diff options
Diffstat (limited to 'static/netbsd/man7')
31 files changed, 11966 insertions, 0 deletions
diff --git a/static/netbsd/man7/Makefile b/static/netbsd/man7/Makefile new file mode 100644 index 00000000..69f91bd7 --- /dev/null +++ b/static/netbsd/man7/Makefile @@ -0,0 +1,4 @@ +MAN = $(wildcard *.7) + +include ../../mandoc.mk + diff --git a/static/netbsd/man7/ascii.7 b/static/netbsd/man7/ascii.7 new file mode 100644 index 00000000..0c69f511 --- /dev/null +++ b/static/netbsd/man7/ascii.7 @@ -0,0 +1,199 @@ +.\" $NetBSD: ascii.7,v 1.15 2019/11/19 05:11:33 christos Exp $ +.\" Copyright (c) 1989, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)ascii.7 8.1 (Berkeley) 6/5/93 +.\" $FreeBSD: head/share/man/man7/ascii.7 325217 2017-10-31 06:43:37Z eadler $ +.\" +.Dd November 19, 2019 +.Dt ASCII 7 +.Os +.Sh NAME +.Nm ascii +.Nd octal, hexadecimal, decimal and binary +.Tn ASCII +character sets +.Sh DESCRIPTION +The +.Nm octal +set: +.Bd -literal -offset left +000 NUL 001 SOH 002 STX 003 ETX 004 EOT 005 ENQ 006 ACK 007 BEL +010 BS 011 HT 012 LF 013 VT 014 FF 015 CR 016 SO 017 SI +020 DLE 021 DC1 022 DC2 023 DC3 024 DC4 025 NAK 026 SYN 027 ETB +030 CAN 031 EM 032 SUB 033 ESC 034 FS 035 GS 036 RS 037 US +040 SP 041 ! 042 " 043 # 044 $ 045 % 046 & 047 ' +050 ( 051 ) 052 * 053 + 054 , 055 - 056 . 057 / +060 0 061 1 062 2 063 3 064 4 065 5 066 6 067 7 +070 8 071 9 072 : 073 ; 074 < 075 = 076 > 077 ? +100 @ 101 A 102 B 103 C 104 D 105 E 106 F 107 G +110 H 111 I 112 J 113 K 114 L 115 M 116 N 117 O +120 P 121 Q 122 R 123 S 124 T 125 U 126 V 127 W +130 X 131 Y 132 Z 133 [ 134 \e\ 135 ] 136 ^ 137 _ +140 ` 141 a 142 b 143 c 144 d 145 e 146 f 147 g +150 h 151 i 152 j 153 k 154 l 155 m 156 n 157 o +160 p 161 q 162 r 163 s 164 t 165 u 166 v 167 w +170 x 171 y 172 z 173 { 174 | 175 } 176 ~ 177 DEL +.Ed +.Pp +The +.Nm hexadecimal +set: +.Bd -literal -offset left +00 NUL 01 SOH 02 STX 03 ETX 04 EOT 05 ENQ 06 ACK 07 BEL +08 BS 09 HT 0a LF 0b VT 0c FF 0d CR 0e SO 0f SI +10 DLE 11 DC1 12 DC2 13 DC3 14 DC4 15 NAK 16 SYN 17 ETB +18 CAN 19 EM 1a SUB 1b ESC 1c FS 1d GS 1e RS 1f US +20 SP 21 ! 22 " 23 # 24 $ 25 % 26 & 27 ' +28 ( 29 ) 2a * 2b + 2c , 2d - 2e . 2f / +30 0 31 1 32 2 33 3 34 4 35 5 36 6 37 7 +38 8 39 9 3a : 3b ; 3c < 3d = 3e > 3f ? +40 @ 41 A 42 B 43 C 44 D 45 E 46 F 47 G +48 H 49 I 4a J 4b K 4c L 4d M 4e N 4f O +50 P 51 Q 52 R 53 S 54 T 55 U 56 V 57 W +58 X 59 Y 5a Z 5b [ 5c \e\ 5d ] 5e ^ 5f _ +60 \` 61 a 62 b 63 c 64 d 65 e 66 f 67 g +68 h 69 i 6a j 6b k 6c l 6d m 6e n 6f o +70 p 71 q 72 r 73 s 74 t 75 u 76 v 77 w +78 x 79 y 7a z 7b { 7c | 7d } 7e ~ 7f DEL +.Ed +.Pp +The +.Nm decimal +set: +.Bd -literal -offset left + 0 NUL 1 SOH 2 STX 3 ETX 4 EOT 5 ENQ 6 ACK 7 BEL + 8 BS 9 HT 10 LF 11 VT 12 FF 13 CR 14 SO 15 SI + 16 DLE 17 DC1 18 DC2 19 DC3 20 DC4 21 NAK 22 SYN 23 ETB + 24 CAN 25 EM 26 SUB 27 ESC 28 FS 29 GS 30 RS 31 US + 32 SP 33 ! 34 " 35 # 36 $ 37 % 38 & 39 ' + 40 ( 41 ) 42 * 43 + 44 , 45 - 46 . 47 / + 48 0 49 1 50 2 51 3 52 4 53 5 54 6 55 7 + 56 8 57 9 58 : 59 ; 60 < 61 = 62 > 63 ? + 64 @ 65 A 66 B 67 C 68 D 69 E 70 F 71 G + 72 H 73 I 74 J 75 K 76 L 77 M 78 N 79 O + 80 P 81 Q 82 R 83 S 84 T 85 U 86 V 87 W + 88 X 89 Y 90 Z 91 [ 92 \e\ 93 ] 94 ^ 95 _ + 96 ` 97 a 98 b 99 c 100 d 101 e 102 f 103 g +104 h 105 i 106 j 107 k 108 l 109 m 110 n 111 o +112 p 113 q 114 r 115 s 116 t 117 u 118 v 119 w +120 x 121 y 122 z 123 { 124 | 125 } 126 ~ 127 DEL +.Ed +.Pp +The +.Nm binary +set: +.Bd -literal -offset left + 00 01 10 11 + +NUL SP @ ` 00000 +SOH ! A a 00001 +STX " B b 00010 +ETX # C c 00011 +EOT $ D d 00100 +ENQ % E e 00101 +ACK & F f 00110 +BEL ' G g 00111 + BS ( H h 01000 + HT ) I i 01001 + LF * J j 01010 + VT + K k 01011 + FF , L l 01100 + CR - M m 01101 + SO . N n 01110 + SI / O o 01111 +DLE 0 P p 10000 +DC1 1 Q q 10001 +DC2 2 R r 10010 +DC3 3 S s 10011 +DC4 4 T t 10100 +NAK 5 U u 10101 +SYN 6 V v 10110 +ETB 7 W w 10111 +CAN 8 X x 11000 + EM 9 Y y 11001 +SUB : Z z 11010 +ESC ; [ { 11011 + FS < \e\ | 11100 + GS = ] } 11101 + RS > ^ - 11110 + US ? _ DEL 11111 +.Ed +.Pp +The full +.Nm names +of the control character set: +.Bd -literal -offset left +NUL NULl +SOH Start Of Heading +STX Start Of Text +ETX End Of Text +EOT End Of Transmission +ENQ ENQuiry +ACK ACKnowledge +BEL BELl + BS BackSpace + HT Horizontal Tab + LF Line Feed (new line) + VT Vertical Tab + FF new page Form Feed + CR Carriage Return + SO Shift Out + SI Shift In +DLE Data Link Escape +DC1 Device Control 1 +DC2 Device Control 2 +DC3 Device Control 3 +DC4 Device Control 4 +NAK Negative AcKnowledge +SYN SYNchronous idle +ETB End of Transmission Block +CAN CANcel + EM End of Medium +SUB SUBstitute +ESC ESCape + FS File Separator + GS Group Separator + RS Record Separator + US Unit Separator +.Ed +.Sh FILES +.Bl -tag -width /usr/share/misc/ascii -compact +.It Pa /usr/share/misc/ascii +.El +.Sh STANDARDS +.Rs +.%T Information Systems - Coded Character Sets - 7-Bit American National\ +Standard Code for Information Interchange (7-Bit ASCII) +.%R INCITS 4-1986[R2017] +.%Q InterNational Committee for Information Technology Standards +.Re +.Sh HISTORY +An +.Nm +manual page appeared in +.At v2 . diff --git a/static/netbsd/man7/c.7 b/static/netbsd/man7/c.7 new file mode 100644 index 00000000..70762ddc --- /dev/null +++ b/static/netbsd/man7/c.7 @@ -0,0 +1,250 @@ +.\" $NetBSD: c.7,v 1.15 2023/08/27 15:50:47 rillig Exp $ +.\" +.\" Copyright (C) 2007, 2010 Gabor Kovesdan. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/share/man/man7/c99.7,v 1.1 2010/06/17 12:05:47 gabor Exp $ +.\" +.Dd March 30, 2011 +.Dt C 7 +.Os +.Sh NAME +.Nm c, c78, c89, c90, c99, c11 +.Nd The C programming language +.Sh DESCRIPTION +C is a general-purpose programming language, which has a strong connection +with the UNIX operating system and its derivatives, since the vast +majority of those systems were written in the C language. +The C language contains some basic ideas from the BCPL language through +the B language written by Ken Thompson in 1970 for the DEC PDP-7 machines. +The development of the UNIX operating system was started on a PDP-7 +machine in assembly language, but this choice made it very difficult +to port the existing code to other systems. +.Pp +In 1972, Dennis M. Ritchie worked out the C programming language for +further development of the UNIX operating system. +The idea was to implement only the C compiler for different +platforms, and implement most parts of the operating system +in the new programming language to simplify the portability between +different architectures. +It follows that C is very well adapted for (but not limited to) writing +operating systems and low-level applications. +.Pp +The C language did not have a specification or standardized version for +a long time. +It went through a lot of changes and improvements for ages. +In 1978, Brian W. Kernighan and Dennis M. Ritchie published the +first book about C under the title +.Dq The C Programming Language . +We can think of this book as the first specification of the language. +This version is often referred to as +.Dq K&R C +after the names of the authors. +Sometimes it is referred to as C78, as well, after the publishing year of +the first edition of the book. +.Pp +It is important to notice that the instruction set of the language is +limited to the most fundamental elements for simplicity. +Handling of the standard I/O and similar common functions are implemented in +the libraries shipped with the compiler. +As these functions are also widely used, it was demanded to include into +the description what requisites the library should conform to, not just +strictly the language itself. +Accordingly, the aforementioned standards cover the library elements, as well. +The elements of this standard library are still not enough for more +complicated tasks. +In this case the provided system calls of the given operating system can be +used. +To not lose the portability by using these system calls, the POSIX +(Portable Operating System Interface (for Unix)) standard evolved. +It describes what functions should be available to keep portability. +Note that POSIX is not a C standard, but an operating system standard +and thus is beyond the scope of this manual. +The standards discussed below are all C standards and only cover +the C programming language and the accompanying library. +.Pp +After the publication of the book mentioned before, +the American National Standards Institute (ANSI) started to work on +standardizing the language, and in 1989 they announced ANSI X3.159-1989. +It is usually referred to as ANSI C or C89. +The main difference in this standard were the function prototypes, +which was a new way of declaring functions. +With the old-style function declarations, the compiler was unable to +check the sanity of the actual parameters of a function call. +The old syntax was highly error-prone because incompatible parameters +were hard to detect in the program code and the problem only showed up +at run-time. +.Pp +In 1990, the International Organization for Standardization (ISO) adopted +the ANSI standard as ISO/IEC 9899:1990. +This is also referred to as ISO C or C90. +It only contains negligible minor modifications against ANSI C, +so the two standards are often considered to be fully equivalent. +This was a very important milestone in the history of the C language, but the +development of the language did not stop. +.Pp +The ISO C standard was later extended with an amendment as +ISO/IEC 9899 AM1 in 1995. +This contained, for example, the wide-character support in +.In wchar.h +and +.In wctype.h . +Two corrigenda were also published: +Technical Corrigendum 1 as ISO/IEC 9899 TCOR1 in 1995, +and Technical Corrigendum 2 as ISO/IEC 9899 TCOR2 in 1996. +The continuous development and growth made it necessary to work out a new +standard, which contains the new features and fixes the known defects and +deficiencies of the language. +As a result, ISO/IEC 9899:1999 was born in 1999. +Similarly to the other standards, this is referred to after the +publication year as C99. +The improvements include the following: +.Bl -bullet -offset indent +.It +Inline functions. +.It +Support for variable length arrays. +.It +New large-range integer type named +.Vt long long int , +and other integer types described in +.Xr stdint 3 +and +.Xr inttypes 3 . +.It +New boolean data type; see +.Xr stdbool 3 . +.It +One-line comments taken from the C++ language. +.It +Some new preprocessor features. +.It +A predefined identifier +.Va __func__ +and a +.Vt restrict +type qualifier. +.It +Declarations are allowed after statements, not just in the beginning of the +program or program blocks. +.It +No implicit +.Vt int +type. +.El +.Pp +In 2011, another revision of ISO/IEC 9899 was published, nicknamed C11, +adding features such as: +.Bl -bullet -offset indent +.It +Compile-time assertions. +.It +Type-generic expressions. +.It +Unnamed struct and union members. +.El +.Pp +In 2017, another revision of ISO/IEC 9899 was published, nicknamed C17, +containing corrections to C11, but no new features. +.Pp +Since then no new standards have been published, but the C language is still +evolving. +.Pp +Most of the UNIX-like operating systems use GNU C as a system compiler, +but the various extensions of GNU C, such as +.Xr attribute 3 +or +.Xr typeof 3 , +should not be considered standard features. +.Sh SEE ALSO +.Xr c89 1 , +.Xr c99 1 , +.Xr c11 1 , +.Xr cc 1 , +.Xr cdefs 3 +.Rs +.%A Brian W. Kernighan +.%A Dennis M. Ritchie +.%B The C Programming Language +.%D 1988 +.%N Second Edition, 40th printing +.%I Prentice Hall +.Re +.Sh STANDARDS +.Rs +.%A ANSI +.%T X3.159-1989 +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899:1990, Programming languages -- C +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899 AM1 +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899 TCOR1, Programming languages -- C, Technical Corrigendum 1 +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899 TCOR2, Programming languages -- C, Technical Corrigendum 2 +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899:1999, Programming languages -- C +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899:1999 TCOR1, Programming languages -- C, Technical Corrigendum 1 +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899:1999 TCOR2, Programming languages -- C, Technical Corrigendum 2 +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899:1999 TCOR3, Programming languages -- C, Technical Corrigendum 3 +.Re +.Pp +.Rs +.%A ISO/IEC +.%T 9899:2011, Programming languages -- C +.Re +.Sh HISTORY +This manual page first appeared in +.Fx 9.0 +and +.Nx 6.0 . +.Sh AUTHORS +This manual page was written by +.An Gabor Kovesdan Aq Mt gabor@FreeBSD.org . diff --git a/static/netbsd/man7/entropy.7 b/static/netbsd/man7/entropy.7 new file mode 100644 index 00000000..c67d5293 --- /dev/null +++ b/static/netbsd/man7/entropy.7 @@ -0,0 +1,286 @@ +.\" $NetBSD: entropy.7,v 1.10 2023/07/20 04:16:14 gutteridge Exp $ +.\" +.\" Copyright (c) 2021 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd June 30, 2023 +.Dt ENTROPY 7 +.Os +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh NAME +.Nm entropy +.Nd random unpredictable secrets needed for security +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh DESCRIPTION +Computers need random unpredictable secrets for the security of +software such as web browsers and +.Xr ssh 1 . +.Pp +Computers are designed to behave in highly predictable ways, so they +rely on observations of random physical phenomena around them, called +.Nm entropy sources , +to derive unpredictable secrets for cryptography. +.Pp +While some computers have reliable entropy sources such as hardware +random number generators based on thermal noise in silicon circuits, +others may require operator intervention for security. +.\"""""""""""""""""""""""""""""""""""""" +.Ss Threats +.Bl -bullet +.It +Web browsers and programs such as +.Xr ssh 1 +rely on unpredictable secrets in cryptography to prevent eavesdropping +and detect tampering of sessions over the network. +.It +.Xr ssh-keygen 1 +relies on unpredictable secrets to create keys that allow you to log in +but keep out malicious adversaries; if an adversary could guess the key +then they could impersonate you. +.It +.Nx +relies on unpredictable secrets to make sure that private user data +stored on nonvolatile media when memory is scarce +.Po +.Xr swapctl 8 , +using +.Ql vm.swap_encrypt=1 ; +see +.Xr sysctl 7 +.Pc +cannot be recovered by forensic tools after shutdown. +.El +.\"""""""""""""""""""""""""""""""""""""" +.Ss Entropy in NetBSD +.Nx +gathers samples from various kinds of entropy sources, including: +.Bl -bullet -compact +.It +hardware random number generators +.It +network traffic timing +.It +user input (keystrokes, mouse movements, etc.) +.It +disk I/O latency +.It +environment sensors +.Pq Xr envsys 4 +.El +The samples are mixed together with cryptography to yield unpredictable +secrets through +.Pa /dev/urandom +.Pq see Xr rnd 4 +and related interfaces used by programs like +.Xr ssh 1 , +Firefox, and so on. +.Pp +.Nx +also stores a random seed at +.Pa /var/db/entropy-file +to carry unpredictable secrets over from one boot to the next, as long +as the medium remains secret and can be updated on boot. +The seed is maintained automatically by +.Pa /etc/rc.d/random_seed +.Pq see Xr rc.conf 5 . +.\"""""""""""""""""""""""""""""""""""""" +.Ss Ensuring enough entropy +Entropy is measured in bits, and only 256 bits of entropy are needed +for security, thanks to modern cryptography. +.Pp +To detect potentially insecure systems, +.Nx +takes measures to alert the operator if there isn't definitely enough +for security: +.Bl -bullet +.It +.Nx +issues warnings on the console if there's not enough entropy when +programs need it; see +.Xr rnd 4 . +.It +The +.Xr motd 5 +has a warning if there was not enough entropy when network daemons such as +.Xr sshd 8 +first generated keys. +.It +The daily security report includes an alert if there's still not enough +entropy; see +.Xr security.conf 5 . +.El +.Pp +Since it is hard to know how unpredictable most physical systems are, +only devices specifically designed to be hardware random number +generators, or a seed file stored on disk, count toward these alerts. +.Pp +At boot, +.Nx +will wait, when +.Ql entropy=wait +is set in +.Xr rc.conf 5 , +or fail to single-user mode, when +.Ql entropy=check +is set, if there is not enough entropy from +.Em any +sources, including devices not designed to be unpredictable, such as +the CPU cycle counter sampled by a periodic timer, provided the samples +pass a simple filter called the +.Sq entropy estimator , +like other operating systems. +Sources known to be predictable, which could give a false sense of +security, can be disabled from unblocking boot by setting +.Li rndctl_flags +in +.Xr rc.conf 5 . +.Pp +Many new computers have hardware random number generators, such as +RDRAND/RDSEED in Intel/AMD CPUs, or ARMv8.5-RNDRRS; +.Xr virtio 4 Ns -based +virtualization platforms such as QEMU can expose entropy from the host +with +.Xr viornd 4 ; +bootloader firmware such as UEFI may also expose an underlying +platform's random number generator. +.Pp +However, many older computers have no reliable entropy sources. +Some have the hardware, but have it off by default, such as a disabled +.Xr tpm 4 . +On computers with no built-in reliable entropy source, you may wish to +transfer a seed from another computer with +.Xr rndctl 8 , +or manually enter samples into +.Pa /dev/urandom +\(em see below. +.\"""""""""""""""""""""""""""""""""""""" +.Ss Adding entropy +.Pp +You can manually save and load seeds with the +.Xr rndctl 8 +tool. +For example, you might use +.Dl rndctl -S seed +to save a seed from one machine, transfer it \(em over a medium where +you are confident there are no eavesdroppers \(em to another machine, +and load it with +.Dl rndctl -L seed +on the target machine; then run +.Dl /etc/rc.d/random_seed stop +on the target machine to ensure that the entropy will be saved for next +boot, even if the system later crashes or otherwise shuts down +uncleanly. +.Ic rndctl -S +records the number of bits of entropy in the seed so that +.Ic rndctl -L +can count it. +.Pp +Users can write data to +.Pa /dev/urandom +to be mixed together with all other samples. +For example, no matter what entropy sources are built into a computer, +you can ensure it has enough entropy (as long as there are no +surveillance cameras watching you) by flipping a coin 256 times and +running: +.Dl echo thttthhhhttththtttht... > /dev/urandom +Then run +.Dl /etc/rc.d/random_seed stop +to ensure that the effort will be saved for next boot. +.Pp +Inputs from the superuser (uid 0) to +.Pa /dev/urandom +count toward the system's entropy estimate, at the maximum rate of one +bit of entropy per bit of data; inputs from unprivileged users will +affect subsequent outputs but will be counted as having zero entropy. +.Pp +After adding entropy, +.Sy make sure to regenerate any long-term keys +that might be predictable because they were previously generated with +too little entropy. +For example, if +.Ql sshd=YES +is enabled in +.Pa /etc/rc.conf , +then +.Nx +will automatically generate ssh host keys on boot; if they were +generated with too little entropy, then you may wish to delete them and +create new ones before allowing anyone to log in via +.Xr ssh 1 . +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh DIAGNOSTICS +.Nx +may print the following warnings to the console: +.Bl -diag +.It WARNING: system needs entropy for security; see entropy(7) +Some process tried to draw use entropy from +.Nx , +e.g. to generate a key for cryptography, before enough inputs from +reliable entropy sources have been obtained. +The entropy may be low enough that an adversary could guess keys by +brute force. +.Pp +This message is rate-limited, so if you have added entropy and want to +verify that the problem is resolved, you should consult the +.Dv kern.entropy.needed +.Xr sysctl 7 +variable to confirm it is zero, rather than just look for the absence +of this message; see +.Xr rnd 4 +for details. +.El +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh SEE ALSO +.Xr getrandom 2 , +.Xr arc4random 3 , +.Xr rnd 4 , +.Xr rc.conf 5 , +.Xr rc 8 , +.Xr rndctl 8 +.Rs +.%A Nadia Heninger +.%A Zakir Durumeric +.%A Eric Wustrow +.%A J. Alex Halderman +.%T Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices +.%B Proceedings of the 21st USENIX Security Symposium +.%I USENIX +.%D August 2012 +.%P 205-220 +.%U https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger +.%U https://factorable.net/ +.Re +.Rs +.%T openssl \(em predictable random number generator +.%I Debian Security Advisory +.%O DSA-1571-1 +.%D 2008-05-13 +.%U https://www.debian.org/security/2008/dsa-1571.html +.Re +.Rs +.%T Features/VirtIORNG +.%I QEMU Wiki +.%U https://wiki.qemu.org/Features/VirtIORNG +.%D 2016-10-17 +.Re diff --git a/static/netbsd/man7/environ.7 b/static/netbsd/man7/environ.7 new file mode 100644 index 00000000..b1c06f50 --- /dev/null +++ b/static/netbsd/man7/environ.7 @@ -0,0 +1,295 @@ +.\" $NetBSD: environ.7,v 1.27 2017/06/27 01:13:44 kre Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)environ.7 8.3 (Berkeley) 4/19/94 +.\" +.Dd January 21, 2011 +.Dt ENVIRON 7 +.Os +.Sh NAME +.Nm environ +.Nd user process environment +.Sh SYNOPSIS +.Vt extern char ** Ns Dv environ ; +.Sh DESCRIPTION +An array of strings called the +.Em environment +is made available by +.Xr execve 2 +when a process begins. +By convention these strings have the form +.Dq Ar name=value . +The following names are used by various commands: +.Bl -tag -width ".Ev LIBC_DIAGASSERT" +.It Ev AUDIOCTLDEVICE +The name of the audio control device to be used by +.Xr audioctl 1 , +.Xr audioplay 1 +and +.Xr audiorecord 1 . +.It Ev AUDIODEVICE +The name of the audio device to be used by +.Xr audioplay 1 +and +.Xr audiorecord 1 . +.It Ev BLOCKSIZE +The size of the block units used by several commands, most notably +.Xr df 1 , +.Xr du 1 +and +.Xr ls 1 . +.Ev BLOCKSIZE +may be specified in units of a byte by specifying a number, +in units of a kilobyte by specifying a number followed by +.Ql K +or +.Ql k , +in units of a megabyte by specifying a number followed by +.Ql M +or +.Ql m +and in units of a gigabyte by specifying a number followed +by +.Ql G +or +.Ql g . +Sizes less than 512 bytes or greater than a gigabyte are ignored. +.It Ev EDITRC +Gives the path name of the file used by +.Xr editline 7 +when command line editing is enabled in various programs. +See +.Xr editrc 5 +for information on the format of the file. +.It Ev EXINIT +A startup list of commands read by +.Xr ex 1 +and +.Xr vi 1 . +.It Ev HOME +A user's login directory, set by +.Xr login 1 +from the password file +.Xr passwd 5 . +.It Ev LANG +Default for all NLS categories. +Only used if +.Ev LC_ALL +or the environment variable for a particular NLS category +is not provided +.Ev ( LC_COLLATE , +.Ev LC_CTYPE , +.Ev LC_MESSAGES , +.Ev LC_MONETARY , +.Ev LC_NUMERIC , +or +.Ev LC_TIME ) . +.It Ev LC_ALL +Override for all NLS categories. +If set, overrides the values of +.Ev LC_COLLATE , +.Ev LC_CTYPE , +.Ev LC_MESSAGES , +.Ev LC_MONETARY , +.Ev LC_NUMERIC , +and +.Ev LC_TIME . +.It Ev LC_COLLATE +NLS string-collation order information. +.It Ev LC_CTYPE +NLS character classification, case conversion, and other character attributes. +.It Ev LC_MESSAGES +NLS format for affirmative and negative responses. +.It Ev LC_MONETARY +NLS rules and symbols for formatting monetary numeric information. +.It Ev LC_NUMERIC +NLS rules and symbols for formatting nonmonetary numeric information. +.It Ev LC_TIME +NLS rules and symbols for formatting time and date information. +.It Ev LIBC_DIAGASSERT +Control how the +.Fn _DIAGASSERT +macro (from +.In assert.h ) +behaves once the assertion is raised. +Refer to +.Xr _DIAGASSERT 3 +for more information. +.It Ev LOGNAME +The login name of the user. +.It Ev MALLOC_OPTIONS +Control the behaviour of the +.Fn malloc +function. +Refer to +.Xr jemalloc 3 +for more information. +.It Ev MIXERDEVICE +The name of the audio mixer device to be used by +.Xr mixerctl 1 . +.It Ev PAGER +The program used for paginating the output of several commands +such as +.Xr man 1 . +If null or not set, the standard pagination program +.Xr more 1 +will be used. +.It Ev PATH +The sequence of directories, separated by colons, searched by +.Xr csh 1 , +.Xr sh 1 , +.Xr system 3 , +.Xr execvp 3 , +etc, when looking for an executable file. +.Ev PATH +is set to +.Pp +.Dl /usr/bin:/bin:/usr/pkg/bin:/usr/local/bin +.Pp +initially by +.Xr login 1 . +.It Ev PRINTER +The name of the default printer to be used by +.Xr lpr 1 , +.Xr lpq 1 , +and +.Xr lprm 1 . +.It Ev RCMD_CMD +When using the +.Xr rcmd 3 +function, this variable is used as the program to run instead of +.Xr rcmd 1 . +.It Ev SHELL +The full pathname of the user's login shell. +.It Ev TERM +The kind of terminal for which output is to be prepared. +This information is used by commands, such as +.Xr nroff 1 +.\" or +.\" .Xr plot 1 +which may exploit special terminal capabilities. +See +.Pa /usr/share/misc/terminfo +.Pq Xr terminfo 5 +for a list of terminal types. +.It Ev TERMCAP +The string describing the terminal in +.Ev TERM , +or, if it begins with a +.Ql / , +the name of the termcap file. +This is only checked if +.Ev TERMINFO +is not set. +.It Ev TERMINFO +The string describing the terminal in +.Ev TERM , +or, if it begins with a +.Ql / , +the name of the terminfo file. +.It Ev TIMEFORMAT +A +.Xr strftime 3 +format string that may be used by programs such as +.Xr dump 8 +for formatting timestamps. +.It Ev TMPDIR +The directory in which to store temporary files. +Most applications use either +.Pa /tmp +or +.Pa /var/tmp . +Setting this variable will make them use another directory. +.It Ev TZ +The timezone to use when displaying dates. +The normal format is a pathname relative to +.Pa /usr/share/zoneinfo . +For example, the command +.Pp +.Dl env TZ=US/Pacific date +.Pp +displays the current time in California. +See +.Xr tzset 3 +for more information. +.It Ev USER +The login name of the user. +It is recommended that portable applications use +.Ev LOGNAME +instead. +.El +.Pp +Further names may be placed in the environment by the +.Ic export +command and +.Ar name=value +arguments in +.Xr sh 1 , +or by the +.Ic setenv +command if you use +.Xr csh 1 . +It is unwise to change certain +.Xr sh 1 +variables that are frequently exported by +.Pa .profile +files, such as +.Ev MAIL , +.Ev PS1 , +.Ev PS2 , +and +.Ev IFS , +unless you know what you are doing. +.Sh SEE ALSO +.Xr audioctl 1 , +.Xr audioplay 1 , +.Xr audiorecord 1 , +.Xr csh 1 , +.Xr ex 1 , +.Xr login 1 , +.Xr man 1 , +.Xr more 1 , +.Xr sh 1 , +.Xr execve 2 , +.Xr _DIAGASSERT 3 , +.Xr execle 3 , +.Xr jemalloc 3 , +.Xr rcmd 3 , +.Xr system 3 , +.Xr termcap 3 , +.Xr terminfo 3 , +.Xr audio 4 , +.Xr terminfo 5 , +.Xr nls 7 , +.Xr dump 8 +.Sh HISTORY +The +.Nm +manual page appeared in +.Bx 4.2 . diff --git a/static/netbsd/man7/glob.7 b/static/netbsd/man7/glob.7 new file mode 100644 index 00000000..4b1ecdc2 --- /dev/null +++ b/static/netbsd/man7/glob.7 @@ -0,0 +1,154 @@ +.\" $NetBSD: glob.7,v 1.4 2021/11/02 22:13:14 abs Exp $ +.\" +.\" $OpenBSD: glob.7,v 1.3 2009/12/26 15:24:54 schwarze Exp $ +.\" +.\" Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd November 2, 2021 +.Dt GLOB 7 +.Os +.Sh NAME +.Nm glob +.Nd shell-style pattern matching +.Sh DESCRIPTION +Globbing characters +.Pq wildcards +are special characters used to perform pattern matching of pathnames and +command arguments in the +.Xr csh 1 , +.Xr ksh 1 , +and +.Xr sh 1 +shells as well as +the C library functions +.Xr fnmatch 3 +and +.Xr glob 3 . +A glob pattern is a word containing one or more unquoted +.Ql \&? +or +.Ql * +characters, or +.Dq Li [..] +sequences. +.Pp +Globs should not be confused with the more powerful +regular expressions used by programs such as +.Xr grep 1 . +While there is some overlap in the special characters used in regular +expressions and globs, their meaning is different. +.Pp +The pattern elements have the following meaning: +.Bl -tag -width Ds +.It Li \&? +Matches any single character. +.It Li \&* +Matches any sequence of zero or more characters. +.It Li [..] +Matches any of the characters inside the brackets. +Ranges of characters can be specified by separating two characters by a +.Ql \- +(e.g.\& +.Dq Li [a0-9] +matches the letter +.Sq a +or any digit). +In order to represent itself, a +.Ql \- +must either be quoted or the first or last character in the character list. +Similarly, a +.Ql \&] +must be quoted or the first character in the list if it is to represent itself +instead of the end of the list. +Also, a +.Ql \&! +appearing at the start of the list has special meaning (see below), so to +represent itself it must be quoted or appear later in the list. +.Pp +Within a bracket expression, the name of a +.Em character class +enclosed in +.Ql [: +and +.Ql :] +stands for the list of all characters belonging to that class. +Supported character classes: +.Bl -column ".Li xdigit" ".Li xdigit" ".Li xdigit" -offset indent +.It Li "alnum" Ta Li "cntrl" Ta Li "lower" Ta Li "space" +.It Li "alpha" Ta Li "digit" Ta Li "print" Ta Li "upper" +.It Li "blank" Ta Li "graph" Ta Li "punct" Ta Li "xdigit" +.El +.Pp +These match characters using the macros specified in +.Xr ctype 3 . +A character class may not be used as an endpoint of a range. +.It Li [!..] +Like +.Li [..] , +except it matches any character not inside the brackets. +.It Li \e +Matches the character following it verbatim. +This is useful to quote the special characters +.Ql \&? , +.Ql \&* , +.Ql \&[ , +and +.Ql \e +such that they lose their special meaning. +For example, the pattern +.Dq Li \e\e\e\&*\e[x]\e\&? +matches the string +.Dq \e\&*[x]\&? . +.El +.Pp +Note that when matching a pathname, the path separator +.Ql / , +is not matched by a +.Ql \&? , +or +.Ql * , +character or by a +.Dq Li [..] +sequence. +Thus, +.Pa /usr/*/*/X11 +would match +.Pa /usr/X11R7/lib/X11 +and +.Pa /usr/X11R7/include/X11 +while +.Pa /usr/*/X11 +would not match either. +Likewise, +.Pa /usr/*/bin +would match +.Pa /usr/local/bin +but not +.Pa /usr/bin . +.Sh SEE ALSO +.Xr fnmatch 3 , +.Xr glob 3 , +.Xr re_format 7 +.Sh HISTORY +In early versions of +.Ux , +the shell did not do pattern expansion itself. +A dedicated program, +.Pa /etc/glob , +was used to perform the expansion and pass the results to a command. +In +.At v7 , +with the introduction of the Bourne shell, +this functionality was incorporated into the shell itself. diff --git a/static/netbsd/man7/groups.7 b/static/netbsd/man7/groups.7 new file mode 100644 index 00000000..3ec4cd22 --- /dev/null +++ b/static/netbsd/man7/groups.7 @@ -0,0 +1,330 @@ +.\" $NetBSD: groups.7,v 1.8 2020/04/02 20:57:20 roy Exp $ +.\" +.\" Copyright (c) 2020 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd April 2, 2020 +.Dt GROUPS 7 +.Os +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh NAME +.Nm groups +.Nd standard group names +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh DESCRIPTION +A standard +.Nx +installation has the following user group names: +.\" These are currently sorted by gid; perhaps they should be sorted +.\" lexicographically by name instead. +.Bl -tag -width ".Em _tcpdump" +.It Em wheel +Users authorized to elevate themselves to the super-user privileges of +the root user, meaning uid\~0. +Normally the +.Em wheel +group has gid\~0. +.Pp +Users who are not in the group +.Em wheel +are never allowed by +.Xr su 1 +to gain root privileges. +.It Em daemon +Used by the set-group-id +.Pq Xr setuid 7 +programs +.Xr lpq 1 , +.Xr lpr 1 , +and +.Xr lprm 1 . +.\" Unclear why. Maybe used to be used by uucp stuff too, since +.\" /var/spool/lock ownership is uucp:daemon? +.It Em sys +Historic group. +Unused in modern +.Nx . +.It Em tty +Used by the set-group-id +.Pq Xr setuid 7 +programs +.Xr wall 1 +and +.Xr write 1 +to allow users to send messages to another tty even if they don't own +it. +Static tty device nodes in +.Pa /dev +are all in the group +.Em tty , +and the +.Xr mount_ptyfs 8 +program passes the gid of the +.Em tty +group to the kernel so that all nodes in +.Pa /dev/pts +or equivalent are in the group too. +.It Em operator +Users authorized to take backups of disk devices and shut down the +machine. +.Pp +The disk device nodes in +.Pa /dev +such as +.Pa /dev/rwd0a +are in the group +.Em operator +and group-readable so users in the group can read from disk devices, +for example with +.Xr dump 8 . +The tape device nodes in +.Pa /dev +such as +.Pa /dev/rst0 +are in the group +.Em operator +and are both group-readable and group-writable so users in the group +can write to tape devices. +.Pp +The +.Xr shutdown 8 +program is executable only by root and members of the +.Em operator +group. +.It Em mail +Historic group. +Unused in modern +.Nx . +.\" Is this true? Hard to grep for this in src... +.It Em bin +Historic group. +Unused in modern +.Nx . +.It Em wsrc +Historic group. +Unused in modern +.Nx . +.\" Actually it seems to be used in the set lists somehow, but it's +.\" unclear to me how what the significance is. +.It Em maildrop +Used by the set-group-id +.Pq Xr setuid 7 +programs +.Xr postdrop 1 +and +.Xr postqueue 1 +to submit to and examine the +.Xr postfix 1 +mail queue at +.Pa /var/spool/postfix/maildrop +and +.Pa /var/spool/postfix/public . +.It Em postfix +Primary group for the +.Em postfix +pseudo-user used by the +.Xr postfix 1 +mail transfer agent. +.\" Why are various subdirectories of /var/spool/postfix owned by +.\" postfix:wheel and not postfix:postfix? +.It Em games +Used by various set-group-id +.Pq Xr setuid 7 +games to maintain high-scores files and other common files in +.Pa /var/games . +.It Em named +Primary group for the +.Em named +pseudo-user used by the +.Xr named 8 +DNS nameserver daemon. +.It Em ntpd +Primary group for the +.Em ntpd +pseudo-user used by the +.Xr ntpd 8 +network time protocol daemon. +.It Em sshd +Primary group for the +.Em sshd +pseudo-user used by the +.Xr sshd 8 +secure shell daemon. +.It Em _pflogd +Primary group for the +.Em _pflogd +pseudo-user used by the +.Xr pflogd 8 +log daemon with the +.Xr pf 4 +packet filter. +.It Em _rwhod +Primary group for the +.Em _rwhod +pseudo-user used by the +.Xr rwhod 8 +system status daemon. +.It Em staff +Staff users, in contrast to regular or guest users. +Not used by +.Nx ; +available for the administrator's interpretation. +.It Em _proxy +Primary group for the +.Em _proxy +pseudo-user used by the +.Xr ftp-proxy 8 +and +.Xr tftp-proxy 8 +proxy daemons with packet filters such as +.Xr pf 4 +or +.Xr ipnat 4 . +.It Em _timedc +Primary group for the +.Em _timedc +pseudo-user used by the +.Xr timedc 8 +tool to communicate with the +.Xr timed 8 +time server daemon. +.It Em _sdpd +Primary group for the +.Em _sdpd +pseudo-user used by the +.Xr sdpd 8 +Bluetooth service discovery protocol daemon. +.It Em _httpd +Primary group for the +.Em _httpd +pseudo-user used by the +.Xr httpd 8 Pq bozohttpd +web server. +.It Em _mdnsd +Primary group for the +.Em _mdnsd +pseudo-user used by the +.Xr mdnsd 8 +multicast DNS and DNS service discovery daemon. +.It Em _tests +Primary group for the +.Em _tests +pseudo-user used by +.Xr atf 7 +automatic tests that request to run unprivileged. +.It Em _tcpdump +Primary group for the +.Em _tcpdump +pseudo-user used by the +.Xr tcpdump 8 +network traffic dumper and analyzer. +.It Em _tss +Primary group for the +.Em _tss +pseudo-user used by the +.Xr tcsd 8 +.Sq Trusted Computing +daemon to manage a TPM. +.It Em _gpio +Users authorized to read and write GPIO pins; see +.Xr gpio 4 +and +.Xr gpioctl 8 . +.It Em _dhcpcd +Primary group for the +.Em _dhcpcd +pseudo-user used by the +.Xr dhcpcd 8 +DHCP Client Daemon. +.It Em _rtadvd +Primary group for the +.Em _rtadvd +pseudo-user used by the +.Xr rtadvd 8 +IPv6 network router advertisement daemon. +.It Em guest +Guest users, in contrast to staff or regular users. +Not used by +.Nx ; +available for the administrator's interpretation. +.It Em _unbound +Primary group for the +.Em _unbound +pseudo-user used by the +.Xr unbound 8 +recursive DNS resolver. +.It Em _nsd +Primary group for the +.Em _nsd +pseudo-user used by the +.Xr nsd 8 +authoritative DNS nameserver. +.It Em nvmm +Users authorized to use the +.Xr nvmm 4 +.Nx +Virtual Machine Monitor. +.It Em nobody +Primary group for the traditional +.Em nobody +pseudo-user. +Modern practice is to assign to each different daemon its own separate +pseudo-user account and group so that if one daemon is compromised it +does not compromise all the other daemons. +.It Em utmp +Group of +.Xr utmp 5 +login records. +.\" Why? +.It Em authpf +Used by the set-group-id +.Pq Xr setuid 7 +program +.Xr authpf 8 +to configure authenticated gateways. +.\" Does it actually use the sgid bit? It's also suid root... +.It Em users +Regular users, in contrast to staff or guest users. +.Pp +Default primary group for new users, as set in the default +.Xr usermgmt.conf 5 +file. +Some administrators may instead prefer to assign to each user a unique +group with the same name as the user by passing the +.So +.Fl g Cm "=uid" +.Sc +option to +.Xr useradd 8 . +.It Em dialer +Users authorized to make outgoing modem calls. +Unused in modern +.Nx . +.It Em nogroup +Pseudo-group. +.\" For...? +.El +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh SEE ALSO +.Xr users 7 diff --git a/static/netbsd/man7/hier.7 b/static/netbsd/man7/hier.7 new file mode 100644 index 00000000..acccfece --- /dev/null +++ b/static/netbsd/man7/hier.7 @@ -0,0 +1,1302 @@ +.\" $NetBSD: hier.7,v 1.145 2025/08/26 06:04:37 mrg Exp $ +.\" +.\" Copyright (c) 1990, 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)hier.7 8.5 (Berkeley) 6/1/94 +.\" +.Dd August 26, 2025 +.Dt HIER 7 +.Os +.Sh NAME +.Nm hier +.Nd layout of file systems +.Sh DESCRIPTION +An outline of the file system hierarchy. +.Pp +Naming is very important. +The +.Ux +System relies on filename conventions for much of its power as a system. +The following file system layout describes generally where things are +and what they are, with references to other man pages for more detailed +documentation. +.Pp +Not all files will be in every system. +.Bl -tag -width "/altroot/" +.It Pa \&/ +Root directory of the system. +.It Pa /COPYRIGHT +System copyright notice, most often put on CD-ROM distributions. +.It Pa "/[a-z]/" +User file systems. +.It Pa /altroot/ +Alternate root file system, in case of disaster. +.\" .It Pa /amd/ +.\" Home directories mount point; see +.\" .Xr amd 8 . +.It Pa /bin/ +Utilities used in both single and multi-user environments. +.It Pa /boot* +Second-stage boot loader(s) for some platforms; see +.Xr installboot 8 . +.It Pa /cdrom/ +Empty directory commonly used by +system administrators as a temporary mount point for ISO-9660 file +systems on CD (or DVD) media. +.It Pa /dev/ +Block, character, and other special device files. +.Pp +.Bl -tag -width "MAKEDEV" -compact +.It Pa MAKEDEV +Script for creating device files; +see +.Xr makedev 8 . +.It Pa console +The computer's console device. +.It Pa drum +The computer's swap space device; see +.Xr drum 4 . +.It Pa fd/ +File descriptor files; +see +.Xr fd 4 . +.It Pa klog +Kernel logging device; see +.Xr syslog 3 . +.It Pa kmem +Kernel virtual memory device; see +.Xr mem 4 . +.It Pa log +.Ux +domain datagram log socket; see +.Xr syslogd 8 . +.It Pa mem +Kernel physical memory device; see +.Xr mem 4 . +.It Pa null +The null device; see +.Xr null 4 . +.It Pa pts/ +Mount point for the pseudo-terminal device file system; see +.Xr mount_ptyfs 8 . +.It Pa stderr +.It Pa stdin +.It Pa stdout +File descriptor files; +see +.Xr fd 4 . +.It Pa tty +Device pointing to each process's own controlling terminal; see +.Xr tty 4 . +.It Pa zero +The zero device; see +.Xr zero 4 . +.El +.\" .It Pa /dump/ +.\" Online +.\" .Xr dump 8 +.\" repository. +.It Pa /etc/ +System configuration files and scripts. +.Pp +.Bl -tag -width "master.passwd" -compact +.It Pa amd* +Configuration files for +.Xr amd 8 . +.It Pa changelist +Files backed up by the +.Pa security +script. +.It Pa crontab +Schedule used by the +.Xr cron 8 +daemon. +.It Pa csh.cshrc +.It Pa csh.login +.It Pa csh.logout +System-wide scripts for +.Xr csh 1 . +.It Pa daily +Script run each day by +.Xr cron 8 . +.It Pa daily.conf +Configuration file for +.Pa daily ; +see +.Xr daily.conf 5 . +.It Pa defaults/ +Default configuration files read by various +.Pa /etc/*.conf +files. +.It Pa disktab +Disk description file; see +.Xr disktab 5 . +.It Pa dm.conf +Dungeon master configuration; see +.Xr dm.conf 5 . +.It Pa dumpdates +Dump history; see +.Xr dump 8 . +.It Pa exports +File system export information; see +.Xr mountd 8 . +.It Pa fstab +File system mounting table; see +.Xr fstab 5 +and +.Xr mount 8 . +.It Pa ftpusers +Users denied +.Xr ftp 1 +access; see +.Xr ftpd 8 . +.It Pa ftpwelcome +.Xr ftp 1 +initial message; see +.Xr ftpd 8 . +.It Pa gettytab +Terminal configuration database; see +.Xr gettytab 5 . +.It Pa group +Group permissions file; see +.Xr group 5 . +.It Pa hosts +Host name database backup for +.Xr named 8 ; +see +.Xr hosts 5 . +.It Pa hosts.equiv +Trusted machines with equivalent user IDs. +(Obsolete.) +.It Pa hosts.lpd +Trusted machines with printing privileges. +.It Pa inetd.conf +Internet server configuration file; see +.Xr inetd 8 . +.It Pa kerberosV/ +Configuration files for Kerberos version V; +see +.Xr kerberos 8 . +.It Pa localtime +Local time zone; +see +.Xr ctime 3 . +.It Pa login.conf +Configuration of user classes and limits; see +.Xr login.conf 5 . +.It Pa mail/ +Configuration files for +.Xr sendmail 1 . +.Pp +.Bl -tag -width "sendmail.*" -compact +.It Pa aliases* +Username alias files. +.It Pa sendmail.* +.Xr sendmail 1 +configuration information. +.El +.It Pa mail.rc +System-wide initialization script for +.Xr mail 1 . +.It Pa man.conf +Configuration file for +.Xr man 1 ; +see +.Xr man.conf 5 . +.It Pa master.passwd +Main password file, readable only by root; see +.Xr passwd 5 . +.It Pa mk.conf +Optional file containing +.Xr make 1 +variables, used to configure pkgsrc and the system sources. +.It Pa monthly +Script run each month by +.Xr cron 8 . +.It Pa monthly.conf +Configuration file for +.Pa monthly ; +see +.Xr monthly.conf 5 . +.It Pa motd +System message of the day. +.It Pa mtree/ +.Xr mtree 8 +configuration files. +.It Pa named.* +.It Pa namedb/ +.Xr named 8 +configuration files and databases. +.It Pa netgroup +Network groups; see +.Xr netgroup 5 . +.It Pa networks +Network name database; see +.Xr networks 5 . +.It Pa openssl/ +OpenSSL TLS trust anchors, configuration file, private keys, and +more. +Returned by +.Xr X509_get_default_cert_area 3 . +.Bl -tag -width "certs/" -compact +.It Pa certs/ +Hashed directory of trust anchors for TLS certificate validation. +Managed by +.Xr certctl 8 +according to +.Pa certs.conf . +See +.Xr openssl_rehash 1 . +Returned by +.Xr X509_get_default_cert_dir 3 . +.It Pa certs/ca-certificates.crt +Bundle of TLS anchors in PEM format formed by concatenation of +PEM-format certificates. +Managed by +.Xr certctl 8 +according to +.Pa certs.conf . +.It Pa certs.conf +Configuration file for +.Xr certctl 8 . +.It Pa misc/ +Miscellaneous OpenSSL scripts. +Unused in +.Nx +base. +.It Pa openssl.cnf +Optional default OpenSSL configuration file. +See +.Xr openssl_config 5 . +Returned by +.Xr CONF_get1_default_config_file 3 . +.It Pa private/ +Private key area. +Read/write/execute permitted only by root. +Unused in +.Nx +base. +Returned by +.Xr X509_get_default_private_dir 3 . +.El +.It Pa passwd +World readable password file generated from master.passwd; see +.Xr passwd 5 , +.Xr pwd_mkdb 8 . +.It Pa phones +Remote host telephone number data base; see +.Xr phones 5 . +.It Pa printcap +Printer configuration for +.Xr lpr 1 ; +see +.Xr printcap 5 . +.It Pa profile +System-wide scripts for +.Xr sh 1 . +.It Pa protocols +Protocol name database; see +.Xr protocols 5 . +.It Pa pwd.db +Database form of passwd file; see +.Xr pwd_mkdb 8 . +.It Pa rc +Master system startup script invoked by +.Xr init 8 ; +see +.Xr rc 8 . +.It Pa rc.conf +Configuration file for system startup and shutdown scripts; see +.Xr rc.conf 5 . +.It Pa rc.d/ +Directory containing per-subsystem startup and shutdown scripts; see +.Xr rc 8 . +.It Pa rc.local +Locally editable system startup script. +.It Pa rc.shutdown +Master system shutdown script invoked by +.Xr shutdown 8 ; +see +.Xr rc 8 . +.It Pa remote +Remote host description file; see +.Xr remote 5 . +.It Pa security +Daily (in)security script run by +.Xr cron 8 . +.It Pa security.conf +Configuration file for +.Pa security ; +see +.Xr security.conf 5 . +.It Pa services +Service name data base; see +.Xr services 5 . +.It Pa shells +List of permitted shells; see +.Xr shells 5 . +.It Pa skel/ +Sample initialization files for new user accounts. +.It Pa sliphome/ +SLIP login/logout scripts; see +.Xr sliplogin 8 . +.It Pa spwd.db +Database form of master.passwd file; see +.Xr pwd_mkdb 8 . +.It Pa syslog.conf +.Xr syslogd 8 +Configuration file; see +.Xr syslog.conf 5 . +.It Pa ttyaction +Login hooks for specific ttys, typically used to chown console +devices. +See +.Xr ttyaction 5 . +.It Pa ttys +Terminal initialization information; see +.Xr ttys 5 . +.It Pa weekly +Script run each week by +.Xr cron 8 . +.It Pa weekly.conf +Configuration file for +.Pa weekly ; +see +.Xr weekly.conf 5 . +.El +.It Pa /home/ +Default location for user home directories. +.It Pa /kern/ +Mount point for the kern file system; see +.Xr mount_kernfs 8 . +.It Pa /lib/ +Dynamic linked libraries used by dynamically linked programs +that cannot rely upon +.Pa /usr/lib/ +being available, such as those in +.Pa /bin/ +and +.Pa /sbin/ . +.It Pa /libdata/ +Non-executable files +.Pq such as device firmware +required at boot time, when +.Pa /usr/libdata +may not be available. +.It Pa /libexec/ +System utilities (such as the dynamic linker) required by programs +and libraries that cannot rely upon +.Pa /usr/libexec/ +being available. +.It Pa /mnt/ +Empty directory commonly used by +system administrators as a temporary mount point. +.It Pa /net/ +automounted NFS shares; +see +.Xr auto_master 5 +.It Pa /netbsd +Kernel executable image (the operating system loaded into memory +at boot time). +.It Pa /proc/ +Mount point for the process file system; see +.Xr mount_procfs 8 . +.It Pa /rescue/ +Statically linked rescue tools, for use in system recovery. +.It Pa /root/ +Home directory for the super-user. +.Pp +.Bl -tag -width ".profile" -compact +.It Pa \&.cshrc +Super-user start-up file for +.Xr csh 1 . +.It Pa \&.login +super-user start-up file for +.Xr csh 1 . +.It Pa \&.profile +super-user start-up file for +.Xr sh 1 . +.It Pa \&.rhosts +Super-user id mapping between machines. +(Obsolete.) +.El +.It Pa /sbin/ +System programs and administration utilities +used in both single-user and multi-user environments. +.It Pa /stand/ +Programs used in a standalone environment, that is, things that run on +bare hardware without a kernel. +Currently kernel modules are also placed here (except when building with +.Sy KERNEL_DIR , +see +.Xr mk.conf 5 ) , +although this remains somewhat controversial and they may yet get moved. +.It Pa /tmp/ +Temporary files. +The contents of +.Pa /tmp +are usually +.Em not +preserved across a system reboot. +.It Pa /usr/ +Contains the majority of the system utilities and files. +.Pp +.Bl -tag -width "libdata/" -compact +.It Pa X11R7/ +X11 files (for X11 revision 7). +.Pp +.Bl -tag -width "include/" -compact +.It Pa bin/ +X11 binaries. +.It Pa include/ +X11 include files. +.It Pa lib/ +X11 libraries. +.El +.Pp +.It Pa bin/ +Common utilities, programming tools, and applications. +.It Pa games/ +The important stuff. +.It Pa include/ +Standard C (and extension) include files. +.Pp +.Bl -tag -width "protocols/" -compact +.It Pa arpa/ +Include files for Internet service protocols. +.It Pa atf/ +Include files for the Automated Testing Framework; see +.Xr atf 7 . +.It Pa g++/ +Include files for the GNU C++ compiler. +.It Pa machine/ +Machine specific include files. +.It Pa net/ +Miscellaneous network include files. +.It Pa netatalk/ +C include files for AppleTalk protocols +see +.Xr atalk 4 . +.It Pa netinet/ +Include files for Internet standard protocols; see +.Xr inet 4 . +.It Pa netinet6/ +Include files for Internet protocol version 6; see +.Xr inet6 4 . +.It Pa netipsec/ +Include files for secret key management, used for security protocols; see +.Xr ipsec 4 . +.It Pa nfs/ +C include files for NFS (Network File System). +.It Pa protocols/ +C include files for Berkeley service protocols. +.It Pa sys/ +``System-level'' C include files. +.It Pa ufs/ +C include files for several mutually related file systems. +(The `u' was originally for +.Ux . ) +.El +.Pp +.It Pa lib/ +Archive, profiled, position independent archive, and shared libraries. +.Pp +.Bl -tag -width "lua/" -compact +.It Pa lua/ +.Bl -tag -width "5.3/" -compact +.It Pa 5.3/ +Lua 5.3 modules. +.El +.El +.Pp +.It Pa libdata/ +Miscellaneous utility data files. +.It Pa libexec/ +System daemons & system utilities (executed by other programs). +.Pp +.It Pa mdec/ +Boot blocks, etc. +.It Pa obj/ +Architecture-specific target tree produced by building the +.Pa /usr/src +tree; often a symbolic link or mounted file system. +.It Pa pkg/ +Installed third-party software packages. +.Pp +.Bl -tag -width "include/" -compact +.It Pa bin/ +Package binaries. +.It Pa etc/ +Package configuration files. +.It Pa include/ +Package include files. +.It Pa lib/ +Package libraries. +.It Pa libdata/ +Package data files. +.It Pa libexec/ +Package daemons. +.It Pa sbin/ +Package system utilities. +.El +.Pp +.It Pa pkgsrc/ +Build descriptions (packaging) for the +.Nx +package system. +.Pp +.Bl -tag -width "distfilesX" -compact +.It Pa distfiles/ +Downloaded upstream source archives. +.It Pa packages/ +Compiled binary packages. +.El +.Pp +There are also several other subdirectories which contain packages of +a certain category, e.g., archivers, graphics, ... +.Pp +.It Pa sbin/ +System daemons and system utilities (normally executed by the super-user). +.It Pa share/ +Architecture-independent files, mostly text. +.Pp +.Bl -tag -width "calendar/" -compact +.It Pa calendar/ +A variety of calendar files; see +.Xr calendar 1 . +.It Pa certs/mozilla/ +X.509 certificates from Mozilla's curated set of certificate +authorities (CAs), +.Pa certdata.txt , +in PEM format. +See +.%U https://wiki.mozilla.org/CA/Included_Certificates +for details. +Used by +.Xr certctl 8 +to populate OpenSSL trust anchors at +.Pa /etc/openssl/certs . +.Bl -tag -width "server/" -compact +.It Pa all/ +Certificates of all CAs in Mozilla +.Pa certdata.txt , +for all purposes, including CAs Mozilla may no longer trust. +.It Pa code/ +Certificates of CAs trusted by Mozilla for code-signing. +.It Pa email/ +Certificates of CAs trusted by Mozilla for email with S/MIME. +.It Pa code/ +Certificates of CAs trusted by Mozilla for TLS server authentication. +.El +.It Pa dict/ +Word lists; +see +.Xr look 1 +and +.Xr spell 1 . +.Pp +.Bl -tag -width "special/" -compact +.It Pa words +Common words. +.It Pa web2 +Words from Webster's Second International Dictionary. +.It Pa papers/ +Reference databases; +see +.Xr refer 1 . +.It Pa special/ +Custom word lists; +see +.Xr spell 1 . +.El +.Pp +.It Pa doc/ +Miscellaneous documentation. +.It Pa games/ +Data files used by various games. +.It Pa i18n/ +internationalization databases; see +.Xr iconv 3 . +.It Pa locale/ +Locale databases and gettext message catalogs; see +.Xr setlocale 3 +and +.Xr gettext 3 . +.It Pa man/ +Manual pages. +.It Pa me/ +Macros for use with the +.Xr me 7 +roff macro package. +.It Pa misc/ +Miscellaneous system-wide text files. +.Pp +.Bl -tag -width "terminfo.cdb" -compact +.It Pa terminfo +Terminal characteristics database; +see +.Xr terminfo 5 . +.It Pa terminfo.cdb +database form of terminfo file; see +.Xr tic 1 . +.El +.Pp +.It Pa mk/ +Include files for +.Xr make 1 . +.It Pa ms/ +Macros for use with the +.Xr ms 7 +roff macro package. +.It Pa nls/ +Message catalogs; see +.Xr catgets 3 . +.It Pa tmac/ +Text processing macros; +see +.Xr nroff 1 +and +.Xr troff 1 . +.It Pa zoneinfo/ +Time zone database; +see +.Xr tzfile 5 . +.El +.It Pa tests/ +Test programs; see +.Xr tests 7 +for information on how to run them. +.El +.It Pa /usr/src/ +.Nx +and local source files. +.Pp +.Bl -tag -width "domestic/" -compact +.It Pa bin/ +Source for utilities/files in +.Pa /bin . +.It Pa common/ +Sources shared between kernel and userland. +.It Pa crypto/ +Cryptographic source, which may have import or export restrictions. +.It Pa dist/ +Third-party +.Sq virgin +source code, referenced by other parts of the source tree. +(Deprecated; use +.Pa external/ +instead.) +.It Pa distrib/ +Tools and data files for making +.Nx +releases and distributions. +.It Pa doc/ +Documentation about the source tree (i.e., about the tree, not about +how to use the software in the tree.) +.It Pa etc/ +Source (usually example files) for files in +.Pa /etc . +.It Pa external/ +Source for programs from external third parties +(where +.Nx +is the not the primary maintainer), +grouped by license, and then products per license. +.Pp +.Bl -tag -width "intel-fw-public/" -compact +.It Pa apache2/ +Apache 2.0 license. +.It Pa bsd/ +BSD (or equivalent) licensed software, +possibly with the +.Dq advertising clause . +.It Pa broadcom/ +Broadcom firmware license. +.It Pa cddl/ +Common Development and Distribution License (the Sun license which is +based on the Mozilla Public License version 1.1). +.It Pa gpl2/ +GNU Public License, version 2 (or earlier). +.It Pa gpl3/ +GNU Public License, version 3. +.It Pa historical/ +Lucent's old license. +.It Pa ibm-public/ +IBM's public license. +.It Pa intel-fw-eula/ +Intel firmware license with redistribution restricted to OEM. +.It Pa intel-fw-public/ +Intel firmware license permitting redistribution with +terms similar to BSD licensed software. +.It Pa intel-public/ +Intel license permitting redistribution with terms similar to +BSD licensed software. +.It Pa lgpl3/ +GNU lesser general public license, version 3. +.It Pa mit/ +MIT (X11) style license. +.It Pa mpl/ +Mozilla Public License. +.It Pa zlib/ +BSD-like zlib license. +.El +.Pp +.It Pa games/ +Source for utilities/files in +.Pa /usr/games . +.It Pa include/ +Source for files in +.Pa /usr/include . +.It Pa lib/ +Source for libraries in +.Pa /usr/lib . +.It Pa libexec/ +Source for utilities/files in +.Pa /usr/libexec . +.It Pa regress/ +Various legacy regression tests. +.It Pa rescue/ +Source/makefiles for +.Pa /rescue . +.It Pa sbin/ +Source for utilities/files in +.Pa /sbin . +.It Pa share/ +Source for files in +.Pa /usr/share . +.Pp +.Bl -tag -width "doc/" -compact +.It Pa doc/ +.Pp +.Bl -tag -width "papers/" -compact +.It Pa papers/ +Source for various historical technical papers (many from Berkeley). +.It Pa psd/ +Source for Programmer's Supplementary Documents. +.It Pa smm/ +Source for System Manager's Manual. +.It Pa usd/ +Source for User's Supplementary Documents. +.El +.El +.It Pa sys/ +Kernel source files. +.Pp +.Bl -tag -width "gdbscripts/" -compact +.It Pa arch/ +Architecture-specific support. +.Pp +.Bl -tag -width "playstation2/" -compact +.It Pa acorn32/ +Acorn RiscPC/A7000 and VLSI RC7500. +.It Pa algor/ +Algorithmics Ltd. MIPS evaluations boards. +.It Pa alpha/ +Digital/Compaq Alpha. +.It Pa amd64/ +Computers with x86_64 capable CPUs. +.It Pa amiga/ +Commodore Amiga and MacroSystem DraCo. +.It Pa amigappc/ +PowerPC based Amiga boards. +.It Pa arc/ +MIPS-based machines following the Advanced RISC Computing spec. +.It Pa arm/ +ARM processor general support. +.It Pa atari/ +Atari TT030, Falcon and Hades. +.It Pa bebox/ +Be Inc. BeBox. +.It Pa cats/ +Chalice Technology's CATS and Intel's EBSA-285 evaluation boards. +.It Pa cesfic/ +CES FIC8234 VME processor board. +.It Pa cobalt/ +Cobalt Networks' MIPS-based Microserver. +.It Pa dreamcast/ +Sega Dreamcast game console. +.It Pa emips/ +Machines based on Extensible MIPS. +.It Pa evbarm/ +ARM based evaluation boards. +.It Pa evbmips/ +MIPS based evaluation boards. +.It Pa evbppc/ +PowerPC based evaluation boards and appliances. +.It Pa evbsh3/ +SH3/SH4 based evaluation boards. +.It Pa ews4800mips/ +NEC's MIPS based EWS4800 workstations. +.It Pa hp300/ +Hewlett-Packard 9000/300 and 400 680x0-based workstations. +.It Pa hppa/ +Hewlett-Packard 9000/700 and 9000/800 HPPA based workstations. +.It Pa hpcarm/ +StrongARM based WinCE PDA machines. +.It Pa hpcmips/ +MIPS based WinCE PDA machines. +.It Pa hpcsh/ +Hitachi SH3/4 based WinCE PDA machines. +.It Pa hppa/ +HPPA processor general support. +.It Pa i386/ +32-bit 80x86-based IBM PCs and clones. +.It Pa ibmnws/ +IBM Network Station 1000. +.It Pa iyonix/ +Castle Technology's Iyonix ARM based PCs. +.It Pa luna68k/ +Omron Tateishi Electric's 680x0-based LUNA workstations. +.It Pa m68k/ +680x0 processor general support. +.It Pa mac68k/ +Apple Macintosh with 68k CPU. +.It Pa macppc/ +Apple Power Macintosh and clones. +.It Pa mips/ +MIPS processor general support. +.It Pa mipsco/ +MIPS Computer Systems Inc. family of workstations and servers. +.It Pa mmeye/ +Brains Inc. SH3 based mmEye multimedia server. +.It Pa mvme68k/ +Motorola MVME 680x0-based SBCs. +.It Pa mvmeppc/ +Motorola PowerPC VME SBCs. +.It Pa netwinder/ +StrongARM based NetWinder machines. +.It Pa news68k/ +Sony's 680x0-based NEWS workstations. +.It Pa newsmips/ +Sony's MIPS-based NEWS workstations. +.It Pa next68k/ +NeXT 68k "black" hardware. +.It Pa ofppc/ +Open Firmware PowerPC workstations. +.It Pa playstation2/ +SONY PlayStation 2. +.It Pa pmax/ +Digital MIPS-based DECstations and DECsystems. +.It Pa powerpc/ +PowerPC processor general support. +.It Pa prep/ +PReP (PowerPC Reference Platform) and CHRP (Common Hardware Reference +Platform) machines. +.It Pa sandpoint/ +Motorola Sandpoint reference platform. +.It Pa sbmips/ +Broadcom/SiByte evaluation boards. +.It Pa sgimips/ +Silicon Graphics' MIPS-based workstations. +.It Pa sh3/ +SH3/SH4 processor general support. +.It Pa shark/ +Digital DNARD ("Shark"). +.It Pa sparc/ +Sun Microsystems SPARC (32-bit) and UltraSPARC (in 32-bit mode). +.It Pa sparc64/ +Sun Microsystems UltraSPARC (in native 64-bit mode). +.It Pa sun2/ +Sun Microsystems 68010-based Sun 2 architecture. +.It Pa sun3/ +Sun Microsystems 68020/68030-based Sun 3/3x architecture. +.It Pa sun68k/ +680x0-based Sun architecture general support. +.It Pa vax/ +Digital VAX. +.It Pa x68k/ +Sharp X680x0 680x0-based workstations. +.It Pa x86/ +General support for PC/AT compatibles with ia32 or x86_64 CPUs. +.It Pa xen/ +The Xen virtual machine monitor. +.It Pa zaurus/ +Sharp C3x00 Arm based PDA. +.El +.Pp +.It Pa compat/ +Kernel compatibility modules directory. +.Pp +.Bl -tag -width "ossaudio/" -compact +.It Pa common/ +Common compatibility routines, old +.Bx 4 +and +.Nx +routines. +.It Pa freebsd/ +Support for +.Fx +binaries; see +.Xr compat_freebsd 8 . +.It Pa hpux/ +Support for 68000 HP-UX binaries. +.It Pa linux/ +Support for Linux binaries; see +.Xr compat_linux 8 . +.It Pa m68k4k/ +Support for 4KB page 68000 binaries. +.It Pa netbsd32/ +Support for +.Nx +32-bit binaries on 64 bit platforms with compatible CPU families. +.It Pa ossaudio/ +Support for OSS audio. +.It Pa sunos/ +Support for SunOS 4.x binaries; see +.Xr compat_sunos 8 . +.It Pa ultrix/ +Support for ULTRIX binaries. +.It Pa vax1k/ +Support for older VAX binaries that started on a 1 KB boundary. +.El +.Pp +.It Pa conf/ +Architecture independent configuration directory. +.It Pa crypto/ +Cryptographic kernel source, which may have import or export restrictions. +.It Pa ddb/ +In-kernel debugger. +.It Pa dev/ +Architecture independent device support. +.It Pa fs/ +File systems. +See also +.Pa ufs/ +and +.Pa miscfs/ . +.Bl -tag -width "filecorefs/" -compact +.It Pa adosfs/ +AmigaDOS file-system support; see +.Xr mount_ados 8 . +.It Pa cd9660/ +Support for the ISO-9660 file system; see +.Xr mount_cd9660 8 . +.It Pa filecorefs/ +Support for the Acorn RISC OS filecore file system; see +.Xr mount_filecore 8 . +.It Pa msdosfs/ +MS-DOS file system; see +.Xr mount_msdos 8 . +.It Pa ntfs/ +NTFS file system support; see +.Xr mount_ntfs 8 . +.It Pa ptyfs/ +Pseudo-terminal device file system; see +.Xr mount_ptyfs 8 . +.It Pa union/ +Union file system; see +.Xr mount_union 8 . +.El +.It Pa gdbscripts/ +Support for accessing kernel structures from within the debugger +.Xr gdb 1 . +.Pp +.It Pa kern/ +Primary kernel source code. +.It Pa lib/ +Libraries supporting the kernel. +.Pp +.Bl -tag -width "libkern/" -compact +.It Pa libkern/ +C library routines used in the kernel. +.It Pa libsa/ +Machine-independent standalone library, used by boot loaders. +.It Pa libz/ +Compression library. +.El +.Pp +.It Pa miscfs/ +More file systems. +.Pp +.Bl -tag -width "deadfs/" -compact +.It Pa deadfs/ +Kernel only dead file system. +.It Pa fdesc/ +File descriptor file system; see +.Xr mount_fdesc 8 . +.It Pa fifofs/ +POSIX FIFO (named pipe) support. +.It Pa genfs/ +Generic file system code that supports other file systems. +.It Pa kernfs/ +Kernel namespace file system; see +.Xr mount_kernfs 8 . +.It Pa nullfs/ +Loop back file system; see +.Xr mount_null 8 . +.It Pa overlay/ +Overlay file system; see +.Xr mount_overlay 8 . +.It Pa procfs/ +Process file system; see +.Xr mount_procfs 8 . +.It Pa specfs/ +Support for block and character special files. +.It Pa syncfs/ +Kernel trickle sync algorithm. +.It Pa umapfs/ +User and group re-mapping file system; see +.Xr mount_umap 8 . +.El +.Pp +.It Pa net/ +Miscellaneous networking support. +.It Pa netatalk/ +AppleTalk networking support. +.It Pa netinet/ +IP networking support. +.It Pa netinet6/ +IPv6 networking support. +.It Pa netipsec/ +Key database for IPsec networking support. +.It Pa nfs/ +NFS (network file system) support, both client and server. +.It Pa stand/ +Kernel standalone support. +.It Pa sys/ +Kernel (and system) include files. +.It Pa ufs/ +Still more file systems. +.Pp +.Bl -tag -width "ffs/" -compact +.It Pa chfs/ +A FFS-based file system for use on raw flash. +.It Pa ext2fs/ +The Linux ext2 file system. +.It Pa ffs/ +The Berkeley Fast File System. +.It Pa lfs/ +The Berkeley log-structured file system. +.It Pa mfs/ +The in-memory file system. +.It Pa ufs/ +Shared +.Ux +file system support. +.El +.It Pa uvm/ +UVM virtual memory system. +.El +.It Pa tests/ +Source for test programs in +.Pa /usr/tests . +.It Pa usr.bin/ +Source for utilities/files in +.Pa /usr/bin . +.It Pa usr.sbin/ +Source for utilities/files in +.Pa /usr/sbin . +.El +.It Pa /var/ +Multi-purpose log, temporary, transient, and spool files. +.Pp +.Bl -tag -width "preserve/" -compact +.It Pa account/ +System accounting files. +.Pp +.Bl -tag -width "acct" -compact +.It Pa acct +Execution accounting file; +see +.Xr acct 5 . +.El +.Pp +.It Pa at/ +Timed command scheduling files; +see +.Xr at 1 . +.It Pa backups/ +Miscellaneous backup files, largely of files found in +.Pa /etc . +.It Pa chroot/ +Home directories of applications which are run in a +.Xr chroot 8 +.Dq cage . +.It Pa crash/ +System (kernel) crash dumps; see +.Xr savecore 8 . +.It Pa cron/ +Scheduled commands configuration files; see +.Xr cron 8 +and +.Xr crontab 5 . +.It Pa db/ +Miscellaneous automatically generated system-specific database files, +and persistent files used in the maintenance of third party software. +.It Pa games/ +Miscellaneous game status, log, and high score files. +.It Pa heimdal/ +Kerberos 5 KDC database; see +.Xr kdc 8 . +.It Pa log/ +Miscellaneous system log files. +.Pp +.Bl -tag -width "monthly.out" -compact +.It Pa amd.* +.Xr amd 8 +logs. +.It Pa daily.out +Output of the last run of the +.Pa /etc/daily +script. +.It Pa ftp.* +.Xr ftp 1 +logs. +.It Pa kerberos.* +.Xr kerberos 8 +logs. +.It Pa lastlog +System last-time-logged-in database; see +.Xr utmp 5 . +.It Pa lpd-errs.* +Printer daemon error logs; see +.Xr lpd 8 . +.It Pa maillog.* +.Xr sendmail 1 +and +.Xr postfix 1 +(and other mail-related) +log files. +.It Pa messages.* +General system information log. +.It Pa monthly.out +Output of the last run of the +.Pa /etc/monthly +script. +.It Pa secure +Sensitive security information log. +.It Pa sendmail.st +.Xr sendmail 1 +statistics. +.It Pa timed.* +.Xr timed 8 +logs. +.It Pa weekly.out +Output of the last run of the +.Pa /etc/weekly +script. +.It Pa wtmp +Login and logout log; +see +.Xr utmp 5 . +.It Pa wtmpx +Another login and logout log; see +.Xr utmpx 5 . +.El +.Pp +.It Pa mail/ +User e-mail inboxes. +.It Pa msgs/ +System messages; see +.Xr msgs 1 . +.\" since we use nvi (now called vi) this isn't the place any more, is it? +.It Pa preserve/ +Temporary home of files preserved after an accidental death of +.Xr ex 1 +or +.Xr vi 1 . +.It Pa quotas/ +File system quota information. +(Legacy.) +.It Pa run/ +System information files, rebuilt after each reboot. +.Pp +.Bl -tag -width "utmp" -compact +.It Pa dmesg.boot +A dump from +.Xr dmesg 8 +taken at boot time. +.It Pa utmp +Database of currently logged in users; see +.Xr utmp 5 . +.It Pa utmpx +Another database of currently logged in users; see +.Xr utmpx 5 . +.El +.Pp +.It Pa rwho/ +Rwho data files; see +.Xr rwhod 8 , +.Xr rwho 1 , +and +.Xr ruptime 1 . +.Pp +.It Pa shm/ +Used as backing store for POSIX shared memory; see +.Xr shm_open 3 . +.Pp +.It Pa spool/ +Miscellaneous printer and mail system spooling directories. +.Pp +.Bl -tag -width "postfix/" -compact +.It Pa ftp/ +Commonly +.Dq ~ftp , +the anonymous ftp root directory; see +.Xr ftpd 8 . +.It Pa mqueue/ +Sendmail mail queue; +see +.Xr sendmail 1 . +.It Pa news/ +Network news archival and spooling directories. +.It Pa output/ +Printer spooling directories. +.It Pa postfix/ +Postfix mail queue; +see +.Xr postfix 1 . +.El +.Pp +.It Pa tmp/ +Temporary files that are not discarded between system reboots. +.Pp +.Bl -tag -width "vi.recover/" -compact +.It Pa vi.recover/ +Recovery directory for new (current) +.Xr vi 1 . +.El +.Pp +.It Pa yp/ +Databases and configuration for the NIS (YP) system; see +.Xr nis 8 . +.El +.El +.Sh SEE ALSO +.Xr apropos 1 , +.Xr ls 1 , +.Xr whatis 1 , +.Xr whereis 1 , +.Xr which 1 , +.Xr paths 3 +.Sh HISTORY +A +.Nm +manual page appeared in +.At v7 . diff --git a/static/netbsd/man7/hostname.7 b/static/netbsd/man7/hostname.7 new file mode 100644 index 00000000..38bab06a --- /dev/null +++ b/static/netbsd/man7/hostname.7 @@ -0,0 +1,185 @@ +.\" $NetBSD: hostname.7,v 1.13 2012/03/29 18:37:21 wiz Exp $ +.\" +.\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Copyright (c) 1987 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms are permitted +.\" provided that the above copyright notice and this paragraph are +.\" duplicated in all such forms and that any documentation, +.\" advertising materials, and other materials related to such +.\" distribution and use acknowledge that the software was developed +.\" by the University of California, Berkeley. The name of the +.\" University may not be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.\" @(#)hostname.7 6.4 (Berkeley) 1/16/90 +.\" +.Dd February 16, 1994 +.Dt HOSTNAME 7 +.Os +.Sh NAME +.Nm hostname +.Nd host name resolution description +.Sh DESCRIPTION +Hostnames are domains. +A domain is a hierarchical, dot-separated list of subdomains. +For example, the machine +.Dq Li monet , +in the +.Dq Li Berkeley +subdomain of the +.Dq Li EDU +subdomain of the Internet Domain Name System would be represented as +.Pp +.Dl monet.Berkeley.EDU +.Pp +(with no trailing dot). +.Pp +Hostnames are often used with network client and server programs, +which must generally translate the name to an address for use. +(This task is usually performed by the library routine +.Xr gethostbyname 3 . ) +The default method for resolving hostnames by the Internet name resolver is +to follow RFC 1535's security recommendations. +Actions can be taken by the administrator to override these +recommendations and to have the resolver behave the same as earlier, +non-RFC 1535 resolvers. +.Pp +The default method (using RFC 1535 guidelines) follows: +.Pp +If the name consists of a single component, i.e. contains no dot, and if the +environment variable +.Dq Ev HOSTALIASES +is set to the name of a file, +that file is searched for a string matching the input hostname. +The file +should consist of lines made up of two strings separated by white-space, the +first of which is the hostname alias, and the second of which is the complete +hostname to be substituted for that alias. +If a case-insensitive match is +found between the hostname to be resolved and the first field of a line in +the file, the substituted name is looked up with no further processing. +.Pp +If there is at least one dot in the name, then the name is first tried +.Dq as-is . +The number of dots to cause this action is configurable by setting the +threshold using the +.Dq Li ndots +option in +.Pa /etc/resolv.conf +(default: 1). +If the name ends with a dot, the trailing dot is +removed, and the remaining name is looked up (regardless of the setting of +the +.Li ndots +option), without further processing. +.Pp +If the input name does not end with a trailing dot, it is looked up by +searching through a list of domains until a match is found. +If neither the search option in the +.Pa /etc/resolv.conf +file or the +.Dq Ev LOCALDOMAIN +environment variable is used, then the +search list of domains contains only the full domain specified by the +.Li domain +option (in +.Pa /etc/resolv.conf ) +or the domain used in the local hostname. +For example, if the +.Dq Li domain +option is set to +.Li CS.Berkeley.EDU , +then only +.Li CS.Berkeley.EDU +will be in the search list, and this will be the only +domain appended to the partial hostname. +For example, if +.Dq Li lithium +is the name to be resolved, this would make +.Li lithium.CS.Berkeley.EDU +the only name to be tried using the search list. +.Pp +If the +.Li search +option is used in +.Pa /etc/resolv.conf +or the environment variable +.Dq Ev LOCALDOMAIN +is set by the user, then +the search list will include what is set by these methods. +For example, if the +.Dq Li search +option contained +.Pp +.Dl CS.Berkeley.EDU CChem.Berkeley.EDU Berkeley.EDU +.Pp +then the partial hostname (e.g., +.Dq Li lithium ) +will be tried with +.Em each +domain name appended (in the same order specified); the resulting hostnames +that would be tried are: +.Bd -literal -offset indent +lithium.CS.Berkeley.EDU +lithium.CChem.Berkeley.EDU +lithium.Berkeley.EDU +.Ed +.Pp +The environment variable +.Dq Ev LOCALDOMAIN +overrides the +.Dq Li search +and +.Dq Li domain +options, and if both +.Li search +and +.Li domain +options are present in the resolver configuration file, then only the +.Em last +one listed is used (see +.Xr resolv.conf 5 ) . +.Pp +If the name was not previously tried +.Dq as-is +(i.e., it fell below the +.Dq Li ndots +threshold or did not contain a dot), then the name as +originally provided is attempted. +.Sh ENVIRONMENT +.Bl -tag -width "/etc/resolv.conf " +.It Ev LOCALDOMAIN +Affects domains appended to partial hostnames. +.It Ev HOSTALIASES +Name of file containing +.Pq Ar host alias , full hostname +pairs. +.El +.Sh FILES +.Bl -tag -width "/etc/resolv.conf " -compact +.It Pa /etc/resolv.conf +See +.Xr resolv.conf 5 . +.El +.Sh SEE ALSO +.Xr gethostbyname 3 , +.Xr resolv.conf 5 , +.Xr mailaddr 7 diff --git a/static/netbsd/man7/intro.7 b/static/netbsd/man7/intro.7 new file mode 100644 index 00000000..cbbfb290 --- /dev/null +++ b/static/netbsd/man7/intro.7 @@ -0,0 +1,139 @@ +.\" $NetBSD: intro.7,v 1.29 2021/05/01 07:41:14 nia Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)intro.7 8.1 (Berkeley) 6/5/93 +.\" +.Dd May 1, 2021 +.Dt INTRO 7 +.Os +.Sh NAME +.Nm intro +.Nd miscellaneous information pages +.Sh DESCRIPTION +This section contains miscellaneous documentation, including: +.Bl -tag -width "kernel_sanitizers(7)" -offset indent +.It Xr ascii 7 +map of ASCII character set +.It Xr c 7 +the C programming language +.It Xr entropy 7 +random unpredictable secrets needed for security +.It Xr environ 7 +user environment +.It Xr glob 7 +shell-style pattern matching +.\" .It Sy eqnchar +.\" special character definitions for eqn +.It Xr groups 7 +standard +.Nx +group names +.It Xr hier 7 +file system hierarchy in +.Nx +.It Xr hostname 7 +host name resolution description +.It Xr kernel_sanitizers 7 +bug detection features in the +.Nx +kernel +.It Xr mailaddr 7 +mail addressing description +.\" .It Sy man +.\" macros to typeset manual pages +.It Xr mdoc 7 +macros for typesetting +.Nm \-mdoc +style manual pages +.It Xr mdoc.samples 7 +tutorial for writing BSD manuals with +.Nm \-mdoc +.\" .It Sy \&me +.\" macros for formatting papers +.\" .It Sy \&ms +.\" macros for formatting manuscripts +.It Xr module 7 +kernel modules +.It Xr nls 7 +overview of national language support +.It Xr npf 7 +.Nx +Packet Filter +.It Xr operator 7 +C operator precedence and order of evaluation +.It Xr orders 7 +orders of magnitude +.It Xr pkgsrc 7 +the +.Nx +packages collection +.It Xr release 7 +layout of +.Nx +releases and snapshots +.It Xr rfc6056 7 +udp port randomization algorithms +.It Xr script 7 +how interpreter scripts are executed +.It Xr security 7 +security features available in +.Nx +.It Xr setuid 7 +checklist for security and setuid programs +.It Xr signal 7 +available signals under +.Nx +.It Xr src 7 +layout of the +.Nx +source tree +.It Xr sticky 7 +sticky bit +.Pq Dv S_ISVTX +handling +.It Xr symlink 7 +symbolic link handling +.It Xr sysctl 7 +system information variables in +.Nx +.It Xr tests 7 +.Nx +test suite +.\" .It Sy term +.\" conventional names for terminals +.It Xr users 7 +standard +.Nx +user account names +.El +.Sh HISTORY +The +.Nm intro +manual page appeared in +.Bx 4.2 . diff --git a/static/netbsd/man7/kernel_sanitizers.7 b/static/netbsd/man7/kernel_sanitizers.7 new file mode 100644 index 00000000..0a3a554d --- /dev/null +++ b/static/netbsd/man7/kernel_sanitizers.7 @@ -0,0 +1,157 @@ +.\" $NetBSD: kernel_sanitizers.7,v 1.6 2020/07/12 13:40:44 skrll Exp $ +.\" +.\" Copyright (c) 2020 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Maxime Villard. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd July 12, 2020 +.Dt KERNEL_SANITIZERS 7 +.Os +.Sh NAME +.Nm kernel_sanitizers +.Nd NetBSD Kernel Sanitizers +.Sh DESCRIPTION +Kernel Sanitizers are powerful kernel bug detection features that can +automatically discover several classes of bugs at run time while the kernel +executes. +.Pp +.Nx +supports four kernel sanitizers. +They are not mutually compatible, and only one can be enabled at a time, via +compilation options. +.Sh KUBSAN +Kernel Undefined Behavior Sanitizer, specializes in finding several types of +undefined behaviors, such a misaligned accesses and integer overflows. +.Ss Runtime cost +Heavy runtime checks. +.Ss Used components +Compiler instrumentation and an entirely MI runtime. +.Ss Supported architectures +aarch64 (gcc), amd64 (gcc), arm (gcc). +[Theoretically supported on all other architectures with no MD change required] +.Ss Files +.Bl -tag -width XXXX -compact +.It Pa src/common/lib/libc/misc/ubsan.c +Core KUBSAN code. +MI. +.El +.Sh KASAN +Kernel Address Sanitizer, specializes in finding memory corruptions such as +buffer overflows and use-after-frees. +.Ss Runtime cost +Heavy runtime checks, and ~12.5% increase in memory consumption. +.Ss Used components +Shadow memory, compiler instrumentation, special kernel wrappers, and +light MD infrastructure. +.Ss Supported architectures +aarch64 (gcc), amd64 (gcc, llvm), arm (gcc). +.Pp +KASAN is made of six sub-features that perform memory validation: +.Bd -literal + +-----------------------------------------------------+ + | SUPPORTED SUB-FEATURE | ++---------+------+-------+---------+-----------+---------+------+ +| PORT | HEAP | STACK | ATOMICS | BUS_SPACE | BUS_DMA | VLAs | ++---------+------+-------+---------+-----------+---------+------+ +| amd64 | Yes | Yes | Yes | Yes | Yes | Yes | ++---------+------+-------+---------+-----------+---------+------+ +| aarch64 | Yes | Yes | Yes | No | Yes | Yes | ++---------+------+-------+---------+-----------+---------+------+ +| arm | Yes | Yes | Yes | No | Yes | Yes | ++---------+------+-------+---------+-----------+---------+------+ +.Ed +.Pp +An architecture is allowed to have only partial support. +.Ss Files +.Bl -tag -width XXXX -compact +.It Pa src/sys/kern/subr_asan.c +Core KASAN code. +MI. +.It Pa src/sys/sys/asan.h +Main KASAN header. +MI. +.It Pa src/sys/arch/{port}/include/asan.h +Port-specific KASAN code. +MD. +.El +.Pp +Each new port of KASAN should respect the existing naming conventions, and +should introduce only one MD header file. +.Sh KCSAN +Kernel Concurrency Sanitizer, specializes in finding memory races. +.Ss Runtime cost +Medium runtime checks. +.Ss Used components +Compiler instrumentation, special kernel wrappers, and light MD infrastructure. +.Ss Supported architectures +amd64 (gcc). +.Ss Files +.Bl -tag -width XXXX -compact +.It Pa src/sys/kern/subr_csan.c +Core KCSAN code. +MI. +.It Pa src/sys/sys/csan.h +Main KCSAN header. +MI. +.It Pa src/sys/arch/{port}/include/csan.h +Port-specific KCSAN code. +MD. +.El +.Pp +Each new port of KCSAN should respect the existing naming conventions, and +should introduce only one MD header file. +.Sh KMSAN +Kernel Memory Sanitizer, specializes in finding uninitialized memory. +.Ss Runtime cost +Heavy runtime checks, and ~200% increase in memory consumption. +.Ss Used components +Double shadow memory, compiler instrumentation, special kernel wrappers, and +heavy MD infrastructure. +.Ss Supported architectures +amd64 (llvm). +.Ss Files +.Bl -tag -width XXXX -compact +.It Pa src/sys/kern/subr_msan.c +Core KMSAN code. +MI. +.It Pa src/sys/sys/msan.h +Main KMSAN header. +MI. +.It Pa src/sys/arch/{port}/include/msan.h +Port-specific KMSAN code. +MD. +.El +.Pp +Each new port of KMSAN should respect the existing naming conventions, and +should introduce only one MD header file. +.Sh AUTHORS +.An -nosplit +Support for KUBSAN was developed by +.An Kamil Rytarowski . +Support for KASAN, KCSAN and KMSAN was developed by +.An Maxime Villard . +Support for KASAN on ARM was developed by +.An Nick Hudson . diff --git a/static/netbsd/man7/mailaddr.7 b/static/netbsd/man7/mailaddr.7 new file mode 100644 index 00000000..99ef8738 --- /dev/null +++ b/static/netbsd/man7/mailaddr.7 @@ -0,0 +1,104 @@ +.\" $NetBSD: mailaddr.7,v 1.14 2010/03/01 16:52:41 jruoho Exp $ +.\" +.\" Copyright (c) 1983, 1987, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mailaddr.7 8.1 (Berkeley) 6/16/93 +.\" +.Dd June 16, 1998 +.Dt MAILADDR 7 +.Os +.Sh NAME +.Nm mailaddr +.Nd mail addressing description +.Sh DESCRIPTION +Mail addresses are based on the Internet protocol listed at the end of this +manual page. +These addresses are in the general format +.Pp +.Dl user@domain +.Pp +where a domain is a hierarchical dot separated list of subdomains. +For example, a valid address is: +.Pp +.Dl eric@CS.Berkeley.EDU +.Pp +Unlike some other (now obsolete) forms of addressing, domains do not +imply any routing, or the existence of a particular host. +Simply because mail may be sent to ``user@somedomain.com'' does not imply +that there is any actual host named ``somedomain.com'', and does not +imply a particular routing of the message. +Routing is performed by Mail Transport Agents, such as +.Xr postfix 1 , +based on policies set in the MTA's configuration. +.Ss Abbreviation +Under certain circumstances it may not be necessary to type the entire +domain name. +In general, anything following the first dot may be omitted +if it is the same as the domain from which you are sending the message. +For example, a user on ``calder.berkeley.edu'' could send to ``eric@CS'' +without adding the ``berkeley.edu'' since it is the same on both sending +and receiving hosts. +Whether abbreviation is permitted depends on how your site is configured. +.Ss Case Distinctions +Domain names (i.e., anything after the ``@'' sign) may be given in any mixture +of upper and lower case. +Most hosts accept any combination of case in user names, although there +are exceptions. +.Ss Postmaster +Every site is required to have a user or user alias designated ``postmaster'' +to which problems with the mail system may be addressed, for example: +.Pp +.Dl postmaster@CS.Berkeley.EDU +.Ss Obsolete Formats +Certain old address formats, such as UUCP ``bang path'' addresses, +explicitly routed internet addresses (so-called ``route-addrs'' and +the ``percent hack'') and others have been used historically. +All these addressing formats are now considered obsolete, and should no +longer be used. +.Pp +To some extent, MTAs attempt to provide backward compatibility +for these addressing forms, but in practice many of them no longer work. +Users should always use standard Internet style addresses. +.Sh SEE ALSO +.Xr mail 1 +.Rs +.%R RFC +.%N 822 +.%D August 1982 +.%A D. H. Crocker +.%T "Standard for the Format of Arpa Internet Text Messages" +.Re +.Sh HISTORY +.Nm +appeared in +.Bx 4.2 . +.Sh BUGS +The RFC 822 group syntax (``group:user1,user2,user3;'') is not supported +except in the special case of ``group:;'' because of a conflict with old +berknet-style addresses, not that anyone cares about either berknet or +group syntax style addresses any longer. diff --git a/static/netbsd/man7/module.7 b/static/netbsd/man7/module.7 new file mode 100644 index 00000000..4cb7425b --- /dev/null +++ b/static/netbsd/man7/module.7 @@ -0,0 +1,215 @@ +.\" $NetBSD: module.7,v 1.9 2020/07/13 13:42:51 pgoyette Exp $ +.\" +.\" Copyright (c) 2010 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd July 13, 2020 +.Dt MODULE 7 +.Os +.Sh NAME +.Nm module +.Nd Kernel Modules interface +.Sh SYNOPSIS +.Cd "options MODULAR" +.Sh DESCRIPTION +Kernel modules allow the system administrator to +dynamically add and remove functionality from a running system. +This also helps software developers add +new parts of the kernel without constantly rebooting to +test their changes. +.Pp +The kernel may automatically load software modules as +needed to perform requested operations. +For example, an +.Dq xyzfs +module can be loaded automatically when an +attempt is made to mount an +.Dq xyzfs +file system. +Modules can also depend on other modules, and dependent modules are +automatically loaded. +When a module is no longer needed, it can be automatically unloaded. +.Pp +An in-kernel linker resolves symbol references between the module +and the rest of the kernel. +.Pp +The +.Nm +interface is accessed with the +.Xr modctl 2 +system call. +All common operations involving +kernel modules are handled by the +.Xr modload 8 , +.Xr modunload 8 , +and +.Xr modstat 8 +programs. +Users should never have to interact with +.Xr modctl 2 +directly. +.Sh MODULE CLASSES +.Ss Virtual File System modules +Virtual file systems may be added via the +.Nm +interface. +.Ss Device Driver modules +Many device drivers can be loaded as a kernel module. +One potential problem specific to block and character device drivers +is that the device nodes must exist for the devices to be accessed. +These need to be created manually, after the driver module has been +successfully loaded. +Most device driver modules do not +need any manual intervention to function properly. +.Ss Execution Interpreters +Execution Interpreters can be loaded to provide support for executing +binaries not normally supported by the kernel. +This also allows loading +support for executing foreign system binaries. +Execution Interpreters may require that an appropriate +emulation module also be loaded. +.Ss Miscellaneous modules +Miscellaneous modules are modules for which there are not currently +well-defined or well-used interfaces for extension. +They are provided for extension, and the user-provided module +initialization routine is expected to install the necessary "hooks" +into the rest of the operating system. +An example of a "miscellaneous module" might be a loader for +card-specific VGA drivers or alternate terminal emulations in +an appropriately layered console driver. +.Ss Security-Model modules +Alternate system security models also may be loaded using +.Nm . +.Sh EXAMPLES +The common build tool of +.Nx , +.Dq build.sh , +automatically compiles and installs most +modules during a full system build and install. +(The exceptions are some modules from external sources which, due to +licensing concerns, can be built only as separately-loaded modules.) +However, sometimes it is useful to update only modules. +The following example demonstrates one way to do this. +It is assumed that the source code is under +.Pa /usr/src , +while the object and toolchain directories are under +.Pa /usr/obj +and +.Pa /usr/tools , +respectively. +.Bd -literal -offset indent +cd /usr/src/sys/modules + +export OBJDIR=/usr/obj +export TOOLDIR=/usr/tools + +make clean +make +make install +.Ed +.Pp +Alternatively, the +.Dq build.sh +tool can be used to build and install only the modules: +.Bd -literal -offset indent +cd /usr/src +\&./build.sh -O /usr/obj -T /usr/tools modules +\&./build.sh -O /usr/obj -T /usr/tools installmodules=/ +.Ed +.Sh SEE ALSO +.Xr modctl 2 , +.Xr modload 8 , +.Xr modstat 8 , +.Xr modunload 8 , +.Xr module 9 +.Sh HISTORY +The +.Nm +facility was designed to be similar in functionality +to the loadable kernel modules facility provided by +SunOS 4.1.3. +The old +.Dv LKM +interface was replaced by +.Nm +in +.Nx 5.0 . +.Sh AUTHORS +The +.Nm +subsystem was implemented by +.An Andrew Doran +.Aq ad@netbsd.org . +.Sh CAVEATS +The +.Nm +framework is still under active development. +At least two potential caveats can be mentioned. +.Bl -enum -offset 2n +.It +Kernel modules are built to operate only with a specific version of the +.Nx +kernel. +When the kernel is updated to a new version, the contents of the +.Pa /stand/${ARCH}/${VERSION}/modules/ +directory should be updated as well. +(This location has been the subject of much discussion, and may change +in future versions of +.Nx . ) +.It +If an attempt is made to boot the operating system from a file system for +which the module is not built into the kernel, the boot may fail +with the message +.Dq "Cannot mount root, error 79" . +On certain architectures (currently, i386 and amd64), one may be able to +recover from this error by using the +.Dq "load xxxfs" +command before trying to boot. +This command is only available on newer bootloaders. +.El +.Pp +The absence of required modules or the inability of the bootloader +to load the modules are common reasons for failures to boot a +.Cd MODULAR +kernel. +It may be a good practice to maintain a non-MODULAR kernel +in the root file system for recovery purposes. +.Sh SECURITY CONSIDERATIONS +A module becomes part of the kernel once loaded. +Unlike in userland programs, fatal errors in kernel modules +may crash the operating system. +There is no memory protection between modules and the rest of the kernel. +Hence, a potential attacker with access to the +.Xr modctl 2 +system call can acquire total control over the system. +.Pp +To avoid such security risks, new modules can only be loaded when +.Pa securelevel +is less than or equal to zero, or if the kernel was built with +.Cd options INSECURE . +Refer to +.Xr secmodel_securelevel 9 +for additional details on the +.Pa securelevel . +Only use modules from trusted sources. diff --git a/static/netbsd/man7/nls.7 b/static/netbsd/man7/nls.7 new file mode 100644 index 00000000..7e57562c --- /dev/null +++ b/static/netbsd/man7/nls.7 @@ -0,0 +1,518 @@ +.\" $NetBSD: nls.7,v 1.15 2009/04/09 02:51:54 joerg Exp $ +.\" +.\" Copyright (c) 2003 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Gregory McGarry. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 21, 2007 +.Dt NLS 7 +.Os +.Sh NAME +.Nm NLS +.Nd Native Language Support Overview +.Sh DESCRIPTION +Native Language Support (NLS) provides commands for a single +worldwide operating system base. +An internationalized system has no built-in assumptions or dependencies +on language-specific or cultural-specific conventions such as: +.Pp +.Bl -bullet -offset indent -compact +.It +Character classifications +.It +Character comparison rules +.It +Character collation order +.It +Numeric and monetary formatting +.It +Date and time formatting +.It +Message-text language +.It +Character sets +.El +.Pp +All information pertaining to cultural conventions and language is +obtained at program run time. +.Pp +.Dq Internationalization +(often abbreviated +.Dq i18n ) +refers to the operation by which system software is developed to support +multiple cultural-specific and language-specific conventions. +This is a generalization process by which the system is untied from +calling only English strings or other English-specific conventions. +.Dq Localization +(often abbreviated +.Dq l10n ) +refers to the operations by which the user environment is customized to +handle its input and output appropriate for specific language and cultural +conventions. +This is a specialization process, by which generic methods already +implemented in an internationalized system are used in specific ways. +The formal description of cultural conventions for some country, together +with all associated translations targeted to the native language, is +called the +.Dq locale . +.Pp +.Nx +provides extensive support to programmers and system developers to +enable internationalized software to be developed. +.Nx +also supplies a large variety of locales for system localization. +.Ss Localization of Information +All locale information is accessible to programs at run time so that +data is processed and displayed correctly for specific cultural +conventions and language. +.Pp +A locale is divided into categories. +A category is a group of language-specific and culture-specific conventions +as outlined in the list above. +ISO C specifies the following six standard categories supported by +.Nx : +.Pp +.Bl -tag -compact -width LC_MONETARYXX +.It Ev LC_COLLATE +string-collation order information +.It Ev LC_CTYPE +character classification, case conversion, and other character attributes +.It Ev LC_MESSAGES +the format for affirmative and negative responses +.It Ev LC_MONETARY +rules and symbols for formatting monetary numeric information +.It Ev LC_NUMERIC +rules and symbols for formatting nonmonetary numeric information +.It Ev LC_TIME +rules and symbols for formatting time and date information +.El +.Pp +Localization of the system is achieved by setting appropriate values +in environment variables to identify which locale should be used. +The environment variables have the same names as their respective +locale categories. +Additionally, the +.Ev LANG , +.Ev LC_ALL , +and +.Ev NLSPATH +environment variables are used. +The +.Ev NLSPATH +environment variable specifies a colon-separated list of directory names +where the message catalog files of the NLS database are located. +The +.Ev LC_ALL +and +.Ev LANG +environment variables also determine the current locale. +.Pp +The values of these environment variables contains a string format as: +.Pp +.Bd -literal + language[_territory][.codeset][@modifier] +.Ed +.Pp +Valid values for the language field come from the ISO639 standard which +defines two-character codes for many languages. +Some common language codes are: +.Pp +.Bl -column "PERSIAN (farsi)" "Sy Code" "OCEANIC/INDONESIAN" +.It Sy Language Name Ta Sy Code Ta Sy Language Family +.It ABKHAZIAN AB IBERO-CAUCASIAN +.It AFAN (OROMO) OM HAMITIC +.It AFAR AA HAMITIC +.It AFRIKAANS AF GERMANIC +.It ALBANIAN SQ INDO-EUROPEAN (OTHER) +.It AMHARIC AM SEMITIC +.It ARABIC AR SEMITIC +.It ARMENIAN HY INDO-EUROPEAN (OTHER) +.It ASSAMESE AS INDIAN +.It AYMARA AY AMERINDIAN +.It AZERBAIJANI AZ TURKIC/ALTAIC +.It BASHKIR BA TURKIC/ALTAIC +.It BASQUE EU BASQUE +.It BENGALI BN INDIAN +.It BHUTANI DZ ASIAN +.It BIHARI BH INDIAN +.It BISLAMA Ta BI Ta "" +.It BRETON BR CELTIC +.It BULGARIAN BG SLAVIC +.It BURMESE MY ASIAN +.It BYELORUSSIAN BE SLAVIC +.It CAMBODIAN KM ASIAN +.It CATALAN CA ROMANCE +.It CHINESE ZH ASIAN +.It CORSICAN CO ROMANCE +.It CROATIAN HR SLAVIC +.It CZECH CS SLAVIC +.It DANISH DA GERMANIC +.It DUTCH NL GERMANIC +.It ENGLISH EN GERMANIC +.It ESPERANTO EO INTERNATIONAL AUX. +.It ESTONIAN ET FINNO-UGRIC +.It FAROESE FO GERMANIC +.It FIJI FJ OCEANIC/INDONESIAN +.It FINNISH FI FINNO-UGRIC +.It FRENCH FR ROMANCE +.It FRISIAN FY GERMANIC +.It GALICIAN GL ROMANCE +.It GEORGIAN KA IBERO-CAUCASIAN +.It GERMAN DE GERMANIC +.It GREEK EL LATIN/GREEK +.It GREENLANDIC KL ESKIMO +.It GUARANI GN AMERINDIAN +.It GUJARATI GU INDIAN +.It HAUSA HA NEGRO-AFRICAN +.It HEBREW HE SEMITIC +.It HINDI HI INDIAN +.It HUNGARIAN HU FINNO-UGRIC +.It ICELANDIC IS GERMANIC +.It INDONESIAN ID OCEANIC/INDONESIAN +.It INTERLINGUA IA INTERNATIONAL AUX. +.It INTERLINGUE IE INTERNATIONAL AUX. +.It INUKTITUT Ta IU Ta "" +.It INUPIAK IK ESKIMO +.It IRISH GA CELTIC +.It ITALIAN IT ROMANCE +.It JAPANESE JA ASIAN +.It JAVANESE JV OCEANIC/INDONESIAN +.It KANNADA KN DRAVIDIAN +.It KASHMIRI KS INDIAN +.It KAZAKH KK TURKIC/ALTAIC +.It KINYARWANDA RW NEGRO-AFRICAN +.It KIRGHIZ KY TURKIC/ALTAIC +.It KURUNDI RN NEGRO-AFRICAN +.It KOREAN KO ASIAN +.It KURDISH KU IRANIAN +.It LAOTHIAN LO ASIAN +.It LATIN LA LATIN/GREEK +.It LATVIAN LV BALTIC +.It LINGALA LN NEGRO-AFRICAN +.It LITHUANIAN LT BALTIC +.It MACEDONIAN MK SLAVIC +.It MALAGASY MG OCEANIC/INDONESIAN +.It MALAY MS OCEANIC/INDONESIAN +.It MALAYALAM ML DRAVIDIAN +.It MALTESE MT SEMITIC +.It MAORI MI OCEANIC/INDONESIAN +.It MARATHI MR INDIAN +.It MOLDAVIAN MO ROMANCE +.It MONGOLIAN Ta MN Ta "" +.It NAURU Ta NA Ta "" +.It NEPALI NE INDIAN +.It NORWEGIAN NO GERMANIC +.It OCCITAN OC ROMANCE +.It ORIYA OR INDIAN +.It PASHTO PS IRANIAN +.It PERSIAN (farsi) FA IRANIAN +.It POLISH PL SLAVIC +.It PORTUGUESE PT ROMANCE +.It PUNJABI PA INDIAN +.It QUECHUA QU AMERINDIAN +.It RHAETO-ROMANCE RM ROMANCE +.It ROMANIAN RO ROMANCE +.It RUSSIAN RU SLAVIC +.It SAMOAN SM OCEANIC/INDONESIAN +.It SANGHO SG NEGRO-AFRICAN +.It SANSKRIT SA INDIAN +.It SCOTS GAELIC GD CELTIC +.It SERBIAN SR SLAVIC +.It SERBO-CROATIAN SH SLAVIC +.It SESOTHO ST NEGRO-AFRICAN +.It SETSWANA TN NEGRO-AFRICAN +.It SHONA SN NEGRO-AFRICAN +.It SINDHI SD INDIAN +.It SINGHALESE SI INDIAN +.It SISWATI SS NEGRO-AFRICAN +.It SLOVAK SK SLAVIC +.It SLOVENIAN SL SLAVIC +.It SOMALI SO HAMITIC +.It SPANISH ES ROMANCE +.It SUNDANESE SU OCEANIC/INDONESIAN +.It SWAHILI SW NEGRO-AFRICAN +.It SWEDISH SV GERMANIC +.It TAGALOG TL OCEANIC/INDONESIAN +.It TAJIK TG IRANIAN +.It TAMIL TA DRAVIDIAN +.It TATAR TT TURKIC/ALTAIC +.It TELUGU TE DRAVIDIAN +.It THAI TH ASIAN +.It TIBETAN BO ASIAN +.It TIGRINYA TI SEMITIC +.It TONGA TO OCEANIC/INDONESIAN +.It TSONGA TS NEGRO-AFRICAN +.It TURKISH TR TURKIC/ALTAIC +.It TURKMEN TK TURKIC/ALTAIC +.It TWI TW NEGRO-AFRICAN +.It UIGUR Ta UG Ta "" +.It UKRAINIAN UK SLAVIC +.It URDU UR INDIAN +.It UZBEK UZ TURKIC/ALTAIC +.It VIETNAMESE VI ASIAN +.It VOLAPUK VO INTERNATIONAL AUX. +.It WELSH CY CELTIC +.It WOLOF WO NEGRO-AFRICAN +.It XHOSA XH NEGRO-AFRICAN +.It YIDDISH YI GERMANIC +.It YORUBA YO NEGRO-AFRICAN +.It ZHUANG Ta ZA Ta "" +.It ZULU ZU NEGRO-AFRICAN +.El +.Pp +For example, the locale for the Danish language spoken in Denmark +using the ISO 8859-1 character set is da_DK.ISO8859-1. +The da stands for the Danish language and the DK stands for Denmark. +The short form of da_DK is sufficient to indicate this locale. +.Pp +The environment variable settings are queried by their priority level +in the following manner: +.Pp +.Bl -bullet +.It +If the +.Ev LC_ALL +environment variable is set, all six categories use the locale it +specifies. +.It +If the +.Ev LC_ALL +environment variable is not set, each individual category uses the +locale specified by its corresponding environment variable. +.It +If the +.Ev LC_ALL +environment variable is not set, and a value for a particular +.Ev LC_* +environment variable is not set, the value of the +.Ev LANG +environment variable specifies the default locale for all categories. +Only the +.Ev LANG +environment variable should be set in /etc/profile, since it makes it +most easy for the user to override the system default using the individual +.Ev LC_* +variables. +.It +If the +.Ev LC_ALL +environment variable is not set, a value for a particular +.Ev LC_* +environment variable is not set, and the value of the +.Ev LANG +environment variable is not set, the locale for that specific +category defaults to the C locale. +The C or POSIX locale assumes the ASCII character set and defines +information for the six categories. +.El +.Ss Character Sets +A character is any symbol used for the organization, control, or +representation of data. +A group of such symbols used to describe a +particular language make up a character set. +It is the encoding values in a character set that provide +the interface between the system and its input and output devices. +.Pp +The following character sets are supported in +.Nx : +.Bl -tag -width ISO_8859_family +.It ASCII +The American Standard Code for Information Exchange (ASCII) standard +specifies 128 Roman characters and control codes, encoded in a 7-bit +character encoding scheme. +.It ISO 8859 family +Industry-standard character sets specified by the ISO/IEC 8859 +standard. +The standard is divided into 15 numbered parts, with each +part specifying broad script similarities. +Examples include Western European, Central European, Arabic, Cyrillic, +Hebrew, Greek, and Turkish. +The character sets use an 8-bit character encoding scheme which is +compatible with the ASCII character set. +.It Unicode +The Unicode character set is the full set of known abstract characters of +all real-world scripts. It can be used in environments where multiple +scripts must be processed simultaneously. +Unicode is compatible with ISO 8859-1 (Western European) and ASCII. +Many character encoding schemes are available for Unicode, including UTF-8, +UTF-16 and UTF-32. +These encoding schemes are multi-byte encodings. +The UTF-8 encoding scheme uses 8-bit, variable-width encodings which is +compatible with ASCII. +The UTF-16 encoding scheme uses 16-bit, variable-width encodings. +The UTF-32 encoding scheme using 32-bit, fixed-width encodings. +.El +.Ss Font Sets +A font set contains the glyphs to be displayed on the screen for a +corresponding character in a character set. +A display must support a suitable font to display a character set. +If suitable fonts are available to the X server, then X clients can +include support for different character sets. +.Xr xterm 1 +includes support for Unicode with UTF-8 encoding. +.Xr xfd 1 +is useful for displaying all the characters in an X font. +.Pp +The +.Nx +.Xr wscons 4 +console provides support for loading fonts using the +.Xr wsfontload 8 +utility. +Currently, only fonts for the ISO8859-1 family of character sets are +supported. +.Ss Internationalization for Programmers +To facilitate translations of messages into various languages and to +make the translated messages available to the program based on a +user's locale, it is necessary to keep messages separate from the +programs and provide them in the form of message catalogs that a +program can access at run time. +.Pp +Access to locale information is provided through the +.Xr setlocale 3 +and +.Xr nl_langinfo 3 +interfaces. +See their respective man pages for further information. +.Pp +Message source files containing application messages are created by +the programmer and converted to message catalogs. +These catalogs are used by the application to retrieve and display +messages, as needed. +.Pp +.Nx +supports two message catalog interfaces: the X/Open +.Xr catgets 3 +interface and the Uniforum +.Xr gettext 3 +interface. +The +.Xr catgets 3 +interface has the advantage that it belongs to a standard which is +well supported. +Unfortunately the interface is complicated to use and +maintenance of the catalogs is difficult. +The implementation also doesn't support different character sets. +The +.Xr gettext 3 +interface has not been standardized yet, however it is being supported +by an increasing number of systems. +It also provides many additional tools which make programming and +catalog maintenance much easier. +.Ss Support for Multi-byte Encodings +Some character sets with multi-byte encodings may be difficult to decode, +or may contain state (i.e., adjacent characters are dependent). +ISO C specifies a set of functions using 'wide characters' which can handle +multi-byte encodings properly. +The behaviour of these functions is affected +by the +.Ev LC_CTYPE +category of the current locale. +.Pp +A wide character is specified in ISO C +as being a fixed number of bits wide and is stateless. +There are two types for wide characters: +.Em wchar_t +and +.Em wint_t . +.Em wchar_t +is a type which can contain one wide character and operates like 'char' +type does for one character. +.Em wint_t +can contain one wide character or WEOF (wide EOF). +.Pp +There are functions that operate on +.Em wchar_t , +and substitute for functions operating on 'char'. +See +.Xr wmemchr 3 +and +.Xr towlower 3 +for details. +There are some additional functions that operate on +.Em wchar_t . +See +.Xr wctype 3 +and +.Xr wctrans 3 +for details. +.Pp +Wide characters should be used for all I/O processing which may rely +on locale-specific strings. +The two primary issues requiring special use of wide characters are: +.Bl -bullet -offset indent +.It +All I/O is performed using multibyte characters. +Input data is converted into wide characters immediately after +reading and data for output is converted from wide characters to +multi-byte encoding immediately before writing. +Conversion is controlled by the +.Xr mbstowcs 3 , +.Xr mbsrtowcs 3 , +.Xr wcstombs 3 , +.Xr wcsrtombs 3 , +.Xr mblen 3 , +.Xr mbrlen 3 , +and +.Xr mbsinit 3 . +.It +Wide characters are used directly for I/O, using +.Xr getwchar 3 , +.Xr fgetwc 3 , +.Xr getwc 3 , +.Xr ungetwc 3 , +.Xr fgetws 3 , +.Xr putwchar 3 , +.Xr fputwc 3 , +.Xr putwc 3 , +and +.Xr fputws 3 . +They are also used for formatted I/O functions for wide characters +such as +.Xr fwscanf 3 , +.Xr wscanf 3 , +.Xr swscanf 3 , +.Xr fwprintf 3 , +.Xr wprintf 3 , +.Xr swprintf 3 , +.Xr vfwprintf 3 , +.Xr vwprintf 3 , +and +.Xr vswprintf 3 , +and wide character identifier of %lc, %C, %ls, %S for conventional +formatted I/O functions. +.El +.Sh SEE ALSO +.Xr gencat 1 , +.Xr xfd 1 , +.Xr xterm 1 , +.Xr catgets 3 , +.Xr gettext 3 , +.Xr nl_langinfo 3 , +.Xr setlocale 3 , +.Xr wsfontload 8 +.Sh BUGS +This man page is incomplete. diff --git a/static/netbsd/man7/operator.7 b/static/netbsd/man7/operator.7 new file mode 100644 index 00000000..d5968d24 --- /dev/null +++ b/static/netbsd/man7/operator.7 @@ -0,0 +1,106 @@ +.\" $NetBSD: operator.7,v 1.12 2017/07/03 21:30:59 wiz Exp $ +.\" +.\" Copyright (c) 1989, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)operator.7 8.1 (Berkeley) 6/9/93 +.\" +.Dd January 18, 2011 +.Dt OPERATOR 7 +.Os +.Sh NAME +.Nm operator +.Nd C and C++ operator precedence and associativity +.Sh DESCRIPTION +.Bl -column -offset indent \ + ".Li \&! ~ ++ \-\- \- (type) * & sizeof new delete" \ + ".Sy Associativity" +.\" +.It Sy Operator \ + Ta Sy Associativity +.\" +.\" XXX: For some reason if anything but tab follows the last dot +.\" XXX: the space before it is lost and we get ->. in the output. +.\" XXX: My troff fu is weak, just work around with explicit \<space>. +.It Li \&() [] \->\ \. \ + Ta left to right +.\" +.It Li \&! ~ ++ \-\- \- (type) * & sizeof new delete \ + Ta right to left +.\" +.It Li \&\->* .* \ + Ta left to right +.\" +.It Li \&* / % \ + Ta left to right +.\" +.It Li \&+ \- \ + Ta left to right +.\" +.It Li \&<< >> \ + Ta left to right +.\" +.It Li \&< <= > >= \ + Ta left to right +.\" +.It Li \&== != \ + Ta left to right +.\" +.It Li \&& \ + Ta left to right +.\" +.It Li \&^ \ + Ta left to right +.\" +.It Li \&| \ + Ta left to right +.\" +.It Li \&&& \ + Ta left to right +.\" +.It Li \&|| \ + Ta left to right +.\" +.It Li \&?: \ + Ta right to left +.\" +.It Li \&= += \-= *= /= %= <<= >>= &= ^= |= throw \ + Ta right to left +.\" +.It Li \&?: No (C++, third operand)\ + Ta right to left +.\" +.It Li \&, \ + Ta left to right +.\" +.El +.Sh FILES +.Bl -tag -width ".Pa /usr/share/misc/operator" -compact +.It Pa /usr/share/misc/operator +.El +.Sh SEE ALSO +.Xr iso646 3 diff --git a/static/netbsd/man7/orders.7 b/static/netbsd/man7/orders.7 new file mode 100644 index 00000000..67456a28 --- /dev/null +++ b/static/netbsd/man7/orders.7 @@ -0,0 +1,113 @@ +.\" $NetBSD: orders.7,v 1.7 2022/11/19 22:09:21 jakllsch Exp $ +.\" +.\" Copyright (c) 2010 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Jukka Ruohonen. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd November 19, 2022 +.Dt ORDERS 7 +.Os +.Sh NAME +.Nm orders +.Nd orders of magnitude +.Sh DESCRIPTION +The following table lists common multiples of bytes. +.Bl -column -offset 2n \ +"Kilobyte" "Prefix" "Power of 2" "Power of 10" +.It Sy Name Ta Sy Prefix Ta Sy Power of 2 Ta Sy Power of 10 +.It Kilobyte Ta kB Ta 2^10 Ta 10^3 +.It Megabyte Ta MB Ta 2^20 Ta 10^6 +.It Gigabyte Ta GB Ta 2^30 Ta 10^9 +.It Terabyte Ta TB Ta 2^40 Ta 10^12 +.It Petabyte Ta PB Ta 2^50 Ta 10^15 +.It Exabyte Ta EB Ta 2^60 Ta 10^18 +.It Zettabyte Ta ZB Ta 2^70 Ta 10^21 +.It Yottabyte Ta YB Ta 2^80 Ta 10^24 +.It Ronnabyte Ta RB Ta 2^90 Ta 10^27 +.It Quettabyte Ta QB Ta 2^100 Ta 10^30 +.El +.Pp +The following table lists common bit rates as a power of ten. +.Bl -column -offset 2n \ +"Megabit per second" "Prefix" "Bit per second" "Byte per second" +.It Sy Name Ta Sy Prefix Ta Sy Bit per second Ta Sy Byte per second +.It Bit per second Ta bit/s Ta 1 Ta 0.125 +.It Byte per second Ta B/s Ta 8 Ta 1 +.It Kilobit per second Ta kbit/s Ta 10^3 Ta 125 +.It Kilobyte per second Ta kB/s Ta 8 * 10^3 Ta 1000 +.It Megabit per second Ta Mbit/s Ta 10^6 Ta 125000 +.It Megabyte per second Ta MB/s Ta 8 * 10^6 Ta 1000000 +.It Gigabit per second Ta Gbit/s Ta 10^9 Ta 125000000 +.It Gigabyte per second Ta GB/s Ta 8 * 10^9 Ta 1000000000 +.It Terabit per second Ta Tbit/s Ta 10^12 Ta 125000000000 +.It Terabyte per second Ta TB/s Ta 8 * 10^12 Ta 1000000000000 +.El +.Pp +The following table lists common orders of magnitude as a power of ten. +.Bl -column -offset 2n \ +"Septillionth" "Order" "Prefix" "Symbol" "Decimal" +.It Sy Name Ta Sy Order Ta Sy Prefix Ta Sy Symbol Ta Sy Decimal +.It Nonillionth Ta 10^-30 Ta quecto Ta q Ta 0.000000000000000000000000000001 +.It Octillionth Ta 10^-27 Ta ronto Ta r Ta 0.000000000000000000000000001 +.It Septillionth Ta 10^-24 Ta yocto Ta y Ta 0.000000000000000000000001 +.It Sextillionth Ta 10^-21 Ta zepto Ta z Ta 0.000000000000000000001 +.It Quintillionth Ta 10^-18 Ta atto Ta a Ta 0.000000000000000001 +.It Quadrillionth Ta 10^-15 Ta femto Ta f Ta 0.000000000000001 +.It Trillionth Ta 10^-12 Ta pico Ta p Ta 0.000000000001 +.It Billionth Ta 10^-9 Ta nano Ta n Ta 0.000000001 +.It Millionth Ta 10^-6 Ta micro Ta mu Ta 0.000001 +.It Thousandth Ta 10^-3 Ta milli Ta m Ta 0.001 +.It Hundredth Ta 10^-2 Ta centi Ta c Ta 0.01 +.It Tenth Ta 10^-1 Ta deci Ta d Ta 0.1 +.It One Ta 10^0 Ta - Ta - Ta 1 +.It Ten Ta 10^1 Ta deca Ta da Ta 10 +.It Hundred Ta 10^2 Ta hecto Ta h Ta 100 +.It Thousand Ta 10^3 Ta kilo Ta k Ta 1000 +.It Million Ta 10^6 Ta mega Ta M Ta 1000000 +.It Billion Ta 10^9 Ta giga Ta G Ta 1000000000 +.It Trillion Ta 10^12 Ta tera Ta T Ta 1000000000000 +.It Quadrillion Ta 10^15 Ta peta Ta P Ta 1000000000000000 +.It Quintillion Ta 10^18 Ta exa Ta E Ta 1000000000000000000 +.It Sextillion Ta 10^21 Ta zetta Ta Z Ta 1000000000000000000000 +.It Septillion Ta 10^24 Ta yotta Ta Y Ta 1000000000000000000000000 +.It Octillion Ta 10^27 Ta ronna Ta R Ta 1000000000000000000000000000 +.It Nonillion Ta 10^30 Ta quetta Ta Q Ta 1000000000000000000000000000000 +.El +.Sh SEE ALSO +.Xr units 1 , +.Xr strsuftoll 3 , +.Xr number 6 +.Sh STANDARDS +There have been various attempts to standardize the set of binary prefixes. +Organizations such as International Electrotechnical Commission +.Pq Tn IEC +have proposed new prefixes such as +.Dq kibi , +.Dq mebi , +.Dq gibi , +and +.Dq yobi , +but the adoption has been slow at best. diff --git a/static/netbsd/man7/pkgsrc.7 b/static/netbsd/man7/pkgsrc.7 new file mode 100644 index 00000000..261a4f7e --- /dev/null +++ b/static/netbsd/man7/pkgsrc.7 @@ -0,0 +1,61 @@ +.\" $NetBSD: pkgsrc.7,v 1.7 2024/09/07 19:13:29 rillig Exp $ +.\" +.\" Copyright (c) 2007 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Thomas Klausner. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd March 2, 2007 +.Dt PKGSRC 7 +.Os +.Sh NAME +.Nm pkgsrc +.Nd NetBSD packages collection (framework for third-party software) +.Sh DESCRIPTION +The +.Nx +Packages Collection (pkgsrc) is a framework for building and +maintaining third-party software on +.Nx +and other +.Ux Ns -like +systems. +It is used to enable freely available software to be configured +and built easily on supported platforms. +.Pp +Tools are available to install ready-to-use packages and to perform +various administrative tasks for the package system. +.Sh SEE ALSO +.Xr pkg_add 1 , +.Xr pkg_delete 1 , +.Xr pkg_info 1 +.Rs +.%A Alistair Crooks +.%A Hubert Feyrer +.%A The pkgsrc developers +.%T The pkgsrc guide, +.%T Documentation on the NetBSD packages system +.%U https://www.NetBSD.org/docs/pkgsrc/ +.Re diff --git a/static/netbsd/man7/release.7 b/static/netbsd/man7/release.7 new file mode 100644 index 00000000..77214acc --- /dev/null +++ b/static/netbsd/man7/release.7 @@ -0,0 +1,449 @@ +.\" $NetBSD: release.7,v 1.40 2022/08/21 15:01:08 brook Exp $ +.\" +.\" Copyright (c) 1997, 2000, 2005 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Charles M. Hannum and Jason R. Thorpe. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd July 13, 2020 +.Dt RELEASE 7 +.Os +.Sh NAME +.Nm release +.Nd layout of NetBSD releases and snapshots +.Sh DESCRIPTION +This document describes the layout of +.Nx +releases and snapshots. +This layout should be consistent between FTP servers and CD-ROMs, +except possibly the path that leads to the release hierarchy. +.Pp +In this document, the following special words have these definitions: +.Bl -tag -width "<machine_arch>" +.It Aq Em machine +The platform for which the release was built, corresponding to the +.Em hw.machine +sysctl variable, e.g., +.Em i386 +or +.Em amiga . +.It Aq Em machine_arch +The architecture for which a particular installation set was built, +corresponding to the +.Em hw.machine_arch +sysctl variable, e.g., +.Em i386 +or +.Em m68k . +.It Aq Em rel +The release version number. +.El +.Pp +All +.Sy README +files are descriptions of the various files in directories that have +.Dq non-standard +contents. +There may also be a +.Sy README +file at the top-level, +describing who built the snapshot and under what circumstances +.Po e.g., whether it's an official +.Nx +snapshot, or not +.Pc . +.Pp +All +.Sy MD5 +files are MD5 digests for the various files in that directory, in the +format produced by the command: +.Sy cksum -a MD5 Aq Sy file . +.Pp +All +.Sy SHA512 +files are SHA512 digests for the various files in that directory, in the +format produced by the command: +.Sy cksum -a SHA512 Aq Sy file . +.Pp +The SHA512 digest is safer, but MD5 checksums are provided so that a wider +range of operating systems can check the integrity of the release files. +.Pp +Files that end in +.Sy .tgz +are gzipped tar archives. +This is used in lieu of +.Sy .tar.gz +because the software used to download the sets may incorrectly auto-unpack +files ending in +.Sy .gz +and to accommodate systems which only support 3 character extensions +to file names. +.Pp +All tar archives are relative to the target's +.Sy / +directory, and +.Em do not +include the leading +.Dq / . +.Pp +The root of the release hierarchy may be the root directory of a +CD-ROM, but in all other cases it should be +.Sm off +.Xo +.Sy .../NetBSD- +.Aq Em rel +.Sy / . +.Xc +.Sm on +.Pp +The root of the release hierarchy should contain the following +files and subdirectories: +.Pp +.Bl -tag -width "<machine>" +.It Sy images/ +Image files intended for use in installing +.Nx . +There are different types of images for different platforms, and sometimes +multiple different image types for a single platform. +.Pp +Images in this directory, unlike images in the +.Sm off +.Xo +.Sy .../NetBSD- +.Aq Em rel +.Sy / +.Aq Em machine +.Sy /installation/\\*/ +.Xc +.Sm on +directories, contain file systems that +have an internal layout that corresponds to +a complete release for a given machine type. +If built with +.Dq iso-image-source , +then it will also contain a +.Dq source +directory. +These images are usually bootable. +.Bl -tag -width "NetBSD-<rel>-<machine>.iso" +.It Sy MD5 +.It Sy SHA512 +.It Sy NetBSD- Ns Ao Em rel Ac Ns Sy - Ns Ao Em machine Ac Ns Sy .iso +CD-ROM images in ISO 9660 format, usually created with +.Dq ./build.sh ... iso-image ... +after a +.Dq ./build.sh -x ... release ... +in +.Pa src +or created with +.Dq ./build.sh ... iso-image-source ... +after a +.Dq ./build.sh -x ... release sourcesets ... +in +.Pa src . +.It Sy NetBSD- Ns Ao Em rel Ac Ns Sy - Ns Ao Em machine Ac Ns Sy -install.img.gz +Bootable installation images intended to be written to any drive which +appears as an +.Xr sd 4 +type, such as USB flash disks. +These images are created with +.Dq ./build.sh ... install-image +in +.Pa src . +.El +. +.It Sy shared/ +Files shared by two or more machine types. +.Bl -tag -width "<machine_arch>" +.It Ao Em machine_arch Ac Ns Pa / +Files which may be shared by all systems of the same +.Aq Em machine_arch +will be located in +.Sm off +.Xo +.Sy .../NetBSD- +.Aq Em rel +.Sy /shared/ +.Aq Em machine_arch +.Sy / +.Xc +.Sm on +with symbolic links pointing to these files from the +.Aq Em machine +subdirectory. +.It Sy ALL/ +Files which are completely machine-independent will be +located in +.Sy .../NetBSD- Ns Ao Em rel Ac Ns Sy /shared/ALL/ +with symbolic links pointing to these files from the +.Aq Em machine +subdirectory. +.El +. +.It Sy source/ +Source code of the operating system should be put into +.Sy .../NetBSD- Ns Ao Em rel Ac Ns Sy /source/ +using the following layout: +.Pp +.Bl -tag -width "sets/" +.It Sy sets/ +Sources for the various system sets. +.Bl -tag -width "sharesrc.tgz" +.It Sy MD5 +.It Sy SHA512 +.It Sy gnusrc.tgz +Contains sources for all GPLed and possibly other programs that +contains restrictions in their licensing that prevent others from +using these programs in closed-source environments. +.It Sy sharesrc.tgz +Contains machine-independent data files that can be shared across +architectures/systems. +.It Sy src.tgz +The operating system's userland source code, including all programs, +tools, libraries, etc. +.It Sy syssrc.tgz +Kernel sources for all architectures plus sources of the tools needed +to build kernels (like +.Xr config 1 ) . +.It Sy xsrc.tgz +Source code of the X Window System used on all +.Nx +architectures. +Includes X clients and servers. +.El +.El +. +.It Ao Em machine Ac Ns Pa / +The binary releases in +.Sm off +.Xo +.Sy .../NetBSD- +.Aq Em rel +.Sy / +.Aq Em machine +.Sy / +.Xc +.Sm on +fit the following layout: +.Bl -tag -width "installation/" +.It Sy INSTALL.txt +Installation notes, including complete descriptions of files contained +within the release hierarchy +.It Sy INSTALL.more +pretty version, suited for viewing with +.Xr more 1 +.It Sy INSTALL.html +HTML version +.It Sy INSTALL.ps +PostScript version +.It Sy binary/ +system binaries +.Bl -tag -width "SHA512/" +.It Sy gzimg/ +compressed system images +.Bl -tag -width "xserver.tgz" +.It Ao Em machine Ac Ns Pa .tar.gz +The primary system image on those platforms that provide them. These +images may not be bootable. +.It Ao Em machine Ac Ns Pa - Ns Ao Em board Ac Ns Pa .tar.gz +A bootable system image for a particular board, on platforms that +provide them. +.El +.It Sy sets/ +installation sets +.Bl -tag -width "xserver.tgz" +.It Sy MD5 +.It Sy SHA512 +.It Sy base.tgz +The base binary distribution. +This set contains the base +.Nx +utilities that are necessary for the system to run and be minimally +functional. +This set excludes all things listed in the sets +described below. +.It Sy comp.tgz +The compiler tools distribution. +This set contains the C and C++ +compilers, assembler, linker, other toolchain components, and their +manual pages. +It also includes the system include files +.Pq Pa /usr/include +and the static system libraries. +.It Sy etc.tgz +This set contains the system configuration files that reside in +.Pa /etc +and in several other places throughout the file system hierarchy. +.It Sy games.tgz +This set includes the games and their manual pages. +.It Sy kern-GENERIC.tgz +This set includes a kernel built from the +.Sy GENERIC +kernel configuration file. +This is meant as an example only; different +platforms may have differently named kernels. +.It Sy man.tgz +This set includes all of the manual pages for the binaries and other +software contained in the +.Sy base +set which are not included in the other sets. +.It Sy misc.tgz +This set includes miscellaneous non-essential files, including dictionaries, +the typesettable document set, and various other documentation and example +configuration files. +.It Sy modules.tgz +This set includes all the kernel modules. +.It Sy rescue.tgz +This set contains the +.Xr rescue 8 +utilities. +.It Sy tests.tgz +This set includes the +.Xr tests 7 +for +.Xr atf 7 , +the automated test framework used by NetBSD. +.It Sy text.tgz +This set includes the +.Nx +text processing tools, including +.Xr groff 1 , +all related programs, and their manual pages. +.It Sy xbase.tgz +This set includes the base X11 distribution, including manual pages +and excluding everything contained in the other X11 sets. +.It Sy xetc.tgz +This set includes X11 configuration files. +.It Sy xcomp.tgz +This set includes the X11 include files and static X11 libraries. +.It Sy xfont.tgz +This set includes the X11 fonts. +.It Sy xserver.tgz +This set includes the X servers and manual pages for +a given machine. +.Em "Note: this set may not be available on some platforms" . +.El +.It Sy kernel/ +suitably named, gzipped kernels +.Bl -tag -width "netbsd-GENERIC.gz" +.It Sy MD5 +.It Sy SHA512 +.It Sy netbsd-GENERIC.gz +A kernel built from the +.Sy GENERIC +kernel configuration file. +This is meant as an example only; different +platforms may have differently named kernels. +.El +.El +.It Sy installation/ +installation helper items +.Bl -tag -width "diskimage/" +.It Sy cdrom/ +CD-ROM images in ISO 9660 format, created as part of +.Dq build.sh ... release ... +in +.Pa src . +.Pp +Images in this directory are bootable, and contain one a kernel, +installation tools, and rescue tools. +They do not contain installation sets, source sets, or +other components of a complete release. +.Pp +.Em "Note: These images are only present in the amd64 and i386 distributions." +.Bl -tag -width "boot-com.iso" +.It Sy MD5 +.It Sy SHA512 +.It Sy boot.iso +VGA console +.It Sy boot-com.iso +Serial console +.El +.It Sy diskimage/ +disk images, on those platforms that provide them +.Bl -tag -width "diskimage.gz" +.It Sy MD5 +.It Sy SHA512 +.It Sy diskimage.gz +.El +.It Sy floppy/ +floppy images, on those platforms that provide them +.Bl -tag -width "boot1.fs" +.It Sy MD5 +.It Sy SHA512 +.It Sy boot1.fs +.It Sy boot2.fs +.El +.It Sy instkernel/ +installation kernels for platforms that can boot them directly +.Bl -tag -width netbsd.gz +.It Sy MD5 +.It Sy SHA512 +.It Sy netbsd.gz +.El +.It Sy miniroot/ +miniroot images, on those platforms that provide them +.Bl -tag -width "miniroot.fs.gz" +.It Sy MD5 +.It Sy SHA512 +.It Sy miniroot.fs.gz +.El +.It Sy misc/ +miscellaneous installation helper utilities, including boot selectors, +floppy writing software, other software that runs under foreign operating +systems, etc. +.Bl -tag -width "SHA512" +.It Sy MD5 +.It Sy SHA512 +.It Sy ... +.El +.It Sy netboot/ +network boot programs +.Bl -tag -width "netboot.gz" +.It Sy MD5 +.It Sy SHA512 +.It Sy netboot.gz +.El +.It Sy tapeimage/ +tape images, on those platforms that provide them +.Bl -tag -width "tapeboot" +.It Sy MD5 +.It Sy SHA512 +.It Sy tapeboot +.El +.El +.El +.El +.Sh SEE ALSO +.Xr cksum 1 , +.Xr dd 1 , +.Xr gzip 1 , +.Xr split 1 , +.Xr tar 1 +.Sh HISTORY +The +.Nm +manual page first appeared in +.Nx 1.3 . diff --git a/static/netbsd/man7/rfc6056.7 b/static/netbsd/man7/rfc6056.7 new file mode 100644 index 00000000..4041837c --- /dev/null +++ b/static/netbsd/man7/rfc6056.7 @@ -0,0 +1,123 @@ +.\" $NetBSD: rfc6056.7,v 1.4 2012/07/01 17:00:32 wiz Exp $ +.\" +.\" Copyright (c) 2011 +.\" The NetBSD Foundation. All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Vlad Balan +.\". +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" +.Dd August 25, 2011 +.Dt RFC6056 7 +.Os +.Sh NAME +.Nm rfc6056 +.Nd port randomization algorithms +.Sh DESCRIPTION +The +.Nm +algorithms are used in order to randomize the port allocation of outgoing UDP +packets, in order to provide protection from a series of +.Dq blind +attacks based on the +attacker's ability to guess the sequence of ephemeral ports associated +with outgoing packets. +For more information consult RFC 6056. +.Pp +The individual algorithms are described below. +.Ss The RFC 6056 algorithms +The following algorithms are available: +.Bl -tag -width "random_start" +.It Sy bsd +This is the default +.Nx +port selection algorithm, which starts from +.Dv anonportmax +and proceeds decreasingly through the available ephemeral ports. +.It Sy random_start +Select ports randomly from the available ephemeral ports. +In case a collision with a local port is detected, the +algorithm proceeds decreasingly through the sequence of ephemeral +ports until a free port is found. +Note that the random port selection algorithms are not guaranteed to find +a free port. +.It Sy random_pick +Select ports randomly from the available ephemeral ports. +In case a collision with a local port is detected the algorithm tries +selecting a new port randomly until a free port is found. +.It Sy hash +Select ports using a +.Xr md5 3 +hash of the local address, the foreign address, and the foreign port. +Note that in the case of a +.Xr bind 2 +call some of this information might be unavailable and the +port selection is delayed until the time of a +.Xr connect 2 +call, performed either explicitly or up calling +.Xr sendto 2 . +.It Sy doublehash +Select ports using a +.Xr md5 3 +hash of the local address, foreign address, and foreign port coupled with a +.Xr md5 3 +hash of the same components obtained using a separate table that is +associated with a subset of all outgoing connections. +The same considerations regarding late connection as in the case of hash apply. +.It Sy randinc +Use random increments in order to select the next port. +.El +.Sh SYSCTL CONTROLS +The following sysctl controls are available for selecting the default +port randomization algorithm: +.Bl -column "net.inet6.udp6.anonportalgo.available" "string" "Changeable" +.It Sy sysctl name Ta Sy Type Ta Sy Changeable +.It net.inet.ip.anonportalgo.available Ta string Ta no +.It net.inet.ip.anonportalgo.selected Ta string Ta yes +.It net.inet6.ip6.anonportalgo.available Ta string Ta no +.It net.inet6.ip6.anonportalgo.selected Ta string Ta yes +.El +.Sh SOCKET OPTIONS +The +.Dv IP_PORTSEL +socket option at the +.Dv IPPROTO_IP +level and the +.Dv IPV6_PORTSEL +socket option at the +.Dv IPPROTO_IPV6 +level can be used with a string argument specifying the algorithm's +name in order to select the port randomization algorithm +for a specific socket. +For more info see +.Xr setsockopt 2 . +.Sh SEE ALSO +.Xr setsockopt 2 , +.Xr sysctl 3 , +.Xr sysctl 7 +.Sh HISTORY +The +.Nm +algorithms first appeared in +.Nx 6.0 . diff --git a/static/netbsd/man7/script.7 b/static/netbsd/man7/script.7 new file mode 100644 index 00000000..02ed9bcf --- /dev/null +++ b/static/netbsd/man7/script.7 @@ -0,0 +1,413 @@ +.\" $NetBSD: script.7,v 1.6 2010/03/22 18:58:32 joerg Exp $ +.\" +.\" Copyright (c) 2005 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This document was originally contributed to The NetBSD Foundation +.\" by Perry E. Metzger of Metzger, Dowdeswell & Co. LLC. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd May 6, 2005 +.Dt SCRIPT 7 +.Os +.Sh NAME +.Nm script +.Nd interpreter script execution +.Sh DESCRIPTION +The system is capable of treating a text file containing commands +intended for an interpreter, such as +.Xr sh 1 +or +.Xr awk 1 , +as an executable program. +.Pp +An +.Dq interpreter script +is a file which has been set executable (see +.Xr chmod 2 ) +and which has a first line of the form: +.Pp +.D1 Li #! Ar pathname Op Ar argument +.Pp +The +.Dq #! +must appear as the first two characters of the file. +A space between the +.Dq #! +and +.Ar pathname +is optional. +At most one +.Ar argument +may follow +.Ar pathname , +and the length of the entire line is limited (see below). +.Pp +If such a file is executed (such as via the +.Xr execve 2 +system call), the interpreter specified by the +.Ar pathname +is executed by the system. +(The +.Ar pathname +is executed without regard to the +.Ev PATH +variable, so in general +.Ar pathname +should be an absolute path.) +.Pp +The arguments passed to the interpreter will be as follows. +.Va argv[0] +will be the path to the interpreter itself, as specified on the first +line of the script. +If there is an +.Ar argument +following +.Ar pathname +on the first line of the script, it will be passed as +.Va argv[1] . +The subsequent elements of +.Va argv +will be the path to the interpreter script file itself (i.e. the +original +.Va argv[0] ) +followed by any further arguments passed when +.Xr execve 2 +was invoked to execute the script file. +.Pp +By convention, it is expected that an interpreter will open the script +file passed as an argument and process the commands within it. +Typical interpreters treat +.Sq # +as a comment character, and thus will ignore the initial line of the script +because it begins +.Dq #! , +but there is no requirement for this per se. +.Pp +On +.Nx , +the length of the +.Dq #! +line, excluding the +.Dq #! +itself, is limited to +.Dv PATH_MAX +(as defined in +.In limits.h ) . +Other operating systems impose much smaller limits on the length of +the +.Dq #! +line (see below). +.Pp +Note that the interpreter may not itself be an interpreter script. +If +.Ar pathname +does not point to an executable binary, execution of the interpreter +script will fail. +.Ss Trampolines and Portable Scripts +Different operating systems often have interpreters located in +different locations, and the kernel executes the passed interpreter +without regard to the setting of environment variables such as +.Ev PATH . +This makes it somewhat challenging to set the +.Dq #! +line of a script so that it will run identically on different systems. +.Pp +Since the +.Xr env 1 +utility executes a command passed to it on its command line, it is +often used as a +.Dq trampoline +to render scripts portable. +If the leading line of a script reads +.Dl #! /usr/bin/env interp +then the +.Xr env 1 +command will execute the +.Dq interp +command it finds in its +.Ev PATH , +passing on to it all subsequent arguments with which it itself was called. +Since +.Pa /usr/bin/env +is found on almost all +.Tn POSIX +style systems, this trick is frequently exploited by authors who need +a script to execute without change on multiple systems. +.Ss Historical Note: Scripts without Dq #! +Shell scripts predate the invention of the +.Dq #! +convention, which is implemented in the kernel. +In the days of +.At v7 , +there was only one interpreter used on the system, +.Pa /bin/sh , +and the shell treated any file that failed to execute with an +.Er ENOEXEC +error +(see +.Xr intro 2 ) +as a shell script. +.Pp +Most shells (such as +.Xr sh 1 ) +and certain other facilities (including +.Xr execlp 3 +and +.Xr execvp 3 +but not other types of +.Xr exec 3 +calls) still pass +interpreter scripts that do not include the +.Dq #! +(and thus fail to execute with +.Er ENOEXEC ) +to +.Pa /bin/sh . +.Pp +As this behavior is implemented outside the kernel, there is no +mechanism that forces it to be respected by all programs that execute +other programs. +It is thus not completely reliable. +It is therefore important to always include +.Dl #!/bin/sh +in front of Bourne shell scripts, and to treat the traditional +behavior as obsolete. +.Sh EXAMPLES +Suppose that an executable binary exists in +.Pa /bin/interp +and that the file +.Pa /tmp/script +contains: +.Bd -literal -offset indent +#!/bin/interp -arg + +[...] +.Ed +.Pp +and that +.Pa /tmp/script +is set mode 755. +.Pp +Executing +.Pp +.Dl $ /tmp/script one two three +.Pp +at the shell will result in +.Pa /bin/interp +being executed, receiving the following arguments in +.Va argv +(numbered from 0): +.Pp +.Bd -ragged -offset indent +.Qq /bin/interp , +.Qq "-arg" , +.Qq /tmp/script , +.Qq one , +.Qq two , +.Qq three +.Ed +.Ss Portability Note: Multiple arguments +The behavior of multiple arguments on the +.Dq #! +line is highly non-portable between different systems. +In general, only one argument can be assumed to work consistently. +.Pp +Consider the following variation on the previous example. +Suppose that an executable binary exists in +.Pa /bin/interp +and that the file +.Pa /tmp/script +contains: +.Bd -literal -offset indent +#!/bin/interp -x -y + +[...] +.Ed +.Pp +and that +.Pa /tmp/script +is set mode 755. +.Pp +Executing +.Pp +.Dl $ /tmp/script one two three +.Pp +at the shell will result in +.Pa /bin/interp +being executed, receiving the following arguments in +.Va argv +(numbered from 0): +.Pp +.Bd -ragged -offset indent +.Qq /bin/interp , +.Qq "-x -y" , +.Qq /tmp/script , +.Qq one , +.Qq two , +.Qq three +.Ed +.Pp +Note that +.Qq "-x -y" +will be passed on +.Nx +as a single argument. +.Pp +Although most +.Tn POSIX +style operating systems will pass only one +.Ar argument , +the behavior when multiple arguments are included is not +consistent between platforms. +Some, such as current releases of +.Nx , +will concatenate multiple arguments into a single argument (as above), +some will truncate them, and at least one will pass them as multiple +arguments. +.Pp +The +.Nx +behavior is common but not universal. +Sun's +.Tn Solaris +would present the above argument as +.Qq -x , +dropping the +.Qq " -y" +entirely. +Perhaps uniquely, recent versions of Apple's +.Tn OS X +will actually pass multiple arguments properly, i.e.: +.Bd -ragged -offset indent +.Qq /bin/interp , +.Qq -x , +.Qq -y , +.Qq /tmp/script , +.Qq one , +.Qq two , +.Qq three +.Ed +.Pp +The behavior of the system in the face of multiple arguments is thus +not currently standardized, should not be relied on, and may be +changed in future releases. +In general, pass at most one argument, and do not rely on multiple +arguments being concatenated. +.Sh SEE ALSO +.Xr awk 1 , +.Xr csh 1 , +.Xr ksh 1 , +.Xr sh 1 , +.Xr chmod 2 , +.Xr execve 2 , +.Xr intro 2 , +.Xr execlp 3 , +.Xr execvp 3 , +.Xr fd 4 , +.Xr options 4 , +.Xr setuid 7 +.Sh STANDARDS +The behavior of interpreter scripts is obliquely referred to, but +never actually described in, +.St -p1003.1-2004 . +.Pp +The behavior is partially (but not completely) described in the +.St -svid4 . +.Pp +Although it has never been formally standardized, the behavior +described is largely portable across +.Tn POSIX +style systems, with two significant exceptions: the maximum length of the +.Dq #! +line, and the behavior if multiple arguments are passed. +Please be aware that some operating systems limit the line to 32 +or 64 characters, and that (as described above) the behavior in the +face of multiple arguments is not consistent across systems. +.Sh HISTORY +The behavior of the kernel when encountering scripts that start in +.Dq #! +was not present in +.At v7 . +A Usenet posting to net.unix by Guy Harris on October 16, 1984 claims +that the idea for the +.Dq #! +behavior was first proposed by Dennis Ritchie but that the first +implementation was on +.Bx . +.Pp +Historical manuals (specifically the exec man page) indicate that the +behavior was present in +.Bx 4 +at least as early as April, 1981. +Information on precisely when it was first implemented, and in which +version of +.Ux , +is solicited. +.Sh SECURITY CONSIDERATIONS +Numerous security problems are associated with setuid interpreter +scripts. +.Pp +In addition to the fact that many interpreters (and scripts) are +simply not designed to be robust in a setuid context, a race condition +exists between the moment that the kernel examines the interpreter +script file and the moment that the newly invoked interpreter opens +the file itself. +.Pp +Because of these security issues, +.Nx +does not allow setuid interpreter scripts by default. +In order to turn on setuid interpreter scripts, +.D1 Cd options SETUIDSCRIPTS +must be set in the configuration of the running kernel. +Setting this option implies the +.Cd FDSCRIPTS +option, which causes the kernel to open the script file on behalf of +the interpreter and pass it in +.Va argv +as +.Pa /dev/fd/[fdnum] . +(See +.Xr fd 4 +for an explanation of the +.Pa /dev/fd/[fdnum] +devices.) +This design avoids the race condition, at the cost of denying the +interpreter the actual name of the script file. +See +.Xr options 4 +for more information. +.Pp +However, the +.Cd FDSCRIPTS +mechanism is not a cure-all for security issues in setuid interpreters +and scripts. +Subtle techniques can be used to subvert even seemingly well written scripts. +Scripts executed by Bourne type shells can be subverted in numerous +ways, such as by setting the +.Ev IFS +variable before executing the script. +Other interpreters possess their own vulnerabilities. +Turning on +.Cd SETUIDSCRIPTS +is therefore very dangerous, and should not be done lightly if at all. diff --git a/static/netbsd/man7/security.7 b/static/netbsd/man7/security.7 new file mode 100644 index 00000000..1593de2e --- /dev/null +++ b/static/netbsd/man7/security.7 @@ -0,0 +1,510 @@ +.\" $NetBSD: security.7,v 1.18 2024/10/31 01:13:19 gutteridge Exp $ +.\" +.\" Copyright (c) 2006, 2011 Elad Efrat <elad@NetBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd October 31, 2024 +.Dt SECURITY 7 +.Os +.Sh NAME +.Nm security +.Nd +.Nx +security features +.Sh DESCRIPTION +.Nx +supports a variety of security features. +Below is a brief description of them with some quick usage examples +that will help you get started. +.Pp +Contents: +.Pp +.Bl -hyphen -compact -offset indent +.It +Veriexec +.Pq file integrity +.It +Exploit mitigation +.It +Per-user +.Pa /tmp +directory +.It +Information filtering +.It +Administrative security +.El +.Pp +See also +.Xr entropy 7 . +.Ss Veriexec +.Em Veriexec +is a file integrity subsystem. +.Pp +For more information about it, and a quick guide on how to use it, please see +.Xr veriexec 8 . +.Pp +In a nutshell, once enabled, +.Em Veriexec +can be started as follows: +.Bd -literal -offset indent +# veriexecgen && veriexecctl load +.Ed +.Ss Exploit mitigation +.Nx +incorporates some exploit mitigation features. +The purpose of exploit mitigation features is to interfere +with the way exploits work, in order to prevent them from succeeding. +Due to that, some features may have other impacts on the system, so be sure to +fully understand the implications of each feature. +.Pp +.Nx +provides the following exploit mitigation features: +.Pp +.Bl -hyphen -compact -offset indent +.It +.Tn PaX ASLR +.Pq Address Space Layout Randomization . +.It +.Tn PaX MPROTECT +.Xr ( mprotect 2 +restrictions) +.It +.Tn PaX SegvGuard +.It +.Xr gcc 1 +stack-smashing protection +.Pq Tn SSP +.It +bounds checked libc functions +.Pq Tn FORTIFY_SOURCE +.It +Protections against +.Dv NULL +pointer dereferences +.El +.Ss PaX ASLR +.Em PaX ASLR +implements Address Space Layout Randomization +.Pq Tn ASLR , +meant to complement non-executable mappings. +Its purpose is to harden prediction of the address space layout, namely +location of library and application functions that can be used by an attacker +to circumvent non-executable mappings by using a technique called +.Dq return to library +to bypass the need to write new code to (potentially executable) regions of +memory. +.Pp +When +.Em PaX ASLR +is used, it is more likely the attacker will fail to predict the addresses of +such functions, causing the application to segfault. +To detect cases where an attacker might try and brute-force the return address +of respawning services, +.Em PaX Segvguard +can be used (see below). +.Pp +For non-PIE +.Pq Position Independent Executable +executables, the +.Nx +.Em PaX ASLR +implementation introduces randomization to the following memory regions: +.Pp +.Bl -enum -compact -offset indent +.It +The stack +.El +.Pp +For +.Tn PIE +executables: +.Pp +.Bl -enum -compact -offset indent +.It +The program itself (exec base) +.It +All shared libraries +.It +The data segment +.It +The stack +.El +.Pp +While it can be enabled globally, +.Nx +provides a tool, +.Xr paxctl 8 , +to enable +.Em PaX ASLR +on a per-program basis. +.Pp +Example usage: +.Bd -literal -offset indent +# paxctl +A /usr/sbin/sshd +.Ed +.Pp +Enabling +.Em PaX ASLR +globally: +.Bd -literal -offset indent +# sysctl -w security.pax.aslr.global=1 +.Ed +.Ss PaX MPROTECT +.Em PaX MPROTECT +implements memory protection restrictions, +meant to complement non-executable mappings. +The purpose is to prevent situations where malicious code attempts to mark +writable memory regions as executable, often by trashing arguments to an +.Xr mprotect 2 +call. +.Pp +While it can be enabled globally, +.Nx +provides a tool, +.Xr paxctl 8 , +to enable +.Em PaX MPROTECT +on a per-program basis. +.Pp +Example usage: +.Bd -literal -offset indent +# paxctl +M /usr/sbin/sshd +.Ed +.Pp +Enabling +.Em PaX MPROTECT +globally: +.Bd -literal -offset indent +# sysctl -w security.pax.mprotect.global=1 +.Ed +.Pp +PaX MPROTECT affects the following three uses: +.Bl -bullet -offset indent +.It +Processes that utilize code generation (such as the JVM) might need to have +MPROTECT disabled. +.It +Miscompiled programs that have text relocations, will now core dump instead +of having their relocations corrected. +You will need to fix those programs (recompile them properly). +.It +Debugger breakpoints: +.Xr gdb 1 +needs to be able to write to the text segment in order to insert and +delete breakpoints. +This will not work unless MPROTECT is disabled on the executable. +.El +.Ss PaX Segvguard +.Em PaX Segvguard +monitors the number of segmentation faults in a program on a per-user basis, +in an attempt to detect on-going exploitation attempts and possibly prevent +them. +For instance, +.Em PaX Segvguard +can help detect when an attacker tries to brute-force a function +return address, when attempting to perform a return-to-lib attack. +.Pp +.Em PaX Segvguard +consumes kernel memory, so use it wisely. +While it provides rate-limiting protections, records are tracked for all +users on a per-program basis, meaning that irresponsible use may result in +tracking all segmentation faults in the system, possibly consuming all kernel +memory. +.Pp +For this reason, it is highly recommended to have +.Em PaX Segvguard +enabled explicitly only for network services or +other processes deemed as critical to system security. +Enabling +.Em PaX Segvguard +explicitly works like this: +.Bd -literal -offset indent +# paxctl +G /usr/sbin/sshd +.Ed +.Pp +However, a global knob is still provided, for use in strict environments +with no local users (for example, some network appliances, embedded devices, +and firewalls) +.Bd -literal -offset indent +# sysctl -w security.pax.segvguard.global=1 +.Ed +.Pp +Explicitly disabling +.Em PaX Segvguard +is also possible: +.Bd -literal -offset indent +# paxctl +g /bin/ls +.Ed +.Pp +In addition, +.Em PaX Segvguard +provides several tunable options. +For example, to limit a program to 5 segmentation faults from the same user in +a 60 second timeframe: +.Bd -literal -offset indent +# sysctl -w security.pax.segvguard.max_crashes=5 +# sysctl -w security.pax.segvguard.expiry_timeout=60 +.Ed +.Pp +The number of seconds a user will be suspended from running the culprit +program is also configurable. +For example, 10 minutes seem like a sane setting: +.Bd -literal -offset indent +# sysctl -w security.pax.segvguard.suspend_timeout=600 +.Ed +.Ss GCC Stack Smashing Protection ( SSP ) +As of +.Nx 4.0 , +.Xr gcc 1 +includes +.Em SSP , +a set of compiler extensions to raise the bar on exploitation attempts by +detecting corruption of variables and buffer overruns, which may be used to +affect program control flow. +.Pp +Upon detection of a buffer overrun, +.Em SSP +will immediately abort execution of the program and send a log message +to +.Xr syslog 3 . +.Pp +The system (userland and kernel) can be built with +.Em SSP +by using the +.Dq USE_SSP +flag in +.Pa /etc/mk.conf : +.Bd -literal -offset indent +USE_SSP=yes +.Ed +.Pp +You are encouraged to use +.Em SSP +for software you build, by providing one of the +.Fl fstack-protector +or +.Fl fstack-protector-all +flags to +.Xr gcc 1 . +Keep in mind, however, that +.Em SSP +will not work for functions that make use of +.Xr alloca 3 , +as the latter modifies the stack size during run-time, while +.Em SSP +relies on it being a compile-time static. +.Pp +Use of +.Em SSP +is especially encouraged on platforms without per-page execute bit granularity +such as i386. +As of +.Nx 6.0 , +.Em SSP +is used by default on i386 and amd64 architectures. +.Ss FORTIFY_SOURCE +The so-called +.Em FORTIFY_SOURCE +is a relatively simple technique to detect a subset of buffer overflows +before these can do damage. +It is integrated to +.Xr gcc 1 +together with some common memory and string functions in the standard +C library of +.Nx . +.Pp +The underlying idea builds on the observation that there are cases where +the compiler knows the size of a buffer. +If a buffer overflow is suspected in a function that does little or no +bounds checking, either a compile time warning can be issued or a +safer substitute function can be used at runtime. +Refer to +.Xr ssp 3 +for additional details. +.Pp +The +.Em FORTIFY_SOURCE +is enabled by default in some parts of the +.Nx +source tree. +It is also possible to explicitly enable it by defining +the following in +.Xr mk.conf 5 : +.Bd -literal -offset indent +USE_FORT=yes +.Ed +.Ss Protections against NULL pointer dereferences +A certain class of attacks rely on kernel bugs that dereference +.Dv NULL +pointers. +If user processes are allowed to map the virtual address 0 with +.Xr mmap 2 +or by other means, there is a risk that code or data +can be injected into the kernel address space. +.Pp +In +.Nx +it is possible to restrict whether user processes are +allowed to make mappings at the zero address. +By default, address 0 mappings are restricted on all architectures. +It is however known that some third-party programs +may not function properly with the restriction. +Such mappings can be allowed either by using the +.Dv USER_VA0_DISABLE_DEFAULT +kernel configuration option or by changing the following variable at runtime: +.Bd -literal -offset indent +# sysctl -w vm.user_va0_disable=0 +.Ed +.Pp +Note that if +.Em securelevel +(see +.Xr secmodel_securelevel 9 ) +is greater than zero, it is not possible to change the +.Xr sysctl 8 +variable. +.Ss Per-user temporary storage +It is possible to configure per-user temporary storage to avoid potential +security issues (race conditions, etc.) in programs that do not make secure +usage of +.Pa /tmp . +.Pp +To enable per-user temporary storage, add the following line to +.Xr rc.conf 5 : +.Bd -literal -offset indent +per_user_tmp=YES +.Ed +.Pp +If +.Pa /tmp +is a mount point, you will also need to update its +.Xr fstab 5 +entry to use +.Dq /private/tmp +(or whatever directory you want, if you override the default using the +.Dq per_user_tmp_dir +.Xr rc.conf 5 +keyword) instead of +.Dq /tmp . +.Pp +Following that, run: +.Bd -literal -offset indent +# /etc/rc.d/perusertmp start +.Ed +.Pp +The per-user temporary storage is implemented by using +.Dq magic symlinks . +These are further described in +.Xr symlink 7 . +.Pp +Note that some programs will not work correctly with the present +.Dq magic symlinks +implementation, if they invoke +.Xr realpath 3 +on temporary file paths, for example +.Xr tmux 1 . +In this case, resolution will fail, so this feature is not suited for +all uses. +.Ss Information filtering +.Nx +provides administrators the ability to restrict information passed from +the kernel to userland so that users can only view information they +.Dq own . +.Pp +The hooks that manage this restriction are located in various parts of the +system and affect programs such as +.Xr ps 1 , +.Xr fstat 1 , +and +.Xr netstat 1 . +Information filtering is enabled as follows: +.Bd -literal -offset indent +# sysctl -w security.curtain=1 +.Ed +.Ss Administrative security +Also certain administrative tasks are related to security. +For instance, the daily maintenance script includes some basic +consistency checks; see +.Xr security.conf 5 +for more details. +In particular, it is possible to configure +.Nx +to automatically audit all third-party packages installed via +.Xr pkgsrc 7 . +To audit for any known vulnerabilities on daily basis, set the following in +.Pa /etc/daily.conf : +.Bd -literal -offset indent +fetch_pkg_vulnerabilities=YES +.Ed +.Sh SEE ALSO +.Xr ssp 3 , +.Xr options 4 , +.Xr entropy 7 , +.Xr paxctl 8 , +.Xr sysctl 8 , +.Xr veriexec 8 , +.Xr kauth 9 +.\" +.Rs +.%A Joseph Kong +.%B "Designing BSD Rootkits: An Introduction to Kernel Hacking" +.%D 2007 +.%I "No Starch Press" +.Re +.\" +.Rs +.%A Enrico Perla +.%A Massimiliano Oldani +.%B "A Guide to Kernel Exploitation: Attacking the Core" +.%D 2010 +.%I "Elsevier" +.Re +.\" +.Rs +.%A Erik Buchanan +.%A Ryan Roemer +.%A Hovav Shacham +.%A Stefan Savage +.%T "When Good Instructions Go Bad: \ +Generalizing Return-Oriented Programming to RISC" +.%P 27-38 +.%O CCS '08: Proceedings of the 15th ACM Conference \ +on Computer and Communications Security +.%I ACM Press +.%D October 27-31, 2008 +.%U http://cseweb.ucsd.edu/~hovav/dist/sparc.pdf +.Re +.\" +.Rs +.%A Sebastian Krahmer +.%T "x86-64 Buffer Overflow Exploits and \ +the Borrowed Code Chunks Exploitation Technique" +.%D September 28, 2005 +.%U http://www.suse.de/~krahmer/no-nx.pdf +.Re +.Sh AUTHORS +Many of the security features were pioneered by +.An Elad Efrat Aq Mt elad@NetBSD.org . diff --git a/static/netbsd/man7/setuid.7 b/static/netbsd/man7/setuid.7 new file mode 100644 index 00000000..ef269c87 --- /dev/null +++ b/static/netbsd/man7/setuid.7 @@ -0,0 +1,369 @@ +.\" $NetBSD: setuid.7,v 1.9 2020/08/29 13:32:27 fcambus Exp $ +.\" +.\" Copyright (c) 2003 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Henry Spencer <henry@spsystems.net>. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 26, 2009 +.Dt SETUID 7 +.Os +.Sh NAME +.Nm setuid +.Nd checklist for security of setuid programs +.Sh DESCRIPTION +.Em Please note : +This manual page was written long ago, and is in need of updating to +match today's systems. +We think it is valuable enough to include, even though parts of it +are outdated. +A carefully-researched updated version +would be very useful, if anyone is feeling enthusiastic... +.Pp +Writing a secure setuid (or setgid) program is tricky. +There are a number of possible ways of subverting such a program. +The most conspicuous security holes occur when a setuid program is +not sufficiently careful to avoid giving away access to resources +it legitimately has the use of. +Most of the other attacks are basically a matter of altering the program's +environment in unexpected ways and hoping it will fail in some +security-breaching manner. +There are generally three categories of environment manipulation: +supplying a legal but unexpected environment that may cause the +program to directly do something insecure, +arranging for error conditions that the program may not handle correctly, +and the specialized subcategory of giving the program inadequate +resources in hopes that it won't respond properly. +.Pp +The following are general considerations of security when writing +a setuid program. +.Bl -bullet +.It +The program should run with the weakest userid possible, preferably +one used only by itself. +A security hole in a setuid program running with a highly-privileged +userid can compromise an entire system. +Security-critical programs like +.Xr passwd 1 +should always have private userids, to minimize possible damage +from penetrations elsewhere. +.It +The result of +.Xr getlogin 2 +or +.Xr ttyname 3 +may be wrong if the descriptors have been meddled with. +There is +.Em no +foolproof way to determine the controlling terminal +or the login name (as opposed to uid) on V7. +.It +On some systems, the setuid bit may not be honored if +the program is run by root, +so the program may find itself running as root. +.It +Programs that attempt to use +.Xr creat 3 +for locking can foul up when run by root; +use of +.Xr link 2 +is preferred when implementing locking. +Using +.Xr chmod 2 +for locking is an obvious disaster. +.It +Breaking an existing lock is very dangerous; the breakdown of a locking +protocol may be symptomatic of far worse problems. +Doing so on the basis of the lock being +.Sq old +is sometimes necessary, +but programs can run for surprising lengths of time on heavily-loaded +systems. +.It +Care must be taken that user requests for I/O are checked for +permissions using the user's permissions, not the program's. +Use of +.Xr access 2 +is recommended. +.It +Programs executed at user request (e.g. shell escapes) must +not receive the setuid program's permissions; +use of daughter processes and +.Dq setuid(getuid()) +plus +.Dq setgid(getgid()) +after +.Xr fork 2 +but before +.Xr exec 3 +is vital. +.It +Similarly, programs executed at user request must not receive other +sensitive resources, notably file descriptors. +Use of +.Xr fcntl 2 +.Dv F_CLOSEM , +.Dv FILENO_STDERR + 1 +(close all fd's greater than stderr) +and/or +.Xr fcntl 2 +.Dv F_SETFD , +.Dv FD_CLOEXEC +(close-on-exec) arrangements +on systems which have them +is recommended. +.Pp +Other resources should also be examined for sanity and possibly set to +desired settings, such as the current working directory, signal disposition, +resource limits, environment, umask, group membership, chroot. +.Pp +Programs activated by one user but handling traffic on behalf of +others (e.g. daemons) should avoid doing +.Dq setuid(getuid()) +or +.Dq setgid(getgid()) , +since the original invoker's identity is almost certainly inappropriate. +On systems which permit it, use of +.Dq setuid(geteuid()) +and +.Dq setgid(getegid()) +is recommended when performing work on behalf of the system as +opposed to a specific user. +.It +There are inherent permission problems when a setuid program executes +another setuid program, +since the permissions are not additive. +Care should be taken that created files are not owned by the wrong person. +Use of +.Dq setuid(geteuid()) +and its gid counterpart can help, if the system allows them. +.It +Care should be taken that newly-created files do not have the wrong +permission or ownership even momentarily. +Permissions should be arranged by using +.Xr umask 2 +in advance, rather than by creating the file wide-open and then using +.Xr chmod 2 . +Ownership can get sticky due to the limitations of the setuid concept, +although using a daughter process connected by a pipe can help. +.It +Setuid programs should be especially careful about error checking, +and the normal response to a strange situation should be termination, +rather than an attempt to carry on. +.El +.Pp +The following are ways in which the program may be induced to carelessly +give away its special privileges. +.Bl -bullet +.It +The directory the program is started in, or directories it may +plausibly +.Xr chdir 2 +to, may contain programs with the same names as system programs, +placed there in hopes that the program will activate a shell with +a permissive +.Ev PATH +setting. +.Ev PATH +should +.Em always +be standardized before invoking a shell +(either directly or via +.Xr popen 3 +or +.Xr execvp 3 +or +.Xr execlp 3 ) . +.It +Similarly, a bizarre +.Ev IFS +setting may alter the interpretation of a shell command in really +strange ways, possibly causing a user-supplied program to be invoked. +.Ev IFS +too should always be standardized before invoking a shell. +.It +Environment variables in general cannot be trusted. +Their contents should never be taken for granted. +.It +Setuid shell files (on systems which implement such) simply cannot +cope adequately with some of these problems. +They also have some nasty problems like trying to run a +.Pa \&.profile +when run under a suitable name. +They are terminally insecure, and must be avoided. +.It +Relying on the contents of files placed in publicly-writable +directories, such as +.Pa /tmp , +is a nearly-incurable security problem. +Setuid programs should avoid using +.Pa /tmp +entirely, if humanly possible. +The sticky-directories modification (sticky bit on for a directory means +only owner of a file can remove it) helps, +but is not a complete solution. +.It +A related problem is that +spool directories, holding information that the program will trust +later, must never be publicly writable even if the files in the +directory are protected. +Among other sinister manipulations that can be performed, note that +on many Unixes, a core dump of a setuid program is owned +by the program's owner and not by the user running it. +.El +.Pp +The following are unusual but possible error conditions that the +program should cope with properly (resource-exhaustion questions +are considered separately, see below). +.Bl -bullet +.It +The value of +.Ar argc +might be 0. +.It +The setting of the +.Xr umask 2 +might not be sensible. +In any case, it should be standardized when creating files +not intended to be owned by the user. +.It +One or more of the standard descriptors might be closed, so that +an opened file might get (say) descriptor 1, causing chaos if the +program tries to do a +.Xr printf 3 . +.It +The current directory (or any of its parents) +may be unreadable and unsearchable. +On many systems +.Xr pwd 1 +does not run setuid-root, +so it can fail under such conditions. +.It +Descriptors shared by other processes (i.e., any that are open +on startup) may be manipulated in strange ways by said processes. +.It +The standard descriptors may refer to a terminal which has a bizarre +mode setting, or which cannot be opened again, +or which gives end-of-file on any read attempt, or which cannot +be read or written successfully. +.It +The process may be hit by interrupt, quit, hangup, or broken-pipe signals, +singly or in fast succession. +The user may deliberately exploit the race conditions inherent +in catching signals; +ignoring signals is safe, but catching them is not. +.It +Although non-keyboard signals cannot be sent by ordinary users in V7, +they may perhaps be sent by the system authorities (e.g. to +indicate that the system is about to shut down), +so the possibility cannot be ignored. +.It +On some systems there may be an +.Xr alarm 3 +signal pending on startup. +.It +The program may have children it did not create. +This is normal when the process is part of a pipeline. +.It +In some non-V7 systems, users can change the ownerships of their files. +Setuid programs should avoid trusting the owner identification of a file. +.It +User-supplied arguments and input data +.Em must +be checked meticulously. +Overly-long input stored in an array without proper bound checking +can easily breach security. +When software depends on a file being in a specific format, user-supplied +data should never be inserted into the file without being checked first. +Meticulous checking includes allowing for the possibility of non-ASCII +characters. +.It +Temporary files left in public directories like +.Pa /tmp +might vanish at inconvenient times. +.El +.Pp +The following are resource-exhaustion possibilities that the +program should respond properly to. +.Bl -bullet +.It +The user might have used up all of their allowed processes, so +any attempt to create a new one (via +.Xr fork 2 +or +.Xr popen 3 ) +will fail. +.It +There might be many files open, exhausting the supply of descriptors. +Running +.Xr fcntl 2 +.Dv F_CLOSEM +on systems which have it, +is recommended. +.It +There might be many arguments. +.It +The arguments and the environment together might occupy a great deal +of space. +.El +.Pp +Systems which impose other resource limitations can open setuid +programs to similar resource-exhaustion attacks. +.Pp +Setuid programs which execute ordinary programs without reducing +authority pass all the above problems on to such unprepared children. +Standardizing the execution environment is only a partial solution. +.Sh SEE ALSO +.Xr passwd 1 , +.Xr pwd 1 , +.Xr access 2 , +.Xr chdir 2 , +.Xr chroot 2 , +.Xr execve 2 , +.Xr fcntl 2 , +.Xr fork 2 , +.Xr getlogin 2 , +.Xr link 2 , +.Xr setegid 2 , +.Xr seteuid 2 , +.Xr setgid 2 , +.Xr setgroups 2 , +.Xr setrlimit 2 , +.Xr setuid 2 , +.Xr sigaction 2 , +.Xr umask 2 , +.Xr alarm 3 , +.Xr creat 3 , +.Xr execvp 3 , +.Xr popen 3 , +.Xr printf 3 , +.Xr ttyname 3 +.Sh HISTORY +Written by Henry Spencer, and based on additional outside contributions. +.Sh AUTHORS +.An Henry Spencer Aq Mt henry@spsystems.net +.Sh BUGS +The list really is rather long... +and probably incomplete. diff --git a/static/netbsd/man7/signal.7 b/static/netbsd/man7/signal.7 new file mode 100644 index 00000000..37515d50 --- /dev/null +++ b/static/netbsd/man7/signal.7 @@ -0,0 +1,633 @@ +.\" $NetBSD: signal.7,v 1.28 2023/07/17 14:20:19 riastradh Exp $ +.\" +.\" Copyright (c) 1999, 2016 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd August 24, 2018 +.Dt SIGNAL 7 +.Os +.Sh NAME +.Nm signal +.Nd signal facilities +.Sh DESCRIPTION +A +.Nm +is a system-level notification delivered to a process. +Signals may be generated as the result of process activity, by certain +user inputs, by kernel facilities or subsystems, or sent +programmatically by other processes or by users. +There is a small fixed set of signals, each with a symbolic name and a +number. +For historical reasons many of the numbers are ``well-known values'', +which are in practice the same on all implementations and +realistically can never be changed. +(Nonetheless, compiled code should always use only the symbolic +names.) +Many/most signals also have specific semantics, both in how they can +be generated and in their effects. +Some are special cases in ways that have quite far-reaching +consequences. +.Pp +When a signal is +.Em posted +.Pq Dq sent +to a process, in general any of several things can happen. +If the process has elected to +.Em ignore +the signal, it is discarded and nothing happens. +(Some signals may not be ignored, however.) +If the process has elected to +.Em block +the signal temporarily, delivery is postponed until the process +later unblocks that signal. +Otherwise, the signal is +.Em delivered , +meaning that whatever the process is doing is interrupted in order to +react to the signal. +(Note that processes that are waiting in the kernel must unwind what +they are doing for signals to be delivered. +This can sometimes be expensive. +See +.Xr sigaction 2 +for further information.) +.Pp +If the process has elected to +.Em catch +the signal, which means that the process has installed a handler to +react to the signal in some process-specific way, the kernel arranges +for the process's handler logic to be invoked. +This is always done in a way that allows the process to resume if +desired. +(Note, however, that some signals may not be caught.) +Otherwise, the default action for the signal is taken. +For most signals the default action is to terminate the process and +generate a core dump. +See the table below. +Note that the term +.Em delivery +is also used for the specific process of arranging for a signal +handler to be invoked. +.Pp +In general, signals are delivered as soon as they are posted. +(Some delays may occur due to scheduling.) +However, in some cases a process that has been sleeping in the kernel +may need to do slow things as part of unwinding its state; this can +sometimes lead to human-perceptible delays. +.Pp +Also, some sleep states within the kernel are +.Em uninterruptible +meaning that signals posted will have no effect until the state +clears. +These states are supposed to be short-term only, but sometimes kernel +bugs make this not the case and one can end up with unkillable +processes. +Such processes appear in state "D" in +.Xr ps 1 . +In general the only way to get rid of them is to reboot. +(However, when the "wchan" reported is "tstile", it means the process +is waiting for some other process to release resources; sometimes if +one can find and kill that process the situation is recoverable.) +.Ss Signal list +The following signals are defined in +.Nx : +.Pp +.Bl -column ".Sy SIGVTALRM" 3n "Profiling timer expired blablabla" -compact +.\".It Sy "Symbol" Ta No Ta Sy "Descriptive name" +.It Dv SIGHUP Ta 1 Ta "Hangup" +.It Dv SIGINT Ta 2 Ta "Interrupt" +.It Dv SIGQUIT Ta 3 Ta "Quit" +.It Dv SIGILL Ta 4 Ta "Illegal instruction" +.It Dv SIGTRAP Ta 5 Ta "Trace/BPT trap" +.It Dv SIGABRT Ta 6 Ta "Abort trap" +.It Dv SIGEMT Ta 7 Ta "EMT trap" +.It Dv SIGFPE Ta 8 Ta "Floating point exception" +.It Dv SIGKILL Ta 9 Ta "Killed" +.It Dv SIGBUS Ta 10 Ta "Bus error" +.It Dv SIGSEGV Ta 11 Ta "Segmentation fault" +.It Dv SIGSYS Ta 12 Ta "Bad system call" +.It Dv SIGPIPE Ta 13 Ta "Broken pipe" +.It Dv SIGALRM Ta 14 Ta "Alarm clock" +.It Dv SIGTERM Ta 15 Ta "Terminated" +.It Dv SIGURG Ta 16 Ta "Urgent I/O condition" +.It Dv SIGSTOP Ta 17 Ta "Suspended (signal)" +.It Dv SIGTSTP Ta 18 Ta "Suspended" +.It Dv SIGCONT Ta 19 Ta "Continued" +.It Dv SIGCHLD Ta 20 Ta "Child exited, stopped or continued" +.It Dv SIGTTIN Ta 21 Ta "Stopped (tty input)" +.It Dv SIGTTOU Ta 22 Ta "Stopped (tty output)" +.It Dv SIGIO Ta 23 Ta "I/O possible" +.It Dv SIGXCPU Ta 24 Ta "CPU time limit exceeded" +.It Dv SIGXFSZ Ta 25 Ta "File size limit exceeded" +.It Dv SIGVTALRM Ta 26 Ta "Virtual timer expired" +.It Dv SIGPROF Ta 27 Ta "Profiling timer expired" +.It Dv SIGWINCH Ta 28 Ta "Window size changed" +.It Dv SIGINFO Ta 29 Ta "Information request" +.It Dv SIGUSR1 Ta 30 Ta "User defined signal 1" +.It Dv SIGUSR2 Ta 31 Ta "User defined signal 2" +.It Dv SIGPWR Ta 32 Ta "Power fail/restart" +.El +.Pp +These are numbered 1 to 32. +(There is no signal 0; 0 is a reserved value that can be used as a +no-op with some signal operations.) +.Pp +Detailed descriptions of these signals follow. +.Bl -tag -width "aaa" +.\" ************ +.It Dv SIGHUP No (Hangup) +This signal is generated by the +.Xr tty 4 +driver +to indicate a hangup condition on a process's controlling terminal: +the user has disconnected. +Accordingly, the default action is to terminate the process. +This signal is also used by many daemons, +such as +.Xr inetd 8 , +as a cue to reload configuration. +The number for +.Dv SIGHUP +is\~1, which is quite well known. +.\" ************ +.It Dv SIGINT No (Interrupt) +This signal is generated by the +.Xr tty 4 +driver +when the user presses the interrupt character, normally control-C. +The default action is to terminate the process. +The number for +.Dv SIGINT +is\~2. +.\" ************ +.It Dv SIGQUIT No (Quit) +This signal is generated by the +.Xr tty 4 +driver +when the user presses the quit character, normally control-backspace. +The default action is to terminate the process and dump core. +The number for +.Dv SIGQUIT +is\~3. +.\" ************ +.It Dv SIGILL No (Illegal instruction) +This signal is generated synchronously by the kernel when the process +executes an invalid instruction. +The default action is to terminate the process and dump core. +Note: the results of executing an illegal instruction when +.Dv SIGILL +is blocked or ignored are formally unspecified. +The number for +.Dv SIGILL +is\~4. +.\" ************ +.It Dv SIGTRAP No (Trace/BPT trap) +This signal is used when a process is being traced +(see +.Xr ptrace 2 ) +to indicate that the process has stopped at a breakpoint or after +single-stepping. +It is normally intercepted by the debugger and not exposed to the +debuggee. +The default action is to terminate the process and dump core. +The number for +.Dv SIGTRAP +is\~5. +.\" ************ +.It Dv SIGABRT No (Abort trap) +This signal is generated when the +.Xr abort 3 +standard library function is called. +The default action is to terminate the process and dump core. +The number for +.Dv SIGABRT +is\~6. +This number was also formerly used for +.Dv SIGIOT , +which is no longer defined, +as it was specific to the PDP-11 instruction +.Dv iot . +.\" ************ +.It Dv SIGEMT No (EMT trap) +In theory this signal is generated when an instruction needs to be +emulated. +.\" XXX expand this -- I don't know, grep isn't helping much and +.\" information seems pretty thin on the ground on the net. +The default action is to terminate the process and dump core. +The number for +.Dv SIGEMT +is\~7. +.\" ************ +.It Dv SIGFPE No (Floating point exception) +This signal is generated when an invalid floating point operation is +detected by hardware or by a soft-float library. +The default action is to terminate the process and dump core. +The number for +.Dv SIGFPE +is\~8. +.\" ************ +.It Dv SIGKILL No (Killed) +This signal cannot be caught or ignored. +The (unconditional) action is to terminate the process. +It is most often sent by system administrators, but is also generated +by the kernel in response to running completely out of memory and +swap space. +Note that because many processes need to perform cleanup before +exiting, it is usually best (as a user or administrator) to not deploy +.Dv SIGKILL +until a process has failed to respond to other signals. +The number for +.Dv SIGKILL +is\~9, which is extremely well known. +.\" ************ +.It Dv SIGBUS No (Bus error) +This signal is generated synchronously by the kernel when the process +performs certain kinds of invalid memory accesses. +The most common cause of +.Dv SIGBUS +is an unaligned memory access; however, on some architectures it may +cover other memory conditions, such as attempts to access memory +belonging to the kernel. +The default action is to terminate the process and dump core. +Note: the results of performing such invalid accesses when +.Dv SIGBUS +is blocked or ignored are formally unspecified. +The number for +.Dv SIGBUS +is\~10. +.\" ************ +.It Dv SIGSEGV No (Segmentation fault) +This signal is generated synchronously by the kernel when the process +attempts to access unmapped memory, or access memory in a manner that +the protection settings for that memory region do not permit. +On some architectures other assorted permission or protection errors +also yield +.Dv SIGSEGV . +On +.Nx , +passing invalid pointers to system calls will yield failure with +.Er EFAULT +but not also +.Dv SIGSEGV . +The default action is to terminate the process and dump core. +Note: the results of an invalid memory access when +.Dv SIGSEGV +is blocked or ignored are formally unspecified. +The number for +.Dv SIGSEGV +is\~11, which is very well known. +.\" ************ +.It Dv SIGSYS No (Bad system call) +This signal is generated by the kernel, in addition to failing with +.Er ENOSYS , +when a system call is made using an invalid system call number. +.\" (This facility was intended to facilitate emulation of system calls.) +The default action is to terminate the process and dump core. +The number for +.Dv SIGSYS +is\~12. +.\" ************ +.It Dv SIGPIPE No (Broken pipe) +This signal is generated by the kernel, in addition to failing with +.Er EPIPE , +when a +.Xr write 2 +call or similar is made on a pipe or socket that has been closed and +has no readers. +The default action is to terminate the process. +The number for +.Dv SIGPIPE +is\~13. +.\" ************ +.It Dv SIGALRM No (Alarm clock) +This signal is generated by the kernel when a real-time timer expires. +See +.Xr alarm 3 , +.Xr setitimer 2 , +and +.Xr timer_settime 2 . +The default action is to terminate the process. +The number for +.Dv SIGALRM +is\~14. +.\" ************ +.It Dv SIGTERM No (Terminated) +This signal is the default signal sent by +.Xr kill 1 +and represents a user or administrator request that a program shut +down. +It is sent to all processes as part of the +.Xr shutdown 8 +procedure. +The default action is to terminate the process. +The number for +.Dv SIGTERM +is\~15. +.\" ************ +.It Dv SIGURG No (Urgent I/O condition) +This signal is generated when an ``urgent condition'' exists on a +socket. +In practice this means when +.Xr tcp 4 +out-of-band data has arrived. +The default action is to do nothing. +The number for +.Dv SIGURG +is\~16. +.\" ************ +.It Dv SIGSTOP No (Suspended (signal)) +This signal cannot be caught or ignored. +The (unconditional) action is to stop the process. +Note that like with +.Dv SIGKILL +(and for similar reasons) it is best to not send this signal until a +process has failed to respond to +.Dv SIGTSTP . +It can also be used by processes to stop themselves after catching +.Dv SIGTSTP . +A process that is explicitly stopped will not run again until told to +with +.Dv SIGCONT . +The number for +.Dv SIGSTOP +is\~17. +.\" ************ +.It Dv SIGTSTP No (Suspended) +This signal is generated by the +.Xr tty 4 +driver +when the user presses the stop character, normally control-Z. +The default action is to stop the process. +The number for +.Dv SIGTSTP +is\~18. +.\" ************ +.It Dv SIGCONT No (Continued) +This signal is generated by the job-control feature of shells to +manage processes. +It causes the target process to start executing again after previously +being stopped. +This happens as a magic extra effect +.Nm before +the signal is actually delivered. +The default action when the signal is delivered is to do nothing (else). +The number for +.Dv SIGCONT +is\~19. +.\" ************ +.It Dv SIGCHLD No (Child exited, stopped or continued) +This signal is generated by the kernel when one of a process's +immediate children exits and can be waited for using one of the +.Xr wait 2 +family of functions. +The default action is to do nothing. +.Pp +As a special case, if a child exits when its parent process has +.Dv SIGCHLD +ignored +.Pq not merely blocked +by having its signal handler set to +.Dv SIG_IGN , +or if the signal action has the +.Dv SA_NOCLDWAIT +flag set +.Pq Xr sigaction 2 , +then the child is detached so that +.Xr wait 2 +in the parent will wait for +.Em all +children to exit and then fail with +.Er ECHILD +without returning any information about any specific child processes. +.Pp +The number for +.Dv SIGCHLD +is\~20. +This signal was spelled +.Dv SIGCLD +in old System V versions and today many systems provide both +spellings. +.\" ************ +.It Dv SIGTTIN No (Stopped (tty input)) +This signal is generated by the +.Xr tty 4 +driver +when a process that is not in the foreground of its controlling +terminal attempts to read from this terminal. +The default action is to stop the process. +The number for +.Dv SIGTTIN +is\~21. +.\" ************ +.It Dv SIGTTOU No (Stopped (tty output)) +This signal is generated by the +.Xr tty 4 +driver +when a process that is not in the foreground of its controlling +terminal attempts to write to this terminal, if the terminal is +configured accordingly, which is not the default. +(See +.Xr termios 4 . ) +The default action is to stop the process. +The number for +.Dv SIGTTOU +is\~22. +.\" ************ +.It Dv SIGIO No (I/O possible) +This signal is sent by the kernel when I/O becomes possible on a file +handle opened for asynchronous access with +.Dv O_ASYNC . +See +.Xr open 2 +and +.Xr fcntl 2 . +The default action is to do nothing. +The number for +.Dv SIGIO +is\~23. +.\" ************ +.It Dv SIGXCPU No (CPU time limit exceeded) +This signal is sent by the kernel when the amount of CPU time consumed +exceeds the configured limit. +See +.Xr setrlimit 2 +and the +.Ic ulimit +and +.Ic rlimit +builtins of +.Xr sh 1 +and +.Xr csh 1 +respectively. +The default action is to terminate the process. +The number for +.Dv SIGXCPU +is\~24. +.\" ************ +.It Dv SIGXFSZ No (File size limit exceeded) +This signal is sent by the kernel when a write causes the size of a +file to exceed the configured limit. +See +.Xr setrlimit 2 +and the +.Ic ulimit +and +.Ic rlimit +builtins of +.Xr sh 1 +and +.Xr csh 1 +respectively. +The default action is to terminate the process. +The number for +.Dv SIGXFSZ +is\~25. +.\" ************ +.It Dv SIGVTALRM No (Virtual timer expired) +This signal is generated by the kernel when a virtual-time (process +execution time) timer expires. +See +.Xr setitimer 2 +and +.Xr timer_settime 2 . +The default action is to terminate the process. +The number for +.Dv SIGVTALRM +is\~26. +.\" ************ +.It Dv SIGPROF No (Profiling timer expired) +This signal is generated by the kernel when a profiling timer +expires. +See +.Xr setitimer 2 +and +.Xr timer_settime 2 . +The default action is to terminate the process. +The number for +.Dv SIGPROF +is\~27. +.\" ************ +.It Dv SIGWINCH No (Window size changed) +This signal is generated by the +.Xr tty 4 +driver +when the stored window size of the process's controlling terminal has +changed. +The default action is to do nothing. +The number for +.Dv SIGWINCH +is\~28. +.\" ************ +.It Dv SIGINFO No (Information request) +This signal is generated by the +.Xr tty 4 +driver +when the user presses the status request character, normally +control-T. +The default action is to do nothing. +The number for +.Dv SIGINFO +is\~29. +.\" ************ +.It Dv SIGUSR1 No (User defined signal 1) +This signal is not generated by the system and is made available for +applications to use for their own purposes. +Many daemons use it for restart or reload requests of various types. +The default action is to terminate the process. +The number for +.Dv SIGUSR1 +is\~30. +.\" ************ +.It Dv SIGUSR2 No (User defined signal 2) +This signal is not generated by the system and is made available for +applications to use for their own purposes. +The default action is to terminate the process. +The number for +.Dv SIGUSR2 +is\~31. +.\" ************ +.It Dv SIGPWR No (Power fail/restart) +This signal is notionally sent by the kernel or by a privileged +monitor process when an external power failure is detected, and again +when power has been restored. +Currently +.Nx +does not in fact send +.Dv SIGPWR , +although it is possible to prepare a custom configuration for +.Xr powerd 8 +that does so. +The default action is to do nothing. +The number for +.Dv SIGPWR +is\~32. +.\" ************ +.El +.Ss Shell Interface +Signals may be sent with the +.Xr kill 1 +utility, either by number or the symbolic name without the ``SIG'' part. +This utility is built into many shells to allow addressing job control +jobs. +.Ss Program Interface +In C code signals may be sent using +.Xr raise 3 , +.Xr kill 2 , +.Xr pthread_kill 3 , +and some other related functions. +.Pp +Signals may be caught or ignored using +.Xr sigaction 2 +or the simpler +.Xr signal 3 , +and blocked using +.Xr sigprocmask 2 . +.Sh STANDARDS +The +.Dv SIGTRAP , +.Dv SIGEMT , +.Dv SIGBUS , +.Dv SIGSYS , +.Dv SIGURG , +.Dv SIGIO , +.Dv SIGXCPU , +.Dv SIGXFSZ , +.Dv SIGVTALRM , +.Dv SIGPROF , +.Dv SIGWINCH , +and +.Dv SIGINFO +signals are long-existing Berkeley extensions, available on most +.Bx Ns \-derived +systems. +The +.Dv SIGPWR +signal comes from System V. +.Pp +The remaining signals conform to +.St -p1003.1-90 . +.Sh HISTORY +.Dv SIGPWR +was introduced in +.Nx 1.4 . diff --git a/static/netbsd/man7/src.7 b/static/netbsd/man7/src.7 new file mode 100644 index 00000000..ba15b9c9 --- /dev/null +++ b/static/netbsd/man7/src.7 @@ -0,0 +1,362 @@ +.\" $NetBSD: src.7,v 1.17 2022/08/21 07:10:03 lukem Exp $ +.\" +.\" Copyright (c) 2012, 2013 Mingzhe Wang and Elvira Khabirova. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd May 14, 2020 +.Dt SRC 7 +.Os +.Sh NAME +.Nm src +.Nd layout of NetBSD sources +.Sh DESCRIPTION +An outline of the +.Nx +source code hierarchy. +.Bl -tag -width "external/" +.It Pa bin/ +Critical utilities for the system and users. +.It Pa sbin/ +Critical utilities for the system and the superuser. +.It Pa usr.bin/ +Not-so critical utilities for the system and users. +.It Pa usr.sbin/ +Not-so critical utilities for the system and the superuser. +.It Pa common/ +Sources shared between kernel and userland. +.Bl -tag -width "include/" -compact +.It Pa dist/ +Utilities. +Every utility has its own subdirectory, +where its source and Makefile are located. +.It Pa include/ +Include headers. +Every group of header files has its own +subdirectory, where it and its +Makefile are located. +.It Pa lib/ +Libraries. +Every library has its own subdirectory, +where it and its Makefile are located. +.El +.It Pa compat/ +A framework to (re)build the libraries +shipped with +.Nx +for different ABI than the default for +that platform. +.Bl -tag -width "compat/<arch1>/<arch2>/" -compact +.It Pa compat/<arch1>/<arch2>/ +Every +.Pa compat/<arch1>/<arch2>/ +directory contains a Makefile and a makefile +fragment for building an +.Pa <arch2> +compat libraries for +.Pa <arch1> . +For example, +.Pa compat/amd64/i386/ +is where the 32-bit compat libraries for the +amd64 port are being built. +.It Pa compatsubdir.mk +The list of subdirectories (the libraries and +ld.elf_so) to build with this ABI. +.It Pa archdirs.mk +The list of subdirectories for each port. +.It Pa Makefile.compat +The basic framework to force the right paths for +library and ld.elf_so linkage. +.It Pa dirshack/Makefile +A hack to get objdirs created timely. +.El +.It Pa crypto/ +Cryptographic source, which may have import or +export restrictions. +.Bl -tag -width "external/" -compact +.It Pa dist/ +Original sources. +This is deprecated; +.Pa crypto/external/ +should be used instead. +.It Pa external/ +Original sources, grouped by license, and then +package per license. +.Pa crypto/external/<license>/<package>/dist/ +contain original sources for given package; +other directories contain Makefiles and +given package's config files. +.El +.It Pa dist/ +Unmodified sources from third parties. +This is deprecated; +.Pa external/ +should be used instead. +.It Pa distrib/ +Tools and data-files for making distributions. +.Bl -tag -width "distrib/notes/<arch>/" -compact +.It Pa <arch>/ +Architecture-specific files, grouped by +image type. +For example, +.Pa distrib/<arch>/floppies/ +contains Makefiles for making images for +various types of floppies; +.Pa <arch>/ramdisk/ +contains makefiles for making ramdisks etc. +.It Pa cdrom/ +Was used to create bootable CD images. +This is deprecated; +.Pa build.sh +\'s +.Pa iso-image +target should be used instead. +.It Pa common/ +Common files for images generation. +.It Pa miniroot/ +Files for miniroot. +.It Pa notes/<arch> +Architecture-specific parts of release notes. +.It Pa sets/ +Scripts for making file sets. +.It Pa utils/ +Utilities for installation ramdisk. +.El +.It Pa doc/ +Development documentation files: changelogs, +build readmes etc. +.Pa doc/roadmaps/ +contains roadmaps. +.It Pa etc/ +Default configuration files to be put into +.Pa /etc . +.Bl -tag -width "compat/<arch1>/<arch2>/" -compact +.It Pa etc/etc.<arch>/ +Architecture-specific config files. +.El +.It Pa external/ +Unmodified sources from third parties, +grouped by license. +Every +.Pa external/<license>/<package>/ +may contain: +.Bl -tag -width "usr.sbin/" -compact +.It Pa dist/ +Unmodified third party source for a given package +.It Pa bin/ +.It Pa usr.bin/ +.It Pa usr.sbin/ +.It etc. +Such subdirectories contain reachover Makefiles, +README's and various import helper scripts. +For example, +.Pa external/public-domain/ +contains +sources licensed under Public Domain +license; +.Pa external/public-domain/sqlite/dist/ +contains original sources; +.Pa external/public-domain/sqlite/bin/ , +.Pa external/public-domain/sqlite/lib/ +and +.Pa external/public-domain/sqlite/ +itself contain reachover Makefiles. +.El +.It Pa games/ +Sources for utilities/files in +.Pa /usr/games ; +each utility has its own subdirectory, where +its sources and Makefiles are located. +.It Pa include/ +Files to be put into +.Pa /usr/include . +.It Pa lib/ +Source for libraries in +.Pa /usr/lib +and some scripts for them. +Every directory contains source for given library +and Makefiles. +.It Pa libexec/ +Source for utilities in +.Pa /usr/libexec . +Every directory contains source for given utility +and Makefiles. +.It Pa regress/ +Various regression tests in +.Pa /usr/tests . +This is deprecated; most tests are being migrated +into +.Pa tests/ +once they are migrated to the +.Xr atf 7 +test framework. +.It Pa rescue/ +Makefiles for copying utilities to +.Pa /rescue . +.It Pa share/ +Source for utilities/files in +.Pa /usr/share . +Every utility has its own subdirectory, +where its source and Makefile are located. +.It Pa sys/ +Kernel source. +.Bl -tag -width "opencrypto/" -compact +.It Pa altq/ +Network packet alternate queueing. +.It Pa arch/ +Files to specific hardware platforms. +.It Pa coda/ +Coda file system driver. +.It Pa compat/ +Support for older version +.Nx +binaries and +.Pf non- Nx +binaries. +.It Pa conf/ +Misc files for building kernel. +.It Pa crypto/ +Crypt algorithms used by IPsec. +.It Pa ddb/ +Client code for local kernel debugger. +.It Pa dev/ +Device drivers. +.It Pa dist/ +Parent directory for the +.Ox +packet filter +.Xr pf 4 . +.It Pa external/ +Sources from third parties, grouped by license. +.It Pa fs/ +File systems storing data on physical drives. +.It Pa gdbscripts/ +.Xr gdb 1 +macros. +.It Pa kern/ +.Nx Ap s +Kernel code, such as resource management, signal delivering, etc. +.It Pa lib/ +Libraries used by the kernel. +.It Pa miscfs/ +Drivers for file systems used to store layered data for kernel features. +.It Pa modules/ +Kernel components, including hardware specific drivers and upper-level drivers. +.It Pa net/ +Lowlevel network: protocol drivers, packet filters and access interfaces for NICs. +.It Pa net80211/ +Drivers for 802.11 wireless network. +.It Pa netatalk/ +Appletalk protocol stack +.Xr atalk 4 . +.It Pa netbt/ +Bluetooth stack +.Xr bluetooth 4 . +.It Pa netcan/ +Controller Area Network stack +.Xr can 4 . +.It Pa netinet/ +IPv4 protocol stack +.Xr ip 4 . +.It Pa netinet6/ +IPv6 protocol stack. +.It Pa netipsec/ +IPsec protocol stack +.Xr ipsec 4 . +.It Pa netmpls/ +MPLS protocol stack +.Xr mpls 4 . +.It Pa nfs/ +Network file system driver. +.It Pa opencrypto/ +Cryptographic hardware framework +.Xr opencrypto 9 . +.It Pa rump/ +Rump kernel +.Xr rump 3 . +.It Pa secmodel/ +Security model framework +.Xr secmodel 9 . +.It Pa stand/ +Source for several standalone programs that aren't used by +.Nx +currently. +.It Pa sys/ +Header files that get installed into +.Pa /usr/include/sys . +.It Pa ufs/ +UFS file system driver. +.It Pa uvm/ +Virtual memory manager. +.El +.It Pa tests/ +Source for test programs in +.Pa /usr/tests . +These tests use the +.Xr atf 7 +test framework. +For library routines, including system calls, the +directory structure of the tests should follow the +directory structure of the real source tree. +For instance, interfaces available via the C +library should follow: +.Pa src/lib/libc/gen -> Pa src/tests/lib/libc/gen , +.Pa src/lib/libc/sys -> Pa src/tests/lib/libc/sys , +etc. +Equivalently, all tests for userland utilities +should try to follow their location in the source tree. +If this can not be satisfied, the tests for +a utility should be located under the directory to which +the utility is installed. +Thus, a test for +.Xr env 1 +should go to +.Pa src/tests/usr.bin/env . +Likewise, a test for +.Xr tcpdump 8 +should be in +.Pa src/tests/usr.sbin/tcpdump , +even though the source code for the program is located under +.Pa src/external . +.It Pa tools/ +Reachover build structure for the host build tools. +Every utility has its own directory, where its Makefile +is located. +.It Pa x11/ +Reachover build structure for X11R7; the source is in +.Pa X11SRCDIR . +The directory structure copies the system\'s; +every directory contains a Makefile. +.El +.Sh SEE ALSO +.Xr hier 7 +.Sh HISTORY +This file was created as a part of Google Code-in 2012/2013. +.Sh AUTHORS +.An -nosplit +This manpage was written by +.An Elvira Khabirova Aq Mt skinder0@gmail.com , +the +.Pa sys/ +part by +.An Mingzhe Wang . diff --git a/static/netbsd/man7/stack.7 b/static/netbsd/man7/stack.7 new file mode 100644 index 00000000..86c2fa0b --- /dev/null +++ b/static/netbsd/man7/stack.7 @@ -0,0 +1,293 @@ +.\" $NetBSD: stack.7,v 1.8 2026/04/23 20:09:46 uwe Exp $ +.\" +.\" Copyright (c) 2023 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd April 23, 2026 +.Dt STACK 7 +.Os +.Sh NAME +.Nm stack +.Nd layout of program execution stack memory +.Sh DESCRIPTION +When executing a program, with the +.Xr execve 2 +or +.Xr posix_spawn 3 +families of system calls, +.Nx +reserves a region in the new program image's virtual address space for +the +.Em stack , +which stores return addresses and local variables for nested procedure +calls in program execution. +Similarly, threads created with +.Xr pthread_create 3 +have regions allocated for per-thread stacks. +.Pp +The stack grows from the +.Em base , +where information of the outermost procedure call is stored, fixed at +program start, to the +.Em stack pointer , +a +.Tn CPU +register that points to information used by the current procedure call, +varying during execution as procedures are called. +.Pp +On most architectures, the stack base is at higher-numbered virtual +addresses and the stack pointer is at lower-numbered virtual addresses +\(em on these architectures, +.Em the stack grows down . +On some other architectures, notably +.Tn HP PA-RISC +.Pq Sq hppa , +the stack base is at lower-numbered virtual addresses and the stack +pointer is at higher-numbered virtual addresses, so on those +architectures +.Em the stack grows up . +.Pp +In the kernel, the C preprocessor macro +.Dv __HAVE_MACHINE_STACK_GROWS_UP +is defined in +.In machine/types.h +on architectures where the stack grows up. +.Ss Main thread +For single-threaded programs, and for the main thread of multi-threaded +programs, +.Nx +reserves virtual addresses as follows on architectures where the stack +grows +.Em down : +.Bd -literal -offset indent ++--------------------+ USRSTACK +| ASLR stack gap | ++--------------------+ stack base +| accessible pages | +| . | +| . | <-- stack pointer +| . | (varies during execution) +| V | ++--------------------+ (stack base) - (soft stack rlimit) +| inaccessible pages | ++--------------------+ (stack base) - (hard stack rlimit) +| guard/redzone | ++--------------------+ USRSTACK - MAXSSIZ +.Ed +.Pp +On architectures where the stack grows +.Em up , +the layout is: +.Bd -literal -offset indent ++--------------------+ USRSTACK + MAXSSIZ +| guard/redzone | ++--------------------+ (stack base) + (hard stack rlimit) +| inaccessible pages | ++--------------------+ (stack base) + (soft stack rlimit) +| \(ha | +| . | <-- stack pointer +| . | (varies during execution) +| . | +| accessible pages | ++--------------------+ stack base +| ASLR stack gap | ++--------------------+ USRSTACK +.Ed +.Bl -bullet +.It +The +.Em stack guard +is allocated so that any access \(em read, write, or execute \(em will +deliver +.Dv SIGSEGV +to the process. +This serves to detect stack overflow and crash rather than silently +overwrite other memory in the program's virtual address space. +The size of the stack guard is tuned by the +.Li vm.guard_size +.Xr sysctl 7 +knob. +.Pp +The stack guard is also sometimes known as the +.Sq redzone +or +.Sq red zone , +although the term +.Sq red zone +is also sometimes used to mean a fixed space +.Em above +the stack pointer (in the direction of stack growth) that the system +guarantees it will not overwrite when calling a signal handler in the +.Tn ABI +of some architectures; see also +.Xr sigaltstack 2 +to specify an alternate stack base for the kernel to use when invoking +signal handlers on signal delivery. +.It +The +.Em inaccessible pages +of the stack region are allocated so that any access will also deliver +.Dv SIGSEGV +to the process, but they can be made accessible by changing the soft +stack rlimit with +.Xr setrlimit 2 . +.It +The +.Em accessible pages +of the stack region are allocated with read/write access permitted, and +are used to store the actual data in the program stack. +.It +When +.Tn PaX ASLR , +address space layout randomization, is enabled, the +.Em stack gap +is an +.Em unallocated +space of a size chosen unpredictably at random at program startup time. +When +.Tn PaX ASLR +is disabled, the stack gap is empty. +.El +.Pp +All of the boundaries \(em +.Dv USRSTACK , +the stack base, and the boundaries between the accessible, +inaccessible, and guard pages \(em are page-aligned, or rounded to be +page-aligned even if the rlimits are not themselves page-aligned, +rounding so that the sizes of the regions do not exceed the rlimits. +.Pp +The stack base is exposed to programs via the +.Dv AT_STACKBASE +.Xr elf 5 +auxiliary info vector entry. +.Pp +The per-architecture constants +.Dv USRSTACK +and +.Dv MAXSSIZ +are defined in +.In machine/vmparam.h . +.Ss Non-main threads +Threads created with +.Xr pthread_create 3 +have stacks allocated at dynamically chosen addresses outside the main +thread's stack region by default, and their stacks cannot be resized +after creation. +On architectures where the stack grows +.Em down , +the layout is: +.Bd -literal -offset indent ++--------------------+ stack base = stackaddr + stacksize +| stack | +| . | +| . | <-- stack pointer +| . | (varies during execution) +| V | ++--------------------+ stackaddr +| guard/redzone | ++--------------------+ stackaddr - guardsize +.Ed +.Pp +On architectures where the stack grows +.Em up , +the layout is: +.Bd -literal -offset indent ++--------------------+ stackaddr + stacksize + guardsize +| guard/redzone | ++--------------------+ stackaddr + stacksize +| \(ha | +| . | <-- stack pointer +| . | (varies during execution) +| . | +| stack | ++--------------------+ stack base = stackaddr +.Ed +.Pp +The parameters stackaddr, stacksize, and guardsize can be obtained from +an existing thread using +.Xr pthread_getattr_np 3 , +.Xr pthread_attr_getguardsize 3 , +and the +.Xr pthread_attr_getstack 3 +family of functions. +.Pp +When creating a thread, the stack can be manually allocated and the +parameters can be set using +.Xr pthread_attr_setguardsize 3 +and the +.Xr pthread_attr_setstack 3 +family of functions. +However, the stack parameters cannot be changed after thread creation. +The default guard size is tuned by the +.Li vm.thread_guard_size +.Xr sysctl 7 +knob. +.Pp +For the main thread, +.Xr pthread_getattr_np 3 +returns a +.Em snapshot +of the parameters as they existed at program startup, so that stackaddr +and stacksize reflect the current accessible pages of the stack, and +guardsize is the value of the +.Li vm.guard_size +.Xr sysctl 7 +knob at the time of program startup. +.Po +Note that this means the +.Xr pthread 3 +view of the main thread's stack guard may not coincide with the actual +stack guard \(em it may overlap with, or lie entirely in, the +inaccessible pages of the stack reserved on program start. +.Pc +However, if the program changes its soft stack rlimit with +.Xr setrlimit 2 , +this snapshot may become stale. +.Sh SEE ALSO +.Xr execve 2 , +.Xr mmap 2 , +.Xr mprotect 2 , +.Xr sigaltstack 2 , +.Xr ucontext 2 , +.Xr posix_spawn 3 , +.Xr pthread 3 , +.Xr security 7 , +.Xr sysctl 7 , +.Xr paxctl 8 +.Sh BUGS +.Tn PaX ASLR +doesn't actually guarantee an accessible stack reservation of length +equal to the soft stack rlimit \(em owing to a bug (XXX which PR +number?), +.Nx +may sometimes reserve less space than the soft rlimit, in which case +the accessible pages of the stack cannot be extended. +.Pp +There is a race between the kernel's access of +.Li vm.guard_size +at exec time, and userland's access of +.Li vm.guard_size +in +.Xr pthread 3 +initialization. diff --git a/static/netbsd/man7/sticky.7 b/static/netbsd/man7/sticky.7 new file mode 100644 index 00000000..d9cda3a0 --- /dev/null +++ b/static/netbsd/man7/sticky.7 @@ -0,0 +1,112 @@ +.\" $NetBSD: sticky.7,v 1.7 2024/02/08 20:11:55 andvar Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)sticky.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd May 10, 2011 +.Dt STICKY 7 +.Os +.Sh NAME +.Nm sticky +.Nd Description of the `sticky' (S_ISVTX) bit functionality +.Sh DESCRIPTION +A special file mode, called the +.Em sticky bit +(mode +.Dv S_ISVTX ) , +is used to indicate special treatment for directories. +See +.Xr chmod 2 +or the file +.Pa /usr/include/sys/stat.h +.Ss Sticky files +For regular files, the use of mode +.Dv S_ISVTX +is reserved and can be set only by the super-user. +.Nx +does not currently treat regular files that have the sticky bit set +specially, but this behavior might change in the future. +.Ss Sticky directories +A directory whose +.Dq sticky bit +is set becomes a +directory in which the deletion of files is restricted. +A file in a sticky directory may only be removed or renamed +by a user if the user has write permission for the directory and +the user is the owner of the file, the owner of the directory, +or the super-user. +This feature is usefully applied to directories such as +.Pa /tmp +which must be publicly writable but should deny users the license +to arbitrarily delete or rename each others' files. +.Pp +Any user may create a sticky directory. +See +.Xr chmod 1 +for details about modifying file modes. +.Sh HISTORY +The sticky bit first appeared in V7, and this manual page appeared +in section 8. +Its initial use was to mark shareable executables +that were frequently used so that they would stay in swap after +the process exited. +Shareable executables were compiled in a special way so their text +and read-only data could be shared amongst processes. +.Xr vi 1 +and +.Xr sh 1 +were such executables. +This is where the term +.Dq sticky +comes from - the program would stick around in swap, and it would +not have to be fetched again from the file system. +Of course as long as there was a copy in the swap area, the file +was marked busy so it could not be overwritten. +On V7 this meant that the file could not be removed either, because +busy executables could not be removed, but this restriction was +lifted in BSD releases. +.Pp +To replace such executables was a cumbersome process. +One had first to remove the sticky bit, then execute the binary so +that the copy from swap was flushed, overwrite the executable, and +finally reset the sticky bit. +.Pp +Later, on SunOS 4, the sticky bit got an additional meaning for +files that had the bit set and were not executable: read and write +operations from and to those files would go directly to the disk +and bypass the buffer cache. +This was typically used on swap files for NFS clients on an NFS +server, so that swap I/O generated by the clients on the servers +would not evict useful data from the server's buffer cache. +.Sh BUGS +Neither +.Xr open 2 +nor +.Xr mkdir 2 +will create a file with the sticky bit set. diff --git a/static/netbsd/man7/symlink.7 b/static/netbsd/man7/symlink.7 new file mode 100644 index 00000000..d36f0c55 --- /dev/null +++ b/static/netbsd/man7/symlink.7 @@ -0,0 +1,674 @@ +.\" $NetBSD: symlink.7,v 1.29 2019/03/25 19:24:30 maxv Exp $ +.\" +.\" Copyright (c) 1992, 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)symlink.7 8.3 (Berkeley) 3/31/94 +.\" +.Dd March 25, 2019 +.Dt SYMLINK 7 +.Os +.Sh NAME +.Nm symlink +.Nd symbolic link handling +.Sh DESCRIPTION +Symbolic links are files that act as pointers to other files. +To understand their behavior, you must first understand how hard links +work. +.Pp +A hard link to a file is indistinguishable from the original file because +it is a reference to the object underlying the original file name. +Changes to a file are independent of the name used to reference the +file. +Hard links may not refer to directories and may not reference files +on different file systems. +.Pp +A symbolic link contains the name of the file to which it is linked, +i.e. +it is a pointer to another name, and not to an underlying object. +For this reason, symbolic links may reference directories and may span +file systems. +.Pp +Because a symbolic link and its referenced object coexist in the filesystem +name space, confusion can arise in distinguishing between the link itself +and the referenced object. +Historically, commands and system calls have adopted their own link +following conventions in a somewhat ad-hoc fashion. +Rules for more a uniform approach, as they are implemented in this system, +are outlined here. +It is important that local applications conform to these rules, too, +so that the user interface can be as consistent as possible. +.Pp +Symbolic links are handled either by operating on the link itself, +or by operating on the object referenced by the link. +In the latter case, +an application or system call is said to +.Qq follow +the link. +.Pp +Symbolic links may reference other symbolic links, +in which case the links are dereferenced until an object that is +not a symbolic link is found, +a symbolic link which references a file which doesn't exist is found, +or a loop is detected. +Loop detection is done by placing an upper limit on the number of +links that may be followed, and an error results if this limit is +exceeded. +.Pp +There are three separate areas that need to be discussed. +They are as follows: +.Pp +.Bl -enum -compact -offset indent +.It +Symbolic links used as file name arguments for system calls. +.It +Symbolic links specified as command line arguments to utilities that +are not traversing a file tree. +.It +Symbolic links encountered by utilities that are traversing a file tree +(either specified on the command line or encountered as part of the +file hierarchy walk). +.El +.Ss System calls +The first area is symbolic links used as file name arguments for +system calls. +.Pp +Except as noted below, all system calls follow symbolic links. +For example, if there were a symbolic link +.Qq Li slink +which pointed to a file named +.Qq Li afile , +the system call +.Qq Li open("slink" ...) +would return a file descriptor to the file +.Qq afile . +.Pp +There are eleven system calls that do not follow links, and which operate +on the symbolic link itself. +They are: +.Xr lchflags 2 , +.Xr lchmod 2 , +.Xr lchown 2 , +.\".Xr lpathconf 2 , +.Xr lstat 2 , +.Xr lutimes 2 , +.Xr readlink 2 , +.Xr readlinkat 2 , +.Xr rename 2 , +.Xr renameat 2 , +.Xr unlinkat 2 . +and +.Xr unlink 2 . +Because +.Xr remove 3 +is an alias for +.Xr unlink 2 , +it also does not follow symbolic links. +When +.Xr rmdir 2 +or +.Xr unlinkat 2 +with the +.Dv AT_REMOVEDIR +flag +is applied to a symbolic link, it fails with the error +.Er ENOTDIR . +.Pp +The +.Xr linkat 2 +system call does not follow symbolic links +unless given the +.Dv AT_SYMLINK_FOLLOW +flag. +.Pp +The following system calls follow symbolic links +unless given the +.Dv AT_SYMLINK_NOFOLLOW +flag: +.\" .Xr chflagsat 2 , +.Xr fchmodat 2 , +.Xr fchownat 2 , +.Xr fstatat 2 , +and +.Xr utimensat 2 . +.Pp +The owner and group of an existing symbolic link can be changed by +means of the +.Xr lchown 2 +system call. +The flags, access permissions, owner/group and modification time of +an existing symbolic link can be changed by means of the +.Xr lchflags 2 , +.Xr lchmod 2 , +.Xr lchown 2 , +and +.Xr lutimes 2 +system calls, respectively. +Of these, only the flags and ownership are used by the system; +the access permissions are ignored. +.Pp +The +.Bx 4.4 +system differs from historical +.Bx 4 +systems in that the system call +.Xr chown 2 +has been changed to follow symbolic links. +The +.Xr lchown 2 +system call was added later when the limitations of the new +.Xr chown 2 +became apparent. +.Pp +If the filesystem is mounted with the +.Em symperm +.Xr mount 8 +option, the symbolic link file permission bits have the following effects: +.Pp +The +.Xr readlink 2 +system call requires read permissions on the symbolic link. +.Pp +System calls that follow symbolic links will fail without execute/search +permissions on all the symbolic links followed. +.Pp +The write, sticky, set-user-ID-on-execution and set-group-ID-on-execution +symbolic link mode bits have no effect on any system calls +.Po +including +.Xr execve 2 +.Pc . +.Ss Commands not traversing a file tree +The second area is symbolic links, specified as command line file +name arguments, to commands which are not traversing a file tree. +.Pp +Except as noted below, commands follow symbolic links named as command +line arguments. +For example, if there were a symbolic link +.Qq Li slink +which pointed to a file named +.Qq Li afile , +the command +.Qq Li cat slink +would display the contents of the file +.Qq Li afile . +.Pp +It is important to realize that this rule includes commands which may +optionally traverse file trees, e.g. +the command +.Qq Li "chown file" +is included in this rule, while the command +.Qq Li "chown -R file" +is not +(The latter is described in the third area, below). +.Pp +If it is explicitly intended that the command operate on the symbolic +link instead of following the symbolic link, e.g., it is desired that +.Qq Li "file slink" +display the type of file that +.Qq Li slink +is, whether it is a symbolic link or not, the +.Fl h +option should be used. +In the above example, +.Qq Li "file slink" +would report the type of the file referenced by +.Qq Li slink , +while +.Qq Li "file -h slink" +would report that +.Qq Li slink +was a symbolic link. +.Pp +There are five exceptions to this rule. +The +.Xr mv 1 +and +.Xr rm 1 +commands do not follow symbolic links named as arguments, +but respectively attempt to rename and delete them. +(Note, if the symbolic link references a file via a relative path, +moving it to another directory may very well cause it to stop working, +since the path may no longer be correct). +.Pp +The +.Xr ls 1 +command is also an exception to this rule. +For compatibility with historic systems (when +.Nm ls +is not doing a tree walk, i.e. +the +.Fl R +option is not specified), +the +.Nm ls +command follows symbolic links named as arguments if the +.\" .Fl H +.\" or +.Fl L +option is specified, +or if the +.Fl F , +.Fl d , +or +.Fl l +options are not specified. +(If the +.Fl L +option is specified, +.Nm ls +always follows symbolic links. +.Nm ls +is the only command where the +.\" .Fl H +.\" and +.Fl L +option affects its behavior even though it is not doing a walk of +a file tree). +.Pp +The +.Xr file 1 +and +.Xr stat 1 +commands are also exceptions to this rule. +These +commands do not follow symbolic links named as argument by default, +but do follow symbolic links named as argument if the +.Fl L +option is specified. +.Pp +The +.Bx 4.4 +system differs from historical +.Bx 4 +systems in that the +.Nm chown +and +.Nm chgrp +commands follow symbolic links specified on the command line. +.Ss Commands traversing a file tree +The following commands either optionally or always traverse file trees: +.Xr chflags 1 , +.Xr chgrp 1 , +.Xr chmod 1 , +.Xr cp 1 , +.Xr du 1 , +.Xr find 1 , +.Xr ls 1 , +.Xr pax 1 , +.Xr rm 1 , +.Xr tar 1 , +and +.Xr chown 8 . +.Pp +It is important to realize that the following rules apply equally to +symbolic links encountered during the file tree traversal and symbolic +links listed as command line arguments. +.Pp +The first rule applies to symbolic links that reference files that are +not of type directory. +Operations that apply to symbolic links are performed on the links +themselves, but otherwise the links are ignored. +.Pp +For example, the command +.Qq Li "chown -R user slink directory" +will ignore +.Qq Li slink , +because the +.Fl h +flag must be used to change owners of symbolic links. +Any symbolic links encountered during the tree traversal will also be +ignored. +The command +.Qq Li "rm -r slink directory" +will remove +.Qq Li slink , +as well as any symbolic links encountered in the tree traversal of +.Qq Li directory , +because symbolic links may be removed. +In no case will either +.Nm chown +or +.Nm rm +affect the file which +.Qq Li slink +references in any way. +.Pp +The second rule applies to symbolic links that reference files of type +directory. +Symbolic links which reference files of type directory are never +.Qq followed +by default. +This is often referred to as a +.Qq physical +walk, as opposed to a +.Qq logical +walk (where symbolic links referencing directories are followed). +.Pp +As consistently as possible, you can make commands doing a file tree +walk follow any symbolic links named on the command line, regardless +of the type of file they reference, by specifying the +.Fl H +(for +.Qq half\-logical ) +flag. +This flag is intended to make the command line name space look +like the logical name space. +(Note, for commands that do not always do file tree traversals, the +.Fl H +flag will be ignored if the +.Fl R +flag is not also specified). +.Pp +For example, the command +.Qq Li "chown -HR user slink" +will traverse the file hierarchy rooted in the file pointed to by +.Qq Li slink . +Note, the +.Fl H +is not the same as the previously discussed +.Fl h +flag. +The +.Fl H +flag causes symbolic links specified on the command line to be +dereferenced both for the purposes of the action to be performed +and the tree walk, and it is as if the user had specified the +name of the file to which the symbolic link pointed. +.Pp +As consistently as possible, you can make commands doing a file tree +walk follow any symbolic links named on the command line, as well as +any symbolic links encountered during the traversal, regardless of +the type of file they reference, by specifying the +.Fl L +(for +.Qq logical ) +flag. +This flag is intended to make the entire name space look like +the logical name space. +(Note, for commands that do not always do file tree traversals, the +.Fl L +flag will be ignored if the +.Fl R +flag is not also specified). +.Pp +For example, the command +.Qq Li "chown -LR user slink" +will change the owner of the file referenced by +.Qq Li slink . +If +.Qq Li slink +references a directory, +.Nm chown +will traverse the file hierarchy rooted in the directory that it +references. +In addition, if any symbolic links are encountered in any file tree that +.Nm chown +traverses, they will be treated in the same fashion as +.Qq Li slink . +.Pp +As consistently as possible, you can specify the default behavior by +specifying the +.Fl P +(for +.Qq physical ) +flag. +This flag is intended to make the entire name space look like the +physical name space. +.Pp +For commands that do not by default do file tree traversals, the +.Fl H , +.Fl L , +and +.Fl P +flags are ignored if the +.Fl R +flag is not also specified. +In addition, you may specify the +.Fl H , +.Fl L , +and +.Fl P +options more than once; the last one specified determines the +command's behavior. +This is intended to permit you to alias commands to behave one way +or the other, and then override that behavior on the command line. +.Pp +The +.Xr ls 1 +and +.Xr rm 1 +commands have exceptions to these rules. +The +.Nm rm +command operates on the symbolic link, and not the file it references, +and therefore never follows a symbolic link. +The +.Nm rm +command does not support the +.Fl H , +.Fl L , +or +.Fl P +options. +.Pp +To maintain compatibility with historic systems, +the +.Nm ls +command acts a little differently. +If you do not specify the +.Fl F , +.Fl d , +or +.Fl l +options, +.Nm ls +will follow symbolic links specified on the command line. +If the +.Fl L +flag is specified. +If the +.Fl L +flag is specified, +.Nm ls +follows all symbolic links, +regardless of their type, +whether specified on the command line or encountered in the tree walk. +The +.Nm ls +command does not support the +.Fl H +or +.Fl P +options. +.Ss Magic symlinks +So-called +.Dq magic symlinks +can be enabled by setting the +.Dq vfs.generic.magiclinks +variable with +.Xr sysctl 8 . +When magic symlinks are enabled +.Dq magic +patterns in symlinks are expanded. +Those patterns begin with +.Dq @ +.Pq an at-sign , +and end at the end of the pathname component +.Po +i.e. at the next +.Dq / , +or at the end of the symbolic link if there are no more slashes +.Pc . +.Pp +To illustrate the pattern matching rules, assume that +.Dq @foo +is a valid magic string: +.Pp +.Bl -tag -width @foo/barxxxxx -offset indent -compact +.It @foo +would be matched +.It @foo/bar +would be matched +.It bar@foo +would be matched +.It @foobar +would not be matched +.El +.Pp +Magic strings may also be delimited with +.Sq { +and +.Sq } +characters, allowing for more complex patterns in symbolic links such as: +.Bd -literal -offset indent +@{var1}-@{var2}.@{var3} +.Ed +.Pp +The following patterns are supported: +.Bl -tag -width @machine_arch -offset indent +.It @domainname +Expands to the machine's domain name, as set by +.Xr setdomainname 3 . +.It @hostname +Expands to the machine's host name, as set by +.Xr sethostname 3 . +.It @emul +Expands to the name of the current process's emulation. +Defaults to +.Dv netbsd . +Other valid emulations are: +.Dv aout , +.Dv aoutm68k , +.Dv freebsd , +.Dv linux , +.Dv linux32 , +.Dv m68k4k , +.Dv netbsd32 , +.Dv sunos , +.Dv sunos32 , +.Dv ultrix , +.Dv vax1k . +.It @kernel_ident +Expands to the name of the +.Xr config 1 +file used to generate the running kernel. +For example +.Dv GENERIC . +.It @machine +Expands to the value of +.Li MACHINE +for the system. +For native binaries, this is +equivalent to the output of +.Dq uname -m +or +.Xr sysctl 3 +.Dq hw.machine . +.Po +For non-native binaries, the values returned by uname and sysctl +typically vary to match the emulation environment. +.Pc +.It @machine_arch +Expands to the value of +.Li MACHINE_ARCH +for the system. +For native binaries, this is +equivalent to the output of +.Dq uname -p +or +.Xr sysctl 3 +.Dq hw.machine_arch . +.Po +For non-native binaries, the values returned by uname and sysctl +typically vary to match the emulation environment. +.Pc +.It @osrelease +Expands to the operating system release of the running kernel +.Po +equivalent to the output of +.Dq uname -r +or +.Xr sysctl 3 +.Dq kern.osrelease +.Pc . +.It @ostype +Expands to the operating system type of the running kernel +.Po +equivalent to the output of +.Dq uname -s +or +.Xr sysctl 3 +.Dq kern.ostype +.Pc . +This will always be +.Dq NetBSD +on +.Nx +systems. +.It @ruid +Expands to the real user-id of the process. +.It @uid +Expands to the effective user-id of the process. +.It @rgid +Expands to the real group-id of the process. +.It @gid +Expands to the effective group-id of the process. +.El +.Sh SEE ALSO +.Xr chflags 1 , +.Xr chgrp 1 , +.Xr chmod 1 , +.Xr cp 1 , +.Xr du 1 , +.Xr find 1 , +.Xr ln 1 , +.Xr ls 1 , +.Xr mv 1 , +.Xr pax 1 , +.Xr rm 1 , +.Xr tar 1 , +.Xr uname 1 , +.Xr chown 2 , +.Xr execve 2 , +.Xr lchflags 2 , +.Xr lchmod 2 , +.Xr lchown 2 , +.Xr lstat 2 , +.Xr lutimes 2 , +.Xr mount 2 , +.Xr readlink 2 , +.Xr rename 2 , +.Xr symlink 2 , +.Xr unlink 2 , +.Xr fts 3 , +.Xr remove 3 , +.Xr chown 8 , +.Xr mount 8 +.Sh HISTORY +Magic symlinks appeared in +.Nx 4.0 . diff --git a/static/netbsd/man7/sysctl.7 b/static/netbsd/man7/sysctl.7 new file mode 100644 index 00000000..ee306b81 --- /dev/null +++ b/static/netbsd/man7/sysctl.7 @@ -0,0 +1,2920 @@ +.\" $NetBSD: sysctl.7,v 1.171 2026/04/23 13:42:57 wiz Exp $ +.\" +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 +.\" +.Dd April 23, 2026 +.Dt SYSCTL 7 +.Os +.Sh NAME +.Nm sysctl +.Nd system information variables +.Sh DESCRIPTION +The +.Xr sysctl 3 +library function and the +.Xr sysctl 8 +utility are used to get and set values of system variables, maintained +by the kernel. +The variables are organized in a tree and identified by a sequence of +numbers, conventionally separated by dots with the topmost identifier +at the left side. +The numbers have corresponding text names. +The +.Xr sysctlnametomib 3 +function or the +.Fl M +argument to the +.Xr sysctl 8 +utility can be used to convert the text representation to the +numeric one. +.Pp +The individual sysctl variables are described below, both the textual +and numeric form where applicable. +The textual names can be used as argument to the +.Xr sysctl 8 +utility and in the file +.Pa /etc/sysctl.conf . +The numeric names are usually defined as preprocessor constants and +are intended for use by programs. +Every such constant expands to one integer, which identifies the +sysctl variable relative to the upper level of the tree. +See the +.Xr sysctl 3 +manual page for programming examples. +.Ss Top level names +The top level names are defined with a +.Va CTL_ +prefix in +.In sys/sysctl.h , +and are as follows. +The next and subsequent levels down are found in the include files +listed here, and described in separate sections below. +.Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits" +.It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description +.It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits +.It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory +.It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem +.It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking +.It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging +.It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O +.It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent +.It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level +.It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger +.It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process +.It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific +.It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings +.It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings +.El +.Ss The debug.* subtree +The debugging variables vary from system to system. +A debugging variable may be added or deleted without need to recompile +.Nm +to know about it. +Each time it runs, +.Nm +gets the list of debugging variables from the kernel and +displays their current values. +The system defines twenty +.Vt ( struct ctldebug ) +variables named +.Dv debug0 +through +.Dv debug19 . +They are declared as separate variables so that they can be +individually initialized at the location of their associated variable. +The loader prevents multiple use of the same variable by issuing errors +if a variable is initialized in more than one place. +For example, to export the variable +.Va dospecialcheck +as a debugging variable, the following declaration would be used: +.Pp +.Bd -literal -offset indent -compact +int dospecialcheck = 1; +struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; +.Ed +.Pp +Note that the dynamic implementation of +.Nm +currently in use largely makes this particular +.Nm +interface obsolete. +See +.Xr sysctl 8 +.\" and +.\" .Xr sysctl 9 +for more information. +.Ss The vfs.* subtree +A distinguished second level name, +.Li vfs.generic ( Dv VFS_GENERIC ) , +is used to get general information about all file systems. +It has the following third level identifiers: +.Bl -tag -width "123456" +.It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM ) +The highest valid file system type number. +.It Li vfs.generic.conf ( Dv VFS_CONF ) +Returns configuration information about the file system type given as a fourth +level identifier. +.It Li vfs.generic.usermount ( Dv VFS_USERMOUNT ) +Controls whether users other than the super-user can mount file +systems. +Defaults to +.Li 0 , +so only the super-user can mount file systems. +.Pp +File systems mounted by unprivileged users must be mounted with the +.Li nodev +and +.Li nosuid +.Xr mount 8 +options. +.It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS ) +Controls whether expansion of variables is going to be performed on +pathnames or not. +Defaults to +.Li 0 , +no variable expansion. +Variables are of the form +.Li @name +and the variables supported are described in +.Xr symlink 7 +under +.Dq "MAGIC SYMLINKS" . +.El +.Pp +A second level name for controlling the +.Xr wapbl 4 +(Write Ahead Physical Block Logging file system journaling) +capabilities with the following third level identifiers: +.Bl -tag -width "123456" +.It Li vfs.wapbl.flush_disk_cache +Controls whether to attempt to flush the disk cache on each commit. +It defaults to 1 and it should always be on to ensure integrity +of file system metadata in the event of a power loss. +For slow disks, turning it off can improve performance. +.It Li vfs.wapbl.verbose_commit +For each transaction log commit, print the number of bytes written +and the time it took to commit as seconds.nanoseconds. +.El +.Pp +The remaining second level identifiers are the file system names, identified +by the type number returned by a +.Xr statvfs 2 +call or from +.Li vfs.generic.conf . +.Pp +The third level identifiers available for each file system +are given in the header file that defines the mount +argument structure for that file system. +.Ss The hw.* subtree +The string and integer information available for the +.Li hw +level is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It hw.alignbytes integer no +.It hw.byteorder integer no +.It hw.cnmagic string yes +.It hw.disknames string no +.It hw.diskstats struct no +.It hw.machine string no +.It hw.machine_arch string no +.It hw.model string no +.It hw.ncpu integer no +.It hw.ncpuonline integer no +.It hw.pagesize integer no +.It hw.physmem integer no +.It hw.physmem64 quad no +.It hw.usermem integer no +.It hw.usermem64 quad no +.El +.Bl -tag -width "123456" +.It Li hw.alignbytes ( Dv HW_ALIGNBYTES ) +Alignment constraint for all possible data types. +This shows the value +.Dv ALIGNBYTES +in +.In machine/param.h , +at the kernel compilation time. +.It Li hw.byteorder ( Dv HW_BYTEORDER ) +The byteorder (4321, or 1234). +.It Li hw.cnmagic ( Dv HW_CNMAGIC ) +The console magic key sequence. +.It Li hw.disknames ( Dv HW_DISKNAMES ) +The list of (space separated) disk device names on the system. +.It Li hw.iostatnames ( Dv HW_IOSTATNAMES ) +A space separated list of devices that will have I/O statistics +collected on them. +.It Li hw.iostats ( Dv HW_IOSTATS ) +Return statistical information on the NFS mounts, disk and tape +devices on the system. +An array of +.Vt struct io_sysctl +structures is returned, +whose size depends on the current number of such objects in the system. +The third level name is the size of the +.Vt struct io_sysctl . +The type of object can be determined by examining the +.Va type +element of +.Vt struct io_sysctl . +Which can be +.Dv IOSTAT_DISK +(disk drive), +.Dv IOSTAT_TAPE +(tape drive), or +.Dv IOSTAT_NFS +(NFS mount). +.It Li hw.machine ( Dv HW_MACHINE ) +The machine class. +.It Li hw.machine_arch ( Dv HW_MACHINE_ARCH ) +The machine CPU class. +.It Li hw.model ( Dv HW_MODEL ) +The machine model. +.It Li hw.ncpu ( Dv HW_NCPU ) +The number of CPUs configured. +.It Li hw.ncpuonline ( Dv HW_NCPUONLINE ) +The number of CPUs online. +.It Li hw.pagesize ( Dv HW_PAGESIZE ) +The software page size. +.It Li hw.physmem ( Dv HW_PHYSMEM ) +The bytes of physical memory as a 32-bit integer. +.It Li hw.physmem64 ( Dv HW_PHYSMEM64 ) +The bytes of physical memory as a 64-bit integer. +.It Li hw.usermem ( Dv HW_USERMEM ) +The bytes of non-kernel memory as a 32-bit integer. +.It Li hw.usermem64 ( Dv HW_USERMEM64 ) +The bytes of non-kernel memory as a 64-bit integer. +.El +.Ss The kern.* subtree +This subtree includes data generally related to the kernel. +The string and integer information available for the +.Li kern +level is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "kern.posix_reader_writer_locks" \ +"struct kinfo_drivers" "not applicable" +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It kern.aio_listio_max integer yes +.It kern.aio_max integer yes +.It kern.arandom integer no +.It kern.argmax integer no +.It kern.boothowto integer no +.It kern.boottime struct timespec no +.It kern.buildinfo string no +.\".It kern.bufq node not applicable +.It kern.ccpu integer no +.It kern.clockrate struct clockinfo no +.It kern.consdev integer no +.It kern.coredump node not applicable +.It kern.cp_id struct no +.It kern.cp_time uint64_t[\|] no +.It kern.cryptodevallowsoft integer yes +.It kern.defcorename string yes +.It kern.detachall integer yes +.It kern.domainname string yes +.It kern.drivers struct kinfo_drivers no +.It kern.dump_on_panic integer yes +.It kern.expose_address integer yes +.It kern.file struct file no +.It kern.forkfsleep integer yes +.It kern.fscale integer no +.It kern.fsync integer no +.It kern.hardclock_ticks integer no +.It kern.heartbeat.max_period integer yes +.It kern.hostid integer yes +.It kern.hostname string yes +.It kern.iov_max integer no +.It kern.ipc node not applicable +.It kern.job_control integer no +.It kern.labeloffset integer no +.It kern.labelsector integer no +.It kern.login_name_max integer no +.It kern.logsigexit integer yes +.It kern.lwp struct kinfo_lwp yes +.It kern.mapped_files integer no +.It kern.maxfiles integer yes +.It kern.maxlwp integer yes +.It kern.maxpartitions integer no +.It kern.maxphys integer no +.It kern.maxproc integer yes +.It kern.maxptys integer yes +.It kern.maxvnodes integer yes +.It kern.messages integer yes +.It kern.mbuf node not applicable +.It kern.memlock integer no +.It kern.memlock_range integer no +.It kern.memory_protection integer no +.It kern.module node not applicable +.It kern.monotonic_clock integer no +.It kern.mqueue node not applicable +.It kern.msgbuf integer no +.It kern.msgbufsize integer no +.It kern.ngroups integer no +.\".It kern.no_sa_support integer yes +.It kern.ntptime struct ntptimeval no +.It kern.osrelease string no +.It kern.osrevision integer no +.It kern.ostype string no +.\".It kern.panic_now integer yes +.It kern.pipe node not applicable +.It kern.pool struct pool_sysctl no +.\" .It kern.posix node not applicable +.It kern.posix1version integer no +.It kern.posix_aio integer no +.It kern.posix_barriers integer no +.It kern.posix_reader_writer_locks integer no +.\".It kern.posix_sched integer yes +.It kern.posix_semaphores integer no +.It kern.posix_spin_locks integer no +.It kern.posix_threads integer no +.It kern.posix_timers integer no +.It kern.proc struct kinfo_proc no +.It kern.proc2 struct kinfo_proc2 no +.It kern.proc_args string no +.It kern.profiling node not applicable +.\".It kern.pset node not applicable +.It kern.rawpartition integer no +.It kern.root_device string no +.It kern.root_partition integer no +.It kern.rtc_offset integer yes +.It kern.saved_ids integer no +.It kern.sbmax integer yes +.It kern.sched node not applicable +.It kern.securelevel integer raise only +.It kern.sofixedbuf boolean yes +.It kern.somaxkva integer yes +.It kern.sooptions integer yes +.It kern.synchronized_io integer no +.It kern.timecounter node not applicable +.It kern.timex struct no +.It kern.tkstat node not applicable +.It kern.tty node not applicable +.It kern.urandom integer no +.It kern.usercrypto integer yes +.It kern.userasymcrypto integer yes +.It kern.veriexec node not applicable +.It kern.version string no +.It kern.vnode struct vnode no +.El +.Bl -tag -width "123456" +.It Li kern.aio_listio_max +The maximum number of asynchronous I/O operations in a single list +I/O call. +Like with all variables related to +.Xr aio 3 , +the variable may be created and removed dynamically +upon loading or unloading the corresponding kernel module. +.It Li kern.aio_max +The maximum number of asynchronous I/O operations. +.It Li kern.arandom ( Dv KERN_ARND ) +Returns independent uniformly distributed bytes at random each time, as +many as requested up to 256, derived from the system entropy pool; see +.Xr rnd 4 . +.Pp +Reading +.Li kern.arandom +is equivalent to reading up to 256 bytes at a time from +.Pa /dev/urandom : +reading +.Li kern.arandom +never blocks, and once the system entropy pool has full entropy, output +subsequently read from +.Li kern.arandom +is fit for use as cryptographic key material. +For example, the +.Xr arc4random 3 +library routine uses +.Li kern.arandom +internally to seed a cryptographic pseudorandom number generator. +.It Li kern.argmax ( Dv KERN_ARGMAX ) +The maximum bytes of argument to +.Xr execve 2 . +.It Li kern.boothowto +Flags passed from the boot loader; see +.Xr reboot 2 +for the meanings of the flags. +.It Li kern.boottime ( Dv KERN_BOOTTIME ) +A +.Vt struct timespec +structure is returned. +This structure contains the time that the system was booted. +That time is defined (for this purpose) to be the time at +which the kernel first started accumulating clock ticks. +.It Li kern.bufq +This variable contains information on the +.Xr bufq 9 +subsystem. +Currently, the only third level name implemented is +.Dv kern.bufq.strategies +which provides a list of buffer queue strategies currently available. +.It Li kern.buildinfo +When the kernel is built, the build environment may optionally provide +arbitrary information to be stored in this variable. +.It Li kern.ccpu ( Dv KERN_CCPU ) +The scheduler exponential decay value. +.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) +A +.Vt struct clockinfo +structure is returned. +This structure contains the clock, statistics clock and profiling clock +frequencies, the number of micro-seconds per hz tick, and the clock +skew rate. +Refer to +.Xr hz 9 +for additional details. +.It Li kern.consdev ( Dv KERN_CONSDEV ) +Console device. +.It Li kern.coredump +Settings related to set-id processes coredumps. +By default, set-id processes do not dump core in situations where +other processes would. +The settings in this node allows an administrator to change this +behavior. +.Pp +The third level name is +.Dv kern.coredump.setid +and fourth level variables are described below. +.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent +.It Sy Fourth level name Ta Sy Type Ta Sy Changeable +.It kern.coredump.setid.dump integer yes +.It kern.coredump.setid.group integer yes +.It kern.coredump.setid.mode integer yes +.It kern.coredump.setid.owner integer yes +.It kern.coredump.setid.path string yes +.El +.Bl -tag -width "123456" +.It Li kern.coredump.setid.dump +If non-zero, set-id processes will dump core. +.It Li kern.coredump.setid.group +The group-id for the set-id processes' coredump. +.It Li kern.coredump.setid.mode +The mode for the set-id processes' coredump. +See +.Xr chmod 1 . +.It Li kern.coredump.setid.owner +The user-id that will be used as the owner of the set-id processes' +coredump. +.It Li kern.coredump.setid.path +The path to which set-id processes' coredumps will be saved to. +Same syntax as kern.defcorename. +.El +.It Li kern.cp_id ( Dv KERN_CP_ID ) +Mapping of CPU number to CPU id. +.It Li kern.cp_time ( Dv KERN_CP_TIME ) +Returns an array of +.Dv CPUSTATES +.Vt uint64_t Ns s . +This array contains the +number of clock ticks spent in different CPU states. +On multi-processor systems, the sum across all CPUs is returned unless +appropriate space is given for one data set for each CPU. +Data for a specific CPU can also be obtained by adding the number of the +CPU at the end of the MIB, enlarging it by one. +.It Li kern.cryptodevallowsoft +This variable controls userland access to hardware versus software transforms +in the +.Xr crypto 4 +system. +The available values are as follows: +.Bl -tag -width XX0 -offset indent +.It Dv < 0 +Always force userlevel requests to use software transforms. +.It Dv = 0 +If present, use hardware and grant userlevel requests for +non-accelerated transforms (handling the latter in software). +.It Dv > 0 +Allow user requests only for transforms which are hardware-accelerated. +.El +.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) +Default template for the name of core dump files (see also +.Li proc.pid.corename +in the per-process variables +.Li proc.* , +and +.Xr core 5 +for format of this template). +The default value is +.Pa %n.core +and can be changed with the kernel configuration option +.Cd options DEFCORENAME +(see +.Xr options 4 +). +.It Li kern.detachall +Detach all devices at shutdown. +.It Li kern.domainname ( Dv KERN_DOMAINNAME ) +Get or set the YP domain name. +.It Li kern.drivers ( Dv KERN_DRIVERS ) +Return an array of +.Vt struct kinfo_drivers +that contains the name and major device numbers of all the device drivers +in the current kernel. +The +.Va d_name +field is always a NUL terminated string. +The +.Va d_bmajor +field will be set to \-1 if the driver doesn't have a block device. +.It Li kern.expose_address +Expose kernel addresses in +.Xr sysctl 3 +calls used by +.Xr fstat 1 +and +.Xr sockstat 1 . +If it is set to +.Dv 0 +access is not allowed. +If it is set to +.Dv 1 +then only processes that have opened +.Pa /dev/kmem +can have access. +If it is set to +.Dv 2 +every process is allowed. +Defaults to +.Dv 0 +for +.Dv KASLR +kernels +and +.Dv 1 +otherwise. +Allowing general access renders KASLR ineffective; allowing only kmem +accessing programs weakens KASLR if those programs can be subverted +to leak the addresses. +.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) +Perform a crash dump on system +.Xr panic 9 . +.It Li kern.file ( Dv KERN_FILE ) +Return the entire file table. +The returned data consists of a single +.Vt struct filelist +followed by an array of +.Vt struct file , +whose size depends on the current number of such objects in the system. +.It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP ) +If +.Xr fork 2 +system call fails due to limit on number of processes (either +the global maxproc limit or user's one), wait for this many +milliseconds before returning +.Er EAGAIN +error to process. +Useful to keep heavily forking runaway processes in bay. +Default zero (no sleep). +Maximum is 20 seconds. +.It Li kern.fscale ( Dv KERN_FSCALE ) +The kernel fixed-point scale factor. +.It Li kern.fsync ( Dv KERN_FSYNC ) +Return 1 if the +.St -p1003.1b-93 +File Synchronization Option is available +on this system, +otherwise\ 0. +.It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS ) +Returns the number of +.Xr hardclock 9 +ticks. +.It Li kern.heartbeat.max_period +Time in seconds since the last +.Cd options HEARTBEAT +progress check has passed before it will trigger a panic. +See +.Xr options 4 . +.It Li kern.hist +This variable contains kernel history data if the kernel was +configured for any of the options +.Dv UVMHIST , +.Dv USB_DEBUG , +.Dv BIOHIST , +or +.Dv SCDEBUG . +(See +.Xr options 4 +for more details.) +The third-level names correspond to each available history table. +The values of the history tables are in an internal format, and can be +decoded by the +.Xr vmstat 1 +utility's +.Fl U +and +.Fl u +options; +the +.Fl l +option can be used to see which tables are available. +.It Li kern.hostid ( Dv KERN_HOSTID ) +Get or set the host identifier. +This is aimed to replace the legacy +.Xr gethostid 3 +and +.Xr sethostid 3 +system calls. +.It Li kern.hostname ( Dv KERN_HOSTNAME ) +Get or set the +.Xr hostname 1 . +.It Li kern.iov_max ( Dv KERN_IOV_MAX ) +Return the maximum number of +.Vt iovec +structures that a process has available for use with +.Xr preadv 2 , +.Xr pwritev 2 , +.Xr readv 2 , +.Xr recvmsg 2 , +.Xr sendmsg 2 +and +.Xr writev 2 . +.It Li kern.ipc ( Dv KERN_SYSVIPC ) +Return information about the SysV IPC parameters. +The third level names for the ipc variables are detailed below. +.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.ipc.sysvmsg integer no +.It kern.ipc.sysvsem integer no +.It kern.ipc.sysvshm integer no +.It kern.ipc.sysvipc_info struct no +.It kern.ipc.shmmax integer yes +.It kern.ipc.shmmni integer yes +.It kern.ipc.shmseg integer yes +.It kern.ipc.shmmaxpgs integer yes +.It kern.ipc.shm_use_phys integer yes +.It kern.ipc.msgmni integer yes +.It kern.ipc.msgseg integer yes +.It kern.ipc.semmni integer yes +.It kern.ipc.semmns integer yes +.It kern.ipc.semmnu integer yes +.El +.Bl -tag -width "123456" +.It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG ) +Returns 1 if System V style message queue functionality is available +on this system, +otherwise\ 0. +.It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM ) +Returns 1 if System V style semaphore functionality is available +on this system, +otherwise\ 0. +.It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM ) +Returns 1 if System V style share memory functionality is available +on this system, +otherwise\ 0. +.It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO ) +Return System V style IPC configuration and run-time information. +The fourth level name selects the System V style IPC facility. +.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent +.It Sy Fourth level name Ta Sy Type +.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info +.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info +.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info +.El +.Bl -tag -width "123456" +.It Li KERN_SYSVIPC_MSG_INFO +Return information on the System V style message facility. +The +.Sy msg_sysctl_info +structure is defined in +.In sys/msg.h . +.It Li KERN_SYSVIPC_SEM_INFO +Return information on the System V style semaphore facility. +The +.Sy sem_sysctl_info +structure is defined in +.In sys/sem.h . +.It Li KERN_SYSVIPC_SHM_INFO +Return information on the System V style shared memory facility. +The +.Sy shm_sysctl_info +structure is defined in +.In sys/shm.h . +.El +.It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX ) +Max shared memory segment size in bytes. +.It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI ) +Max number of shared memory identifiers. +.It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG ) +Max shared memory segments per process. +.It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS ) +Max amount of shared memory in pages. +.It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS ) +Locking of shared memory in physical memory. +If 0, memory can be swapped +out, otherwise it will be locked in physical memory. +.It Li kern.ipc.msgmni +Max number of message queue identifiers. +.It Li kern.ipc.msgseg +Max number of number of message segments. +.It Li kern.ipc.semmni +Max number of number of semaphore identifiers. +.It Li kern.ipc.semmns +Max number of number of semaphores in system. +.It Li kern.ipc.semmnu +Max number of undo structures in system. +.El +.It Li kern.job_control ( Dv KERN_JOB_CONTROL ) +Return 1 if job control is available on this system, otherwise\ 0. +.It Li kern.labeloffset ( Dv KERN_LABELOFFSET ) +The offset within the sector specified by +.Dv KERN_LABELSECTOR +of the +.Xr disklabel 5 . +.It Li kern.labelsector ( Dv KERN_LABELSECTOR ) +The sector number containing the +.Xr disklabel 5 . +.It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX ) +The size of the storage required for a login name, in bytes, +including the terminating NUL. +.It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT ) +If this flag is non-zero, the kernel will +.Xr log 9 +all process exits due to signals which create a +.Xr core 5 +file, and whether the coredump was created. +.It Li kern.lwp ( Dv KERN_LWP ) +Returns information about the current light-weight process. +The +.Sy kinfo_lwp +structure is defined in +.In sys/sysctl.h . +.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES ) +Returns 1 if the +.St -p1003.1b-93 +Memory Mapped Files Option is available on this system, +otherwise\ 0. +.It Li kern.maxfiles ( Dv KERN_MAXFILES ) +The maximum number of open files that may be open in the system. +This also controls the maximum file locks per unprivileged user +enforced by +.Xr fcntl 2 +and +.Xr flock 2 . +.It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS ) +The maximum number of partitions allowed per disk. +.It Li kern.maxlwp +The maximum number of Lightweight Processes (threads) the system allows +per uid. +.It Li kern.maxphys ( Dv KERN_MAXPHYS ) +Maximum raw I/O transfer size. +.It Li kern.maxproc ( Dv KERN_MAXPROC ) +The maximum number of simultaneous processes the system will allow. +.It Li kern.maxptys ( Dv KERN_MAXPTYS ) +The maximum number of pseudo terminals. +This value can be both raised and lowered, though it cannot +be set lower than number of currently used ptys. +See also +.Xr pty 4 . +.It Li kern.maxvnodes ( Dv KERN_MAXVNODES ) +The maximum number of vnodes available on the system. +This cannot be lowered below the number of currently active vnodes. +.It Li kern.mbuf ( Dv KERN_MBUF ) +Return information about the mbuf control variables. +Mbufs are data structures which store network packets and other data +structures in the networking code, see +.Xr mbuf 9 . +The third level names for the mbuf variables are detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "kern.mbuf.nmbclusters_limit" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.\" XXX Changeable? really? +.It kern.mbuf.mblowat integer yes +.It kern.mbuf.mclbytes integer yes +.It kern.mbuf.mcllowat integer yes +.It kern.mbuf.msize integer yes +.It kern.mbuf.nmbclusters integer yes +.It kern.mbuf.nmbclusters_limit integer no +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT ) +The mbuf low water mark. +.It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES ) +The mbuf cluster size. +.It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT ) +The mbuf cluster low water mark. +.It Li kern.mbuf.msize ( Dv MBUF_MSIZE ) +The mbuf base size. +.It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS ) +The limit on the number of mbuf clusters. +The variable can only be increased, and only increased on machines with +direct-mapped pool pages. +.It Li kern.mbuf.nmbclusters_limit ( Dv MBUF_NMBCLUSTERS_LIMIT ) +The limit of nmbclusters. +.El +.It Li kern.memlock ( Dv KERN_MEMLOCK ) +Returns 1 if the +.St -p1003.1b-93 +Process Memory Locking Option is available on this system, +otherwise\ 0. +.It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE ) +Returns 1 if the +.St -p1003.1b-93 +Range Memory Locking Option is available on this system, +otherwise\ 0. +.It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION ) +Returns 1 if the +.St -p1003.1b-93 +Memory Protection Option is available on this system, +otherwise\ 0. +.It Li kern.messages +Kernel console message verbosity. +See +.Aq Pa sys/reboot.h +.Bl -column "verbosity" "setting" -offset indent +.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent +.It 0 Ta Silent Ta Sy AB_SILENT +.It 1 Ta Quiet Ta Sy AB_QUIET +.It 2 Ta Normal Ta Sy AB_NORMAL +.It 3 Ta Verbose Ta Sy AB_VERBOSE +.It 4 Ta Debug Ta Sy AB_DEBUG +.El +.It Li kern.module +Settings related to kernel modules. +The third level names for the settings are described below. +.Bl -column "kern.module.autounload_unsafe" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.module.autoload integer yes +.It kern.module.autounload_unsafe integer yes +.It kern.module.autotime integer yes +.It kern.module.verbose boolean yes +.El +.Pp +The variables are as follows: +.Bl -tag -width 6n +.It Li kern.module.autoload +A boolean that controls whether kernel modules are loaded automatically. +See +.Xr module 7 +for details. +.It Li kern.module.autounload_unsafe +A boolean that controls whether the kernel will autounload modules that +were automatically loaded and have not been audited for autounload. +.Pp +By default, only modules that have been audited will be autounloaded, +and only if they were autoloaded to begin with. +.It Li kern.module.autotime +An integer that controls the delay before an attempt is made to +automatically unload a module that was auto-loaded. +Setting this value to zero disables the auto-unload function. +.It Li kern.module.verbose +A boolean that enables or disables verbose +debug messages related to kernel modules. +.El +.It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK ) +Returns the standard version the implementation of the +.St -p1003.1b-93 +Monotonic Clock Option conforms to, +otherwise\ 0. +.It Li kern.mqueue +Settings related to POSIX message queues; see +.Xr mqueue 3 . +This node is created dynamically when +the corresponding kernel module is loaded. +The third level names for the settings are described below. +.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.mqueue.mq_open_max integer yes +.It kern.mqueue.mq_prio_max integer yes +.It kern.mqueue.mq_max_msgsize integer yes +.It kern.mqueue.mq_def_maxmsg integer yes +.It kern.mqueue.mq_max_maxmsg integer yes +.El +.Pp +The variables are: +.Bl -tag -width "123456" +.It Li kern.mqueue.mq_open_max +The maximum number of message queue descriptors any single process can open. +.It Li kern.mqueue.mq_prio_max +The maximum priority of a message. +.It Li kern.mqueue.mq_max_msgsize +The maximum size of a message in a message queue. +.It Li kern.mqueue.mq_def_maxmsg +The default maximum message count. +.It Li kern.mqueue.mq_max_maxmsg +The maximum number of messages in a message queue. +.El +.It Li kern.msgbuf ( Dv KERN_MSGBUF ) +The kernel message buffer, rotated so that the head of the circular kernel +message buffer is at the start of the returned data. +The returned data may contain NUL bytes. +.It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE ) +The maximum number of characters that the kernel message buffer can hold. +.It Li kern.ngroups ( Dv KERN_NGROUPS ) +The maximum number of supplemental groups. +.\" .It Li kern.no_sa_support +.\" XXX: Undocumented. +.It Li kern.ntptime ( Dv KERN_NTPTIME ) +A +.Vt struct ntptimeval +structure is returned. +This structure contains data used by the +.Xr ntpd 8 +program. +.It Li kern.osrelease ( Dv KERN_OSRELEASE ) +The system release string. +.It Li kern.osrevision ( Dv KERN_OSREV ) +The system revision, expressed as an integer. +.It Li kern.ostype ( Dv KERN_OSTYPE ) +The system type string. +.\".It Li kern.panic_now +.\" XXX: Undocumented. +.It Li kern.pipe ( Dv KERN_PIPE ) +Pipe settings. +The third level names for the integer pipe settings is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.pipe.kvasiz integer yes +.It kern.pipe.maxbigpipes integer yes +.It kern.pipe.maxkvasz integer yes +.It kern.pipe.limitkva integer yes +.It kern.pipe.nbigpipes integer yes +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ ) +Amount of kernel memory consumed by pipe buffers. +.It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES ) +Maximum number of +.Dq big +pipes. +.It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ ) +Maximum amount of kernel memory to be used for pipes. +.It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA ) +Limit for direct transfers via page loan. +.It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES ) +Number of +.Dq big +pipes. +.El +.It Li kern.pool +Provides statistics about the +.Xr pool 9 +and +.Xr pool_cache 9 +subsystems. +.\" XXX: Undocumented .It Li kern.posix ( ? ) +.\" This is a node in which the only variable is semmax. +.It Li kern.posix1version ( Dv KERN_POSIX1 ) +The version of ISO/IEC 9945 +.Pq St -p1003.1 +with which the system attempts to comply. +.It Li kern.posix_aio +The version of +.St -p1003.1 +and its Asynchronous I/O option to which the system attempts to conform. +.It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS ) +The version of +.St -p1003.1 +and its +Barriers +option to which the system attempts to conform, +otherwise\ 0. +.It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS ) +The version of +.St -p1003.1 +and its +Read-Write Locks +option to which the system attempts to conform, +otherwise\ 0. +.\".It Li kern.posix_sched +.\" XXX: Undocumented. +.It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES ) +The version of +.St -p1003.1 +and its +Semaphores +option to which the system attempts to conform, +otherwise\ 0. +.It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS ) +The version of +.St -p1003.1 +and its +Spin Locks +option to which the system attempts to conform, +otherwise\ 0. +.It Li kern.posix_threads ( Dv KERN_POSIX_THREADS ) +The version of +.St -p1003.1 +and its +Threads +option to which the system attempts to conform, +otherwise\ 0. +.It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS ) +The version of +.St -p1003.1 +and its +Timers +option to which the system attempts to conform, +otherwise\ 0. +.It Li kern.proc ( Dv KERN_PROC ) +Return the entire process table, or a subset of it. +An array of +.Vt struct kinfo_proc +structures is returned, +whose size depends on the current number of such objects in the system. +The third and fourth level numeric names are as follows: +.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent +.It Sy Third level name Ta Sy Fourth level is : +.It KERN_PROC_ALL None +.It KERN_PROC_GID A group ID +.It KERN_PROC_PID A process ID +.It KERN_PROC_PGRP A process group +.It KERN_PROC_RGID A real group ID +.It KERN_PROC_RUID A real user ID +.It KERN_PROC_SESSION A session ID +.It KERN_PROC_TTY A tty device +.It KERN_PROC_UID A user ID +.El +.It Li kern.proc2 ( Dv KERN_PROC2 ) +As for +.Dv KERN_PROC , +but an array of +.Vt struct kinfo_proc2 +structures are returned. +The fifth level name is the size of the +.Vt struct kinfo_proc2 +and the sixth level name is the number of structures to return. +.It Li kern.proc_args ( Dv KERN_PROC_ARGS ) +Return the argv or environment strings (or the number thereof) +of a process. +Multiple strings are returned separated by NUL characters. +The third level name is the process ID. +The fourth level name is as follows: +.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent +.It Dv KERN_PROC_ARGV The argv strings +.It Dv KERN_PROC_ENV The environ strings +.It Dv KERN_PROC_NARGV The number of argv strings +.It Dv KERN_PROC_NENV The number of environ strings +.It Dv KERN_PROC_PATHNAME The full pathname of the executable +.It Dv KERN_PROC_CWD The current working directory +.El +.It Li kern.profiling ( Dv KERN_PROF ) +Return profiling information about the kernel. +If the kernel is not compiled for profiling, +attempts to retrieve any of the +.Dv KERN_PROF +values will fail with +.Er EOPNOTSUPP . +The third level names for the string and integer profiling information +is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.profiling.count u_short[\|] yes +.It kern.profiling.froms u_short[\|] yes +.It kern.profiling.gmonparam struct gmonparam no +.It kern.profiling.state integer yes +.It kern.profiling.tos struct tostruct yes +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.profiling.count ( Dv GPROF_COUNT ) +Array of statistical program counter counts. +.It Li kern.profiling.froms ( Dv GPROF_FROMS ) +Array indexed by program counter of call-from points. +.It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM ) +Structure giving the sizes of the above arrays. +.It Li kern.profiling.state ( Dv GPROF_STATE ) +Profiling state. +If set to +.Dv GMON_PROF_ON , +starts profiling. +If set to +.Dv GMON_PROF_OFF , +stops profiling. +.It Li kern.profiling.tos ( Dv GPROF_TOS ) +Array of +.Vt struct tostruct +describing destination of calls and their counts. +.El +.\" .It Li kern.pset +.\" XXX: Undocumented. +.It Li kern.rawpartition ( Dv KERN_RAWPARTITION ) +The raw partition of a disk (a == 0). +.It Li kern.root_device ( Dv KERN_ROOT_DEVICE ) +The name of the root device (e.g., +.Dq wd0 ) . +.It Li kern.root_partition ( Dv KERN_ROOT_PARTITION ) +The root partition on the root device (a == 0). +.It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET ) +Return the offset of real time clock from UTC in minutes. +.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) +Returns 1 if saved set-group and saved set-user ID is available. +.It Li kern.sbmax ( Dv KERN_SBMAX ) +Maximum socket buffer size in bytes. +.It Li kern.securelevel ( Dv KERN_SECURELVL ) +See +.Xr secmodel_securelevel 9 . +.It Li kern.sched ( dynamic ) +Influence the scheduling of LWPs, their prioritisation and how they are +distributed on and moved between CPUs. +.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent +.It Sy Third level name Sy Type Sy Changeable +.It kern.sched.cacheht_time integer yes +.It kern.sched.balance_period integer yes +.It kern.sched.average_weight integer yes +.It kern.sched.min_catch integer yes +.It kern.sched.timesoftints integer yes +.It kern.sched.kpreempt_pri integer yes +.It kern.sched.upreempt_pri integer yes +.It kern.sched.maxts integer yes +.It kern.sched.mints integer yes +.It kern.sched.name string no +.It kern.sched.rtts integer no +.It kern.sched.pri_min integer no +.It kern.sched.pri_max integer no +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.sched.cacheht_time ( dynamic ) +Cache hotness time in which a LWP is kept on one particular CPU +and not moved to another CPU. +This reduces the overhead of flushing and reloading caches. +Defaults to 3ms. +Needs to be given in +.Dq hz +units, see +.Xr mstohz 9 . +.It Li kern.sched.balance_period ( dynamic ) +Interval at which the CPU queues are checked for re-balancing. +Defaults to 300ms. +Needs to be given in +.Dq hz +units, see +.Xr mstohz 9 . +.It Li kern.sched.average_weight ( dynamic ) +Can be used to influence how likely LWPs are to be migrated from +one CPU's queue of LWPs that are ready to run to a different, idle CPU. +The value gives the percentage for weighting the average count of +migratable threads from the past against the current number of +migratable threads. +A small value gives more weight to the past, a larger values more weight +on the current situation. +Defaults to 50 and must be between 0 and 100. +.It Li kern.sched.min_catch ( dynamic ) +Minimum count of migratable (runnable) threads for catching (stealing) +from another CPU. +Defaults to 1 but can be increased to decrease chance of thread +migration between CPUs. +.It Li kern.sched.timesoftints ( dynamic ) +Enable tracking of CPU time for soft interrupts +as part of a LWP's real execution time. +Set to a non-zero value to enable, +and see +.Xr ps 1 +for printing CPU times. +.It Li kern.sched.kpreempt_pri ( dynamic ) +Minimum priority to trigger kernel preemption. +.It Li kern.sched.upreempt_pri ( dynamic ) +Minimum priority to trigger user preemption. +.It Li kern.sched.maxts ( dynamic ) +Scheduler specific maximal time quantum (in milliseconds). +Must be set to a value larger than +.Dq mints +and between 10 and +.Dq hz +as given by the +.Dv kern.clockrate +sysctl. +Provided by the M2 scheduler. +.It Li kern.sched.mints ( dynamic ) +Scheduler specific minimal time quantum (in milliseconds). +Must be set to a value smaller than +.Dq maxts +and between 1 and +.Dq hz +as given by the +.Dq kern.clockrate +sysctl. +Provided by the M2 scheduler. +.It Li kern.sched.name ( dynamic ) +Scheduler name. +Provided both by the M2 and the 4BSD scheduler. +.It Li kern.sched.rtts ( dynamic ) +Fixed scheduler specific round-robin time quantum in milliseconds. +Provided both by the M2 and the 4BSD scheduler. +.It Li kern.sched.pri_min ( dynamic ) +Minimal POSIX real-time priority. +See +.Xr sched 3 . +.It Li kern.sched.pri_max ( dynamic ) +Maximal POSIX real-time priority. +See +.Xr sched 3 . +.El +.It Li kern.sofixedbuf ( Dv KERN_SOFIXEDBUF ) +Prevent socket buffer autoscaling when a size is set with +.Dv SO_SNDBUF +or +.Dv SO_RCVBUF . +.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) +Maximum amount of kernel memory to be used for socket buffers in bytes. +.It Li kern.sooptions +Set the default socket option flags for +.Xr socket 2 +creation. +See +.Xr setsockopt 2 +for a list of supported flags. +.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) +Returns 1 if the +.St -p1003.1b-93 +Synchronized I/O Option is available on this system, +otherwise\ 0. +.It Li kern.timecounter ( dynamic ) +Display and control the timecounter source of the system. +.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.timecounter.choice string no +.It kern.timecounter.hardware string yes +.It kern.timecounter.timestepwarnings integer yes +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.timecounter.choice ( dynamic ) +The list of available timecounters with their quality and frequency. +.It Li kern.timecounter.hardware ( dynamic ) +The currently selected timecounter source. +.It Li kern.timecounter.timestepwarnings ( dynamic ) +If non-zero display a message each time the time is stepped. +.El +.It Li kern.timex ( Dv KERN_TIMEX ) +Not available. +.It Li kern.tkstat ( Dv KERN_TKSTAT ) +Return information about the number of characters sent and received +on ttys. +The third level names for the tty statistic variables are detailed below. +The changeable column shows whether a process +with appropriate privilege may change the value. +.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.tkstat.cancc quad no +.It kern.tkstat.nin quad no +.It kern.tkstat.nout quad no +.It kern.tkstat.rawcc quad no +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC ) +The number of canonical input characters. +.It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN ) +The total number of input characters. +.It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT ) +The total number of output characters. +.It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC ) +The number of raw input characters. +.El +.It Li kern.tty +The third level names for the tty setup variables are detailed below. +The changeable column shows whether a process +with appropriate privilege may change the value. +.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.tty.qsize int yes +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.tty.qsize +Control/display the size of the default input and output queues selected +during tty creation. +Is converted to a power of two and its range is between +.Dv 1024 +and +.Dv 65536 . +.El +.It Li kern.uidinfo +Resource usage for the current user. +.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.uidinfo.proccnt integer no +.It kern.uidinfo.lwpcnt integer no +.It kern.uidinfo.lockcnt integer no +.It kern.uidinfo.semcnt integer no +.It kern.uidinfo.sbsize integer no +.El +.Bl -tag -width "123456" +.It Li kern.uidinfo.proccnt +Returns the number of active processes for the current user. +.It Li kern.uidinfo.lwpcnt +Returns the number of active threads for the current user; the first thread +of each process is not counted. +.It Li kern.uidinfo.lockcnt +Number of locks held by the current user. +.It Li kern.uidinfo.semcnt +Number of semaphores held by the current user. +.It Li kern.uidinfo.sbsize +Number of bytes in socket buffers allocated to the current user. +.El +.It Li kern.urandom ( Dv KERN_URND ) +Random integer value. +.It Li kern.usercrypto +When enabled, allows userland to +.Xr open 2 +the +.Pa /dev/crypto +special device, used by the +.Xr crypto 4 +system. +.It Li kern.userasymcrypto +Enables or disables the use of software asymmetric crypto support in the +.Xr crypto 4 +system. +.It Li kern.veriexec +Runtime information for +.Xr veriexec 8 . +.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It kern.veriexec.algorithms string no +.It kern.veriexec.count node not applicable +.It kern.veriexec.strict integer yes +.It kern.veriexec.verbose integer yes +.El +.Bl -tag -width "123456" +.It Li kern.veriexec.algorithms +Returns a string with the supported algorithms in Veriexec. +.It Li kern.veriexec.count +Sub-nodes are added to this node as new mounts are monitored by Veriexec. +Each mount will be under its own +.No tableN +node. +Under each node there will be three variables, indicating the mount +point, the file system type, and the number of entries. +.It Li kern.veriexec.strict +Controls the strict level of Veriexec. +See +.Xr security 7 +for more information on each level's implications. +.It Li kern.veriexec.verbose +Controls the verbosity level of Veriexec. +If 0, only the minimal +indication required will be given about what's happening - fingerprint +mismatches, removal of entries from the tables, modification of a +fingerprinted file. +If 1, more messages will be printed (ie., when a file with a valid +fingerprint is accessed). +Verbose level 2 is debug mode. +.El +.It Li kern.version ( Dv KERN_VERSION ) +The system version string. +.It Li kern.vnode ( Dv KERN_VNODE ) +Return the entire vnode table. +Note, the vnode table is not necessarily a consistent snapshot of +the system. +The returned data consists of an array whose size depends on the +current number of such objects in the system. +Each element of the array contains the kernel address of a vnode +.Vt struct vnode * +followed by the vnode itself +.Vt struct vnode . +.El +.Ss The machdep.* subtree +The set of variables defined is architecture dependent. +Most architectures define at least the following variables. +.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It Li machdep.booted_kernel string no +.El +.\" XXX: Document the above. +.Ss The net.* subtree +The string and integer information available for the +.Li net +level is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +The second and third levels are typically the protocol family and +protocol number, though this is not always the case. +.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It net.route routing messages no +.It net.inet IPv4 values yes +.It net.inet6 IPv6 values yes +.It net.key IPsec key management values yes +.El +.Bl -tag -width "123456" +.It Li net.route ( Dv PF_ROUTE ) +.\" XXX really? +Return the entire routing table or a subset of it. +The data is returned as a sequence of routing messages (see +.Xr route 4 +for the header file, format and meaning). +The length of each message is contained in the message header. +.Pp +The third level name is a protocol number, which is currently always\ 0. +The fourth level name is an address family, which may be set to 0 to +select all address families. +The fifth and sixth level names are as follows: +.Bl -column "Fifth level name" "Sixth level is:" -offset indent +.It Sy Fifth level name Ta Sy Sixth level is : +.It NET_RT_FLAGS rtflags +.It NET_RT_DUMP None +.It NET_RT_IFLIST None +.El +.It Li net.inet ( Dv PF_INET ) +Get or set various global information about the IPv4 +.Pq Internet Protocol version 4 . +The third level name is the protocol. +The fourth level name is the variable name. +The currently defined protocols and names are: +.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent +.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable +.It arp nd_delay integer yes +.It arp nd_bmaxtries integer yes +.It arp nd_umaxtries integer yes +.It arp nd_basereachable integer yes +.It arp nd_retrans integer yes +.It arp nd_nud integer yes +.It arp nd_maxnudhint integer yes +.It arp log_movements integer yes +.It arp log_permanent_modify integer yes +.It arp log_unknown_network integer yes +.It arp log_wrong_iface integer yes +.It carp allow integer yes +.It carp preempt integer yes +.It carp log integer yes +.It carp arpbalance integer yes +.It icmp errppslimit integer yes +.It icmp maskrepl integer yes +.It icmp rediraccept integer yes +.It icmp redirtimeout integer yes +.It icmp bmcastecho integer yes +.It icmp dynamic_rt_msg boolean yes +.It ip allowsrcrt integer yes +.It ip anonportalgo.selected string yes +.It ip anonportalgo.available string yes +.It ip anonportalgo.reserve struct yes +.It ip anonportmax integer yes +.It ip anonportmin integer yes +.It ip checkinterface integer yes +.It ip dad_count integer yes +.It ip directed-broadcast integer yes +.It ip do_loopback_cksum integer yes +.It ip forwarding integer yes +.It ip forwsrcrt integer yes +.It ip gifttl integer yes +.It ip grettl integer yes +.It ip hashsize integer yes +.It ip hostzerobroadcast integer yes +.It ip lowportmin integer yes +.It ip lowportmax integer yes +.It ip maxflows integer yes +.It ip maxfragpackets integer yes +.It ip mtudisc integer yes +.It ip mtudisctimeout integer yes +.It ip random_id integer yes +.It ip redirect integer yes +.It ip subnetsarelocal integer yes +.It ip ttl integer yes +.It tcp rfc1323 integer yes +.It tcp sendspace integer yes +.It tcp recvspace integer yes +.It tcp mssdflt integer yes +.It tcp syn_cache_limit integer yes +.It tcp syn_bucket_limit integer yes +.It tcp syn_cache_interval integer yes +.It tcp init_win integer yes +.It tcp init_win_local integer yes +.It tcp mss_ifmtu integer yes +.It tcp win_scale integer yes +.It tcp timestamps integer yes +.It tcp cwm integer yes +.It tcp cwm_burstsize integer yes +.It tcp ack_on_push integer yes +.It tcp keepidle integer yes +.It tcp keepintvl integer yes +.It tcp keepcnt integer yes +.It tcp slowhz integer no +.It tcp keepinit integer yes +.It tcp log_refused integer yes +.It tcp rstppslimit integer yes +.It tcp ident struct no +.It tcp drop struct no +.It tcp sack.enable integer yes +.It tcp sack.globalholes integer no +.It tcp sack.globalmaxholes integer yes +.It tcp sack.maxholes integer yes +.It tcp ecn.enable integer yes +.It tcp ecn.maxretries integer yes +.It tcp congctl.selected string yes +.It tcp congctl.available string yes +.It tcp abc.enable integer yes +.It tcp abc.aggressive integer yes +.It udp checksum integer yes +.It udp do_loopback_cksum integer yes +.It udp recvspace integer yes +.It udp sendspace integer yes +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li arp.nd_delay +The delay in seconds before sending the first probe, +after it has been decided that the entry is stale. +.It Li arp.nd_bmaxtries +The maximum number of broadcasts send to discover the hardware address +claiming an IP address. +.It Li arp.nd_umaxtries +The maximum number of unicasts send to the hardware address to ensure +it still claims an IP address. +.It Li arp.nd_basereachable +The number of milliseconds the ARP entry is considered reachable before +probing reachability. +.It Li arp.nd_retrans +The number of milliseconds between ARP probes. +.It Li arp.nd_nud +If set to non-zero, perform Neighbor Unreachability Detection. +.It Li arp.nd_maxnudhint +Neighbor discovery permits upper layer protocols to supply reachability +hints, to avoid unnecessary neighbor discovery exchanges. +The variable defines the number of consecutive hints the neighbor discovery +layer will take. +For example, by setting the variable to 3, neighbor discovery layer +will take 3 consecutive hints in maximum. +After receiving 3 hints, neighbor discovery layer will perform +normal neighbor discovery process. +.It Li carp.allow +If set to 0, incoming +.Xr carp 4 +packets will not be processed. +If set to any other value, processing will occur. +Enabled by default. +.It Li carp.arpbalance +If set to any value other than 0, the ARP balancing functionality of +.Xr carp 4 +is enabled. +When ARP requests are received for an IP address which is part of any virtual +host, carp will hash the source IP in the ARP request to select one of the +virtual hosts from the set of all the virtual hosts which have that IP address. +The master of that host will respond with the correct virtual MAC address. +Disabled by default. +.It Li carp.log +If set to any value other than 0, +.Xr carp 4 +will log errors. +Disabled by default. +.It Li carp.preempt +If set to 0, +.Xr carp 4 +will not attempt to become master if it is receiving advertisements from +another active master. +If set to any other value, carp will become master of the virtual host if it +believes it can send advertisements more frequently than the current master. +Disabled by default. +.It Li ip.allowsrcrt +If set to 1, the host accepts source routed packets. +.It Li ip.anonportalgo.available +The available RFC 6056 port randomization algorithms. +.It Li ip.anonportalgo.reserve +A bitmask of ports that will not be used during anonymous or privileged +port selection. +.It Li ip.anonportalgo.selected +The currently selected RFC 6056 port randomization algorithm; see +.Xr rfc6056 7 +for details. +.It Li ip.anonportmax +The highest port number to use for TCP and UDP ephemeral port allocation. +This cannot be set to less than 1024 or greater than 65535, and must +be greater than +.Li ip.anonportmin . +.It Li ip.anonportmin +The lowest port number to use for TCP and UDP ephemeral port allocation. +This cannot be set to less than 1024 or greater than 65535. +.It Li ip.checkinterface +If set to non-zero, the host will reject packets addressed to it +that arrive on an interface not bound to that address. +Currently, this must be disabled if NAT is used to translate the +destination address to another local interface, or if addresses +are added to the loopback interface instead of the interface where +the packets for those packets are received. +.It Li ip.dad_count +The number of +.Xr arp 4 +probes sent for Address Conflict Detection. +Set to 0 to disable this. +.It Li ip.directed-broadcast +If set to 1, enables directed broadcast behavior for the host. +.It Li ip.do_loopback_cksum +Perform IP checksum on loopback. +.It Li ip.forwarding +If set to 1, enables IP forwarding for the host, +meaning that the host is acting as a router. +.It Li ip.forwsrcrt +If set to 1, enables forwarding of source-routed packets for the host. +This value may only be changed if the kernel security level is less than 1. +.It Li ip.gifttl +The maximum time-to-live (hop count) value for an IPv4 packet generated by +.Xr gif 4 +tunnel interface. +.It Li ip.grettl +The maximum time-to-live (hop count) value for an IPv4 packet generated by +.Xr gre 4 +tunnel interface. +.It Li ip.hashsize +The size of IPv4 Fast Forward hash table. +This value must be a power of 2 (64, 256...). +A larger hash table size results in fewer collisions. +Also see +.Li ip.maxflows . +.It Li ip.hostzerobroadcast +All zeroes address is broadcast address. +.It Li ip.lowportmax +The highest port number to use for TCP and UDP reserved port allocation. +This cannot be set to less than 0 or greater than 1024, and must +be greater than +.Li ip.lowportmin . +.It Li ip.lowportmin +The lowest port number to use for TCP and UDP reserved port allocation. +This cannot be set to less than 0 or greater than 1024, and must +be smaller than +.Li ip.lowportmax . +.It Li ip.maxflows +IPv4 Fast Forwarding is enabled by default. +If set to 0, IPv4 Fast Forwarding is disabled. +.Li ip.maxflows +controls the maximum amount of flows which can be created. +The default value is 256. +.It Li ip.maxfragpackets +The maximum number of fragmented packets the node will accept. +0 means that the node will not accept any fragmented packets. +\-1 means that the node will accept as many fragmented packets as it receives. +The flag is provided basically for avoiding possible DoS attacks. +.It Li ip.mtudisc +If set to 1, enables Path MTU Discovery (RFC 1191). +When Path MTU Discovery is enabled, the transmitted TCP segment +size will be determined by the advertised maximum segment size +(MSS) from the remote end, as constrained by the path MTU. +If MTU Discovery is disabled, the transmitted segment size will +never be greater than +.Li tcp.mssdflt +(the local maximum segment size). +.It Li ip.mtudisctimeout +The number of seconds in which a route added by the Path MTU +Discovery engine will time out. +When the route times out, the Path +MTU Discovery engine will attempt to probe a larger path MTU. +.It Li ip.random_id +Assign random ip_id values. +.It Li ip.redirect +If set to 1, ICMP redirects may be sent by the host. +This option is ignored unless the host is routing IP packets, +and should normally be enabled on all systems. +.It Li ip.subnetsarelocal +If set to 1, subnets are to be considered local addresses. +.It Li ip.ttl +The maximum time-to-live (hop count) value for an IP packet sourced by +the system. +This value applies to normal transport protocols, not to ICMP. +.It Li icmp.errppslimit +The variable specifies the maximum number of outgoing ICMP error messages, +per second. +ICMP error messages that exceeded the value are subject to rate limitation +and will not go out from the node. +Negative value disables rate limitation. +.It Li icmp.maskrepl +If set to 1, ICMP network mask requests are to be answered. +.It Li icmp.rediraccept +If set to non-zero, the host will accept ICMP redirect packets. +Note that routers will never accept ICMP redirect packets, +and the variable is meaningful on IP hosts only. +.It Li icmp.redirtimeout +The variable specifies lifetime of routing entries generated by incoming +ICMP redirect. +This defaults to 600 seconds. +.It Li icmp.returndatabytes +Number of bytes to return in an ICMP error message. +.It Li icmp.bmcastecho +If set to 1, enables responding to ICMP echo or timestamp request to the +broadcast address. +.It Li icmp.dynamic_rt_msg +A boolean that the kernel sends routing message for RTM_DYNAMIC or not. +If set to true, sends such routing message. +.It Li tcp.ack_on_push +If set to 1, TCP is to immediately transmit an ACK upon reception of +a packet with PUSH set. +This can avoid losing a round trip time in some rare situations, +but has the caveat of potentially defeating TCP's delayed ACK algorithm. +Use of this option is generally not recommended, but +the variable exists in case your configuration really needs it. +.It Li tcp.cwm +If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window +Monitoring algorithm. +This algorithm prevents line-rate bursts of packets that could +otherwise occur when data begins flowing on an idle TCP connection. +These line-rate bursts can contribute to network and router congestion. +This can be particularly useful on World Wide Web servers +which support HTTP/1.1, which has lingering connections. +.It Li tcp.cwm_burstsize +The Congestion Window Monitoring allowed burst size, in terms +of packet count. +.It Li tcp.delack_ticks +Number of ticks to delay sending an ACK. +.It Li tcp.do_loopback_cksum +Perform TCP checksum on loopback. +.It Li tcp.init_win +A value indicating the TCP initial congestion window. +The valid range +is 0 to 10 (maximum specified by RFC6928), +with a default of 4 (approximately 4K per RFC3390). +.It Li tcp.init_win_local +Like +.Li tcp.init_win , +but used when communicating with hosts on a local network. +.It Li tcp.keepcnt +Number of keepalive probes sent before declaring a connection dead. +If set to zero, there is no limit; +keepalives will be sent until some kind of +response is received from the peer. +.It Li tcp.keepidle +Time a connection must be idle before keepalives are sent (if keepalives +are enabled for the connection). +See also tcp.slowhz. +.It Li tcp.keepintvl +Time after a keepalive probe is sent until, in the absence of any response, +another probe is sent. +See also tcp.slowhz. +.It Li tcp.log_refused +If set to 1, refused TCP connections to the host will be logged. +.It Li tcp.keepinit +Timeout in seconds during connection establishment. +.It Li tcp.mss_ifmtu +If set to 1, TCP calculates the outgoing maximum segment size based on +the MTU of the appropriate interface. +If set to 0, it is calculated based on the greater of the MTU of the +interface, and the largest (non-loopback) interface MTU on the system. +.It Li tcp.mssdflt +The default maximum segment size both advertised to the peer +and to use when either the peer does not advertise a maximum segment size to +us during connection setup or Path MTU Discovery +.Li ( ip.mtudisc ) +is disabled. +Do not change this value unless you really know what you are doing. +.It Li tcp.recvspace +The default TCP receive buffer size. +.It Li tcp.rfc1323 +If set to 1, enables RFC 1323 extensions to TCP. +.It Li tcp.rstppslimit +The variable specifies the maximum number of outgoing TCP RST packets, +per second. +TCP RST packet that exceeded the value are subject to rate limitation +and will not go out from the node. +Negative value disables rate limitation. +.It Li tcp.ident +Return the user ID of a connected socket pair. +(RFC1413 Identification Protocol lookups.) +.It Li tcp.drop +Drop a TCP socket pair connection. +.It Li tcp.sack.enable +If set to 1, enables RFC 2018 Selective ACKnowledgement. +.It Li tcp.sack.globalholes +Global number of TCP SACK holes. +.It Li tcp.sack.globalmaxholes +Global maximum number of TCP SACK holes. +.It Li tcp.sack.maxholes +Maximum number of TCP SACK holes allowed per connection. +.It Li tcp.ecn.enable +If set to 1, enables RFC 3168 Explicit Congestion Notification. +.It Li tcp.ecn.maxretries +Number of times to retry sending the ECN-setup packet. +.It Li tcp.sendspace +The default TCP send buffer size. +.It Li tcp.slowhz +The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks +of a clock that ticks tcp.slowhz times per second. +(That is, their values +must be divided by the tcp.slowhz value to get times in seconds.) +.It Li tcp.syn_bucket_limit +The maximum number of entries allowed per hash bucket in the TCP +compressed state engine. +.It Li tcp.syn_cache_limit +The maximum number of entries allowed in the TCP compressed state +engine. +.It Li tcp.timestamps +If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, +used for measuring TCP round trip times, are enabled. +.It Li tcp.win_scale +If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, +for increasing the TCP window size, are enabled. +.It Li tcp.congctl.available +The available TCP congestion control algorithms. +.It Li tcp.congctl.selected +The currently selected TCP congestion control algorithm. +.It Li tcp.abc.enable +If set to 1, use RFC 3465 Appropriate Byte Counting (ABC). +If set to 0, use traditional Packet Counting. +.It Li tcp.abc.aggressive +Choose the L parameter found in RFC 3465. +L is the maximum cwnd increase for an ack during slow start. +If set to 1, use L=2*SMSS. +If set to 0, use L=1*SMSS. +It has no effect unless tcp.abc.enable is set to 1. +.It Li udp.checksum +If set to 1, UDP checksums are being computed. +Received non-zero UDP checksums are always checked. +Disabling UDP checksums is strongly discouraged. +.It Li udp.recvspace +The default UDP receive buffer size. +.It Li udp.sendspace +The default UDP send buffer size. +.El +.Pp +For variables net.*.ipsec, please refer to +.Xr ipsec 4 . +.It Li net.inet6 ( Dv PF_INET6 ) +Get or set various global information about the IPv6 +.Pq Internet Protocol version 6 . +The third level name is the protocol. +The fourth level name is the variable name. +The currently defined protocols and names are: +.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent +.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable +.It icmp6 errppslimit integer yes +.It icmp6 mtudisc_hiwat integer yes +.It icmp6 mtudisc_lowat integer yes +.It icmp6 nd6_debug integer yes +.It icmp6 nd6_delay integer yes +.It icmp6 nd6_maxnudhint integer yes +.It icmp6 nd6_mmaxtries integer yes +.It icmp6 nd6_gctimer integer yes +.It icmp6 nd6_prune integer yes +.It icmp6 nd6_umaxtries integer yes +.It icmp6 nd6_useloopback integer yes +.It icmp6 nodeinfo integer yes +.It icmp6 rediraccept integer yes +.It icmp6 redirtimeout integer yes +.It icmp6 reflect_pmtu boolean yes +.It icmp6 dynamic_rt_msg boolean yes +.It ip6 accept_rtadv integer yes +.It ip6 addctlpolicy struct in6_addrpolicy no +.It ip6 anonportalgo.selected string yes +.It ip6 anonportalgo.available string yes +.It ip6 anonportalgo.reserve struct yes +.It ip6 anonportmax integer yes +.It ip6 anonportmin integer yes +.It ip6 auto_flowlabel integer yes +.It ip6 dad_count integer yes +.It ip6 defmcasthlim integer yes +.It ip6 forwarding integer yes +.It ip6 gifhlim integer yes +.It ip6 hashsize integer yes +.It ip6 hlim integer yes +.It ip6 hdrnestlimit integer yes +.It ip6 kame_version string no +.It ip6 keepfaith integer yes +.It ip6 log_interval integer yes +.It ip6 lowportmax integer yes +.It ip6 lowportmin integer yes +.It ip6 maxdynroutes integer yes +.It ip6 maxifprefixes integer yes +.It ip6 maxifdefrouters integer yes +.It ip6 maxflows integer yes +.It ip6 maxfragpackets integer yes +.It ip6 maxfrags integer yes +.It ip6 neighborgcthresh integer yes +.It ip6 param_rt_msg integer yes +.It ip6 redirect integer yes +.It ip6 rr_prune integer yes +.It ip6 use_deprecated integer yes +.It ip6 v6only integer yes +.It udp6 do_loopback_cksum integer yes +.It udp6 recvspace integer yes +.It udp6 sendspace integer yes +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li ip6.accept_rtadv +If set to non-zero, the node will accept ICMPv6 router advertisement packets +and autoconfigures address prefixes and default routers. +The node must be a host +.Pq not a router +for the option to be meaningful. +.It Li ip6.anonportalgo.available +The available RFC 6056 port randomization algorithms. +.It Li ip6.anonportalgo.reserve +A bitmask of ports that will not be used during anonymous or privileged +port selection. +.It Li ip6.anonportalgo.selected +The currently selected RFC 6056 port randomization algorithm; see +.Xr rfc6056 7 +for details. +.It Li ip6.anonportmax +The highest port number to use for TCP and UDP ephemeral port allocation. +This cannot be set to less than 1024 or greater than 65535, and must +be greater than +.Li ip6.anonportmin . +.It Li ip6.anonportmin +The lowest port number to use for TCP and UDP ephemeral port allocation. +This cannot be set to less than 1024 or greater than 65535. +.It Li ip6.auto_flowlabel +On connected transport protocol packets, +fill IPv6 flowlabel field to help intermediate routers to identify packet flows. +.It Li ip6.dad_count +The variable configures number of IPv6 DAD +.Pq duplicated address detection +probe packets. +The packets will be generated when IPv6 interface addresses are configured. +.It Li ip6.defmcasthlim +The default hop limit value for an IPv6 multicast packet sourced by the node. +This value applies to all the transport protocols on top of IPv6. +There are APIs to override the value, as documented in +.Xr ip6 4 . +.It Li ip6.forwarding +If set to 1, enables IPv6 forwarding for the node, +meaning that the node is acting as a router. +If set to 0, disables IPv6 forwarding for the node, +meaning that the node is acting as a host. +IPv6 specification defines node behavior for +.Dq router +case and +.Dq host +case quite differently, and changing this variable during operation +may cause serious trouble. +It is recommended to configure the variable at bootstrap time, +and bootstrap time only. +.It Li ip6.gifhlim +The maximum hop limit value for an IPv6 packet generated by +.Xr gif 4 +tunnel interface. +.It Li ip6.hdrnestlimit +The number of IPv6 extension headers permitted on incoming IPv6 packets. +If set to 0, the node will accept as many extension headers as possible. +.It Li ip6.hashsize +The size of IPv6 Fast Forward hash table. +This value must be a power of 2 (64, 256, ...). +A larger hash table size results in fewer collisions. +Also see +.Li ip6.maxflows . +.It Li ip6.hlim +The default hop limit value for an IPv6 unicast packet sourced by the node. +This value applies to all the transport protocols on top of IPv6. +There are APIs to override the value, as documented in +.Xr ip6 4 . +.It Li ip6.kame_version +The string identifies the version of KAME IPv6 stack implemented in the kernel. +.It Li ip6.keepfaith +If set to non-zero, it enables +.Dq FAITH +TCP relay IPv6-to-IPv4 translator code in the kernel. +Refer +.Xr faith 4 +and +.Xr faithd 8 +for detail. +.It Li ip6.log_interval +The variable controls amount of logs generated by IPv6 packet +forwarding engine, by setting interval between log output +.Pq in seconds . +.It Li ip6.lowportmax +The highest port number to use for TCP and UDP reserved port allocation. +This cannot be set to less than 0 or greater than 1024, and must +be greater than +.Li ip6.lowportmin . +.It Li ip6.lowportmin +The lowest port number to use for TCP and UDP reserved port allocation. +This cannot be set to less than 0 or greater than 1024, and must +be smaller than +.Li ip6.lowportmax . +.It Li ip6.maxdynroutes +Maximum number of routes created by redirect. +Set it to negative to disable. +The default value is 4096. +.It Li ip6.maxifprefixes +Maximum number of prefixes created by route advertisements per interface. +Set it to negative to disable. +The default value is 16. +.It Li ip6.maxifdefrouters 16 +Maximum number of default routers created by route advertisements per interface. +Set it to negative to disable. +The default value is 16. +.It Li ip6.maxflows +IPv6 Fast Forwarding is enabled by default. +If set to 0, IPv6 Fast Forwarding is disabled. +.Li ip6.maxflows +controls the maximum amount of flows which can be created. +The default value is 256. +.It Li ip6.maxfragpackets +The maximum number of fragmented packets the node will accept. +0 means that the node will not accept any fragmented packets. +\-1 means that the node will accept as many fragmented packets as it receives. +The flag is provided basically for avoiding possible DoS attacks. +.It Li ip6.maxfrags +The maximum number of fragments the node will accept. +0 means that the node will not accept any fragments. +\-1 means that the node will accept as many fragments as it receives. +The flag is provided basically for avoiding possible DoS attacks. +.It Li ip6.neighborgcthresh +Maximum number of entries in neighbor cache per interface. +Set to negative to disable. +The default value is 2048. +.It Li ip6.param_rt_msg +If set to 0, parameter changing routing message is suppressed. +If set to 1, parameter changing routing message is sent by RTM_NEWADDR. +Other values are undefined yet. +.It Li ip6.redirect +If set to 1, ICMPv6 redirects may be sent by the node. +This option is ignored unless the node is routing IP packets, +and should normally be enabled on all systems. +.It Li ip6.rr_prune +The variable specifies interval between IPv6 router renumbering prefix +babysitting, in seconds. +.It Li ip6.use_deprecated +The variable controls use of deprecated address, specified in RFC 2462 5.5.4. +.It Li ip6.v6only +The variable specifies initial value for +.Dv IPV6_V6ONLY +socket option for +.Dv AF_INET6 +socket. +Please refer to +.Xr ip6 4 +for detail. +.It Li icmp6.errppslimit +The variable specifies the maximum number of outgoing ICMPv6 error messages, +per second. +ICMPv6 error messages that exceeded the value are subject to rate limitation +and will not go out from the node. +Negative value disables rate limitation. +.It Li icmp6.mtudisc_hiwat +.It Li icmp6.mtudisc_lowat +The variables define the maximum number of routing table entries, +created due to path MTU discovery +.Pq prevents denial-of-service attacks with ICMPv6 too big messages . +When IPv6 path MTU discovery happens, we keep path MTU information into +the routing table. +If the number of routing table entries exceed the value, +the kernel will not attempt to keep the path MTU information. +.Li icmp6.mtudisc_hiwat +is used when we have verified ICMPv6 too big messages. +.Li icmp6.mtudisc_lowat +is used when we have unverified ICMPv6 too big messages. +Verification is performed by using address/port pairs kept in connected pcbs. +Negative value disables the upper limit. +.It Li icmp6.nd6_debug +If set to non-zero, kernel IPv6 neighbor discovery code will generate +debugging messages. +The debug outputs are useful to diagnose IPv6 interoperability issues. +The flag must be set to 0 for normal operation. +.It Li icmp6.nd6_delay +The variable specifies +.Dv DELAY_FIRST_PROBE_TIME +timing constant in IPv6 neighbor discovery specification +.Pq RFC 2461 , +in seconds. +.It Li icmp6.nd6_maxnudhint +Neighbor discovery permits upper layer protocols to supply reachability +hints, to avoid unnecessary neighbor discovery exchanges. +The variable defines the number of consecutive hints the neighbor discovery +layer will take. +For example, by setting the variable to 3, neighbor discovery layer +will take 3 consecutive hints in maximum. +After receiving 3 hints, neighbor discovery layer will perform +normal neighbor discovery process. +.It Li icmp6.nd6_mmaxtries +The variable specifies +.Dv MAX_MULTICAST_SOLICIT +constant in IPv6 neighbor discovery specification +.Pq RFC 2461 . +.It Li icmp6.nd6_gctimer +The duration stale neighbors will be kept for, before being garbage collected, +in seconds. +.It Li icmp6.nd6_prune +The variable specifies interval between IPv6 neighbor cache babysitting, +in seconds. +.It Li icmp6.nd6_umaxtries +The variable specifies +.Dv MAX_UNICAST_SOLICIT +constant in IPv6 neighbor discovery specification +.Pq RFC 2461 . +.It Li icmp6.nd6_useloopback +If set to non-zero, kernel IPv6 stack will use loopback interface for +local traffic. +.It Li icmp6.nodeinfo +The variable enables responses to ICMPv6 node information queries. +If you set the variable to 0, responses will not be generated for +ICMPv6 node information queries. +Since node information queries can have a security impact, it is +possible to fine tune which responses should be answered. +Two separate bits can be set. +.Bl -tag -width "12345" +.It 1 +Respond to ICMPv6 FQDN queries, e.g. +.Li ping6 -w . +.It 2 +Respond to ICMPv6 node addresses queries, e.g. +.Li ping6 -a . +.El +.It Li icmp6.rediraccept +If set to non-zero, the host will accept ICMPv6 redirect packets. +Note that IPv6 routers will never accept ICMPv6 redirect packets, +and the variable is meaningful on IPv6 hosts +.Pq non-router +only. +.It Li icmp6.redirtimeout +The variable specifies lifetime of routing entries generated by incoming +ICMPv6 redirect. +.It Li icmp6.reflect_pmtu +A boolean that icmpv6 reflecting uses path MTU discovery or not. +When not, icmpv6 reflecting uses IPV6_MINMTU. +.It Li icmp6.dynamic_rt_msg +A boolean that the kernel sends routing message for RTM_DYNAMIC or not. +If set to true, sends such routing message. +.It Li udp6.do_loopback_cksum +Perform UDP checksum on loopback. +.It Li udp6.recvspace +Default UDP receive buffer size. +.It Li udp6.sendspace +Default UDP send buffer size. +.El +.Pp +Variables net.inet6.tcp6.* and net.inet6.udp6.* have identical meanings to +net.inet.tcp.* and net.inet.udp.*, respectively. +Please refer to +.Li PF_INET +section above. +For variables net.*.ipsec6, please refer to +.Xr ipsec 4 . +.It Li net.key ( Dv PF_KEY ) +Get or set various global information about the IPsec key management. +The third level name is the variable name. +The currently defined variable and names are: +.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent +.It Sy Variable Type Ta Sy Changeable +.It debug integer yes +.It enabled integer yes +.It used integer no +.It spi_try integer yes +.It spi_min_value integer yes +.It spi_max_value integer yes +.It larval_lifetime integer yes +.It blockacq_count integer yes +.It blockacq_lifetime integer yes +.It esp_keymin integer yes +.It esp_auth integer yes +.It ah_keymin integer yes +.It allow_different_idtype boolean yes +.El +The variables are as follows: +.Bl -tag -width "123456" +.It Li debug +Turn on debugging message from within the kernel. +The value is a bitmap, as defined in +.In netipsec/key_debug.h . +.It Li enabled +Control processing of IPsec control messages. +.Bl -tag -width indent +.It 0 +Never allow IPsec processing +.It 1 +Allow IPsec processing when SPD policies are present. +.It 2 +Force IPsec processing even when SPD policies are not present. +.El +.It Li used +Based on if IPsec is enabled, and SPD rule existence, show if +IPsec is being used. +Note that currently once IPsec is being used, it cannot be disabled. +.It Li spi_try +The number of times the kernel will try to obtain an unique SPI +when it generates it from random number generator. +.It Li spi_min_value +Minimum SPI value when generating it within the kernel. +.It Li spi_max_value +Maximum SPI value when generating it within the kernel. +.It Li larval_lifetime +Lifetime for LARVAL SAD entries, in seconds. +.It Li blockacq_count +Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. +It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the +key management daemon. +.It Li blockacq_lifetime +Lifetime of ACQUIRE PF_KEY message. +.It Li esp_keymin +Minimum ESP key length, in bits. +The value is used when the kernel creates proposal payload +on ACQUIRE PF_KEY message. +.It Li esp_auth +Whether ESP authentication should be used or not. +Non-zero value indicates that ESP authentication should be used. +The value is used when the kernel creates proposal payload +on ACQUIRE PF_KEY message. +.It Li ah_keymin +Minimum AH key length, in bits, +The value is used when the kernel creates proposal payload +on ACQUIRE PF_KEY message. +.It Li allow_different_idtype +A boolean that allow or disallow different identifier types +on IDii and IDir. +Allowing that can improve interconnectivity to some VPN appliances. +.El +.It Li net.local ( Dv PF_LOCAL ) +Get or set various global information about +.Dv AF_LOCAL +type sockets. +For some variables, the third level name is the variable name: +.Bl -column "Variable" "integer" "Changeable" -offset indent +.It Sy Variable Type Ta Sy Changeable +.It inflight integer no +.It deferred integer no +.El +The variables are as follows: +.Bl -tag -width "123456" +.It Li inflight +The number of file descriptors currently passed between processes, +.Qq in flight . +.It Li deferred +The number of file descriptors passed between processes that have been +deferred for cleanup by a kernel task. +.El +.Pp +Other variables are specific to a socket type: +.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent +.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable +.It dgram pcblist struct no +.It dgram recvspace integer yes +.It dgram sendspace integer yes +.It seqpacket pcblist struct no +.It stream pcblist struct no +.It stream recvspace integer yes +.It stream sendspace integer yes +.El +The variables are as follows: +.Bl -tag -width "123456" +.It Li dgram.pcblist +The Protocol Control Block list structure for datagram sockets. +Parsed by +.Xr netstat 1 +or +.Xr sockstat 1 . +.It Li dgram.recvspace +The default datagram receive buffer size. +.It Li dgram.sendspace +The default datagram send buffer size. +.It Li seqpacket.pcblist +The Protocol Control Block list structure for Sequential Packet sockets. +Parsed by +.Xr netstat 1 +or +.Xr sockstat 1 . +.It Li stream.pcblist +The Protocol Control Block list structure for stream sockets. +Parsed by +.Xr netstat 1 +or +.Xr sockstat 1 . +.It Li stream.recvspace +The default stream receive buffer size. +.It Li stream.sendspace +The default stream send buffer size. +.El +.El +.Ss The proc.* subtree +The string and integer information available for the +.Li proc +level is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +These values are per-process, +and as such may change from one process to another. +When a process is created, +the default values are inherited from its parent. +When a set-user-ID or set-group-ID binary is executed, the +value of PROC_PID_CORENAME is reset to the system default value. +The second level name is either the magic value PROC_CURPROC, which +points to the current process, or the PID of the target process. +.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent +.It Sy Third level name Ta Sy Type Ta Sy Changeable +.It proc.pid.corename string yes +.It proc.pid.rlimit node not applicable +.It proc.pid.stopfork int yes +.It proc.pid.stopexec int yes +.It proc.pid.stopexit int yes +.It proc.pid.paxflags int no +.El +.Bl -tag -width "123456" +.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) +The template used for the core dump file name (see +.Xr core 5 +for details). +The base name must either be +.Pa core +or end with the suffix +.Pa .core +(the super-user may set arbitrary names). +By default it points to +.Dv KERN_DEFCORENAME . +.It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT ) +Return resources limits, as defined for the +.Xr getrlimit 2 +and +.Xr setrlimit 2 +system calls. +The fourth level name is one of: +.Bl -tag -width "123456" +.It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU ) +The maximum amount of CPU time (in seconds) to be used by each process. +.It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE ) +The largest size (in bytes) file that may be created. +.It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA ) +The maximum size (in bytes) of the data segment for a process; +this defines how far a program may extend its break with the +.Xr sbrk 2 +system call. +.It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK ) +The maximum size (in bytes) of the stack segment for a process; +this defines how far a program's stack segment may be extended. +Stack extension is performed automatically by the system. +.It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE ) +The largest size (in bytes) +.Pa core +file that may be created. +.It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS ) +The maximum size (in bytes) to which a process's resident set size may +grow. +This imposes a limit on the amount of physical memory to be given to +a process; if memory is tight, the system will prefer to take memory +from processes that are exceeding their declared resident set size. +.It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK ) +The maximum size (in bytes) which a process may lock into memory +using the +.Xr mlock 2 +function. +.It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC ) +The maximum number of simultaneous processes for this user id. +.It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE ) +The maximum number of open files for this process. +.It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE ) +The maximum size (in bytes) of the socket buffers +set by the +.Xr setsockopt 2 +.Dv SO_RCVBUF +and +.Dv SO_SNDBUF +options. +.It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS ) +The maximum size (in bytes) which a process can obtain. +.It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR ) +The maximum number of threads that cen be created and running at one time in +the process. +The first thread of each process is not counted against this. +.El +.Pp +The fifth level name is one of +.Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT ) +or +.Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) , +to select respectively the soft or hard limit. +Both are of type integer. +.It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK ) +If non zero, the process' children will be stopped after +.Xr fork 2 +calls. +The children are created in the SSTOP state and are never scheduled +for running before being stopped. +This feature enables attaching to a process with a debugger such as +.Xr gdb 1 +before the process has the opportunity to actually do anything. +.Pp +This value is inherited by the process's children, and it also +applies to emulation specific system calls that fork a new process, such as +.Fn sproc +or +.Fn clone . +.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) +If non zero, the process will be stopped on the next +.Xr exec 3 +call. +The process created by +.Xr exec 3 +is created in the SSTOP state and is never scheduled for running +before being stopped. +This feature enables attaching to a process with a debugger such as +.Xr gdb 1 +before the process has the opportunity to actually do anything. +.Pp +This value is inherited by the process's children. +.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) +If non zero, the process will be stopped when it has cause to exit, +either by way of calling +.Xr exit 3 , +.Xr _exit 2 , +or by the receipt of a specific signal. +The process is stopped before any of its resources or vm space is +released allowing examination of the termination state of the process +before it disappears. +This feature can be used to examine the final conditions of the +process's vmspace via +.Xr pmap 1 +or its resource settings with +.Xr sysctl 8 +before it disappears. +.Pp +This value is also inherited by the process's children. +.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) +This read-only variable returns the current value of the process's pax +flags (see +.Xr paxctl 8 ) . +.El +.Ss The user.* subtree ( Dv CTL_USER ) +The string and integer information available for the +.Li user +level is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It user.atexit_max integer no +.It user.bc_base_max integer no +.It user.bc_dim_max integer no +.It user.bc_scale_max integer no +.It user.bc_string_max integer no +.It user.coll_weights_max integer no +.It user.cs_path string no +.It user.expr_nest_max integer no +.It user.line_max integer no +.It user.posix2_c_bind integer no +.It user.posix2_c_dev integer no +.It user.posix2_char_term integer no +.It user.posix2_fort_dev integer no +.It user.posix2_fort_run integer no +.It user.posix2_localedef integer no +.It user.posix2_sw_dev integer no +.It user.posix2_upe integer no +.It user.posix2_version integer no +.It user.re_dup_max integer no +.It user.stream_max integer no +.It user.stream_max integer no +.It user.tzname_max integer no +.El +.Bl -tag -width "123456" +.It Li user.atexit_max ( Dv USER_ATEXIT_MAX ) +The maximum number of functions that may be registered with +.Xr atexit 3 . +.It Li user.bc_base_max ( Dv USER_BC_BASE_MAX ) +The maximum ibase/obase values in the +.Xr bc 1 +utility. +.It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX ) +The maximum array size in the +.Xr bc 1 +utility. +.It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX ) +The maximum scale value in the +.Xr bc 1 +utility. +.It Li user.bc_string_max ( Dv USER_BC_STRING_MAX ) +The maximum string length in the +.Xr bc 1 +utility. +.It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX ) +The maximum number of weights that can be assigned to any entry of +the LC_COLLATE order keyword in the locale definition file. +.It Li user.cs_path ( USER_CS_PATH ) +Return a value for the +.Ev PATH +environment variable that finds all the standard utilities. +.It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX ) +The maximum number of expressions that can be nested within +parenthesis by the +.Xr expr 1 +utility. +.It Li user.line_max ( Dv USER_LINE_MAX ) +The maximum length in bytes of a text-processing utility's input +line. +.It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM ) +Return 1 if the system supports at least one terminal type capable of +all operations described in +.St -p1003.2 , +otherwise\ 0. +.It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND ) +Return 1 if the system's C-language development facilities support the +C-Language Bindings Option, otherwise\ 0. +.It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV ) +Return 1 if the system supports the C-Language Development Utilities Option, +otherwise\ 0. +.It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV ) +Return 1 if the system supports the FORTRAN Development Utilities Option, +otherwise\ 0. +.It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN ) +Return 1 if the system supports the FORTRAN Runtime Utilities Option, +otherwise\ 0. +.It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF ) +Return 1 if the system supports the creation of locales, otherwise\ 0. +.It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV ) +Return 1 if the system supports the Software Development Utilities Option, +otherwise\ 0. +.It Li user.posix2_upe ( Dv USER_POSIX2_UPE ) +Return 1 if the system supports the User Portability Utilities Option, +otherwise\ 0. +.It Li user.posix2_version ( Dv USER_POSIX2_VERSION ) +The version of +.St -p1003.2 +with which the system attempts to comply. +.It Li user.re_dup_max ( Dv USER_RE_DUP_MAX ) +The maximum number of repeated occurrences of a regular expression +permitted when using interval notation. +.It Li user.stream_max ( Dv USER_STREAM_MAX ) +The minimum maximum number of streams that a process may have open +at any one time. +.It Li user.tzname_max ( Dv USER_TZNAME_MAX ) +The minimum maximum number of types supported for the name of a +timezone. +.El +.Ss The vm.* subtree ( Dv CTL_VM ) +The string and integer information available for the +.Li vm +level is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It vm.anonmax int yes +.It vm.anonmin int yes +.It vm.bufcache int yes +.It vm.bufmem int no +.It vm.bufmem_hiwater int yes +.It vm.bufmem_lowater int yes +.It vm.execmax int yes +.It vm.execmin int yes +.It vm.filemax int yes +.It vm.filemin int yes +.It vm.loadavg struct loadavg no +.It vm.maxslp int no +.It vm.nkmempages int no +.It vm.uspace int no +.It vm.uvmexp struct uvmexp no +.It vm.uvmexp2 struct uvmexp_sysctl no +.It vm.vmmeter struct vmtotal no +.It vm.proc.map struct kinfo_vmentry no +.It vm.guard_size unsigned int no +.It vm.thread_guard_size unsigned int yes +.It vm.swap_encrypt bool yes +.El +.Bl -tag -width "123456" +.It Li vm.anonmax ( Dv VM_ANONMAX ) +The percentage of physical memory which will be reclaimed +from other types of memory usage to store anonymous application data. +.It Li vm.anonmin ( Dv VM_ANONMIN ) +The percentage of physical memory which will be always be available for +anonymous application data. +.It Li vm.bufcache ( Dv VM_BUFCACHE ) +The percentage of physical memory which will be available +for the buffer cache. +.It Li vm.bufmem ( Dv VM_BUFMEM ) +The amount of kernel memory that is being used by the buffer cache. +.It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER ) +The minimum amount of kernel memory to reserve for the +buffer cache. +.It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER ) +The maximum amount of kernel memory to be used for the +buffer cache. +.It Li vm.execmax ( Dv VM_EXECMAX ) +The percentage of physical memory which will be reclaimed +from other types of memory usage to store cached executable data. +.It Li vm.execmin ( Dv VM_EXECMIN ) +The percentage of physical memory which will be always be available for +cached executable data. +.It Li vm.filemax ( Dv VM_FILEMAX ) +The percentage of physical memory which will be reclaimed +from other types of memory usage to store cached file data. +.It Li vm.filemin ( Dv VM_FILEMIN ) +The percentage of physical memory which will be always be available for +cached file data. +.It Li vm.loadavg ( Dv VM_LOADAVG ) +Return the load average history. +The returned data consists of a +.Vt struct loadavg . +.It Li vm.maxslp ( Dv VM_MAXSLP ) +The value of the maxslp kernel global variable. +.It Li vm.vmmeter ( Dv VM_METER ) +Return system wide virtual memory statistics. +The returned data consists of a +.Vt struct vmtotal . +.It vm.user_va0_disable +A flag which controls whether user processes can map virtual address\ 0. +.It Li vm.proc.map ( Dv VM_PROC ) +The third level is +.Dv VM_PROC_MAP , +the fourth is the pid of the process to display the vm object entries for, and +the fifth is the size of +.Vt struct kinfo_vmentry . +Returns an array of +.Vt struct kinfo_vmentry +objects. +.It Li vm.ubc_direct Bq Sy "EXPERIMENTAL" Ns No , default off +Use direct map for UBC I/O, avoiding need to map and unmap buffer memory. +Speeds up operation for fast I/O devices like NVMe, especially +on multi-CPU systems. +Only available on some architectures. +.It Li vm.uspace ( Dv VM_USPACE ) +The number of bytes allocated for each kernel stack. +.It Li vm.uvmexp ( Dv VM_UVMEXP ) +Return system wide virtual memory statistics. +The returned data consists of a +.Vt struct uvmexp . +.It Li vm.uvmexp2 ( Dv VM_UVMEXP2 ) +Return system wide virtual memory statistics. +The returned data consists of a +.Vt struct uvmexp_sysctl . +.It Li vm.guard_size ( Dv VM_GUARD_SIZE ) +Return system wide guard size for the main thread of a program. +.It Li vm.thread_guard_size ( Dv VM_THREAD_GUARD_SIZE ) +Return system wide default size for the guard area of all other threads +of a program. +.It Li vm.swap_encrypt +If true, encrypt data while swapped out to disk. +.Pp +Each swap device maintains an independent AES-256 key, generated when +the first page is swapped to that device. +Each page is swapped independently using AES-CBC, with an +initialization vector chosen by the encryption under the AES-256 key of +the little-endian swap slot number padded to 128 bits with zeros. +(This is essentially the +.Xr cgd 4 +.Sq encblkno1 +method.) +.Pp +Changes to +.Li vm.swap_encrypt +only affect pages of swap newly written out. +To force encrypting or decrypting all existing swap, or to rekey +previously encrypted swap, you can remove the swap devices and re-add +them with +.Xr swapctl 8 , +with the caveat that whatever pages were already written to disk +unencrypted or encrypted with a compromised key may still be written to +disk afterward. +.El +.Ss The ddb.* subtree ( Dv CTL_DDB ) +The information available for the +.Li ddb +level is detailed below. +The changeable column shows whether a process with appropriate +privilege may change the value. +.Bl -column "Second level name" "integer" "Changeable" -offset indent +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It ddb.commandonenter string yes +.It ddb.dumpstack integer yes +.It ddb.fromconsole integer yes +.It ddb.lines integer yes +.It ddb.maxoff integer yes +.It ddb.maxwidth integer yes +.It ddb.onpanic integer yes +.It ddb.panicstackframes integer yes +.It ddb.radix integer yes +.It ddb.tabstops integer yes +.It ddb.tee_msgbuf integer yes +.El +.Bl -tag -width "123456" +.It Li ddb.commandonenter +If not empty, the string is used as the DDB command to be executed each time +DDB is entered. +.It Li ddb.dumpstack +A value of 1 causes a stack trace to be printed on entering ddb from a panic. +A value of 0 disables this behaviour. +The default value is 1. +.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) +If not zero, DDB may be entered by sending a break on a serial +console or by a special key sequence on a graphics console. +.It Li ddb.lines ( Dv DDBCTL_LINES ) +Number of display lines. +.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) +The maximum symbol offset. +.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) +The maximum output line width. +.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) +If greater than zero, DDB will be entered if the kernel panics. +A value of 1 causes the system to enter DDB on panic. +A value of 0 causes the kernel to attempt to print a stack trace, then +reboot, while a value of \-1 means neither a stack trace will be printed +nor DDB entered. +.It Li ddb.panicstackframes +Number of stack frames to display on panic. +Useful to avoid scrolling away the interesting frames on a glass tty. +Default value is +.Dv 65535 +(all frames), useful value around +.Dv 10 . +.It Li ddb.radix ( Dv DDBCTL_RADIX ) +The input and output radix. +.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) +Tab width. +.It Li ddb.tee_msgbuf +If not zero, DDB will output also to the kernel message buffer. +.El +.Pp +Some of these MIB +nodes are also available as variables from within the debugger. +See +.Xr ddb 4 +for more details. +.Ss The security.* subtree ( Dv CTL_SECURITY ) +The +.Li security +level contains various security-related settings for +the system. +The available second level names are: +.Bl -column "Second level name" "integer" "Changeable" -offset indent +.It Sy Second level name Ta Sy Type Ta Sy Changeable +.It Li security.curtain integer yes +.It Li security.models node not applicable +.It Li security.pax node not applicable +.El +.Pp +Available settings are detailed below. +.Bl -tag -width "123456" +.It Li security.curtain +If non-zero, will filter return objects according to the user ID +requesting information about them, preventing users from +accessing any objects they do not own. +.Pp +At the moment, it affects +.Xr ps 1 , +.Xr netstat 1 +(for +.Dv PF_INET , +.Dv PF_INET6 , +and +.Dv PF_UNIX +PCBs), and +.Xr w 1 . +.It Li security.models +.Nx +supports pluggable security models. +Every security model used, whether if loaded as a module or built with the system, +is required to add an entry to this node with at least one element, +.Dq name , +indicating the name of the security model. +.Pp +In addition to the name, any settings and other information private to the +security model will be available under this node. +See +.Xr secmodel 9 +for more information. +.It Li security.pax +Settings for PaX \(em exploit mitigation features. +For more information on any of the PaX features, please see +.Xr paxctl 8 +and +.Xr security 7 . +The available third and fourth level names are: +.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ +-offset 2n +.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable +.It Li security.pax.aslr.enabled integer yes +.\".It Li security.pax.aslr.exec_len integer yes +.It Li security.pax.aslr.global integer yes +.\".It Li security.pax.aslr.mmap_len integer yes +.\".It Li security.pax.aslr.stack_len integer yes +.It Li security.pax.mprotect.enabled integer yes +.It Li security.pax.mprotect.global integer yes +.It Li security.pax.mprotect.ptrace integer yes +.It Li security.pax.segvguard.enabled integer yes +.It Li security.pax.segvguard.expiry_timeout integer yes +.It Li security.pax.segvguard.global integer yes +.It Li security.pax.segvguard.max_crashes integer yes +.It Li security.pax.segvguard.suspend_timeout integer yes +.El +.Bl -tag -width "123456" +.It Li security.pax.aslr.enabled +Enable PaX ASLR (Address Space Layout Randomization). +.Pp +The value of this +knob must be non-zero for PaX ASLR to be enabled, even if a program is set to +explicit enable. +.\".It Li security.pax.aslr.exec_len +.\" XXX: Undocumented. +.It Li security.pax.aslr.global +Specifies the default global policy for programs without an +explicit enable/disable flag. +.Pp +When non-zero, all programs will get PaX ASLR, except those exempted with +.Xr paxctl 8 . +Otherwise, all programs will not get PaX ASLR, except those specifically +marked as such with +.Xr paxctl 8 . +.\".It Li security.pax.aslr.mmap_len +.\" XXX: Undocumented. +.\" .It Li security.pax.aslr.stack_len +.\" XXX: Undocumented. +.It Li security.pax.mprotect.enabled +Enable PaX MPROTECT restrictions. +.Pp +These are +.Xr mprotect 2 +restrictions to better enforce a W^X policy. +The value of this +knob must be non-zero for PaX MPROTECT to be enabled, even if a +program is set to explicit enable. +.It Li security.pax.mprotect.global +Specifies the default global policy for programs without an +explicit enable/disable flag. +.Pp +When non-zero, all programs will get the PaX MPROTECT restrictions, +except those exempted with +.Xr paxctl 8 . +Otherwise, all programs will not get the PaX MPROTECT restrictions, +except those specifically marked as such with +.Xr paxctl 8 . +.It Li security.pax.mprotect.ptrace +This variable allows +.Xr ptrace 2 +to override PaX MPROTECT permissions. +It can have the following values: +.Bl -tag -width XX -compact +.It 0 +Does not let override any permissions. +.It 1 +Disables PaX MPROTECT from processes that start executing while traced (default). +.It 2 +Bypasses PaX MPROTECT for all processes being traced. +.El +.It Li security.pax.segvguard.enabled +Enable PaX Segvguard. +.Pp +PaX Segvguard can detect and prevent certain exploitation attempts, where +an attacker may try for example to brute-force function return addresses +of respawning daemons. +.Pp +.Em Note : +The +.Nx +interface and implementation of the Segvguard is still experimental, and may +change in future releases. +.It Li security.pax.segvguard.expiry_timeout +If the max number was not reached within this timeout (in seconds), the entry +will expire. +.It Li security.pax.segvguard.global +Specifies the default global policy for programs without an +explicit enable/disable flag. +.Pp +When non-zero, all programs will get the PaX Segvguard, +except those exempted with +.Xr paxctl 8 . +Otherwise, no program will get the PaX Segvguard restrictions, +except those specifically marked as such with +.Xr paxctl 8 . +.It Li security.pax.segvguard.max_crashes +The maximum number of segfaults a program can receive before suspension. +.It Li security.pax.segvguard.suspend_timeout +Number of seconds to suspend a user from running a faulting program when the +limit was exceeded. +.El +.El +.Ss The vendor.* subtree ( Dv CTL_VENDOR ) +The +.Li vendor +toplevel name is reserved to be used by vendors who wish to +have their own private MIB tree. +Intended use is to store values under +.Dq vendor.<yourname>.* . +.Sh SEE ALSO +.Xr sysctl 3 , +.Xr ipsec 4 , +.Xr tcp 4 , +.Xr security 7 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +variables first appeared in +.Bx 4.4 . diff --git a/static/netbsd/man7/tests.atf.7 b/static/netbsd/man7/tests.atf.7 new file mode 100644 index 00000000..ffa50b3a --- /dev/null +++ b/static/netbsd/man7/tests.atf.7 @@ -0,0 +1,236 @@ +.\" $NetBSD: tests.atf.7,v 1.8 2023/08/27 15:17:50 rillig Exp $ +.\" +.\" Copyright (c) 2010 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND +.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +.\" IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd July 29, 2015 +.Dt TESTS 7 +.Os +.Sh NAME +.Nm tests +.Nd introduction to the NetBSD test suite +.Sh DESCRIPTION +The +.Nx +test suite provides a collection of automated tests for two major purposes. +On the one hand, the test suite aids +.Em developers +in catching bugs and regressions in the code +when they are performing modifications to the source tree. +On the other hand, the test suite allows +.Em end users +(and, in particular, system administrators) to verify that fresh installations +of the +.Nx +operating system behave correctly in their hardware platform and also to ensure +that the system does not suffer from regressions during regular system +operation and maintenance. +.Pp +The +.Nx +tests are implemented using the +.Em Automated Testing Framework (ATF) , +a third-party package shipped with +.Nx ; +see +.Xr atf 7 +for details. +The +.Nx +test suite is distributed as a separate installation set, named +.Pa tests.tgz , +and the test programs are all installed under the +.Pa /usr/tests +hierarchy. +.Pp +This manual page describes how to execute the test suite and how to configure +some of its optional features. +.Ss When to run the tests? +Before diving into the details of how to run the test suite, here are some +scenarios in which you should be running them: +.Bl -bullet -offset indent +.It +After a fresh installation of +.Nx +to ensure that the system works correctly on your hardware platform. +.It +After an upgrade of +.Nx +to a different version to ensure that the new code works well on your +hardware platform and that the upgrade did not introduce regressions in your +configuration. +.It +After performing changes to the source tree to catch any bugs and/or regressions +introduced by the modifications. +.It +Periodically, maybe from a +.Xr cron 8 +job, to ensure that any changes to the system (such as the installation of +third-party packages or manual modifications to configuration files) do not +introduce unexpected failures. +.El +.Ss Installing the tests +If you chose to install the +.Pa tests.tgz +distribution set while setting up your +.Nx +system, the tests are already available in +.Pa /usr/tests . +Otherwise, install the set now by running: +.Bd -literal -offset indent +# cd / +# tar xzpf /path/to/tests.tgz +.Ed +.Ss Running the tests +Use the following commands to run the whole test suite: +.Bd -literal -offset indent +$ cd /usr/tests +$ atf-run | atf-report +.Ed +.Pp +The above will go through all test programs in +.Pa /usr/tests +recursively, execute them, and, at the very end, show a report of +the results of the test suite. +These results include the count of tests that succeeded (passed), the names of +the tests that failed, and the count of the tests that were not executed +(skipped) because the system configuration did not meet their requirements. +.Pp +If you are interested in saving the whole output of the test suite execution so +that you can later investigate failures, use the following idiom instead: +.Bd -literal -offset indent +$ cd /usr/tests +$ atf-run | tee ~/tests.log | atf-report +.Ed +.Pp +The above command will save the raw output of the test suite in +.Pa ~/tests.log , +which you can later inspect manually to look for failures. +Note that the file contains a copy of the +.Sq stdout +and +.Sq stderr +of each test case, which becomes valuable during debugging. +.Pp +It is also possible to restrict which tests to execute so that only a small +subsystem is tested; see +.Xr atf-run 1 +for details. +Additionally, it is also possible to run the test programs themselves by hand; +see +.Xr atf-test-program 1 +for more details, but be aware that you should only be doing this if you are +debugging failing tests. +.Ss Test environment considerations +Tests can be invoked as an unprivileged user, in which case tests that +require privileges will be skipped. +If run as root, an unprivileged user will be used for tests that +do not require privileges. +For maximal coverage, the standard approach is to invoke tests as root. +.Pp +Ideally, tests are self-contained and do not either depend on or +perturb the host environment, aside from skipping tests when optional +facilities are not available. +In reality, tests load and unload modules, and do other things that +might cause problems. +While it is not entirely safe to run tests on a multi-user system, +permanent problems or crashes from doing so are viewed as bugs and +should be reported. +.Ss Configuring the tests +Some test cases in the +.Nx +test suite require the administrator to manually set up some configuration +properties before they can run. +Unless these properties are defined, the tests that require them will be marked +as skipped and thus they will not be really executed. +.Pp +Each test suite is configured through a separate file that lives under +.Pa /etc/atf/ +and that carries the name of the test suite. +Henceforth, to configure the properties that affect the execution of the +.Nx +test suite, you need to edit +.Pa /etc/atf/NetBSD.conf . +The suite-specific configuration file implicitly depends on +.Pa /etc/atf/common.conf , +which contains properties shared among all test suites. +These files conform to the configuration file format described in +.Xr atf-formats 5 . +.Pp +The following configuration variables are available in the +.Nx +test suite: +.Bl -tag -width "unprivileged-user" +.It fstype +When set to a filesystem type, restrict tests programs from the +.Pa /usr/tests/fs/vfs/ +tree to only run test cases for the given type. +.It unprivileged-user +This variable allows setting an unprivileged user login name to be used by +tests. +Defaults to +.Sq _tests . +.El +.Ss What to do if something fails? +If there is +.Em any failure +during the execution of the test suite, please considering reporting it to the +.Nx +developers so that the failure can be analyzed and fixed. +To do so, either send a message to the appropriate mailing list or file a +problem report. +For more details please refer to: +.Bl -bullet -offset indent -compact +.It +.Lk https://www.netbsd.org/mailinglists/ "NetBSD mailing lists" +.It +.Lk https://www.netbsd.org/support/send-pr.html "NetBSD Problem Reports" +.El +.Sh FILES +.Bl -tag -compact -width etcXatfXNetBSDXconfXX +.It Pa /etc/atf/NetBSD.conf +Configuration file for the +.Nx +test suite. +.It Pa /etc/atf/common.conf +Configuration file for all test suites. +.It Pa /usr/tests/ +Location of the test suites. +.El +.Sh SEE ALSO +.Xr atf 7 +.Sh HISTORY +The +.Nm +manual page first appeared in +.Nx 6.0 . +.Pp +The ATF testing framework was first distributed with +.Nx 5.0 +and the collection of test programs in +.Pa /usr/tests +has been growing since then. +.Sh AUTHORS +.An Julio Merino Aq Mt jmmv@NetBSD.org diff --git a/static/netbsd/man7/tests.kyua.7 b/static/netbsd/man7/tests.kyua.7 new file mode 100644 index 00000000..b608fa71 --- /dev/null +++ b/static/netbsd/man7/tests.kyua.7 @@ -0,0 +1,248 @@ +.\" $NetBSD: tests.kyua.7,v 1.8 2023/08/27 15:17:50 rillig Exp $ +.\" +.\" Copyright (c) 2010 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND +.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +.\" IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd July 29, 2015 +.Dt TESTS 7 +.Os +.Sh NAME +.Nm tests +.Nd introduction to the NetBSD test suite +.Sh DESCRIPTION +The +.Nx +test suite provides a collection of automated tests for two major purposes. +On the one hand, the test suite aids +.Em developers +in catching bugs and regressions in the code +when they are performing modifications to the source tree. +On the other hand, the test suite allows +.Em end users +(and, in particular, system administrators) to verify that fresh installations +of the +.Nx +operating system behave correctly in their hardware platform and also to ensure +that the system does not suffer from regressions during regular system +operation and maintenance. +.Pp +The +.Nx +test suite is distributed as a separate installation set, named +.Pa tests.tgz , +and the test programs are all installed under the +.Pa /usr/tests +hierarchy. +.Pp +This manual page describes how to execute the test suite and how to configure +some of its optional features. +.Ss When to run the tests? +Before diving into the details of how to run the test suite, here are some +scenarios in which you should be running them: +.Bl -bullet -offset indent +.It +After a fresh installation of +.Nx +to ensure that the system works correctly on your hardware platform. +.It +After an upgrade of +.Nx +to a different version to ensure that the new code works well on your +hardware platform and that the upgrade did not introduce regressions in your +configuration. +.It +After performing changes to the source tree to catch any bugs and/or regressions +introduced by the modifications. +.It +Periodically, maybe from a +.Xr cron 8 +job, to ensure that any changes to the system (such as the installation of +third-party packages or manual modifications to configuration files) do not +introduce unexpected failures. +.El +.Ss Installing the tests +If you chose to install the +.Pa tests.tgz +distribution set while setting up your +.Nx +system, the tests are already available in +.Pa /usr/tests . +Otherwise, install the set now by running: +.Bd -literal -offset indent +# cd / +# tar xzpf /path/to/tests.tgz +.Ed +.Ss Running the tests +Use the following command to run the whole test suite: +.Bd -literal -offset indent +$ kyua test -k /usr/tests/Kyuafile +.Ed +.Pp +The above will go through all test programs in +.Pa /usr/tests +recursively, execute them, store their results and debugging data in Kyua +database (by default in +.Pa ~/.kyua/store.db ) , +and print a summary of the results. +This summary includes a brief count of all total tests run and how many of +them failed. +.Pp +It is possible to restrict which tests to run by providing their names in +the command line. +For example, this would execute the tests for the +.Xr cp 1 +and +.Xr cut 1 +utilities: +.Bd -literal -offset indent +$ kyua test -k /usr/tests/Kyuafile bin/cp usr.bin/cut +.Ed +.Ss Obtaining reports of the tests execution +Additional information of the results of the execution can be later extracted +from the database by using the various reporting commands of Kyua. +For example, the following would extract a plain-text report of the executed +tests and show which ones failed: +.Bd -literal -offset indent +$ kyua report +.Ed +.Pp +This other example would generate an HTML report ready to be published on a +web server, possibly the built-in +.Xr httpd 8 : +.Bd -literal -offset indent +$ kyua report-html --output ~/public_html/tests +.Ed +.Pp +For further details on the command-line interface of Kyua, please refer +to its manual page +.Xr kyua 1 . +.Ss Test environment considerations +Tests can be invoked as an unprivileged user, in which case tests that +require privileges will be skipped. +If run as root, an unprivileged user will be used for tests that +do not require privileges. +For maximal coverage, the standard approach is to invoke tests as root. +.Pp +Ideally, tests are self-contained and do not either depend on or +perturb the host environment, aside from skipping tests when optional +facilities are not available. +In reality, tests load and unload modules, and do other things that +might cause problems. +While it is not entirely safe to run tests on a multi-user system, +permanent problems or crashes from doing so are viewed as bugs and +should be reported. +.Ss Configuring the tests +Some test cases in the +.Nx +test suite require the administrator to manually set up some configuration +properties before they can run. +Unless these properties are defined, the tests that require them will be marked +as skipped and thus they will not be really executed. +.Pp +Test suites are configured by defining the values to their configuration +variables in +.Pa /etc/kyua/kyua.conf . +The format of this file is detailed in +.Xr kyua.conf 5 . +.Pp +The following configuration variables are available in the +.Nx +test suite: +.Bl -tag -width "fstype" +.It fstype +When set to a filesystem type, restrict tests programs from the +.Pa /usr/tests/fs/vfs/ . +.El +.Ss What to do if something fails? +If there is +.Em any failure +during the execution of the test suite, please considering reporting it to the +.Nx +developers so that the failure can be analyzed and fixed. +To do so, either send a message to the appropriate mailing list or file a +problem report. +For more details please refer to: +.Bl -bullet -offset indent -compact +.It +.Lk https://www.netbsd.org/mailinglists/ "NetBSD mailing lists" +.It +.Lk https://www.netbsd.org/support/send-pr.html "NetBSD Problem Reports" +.El +.Sh FILES +.Bl -tag -compact -width etcXatfXNetBSDXconfXX +.It Pa /etc/kyua/kyua.conf +System-wide configuration file for +.Xr kyua 1 . +.It Pa ~/.kyua/kyua.conf +User-specific configuration file for +.Xr kyua 1 ; +overrides the system file. +.It Pa ~/.kyua/store.db +Default database used by Kyua to maintain the data of the executed tests. +.It Pa /usr/tests/ +Location of the +.Nx +test suite. +.It Pa /usr/tests/Kyuafile +Top-level test suite definition file. +.El +.Sh SEE ALSO +.Xr kyua 1 , +.Xr kyua-report 1 , +.Xr kyua-test 1 +.Sh HISTORY +The collection of test programs in +.Pa /usr/tests +first appeared in +.Nx 5.0 +and has been growing since then. +.Pp +The +.Nm +manual page first appeared in +.Nx 6.0 +and was updated in +.Nx 7.0 +to describe the execution of the tests with Kyua rather than with ATF. +.Pp +The ATF testing framework was first distributed with +.Nx 5.0 +and the runtime tools of this framework are being phased out in +.Nx 7.0 . +Note that the +.Em libraries +that ship with ATF are still in active use and are not deprecated. +.Pp +The Kyua testing toolkit was first distributed with +.Nx 7.0 . +The +.Xr atf-run 1 +and +.Xr atf-report 1 +tools were replaced as part of this import to be backwards-compatibility +wrappers around +.Xr kyua 1 . +.Sh AUTHORS +.An Julio Merino Aq Mt jmmv@NetBSD.org diff --git a/static/netbsd/man7/users.7 b/static/netbsd/man7/users.7 new file mode 100644 index 00000000..345a5ed6 --- /dev/null +++ b/static/netbsd/man7/users.7 @@ -0,0 +1,206 @@ +.\" $NetBSD: users.7,v 1.5 2020/04/02 20:57:20 roy Exp $ +.\" +.\" Copyright (c) 2020 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd April 2, 2020 +.Dt USERS 7 +.Os +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh NAME +.Nm users +.Nd standard user account names +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh DESCRIPTION +A standard +.Nx +installation has the following user account names: +.\" These are currently sorted by uid; perhaps they should be sorted +.\" lexicographically by name instead. +.Bl -tag -width ".Em _tcpdump" +.It Em root +The super-user, uid 0, with the highest administrative privileges. +Normally not used for login directly, only via +.Xr su 1 +or equivalent by users in the +.Em wheel +group; see +.Xr groups 7 . +.Pp +Secondary groups: +.Em guest , +.Em kmem , +.Em nvmm , +.Em operator , +.Em staff , +.Em sys , +.Em tty . +.It Em toor +Like +.Em root , +this is the super-user with uid 0, but with no secondary group +memberships. +.Pp +Historically, +.Em root +had a login shell of +.Pa /bin/csh +while +.Em toor +had a login shell of +.Pa /bin/sh . +However, today both default to +.Pa /bin/sh . +This user account name is not used for anything in +.Nx ; +it is purely a convenience for actual users. +.\" Maybe we should just remove this. +.It Em daemon +Historic user for general daemonic activity. +.Pp +Owner of +.Pa /var/msgs ; +see +.Xr msgs 1 . +Used only by +.Xr rpcbind 8 , +with the +.Fl s +flag. +.It Em operator +Historic user. +Unused in modern +.Nx . +.It Em bin +Historic user. +Unused in modern +.Nx . +.It Em games +Owner of high-score files and other shared files for games. +.It Em postfix +Pseudo-user for use by the +.Xr postfix 1 +mail transfer agent. +.It Em named +Pseudo-user for use by the +.Xr named 8 +DNS nameserver daemon. +.It Em ntpd +Pseudo-user for use by the +.Xr ntpd 8 +network time protocol daemon. +.It Em sshd +Pseudo-user for use by the +.Xr sshd 8 +secure shell daemon. +.It Em _pflogd +Pseudo-user for use by the +.Xr pflogd 8 +log daemon with the +.Xr pf 4 +packet filter. +.It Em _rwhod +Pseudo-user for use by the +.Xr rwhod 8 +system status daemon. +.It Em _proxy +Pseudo-user for use by the +.Xr ftp-proxy 8 +and +.Xr tftp-proxy 8 +proxy daemons with packet filters such as +.Xr pf 4 +or +.Xr ipnat 4 . +.It Em _timedc +Pseudo-user for use by the +.Xr timedc 8 +tool to communicate with the +.Xr timed 8 +time server daemon. +.It Em _sdpd +Pseudo-user for use by the +.Xr sdpd 8 +Bluetooth service discovery protocol daemon. +.It Em _httpd +Pseudo-user for use by the +.Xr httpd 8 Pq bozohttpd +web server. +.It Em _mdnsd +Pseudo-user for use by the +.Xr mdnsd 8 +multicast DNS and DNS service discovery daemon. +.It Em _tests +Pseudo-user for use by +.Xr atf 7 +automatic tests that request to run unprivileged. +Default value for the +.Sq unprivileged-user +configuration variable; see +.Xr tests 7 . +.It Em _tcpdump +Pseudo-user for use by the +.Xr tcpdump 8 +network traffic dumper and analyzer. +.It Em _tss +Pseudo-user for use by the +.Xr tcsd 8 +.Sq Trusted Computing +daemon TPM to manage a TPM. +.It Em _dhcpcd +Pseudo-user for use by the +.Xr dhcpcd 8 +DHCP Client Daemon. +.It Em _rtadvd +Pseudo-user for use by the +.Xr rtadvd 8 +IPv6 network router advertisement daemon. +.It Em _unbound +Pseudo-user for the +.Xr unbound 8 +recursive DNS resolver. +.It Em _nsd +Pseudo-user for the +.Xr nsd 8 +authoritative DNS nameserver. +.It Em uucp +Pseudo-user for use by historic UUCP software, available now in +.Xr pkgsrc 7 . +.It Em nobody +Traditional pseudo-user used for dropping privileges. +Modern practice is to assign to each different daemon its own separate +pseudo-user account and group so that if one daemon is compromised it +does not compromise all the other daemons. +.El +.Pp +All new standard +.Nx +pseudo-user account names should begin with an underscore +.Sq "_" +to distinguish them from accounts that real users might add, and should +have a primary group of the same name; real users should accordingly +avoid such account names. +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh SEE ALSO +.Xr groups 7 |