class="Xr">tip(1)</a>, and the <a class="Xr">cu(1)</a> interface to - <code class="Nm">tip</code>, as follows. When <code class="Nm">tip</code> is - invoked with only a phone number, it looks for an entry of the form - ``tip300'', where 300 is the data rate with which the connection is to be - made. When the <code class="Nm">cu</code> interface is used, entries of the - form ``cu300'' are used.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="CAPABILITIES"><a class="permalink" href="#CAPABILITIES">CAPABILITIES</a></h1> -<p class="Pp">Capabilities are either strings (str), numbers (num), or boolean - flags (bool). A string capability is specified by - <i class="Em">capability</i><var class="Ar">=</var><i class="Em">value</i>; - for example, ``dv=/dev/harris''. A numeric capability is specified by - <i class="Em">capability</i><var class="Ar">#</var><i class="Em">value</i>; - for example, ``xa#99''. A boolean capability is specified by simply listing - the capability.</p> -<dl class="Bl-tag"> - <dt id="at"><a class="permalink" href="#at"><code class="Cm">at</code></a></dt> - <dd>(str) Auto call unit type.</dd> - <dt id="br"><a class="permalink" href="#br"><code class="Cm">br</code></a></dt> - <dd>(num) The data rate (bits per second) used for communications on the - serial port. When a modem is used, the data rate used to communicate with - the remote modem may be different than this rate. This is a decimal - number. The default rate is 115200 bits per second.</dd> - <dt id="cm"><a class="permalink" href="#cm"><code class="Cm">cm</code></a></dt> - <dd>(str) An initial connection message to be sent to the remote host. For - example, if a host is reached through a port selector, this might be set - to the appropriate sequence required to switch to the host.</dd> - <dt id="cu"><a class="permalink" href="#cu"><code class="Cm">cu</code></a></dt> - <dd>(str) Call unit if making a phone call. Default is the same as the `dv' - field.</dd> - <dt id="di"><a class="permalink" href="#di"><code class="Cm">di</code></a></dt> - <dd>(str) Disconnect message sent to the host when a disconnect is requested - by the user.</dd> - <dt id="du"><a class="permalink" href="#du"><code class="Cm">du</code></a></dt> - <dd>(bool) This host is on a dial-up line.</dd> - <dt id="dv"><a class="permalink" href="#dv"><code class="Cm">dv</code></a></dt> - <dd>(str) <span class="Ux">UNIX</span> device(s) to open to establish a - connection. If this file refers to a terminal line, - <a class="Xr">tip(1)</a> attempts to perform an exclusive open on the - device to ensure only one user at a time has access to the port.</dd> - <dt id="el"><a class="permalink" href="#el"><code class="Cm">el</code></a></dt> - <dd>(str) Characters marking an end-of-line. The default is - <code class="Dv">NULL</code>. `~' escapes are only recognized by - <code class="Nm">tip</code> after one of the characters in `el', or after - a carriage-return.</dd> - <dt id="fs"><a class="permalink" href="#fs"><code class="Cm">fs</code></a></dt> - <dd>(str) Frame size for transfers. The default frame size is equal to - <code class="Dv">BUFSIZ</code>.</dd> - <dt id="hd"><a class="permalink" href="#hd"><code class="Cm">hd</code></a></dt> - <dd>(bool) The host uses half-duplex communication, local echo should be - performed.</dd> - <dt id="ie"><a class="permalink" href="#ie"><code class="Cm">ie</code></a></dt> - <dd>(str) Input end-of-file marks. The default is - <code class="Dv">NULL</code>.</dd> - <dt id="oe"><a class="permalink" href="#oe"><code class="Cm">oe</code></a></dt> - <dd>(str) Output end-of-file string. The default is - <code class="Dv">NULL</code>. When <code class="Nm">tip</code> is - transferring a file, this string is sent at end-of-file.</dd> - <dt id="pa"><a class="permalink" href="#pa"><code class="Cm">pa</code></a></dt> - <dd>(str) The type of parity to use when sending data to the host. This may be - one of ``even'', ``odd'', ``none'', ``zero'' (always set bit 8 to zero), - ``one'' (always set bit 8 to 1). The default is even parity.</dd> - <dt id="pn"><a class="permalink" href="#pn"><code class="Cm">pn</code></a></dt> - <dd>(str) Telephone number(s) for this host. If the telephone number field - contains an @ sign, <code class="Nm">tip</code> searches the file - <span class="Pa">/etc/phones</span> file for a list of telephone numbers - (see <a class="Xr">phones(5)</a>).</dd> - <dt id="tc"><a class="permalink" href="#tc"><code class="Cm">tc</code></a></dt> - <dd>(str) Indicates that the list of capabilities is continued in the named - description. This is used primarily to share common capability - information.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/remote</span></dt> - <dd>The <code class="Nm">remote</code> host description file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">Here is a short example showing the use of the capability - continuation feature. It defines a 56k modem connection on the first serial - port at 115200 bits per second, no parity using the Hayes command set with - standard line editing and end of file characters. The arpavax entry includes - everything in the UNIX-57600 entry plus the phone number for arpavax (in - this case an @ character so that it is retrieved from the environment).</p> -<div class="Bd Pp Li"> -<pre>UNIX-57600:\ -:dv=/dev/cuau0:el=^D^U^C^S^Q^O@:oe=^D:du:at=hayes:br#115200:pa=none: -arpavax|ax:\ -:pn=\@:tc=UNIX-57600</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">cu(1)</a>, <a class="Xr">tip(1)</a>, - <a class="Xr">phones(5)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">remote</code> file format appeared in - <span class="Ux">4.2BSD</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">The <a class="Xr">tip(1)</a> utility uses its own notion of the - serial ports data rate rather than the system default for a serial port.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 20, 2003</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/resolver.5 3.html b/static/freebsd/man5/resolver.5 3.html deleted file mode 100644 index 3f32c857..00000000 --- a/static/freebsd/man5/resolver.5 3.html +++ /dev/null @@ -1,218 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">RESOLVER(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">RESOLVER(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">resolver</code> — - <span class="Nd">resolver configuration file</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<table class="Nm"> - <tr> - <td><code class="Nm">resolv.conf</code></td> - <td></td> - </tr> -</table> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <a class="Xr">resolver(3)</a> is a set of routines in the C - library which provide access to the Internet Domain Name System. The - resolver configuration file contains information that is read by the - resolver routines the first time they are invoked by a process. The file is - designed to be human readable and contains a list of keywords with values - that provide various types of resolver information.</p> -<p class="Pp">On a normally configured system, setting this file manually should - not be necessary. The only name server(s) to be queried will be on the local - machine or automatically configured using DHCP or a similar mechanism, the - domain name is determined from the host name, and the domain search path is - constructed from the domain name.</p> -<p class="Pp">The different configuration options are:</p> -<dl class="Bl-tag"> - <dt id="nameserver"><a class="permalink" href="#nameserver"><b class="Sy">nameserver</b></a></dt> - <dd>IPv4 or IPv6 address of a name server that the resolver should query. Up - to <code class="Dv">MAXNS</code> (currently 3) name servers may be listed, - one per keyword. If there are multiple servers, the resolver library - queries them in the order listed. If no <b class="Sy">nameserver</b> - entries are present, the default is to use the name server on the local - machine. (The algorithm used is to try a name server, and if the query - times out, try the next, until out of name servers, then repeat trying all - the name servers until a maximum number of retries are made).</dd> - <dt id="domain"><a class="permalink" href="#domain"><b class="Sy">domain</b></a></dt> - <dd>Local domain name. Most queries for names within this domain can use short - names relative to the local domain. If no <b class="Sy">domain</b> entry - is present, the domain is determined from the local host name returned by - <a class="Xr">gethostname(3)</a>; the domain part is taken to be - everything after the first ‘<code class="Li">.</code>’. - Finally, if the host name does not contain a domain part, the root domain - is assumed.</dd> - <dt id="search"><a class="permalink" href="#search"><b class="Sy">search</b></a></dt> - <dd>Search list for host-name lookup. The search list is normally determined - from the local domain name; by default, it contains only the local domain - name. This may be changed by listing the desired domain search path - following the <b class="Sy">search</b> keyword with spaces or tabs - separating the names. Most resolver queries will be attempted using each - component of the search path in turn until a match is found. Note that - this process may be slow and will generate a lot of network traffic if the - servers for the listed domains are not local, and that queries will time - out if no server is available for one of the domains. - <p class="Pp">The search list is currently limited to six domains with a - total of 256 characters.</p> - </dd> - <dt id="sortlist"><a class="permalink" href="#sortlist"><b class="Sy">sortlist</b></a></dt> - <dd>Sortlist allows addresses returned by gethostbyname to be sorted. A - sortlist is specified by IP address netmask pairs. If the netmask is not - specified, it defaults to the historical Class A/B/C netmask of the net; - this usage is deprecated. The IP address and network pairs are separated - by slashes. Up to 10 pairs may be specified. E.g., - <p class="Pp"></p> - <div class="Bd Bd-indent"><code class="Li">sortlist 10.9.1.0/255.255.240.0 - 10.9.0.0/255.255.0.0</code></div> - </dd> - <dt id="options"><a class="permalink" href="#options"><b class="Sy">options</b></a></dt> - <dd>Options allows certain internal resolver variables to be modified. The - syntax is - <p class="Pp"><b>options</b> <i>option</i> <i>...</i></p> - <p class="Pp" id="option">where - <a class="permalink" href="#option"><b class="Sy">option</b></a> is one - of the following:</p> - <dl class="Bl-tag"> - <dt id="debug"><a class="permalink" href="#debug"><b class="Sy">debug</b></a></dt> - <dd>sets <code class="Dv">RES_DEBUG</code> in _res.options.</dd> - <dt id="usevc"><a class="permalink" href="#usevc"><b class="Sy">usevc</b></a></dt> - <dd>sets <code class="Dv">RES_USEVC</code> to use TCP instead of UDP for - queries.</dd> - <dt id="ndots"><a class="permalink" href="#ndots"><b class="Sy">ndots</b></a>:<var class="Ar">n</var></dt> - <dd>sets a threshold for the number of dots which must appear in a name - given to - <a class="permalink" href="#res_query"><code class="Fn" id="res_query">res_query</code></a>() - (see <a class="Xr">resolver(3)</a>) before an - <a class="permalink" href="#initial"><i class="Em" id="initial">initial - absolute query</i></a> will be made. The default for - <a class="permalink" href="#n"><i class="Em" id="n">n</i></a> is - “1”, meaning that if there are any dots in a name, the - name will be tried first as an absolute name before any - <i class="Em">search list</i> elements are appended to it.</dd> - <dt id="timeout"><a class="permalink" href="#timeout"><b class="Sy">timeout</b></a>:<var class="Ar">n</var></dt> - <dd>sets the initial amount of time the resolver will wait for a response - from a remote name server before retrying the query via a different - name server. The resolver may wait longer during subsequent retries of - the current query since an exponential back-off is applied to the - timeout value. Measured in seconds, the default is - <code class="Dv">RES_TIMEOUT</code>, the allowed maximum is - <code class="Dv">RES_MAXRETRANS</code> (see - <code class="In"><<a class="In">resolv.h</a>></code>).</dd> - <dt id="attempts"><a class="permalink" href="#attempts"><b class="Sy">attempts</b></a>:<var class="Ar">n</var></dt> - <dd>sets the number of times the resolver will send a query to each of its - name servers before giving up and returning an error to the calling - application. The default is <code class="Dv">RES_DFLRETRY</code>, the - allowed maximum is <code class="Dv">RES_MAXRETRY</code> (see - <code class="In"><<a class="In">resolv.h</a>></code>).</dd> - <dt id="edns0"><a class="permalink" href="#edns0"><b class="Sy">edns0</b></a></dt> - <dd>Sets <code class="Dv">RES_USE_EDNS0</code>. Attach an OPT pseudo-RR - for the EDNS0 extension, as specified in RFC 2671. This allows the - resolver to advertise a larger UDP receive buffer size, permitting - responses larger than the original 512-byte limit.</dd> - <dt id="inet6"><a class="permalink" href="#inet6"><b class="Sy">inet6</b></a></dt> - <dd>Sets <code class="Dv">RES_USE_INET6</code>. Causes - <a class="Xr">gethostbyname(3)</a> to look up AAAA records before A - records and to map IPv4 responses into IPv6 addresses. The use of this - option is discouraged.</dd> - <dt id="insecure1"><a class="permalink" href="#insecure1"><b class="Sy">insecure1</b></a></dt> - <dd>Sets <code class="Dv">RES_INSECURE1</code>. Disables the check that - the response was received from the same server to which the query was - sent. Use of this option is a security risk and is not - recommended.</dd> - <dt id="insecure2"><a class="permalink" href="#insecure2"><b class="Sy">insecure2</b></a></dt> - <dd>Sets <code class="Dv">RES_INSECURE2</code>. Disables the check that - the response contains a query matching the one that was sent. Use of - this option is a security risk and is not recommended.</dd> - <dt id="no-check-names"><a class="permalink" href="#no-check-names"><b class="Sy">no-check-names</b></a></dt> - <dd>Sets <code class="Dv">RES_NOCHECKNAME</code>. Disables the check of - incoming host names for invalid characters such as underscore, - non-ASCII, or control characters.</dd> - <dt id="no_tld_query"><a class="permalink" href="#no_tld_query"><b class="Sy">no_tld_query</b></a></dt> - <dd>tells the resolver not to attempt to resolve a top level domain name, - that is, a name that contains no dots. Use of this option does not - prevent the resolver from obeying the standard - <b class="Sy">domain</b> and <b class="Sy">search</b> rules with the - given name.</dd> - <dt id="rotate"><a class="permalink" href="#rotate"><b class="Sy">rotate</b></a></dt> - <dd>Sets <code class="Dv">RES_ROTATE</code>. Causes the resolver to - round-robin among the configured name servers, distributing the query - load instead of always trying the first listed server.</dd> - <dt id="reload-period"><a class="permalink" href="#reload-period"><b class="Sy">reload-period</b></a>:<var class="Ar">n</var></dt> - <dd>The resolver checks the modification time of - <span class="Pa">/etc/resolv.conf</span> every <var class="Ar">n</var> - seconds. If <span class="Pa">/etc/resolv.conf</span> has changed, it - is automatically reloaded. The default for <var class="Ar">n</var> is - two seconds. Setting it to zero disables the file check.</dd> - </dl> - <p class="Pp">Options may also be specified as a space or tab separated list - using the <code class="Dv">RES_OPTIONS</code> environment variable.</p> - </dd> -</dl> -<p class="Pp">The <b class="Sy">domain</b> and <b class="Sy">search</b> keywords - are mutually exclusive. If more than one instance of these keywords is - present, the last instance will override.</p> -<p class="Pp">The keyword and value must appear on a single line, and the - keyword (for example, <b class="Sy">nameserver</b>) must start the line. The - value follows the keyword, separated by white space.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/resolv.conf</span></dt> - <dd>The file <code class="Nm">resolv.conf</code> resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">A basic resolv.conf file could be in the following form.</p> -<div class="Bd Pp Bd-indent Li"> -<pre># The domain directive is only necessary, if your local -# router advertises something like localdomain and you have -# set up your hostnames via an external domain. -domain localdomain.tld - -# In case you a running a local dns server or caching name server -# like local-unbound(8) for example. -nameserver 127.0.0.1 - -# IP address of the local or ISP name service -nameserver 192.168.2.1 - -# Fallback nameservers, in this case these from Google. -nameserver 8.8.8.8 -nameserver 8.8.4.4 - -# Attach an OPT pseudo-RR for the EDNS0 extension, -# as specified in RFC 2671. -options edns0</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">gethostbyname(3)</a>, <a class="Xr">resolver(3)</a>, - <a class="Xr">hostname(7)</a>, <a class="Xr">resolvconf(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">resolv.conf</code> file format appeared in - <span class="Ux">4.3BSD</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">March 15, 2026</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/services.5 3.html b/static/freebsd/man5/services.5 3.html deleted file mode 100644 index 78fb12d9..00000000 --- a/static/freebsd/man5/services.5 3.html +++ /dev/null @@ -1,77 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">SERVICES(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">SERVICES(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">services</code> — - <span class="Nd">internet service name and port number data base</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">services</code> file contains information - regarding the known services available in the Internet. For each service a - single line should be present with the following information:</p> -<div class="Bd Pp Bd-indent"> -<pre>official service name -port number -protocol name -aliases</pre> -</div> -<p class="Pp" id="item">Items are separated by any number of blanks and/or tab - characters. The port number and protocol name are considered a single - <a class="permalink" href="#item"><i class="Em">item</i></a>; a ``/'' is - used to separate the port and protocol (e.g. ``512/tcp''). A ``#'' indicates - the beginning of a comment; subsequent characters up to the end of the line - are not interpreted by the routines which search the file.</p> -<p class="Pp">Service names may contain any printable character other than a - field delimiter, newline, or comment character.</p> -<p class="Pp">If “db” is specified as source in the - <a class="Xr">nsswitch.conf(5)</a>, - <span class="Pa">/var/db/services.db</span> is searched. The database in - <span class="Pa">/var/db/services.db</span> needs to be updated with - <a class="Xr">services_mkdb(8)</a> after changes to the services file have - been applied.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="NIS_INTERACTION"><a class="permalink" href="#NIS_INTERACTION">NIS - INTERACTION</a></h1> -<p class="Pp">Access to the NIS <span class="Pa">services.byname</span> map can - be enabled by adding a single ``+'' on a line by itself in the - <span class="Pa">/etc/services</span> file. This causes the contents of the - NIS services map to be inserted at the location where the ``+'' appears.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/services</span></dt> - <dd>The <code class="Nm">services</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">getservent(3)</a>, - <a class="Xr">nsswitch.conf(5)</a>, <a class="Xr">services_mkdb(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">services</code> file format appeared in - <span class="Ux">4.2BSD</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">A name server should be used instead of a static file.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 29, 2024</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/shells.5 4.html b/static/freebsd/man5/shells.5 4.html deleted file mode 100644 index 414f831d..00000000 --- a/static/freebsd/man5/shells.5 4.html +++ /dev/null @@ -1,47 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">SHELLS(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">SHELLS(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">shells</code> — <span class="Nd">shell - database</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">shells</code> file contains a list of the - shells on the system. For each shell a single line should be present, - consisting of the shell's path, relative to root.</p> -<p class="Pp">A hash mark (``#'') indicates the beginning of a comment; - subsequent characters up to the end of the line are not interpreted by the - routines which search the file. Blank lines are also ignored.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/shells</span></dt> - <dd>The <code class="Nm">shells</code> file resides in - <span class="Pa">/etc</span>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">getusershell(3)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">shells</code> file format appeared in - <span class="Ux">4.3BSD-Tahoe</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 5, 1993</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/src.conf.5 3.html b/static/freebsd/man5/src.conf.5 3.html deleted file mode 100644 index 02e1e0b3..00000000 --- a/static/freebsd/man5/src.conf.5 3.html +++ /dev/null @@ -1,1550 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">SRC.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">SRC.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">src.conf</code> — <span class="Nd">source - build options</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">src.conf</code> file contains variables that - control what components will be generated during the build process of the - <span class="Ux">FreeBSD</span> source tree; see - <a class="Xr">build(7)</a>.</p> -<p class="Pp">The <code class="Nm">src.conf</code> file uses the standard - makefile syntax. However, <code class="Nm">src.conf</code> should not - specify any dependencies to <a class="Xr">make(1)</a>. Instead, - <code class="Nm">src.conf</code> is to set <a class="Xr">make(1)</a> - variables that control the aspects of how the system builds.</p> -<p class="Pp">The default location of <code class="Nm">src.conf</code> is the - top level of the source tree, or <span class="Pa">/etc/src.conf</span> if no - <code class="Nm">src.conf</code> is found in the source tree itself, though - an alternative location can be specified in the <a class="Xr">make(1)</a> - variable <var class="Va">SRCCONF</var>. Overriding the location of - <code class="Nm">src.conf</code> may be necessary if the system-wide - settings are not suitable for a particular build. For instance, setting - <var class="Va">SRCCONF</var> to <span class="Pa">/dev/null</span> - effectively resets all build controls to their defaults.</p> -<p class="Pp">The only purpose of <code class="Nm">src.conf</code> is to control - the compilation of the <span class="Ux">FreeBSD</span> source code, which is - usually located in <span class="Pa">/usr/src</span>. As a rule, the system - administrator creates <code class="Nm">src.conf</code> when the values of - certain control variables need to be changed from their defaults.</p> -<p class="Pp">In addition, control variables can be specified for a particular - build via the <code class="Fl">-D</code> option of <a class="Xr">make(1)</a> - or in its environment; see <a class="Xr">environ(7)</a>.</p> -<p class="Pp">The environment of <a class="Xr">make(1)</a> for the build can be - controlled via the <var class="Va">SRC_ENV_CONF</var> variable, which - defaults to <span class="Pa">/etc/src-env.conf</span>. Some examples that - may only be set in this file are <var class="Va">WITH_DIRDEPS_BUILD</var>, - and <var class="Va">WITH_META_MODE</var>, and - <var class="Va">MAKEOBJDIRPREFIX</var> as they are environment-only - variables.</p> -<p class="Pp">The values of <var class="Va">WITH_</var> and - <var class="Va">WITHOUT_</var> variables are ignored regardless of their - setting; even if they would be set to - “<code class="Li">FALSE</code>” or - “<code class="Li">NO</code>”. The presence of an option causes - it to be honored by <a class="Xr">make(1)</a>.</p> -<p class="Pp">This list provides a name and short description for variables that - can be used for source builds.</p> -<dl class="Bl-tag"> - <dt id="WITHOUT_ACCT"><var class="Va">WITHOUT_ACCT</var></dt> - <dd>Do not build process accounting tools such as <a class="Xr">accton(8)</a> - and <a class="Xr">sa(8)</a>.</dd> - <dt id="WITHOUT_ACPI"><var class="Va">WITHOUT_ACPI</var></dt> - <dd>Do not build <a class="Xr">acpiconf(8)</a>, <a class="Xr">acpidump(8)</a> - and related programs.</dd> - <dt id="WITHOUT_APM"><var class="Va">WITHOUT_APM</var></dt> - <dd>Do not build <a class="Xr">apm(8)</a>, <a class="Xr">apmd(8)</a> and - related programs.</dd> - <dt id="WITH_ASAN"><var class="Va">WITH_ASAN</var></dt> - <dd>Build the base system with Address Sanitizer (ASan) to detect memory - corruption bugs such as buffer overflows or use-after-free. Requires that - Clang be used as the base system compiler and that the runtime support - library is available. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITH_LLVM_BINUTILS"><var class="Va">WITH_LLVM_BINUTILS</var></li> - </ul> - </dd> - <dt id="WITHOUT_ASSERT_DEBUG"><var class="Va">WITHOUT_ASSERT_DEBUG</var></dt> - <dd>Compile programs and libraries without the <a class="Xr">assert(3)</a> - checks.</dd> - <dt id="WITHOUT_AT"><var class="Va">WITHOUT_AT</var></dt> - <dd>Do not build <a class="Xr">at(1)</a> and related utilities.</dd> - <dt id="WITHOUT_AUDIT"><var class="Va">WITHOUT_AUDIT</var></dt> - <dd>Do not build audit support into system programs.</dd> - <dt id="WITHOUT_AUTHPF"><var class="Va">WITHOUT_AUTHPF</var></dt> - <dd>Do not build <a class="Xr">authpf(8)</a>.</dd> - <dt id="WITHOUT_AUTOFS"><var class="Va">WITHOUT_AUTOFS</var></dt> - <dd>Do not build <a class="Xr">autofs(4)</a> related programs, libraries, and - kernel modules.</dd> - <dt id="WITHOUT_AUTO_OBJ"><var class="Va">WITHOUT_AUTO_OBJ</var></dt> - <dd>Disable automatic creation of objdirs. This is enabled by default if the - wanted OBJDIR is writable by the current user. - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITH_BEARSSL"><var class="Va">WITH_BEARSSL</var></dt> - <dd>Build the BearSSL library. - <p class="Pp">BearSSL is a tiny SSL library suitable for embedded - environments. For details see - <a class="Lk" href="https://www.BearSSL.org/">https://www.BearSSL.org/</a></p> - <p class="Pp">This library is currently only used to perform signature - verification and related operations for Verified Exec and - <a class="Xr">loader(8)</a>.</p> - <p class="Pp">Due to size constraints in the BIOS environment on x86, one - may need to set <var class="Va">LOADERSIZE</var> larger than the default - 500000, although often loader is under the 500k limit even with this - option. Setting <var class="Va">LOADERSIZE</var> larger than 500000 may - cause <a class="Xr">pxeboot(8)</a> to be too large to work. Careful - testing of the loader in the target environment when built with a larger - limit to establish safe limits is critical because different BIOS - environments reserve differing amounts of the low 640k space, making a - precise limit for everybody impossible.</p> - <p class="Pp">See also <var class="Va">WITH_LOADER_PXEBOOT</var> for other - considerations. When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITH_LOADER_EFI_SECUREBOOT"><var class="Va">WITH_LOADER_EFI_SECUREBOOT</var></dt> - <dd>(unless <var class="Va">WITHOUT_LOADER_EFI_SECUREBOOT</var> is set - explicitly)</dd> - <dt id="WITH_LOADER_VERIEXEC"><var class="Va">WITH_LOADER_VERIEXEC</var></dt> - <dd>(unless <var class="Va">WITHOUT_LOADER_VERIEXEC</var> is set - explicitly)</dd> - <dt id="WITH_LOADER_VERIEXEC_VECTX"><var class="Va">WITH_LOADER_VERIEXEC_VECTX</var></dt> - <dd>(unless <var class="Va">WITHOUT_LOADER_VERIEXEC_VECTX</var> is set - explicitly)</dd> - <dt id="WITH_VERIEXEC"><var class="Va">WITH_VERIEXEC</var></dt> - <dd>(unless <var class="Va">WITHOUT_VERIEXEC</var> is set explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_BHYVE"><var class="Va">WITHOUT_BHYVE</var></dt> - <dd>Do not build or install <a class="Xr">bhyve(8)</a>, associated utilities, - and examples. - <p class="Pp">This option only affects amd64/amd64 and arm64/aarch64.</p> - </dd> - <dt id="WITH_BHYVE_SNAPSHOT"><var class="Va">WITH_BHYVE_SNAPSHOT</var></dt> - <dd>Include support for save and restore (snapshots) in - <a class="Xr">bhyve(8)</a> and <a class="Xr">bhyvectl(8)</a>. - <p class="Pp">This option only affects amd64/amd64.</p> - </dd> - <dt id="WITH_BIND_NOW"><var class="Va">WITH_BIND_NOW</var></dt> - <dd>Build all binaries with the <code class="Dv">DF_BIND_NOW</code> flag set - to indicate that the run-time loader should perform all relocation - processing at process startup rather than on demand. The combination of - the <var class="Va">BIND_NOW</var> and <var class="Va">RELRO</var> options - provide "full" Relocation Read-Only (RELRO) support. With full - RELRO the entire GOT is made read-only after performing relocation at - startup, avoiding GOT overwrite attacks.</dd> - <dt id="WITHOUT_BLACKLIST"><var class="Va">WITHOUT_BLACKLIST</var></dt> - <dd>This option has been renamed to <var class="Va">WITHOUT_BLOCKLIST</var>. - When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_BLOCKLIST"><var class="Va">WITHOUT_BLOCKLIST</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_BLACKLIST_SUPPORT"><var class="Va">WITHOUT_BLACKLIST_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_BLACKLIST_SUPPORT</var> is set - explicitly)</dd> - <dt id="WITHOUT_BLOCKLIST_SUPPORT"><var class="Va">WITHOUT_BLOCKLIST_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_BLOCKLIST_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_BLACKLIST_SUPPORT~2"><var class="Va">WITHOUT_BLACKLIST_SUPPORT</var></dt> - <dd>This option has been renamed to - <var class="Va">WITHOUT_BLOCKLIST_SUPPORT</var>. When set, it enforces - these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_BLOCKLIST_SUPPORT~2"><var class="Va">WITHOUT_BLOCKLIST_SUPPORT</var></li> - </ul> - </dd> - <dt id="WITHOUT_BLOCKLIST~2"><var class="Va">WITHOUT_BLOCKLIST</var></dt> - <dd>Set this if you do not want to build <a class="Xr">blocklistd(8)</a> and - <a class="Xr">blocklistctl(8)</a>. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_BLACKLIST~2"><var class="Va">WITHOUT_BLACKLIST</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_BLACKLIST_SUPPORT~3"><var class="Va">WITHOUT_BLACKLIST_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_BLACKLIST_SUPPORT</var> is set - explicitly)</dd> - <dt id="WITHOUT_BLOCKLIST_SUPPORT~3"><var class="Va">WITHOUT_BLOCKLIST_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_BLOCKLIST_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_BLOCKLIST_SUPPORT~4"><var class="Va">WITHOUT_BLOCKLIST_SUPPORT</var></dt> - <dd>Build some programs without <a class="Xr">libblocklist(3)</a> support, - like <a class="Xr">fingerd(8)</a> and <a class="Xr">sshd(8)</a>. When set, - it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_BLACKLIST_SUPPORT~4"><var class="Va">WITHOUT_BLACKLIST_SUPPORT</var></li> - </ul> - </dd> - <dt id="WITHOUT_BLUETOOTH"><var class="Va">WITHOUT_BLUETOOTH</var></dt> - <dd>Do not build Bluetooth related kernel modules, programs and - libraries.</dd> - <dt id="WITHOUT_BOOT"><var class="Va">WITHOUT_BOOT</var></dt> - <dd>Do not build the boot blocks and loader.</dd> - <dt id="WITHOUT_BOOTPARAMD"><var class="Va">WITHOUT_BOOTPARAMD</var></dt> - <dd>Do not build or install <a class="Xr">bootparamd(8)</a>.</dd> - <dt id="WITHOUT_BOOTPD"><var class="Va">WITHOUT_BOOTPD</var></dt> - <dd>Do not build or install <a class="Xr">bootpd(8)</a>.</dd> - <dt id="WITH_BRANCH_PROTECTION"><var class="Va">WITH_BRANCH_PROTECTION</var></dt> - <dd>Build with branch protection enabled. On arm64 enable the use of pointer - authentication and branch target identification instructions on arm64. - These can be used to help mitigate some exploit techniques.</dd> - <dt id="WITHOUT_BSDINSTALL"><var class="Va">WITHOUT_BSDINSTALL</var></dt> - <dd>Do not build <a class="Xr">bsdinstall(8)</a>, <a class="Xr">sade(8)</a>, - and related programs.</dd> - <dt id="WITHOUT_BSNMP"><var class="Va">WITHOUT_BSNMP</var></dt> - <dd>Do not build or install <a class="Xr">bsnmpd(1)</a> and related libraries - and data files.</dd> - <dt id="WITHOUT_CALENDAR"><var class="Va">WITHOUT_CALENDAR</var></dt> - <dd>Do not build <a class="Xr">calendar(1)</a>.</dd> - <dt id="WITHOUT_CAROOT"><var class="Va">WITHOUT_CAROOT</var></dt> - <dd>Do not add the trusted certificates from the Mozilla NSS bundle to - base.</dd> - <dt id="WITHOUT_CASPER"><var class="Va">WITHOUT_CASPER</var></dt> - <dd>This option has no effect.</dd> - <dt id="WITH_CCACHE_BUILD"><var class="Va">WITH_CCACHE_BUILD</var></dt> - <dd>Use <a class="Xr">ccache(1)</a> for the build. No configuration is - required except to install the - <a class="permalink" href="#devel/ccache"><b class="Sy" id="devel/ccache">devel/ccache</b></a> - or - <a class="permalink" href="#devel/sccache"><b class="Sy" id="devel/sccache">devel/sccache</b></a> - package. When using with <a class="Xr">distcc(1)</a>, set - <a class="permalink" href="#CCACHE_PREFIX=/usr/local/bin/distcc"><b class="Sy" id="CCACHE_PREFIX=/usr/local/bin/distcc">CCACHE_PREFIX=/usr/local/bin/distcc</b></a>. - When using with sccache set - <a class="permalink" href="#CCACHE_NAME=sccache"><b class="Sy" id="CCACHE_NAME=sccache">CCACHE_NAME=sccache</b></a> - in <a class="Xr">src.conf(5)</a>. The default cache directory of - <span class="Pa">$HOME/.ccache</span> will be used, which can be - overridden by setting - <a class="permalink" href="#CCACHE_DIR"><b class="Sy" id="CCACHE_DIR">CCACHE_DIR</b></a>. - The - <a class="permalink" href="#CCACHE_COMPILERCHECK"><b class="Sy" id="CCACHE_COMPILERCHECK">CCACHE_COMPILERCHECK</b></a> - option defaults to - <a class="permalink" href="#content"><b class="Sy" id="content">content</b></a> - when using the in-tree bootstrap compiler, and - <a class="permalink" href="#mtime"><b class="Sy" id="mtime">mtime</b></a> - when using an external compiler. The - <a class="permalink" href="#CCACHE_CPP2"><b class="Sy" id="CCACHE_CPP2">CCACHE_CPP2</b></a> - option is used for Clang but not GCC. - <p class="Pp">Sharing a cache between multiple work directories requires - using a layout similar to <span class="Pa">/some/prefix/src</span> - <span class="Pa">/some/prefix/obj</span> and an environment such as:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj'</pre> - </div> - <p class="Pp">See <a class="Xr">ccache(1)</a> for more configuration - options.</p> - </dd> - <dt id="WITHOUT_CCD"><var class="Va">WITHOUT_CCD</var></dt> - <dd>Do not build <a class="Xr">geom_ccd(4)</a> and related utilities.</dd> - <dt id="WITHOUT_CDDL"><var class="Va">WITHOUT_CDDL</var></dt> - <dd>Do not build code licensed under Sun's CDDL. When set, it enforces these - options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_CTF"><var class="Va">WITHOUT_CTF</var></li> - <li id="WITHOUT_DTRACE"><var class="Va">WITHOUT_DTRACE</var></li> - <li id="WITHOUT_LOADER_ZFS"><var class="Va">WITHOUT_LOADER_ZFS</var></li> - <li id="WITHOUT_ZFS"><var class="Va">WITHOUT_ZFS</var></li> - <li id="WITHOUT_ZFS_TESTS"><var class="Va">WITHOUT_ZFS_TESTS</var></li> - </ul> - </dd> - <dt id="WITHOUT_CLANG"><var class="Va">WITHOUT_CLANG</var></dt> - <dd>Do not build the Clang C/C++ compiler during the regular phase of the - build. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_CLANG_EXTRAS"><var class="Va">WITHOUT_CLANG_EXTRAS</var></li> - <li id="WITHOUT_CLANG_FORMAT"><var class="Va">WITHOUT_CLANG_FORMAT</var></li> - <li id="WITHOUT_CLANG_FULL"><var class="Va">WITHOUT_CLANG_FULL</var></li> - <li id="WITHOUT_LLVM_COV"><var class="Va">WITHOUT_LLVM_COV</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_LLVM_TARGET_AARCH64"><var class="Va">WITHOUT_LLVM_TARGET_AARCH64</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_AARCH64</var> is set - explicitly)</dd> - <dt id="WITHOUT_LLVM_TARGET_ALL"><var class="Va">WITHOUT_LLVM_TARGET_ALL</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_ALL</var> is set - explicitly)</dd> - <dt id="WITHOUT_LLVM_TARGET_ARM"><var class="Va">WITHOUT_LLVM_TARGET_ARM</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_ARM</var> is set - explicitly)</dd> - <dt id="WITHOUT_LLVM_TARGET_POWERPC"><var class="Va">WITHOUT_LLVM_TARGET_POWERPC</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_POWERPC</var> is set - explicitly)</dd> - <dt id="WITHOUT_LLVM_TARGET_RISCV"><var class="Va">WITHOUT_LLVM_TARGET_RISCV</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_RISCV</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_CLANG_BOOTSTRAP"><var class="Va">WITHOUT_CLANG_BOOTSTRAP</var></dt> - <dd>Do not build the Clang C/C++ compiler during the bootstrap phase of the - build. To be able to build the system, either gcc or clang bootstrap must - be enabled unless an alternate compiler is provided via XCC.</dd> - <dt id="WITH_CLANG_EXTRAS"><var class="Va">WITH_CLANG_EXTRAS</var></dt> - <dd>Build additional clang and llvm tools, such as bugpoint and - clang-format.</dd> - <dt id="WITH_CLANG_FORMAT"><var class="Va">WITH_CLANG_FORMAT</var></dt> - <dd>Build clang-format.</dd> - <dt id="WITHOUT_CLANG_FULL~2"><var class="Va">WITHOUT_CLANG_FULL</var></dt> - <dd>Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of - the Clang C/C++ compiler.</dd> - <dt id="WITH_CLEAN"><var class="Va">WITH_CLEAN</var></dt> - <dd>Clean before building world and/or kernel. Note that recording a new epoch - in <span class="Pa">.clean_build_epoch</span> in the root of the source - tree will also force a clean world build. When set, these options are also - in effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_DEPEND_CLEANUP"><var class="Va">WITHOUT_DEPEND_CLEANUP</var></dt> - <dd>(unless <var class="Va">WITH_DEPEND_CLEANUP</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_CPP"><var class="Va">WITHOUT_CPP</var></dt> - <dd>Do not build <a class="Xr">cpp(1)</a>.</dd> - <dt id="WITHOUT_CROSS_COMPILER"><var class="Va">WITHOUT_CROSS_COMPILER</var></dt> - <dd>Do not build any cross compiler in the cross-tools stage of buildworld. - When compiling a different version of <span class="Ux">FreeBSD</span> than - what is installed on the system, provide an alternate compiler with XCC to - ensure success. When compiling with an identical version of - <span class="Ux">FreeBSD</span> to the host, this option may be safely - used. This option may also be safe when the host version of - <span class="Ux">FreeBSD</span> is close to the sources being built, but - all bets are off if there have been any changes to the toolchain between - the versions. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_CLANG_BOOTSTRAP~2"><var class="Va">WITHOUT_CLANG_BOOTSTRAP</var></li> - <li id="WITHOUT_ELFTOOLCHAIN_BOOTSTRAP"><var class="Va">WITHOUT_ELFTOOLCHAIN_BOOTSTRAP</var></li> - <li id="WITHOUT_LLD_BOOTSTRAP"><var class="Va">WITHOUT_LLD_BOOTSTRAP</var></li> - <li id="WITHOUT_LLVM_BINUTILS_BOOTSTRAP"><var class="Va">WITHOUT_LLVM_BINUTILS_BOOTSTRAP</var></li> - </ul> - </dd> - <dt id="WITHOUT_CRYPT"><var class="Va">WITHOUT_CRYPT</var></dt> - <dd>Do not build any crypto code. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_DMAGENT"><var class="Va">WITHOUT_DMAGENT</var></li> - <li id="WITHOUT_KERBEROS"><var class="Va">WITHOUT_KERBEROS</var></li> - <li id="WITHOUT_LDNS"><var class="Va">WITHOUT_LDNS</var></li> - <li id="WITHOUT_LDNS_UTILS"><var class="Va">WITHOUT_LDNS_UTILS</var></li> - <li id="WITHOUT_LOADER_ZFS~2"><var class="Va">WITHOUT_LOADER_ZFS</var></li> - <li id="WITHOUT_MITKRB5"><var class="Va">WITHOUT_MITKRB5</var></li> - <li id="WITHOUT_OPENSSH"><var class="Va">WITHOUT_OPENSSH</var></li> - <li id="WITHOUT_OPENSSL"><var class="Va">WITHOUT_OPENSSL</var></li> - <li id="WITHOUT_OPENSSL_KTLS"><var class="Va">WITHOUT_OPENSSL_KTLS</var></li> - <li id="WITHOUT_PKGBOOTSTRAP"><var class="Va">WITHOUT_PKGBOOTSTRAP</var></li> - <li id="WITHOUT_UNBOUND"><var class="Va">WITHOUT_UNBOUND</var></li> - <li id="WITHOUT_ZFS~2"><var class="Va">WITHOUT_ZFS</var></li> - <li id="WITHOUT_ZFS_TESTS~2"><var class="Va">WITHOUT_ZFS_TESTS</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_KERBEROS_SUPPORT"><var class="Va">WITHOUT_KERBEROS_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_KERBEROS_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITH_CTF"><var class="Va">WITH_CTF</var></dt> - <dd>Compile with CTF (Compact C Type Format) data. CTF data encapsulates a - reduced form of debugging information similar to DWARF and the venerable - stabs and is required for DTrace.</dd> - <dt id="WITHOUT_CUSE"><var class="Va">WITHOUT_CUSE</var></dt> - <dd>Do not build CUSE-related programs and libraries.</dd> - <dt id="WITHOUT_CXGBETOOL"><var class="Va">WITHOUT_CXGBETOOL</var></dt> - <dd>Do not build <a class="Xr">cxgbetool(8)</a> - <p class="Pp">This is a default setting on arm/armv7 and riscv/riscv64.</p> - </dd> - <dt id="WITH_CXGBETOOL"><var class="Va">WITH_CXGBETOOL</var></dt> - <dd>Build <a class="Xr">cxgbetool(8)</a> - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64, - i386/i386, powerpc/powerpc64 and powerpc/powerpc64le.</p> - </dd> - <dt id="WITHOUT_DEBUG_FILES"><var class="Va">WITHOUT_DEBUG_FILES</var></dt> - <dd>Avoid building or installing standalone debug files for each executable - binary and shared library.</dd> - <dt id="WITHOUT_DEPEND_CLEANUP~2"><var class="Va">WITHOUT_DEPEND_CLEANUP</var></dt> - <dd>Do not attempt to detect if the object tree needs cleaning in part or in - whole before building. This speeds up incremental builds, especially when - experimenting with build options, but may cause the build to inexplicably - fail or produce non-functioning binaries.</dd> - <dt id="WITH_DETECT_TZ_CHANGES"><var class="Va">WITH_DETECT_TZ_CHANGES</var></dt> - <dd>Make the time handling code detect changes to the timezone files.</dd> - <dt id="WITH_DIALOG"><var class="Va">WITH_DIALOG</var></dt> - <dd>Do build <a class="Xr">dialog(1)</a>, <a class="Xr">dialog(3)</a>, - <a class="Xr">dpv(1)</a>, and <a class="Xr">dpv(3)</a>.</dd> - <dt id="WITHOUT_DICT"><var class="Va">WITHOUT_DICT</var></dt> - <dd>Do not build the Webster dictionary files.</dd> - <dt id="WITH_DIRDEPS_BUILD"><var class="Va">WITH_DIRDEPS_BUILD</var></dt> - <dd>This is an alternate build system. For details see - https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. Build commands can - be seen from the top-level with: - <div class="Bd Bd-indent"><code class="Li">make - show-valid-targets</code></div> - The build is driven by dirdeps.mk using <var class="Va">DIRDEPS</var> stored - in Makefile.depend files found in each directory. - <p class="Pp">The build can be started from anywhere, and behaves the same. - The initial instance of <a class="Xr">make(1)</a> recursively reads - <var class="Va">DIRDEPS</var> from - <span class="Pa">Makefile.depend</span>, computing a graph of tree - dependencies from the current origin. Setting - <var class="Va">NO_DIRDEPS</var> skips checking dirdep dependencies and - will only build in the current and child directories. - <var class="Va">NO_DIRDEPS_BELOW</var> skips building any dirdeps and - only build the current directory.</p> - <p class="Pp">This also utilizes the <var class="Va">WITH_META_MODE</var> - logic for incremental builds.</p> - <p class="Pp">The build hides commands executed unless - <var class="Va">NO_SILENT</var> is defined.</p> - <p class="Pp">Note that there is currently no mass install feature for this. - This build is designed for producing packages, that can then be - installed on a target system.</p> - <p class="Pp">The implementation in <span class="Ux">FreeBSD</span> is - incomplete. Completion would require leaf directories for building each - kernel and package so that their dependencies can be tracked. When set, - it enforces these options:</p> - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITH_INSTALL_AS_USER"><var class="Va">WITH_INSTALL_AS_USER</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITH_META_ERROR_TARGET"><var class="Va">WITH_META_ERROR_TARGET</var></dt> - <dd>(unless <var class="Va">WITHOUT_META_ERROR_TARGET</var> is set - explicitly)</dd> - <dt id="WITH_META_MODE"><var class="Va">WITH_META_MODE</var></dt> - <dd>(unless <var class="Va">WITHOUT_META_MODE</var> is set - explicitly)</dd> - <dt id="WITH_STAGING"><var class="Va">WITH_STAGING</var></dt> - <dd>(unless <var class="Va">WITHOUT_STAGING</var> is set explicitly)</dd> - <dt id="WITH_STAGING_MAN"><var class="Va">WITH_STAGING_MAN</var></dt> - <dd>(unless <var class="Va">WITHOUT_STAGING_MAN</var> is set - explicitly)</dd> - <dt id="WITH_STAGING_PROG"><var class="Va">WITH_STAGING_PROG</var></dt> - <dd>(unless <var class="Va">WITHOUT_STAGING_PROG</var> is set - explicitly)</dd> - <dt id="WITH_SYSROOT"><var class="Va">WITH_SYSROOT</var></dt> - <dd>(unless <var class="Va">WITHOUT_SYSROOT</var> is set explicitly)</dd> - </dl> - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITH_DIRDEPS_CACHE"><var class="Va">WITH_DIRDEPS_CACHE</var></dt> - <dd>Cache result of dirdeps.mk which can save significant time for subsequent - builds. Depends on <var class="Va">WITH_DIRDEPS_BUILD</var>. - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITH_DISK_IMAGE_TOOLS_BOOTSTRAP"><var class="Va">WITH_DISK_IMAGE_TOOLS_BOOTSTRAP</var></dt> - <dd>Build <a class="Xr">etdump(1)</a>, <a class="Xr">makefs(8)</a> and - <a class="Xr">mkimg(1)</a> as bootstrap tools.</dd> - <dt id="WITHOUT_DMAGENT~2"><var class="Va">WITHOUT_DMAGENT</var></dt> - <dd>Do not build dma Mail Transport Agent.</dd> - <dt id="WITHOUT_DOCCOMPRESS"><var class="Va">WITHOUT_DOCCOMPRESS</var></dt> - <dd>Do not install compressed system documentation. Only the uncompressed - version will be installed.</dd> - <dt id="WITHOUT_DTRACE~2"><var class="Va">WITHOUT_DTRACE</var></dt> - <dd>Do not build DTrace framework kernel modules, libraries, and user - commands. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_CTF~2"><var class="Va">WITHOUT_CTF</var></li> - </ul> - </dd> - <dt id="WITH_DTRACE_ASAN"><var class="Va">WITH_DTRACE_ASAN</var></dt> - <dd>Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), - plockstat(1)) with address and undefined behavior sanitizers. Requires - that Clang be used as the base system compiler and that the runtime - support library is available.</dd> - <dt id="WITH_DTRACE_TESTS"><var class="Va">WITH_DTRACE_TESTS</var></dt> - <dd>Build and install the DTrace test suite in - <span class="Pa">/usr/tests/cddl/usr.sbin/dtrace</span>. This test suite - is considered experimental on architectures other than amd64/amd64 and - running it may cause system instability.</dd> - <dt id="WITHOUT_DYNAMICROOT"><var class="Va">WITHOUT_DYNAMICROOT</var></dt> - <dd>Set this if you do not want to link <span class="Pa">/bin</span> and - <span class="Pa">/sbin</span> dynamically.</dd> - <dt id="WITHOUT_EE"><var class="Va">WITHOUT_EE</var></dt> - <dd>Do not build and install <a class="Xr">edit(1)</a>, - <a class="Xr">ee(1)</a>, and related programs.</dd> - <dt id="WITHOUT_EFI"><var class="Va">WITHOUT_EFI</var></dt> - <dd>Set not to build <a class="Xr">efivar(3)</a> and - <a class="Xr">efivar(8)</a>. - <p class="Pp">This is a default setting on i386/i386, powerpc/powerpc64 and - powerpc/powerpc64le.</p> - </dd> - <dt id="WITH_EFI"><var class="Va">WITH_EFI</var></dt> - <dd>Build <a class="Xr">efivar(3)</a> and <a class="Xr">efivar(8)</a>. - <p class="Pp">This is a default setting on amd64/amd64, arm/armv7, - arm64/aarch64 and riscv/riscv64.</p> - </dd> - <dt id="WITHOUT_ELFTOOLCHAIN_BOOTSTRAP~2"><var class="Va">WITHOUT_ELFTOOLCHAIN_BOOTSTRAP</var></dt> - <dd>Do not build ELF Tool Chain tools (addr2line, nm, size, strings and strip) - as part of the bootstrap process. - <div class="Bf Sy">An alternate bootstrap tool chain must be provided.</div> - </dd> - <dt id="WITHOUT_EXAMPLES"><var class="Va">WITHOUT_EXAMPLES</var></dt> - <dd>Avoid installing examples to - <span class="Pa">/usr/share/examples/</span>.</dd> - <dt id="WITHOUT_FDT"><var class="Va">WITHOUT_FDT</var></dt> - <dd>Do not build Flattened Device Tree support as part of the base system. - This includes the device tree compiler (dtc) and libfdt support library. - <p class="Pp">This is a default setting on amd64/amd64 and i386/i386.</p> - </dd> - <dt id="WITH_FDT"><var class="Va">WITH_FDT</var></dt> - <dd>Build Flattened Device Tree support as part of the base system. This - includes the device tree compiler (dtc) and libfdt support library. - <p class="Pp">This is a default setting on arm/armv7, arm64/aarch64, - powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITHOUT_FILE"><var class="Va">WITHOUT_FILE</var></dt> - <dd>Do not build <a class="Xr">file(1)</a> and related programs.</dd> - <dt id="WITHOUT_FINGER"><var class="Va">WITHOUT_FINGER</var></dt> - <dd>Do not build or install <a class="Xr">finger(1)</a> and - <a class="Xr">fingerd(8)</a>.</dd> - <dt id="WITHOUT_FLOPPY"><var class="Va">WITHOUT_FLOPPY</var></dt> - <dd>Do not build or install programs for operating floppy disk driver.</dd> - <dt id="WITHOUT_FORMAT_EXTENSIONS"><var class="Va">WITHOUT_FORMAT_EXTENSIONS</var></dt> - <dd>Do not enable <code class="Fl">-fformat-extensions</code> when compiling - the kernel. Also disables all format checking.</dd> - <dt id="WITHOUT_FORTH"><var class="Va">WITHOUT_FORTH</var></dt> - <dd>Build bootloaders without Forth support.</dd> - <dt id="WITHOUT_FREEBSD_UPDATE"><var class="Va">WITHOUT_FREEBSD_UPDATE</var></dt> - <dd>Do not build <a class="Xr">freebsd-update(8)</a>.</dd> - <dt id="WITHOUT_FTP"><var class="Va">WITHOUT_FTP</var></dt> - <dd>Do not build or install <a class="Xr">ftp(1)</a>.</dd> - <dt id="WITHOUT_GAMES"><var class="Va">WITHOUT_GAMES</var></dt> - <dd>Do not build games.</dd> - <dt id="WITHOUT_GOOGLETEST"><var class="Va">WITHOUT_GOOGLETEST</var></dt> - <dd>Neither build nor install <span class="Lb">library - “libgmock”</span>, <span class="Lb">library - “libgtest”</span>, and dependent tests.</dd> - <dt id="WITHOUT_GPIO"><var class="Va">WITHOUT_GPIO</var></dt> - <dd>Do not build <a class="Xr">gpioctl(8)</a> as part of the base system.</dd> - <dt id="WITHOUT_HAST"><var class="Va">WITHOUT_HAST</var></dt> - <dd>Do not build <a class="Xr">hastd(8)</a> and related utilities.</dd> - <dt id="WITH_HESIOD"><var class="Va">WITH_HESIOD</var></dt> - <dd>Build Hesiod support.</dd> - <dt id="WITHOUT_HTML"><var class="Va">WITHOUT_HTML</var></dt> - <dd>Do not build HTML docs.</dd> - <dt id="WITHOUT_HYPERV"><var class="Va">WITHOUT_HYPERV</var></dt> - <dd>Do not build or install HyperV utilities. - <p class="Pp">This is a default setting on arm/armv7, powerpc/powerpc64, - powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITH_HYPERV"><var class="Va">WITH_HYPERV</var></dt> - <dd>Build or install HyperV utilities. - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64 and - i386/i386.</p> - </dd> - <dt id="WITHOUT_ICONV"><var class="Va">WITHOUT_ICONV</var></dt> - <dd>Do not build iconv as part of libc.</dd> - <dt id="WITHOUT_INCLUDES"><var class="Va">WITHOUT_INCLUDES</var></dt> - <dd>Do not install header files. This option used to be spelled - <var class="Va">NO_INCS</var>. - <div class="Bf Sy">The option does not work for build targets.</div> - </dd> - <dt id="WITHOUT_INET"><var class="Va">WITHOUT_INET</var></dt> - <dd>Do not build programs and libraries related to IPv4 networking. When set, - it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_INET_SUPPORT"><var class="Va">WITHOUT_INET_SUPPORT</var></li> - </ul> - </dd> - <dt id="WITHOUT_INET6"><var class="Va">WITHOUT_INET6</var></dt> - <dd>Do not build programs and libraries related to IPv6 networking. When set, - it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_INET6_SUPPORT"><var class="Va">WITHOUT_INET6_SUPPORT</var></li> - </ul> - </dd> - <dt id="WITHOUT_INET6_SUPPORT~2"><var class="Va">WITHOUT_INET6_SUPPORT</var></dt> - <dd>Build libraries, programs, and kernel modules without IPv6 support.</dd> - <dt id="WITHOUT_INETD"><var class="Va">WITHOUT_INETD</var></dt> - <dd>Do not build <a class="Xr">inetd(8)</a>.</dd> - <dt id="WITHOUT_INET_SUPPORT~2"><var class="Va">WITHOUT_INET_SUPPORT</var></dt> - <dd>Build libraries, programs, and kernel modules without IPv4 support.</dd> - <dt id="WITHOUT_INSTALLLIB"><var class="Va">WITHOUT_INSTALLLIB</var></dt> - <dd>Set this to not install optional libraries. For example, when creating a - <a class="Xr">nanobsd(8)</a> image. - <div class="Bf Sy">The option does not work for build targets.</div> - </dd> - <dt id="WITH_INSTALL_AS_USER~2"><var class="Va">WITH_INSTALL_AS_USER</var></dt> - <dd>Make install targets succeed for non-root users by installing files with - owner and group attributes set to that of the user running the - <a class="Xr">make(1)</a> command. The user still must set the - <var class="Va">DESTDIR</var> variable to point to a directory where the - user has write permissions.</dd> - <dt id="WITHOUT_IPFILTER"><var class="Va">WITHOUT_IPFILTER</var></dt> - <dd>Do not build IP Filter package.</dd> - <dt id="WITH_IPFILTER_IPFS"><var class="Va">WITH_IPFILTER_IPFS</var></dt> - <dd>Enable building the <a class="Xr">ipfs(8)</a> tool to save and restore - IPFilter state tables.</dd> - <dt id="WITHOUT_IPFW"><var class="Va">WITHOUT_IPFW</var></dt> - <dd>Do not build IPFW tools.</dd> - <dt id="WITHOUT_IPSEC_SUPPORT"><var class="Va">WITHOUT_IPSEC_SUPPORT</var></dt> - <dd>Do not build the kernel with <a class="Xr">ipsec(4)</a> support. This - option is needed for <a class="Xr">ipsec(4)</a> and - <a class="Xr">tcpmd5(4)</a>.</dd> - <dt id="WITHOUT_ISCSI"><var class="Va">WITHOUT_ISCSI</var></dt> - <dd>Do not build <a class="Xr">iscsid(8)</a> and related utilities.</dd> - <dt id="WITHOUT_JAIL"><var class="Va">WITHOUT_JAIL</var></dt> - <dd>Do not build tools for the support of jails; e.g., - <a class="Xr">jail(8)</a>.</dd> - <dt id="WITHOUT_JEMALLOC_LG_VADDR_WIDE"><var class="Va">WITHOUT_JEMALLOC_LG_VADDR_WIDE</var></dt> - <dd>Disallow programs to use more than 48 address bits on amd64. Incompatible - with LA57 mode. Enabling this option might result in a slight reduction in - memory consumption for jemalloc metadata, but also requires disabling LA57 - (if hardware supports it).</dd> - <dt id="WITHOUT_KDUMP"><var class="Va">WITHOUT_KDUMP</var></dt> - <dd>Do not build <a class="Xr">kdump(1)</a> and - <a class="Xr">truss(1)</a>.</dd> - <dt id="WITHOUT_KERBEROS~2"><var class="Va">WITHOUT_KERBEROS</var></dt> - <dd>Set this to not build Kerberos. When set, these options are also in - effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_KERBEROS_SUPPORT~2"><var class="Va">WITHOUT_KERBEROS_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_KERBEROS_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_KERBEROS_SUPPORT~3"><var class="Va">WITHOUT_KERBEROS_SUPPORT</var></dt> - <dd>Build some programs without Kerberos support, like - <a class="Xr">ssh(1)</a>, <a class="Xr">telnet(1)</a>, and - <a class="Xr">sshd(8)</a>.</dd> - <dt id="WITH_KERNEL_BIN"><var class="Va">WITH_KERNEL_BIN</var></dt> - <dd>Generate and install kernel.bin from kernel as part of the normal build - and install processes for the kernel. Available only on arm and arm64. - <p class="Pp">Usually this will be added to the kernel config file with:</p> - <p class="Pp">makeoptions WITH_KERNEL_BIN=1</p> - <p class="Pp">though it can also be used on the command line.</p> - </dd> - <dt id="WITH_KERNEL_RETPOLINE"><var class="Va">WITH_KERNEL_RETPOLINE</var></dt> - <dd>Enable the "retpoline" mitigation for CVE-2017-5715 in the - kernel build.</dd> - <dt id="WITHOUT_KERNEL_SYMBOLS"><var class="Va">WITHOUT_KERNEL_SYMBOLS</var></dt> - <dd>Do not install standalone kernel debug symbol files. This option has no - effect at build time.</dd> - <dt id="WITHOUT_KVM"><var class="Va">WITHOUT_KVM</var></dt> - <dd>Do not build the <code class="Nm">libkvm</code> library as a part of the - base system. - <div class="Bf Sy">The option has no effect yet.</div> - When set, these options are also in effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_KVM_SUPPORT"><var class="Va">WITHOUT_KVM_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_KVM_SUPPORT</var> is set explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_KVM_SUPPORT~2"><var class="Va">WITHOUT_KVM_SUPPORT</var></dt> - <dd>Build some programs without optional <code class="Nm">libkvm</code> - support.</dd> - <dt id="WITHOUT_LDNS~2"><var class="Va">WITHOUT_LDNS</var></dt> - <dd>Setting this variable will prevent the LDNS library from being built. When - set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_LDNS_UTILS~2"><var class="Va">WITHOUT_LDNS_UTILS</var></li> - <li id="WITHOUT_UNBOUND~2"><var class="Va">WITHOUT_UNBOUND</var></li> - </ul> - </dd> - <dt id="WITHOUT_LDNS_UTILS~3"><var class="Va">WITHOUT_LDNS_UTILS</var></dt> - <dd>Setting this variable will prevent building the LDNS utilities - <a class="Xr">drill(1)</a> and <a class="Xr">host(1)</a>.</dd> - <dt id="WITHOUT_LEGACY_CONSOLE"><var class="Va">WITHOUT_LEGACY_CONSOLE</var></dt> - <dd>Do not build programs that support a legacy PC console; e.g., - <a class="Xr">kbdcontrol(1)</a> and <a class="Xr">vidcontrol(1)</a>.</dd> - <dt id="WITHOUT_LIB32"><var class="Va">WITHOUT_LIB32</var></dt> - <dd>On 64-bit platforms, do not build 32-bit library set and a - <code class="Nm">ld-elf32.so.1</code> runtime linker. - <p class="Pp">This is a default setting on arm/armv7, i386/i386, - powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITH_LIB32"><var class="Va">WITH_LIB32</var></dt> - <dd>On 64-bit platforms, build the 32-bit library set and a - <code class="Nm">ld-elf32.so.1</code> runtime linker. - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64 and - powerpc/powerpc64.</p> - </dd> - <dt id="WITHOUT_LLD"><var class="Va">WITHOUT_LLD</var></dt> - <dd>Do not build LLVM's lld linker.</dd> - <dt id="WITHOUT_LLDB"><var class="Va">WITHOUT_LLDB</var></dt> - <dd>Do not build the LLDB debugger. - <p class="Pp">This is a default setting on riscv/riscv64.</p> - </dd> - <dt id="WITH_LLDB"><var class="Va">WITH_LLDB</var></dt> - <dd>Build the LLDB debugger. - <p class="Pp">This is a default setting on amd64/amd64, arm/armv7, - arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le.</p> - </dd> - <dt id="WITHOUT_LLD_BOOTSTRAP~2"><var class="Va">WITHOUT_LLD_BOOTSTRAP</var></dt> - <dd>Do not build the LLD linker during the bootstrap phase of the build. To be - able to build the system an alternate linker must be provided via - XLD.</dd> - <dt id="WITHOUT_LLVM_ASSERTIONS"><var class="Va">WITHOUT_LLVM_ASSERTIONS</var></dt> - <dd>Disable debugging assertions in LLVM.</dd> - <dt id="WITHOUT_LLVM_BINUTILS"><var class="Va">WITHOUT_LLVM_BINUTILS</var></dt> - <dd>Install ELF Tool Chain's binary utilities instead of LLVM's. This includes - <a class="Xr">addr2line(1)</a>, <a class="Xr">ar(1)</a>, - <a class="Xr">nm(1)</a>, <a class="Xr">objcopy(1)</a>, - <a class="Xr">ranlib(1)</a>, <a class="Xr">readelf(1)</a>, - <a class="Xr">size(1)</a>, and <a class="Xr">strip(1)</a>. Regardless of - this setting, LLVM tools are used for <a class="Xr">c++filt(1)</a> and - <a class="Xr">objdump(1)</a>. <a class="Xr">strings(1)</a> is always - provided by ELF Tool Chain.</dd> - <dt id="WITHOUT_LLVM_BINUTILS_BOOTSTRAP~2"><var class="Va">WITHOUT_LLVM_BINUTILS_BOOTSTRAP</var></dt> - <dd>Do not build LLVM binary utilities during the bootstrap phase of the - build. To be able to build the system alternate binary utilities must be - provided via <code class="Ev">XAR</code>, <code class="Ev">XNM</code>, - <code class="Ev">XOBJCOPY</code>, <code class="Ev">XSIZE</code>, - <code class="Ev">XSTRINGS</code>, and <code class="Ev">XSTRIPBIN</code>. - <p class="Pp"></p> - </dd> - <dt id="WITHOUT_LLVM_COV~2"><var class="Va">WITHOUT_LLVM_COV</var></dt> - <dd>Do not build the <a class="Xr">llvm-cov(1)</a> tool.</dd> - <dt id="WITH_LLVM_FULL_DEBUGINFO"><var class="Va">WITH_LLVM_FULL_DEBUGINFO</var></dt> - <dd>Generate full debug information for LLVM libraries and tools, which uses - more disk space and build resources, but allows for easier debugging.</dd> - <dt id="WITH_LLVM_LINK_STATIC_LIBRARIES"><var class="Va">WITH_LLVM_LINK_STATIC_LIBRARIES</var></dt> - <dd>Link LLVM libraries (libllvm, libclang, liblldb) statically into each of - the binaries that use them. - <p class="Pp">This means that binaries linked against these libraries, such - as clang, ld.lld and lldb will be much larger and position dependent, - but will start more quickly.</p> - </dd> - <dt id="WITHOUT_LLVM_TARGET_AARCH64~2"><var class="Va">WITHOUT_LLVM_TARGET_AARCH64</var></dt> - <dd>Do not build LLVM target support for AArch64. The - <var class="Va">LLVM_TARGET_ALL</var> option should be used rather than - this in most cases.</dd> - <dt id="WITHOUT_LLVM_TARGET_ALL~2"><var class="Va">WITHOUT_LLVM_TARGET_ALL</var></dt> - <dd>Only build the required LLVM target support. This option is preferred to - specific target support options. When set, these options are also in - effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_LLVM_TARGET_AARCH64~3"><var class="Va">WITHOUT_LLVM_TARGET_AARCH64</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_AARCH64</var> is set - explicitly)</dd> - <dt id="WITHOUT_LLVM_TARGET_ARM~2"><var class="Va">WITHOUT_LLVM_TARGET_ARM</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_ARM</var> is set - explicitly)</dd> - <dt id="WITHOUT_LLVM_TARGET_POWERPC~2"><var class="Va">WITHOUT_LLVM_TARGET_POWERPC</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_POWERPC</var> is set - explicitly)</dd> - <dt id="WITHOUT_LLVM_TARGET_RISCV~2"><var class="Va">WITHOUT_LLVM_TARGET_RISCV</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_TARGET_RISCV</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_LLVM_TARGET_ARM~3"><var class="Va">WITHOUT_LLVM_TARGET_ARM</var></dt> - <dd>Do not build LLVM target support for ARM. The - <var class="Va">LLVM_TARGET_ALL</var> option should be used rather than - this in most cases.</dd> - <dt id="WITH_LLVM_TARGET_BPF"><var class="Va">WITH_LLVM_TARGET_BPF</var></dt> - <dd>Build LLVM target support for BPF. The - <var class="Va">LLVM_TARGET_ALL</var> option should be used rather than - this in most cases.</dd> - <dt id="WITH_LLVM_TARGET_MIPS"><var class="Va">WITH_LLVM_TARGET_MIPS</var></dt> - <dd>Build LLVM target support for MIPS. The - <var class="Va">LLVM_TARGET_ALL</var> option should be used rather than - this in most cases.</dd> - <dt id="WITHOUT_LLVM_TARGET_POWERPC~3"><var class="Va">WITHOUT_LLVM_TARGET_POWERPC</var></dt> - <dd>Do not build LLVM target support for PowerPC. The - <var class="Va">LLVM_TARGET_ALL</var> option should be used rather than - this in most cases.</dd> - <dt id="WITHOUT_LLVM_TARGET_RISCV~3"><var class="Va">WITHOUT_LLVM_TARGET_RISCV</var></dt> - <dd>Do not build LLVM target support for RISC-V. The - <var class="Va">LLVM_TARGET_ALL</var> option should be used rather than - this in most cases.</dd> - <dt id="WITHOUT_LLVM_TARGET_X86"><var class="Va">WITHOUT_LLVM_TARGET_X86</var></dt> - <dd>Do not build LLVM target support for X86. The - <var class="Va">LLVM_TARGET_ALL</var> option should be used rather than - this in most cases.</dd> - <dt id="WITHOUT_LOADER_BIOS_TEXTONLY"><var class="Va">WITHOUT_LOADER_BIOS_TEXTONLY</var></dt> - <dd>Include graphics, font and video mode support in the i386 and amd64 BIOS - boot loader.</dd> - <dt id="WITH_LOADER_EFI_SECUREBOOT~2"><var class="Va">WITH_LOADER_EFI_SECUREBOOT</var></dt> - <dd>Enable building <a class="Xr">loader(8)</a> with support for verification - based on certificates obtained from UEFI.</dd> - <dt id="WITHOUT_LOADER_GELI"><var class="Va">WITHOUT_LOADER_GELI</var></dt> - <dd>Disable inclusion of GELI crypto support in the boot chain binaries. - <p class="Pp">This is a default setting on powerpc/powerpc64 and - powerpc/powerpc64le.</p> - </dd> - <dt id="WITH_LOADER_GELI"><var class="Va">WITH_LOADER_GELI</var></dt> - <dd>Build GELI bootloader support. - <p class="Pp">This is a default setting on amd64/amd64, arm/armv7, - arm64/aarch64, i386/i386 and riscv/riscv64.</p> - </dd> - <dt id="WITHOUT_LOADER_IA32"><var class="Va">WITHOUT_LOADER_IA32</var></dt> - <dd>Do not build the 32-bit UEFI loader. - <p class="Pp">This is a default setting on arm/armv7, arm64/aarch64, - i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITH_LOADER_IA32"><var class="Va">WITH_LOADER_IA32</var></dt> - <dd>Build the 32-bit UEFI loader. - <p class="Pp">This is a default setting on amd64/amd64.</p> - </dd> - <dt id="WITHOUT_LOADER_KBOOT"><var class="Va">WITHOUT_LOADER_KBOOT</var></dt> - <dd>Do not build kboot, a linuxboot environment loader - <p class="Pp">This is a default setting on arm/armv7, i386/i386, - powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITH_LOADER_KBOOT"><var class="Va">WITH_LOADER_KBOOT</var></dt> - <dd>Build kboot, a linuxboot environment loader - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64 and - powerpc/powerpc64.</p> - </dd> - <dt id="WITHOUT_LOADER_LUA"><var class="Va">WITHOUT_LOADER_LUA</var></dt> - <dd>Do not build LUA bindings for the boot loader. - <p class="Pp">This is a default setting on powerpc/powerpc64 and - powerpc/powerpc64le.</p> - </dd> - <dt id="WITH_LOADER_LUA"><var class="Va">WITH_LOADER_LUA</var></dt> - <dd>Build LUA bindings for the boot loader. - <p class="Pp">This is a default setting on amd64/amd64, arm/armv7, - arm64/aarch64, i386/i386 and riscv/riscv64.</p> - </dd> - <dt id="WITHOUT_LOADER_OFW"><var class="Va">WITHOUT_LOADER_OFW</var></dt> - <dd>Disable building of openfirmware bootloader components. - <p class="Pp">This is a default setting on amd64/amd64, arm/armv7, - arm64/aarch64, i386/i386 and riscv/riscv64.</p> - </dd> - <dt id="WITH_LOADER_OFW"><var class="Va">WITH_LOADER_OFW</var></dt> - <dd>Build openfirmware bootloader components. - <p class="Pp">This is a default setting on powerpc/powerpc64 and - powerpc/powerpc64le.</p> - </dd> - <dt id="WITHOUT_LOADER_PXEBOOT"><var class="Va">WITHOUT_LOADER_PXEBOOT</var></dt> - <dd>Do not build pxeboot on i386/amd64. When the pxeboot is too large, or - unneeded, it may be disabled with this option. See - <var class="Va">WITH_LOADER_PXEBOOT</var> for how to adjust the defaults - when you need both a larger <span class="Pa">/boot/loader</span> and - <span class="Pa">/boot/pxeboot</span> - <p class="Pp">This option only has an effect on x86.</p> - </dd> - <dt id="WITHOUT_LOADER_UBOOT"><var class="Va">WITHOUT_LOADER_UBOOT</var></dt> - <dd>Disable building of ubldr. - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64, - i386/i386, powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITH_LOADER_UBOOT"><var class="Va">WITH_LOADER_UBOOT</var></dt> - <dd>Build ubldr. - <p class="Pp">This is a default setting on arm/armv7 and - powerpc/powerpc64.</p> - </dd> - <dt id="WITH_LOADER_USB"><var class="Va">WITH_LOADER_USB</var></dt> - <dd>Build the usb/kshim library - <p class="Pp"></p> - </dd> - <dt id="WITH_LOADER_VERBOSE"><var class="Va">WITH_LOADER_VERBOSE</var></dt> - <dd>Build with extra verbose debugging in the loader. May explode already - nearly too large loader over the limit. Use with care.</dd> - <dt id="WITH_LOADER_VERIEXEC~2"><var class="Va">WITH_LOADER_VERIEXEC</var></dt> - <dd>Enable building <a class="Xr">loader(8)</a> with support for verification - similar to Verified Exec. - <p class="Pp">Depends on <var class="Va">WITH_BEARSSL</var>. May require a - larger <var class="Va">LOADERSIZE</var>. When set, these options are - also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITH_LOADER_EFI_SECUREBOOT~3"><var class="Va">WITH_LOADER_EFI_SECUREBOOT</var></dt> - <dd>(unless <var class="Va">WITHOUT_LOADER_EFI_SECUREBOOT</var> is set - explicitly)</dd> - <dt id="WITH_LOADER_VERIEXEC_VECTX~2"><var class="Va">WITH_LOADER_VERIEXEC_VECTX</var></dt> - <dd>(unless <var class="Va">WITHOUT_LOADER_VERIEXEC_VECTX</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITH_LOADER_VERIEXEC_PASS_MANIFEST"><var class="Va">WITH_LOADER_VERIEXEC_PASS_MANIFEST</var></dt> - <dd>Enable building <a class="Xr">loader(8)</a> with support to pass a - verified manifest to the kernel. The kernel has to be built with a module - to parse the manifest. - <p class="Pp">Depends on <var class="Va">WITH_LOADER_VERIEXEC</var>.</p> - </dd> - <dt id="WITH_LOADER_VERIEXEC_VECTX~3"><var class="Va">WITH_LOADER_VERIEXEC_VECTX</var></dt> - <dd>Enable building <a class="Xr">loader(8)</a> with support for hashing and - verifying kernel and modules as a side effect of loading. - <p class="Pp">Depends on <var class="Va">WITH_LOADER_VERIEXEC</var>.</p> - </dd> - <dt id="WITHOUT_LOADER_ZFS~3"><var class="Va">WITHOUT_LOADER_ZFS</var></dt> - <dd>Do not build ZFS file system boot loader support.</dd> - <dt id="WITHOUT_LOCALES"><var class="Va">WITHOUT_LOCALES</var></dt> - <dd>Do not build localization files; see <a class="Xr">locale(1)</a>.</dd> - <dt id="WITHOUT_LOCATE"><var class="Va">WITHOUT_LOCATE</var></dt> - <dd>Do not build <a class="Xr">locate(1)</a> and related programs.</dd> - <dt id="WITHOUT_LPR"><var class="Va">WITHOUT_LPR</var></dt> - <dd>Do not build <a class="Xr">lpr(1)</a> and related programs.</dd> - <dt id="WITHOUT_LS_COLORS"><var class="Va">WITHOUT_LS_COLORS</var></dt> - <dd>Build <a class="Xr">ls(1)</a> without support for colors to distinguish - file types.</dd> - <dt id="WITHOUT_MACHDEP_OPTIMIZATIONS"><var class="Va">WITHOUT_MACHDEP_OPTIMIZATIONS</var></dt> - <dd>Prefer machine-independent non-assembler code in libc and libm.</dd> - <dt id="WITHOUT_MAIL"><var class="Va">WITHOUT_MAIL</var></dt> - <dd>Do not build any mail support (MUA or MTA). When set, it enforces these - options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_DMAGENT~3"><var class="Va">WITHOUT_DMAGENT</var></li> - <li id="WITHOUT_MAILWRAPPER"><var class="Va">WITHOUT_MAILWRAPPER</var></li> - <li id="WITHOUT_SENDMAIL"><var class="Va">WITHOUT_SENDMAIL</var></li> - </ul> - </dd> - <dt id="WITHOUT_MAILWRAPPER~2"><var class="Va">WITHOUT_MAILWRAPPER</var></dt> - <dd>Do not build the <a class="Xr">mailwrapper(8)</a> MTA selector.</dd> - <dt id="WITHOUT_MAKE"><var class="Va">WITHOUT_MAKE</var></dt> - <dd>Do not install <a class="Xr">make(1)</a> and related support files.</dd> - <dt id="WITHOUT_MAKE_CHECK_USE_SANDBOX"><var class="Va">WITHOUT_MAKE_CHECK_USE_SANDBOX</var></dt> - <dd>Do not execute “<code class="Li">make check</code>” in - limited sandbox mode. This option should be paired with - <var class="Va">WITH_INSTALL_AS_USER</var> if executed as an unprivileged - user. See <a class="Xr">tests(7)</a> for more details.</dd> - <dt id="WITH_MALLOC_PRODUCTION"><var class="Va">WITH_MALLOC_PRODUCTION</var></dt> - <dd>Disable assertions and statistics gathering in - <a class="Xr">malloc(3)</a>. The run-time options - <code class="Dv">opt.abort</code>, <code class="Dv">opt.abort_conf</code>, - and <code class="Dv">opt.junk</code> also default to false.</dd> - <dt id="WITHOUT_MAN"><var class="Va">WITHOUT_MAN</var></dt> - <dd>Do not build manual pages. When set, these options are also in effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_MAN_UTILS"><var class="Va">WITHOUT_MAN_UTILS</var></dt> - <dd>(unless <var class="Va">WITH_MAN_UTILS</var> is set explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_MANCOMPRESS"><var class="Va">WITHOUT_MANCOMPRESS</var></dt> - <dd>Do not install compressed man pages. Only the uncompressed versions will - be installed.</dd> - <dt id="WITH_MANSPLITPKG"><var class="Va">WITH_MANSPLITPKG</var></dt> - <dd>Split man pages into their own packages during make package.</dd> - <dt id="WITHOUT_MAN_UTILS~2"><var class="Va">WITHOUT_MAN_UTILS</var></dt> - <dd>Do not build utilities for manual pages, <a class="Xr">apropos(1)</a>, - <a class="Xr">makewhatis(1)</a>, <a class="Xr">man(1)</a>, - <a class="Xr">whatis(1)</a>, <a class="Xr">manctl(8)</a>, and related - support files.</dd> - <dt id="WITH_META_ERROR_TARGET~2"><var class="Va">WITH_META_ERROR_TARGET</var></dt> - <dd>Enable the META_MODE .ERROR target. - <p class="Pp">This target will copy the meta file of a failed target to - <var class="Va">ERROR_LOGDIR</var> (default is - ‘<code class="Li">${SRCTOP:H}/error</code>’) to help with - failure analysis. Depends on <var class="Va">WITH_META_MODE</var>. This - default when <var class="Va">WITH_DIRDEPS_BUILD</var> is set.</p> - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITH_META_MODE~2"><var class="Va">WITH_META_MODE</var></dt> - <dd>Create <a class="Xr">make(1)</a> meta files when building, which can - provide a reliable incremental build when using - <a class="Xr">filemon(4)</a>. The meta file is created in OBJDIR as - <span class="Pa">target.meta</span>. These meta files track the command - that was executed, its output, and the current directory. The - <a class="Xr">filemon(4)</a> module is required unless - <var class="Va">NO_FILEMON</var> is defined. When the module is loaded, - any files used by the commands executed are tracked as dependencies for - the target in its meta file. The target is considered out-of-date and - rebuilt if any of these conditions are true compared to the last build: - <ul class="Bl-bullet Bl-compact"> - <li>The command to execute changes.</li> - <li>The current working directory changes.</li> - <li>The target's meta file is missing.</li> - <li>The target's meta file is missing filemon data when filemon is loaded - and a previous run did not have it loaded.</li> - <li>[requires <a class="Xr">filemon(4)</a>] Files read, executed or linked - to are newer than the target.</li> - <li>[requires <a class="Xr">filemon(4)</a>] Files read, written, executed - or linked are missing.</li> - </ul> - The meta files can also be useful for debugging. - <p class="Pp">The build hides commands that are executed unless - <var class="Va">NO_SILENT</var> is defined. Errors cause - <a class="Xr">make(1)</a> to show some of its environment for further - debugging.</p> - <p class="Pp">The build operates as it normally would otherwise. This option - originally invoked a different build system but that was renamed to - <var class="Va">WITH_DIRDEPS_BUILD</var>.</p> - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITHOUT_MITKRB5~2"><var class="Va">WITHOUT_MITKRB5</var></dt> - <dd>Set this to build KTH Heimdal instead of MIT Kerberos 5.</dd> - <dt id="WITHOUT_MLX5TOOL"><var class="Va">WITHOUT_MLX5TOOL</var></dt> - <dd>Do not build <a class="Xr">mlx5tool(8)</a> - <p class="Pp">This is a default setting on arm/armv7 and riscv/riscv64.</p> - </dd> - <dt id="WITH_MLX5TOOL"><var class="Va">WITH_MLX5TOOL</var></dt> - <dd>Build <a class="Xr">mlx5tool(8)</a> - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64, - i386/i386, powerpc/powerpc64 and powerpc/powerpc64le.</p> - </dd> - <dt id="WITHOUT_NETCAT"><var class="Va">WITHOUT_NETCAT</var></dt> - <dd>Do not build <a class="Xr">nc(1)</a> utility.</dd> - <dt id="WITHOUT_NETGRAPH"><var class="Va">WITHOUT_NETGRAPH</var></dt> - <dd>Do not build applications to support <a class="Xr">netgraph(4)</a>. When - set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_BLUETOOTH~2"><var class="Va">WITHOUT_BLUETOOTH</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_NETGRAPH_SUPPORT"><var class="Va">WITHOUT_NETGRAPH_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_NETGRAPH_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_NETGRAPH_SUPPORT~2"><var class="Va">WITHOUT_NETGRAPH_SUPPORT</var></dt> - <dd>Build libraries, programs, and kernel modules without netgraph - support.</dd> - <dt id="WITHOUT_NETLINK"><var class="Va">WITHOUT_NETLINK</var></dt> - <dd>Do not build <a class="Xr">genl(1)</a> utility.</dd> - <dt id="WITHOUT_NETLINK_SUPPORT"><var class="Va">WITHOUT_NETLINK_SUPPORT</var></dt> - <dd>Make libraries and programs use rtsock and <a class="Xr">sysctl(3)</a> - interfaces instead of <a class="Xr">snl(3)</a>.</dd> - <dt id="WITHOUT_NIS"><var class="Va">WITHOUT_NIS</var></dt> - <dd>Do not build <a class="Xr">NIS(8)</a> support and related programs. If - set, you might need to adopt your <a class="Xr">nsswitch.conf(5)</a> and - remove ‘nis’ entries.</dd> - <dt id="WITHOUT_NLS"><var class="Va">WITHOUT_NLS</var></dt> - <dd>Do not build NLS catalogs. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_NLS_CATALOGS"><var class="Va">WITHOUT_NLS_CATALOGS</var></li> - </ul> - </dd> - <dt id="WITHOUT_NLS_CATALOGS~2"><var class="Va">WITHOUT_NLS_CATALOGS</var></dt> - <dd>Do not build NLS catalog support for <a class="Xr">csh(1)</a>.</dd> - <dt id="WITHOUT_NS_CACHING"><var class="Va">WITHOUT_NS_CACHING</var></dt> - <dd>Disable name caching in the <span class="Pa">nsswitch</span> subsystem. - The generic caching daemon, <a class="Xr">nscd(8)</a>, will not be built - either if this option is set.</dd> - <dt id="WITHOUT_NTP"><var class="Va">WITHOUT_NTP</var></dt> - <dd>Do not build <a class="Xr">ntpd(8)</a> and related programs.</dd> - <dt id="WITHOUT_NUAGEINIT"><var class="Va">WITHOUT_NUAGEINIT</var></dt> - <dd>Do not install the limited cloud init support scripts.</dd> - <dt id="WITHOUT_OFED"><var class="Va">WITHOUT_OFED</var></dt> - <dd>Do not build the “OpenFabrics Enterprise Distribution” - InfiniBand software stack, including kernel modules and userspace - libraries. - <p class="Pp">This is a default setting on arm/armv7. When set, it enforces - these options:</p> - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_OFED_EXTRA"><var class="Va">WITHOUT_OFED_EXTRA</var></li> - </ul> - </dd> - <dt id="WITH_OFED"><var class="Va">WITH_OFED</var></dt> - <dd>Build the “OpenFabrics Enterprise Distribution” InfiniBand - software stack, including kernel modules and userspace libraries. - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64, - i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITH_OFED_EXTRA"><var class="Va">WITH_OFED_EXTRA</var></dt> - <dd>Build the non-essential components of the “OpenFabrics Enterprise - Distribution” Infiniband software stack, mostly examples.</dd> - <dt id="WITH_OPENLDAP"><var class="Va">WITH_OPENLDAP</var></dt> - <dd>Enable building LDAP support for kerberos using an openldap client from - ports.</dd> - <dt id="WITHOUT_OPENMP"><var class="Va">WITHOUT_OPENMP</var></dt> - <dd>Do not build LLVM's OpenMP runtime. - <p class="Pp">This is a default setting on arm/armv7.</p> - </dd> - <dt id="WITH_OPENMP"><var class="Va">WITH_OPENMP</var></dt> - <dd>Build LLVM's OpenMP runtime. - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64, - i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITHOUT_OPENSSH~2"><var class="Va">WITHOUT_OPENSSH</var></dt> - <dd>Do not build OpenSSH.</dd> - <dt id="WITHOUT_OPENSSL~2"><var class="Va">WITHOUT_OPENSSL</var></dt> - <dd>Do not build OpenSSL. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_DMAGENT~4"><var class="Va">WITHOUT_DMAGENT</var></li> - <li id="WITHOUT_KERBEROS~3"><var class="Va">WITHOUT_KERBEROS</var></li> - <li id="WITHOUT_LDNS~3"><var class="Va">WITHOUT_LDNS</var></li> - <li id="WITHOUT_LDNS_UTILS~4"><var class="Va">WITHOUT_LDNS_UTILS</var></li> - <li id="WITHOUT_LOADER_ZFS~4"><var class="Va">WITHOUT_LOADER_ZFS</var></li> - <li id="WITHOUT_MITKRB5~3"><var class="Va">WITHOUT_MITKRB5</var></li> - <li id="WITHOUT_OPENSSH~3"><var class="Va">WITHOUT_OPENSSH</var></li> - <li id="WITHOUT_OPENSSL_KTLS~2"><var class="Va">WITHOUT_OPENSSL_KTLS</var></li> - <li id="WITHOUT_PKGBOOTSTRAP~2"><var class="Va">WITHOUT_PKGBOOTSTRAP</var></li> - <li id="WITHOUT_UNBOUND~3"><var class="Va">WITHOUT_UNBOUND</var></li> - <li id="WITHOUT_ZFS~3"><var class="Va">WITHOUT_ZFS</var></li> - <li id="WITHOUT_ZFS_TESTS~3"><var class="Va">WITHOUT_ZFS_TESTS</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_KERBEROS_SUPPORT~4"><var class="Va">WITHOUT_KERBEROS_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_KERBEROS_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_OPENSSL_KTLS~3"><var class="Va">WITHOUT_OPENSSL_KTLS</var></dt> - <dd>Do not include kernel TLS support in OpenSSL. - <p class="Pp">This is a default setting on arm/armv7, i386/i386 and - riscv/riscv64.</p> - </dd> - <dt id="WITH_OPENSSL_KTLS"><var class="Va">WITH_OPENSSL_KTLS</var></dt> - <dd>Include kernel TLS support in OpenSSL. - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64, - powerpc/powerpc64 and powerpc/powerpc64le.</p> - </dd> - <dt id="WITHOUT_PAM"><var class="Va">WITHOUT_PAM</var></dt> - <dd>Do not build PAM library and modules. - <div class="Bf Sy">This option is deprecated and does nothing.</div> - When set, these options are also in effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_PAM_SUPPORT"><var class="Va">WITHOUT_PAM_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_PAM_SUPPORT</var> is set explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_PAM_SUPPORT~2"><var class="Va">WITHOUT_PAM_SUPPORT</var></dt> - <dd>Build <a class="Xr">ppp(8)</a> without PAM support.</dd> - <dt id="WITHOUT_PF"><var class="Va">WITHOUT_PF</var></dt> - <dd>Do not build PF firewall package. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_AUTHPF~2"><var class="Va">WITHOUT_AUTHPF</var></li> - </ul> - </dd> - <dt id="WITHOUT_PIE"><var class="Va">WITHOUT_PIE</var></dt> - <dd>Do not build dynamically linked binaries as Position-Independent - Executable (PIE). - <p class="Pp">This is a default setting on arm/armv7 and i386/i386.</p> - </dd> - <dt id="WITH_PIE"><var class="Va">WITH_PIE</var></dt> - <dd>Build dynamically linked binaries as Position-Independent Executable - (PIE). - <p class="Pp">This is a default setting on amd64/amd64, arm64/aarch64, - powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.</p> - </dd> - <dt id="WITHOUT_PKGBOOTSTRAP~3"><var class="Va">WITHOUT_PKGBOOTSTRAP</var></dt> - <dd>Do not build <a class="Xr">pkg(7)</a> bootstrap tool.</dd> - <dt id="WITHOUT_PKGCONF"><var class="Va">WITHOUT_PKGCONF</var></dt> - <dd>Do not build the pkgconf binaries nor the libpkgconf library.</dd> - <dt id="WITHOUT_PKGSERVE"><var class="Va">WITHOUT_PKGSERVE</var></dt> - <dd>Do not build or install <a class="Xr">pkg-serve(8)</a>.</dd> - <dt id="WITHOUT_PMC"><var class="Va">WITHOUT_PMC</var></dt> - <dd>Do not build <a class="Xr">pmccontrol(8)</a> and related programs.</dd> - <dt id="WITHOUT_PPP"><var class="Va">WITHOUT_PPP</var></dt> - <dd>Do not build <a class="Xr">ppp(8)</a> and related programs.</dd> - <dt id="WITHOUT_PTHREADS_ASSERTIONS"><var class="Va">WITHOUT_PTHREADS_ASSERTIONS</var></dt> - <dd>Disable debugging assertions in pthreads library.</dd> - <dt id="WITHOUT_QUOTAS"><var class="Va">WITHOUT_QUOTAS</var></dt> - <dd>Do not build <a class="Xr">quota(1)</a> and related programs.</dd> - <dt id="WITHOUT_RADIUS_SUPPORT"><var class="Va">WITHOUT_RADIUS_SUPPORT</var></dt> - <dd>Do not build radius support into various applications, like - <a class="Xr">pam_radius(8)</a> and <a class="Xr">ppp(8)</a>.</dd> - <dt id="WITH_RATELIMIT"><var class="Va">WITH_RATELIMIT</var></dt> - <dd>Build the system with rate limit support. - <p class="Pp">This makes <code class="Dv">SO_MAX_PACING_RATE</code> - effective in <a class="Xr">getsockopt(2)</a>, and - <var class="Ar">txrlimit</var> support in <a class="Xr">ifconfig(8)</a>, - by proxy.</p> - </dd> - <dt id="WITHOUT_RBOOTD"><var class="Va">WITHOUT_RBOOTD</var></dt> - <dd>Do not build or install <a class="Xr">rbootd(8)</a>.</dd> - <dt id="WITHOUT_RELRO"><var class="Va">WITHOUT_RELRO</var></dt> - <dd>Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. - See also the <var class="Va">BIND_NOW</var> option.</dd> - <dt id="WITH_REPRODUCIBLE_BUILD"><var class="Va">WITH_REPRODUCIBLE_BUILD</var></dt> - <dd>Exclude build metadata (such as the build time, user, or host) from the - kernel, boot loaders, and <a class="Xr">uname(1)</a> output, so that - builds produce bit-for-bit identical output.</dd> - <dt id="WITH_REPRODUCIBLE_PATHS"><var class="Va">WITH_REPRODUCIBLE_PATHS</var></dt> - <dd>Modify the paths encoded in binary artifacts to be standard path - <p class="Pp">Normally, the actual path is encoded in the binary. However, - this makes the build differ depending on the path it was built from. - With this option enabled, the paths recorded are /usr/src, regardless of - the actual path. With this option disabled, the actual paths are - recorded.</p> - </dd> - <dt id="WITHOUT_RESCUE"><var class="Va">WITHOUT_RESCUE</var></dt> - <dd>Do not build <a class="Xr">rescue(8)</a>.</dd> - <dt id="WITH_RETPOLINE"><var class="Va">WITH_RETPOLINE</var></dt> - <dd>Build the base system with the retpoline speculative execution - vulnerability mitigation for CVE-2017-5715.</dd> - <dt id="WITHOUT_ROUTED"><var class="Va">WITHOUT_ROUTED</var></dt> - <dd>Do not build <a class="Xr">routed(8)</a> utility.</dd> - <dt id="WITH_RPCBIND_WARMSTART_SUPPORT"><var class="Va">WITH_RPCBIND_WARMSTART_SUPPORT</var></dt> - <dd>Build <a class="Xr">rpcbind(8)</a> with warmstart support.</dd> - <dt id="WITH_RUN_TESTS"><var class="Va">WITH_RUN_TESTS</var></dt> - <dd>Run tests as part of the build.</dd> - <dt id="WITHOUT_SCTP_SUPPORT"><var class="Va">WITHOUT_SCTP_SUPPORT</var></dt> - <dd>Disable support in the kernel for the <a class="Xr">sctp(4)</a> Stream - Control Transmission Protocol loadable kernel module.</dd> - <dt id="WITHOUT_SENDMAIL~2"><var class="Va">WITHOUT_SENDMAIL</var></dt> - <dd>Do not build <a class="Xr">sendmail(8)</a> and related programs.</dd> - <dt id="WITHOUT_SERVICESDB"><var class="Va">WITHOUT_SERVICESDB</var></dt> - <dd>Do not install <span class="Pa">/var/db/services.db</span>.</dd> - <dt id="WITHOUT_SETUID_LOGIN"><var class="Va">WITHOUT_SETUID_LOGIN</var></dt> - <dd>Set this to disable the installation of <a class="Xr">login(1)</a> as a - set-user-ID root program.</dd> - <dt id="WITHOUT_SHAREDOCS"><var class="Va">WITHOUT_SHAREDOCS</var></dt> - <dd>Do not build the <span class="Ux">4.4BSD</span> legacy docs.</dd> - <dt id="WITH_SORT_THREADS"><var class="Va">WITH_SORT_THREADS</var></dt> - <dd>Enable threads in <a class="Xr">sort(1)</a>.</dd> - <dt id="WITHOUT_SOUND"><var class="Va">WITHOUT_SOUND</var></dt> - <dd>Do not build userland sound utilities such as <a class="Xr">beep(1)</a> - and <a class="Xr">mixer(8)</a>.</dd> - <dt id="WITHOUT_SOURCELESS"><var class="Va">WITHOUT_SOURCELESS</var></dt> - <dd>Do not build kernel modules that include sourceless code (either microcode - or native code for host CPU). When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_SOURCELESS_HOST"><var class="Va">WITHOUT_SOURCELESS_HOST</var></li> - <li id="WITHOUT_SOURCELESS_UCODE"><var class="Va">WITHOUT_SOURCELESS_UCODE</var></li> - </ul> - </dd> - <dt id="WITHOUT_SOURCELESS_HOST~2"><var class="Va">WITHOUT_SOURCELESS_HOST</var></dt> - <dd>Do not build kernel modules that include sourceless native code for host - CPU.</dd> - <dt id="WITHOUT_SOURCELESS_UCODE~2"><var class="Va">WITHOUT_SOURCELESS_UCODE</var></dt> - <dd>Do not build kernel modules that include sourceless microcode.</dd> - <dt id="WITHOUT_SPLIT_KERNEL_DEBUG"><var class="Va">WITHOUT_SPLIT_KERNEL_DEBUG</var></dt> - <dd>Do not build standalone kernel debug files. Debug data (if enabled by the - kernel configuration file) will be included in the kernel and modules. - When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_KERNEL_SYMBOLS~2"><var class="Va">WITHOUT_KERNEL_SYMBOLS</var></li> - </ul> - </dd> - <dt id="WITHOUT_SSP"><var class="Va">WITHOUT_SSP</var></dt> - <dd>Do not build world with stack smashing protection. See - <a class="Xr">mitigations(7)</a> for more information.</dd> - <dt id="WITH_STAGING~2"><var class="Va">WITH_STAGING</var></dt> - <dd>Enable staging of files to a stage tree. This can be best thought of as - auto-install to <var class="Va">DESTDIR</var> with some extra meta data to - ensure dependencies can be tracked. Depends on - <var class="Va">WITH_DIRDEPS_BUILD</var>. When set, these options are also - in effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITH_STAGING_MAN~2"><var class="Va">WITH_STAGING_MAN</var></dt> - <dd>(unless <var class="Va">WITHOUT_STAGING_MAN</var> is set - explicitly)</dd> - <dt id="WITH_STAGING_PROG~2"><var class="Va">WITH_STAGING_PROG</var></dt> - <dd>(unless <var class="Va">WITHOUT_STAGING_PROG</var> is set - explicitly)</dd> - </dl> - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITH_STAGING_MAN~3"><var class="Va">WITH_STAGING_MAN</var></dt> - <dd>Enable staging of man pages to stage tree.</dd> - <dt id="WITH_STAGING_PROG~3"><var class="Va">WITH_STAGING_PROG</var></dt> - <dd>Enable staging of PROGs to stage tree.</dd> - <dt id="WITH_STALE_STAGED"><var class="Va">WITH_STALE_STAGED</var></dt> - <dd>Check staged files are not stale.</dd> - <dt id="WITHOUT_STATS"><var class="Va">WITHOUT_STATS</var></dt> - <dd>Neither build nor install <span class="Lb">library - “libstats”</span> and dependent binaries.</dd> - <dt id="WITHOUT_SYSCONS"><var class="Va">WITHOUT_SYSCONS</var></dt> - <dd>Do not build <a class="Xr">syscons(4)</a> support files such as keyboard - maps, fonts, and screen output maps.</dd> - <dt id="WITH_SYSROOT~2"><var class="Va">WITH_SYSROOT</var></dt> - <dd>Enable use of sysroot during build. Depends on - <var class="Va">WITH_DIRDEPS_BUILD</var>. - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITHOUT_SYSTEM_COMPILER"><var class="Va">WITHOUT_SYSTEM_COMPILER</var></dt> - <dd>Do not opportunistically skip building a cross-compiler during the - bootstrap phase of the build. Normally, if the currently installed - compiler matches the planned bootstrap compiler type and revision, then it - will not be built. This does not prevent a compiler from being built for - installation though, only for building one for the build itself. The - <var class="Va">WITHOUT_CLANG</var> option controls that.</dd> - <dt id="WITHOUT_SYSTEM_LINKER"><var class="Va">WITHOUT_SYSTEM_LINKER</var></dt> - <dd>Do not opportunistically skip building a cross-linker during the bootstrap - phase of the build. Normally, if the currently installed linker matches - the planned bootstrap linker type and revision, then it will not be built. - This does not prevent a linker from being built for installation though, - only for building one for the build itself. The - <var class="Va">WITHOUT_LLD</var> option controls that. - <p class="Pp">This option is only relevant when - <var class="Va">WITH_LLD_BOOTSTRAP</var> is set.</p> - </dd> - <dt id="WITHOUT_TALK"><var class="Va">WITHOUT_TALK</var></dt> - <dd>Do not build or install <a class="Xr">talk(1)</a> and - <a class="Xr">talkd(8)</a>.</dd> - <dt id="WITHOUT_TCP_WRAPPERS"><var class="Va">WITHOUT_TCP_WRAPPERS</var></dt> - <dd>Do not build or install <a class="Xr">tcpd(8)</a>, and related - utilities.</dd> - <dt id="WITHOUT_TCSH"><var class="Va">WITHOUT_TCSH</var></dt> - <dd>Do not build and install <span class="Pa">/bin/csh</span> (which is - <a class="Xr">tcsh(1)</a>).</dd> - <dt id="WITHOUT_TELNET"><var class="Va">WITHOUT_TELNET</var></dt> - <dd>Do not build <a class="Xr">telnet(1)</a> and related programs.</dd> - <dt id="WITHOUT_TESTS"><var class="Va">WITHOUT_TESTS</var></dt> - <dd>Do not build nor install the <span class="Ux">FreeBSD</span> Test Suite in - <span class="Pa">/usr/tests/</span>. See <a class="Xr">tests(7)</a> for - more details. This also disables the build of all test-related - dependencies, including ATF. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_DTRACE_TESTS"><var class="Va">WITHOUT_DTRACE_TESTS</var></li> - <li id="WITHOUT_ZFS_TESTS~4"><var class="Va">WITHOUT_ZFS_TESTS</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_GOOGLETEST~2"><var class="Va">WITHOUT_GOOGLETEST</var></dt> - <dd>(unless <var class="Va">WITH_GOOGLETEST</var> is set explicitly)</dd> - <dt id="WITHOUT_TESTS_SUPPORT"><var class="Va">WITHOUT_TESTS_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_TESTS_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_TESTS_SUPPORT~2"><var class="Va">WITHOUT_TESTS_SUPPORT</var></dt> - <dd>Disable the build of all test-related dependencies, including ATF. When - set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_GOOGLETEST~3"><var class="Va">WITHOUT_GOOGLETEST</var></li> - </ul> - </dd> - <dt id="WITHOUT_TEXTPROC"><var class="Va">WITHOUT_TEXTPROC</var></dt> - <dd>Do not build programs used for text processing.</dd> - <dt id="WITHOUT_TFTP"><var class="Va">WITHOUT_TFTP</var></dt> - <dd>Do not build or install <a class="Xr">tftp(1)</a> and - <a class="Xr">tftpd(8)</a>.</dd> - <dt id="WITHOUT_TOOLCHAIN"><var class="Va">WITHOUT_TOOLCHAIN</var></dt> - <dd>Do not install programs used for program development, compilers, debuggers - etc. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_CLANG~2"><var class="Va">WITHOUT_CLANG</var></li> - <li id="WITHOUT_CLANG_EXTRAS~2"><var class="Va">WITHOUT_CLANG_EXTRAS</var></li> - <li id="WITHOUT_CLANG_FORMAT~2"><var class="Va">WITHOUT_CLANG_FORMAT</var></li> - <li id="WITHOUT_CLANG_FULL~3"><var class="Va">WITHOUT_CLANG_FULL</var></li> - <li id="WITHOUT_LLD~2"><var class="Va">WITHOUT_LLD</var></li> - <li id="WITHOUT_LLDB~2"><var class="Va">WITHOUT_LLDB</var></li> - <li id="WITHOUT_LLVM_COV~3"><var class="Va">WITHOUT_LLVM_COV</var></li> - </ul> - <p class="Pp">When set, these options are also in effect:</p> - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_LLVM_BINUTILS~2"><var class="Va">WITHOUT_LLVM_BINUTILS</var></dt> - <dd>(unless <var class="Va">WITH_LLVM_BINUTILS</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITH_UBSAN"><var class="Va">WITH_UBSAN</var></dt> - <dd>Build the base system with Undefined Behavior Sanitizer (UBSan) to detect - various kinds of undefined behavior at runtime. Requires that Clang be - used as the base system compiler and that the runtime support library is - available</dd> - <dt id="WITHOUT_UNBOUND~4"><var class="Va">WITHOUT_UNBOUND</var></dt> - <dd>Do not build <a class="Xr">unbound(8)</a> and related programs.</dd> - <dt id="WITH_UNDEFINED_VERSION"><var class="Va">WITH_UNDEFINED_VERSION</var></dt> - <dd>Link libraries with --undefined-version which permits version maps to - contain symbols that are not present in the library. If this is necessary - to build a particular configuration, a bug is present and the - configuration should be reported.</dd> - <dt id="WITHOUT_UNIFIED_OBJDIR"><var class="Va">WITHOUT_UNIFIED_OBJDIR</var></dt> - <dd>Use the historical object directory format for <a class="Xr">build(7)</a> - targets. For native-builds and builds done directly in sub-directories the - format of <span class="Pa">${MAKEOBJDIRPREFIX}/${.CURDIR}</span> is used, - while for cross-builds - <span class="Pa">${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR}</span> - is used. - <p class="Pp">This option is transitional and will be removed in a future - version of <span class="Ux">FreeBSD</span>, at which time - <var class="Va">WITH_UNIFIED_OBJDIR</var> will be enabled - permanently.</p> - <p class="Pp">This must be set in the environment, make command line, or - <span class="Pa">/etc/src-env.conf</span>, not - <span class="Pa">/etc/src.conf</span>.</p> - </dd> - <dt id="WITHOUT_USB"><var class="Va">WITHOUT_USB</var></dt> - <dd>Do not build USB-related programs and libraries. When set, it enforces - these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_USB_GADGET_EXAMPLES"><var class="Va">WITHOUT_USB_GADGET_EXAMPLES</var></li> - </ul> - </dd> - <dt id="WITHOUT_USB_GADGET_EXAMPLES~2"><var class="Va">WITHOUT_USB_GADGET_EXAMPLES</var></dt> - <dd>Do not build USB gadget kernel modules.</dd> - <dt id="WITHOUT_UTMPX"><var class="Va">WITHOUT_UTMPX</var></dt> - <dd>Do not build user accounting tools such as <a class="Xr">last(1)</a>, - <a class="Xr">users(1)</a>, <a class="Xr">who(1)</a>, - <a class="Xr">ac(8)</a>, <a class="Xr">lastlogin(8)</a> and - <a class="Xr">utx(8)</a>.</dd> - <dt id="WITH_VERIEXEC~2"><var class="Va">WITH_VERIEXEC</var></dt> - <dd>Enable building <a class="Xr">veriexec(8)</a> which loads the contents of - verified manifests into the kernel for use by - <a class="Xr">mac_veriexec(4)</a> - <p class="Pp">Depends on <var class="Va">WITH_BEARSSL</var>.</p> - </dd> - <dt id="WITHOUT_VI"><var class="Va">WITHOUT_VI</var></dt> - <dd>Do not build and install vi, view, ex and related programs.</dd> - <dt id="WITHOUT_VT"><var class="Va">WITHOUT_VT</var></dt> - <dd>Do not build <a class="Xr">vt(4)</a> support files (fonts and - keymaps).</dd> - <dt id="WITHOUT_WARNS"><var class="Va">WITHOUT_WARNS</var></dt> - <dd>Set this to not add warning flags to the compiler invocations. Useful as a - temporary workaround when code enters the tree which triggers warnings in - environments that differ from the original developer.</dd> - <dt id="WITHOUT_WERROR"><var class="Va">WITHOUT_WERROR</var></dt> - <dd>Set this to not treat compiler warnings as errors. Useful as a temporary - workaround when working on fixing compiler warnings. When set, warnings - are still printed in the build log but do not fail the build.</dd> - <dt id="WITHOUT_WIRELESS"><var class="Va">WITHOUT_WIRELESS</var></dt> - <dd>Do not build programs used for 802.11 wireless networks; especially - <a class="Xr">wpa_supplicant(8)</a> and <a class="Xr">hostapd(8)</a>. When - set, these options are also in effect: - <p class="Pp"></p> - <dl class="Bl-inset Bl-compact"> - <dt id="WITHOUT_WIRELESS_SUPPORT"><var class="Va">WITHOUT_WIRELESS_SUPPORT</var></dt> - <dd>(unless <var class="Va">WITH_WIRELESS_SUPPORT</var> is set - explicitly)</dd> - </dl> - </dd> - <dt id="WITHOUT_WIRELESS_SUPPORT~2"><var class="Va">WITHOUT_WIRELESS_SUPPORT</var></dt> - <dd>Build libraries, programs, and kernel modules without 802.11 wireless - support.</dd> - <dt id="WITHOUT_WPA_SUPPLICANT_EAPOL"><var class="Va">WITHOUT_WPA_SUPPLICANT_EAPOL</var></dt> - <dd>Build <a class="Xr">wpa_supplicant(8)</a> without support for the IEEE - 802.1X protocol and without support for EAP-PEAP, EAP-TLS, EAP-LEAP, and - EAP-TTLS protocols (usable only via 802.1X).</dd> - <dt id="WITH_ZEROREGS"><var class="Va">WITH_ZEROREGS</var></dt> - <dd>Build the basesystem with code to zero caller-used register contents on - function return. This prevents leaking temporary values for side channel - attacks. Additionally this reduces the number of usable ROP gadgets for - attackers.</dd> - <dt id="WITHOUT_ZFS~4"><var class="Va">WITHOUT_ZFS</var></dt> - <dd>Do not build the ZFS file system kernel module, libraries such as - <a class="Xr">libbe(3)</a>, and user commands such as - <a class="Xr">zpool(8)</a> or <a class="Xr">zfs(8)</a>. Also disable ZFS - support in utilities and libraries which implement ZFS-specific - functionality. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_ZFS_TESTS~5"><var class="Va">WITHOUT_ZFS_TESTS</var></li> - </ul> - </dd> - <dt id="WITHOUT_ZFS_TESTS~6"><var class="Va">WITHOUT_ZFS_TESTS</var></dt> - <dd>Do not build and install the legacy ZFS test suite.</dd> - <dt id="WITHOUT_ZONEINFO"><var class="Va">WITHOUT_ZONEINFO</var></dt> - <dd>Do not build the timezone database. When set, it enforces these options: - <p class="Pp"></p> - <ul class="Bl-item Bl-compact"> - <li id="WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT"><var class="Va">WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT</var></li> - </ul> - </dd> - <dt id="WITH_ZONEINFO_LEAPSECONDS_SUPPORT"><var class="Va">WITH_ZONEINFO_LEAPSECONDS_SUPPORT</var></dt> - <dd>Build leapsecond information in to the timezone database. This option - violates <span class="St">IEEE Std 1003.1 (“POSIX.1”)</span> - and all other applicable standards, and is known to cause unexpected - issues with date/time handling in many applications and programming - languages.</dd> -</dl> -<p class="Pp">The following options accept a single value from a list of valid - values.</p> -<dl class="Bl-tag"> - <dt id="INIT_ALL"><var class="Va">INIT_ALL</var></dt> - <dd>Control default initialization of stack variables in C and C++ code. - Options other than <code class="Li">none</code> require the Clang compiler - or GCC 12.0 or later. The default value is <code class="Li">none</code>. - Valid values are: - <dl class="Bl-tag"> - <dt id="none"><a class="permalink" href="#none"><code class="Li">none</code></a></dt> - <dd>Do not initialize stack variables (standard C/C++ behavior).</dd> - <dt id="pattern"><a class="permalink" href="#pattern"><code class="Li">pattern</code></a></dt> - <dd>Build the base system or kernel with stack variables initialized to - (compiler defined) debugging patterns on function entry.</dd> - <dt id="zero"><a class="permalink" href="#zero"><code class="Li">zero</code></a></dt> - <dd>Build the base system or kernel with stack variables initialized to - zero on function entry. This value is converted to - <code class="Li">none</code> for amd64 kernel builds due to - incompatibility with ifunc memset.</dd> - </dl> - </dd> - <dt id="LIBC_MALLOC"><var class="Va">LIBC_MALLOC</var></dt> - <dd>Specify the <a class="Xr">malloc(3)</a> implementation used by libc. The - default value is <code class="Li">jemalloc</code>. Valid values are: - <dl class="Bl-tag"> - <dt id="jemalloc"><a class="permalink" href="#jemalloc"><code class="Li">jemalloc</code></a></dt> - <dd style="width: auto;"> </dd> - </dl> - <p class="Pp">Other implementations are expected in the future in both - <span class="Ux">FreeBSD</span> and downstream consumers.</p> - </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/src.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/etc/src-env.conf</span></dt> - <dd style="width: auto;"> </dd> - <dt><span class="Pa">/usr/share/mk/bsd.own.mk</span></dt> - <dd style="width: auto;"> </dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">make(1)</a>, <a class="Xr">make.conf(5)</a>, - <a class="Xr">build(7)</a>, <a class="Xr">ports(7)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">src.conf</code> file appeared in - <span class="Ux">FreeBSD 7.0</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was autogenerated by - <span class="An">tools/build/options/makeman</span>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">April 22, 2026</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/stab.5 3.html b/static/freebsd/man5/stab.5 3.html deleted file mode 100644 index 2e5d2d2d..00000000 --- a/static/freebsd/man5/stab.5 3.html +++ /dev/null @@ -1,163 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">STAB(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">STAB(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">stab</code> — <span class="Nd">symbol - table types</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><code class="In">#include - <<a class="In">stab.h</a>></code></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The file <code class="In"><<a class="In">stab.h</a>></code> - defines some of the symbol table <var class="Fa">n_type</var> field values - for a.out files. These are the types for permanent symbols (i.e., not local - labels, etc.) used by the old debugger <i class="Em">sdb</i> and the - Berkeley Pascal compiler <a class="Xr">pc(1)</a>. Symbol table entries can - be produced by the <span class="Pa">.stabs</span> assembler directive. This - allows one to specify a double-quote delimited name, a symbol type, one char - and one short of information about the symbol, and an unsigned long (usually - an address). To avoid having to produce an explicit label for the address - field, the <span class="Pa">.stabd</span> directive can be used to - implicitly address the current location. If no name is needed, symbol table - entries can be generated using the <span class="Pa">.stabn</span> directive. - The loader promises to preserve the order of symbol table entries produced - by <span class="Pa">.stab</span> directives. As described in - <a class="Xr">a.out(5)</a>, an element of the symbol table consists of the - following structure:</p> -<div class="Bd Pp Li"> -<pre>/* -* Format of a symbol table entry. -*/ - -struct nlist { - union { - const char *n_name; /* for use when in-core */ - long n_strx; /* index into file string table */ - } n_un; - unsigned char n_type; /* type flag */ - char n_other; /* unused */ - short n_desc; /* see struct desc, below */ - unsigned n_value; /* address or offset or line */ -};</pre> -</div> -<p class="Pp">The low bits of the <var class="Fa">n_type</var> field are used to - place a symbol into at most one segment, according to the following masks, - defined in <code class="In"><<a class="In">a.out.h</a>></code>. A - symbol can be in none of these segments by having none of these segment bits - set.</p> -<div class="Bd Pp Li"> -<pre>/* -* Simple values for n_type. -*/ - -#define N_UNDF 0x0 /* undefined */ -#define N_ABS 0x2 /* absolute */ -#define N_TEXT 0x4 /* text */ -#define N_DATA 0x6 /* data */ -#define N_BSS 0x8 /* bss */ - -#define N_EXT 01 /* external bit, or'ed in */</pre> -</div> -<p class="Pp">The <var class="Fa">n_value</var> field of a symbol is relocated - by the linker, <a class="Xr">ld(1)</a> as an address within the appropriate - segment. <var class="Fa">N_value</var> fields of symbols not in any segment - are unchanged by the linker. In addition, the linker will discard certain - symbols, according to rules of its own, unless the - <var class="Fa">n_type</var> field has one of the following bits set:</p> -<div class="Bd Pp Li"> -<pre>/* -* Other permanent symbol table entries have some of the N_STAB bits set. -* These are given in <stab.h> -*/ - -#define N_STAB 0xe0 /* if any of these bits set, don't discard */</pre> -</div> -<p class="Pp">This allows up to 112 (7 ∗ 16) symbol types, split between - the various segments. Some of these have already been claimed. The old - symbolic debugger, <i class="Em">sdb</i>, uses the following n_type - values:</p> -<div class="Bd Pp Li"> -<pre>#define N_GSYM 0x20 /* global symbol: name,,0,type,0 */ -#define N_FNAME 0x22 /* procedure name (f77 kludge): name,,0 */ -#define N_FUN 0x24 /* procedure: name,,0,linenumber,address */ -#define N_STSYM 0x26 /* static symbol: name,,0,type,address */ -#define N_LCSYM 0x28 /* .lcomm symbol: name,,0,type,address */ -#define N_RSYM 0x40 /* register sym: name,,0,type,register */ -#define N_SLINE 0x44 /* src line: 0,,0,linenumber,address */ -#define N_SSYM 0x60 /* structure elt: name,,0,type,struct_offset */ -#define N_SO 0x64 /* source file name: name,,0,0,address */ -#define N_LSYM 0x80 /* local sym: name,,0,type,offset */ -#define N_SOL 0x84 /* #included file name: name,,0,0,address */ -#define N_PSYM 0xa0 /* parameter: name,,0,type,offset */ -#define N_ENTRY 0xa4 /* alternate entry: name,linenumber,address */ -#define N_LBRAC 0xc0 /* left bracket: 0,,0,nesting level,address */ -#define N_RBRAC 0xe0 /* right bracket: 0,,0,nesting level,address */ -#define N_BCOMM 0xe2 /* begin common: name,, */ -#define N_ECOMM 0xe4 /* end common: name,, */ -#define N_ECOML 0xe8 /* end common (local name): ,,address */ -#define N_LENG 0xfe /* second stab entry with length information */</pre> -</div> -<p class="Pp" id="Sdb">where the comments give <i class="Em">sdb</i> - conventional use for <span class="Pa">.stab</span> <var class="Fa">s</var> - and the <var class="Fa">n_name</var>, <var class="Fa">n_other</var>, - <var class="Fa">n_desc</var>, and <var class="Fa">n_value</var> fields of - the given <var class="Fa">n_type</var>. - <a class="permalink" href="#Sdb"><i class="Em">Sdb</i></a> uses the - <var class="Fa">n_desc</var> field to hold a type specifier in the form used - by the Portable C Compiler, <a class="Xr">cc(1)</a>; see the header file - <span class="Pa">pcc.h</span> for details on the format of these type - values.</p> -<p class="Pp">The Berkeley Pascal compiler, <a class="Xr">pc(1)</a>, uses the - following <var class="Fa">n_type</var> value:</p> -<div class="Bd Pp Li"> -<pre>#define N_PC 0x30 /* global pascal symbol: name,,0,subtype,line */</pre> -</div> -<p class="Pp">and uses the following subtypes to do type checking across - separately compiled files:</p> -<div class="Bd Pp Bd-indent"> -<pre>1 source file name -2 included file name -3 global label -4 global constant -5 global type -6 global variable -7 global function -8 global procedure -9 external function -10 external procedure -11 library variable -12 library routine</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">as(1)</a>, <a class="Xr">ld(1)</a>, - <a class="Xr">a.out(5)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">stab</code> file appeared in - <span class="Ux">4.0BSD</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">More basic types are needed.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 10, 2010</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/style.Makefile.5 3.html b/static/freebsd/man5/style.Makefile.5 3.html deleted file mode 100644 index 6d8336bc..00000000 --- a/static/freebsd/man5/style.Makefile.5 3.html +++ /dev/null @@ -1,168 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">STYLE.MAKEFILE(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">STYLE.MAKEFILE(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">style.Makefile</code> — - <span class="Nd">FreeBSD Makefile style guide</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">This file specifies the preferred style for makefiles in the - <span class="Ux">FreeBSD</span> source tree.</p> -<ul class="Bl-bullet"> - <li id=".PATH"><a class="permalink" href="#.PATH"><code class="Cm">.PATH</code></a>: - comes first if needed, and is spelled “<code class="Li">.PATH: - </code>”, with a single ASCII space after a colon. Do not use the - <var class="Va">VPATH</var> variable.</li> - <li>Special variables (i.e., <var class="Va">LIB</var>, - <var class="Va">SRCS</var>, <var class="Va">MLINKS</var>, etc.) are listed - in order of “product”, then building and installing a - binary. Special variables may also be listed in “build” - order: i.e., ones for the primary program (or library) first. The general - “product” order is: - <var class="Va">PROG</var>/[<var class="Va">SH</var>]<var class="Va">LIB</var>/<var class="Va">SCRIPTS</var> - <var class="Va">FILES</var> <var class="Va">LINKS</var> - <var class="Va">MAN</var> <var class="Va">MLINKS</var> - <var class="Va">INCS</var> <var class="Va">SRCS</var> - <var class="Va">WARNS</var> <var class="Va">CSTD</var> - <var class="Va">CFLAGS</var> <var class="Va">DPADD</var> - <var class="Va">LDADD</var>. The general “build” order is: - <var class="Va">PROG</var>/[<var class="Va">SH</var>]<var class="Va">LIB</var>/<var class="Va">SCRIPTS</var> - <var class="Va">SRCS</var> <var class="Va">WARNS</var> - <var class="Va">CSTD</var> <var class="Va">CFLAGS</var> - <var class="Va">DPADD</var> <var class="Va">LDADD</var> - <var class="Va">INCS</var> <var class="Va">FILES</var> - <var class="Va">LINKS</var> <var class="Va">MAN</var> - <var class="Va">MLINKS</var>.</li> - <li>Omit <var class="Va">SRCS</var> when using - <code class="In"><<a class="In">bsd.prog.mk</a>></code> and there is - a single source file named the same as the - <var class="Va">PROG</var>.</li> - <li>Omit <var class="Va">MAN</var> when using - <code class="In"><<a class="In">bsd.prog.mk</a>></code> and the - manual page is named the same as the <var class="Va">PROG</var>, and is in - section 1.</li> - <li>All variable assignments are spelled - “<var class="Va">VAR</var><code class="Ic">=</code>”, i.e., - no space between the variable name and the <code class="Ic">=</code>. Keep - values sorted alphabetically, if possible.</li> - <li id="__">Variables are expanded with - <a class="permalink" href="#__"><b class="Sy">{}</b></a>, not - <a class="permalink" href="#()"><b class="Sy" id="()">()</b></a>. Such as - <var class="Va">${VARIABLE}</var>.</li> - <li>Do not use <code class="Ic">+=</code> to set variables that are only set - once (or to set variables for the first time).</li> - <li>Do not use vertical whitespace in simple makefiles, but do use it to group - locally related things in more complex/longer ones.</li> - <li id="WARNS"><var class="Va">WARNS</var> comes before - <var class="Va">CFLAGS</var>, as it is basically a - <var class="Va">CFLAGS</var> modifier. It comes before - <var class="Va">CFLAGS</var> rather than after - <var class="Va">CFLAGS</var> so it does not get lost in a sea of - <var class="Va">CFLAGS</var> statements as <var class="Va">WARNS</var> is - an important thing. The usage of <var class="Va">WARNS</var> is spelled - “<code class="Li">WARNS?= </code>”, so that it may be - overridden on the command line or in <a class="Xr">make.conf(5)</a>.</li> - <li>“<code class="Li">MK_WERROR=no</code>” should not be used, - it defeats the purpose of <var class="Va">WARNS</var>. It should only be - used on the command line and in special circumstances.</li> - <li id="CFLAGS"><var class="Va">CFLAGS</var> is spelled - “<code class="Li">CFLAGS+= </code>”.</li> - <li>Listing <code class="Fl">-D</code>'s before <code class="Fl">-I</code>'s - in <var class="Va">CFLAGS</var> is preferred for alphabetical ordering and - to make <code class="Fl">-D</code>'s easier to see. The - <code class="Fl">-D</code>'s often affect conditional compilation, and - <code class="Fl">-I</code>'s tend to be quite long. Split long - <var class="Va">CFLAGS</var> settings between the - <code class="Fl">-D</code>'s and <code class="Fl">-I</code>'s.</li> - <li>Lists that span more than one line should be formatted as follows: - <div class="Bd Pp Bd-indent Li"> - <pre>SRCS+=<SP>\ -<TAB>main.c<SP>\ -<TAB>trace.c<SP>\ -<TAB>zoo.c \ - </pre> - </div> - Specifically, the last item in the list should have a trailing '\'. This is - to avoid causing a "false diff" or "false blame" when - a new item is appended at the end. In general the list should be English - language alphabetized. A list of libraries or header inclusion paths are - notable exceptions if needed for proper building.</li> - <li>Do not use GCCisms (such as <code class="Fl">-g</code> and - <code class="Fl">-Wall</code>) in <var class="Va">CFLAGS</var>.</li> - <li>Typically, there is one ASCII tab between - <var class="Va">VAR</var><code class="Ic">=</code> and the value in order - to start the value in column 9. An ASCII space is allowed for variable - names that extend beyond column 9. A lack of whitespace is also allowed - for very long variable names.</li> - <li id=".include"><a class="permalink" href="#.include"><code class="Ic">.include</code></a> - <code class="In"><<a class="In">bsd.*.mk</a>></code> goes last.</li> - <li>Do not use anachronisms like <var class="Va">$<</var> and - <var class="Va">$@</var>. Instead use <var class="Va">${.IMPSRC}</var> or - <var class="Va">${.ALLSRC}</var> and - <var class="Va">${.TARGET}</var>.</li> - <li>To not build the “foo” part of the base system, use - <var class="Va">NO_FOO</var>, not <var class="Va">NOFOO</var>.</li> - <li>To optionally build something in the base system, spell the knob - <var class="Va">WITH_FOO</var> not <var class="Va">WANT_FOO</var> or - <var class="Va">USE_FOO</var>. The latter are reserved for the - <span class="Ux">FreeBSD</span> Ports Collection.</li> - <li id="defined">For variables that are only checked with - <a class="permalink" href="#defined"><code class="Fn">defined</code></a>(), - do not provide any fake value.</li> -</ul> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">The simplest program <span class="Pa">Makefile</span> is:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>PROG= foo - -.include <bsd.prog.mk></pre> -</div> -<p class="Pp">The simplest library <span class="Pa">Makefile</span> is:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>LIB= foo -SHLIB_MAJOR= 1 -MAN= libfoo.3 -SRCS= foo.c - -.include <bsd.lib.mk></pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">make(1)</a>, <a class="Xr">make.conf(5)</a>, - <a class="Xr">style(9)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">This manual page is inspired from the <a class="Xr">style(9)</a> - manual page and first appeared in <span class="Ux">FreeBSD 5.1</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">David O'Brien</span> - ⟨deo@NUXI.org⟩</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">There are few hard and fast style rules here. The desire to - express a logical grouping sometimes means not obeying some of the above. - The style of many things is too dependent on the context of the whole - makefile, or the lines surrounding it.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">October 29, 2025</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/style.mdoc.5 3.html b/static/freebsd/man5/style.mdoc.5 3.html deleted file mode 100644 index c03dfb18..00000000 --- a/static/freebsd/man5/style.mdoc.5 3.html +++ /dev/null @@ -1,224 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">STYLE.MDOC(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">STYLE.MDOC(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">style.mdoc</code> — - <span class="Nd">FreeBSD manual page style guide</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">This file specifies the preferred style for manual pages in the - <span class="Ux">FreeBSD</span> source tree.</p> -<section class="Ss"> -<h2 class="Ss" id="Code_Examples"><a class="permalink" href="#Code_Examples">Code - Examples</a></h2> -<ul class="Bl-dash"> - <li>Use literal formatting for examples and literal shell commands, e.g.: - <div class="Bd Pp Bd-indent Li"> - <pre>Then run -.Ql make install clean .</pre> - </div> - <p class="Pp">which renders as:</p> - <div class="Bd Pp Bd-indent">Then run ‘<code class="Li">make install - clean</code>’.</div> - <p class="Pp" id="Nm">The incorrect way would be to use macros like - <a class="permalink" href="#Nm"><b class="Sy">Nm</b></a> to stylize the - command invocation:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>Then run -.Ql Nm make Cm install Cm clean .</pre> - </div> - <p class="Pp">which renders as:</p> - <div class="Bd Pp Bd-indent">Then run - ‘<code class="Li"><code class="Nm">make</code> - <code class="Cm">install</code> - <code class="Cm">clean</code></code>’.</div> - </li> -</ul> -</section> -<section class="Ss"> -<h2 class="Ss" id="Copyright_Header"><a class="permalink" href="#Copyright_Header">Copyright - Header</a></h2> -<p class="Pp">Refer to <a class="Xr">style(9)</a>.</p> -</section> -<section class="Ss"> -<h2 class="Ss" id="HARDWARE_Section"><a class="permalink" href="#HARDWARE_Section">HARDWARE - Section</a></h2> -<p class="Pp">Driver manuals in section four should have a - <a class="Sx" href="#HARDWARE">HARDWARE</a> section describing hardware - known to work with the driver. This section is drawn verbatim into the - Release Hardware Notes, therefore there are several things to note:</p> -<ul class="Bl-dash"> - <li>The introductory sentence should be in the form: - <div class="Bd Pp Bd-indent Li"> - <pre>The -.Nm -driver supports the following $device_class:</pre> - </div> - <p class="Pp">Followed by the list of supported hardware.</p> - <p class="Pp">This defines what driver the subsection is referring to, and - allows the reader to search through the Hardware Notes not only for the - device models they have, but also for the device type they are looking - to acquire.</p> - </li> - <li>The supported hardware should be listed as a bullet list, or if complexity - requires, a column list. These two list types create very neat subsections - with clean starting and stopping points.</li> -</ul> -</section> -<section class="Ss"> -<h2 class="Ss" id="EXAMPLES_Section"><a class="permalink" href="#EXAMPLES_Section">EXAMPLES - Section</a></h2> -<ul class="Bl-dash"> - <li>Format the <a class="Sx" href="#EXAMPLES">EXAMPLES</a> section in the - following way: - <div class="Bd Pp Bd-indent Li"> - <pre>.Bl -tag -width 0n -.It Sy Example 1\&: Doing Something -.Pp -The following command does something. -.Bd -literal -offset 2n -.Ic # make -VLEGAL -.Ed -.It Sy Example 2\&: Doing Something Different -.Pp -The following command does something different. -.Bd -literal -offset 2n -.Ic # bectl list -.Ed -.Pp -It is good to know this command. -.El</pre> - </div> - <p class="Pp">which renders as:</p> - <dl class="Bl-tag"> - <dt id="Example"><a class="permalink" href="#Example"><b class="Sy">Example - 1: Doing Something</b></a></dt> - <dd> - <p class="Pp">The following command does something.</p> - <div class="Bd Pp Bd-indent Li"> - <pre><code class="Ic"># make -VLEGAL</code></pre> - </div> - </dd> - <dt id="Example~2"><a class="permalink" href="#Example~2"><b class="Sy">Example - 2: Doing Something Different</b></a></dt> - <dd> - <p class="Pp">The following command does something different.</p> - <div class="Bd Pp Bd-indent Li"> - <pre><code class="Ic"># bectl list</code></pre> - </div> - <p class="Pp">It is good to know this command.</p> - </dd> - </dl> - </li> -</ul> -</section> -<section class="Ss"> -<h2 class="Ss" id="Lists"><a class="permalink" href="#Lists">Lists</a></h2> -<ul class="Bl-dash"> - <li id=".Bl">The <code class="Fl">-width</code> argument to the - <a class="permalink" href="#.Bl"><b class="Sy">.Bl</b></a> macro should - match the length of the longest rendered item in the list, e.g.: - <div class="Bd Pp Bd-indent Li"> - <pre>.Bl -tag -width "-a address" -.It Fl a Ar address -Set the address. -.It Fl v -Print the version. -.El</pre> - </div> - <p class="Pp">In case the longest item is too long and hurts readability, - the recommendation is to set the <code class="Fl">-width</code> argument - to ‘<code class="Li">indent</code>’, e.g.:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>.Bl -tag -width "indent" -.It Cm build -Build the port. -.It Cm install -Install the port. -.It Fl install-missing-packages -Install the missing packages. -.El</pre> - </div> - </li> -</ul> -</section> -<section class="Ss"> -<h2 class="Ss" id="Quoting"><a class="permalink" href="#Quoting">Quoting</a></h2> -<ul class="Bl-dash"> - <li id="Dq">Use the <a class="permalink" href="#Dq"><b class="Sy">Dq</b></a> - (“”) macro for quoting. Use the - <a class="permalink" href="#Sq"><b class="Sy" id="Sq">Sq</b></a> - (‘’) macro for quoting inside quotes. The use of the - <a class="permalink" href="#Qq"><b class="Sy" id="Qq">Qq</b></a> - ("") macro is usually not necessary.</li> -</ul> -</section> -<section class="Ss"> -<h2 class="Ss" id="Variables"><a class="permalink" href="#Variables">Variables</a></h2> -<ul class="Bl-dash"> - <li id="Dv">Use <b class="Sy">Va</b> instead of - <a class="permalink" href="#Dv"><b class="Sy">Dv</b></a> for - <a class="Xr">sysctl(8)</a> variables like - <var class="Va">kdb.enter.panic</var>.</li> - <li id="Aq">Use the angle brackets - <a class="permalink" href="#Aq"><b class="Sy">Aq</b></a> - (“⟨⟩”) macro for arguments - (<a class="permalink" href="#Ar"><b class="Sy" id="Ar">Ar</b></a>) when - they are mixed with similarly stylized macros like - <a class="permalink" href="#Pa"><b class="Sy" id="Pa">Pa</b></a> or - <b class="Sy">Va</b>, e.g.: - <div class="Bd Pp Bd-indent Li"> - <pre>.Va critical_filesystems_ Ns Aq Ar type</pre> - </div> - <p class="Pp">which renders as:</p> - <div class="Bd Pp - Bd-indent"><var class="Va">critical_filesystems_</var>⟨<var class="Ar">type</var>⟩</div> - <p class="Pp">instead of:</p> - <div class="Bd Pp Bd-indent Li"> - <pre>.Va critical_filesystems_ Ns Ar type</pre> - </div> - <p class="Pp">that would be rendered as:</p> - <div class="Bd Pp - Bd-indent"><var class="Va">critical_filesystems_</var><var class="Ar">type</var></div> - </li> -</ul> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag"> - <dt>/usr/share/examples/mdoc/</dt> - <dd>Examples for writing manual pages.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">man(1)</a>, <a class="Xr">mandoc(1)</a>, - <a class="Xr">mdoc(7)</a>, <a class="Xr">roff(7)</a>, - <a class="Xr">style(9)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">This manual page first appeared in <span class="Ux">FreeBSD - 13.0</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Mateusz Piotrowski</span> - <<a class="Mt" href="mailto:0mp@FreeBSD.org">0mp@FreeBSD.org</a>></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">February 16, 2025</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> diff --git a/static/freebsd/man5/sysctl.conf.5 4.html b/static/freebsd/man5/sysctl.conf.5 4.html deleted file mode 100644 index e4e4d498..00000000 --- a/static/freebsd/man5/sysctl.conf.5 4.html +++ /dev/null @@ -1,85 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">SYSCTL.CONF(5)</td> - <td class="head-vol">File Formats Manual</td> - <td class="head-rtitle">SYSCTL.CONF(5)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">sysctl.conf</code> — - <span class="Nd">kernel state defaults</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <span class="Pa">/etc/sysctl.conf</span> file is read in when - the system goes into multi-user mode to set default settings for the kernel. - The <span class="Pa">/etc/sysctl.conf</span> file is in the format of the - <a class="Xr">sysctl(8)</a> command, i.e.,</p> -<div class="Bd Pp Bd-indent Li"> -<pre>sysctl_mib=value</pre> -</div> -<p class="Pp">Comments are denoted by a “#” at the beginning of a - line. Comments can also exist at the end of a line, as seen in the - <a class="Sx" href="#EXAMPLES">EXAMPLES</a> section, below.</p> -<p class="Pp">For kernel modules loaded via <a class="Xr">rc.subr(8)</a> system, - additional module-specific settings can be applied by adding a file in the - same format named /etc/sysctl.kld.d/<modulename>.conf.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> -<dl class="Bl-tag Bl-compact"> - <dt><span class="Pa">/etc/rc.d/sysctl</span></dt> - <dd><a class="Xr">rc(8)</a> script which processes - <code class="Nm">sysctl.conf</code> early on in the process of - transitioning to multi-user mode.</dd> - <dt><span class="Pa">/etc/rc.d/sysctl_lastload</span></dt> - <dd><a class="Xr">rc(8)</a> script which processes - <code class="Nm">sysctl.conf</code> shortly before the system reaches the - multi-user mode.</dd> - <dt><span class="Pa">/etc/sysctl.conf</span></dt> - <dd>Initial settings for <a class="Xr">sysctl(8)</a>.</dd> - <dt><span class="Pa">/etc/sysctl.conf.local</span></dt> - <dd>Machine-specific settings for sites with a common - <span class="Pa">/etc/sysctl.conf</span>.</dd> - <dt><span class="Pa">/etc/sysctl.kld.d</span></dt> - <dd>Module specific settings for kernel modules loaded via - <a class="Xr">rc.subr(8)</a>.</dd> -</dl> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">To turn off logging of programs that exit due to fatal signals you - may use a configuration like</p> -<div class="Bd Pp Bd-indent Li"> -<pre># Configure logging. -kern.logsigexit=0 # Do not log fatal signal exits (e.g., sig 11)</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">rc.conf(5)</a>, <a class="Xr">rc(8)</a>, - <a class="Xr">sysctl(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">sysctl.conf</code> file appeared in - <span class="Ux">FreeBSD 4.0</span>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">If loadable kernel modules are used to introduce additional kernel - functionality and sysctls to manage that functionality, - <code class="Nm">sysctl.conf</code> may be processed too early in the boot - process to set those sysctls. Please consult <a class="Xr">rcorder(8)</a> to - learn more about the ordering of <a class="Xr">rc(8)</a> scripts.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 30, 2022</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> |