From a9157ce950dfe2fc30795d43b9d79b9d1bffc48b Mon Sep 17 00:00:00 2001 From: Jacob McDonnell Date: Sat, 25 Apr 2026 19:54:44 -0400 Subject: docs: Added All OpenBSD Manuals --- static/openbsd/man8/MAKEDEV.8 | 263 +++ static/openbsd/man8/Makefile.yp.8 | 291 ++++ static/openbsd/man8/ac.8 | 152 ++ static/openbsd/man8/accton.8 | 79 + static/openbsd/man8/acpidump.8 | 92 ++ static/openbsd/man8/adduser.8 | 424 +++++ static/openbsd/man8/amd.8 | 225 +++ static/openbsd/man8/amq.8 | 116 ++ static/openbsd/man8/apm.8 | 168 ++ static/openbsd/man8/apmd.8 | 273 +++ static/openbsd/man8/apple_driver.8 | 50 + static/openbsd/man8/arp.8 | 220 +++ static/openbsd/man8/atactl.8 | 520 ++++++ static/openbsd/man8/audioctl.8 | 162 ++ static/openbsd/man8/authpf.8 | 579 +++++++ static/openbsd/man8/badsect.8 | 131 ++ static/openbsd/man8/bgpctl.8 | 512 ++++++ static/openbsd/man8/bgpd.8 | 485 ++++++ static/openbsd/man8/bgplg.8 | 219 +++ static/openbsd/man8/bgplgd.8 | 215 +++ static/openbsd/man8/bgplgsh.8 | 104 ++ static/openbsd/man8/bioctl.8 | 376 +++++ static/openbsd/man8/biosboot.8 | 256 +++ static/openbsd/man8/boot.8 | 241 +++ static/openbsd/man8/boot_alpha.8 | 115 ++ static/openbsd/man8/boot_amd64.8 | 191 +++ static/openbsd/man8/boot_hppa.8 | 347 ++++ static/openbsd/man8/boot_i386.8 | 193 +++ static/openbsd/man8/boot_luna88k.8 | 107 ++ static/openbsd/man8/boot_macppc.8 | 177 ++ static/openbsd/man8/boot_sparc64.8 | 169 ++ static/openbsd/man8/bpflogd.8 | 138 ++ static/openbsd/man8/btrace.8 | 86 + static/openbsd/man8/cdboot.8 | 124 ++ static/openbsd/man8/chat.8 | 634 +++++++ static/openbsd/man8/chown.8 | 175 ++ static/openbsd/man8/chroot.8 | 114 ++ static/openbsd/man8/clri.8 | 78 + static/openbsd/man8/comsat.8 | 93 ++ static/openbsd/man8/config.8 | 475 ++++++ static/openbsd/man8/cron.8 | 166 ++ static/openbsd/man8/crunchgen.8 | 327 ++++ static/openbsd/man8/cvsbug.8 | 243 +++ static/openbsd/man8/dev_mkdb.8 | 83 + static/openbsd/man8/dhcp6leasectl.8 | 71 + static/openbsd/man8/dhcp6leased.8 | 113 ++ static/openbsd/man8/dhcpd.8 | 524 ++++++ static/openbsd/man8/dhcpleasectl.8 | 71 + static/openbsd/man8/dhcpleased.8 | 122 ++ static/openbsd/man8/dhcrelay.8 | 173 ++ static/openbsd/man8/dhcrelay6.8 | 200 +++ static/openbsd/man8/disklabel.8 | 611 +++++++ static/openbsd/man8/dmesg.8 | 85 + static/openbsd/man8/dump.8 | 492 ++++++ static/openbsd/man8/dumpfs.8 | 80 + static/openbsd/man8/dvmrpctl.8 | 78 + static/openbsd/man8/dvmrpd.8 | 118 ++ static/openbsd/man8/edquota.8 | 168 ++ static/openbsd/man8/eeprom.8 | 236 +++ static/openbsd/man8/eigrpctl.8 | 183 ++ static/openbsd/man8/eigrpd.8 | 111 ++ static/openbsd/man8/fdisk.8 | 438 +++++ static/openbsd/man8/fingerd.8 | 166 ++ static/openbsd/man8/fsck.8 | 182 ++ static/openbsd/man8/fsck_ext2fs.8 | 249 +++ static/openbsd/man8/fsck_ffs.8 | 329 ++++ static/openbsd/man8/fsck_msdos.8 | 117 ++ static/openbsd/man8/fsdb.8 | 242 +++ static/openbsd/man8/fsirand.8 | 94 ++ static/openbsd/man8/ftp-proxy.8 | 202 +++ static/openbsd/man8/ftpd.8 | 568 +++++++ static/openbsd/man8/fw_update.8 | 121 ++ static/openbsd/man8/getty.8 | 134 ++ static/openbsd/man8/gpioctl.8 | 215 +++ static/openbsd/man8/group.8 | 87 + static/openbsd/man8/groupadd.8 | 72 + static/openbsd/man8/groupdel.8 | 67 + static/openbsd/man8/groupinfo.8 | 92 ++ static/openbsd/man8/groupmod.8 | 75 + static/openbsd/man8/growfs.8 | 147 ++ static/openbsd/man8/hostapd.8 | 142 ++ static/openbsd/man8/hostctl.8 | 155 ++ static/openbsd/man8/hotplugd.8 | 127 ++ static/openbsd/man8/httpd.8 | 100 ++ static/openbsd/man8/identd.8 | 104 ++ static/openbsd/man8/ifconfig.8 | 2663 ++++++++++++++++++++++++++++++ static/openbsd/man8/ifstated.8 | 89 + static/openbsd/man8/ikectl.8 | 366 ++++ static/openbsd/man8/iked.8 | 215 +++ static/openbsd/man8/inetd.8 | 392 +++++ static/openbsd/man8/init.8 | 329 ++++ static/openbsd/man8/installboot.8 | 134 ++ static/openbsd/man8/iostat.8 | 202 +++ static/openbsd/man8/ipsecctl.8 | 122 ++ static/openbsd/man8/isakmpd.8 | 827 ++++++++++ static/openbsd/man8/iscsictl.8 | 79 + static/openbsd/man8/iscsid.8 | 93 ++ static/openbsd/man8/isoinfo.8 | 124 ++ static/openbsd/man8/kbd.8 | 81 + static/openbsd/man8/kgmon.8 | 136 ++ static/openbsd/man8/kvm_mkdb.8 | 85 + static/openbsd/man8/ldapctl.8 | 103 ++ static/openbsd/man8/ldapd.8 | 169 ++ static/openbsd/man8/ldattach.8 | 174 ++ static/openbsd/man8/ldconfig.8 | 170 ++ static/openbsd/man8/ldomctl.8 | 218 +++ static/openbsd/man8/ldomd.8 | 57 + static/openbsd/man8/ldpctl.8 | 133 ++ static/openbsd/man8/ldpd.8 | 195 +++ static/openbsd/man8/lldp.8 | 62 + static/openbsd/man8/lldpd.8 | 71 + static/openbsd/man8/locate.mklocatedb.8 | 45 + static/openbsd/man8/locate.updatedb.8 | 108 ++ static/openbsd/man8/login_chpass.8 | 69 + static/openbsd/man8/login_lchpass.8 | 65 + static/openbsd/man8/login_ldap.8 | 253 +++ static/openbsd/man8/login_passwd.8 | 88 + static/openbsd/man8/login_radius.8 | 170 ++ static/openbsd/man8/login_reject.8 | 74 + static/openbsd/man8/login_skey.8 | 107 ++ static/openbsd/man8/login_token.8 | 103 ++ static/openbsd/man8/login_yubikey.8 | 138 ++ static/openbsd/man8/lpc.8 | 188 +++ static/openbsd/man8/lpd.8 | 363 ++++ static/openbsd/man8/mail.lmtp.8 | 55 + static/openbsd/man8/mail.local.8 | 182 ++ static/openbsd/man8/mail.maildir.8 | 46 + static/openbsd/man8/mail.mboxfile.8 | 34 + static/openbsd/man8/mail.mda.8 | 35 + static/openbsd/man8/mailwrapper.8 | 145 ++ static/openbsd/man8/makedbm.8 | 94 ++ static/openbsd/man8/makefs.8 | 332 ++++ static/openbsd/man8/makemap.8 | 174 ++ static/openbsd/man8/makewhatis.8 | 226 +++ static/openbsd/man8/man.cgi.8 | 428 +++++ static/openbsd/man8/map-mbone.8 | 130 ++ static/openbsd/man8/mbr.8 | 61 + static/openbsd/man8/memconfig.8 | 122 ++ static/openbsd/man8/mixerctl.8 | 209 +++ static/openbsd/man8/mkalias.8 | 91 + static/openbsd/man8/mkboot.8 | 55 + static/openbsd/man8/mkhybrid.8 | 1651 ++++++++++++++++++ static/openbsd/man8/mkisofs.8 | 689 ++++++++ static/openbsd/man8/mknetid.8 | 125 ++ static/openbsd/man8/mknod.8 | 143 ++ static/openbsd/man8/mkuboot.8 | 96 ++ static/openbsd/man8/mopd.8 | 119 ++ static/openbsd/man8/mount.8 | 411 +++++ static/openbsd/man8/mount_cd9660.8 | 117 ++ static/openbsd/man8/mount_ext2fs.8 | 88 + static/openbsd/man8/mount_ffs.8 | 108 ++ static/openbsd/man8/mount_msdos.8 | 184 +++ static/openbsd/man8/mount_nfs.8 | 268 +++ static/openbsd/man8/mount_ntfs.8 | 169 ++ static/openbsd/man8/mount_tmpfs.8 | 149 ++ static/openbsd/man8/mount_udf.8 | 59 + static/openbsd/man8/mount_vnd.8 | 186 +++ static/openbsd/man8/mountd.8 | 116 ++ static/openbsd/man8/mrinfo.8 | 148 ++ static/openbsd/man8/mrouted.8 | 476 ++++++ static/openbsd/man8/mtrace.8 | 528 ++++++ static/openbsd/man8/mtree.8 | 352 ++++ static/openbsd/man8/ncheck_ffs.8 | 141 ++ static/openbsd/man8/ndp.8 | 165 ++ static/openbsd/man8/netgroup_mkdb.8 | 81 + static/openbsd/man8/newaliases.8 | 86 + static/openbsd/man8/newfs.8 | 345 ++++ static/openbsd/man8/newfs_ext2fs.8 | 344 ++++ static/openbsd/man8/newfs_msdos.8 | 194 +++ static/openbsd/man8/newsyslog.8 | 451 +++++ static/openbsd/man8/nfsd.8 | 95 ++ static/openbsd/man8/nologin.8 | 59 + static/openbsd/man8/npppctl.8 | 126 ++ static/openbsd/man8/npppd.8 | 100 ++ static/openbsd/man8/ntpctl.8 | 79 + static/openbsd/man8/ntpd.8 | 159 ++ static/openbsd/man8/ocspcheck.8 | 111 ++ static/openbsd/man8/ospf6ctl.8 | 149 ++ static/openbsd/man8/ospf6d.8 | 209 +++ static/openbsd/man8/ospfctl.8 | 144 ++ static/openbsd/man8/ospfd.8 | 190 +++ static/openbsd/man8/pcidump.8 | 104 ++ static/openbsd/man8/pdisk.8 | 168 ++ static/openbsd/man8/pfctl.8 | 761 +++++++++ static/openbsd/man8/pflogd.8 | 218 +++ static/openbsd/man8/ping.8 | 444 +++++ static/openbsd/man8/pkg_check.8 | 127 ++ static/openbsd/man8/portmap.8 | 90 + static/openbsd/man8/pppd.8 | 1515 +++++++++++++++++ static/openbsd/man8/pppstats.8 | 235 +++ static/openbsd/man8/pstat.8 | 388 +++++ static/openbsd/man8/pwd_mkdb.8 | 164 ++ static/openbsd/man8/pxeboot.8 | 182 ++ static/openbsd/man8/quot.8 | 106 ++ static/openbsd/man8/quotacheck.8 | 158 ++ static/openbsd/man8/quotaon.8 | 126 ++ static/openbsd/man8/ractl.8 | 69 + static/openbsd/man8/rad.8 | 153 ++ static/openbsd/man8/radiusctl.8 | 138 ++ static/openbsd/man8/radiusd.8 | 78 + static/openbsd/man8/radiusd_bsdauth.8 | 61 + static/openbsd/man8/radiusd_eap2mschap.8 | 87 + static/openbsd/man8/radiusd_file.8 | 62 + static/openbsd/man8/radiusd_ipcp.8 | 199 +++ static/openbsd/man8/radiusd_radius.8 | 84 + static/openbsd/man8/radiusd_standard.8 | 77 + static/openbsd/man8/rarpd.8 | 110 ++ static/openbsd/man8/rbootd.8 | 156 ++ static/openbsd/man8/rcctl.8 | 238 +++ static/openbsd/man8/rdate.8 | 84 + static/openbsd/man8/rdsetroot.8 | 66 + static/openbsd/man8/reboot.8 | 110 ++ static/openbsd/man8/relayctl.8 | 228 +++ static/openbsd/man8/relayd.8 | 154 ++ static/openbsd/man8/renice.8 | 144 ++ static/openbsd/man8/repquota.8 | 96 ++ static/openbsd/man8/resolvd.8 | 96 ++ static/openbsd/man8/restore.8 | 455 +++++ static/openbsd/man8/revnetgroup.8 | 139 ++ static/openbsd/man8/ripctl.8 | 109 ++ static/openbsd/man8/ripd.8 | 103 ++ static/openbsd/man8/rmgroup.8 | 61 + static/openbsd/man8/rmt.8 | 219 +++ static/openbsd/man8/route.8 | 651 ++++++++ static/openbsd/man8/route6d.8 | 245 +++ static/openbsd/man8/rpc.bootparamd.8 | 83 + static/openbsd/man8/rpc.lockd.8 | 108 ++ static/openbsd/man8/rpc.rquotad.8 | 58 + static/openbsd/man8/rpc.rstatd.8 | 70 + static/openbsd/man8/rpc.rusersd.8 | 60 + static/openbsd/man8/rpc.rwalld.8 | 63 + static/openbsd/man8/rpc.statd.8 | 123 ++ static/openbsd/man8/rpcinfo.8 | 197 +++ static/openbsd/man8/rpki-client.8 | 487 ++++++ static/openbsd/man8/sa.8 | 246 +++ static/openbsd/man8/sasyncd.8 | 156 ++ static/openbsd/man8/savecore.8 | 131 ++ static/openbsd/man8/scan_ffs.8 | 140 ++ static/openbsd/man8/scsi.8 | 346 ++++ static/openbsd/man8/sendmail.8 | 86 + static/openbsd/man8/sensorsd.8 | 111 ++ static/openbsd/man8/setnetbootinfo.8 | 129 ++ static/openbsd/man8/sftp-server.8 | 170 ++ static/openbsd/man8/showmount.8 | 92 ++ static/openbsd/man8/shutdown.8 | 219 +++ static/openbsd/man8/skeyprune.8 | 72 + static/openbsd/man8/slaacctl.8 | 79 + static/openbsd/man8/slaacd.8 | 166 ++ static/openbsd/man8/slowcgi.8 | 129 ++ static/openbsd/man8/smtpctl.8 | 341 ++++ static/openbsd/man8/smtpd.8 | 167 ++ static/openbsd/man8/sndiod.8 | 587 +++++++ static/openbsd/man8/snmpd.8 | 117 ++ static/openbsd/man8/snmpd_metrics.8 | 112 ++ static/openbsd/man8/spamd-setup.8 | 123 ++ static/openbsd/man8/spamd.8 | 609 +++++++ static/openbsd/man8/spamdb.8 | 190 +++ static/openbsd/man8/spamlogd.8 | 140 ++ static/openbsd/man8/ssh-keysign.8 | 91 + static/openbsd/man8/ssh-pkcs11-helper.8 | 71 + static/openbsd/man8/ssh-sk-helper.8 | 71 + static/openbsd/man8/sshd.8 | 1018 ++++++++++++ static/openbsd/man8/strfile.8 | 149 ++ static/openbsd/man8/swapctl.8 | 230 +++ static/openbsd/man8/swapon.8 | 95 ++ static/openbsd/man8/sync.8 | 72 + static/openbsd/man8/sysctl.8 | 189 +++ static/openbsd/man8/syslogc.8 | 94 ++ static/openbsd/man8/syslogd.8 | 305 ++++ static/openbsd/man8/sysmerge.8 | 174 ++ static/openbsd/man8/syspatch.8 | 85 + static/openbsd/man8/sysupgrade.8 | 136 ++ static/openbsd/man8/talkd.8 | 75 + static/openbsd/man8/tcpdrop.8 | 85 + static/openbsd/man8/tcpdump.8 | 2065 +++++++++++++++++++++++ static/openbsd/man8/tftp-proxy.8 | 143 ++ static/openbsd/man8/tftpd.8 | 236 +++ static/openbsd/man8/tokenadm.8 | 130 ++ static/openbsd/man8/tokeninit.8 | 171 ++ static/openbsd/man8/traceroute.8 | 424 +++++ static/openbsd/man8/trpt.8 | 149 ++ static/openbsd/man8/ttyflags.8 | 86 + static/openbsd/man8/tunefs.8 | 164 ++ static/openbsd/man8/umount.8 | 114 ++ static/openbsd/man8/unwind.8 | 133 ++ static/openbsd/man8/unwindctl.8 | 80 + static/openbsd/man8/usbdevs.8 | 70 + static/openbsd/man8/user.8 | 148 ++ static/openbsd/man8/useradd.8 | 282 ++++ static/openbsd/man8/userdel.8 | 142 ++ static/openbsd/man8/userinfo.8 | 83 + static/openbsd/man8/usermod.8 | 276 ++++ static/openbsd/man8/vipw.8 | 113 ++ static/openbsd/man8/vmctl.8 | 440 +++++ static/openbsd/man8/vmd.8 | 140 ++ static/openbsd/man8/vmstat.8 | 221 +++ static/openbsd/man8/vnconfig.8 | 176 ++ static/openbsd/man8/watchdogd.8 | 95 ++ static/openbsd/man8/wsconscfg.8 | 162 ++ static/openbsd/man8/wsconsctl.8 | 242 +++ static/openbsd/man8/wsfontload.8 | 146 ++ static/openbsd/man8/wsmoused.8 | 196 +++ static/openbsd/man8/xxboot.8 | 65 + static/openbsd/man8/ypbind.8 | 135 ++ static/openbsd/man8/ypinit.8 | 65 + static/openbsd/man8/ypldap.8 | 81 + static/openbsd/man8/yppoll.8 | 77 + static/openbsd/man8/yppush.8 | 76 + static/openbsd/man8/ypserv.8 | 141 ++ static/openbsd/man8/ypset.8 | 82 + static/openbsd/man8/ypxfr.8 | 86 + static/openbsd/man8/zdump.8 | 87 + static/openbsd/man8/zic.8 | 469 ++++++ 313 files changed, 65034 insertions(+) create mode 100644 static/openbsd/man8/MAKEDEV.8 create mode 100644 static/openbsd/man8/Makefile.yp.8 create mode 100644 static/openbsd/man8/ac.8 create mode 100644 static/openbsd/man8/accton.8 create mode 100644 static/openbsd/man8/acpidump.8 create mode 100644 static/openbsd/man8/adduser.8 create mode 100644 static/openbsd/man8/amd.8 create mode 100644 static/openbsd/man8/amq.8 create mode 100644 static/openbsd/man8/apm.8 create mode 100644 static/openbsd/man8/apmd.8 create mode 100644 static/openbsd/man8/apple_driver.8 create mode 100644 static/openbsd/man8/arp.8 create mode 100644 static/openbsd/man8/atactl.8 create mode 100644 static/openbsd/man8/audioctl.8 create mode 100644 static/openbsd/man8/authpf.8 create mode 100644 static/openbsd/man8/badsect.8 create mode 100644 static/openbsd/man8/bgpctl.8 create mode 100644 static/openbsd/man8/bgpd.8 create mode 100644 static/openbsd/man8/bgplg.8 create mode 100644 static/openbsd/man8/bgplgd.8 create mode 100644 static/openbsd/man8/bgplgsh.8 create mode 100644 static/openbsd/man8/bioctl.8 create mode 100644 static/openbsd/man8/biosboot.8 create mode 100644 static/openbsd/man8/boot.8 create mode 100644 static/openbsd/man8/boot_alpha.8 create mode 100644 static/openbsd/man8/boot_amd64.8 create mode 100644 static/openbsd/man8/boot_hppa.8 create mode 100644 static/openbsd/man8/boot_i386.8 create mode 100644 static/openbsd/man8/boot_luna88k.8 create mode 100644 static/openbsd/man8/boot_macppc.8 create mode 100644 static/openbsd/man8/boot_sparc64.8 create mode 100644 static/openbsd/man8/bpflogd.8 create mode 100644 static/openbsd/man8/btrace.8 create mode 100644 static/openbsd/man8/cdboot.8 create mode 100644 static/openbsd/man8/chat.8 create mode 100644 static/openbsd/man8/chown.8 create mode 100644 static/openbsd/man8/chroot.8 create mode 100644 static/openbsd/man8/clri.8 create mode 100644 static/openbsd/man8/comsat.8 create mode 100644 static/openbsd/man8/config.8 create mode 100644 static/openbsd/man8/cron.8 create mode 100644 static/openbsd/man8/crunchgen.8 create mode 100644 static/openbsd/man8/cvsbug.8 create mode 100644 static/openbsd/man8/dev_mkdb.8 create mode 100644 static/openbsd/man8/dhcp6leasectl.8 create mode 100644 static/openbsd/man8/dhcp6leased.8 create mode 100644 static/openbsd/man8/dhcpd.8 create mode 100644 static/openbsd/man8/dhcpleasectl.8 create mode 100644 static/openbsd/man8/dhcpleased.8 create mode 100644 static/openbsd/man8/dhcrelay.8 create mode 100644 static/openbsd/man8/dhcrelay6.8 create mode 100644 static/openbsd/man8/disklabel.8 create mode 100644 static/openbsd/man8/dmesg.8 create mode 100644 static/openbsd/man8/dump.8 create mode 100644 static/openbsd/man8/dumpfs.8 create mode 100644 static/openbsd/man8/dvmrpctl.8 create mode 100644 static/openbsd/man8/dvmrpd.8 create mode 100644 static/openbsd/man8/edquota.8 create mode 100644 static/openbsd/man8/eeprom.8 create mode 100644 static/openbsd/man8/eigrpctl.8 create mode 100644 static/openbsd/man8/eigrpd.8 create mode 100644 static/openbsd/man8/fdisk.8 create mode 100644 static/openbsd/man8/fingerd.8 create mode 100644 static/openbsd/man8/fsck.8 create mode 100644 static/openbsd/man8/fsck_ext2fs.8 create mode 100644 static/openbsd/man8/fsck_ffs.8 create mode 100644 static/openbsd/man8/fsck_msdos.8 create mode 100644 static/openbsd/man8/fsdb.8 create mode 100644 static/openbsd/man8/fsirand.8 create mode 100644 static/openbsd/man8/ftp-proxy.8 create mode 100644 static/openbsd/man8/ftpd.8 create mode 100644 static/openbsd/man8/fw_update.8 create mode 100644 static/openbsd/man8/getty.8 create mode 100644 static/openbsd/man8/gpioctl.8 create mode 100644 static/openbsd/man8/group.8 create mode 100644 static/openbsd/man8/groupadd.8 create mode 100644 static/openbsd/man8/groupdel.8 create mode 100644 static/openbsd/man8/groupinfo.8 create mode 100644 static/openbsd/man8/groupmod.8 create mode 100644 static/openbsd/man8/growfs.8 create mode 100644 static/openbsd/man8/hostapd.8 create mode 100644 static/openbsd/man8/hostctl.8 create mode 100644 static/openbsd/man8/hotplugd.8 create mode 100644 static/openbsd/man8/httpd.8 create mode 100644 static/openbsd/man8/identd.8 create mode 100644 static/openbsd/man8/ifconfig.8 create mode 100644 static/openbsd/man8/ifstated.8 create mode 100644 static/openbsd/man8/ikectl.8 create mode 100644 static/openbsd/man8/iked.8 create mode 100644 static/openbsd/man8/inetd.8 create mode 100644 static/openbsd/man8/init.8 create mode 100644 static/openbsd/man8/installboot.8 create mode 100644 static/openbsd/man8/iostat.8 create mode 100644 static/openbsd/man8/ipsecctl.8 create mode 100644 static/openbsd/man8/isakmpd.8 create mode 100644 static/openbsd/man8/iscsictl.8 create mode 100644 static/openbsd/man8/iscsid.8 create mode 100644 static/openbsd/man8/isoinfo.8 create mode 100644 static/openbsd/man8/kbd.8 create mode 100644 static/openbsd/man8/kgmon.8 create mode 100644 static/openbsd/man8/kvm_mkdb.8 create mode 100644 static/openbsd/man8/ldapctl.8 create mode 100644 static/openbsd/man8/ldapd.8 create mode 100644 static/openbsd/man8/ldattach.8 create mode 100644 static/openbsd/man8/ldconfig.8 create mode 100644 static/openbsd/man8/ldomctl.8 create mode 100644 static/openbsd/man8/ldomd.8 create mode 100644 static/openbsd/man8/ldpctl.8 create mode 100644 static/openbsd/man8/ldpd.8 create mode 100644 static/openbsd/man8/lldp.8 create mode 100644 static/openbsd/man8/lldpd.8 create mode 100644 static/openbsd/man8/locate.mklocatedb.8 create mode 100644 static/openbsd/man8/locate.updatedb.8 create mode 100644 static/openbsd/man8/login_chpass.8 create mode 100644 static/openbsd/man8/login_lchpass.8 create mode 100644 static/openbsd/man8/login_ldap.8 create mode 100644 static/openbsd/man8/login_passwd.8 create mode 100644 static/openbsd/man8/login_radius.8 create mode 100644 static/openbsd/man8/login_reject.8 create mode 100644 static/openbsd/man8/login_skey.8 create mode 100644 static/openbsd/man8/login_token.8 create mode 100644 static/openbsd/man8/login_yubikey.8 create mode 100644 static/openbsd/man8/lpc.8 create mode 100644 static/openbsd/man8/lpd.8 create mode 100644 static/openbsd/man8/mail.lmtp.8 create mode 100644 static/openbsd/man8/mail.local.8 create mode 100644 static/openbsd/man8/mail.maildir.8 create mode 100644 static/openbsd/man8/mail.mboxfile.8 create mode 100644 static/openbsd/man8/mail.mda.8 create mode 100644 static/openbsd/man8/mailwrapper.8 create mode 100644 static/openbsd/man8/makedbm.8 create mode 100644 static/openbsd/man8/makefs.8 create mode 100644 static/openbsd/man8/makemap.8 create mode 100644 static/openbsd/man8/makewhatis.8 create mode 100644 static/openbsd/man8/man.cgi.8 create mode 100644 static/openbsd/man8/map-mbone.8 create mode 100644 static/openbsd/man8/mbr.8 create mode 100644 static/openbsd/man8/memconfig.8 create mode 100644 static/openbsd/man8/mixerctl.8 create mode 100644 static/openbsd/man8/mkalias.8 create mode 100644 static/openbsd/man8/mkboot.8 create mode 100644 static/openbsd/man8/mkhybrid.8 create mode 100644 static/openbsd/man8/mkisofs.8 create mode 100644 static/openbsd/man8/mknetid.8 create mode 100644 static/openbsd/man8/mknod.8 create mode 100644 static/openbsd/man8/mkuboot.8 create mode 100644 static/openbsd/man8/mopd.8 create mode 100644 static/openbsd/man8/mount.8 create mode 100644 static/openbsd/man8/mount_cd9660.8 create mode 100644 static/openbsd/man8/mount_ext2fs.8 create mode 100644 static/openbsd/man8/mount_ffs.8 create mode 100644 static/openbsd/man8/mount_msdos.8 create mode 100644 static/openbsd/man8/mount_nfs.8 create mode 100644 static/openbsd/man8/mount_ntfs.8 create mode 100644 static/openbsd/man8/mount_tmpfs.8 create mode 100644 static/openbsd/man8/mount_udf.8 create mode 100644 static/openbsd/man8/mount_vnd.8 create mode 100644 static/openbsd/man8/mountd.8 create mode 100644 static/openbsd/man8/mrinfo.8 create mode 100644 static/openbsd/man8/mrouted.8 create mode 100644 static/openbsd/man8/mtrace.8 create mode 100644 static/openbsd/man8/mtree.8 create mode 100644 static/openbsd/man8/ncheck_ffs.8 create mode 100644 static/openbsd/man8/ndp.8 create mode 100644 static/openbsd/man8/netgroup_mkdb.8 create mode 100644 static/openbsd/man8/newaliases.8 create mode 100644 static/openbsd/man8/newfs.8 create mode 100644 static/openbsd/man8/newfs_ext2fs.8 create mode 100644 static/openbsd/man8/newfs_msdos.8 create mode 100644 static/openbsd/man8/newsyslog.8 create mode 100644 static/openbsd/man8/nfsd.8 create mode 100644 static/openbsd/man8/nologin.8 create mode 100644 static/openbsd/man8/npppctl.8 create mode 100644 static/openbsd/man8/npppd.8 create mode 100644 static/openbsd/man8/ntpctl.8 create mode 100644 static/openbsd/man8/ntpd.8 create mode 100644 static/openbsd/man8/ocspcheck.8 create mode 100644 static/openbsd/man8/ospf6ctl.8 create mode 100644 static/openbsd/man8/ospf6d.8 create mode 100644 static/openbsd/man8/ospfctl.8 create mode 100644 static/openbsd/man8/ospfd.8 create mode 100644 static/openbsd/man8/pcidump.8 create mode 100644 static/openbsd/man8/pdisk.8 create mode 100644 static/openbsd/man8/pfctl.8 create mode 100644 static/openbsd/man8/pflogd.8 create mode 100644 static/openbsd/man8/ping.8 create mode 100644 static/openbsd/man8/pkg_check.8 create mode 100644 static/openbsd/man8/portmap.8 create mode 100644 static/openbsd/man8/pppd.8 create mode 100644 static/openbsd/man8/pppstats.8 create mode 100644 static/openbsd/man8/pstat.8 create mode 100644 static/openbsd/man8/pwd_mkdb.8 create mode 100644 static/openbsd/man8/pxeboot.8 create mode 100644 static/openbsd/man8/quot.8 create mode 100644 static/openbsd/man8/quotacheck.8 create mode 100644 static/openbsd/man8/quotaon.8 create mode 100644 static/openbsd/man8/ractl.8 create mode 100644 static/openbsd/man8/rad.8 create mode 100644 static/openbsd/man8/radiusctl.8 create mode 100644 static/openbsd/man8/radiusd.8 create mode 100644 static/openbsd/man8/radiusd_bsdauth.8 create mode 100644 static/openbsd/man8/radiusd_eap2mschap.8 create mode 100644 static/openbsd/man8/radiusd_file.8 create mode 100644 static/openbsd/man8/radiusd_ipcp.8 create mode 100644 static/openbsd/man8/radiusd_radius.8 create mode 100644 static/openbsd/man8/radiusd_standard.8 create mode 100644 static/openbsd/man8/rarpd.8 create mode 100644 static/openbsd/man8/rbootd.8 create mode 100644 static/openbsd/man8/rcctl.8 create mode 100644 static/openbsd/man8/rdate.8 create mode 100644 static/openbsd/man8/rdsetroot.8 create mode 100644 static/openbsd/man8/reboot.8 create mode 100644 static/openbsd/man8/relayctl.8 create mode 100644 static/openbsd/man8/relayd.8 create mode 100644 static/openbsd/man8/renice.8 create mode 100644 static/openbsd/man8/repquota.8 create mode 100644 static/openbsd/man8/resolvd.8 create mode 100644 static/openbsd/man8/restore.8 create mode 100644 static/openbsd/man8/revnetgroup.8 create mode 100644 static/openbsd/man8/ripctl.8 create mode 100644 static/openbsd/man8/ripd.8 create mode 100644 static/openbsd/man8/rmgroup.8 create mode 100644 static/openbsd/man8/rmt.8 create mode 100644 static/openbsd/man8/route.8 create mode 100644 static/openbsd/man8/route6d.8 create mode 100644 static/openbsd/man8/rpc.bootparamd.8 create mode 100644 static/openbsd/man8/rpc.lockd.8 create mode 100644 static/openbsd/man8/rpc.rquotad.8 create mode 100644 static/openbsd/man8/rpc.rstatd.8 create mode 100644 static/openbsd/man8/rpc.rusersd.8 create mode 100644 static/openbsd/man8/rpc.rwalld.8 create mode 100644 static/openbsd/man8/rpc.statd.8 create mode 100644 static/openbsd/man8/rpcinfo.8 create mode 100644 static/openbsd/man8/rpki-client.8 create mode 100644 static/openbsd/man8/sa.8 create mode 100644 static/openbsd/man8/sasyncd.8 create mode 100644 static/openbsd/man8/savecore.8 create mode 100644 static/openbsd/man8/scan_ffs.8 create mode 100644 static/openbsd/man8/scsi.8 create mode 100644 static/openbsd/man8/sendmail.8 create mode 100644 static/openbsd/man8/sensorsd.8 create mode 100644 static/openbsd/man8/setnetbootinfo.8 create mode 100644 static/openbsd/man8/sftp-server.8 create mode 100644 static/openbsd/man8/showmount.8 create mode 100644 static/openbsd/man8/shutdown.8 create mode 100644 static/openbsd/man8/skeyprune.8 create mode 100644 static/openbsd/man8/slaacctl.8 create mode 100644 static/openbsd/man8/slaacd.8 create mode 100644 static/openbsd/man8/slowcgi.8 create mode 100644 static/openbsd/man8/smtpctl.8 create mode 100644 static/openbsd/man8/smtpd.8 create mode 100644 static/openbsd/man8/sndiod.8 create mode 100644 static/openbsd/man8/snmpd.8 create mode 100644 static/openbsd/man8/snmpd_metrics.8 create mode 100644 static/openbsd/man8/spamd-setup.8 create mode 100644 static/openbsd/man8/spamd.8 create mode 100644 static/openbsd/man8/spamdb.8 create mode 100644 static/openbsd/man8/spamlogd.8 create mode 100644 static/openbsd/man8/ssh-keysign.8 create mode 100644 static/openbsd/man8/ssh-pkcs11-helper.8 create mode 100644 static/openbsd/man8/ssh-sk-helper.8 create mode 100644 static/openbsd/man8/sshd.8 create mode 100644 static/openbsd/man8/strfile.8 create mode 100644 static/openbsd/man8/swapctl.8 create mode 100644 static/openbsd/man8/swapon.8 create mode 100644 static/openbsd/man8/sync.8 create mode 100644 static/openbsd/man8/sysctl.8 create mode 100644 static/openbsd/man8/syslogc.8 create mode 100644 static/openbsd/man8/syslogd.8 create mode 100644 static/openbsd/man8/sysmerge.8 create mode 100644 static/openbsd/man8/syspatch.8 create mode 100644 static/openbsd/man8/sysupgrade.8 create mode 100644 static/openbsd/man8/talkd.8 create mode 100644 static/openbsd/man8/tcpdrop.8 create mode 100644 static/openbsd/man8/tcpdump.8 create mode 100644 static/openbsd/man8/tftp-proxy.8 create mode 100644 static/openbsd/man8/tftpd.8 create mode 100644 static/openbsd/man8/tokenadm.8 create mode 100644 static/openbsd/man8/tokeninit.8 create mode 100644 static/openbsd/man8/traceroute.8 create mode 100644 static/openbsd/man8/trpt.8 create mode 100644 static/openbsd/man8/ttyflags.8 create mode 100644 static/openbsd/man8/tunefs.8 create mode 100644 static/openbsd/man8/umount.8 create mode 100644 static/openbsd/man8/unwind.8 create mode 100644 static/openbsd/man8/unwindctl.8 create mode 100644 static/openbsd/man8/usbdevs.8 create mode 100644 static/openbsd/man8/user.8 create mode 100644 static/openbsd/man8/useradd.8 create mode 100644 static/openbsd/man8/userdel.8 create mode 100644 static/openbsd/man8/userinfo.8 create mode 100644 static/openbsd/man8/usermod.8 create mode 100644 static/openbsd/man8/vipw.8 create mode 100644 static/openbsd/man8/vmctl.8 create mode 100644 static/openbsd/man8/vmd.8 create mode 100644 static/openbsd/man8/vmstat.8 create mode 100644 static/openbsd/man8/vnconfig.8 create mode 100644 static/openbsd/man8/watchdogd.8 create mode 100644 static/openbsd/man8/wsconscfg.8 create mode 100644 static/openbsd/man8/wsconsctl.8 create mode 100644 static/openbsd/man8/wsfontload.8 create mode 100644 static/openbsd/man8/wsmoused.8 create mode 100644 static/openbsd/man8/xxboot.8 create mode 100644 static/openbsd/man8/ypbind.8 create mode 100644 static/openbsd/man8/ypinit.8 create mode 100644 static/openbsd/man8/ypldap.8 create mode 100644 static/openbsd/man8/yppoll.8 create mode 100644 static/openbsd/man8/yppush.8 create mode 100644 static/openbsd/man8/ypserv.8 create mode 100644 static/openbsd/man8/ypset.8 create mode 100644 static/openbsd/man8/ypxfr.8 create mode 100644 static/openbsd/man8/zdump.8 create mode 100644 static/openbsd/man8/zic.8 (limited to 'static/openbsd/man8') diff --git a/static/openbsd/man8/MAKEDEV.8 b/static/openbsd/man8/MAKEDEV.8 new file mode 100644 index 00000000..fcb4e6a1 --- /dev/null +++ b/static/openbsd/man8/MAKEDEV.8 @@ -0,0 +1,263 @@ +.\" $OpenBSD: MAKEDEV.8,v 1.79 2025/09/29 01:02:58 deraadt Exp $ +.\" +.\" THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. +.\" generated from: +.\" +.\" OpenBSD: etc.hppa/MAKEDEV.md,v 1.71 2025/09/29 01:00:14 deraadt Exp +.\" OpenBSD: MAKEDEV.common,v 1.122 2025/01/08 23:09:25 kirill Exp +.\" OpenBSD: MAKEDEV.man,v 1.10 2025/09/29 01:00:14 deraadt Exp +.\" OpenBSD: MAKEDEV.mansub,v 1.2 2004/02/20 19:13:01 miod Exp +.\" +.\" Copyright (c) 2004, Miodrag Vallat +.\" Copyright (c) 2001-2004 Todd T. Fries +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 29 2025 $ +.Dt MAKEDEV 8 hppa +.Os +.Sh NAME +.Nm MAKEDEV +.Nd create system and device special files +.Sh SYNOPSIS +.Nm MAKEDEV +.Op Ar name ... +.Sh DESCRIPTION +The shell script +.Nm , +found in the +.Pa /dev +directory, is used to create various special files. +See +.Xr intro 4 +for a more complete discussion of special files. +.Pp +.Nm +takes any number of device names as arguments, where the names are +the common abbreviation for the device or group of devices. +Files are created in the current working directory. +.Pp +Where a device name is followed by a star +.Sq * , +the star must be replaced by a unit number. +If units are expected for a device but not provided, +.Nm +will supply the standard numbers in most cases. +.Pp +The hppa supports the following devices: +.Pp +.Sy Special device names +.Bl -tag -width tenletters -compact +.It Ar all +Creates special files for all devices on hppa. +.It Ar ramdisk +Ramdisk kernel devices. +.It Ar std +Creates the +.Sq standard +devices (console, klog, kmem, ksyms, mem, null, +stderr, stdin, stdout, tty, zero) +which are absolutely necessary for the system to function properly. +.It Ar local +Creates configuration-specific devices, by invoking the shell file +.Pa MAKEDEV.local . +.It Ar redodisks +Recreates all partitions for disks found in +.Pa /etc . +.El +.Pp +.Sy Disks +.Bl -tag -width tenletters -compact +.It Ar cd* +ATAPI and SCSI CD-ROM drives, see +.Xr cd 4 . +.It Ar fd* +Floppy disk drives (3 1/2", 5 1/4"), see +.Xr fd 4 . +.It Ar sd* +SCSI disks, including flopticals, see +.Xr sd 4 . +.It Ar rd* +.Dq rd +pseudo-disks, see +.Xr rd 4 . +.It Ar vnd* +.Dq file +pseudo-disk devices, see +.Xr vnd 4 . +.It Ar wd* +.Dq winchester +disk drives (ST506, IDE, ESDI, RLL, ...), see +.Xr wd 4 . +.El +.Pp +.Sy Tapes +.Bl -tag -width tenletters -compact +.It Ar ch* +SCSI media changers, see +.Xr ch 4 . +.It Ar st* +SCSI tape drives, see +.Xr st 4 . +.El +.Pp +.Sy Terminal ports +.Bl -tag -width tenletters -compact +.It Ar tty[0-7][0-9a-f] +NS16x50 serial ports, see +.Xr com 4 . +.El +.Pp +.Sy Pseudo terminals +.Bl -tag -width tenletters -compact +.It Ar ptm +pty master device, see +.Xr ptm 4 . +.It Ar pty* +Set of 62 master pseudo terminals, see +.Xr pty 4 . +.It Ar tty* +Set of 62 slave pseudo terminals, see +.Xr tty 4 . +.El +.Pp +.Sy Console ports +.Bl -tag -width tenletters -compact +.It Ar ttyC-J* +wscons display devices, see +.Xr wsdisplay 4 . +.It Ar wscons +Minimal wscons devices, see +.Xr wscons 4 . +.It Ar wskbd* +wscons keyboards, see +.Xr wskbd 4 . +.It Ar wsmux +wscons keyboard/mouse mux devices, see +.Xr wsmux 4 . +.El +.Pp +.Sy Pointing devices +.Bl -tag -width tenletters -compact +.It Ar wsmouse* +wscons mice, see +.Xr wsmouse 4 . +.El +.Pp +.Sy Printers +.Bl -tag -width tenletters -compact +.It Ar lpt* +IEEE 1284 centronics printer, see +.Xr lpt 4 . +.El +.Pp +.Sy USB devices +.Bl -tag -width tenletters -compact +.It Ar uall +All USB devices, see +.Xr usb 4 . +.It Ar usb* +Bus control devices used by usbd for attach/detach, see +.Xr usb 4 . +.It Ar uhid* +Generic HID devices, see +.Xr uhid 4 . +.It Ar fido +fido/* nodes, see +.Xr fido 4 . +.It Ar ujoy +ujoy/* nodes, see +.Xr ujoy 4 . +.It Ar ugen* +Generic USB devices, see +.Xr ugen 4 . +.It Ar ulpt* +Printer devices, see +.Xr ulpt 4 . +.It Ar ttyU* +USB serial ports, see +.Xr ucom 4 . +.El +.Pp +.Sy Special purpose devices +.Bl -tag -width tenletters -compact +.It Ar audio* +Audio devices, see +.Xr audio 4 . +.It Ar bio +ioctl tunnel pseudo-device, see +.Xr bio 4 . +.It Ar bpf +Berkeley Packet Filter, see +.Xr bpf 4 . +.It Ar diskmap +Disk mapper, see +.Xr diskmap 4 . +.It Ar dt +Dynamic Tracer, see +.Xr dt 4 . +.It Ar fd +fd/* nodes, see +.Xr fd 4 . +.It Ar fuse +Userland Filesystem, see +.Xr fuse 4 . +.It Ar hotplug +devices hot plugging, see +.Xr hotplug 4 . +.It Ar pci* +PCI bus devices, see +.Xr pci 4 . +.It Ar pdc +PDC device, see +.Xr pdc 4 . +.It Ar pf +Packet Filter, see +.Xr pf 4 . +.It Ar pppx* +PPP Multiplexer, see +.Xr pppx 4 . +.It Ar pppac* +PPP Access Concentrator, see +.Xr pppac 4 . +.It Ar *random +In-kernel random data source, see +.Xr random 4 . +.It Ar tun* +Network tunnel driver, see +.Xr tun 4 . +.It Ar tap* +Ethernet tunnel driver, see +.Xr tap 4 . +.It Ar uk* +Unknown SCSI devices, see +.Xr uk 4 . +.It Ar video* +Video V4L2 devices, see +.Xr video 4 . +.It Ar vscsi* +Virtual SCSI controller, see +.Xr vscsi 4 . +.It Ar kstat +Kernel Statistics, see +.Xr kstat 4 . +.El +.Sh FILES +.Bl -tag -width /dev -compact +.It Pa /dev +The special file directory. +.El +.Sh SEE ALSO +.Xr intro 4 , +.Xr config 8 , +.Xr mknod 8 diff --git a/static/openbsd/man8/Makefile.yp.8 b/static/openbsd/man8/Makefile.yp.8 new file mode 100644 index 00000000..766bf262 --- /dev/null +++ b/static/openbsd/man8/Makefile.yp.8 @@ -0,0 +1,291 @@ +.\" $OpenBSD: Makefile.yp.8,v 1.10 2019/08/30 19:34:04 deraadt Exp $ +.\" +.\" Copyright (c) 2008 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 30 2019 $ +.Dt MAKEFILE.YP 8 +.Os +.Sh NAME +.Nm Makefile.yp +.Nd generate and distribute YP maps +.Sh SYNOPSIS +.Li cd /var/yp; make +.Sh DESCRIPTION +The +.Nm +utility generates or updates the YP maps to be served by +.Xr ypserv 8 . +.Pp +Each YP domain to be served must have its own subdirectory below +.Pa /var/yp . +Use +.Xr ypinit 8 +to set up such subdirectories. +In particular, +.Xr ypinit 8 +will copy +.Pa /var/yp/Makefile.yp +into each new domain subdirectory. +For common configuration changes affecting all future domains, edit +.Pa /var/yp/Makefile.yp +before running +.Xr ypinit 8 . +For configuration changes affecting only one individual domain, edit the +.Pa Makefile +in the respective domain subdirectory after running +.Xr ypinit 8 . +Do +.Em not +edit +.Pa /var/yp/Makefile.yp.dist . +.Pp +By default, input data for generating YP maps is collected from the +.Pa /etc +directory. +Edit the +.Dv DIR +variable to choose a different source directory. +.Pp +To regenerate all maps for all domains, run +.Xr make 1 +in +.Pa /var/yp . +To regenerate all maps for one single domain, run +.Xr make 1 +in the respective domain subdirectory. +The +.Xr makedbm 8 +utility will be used to create the maps in Berkeley DB format, +and they will be stored inside the appropriate domain subdirectory. +.Pp +Whenever a YP map has been updated, it is automatically distributed to all +slave servers in the respective domain using the +.Xr yppush 8 +utility. +To disable automatic distribution, set the +.Dv NOPUSH +variable to an arbitrary, non-empty, value. +.Sh STANDARD YP MAPS +By default, +.Nm +provides the following +.Xr make 1 +targets: +.Bl -tag -width protocols +.It Ic passwd +Generates the +.Pa passwd.byname , +.Pa passwd.byuid , +.Pa master.passwd.byname , +and +.Pa master.passwd.byuid +maps from +.Xr master.passwd 5 +for use by +.Xr getpwent 3 . +.Pp +The +.Pa master.passwd.*\& +maps always contain complete records in +.Xr master.passwd 5 +format, including the encrypted passwords. +.Pp +The +.Pa passwd.*\& +maps follow the reduced +.Xr passwd 5 +format having the class, change, and expire fields removed but by default +the encrypted passwords are included too. +If the +.Dv UNSECURE +variable is changed to be empty, the encrypted passwords are replaced by +asterisks +.Pq Ql \&* . +This +.Dq secure +mode is compatible with +.Ox +and +.Fx +clients. +.Pp +The +.Dv MINUID +and +.Dv MAXUID +variables restrict the range of user IDs included into the four passwd maps. +By default, system users are not included. +.It Ic netgroup +Generates the +.Pa netgroup , +.Pa netgroup.byuser , +and +.Pa netgroup.byhost +maps from +.Xr netgroup 5 +for use by +.Xr getnetgrent 3 +and +.Xr passwd 5 . +Requires the +.Xr revnetgroup 8 +utility. +.It Ic group +Generates the +.Pa group.byname +and +.Pa group.bygid +maps from +.Xr group 5 +for use by +.Xr getgrent 3 . +.Pp +The +.Dv MINGID +and +.Dv MAXGID +variables restrict the range of group IDs included into both group maps. +By default, system groups are not included. +.It Ic netid +Generates the +.Pa netid.byname +map from +.Xr netid 5 , +.Xr passwd 5 , +.Xr group 5 , +and +.Xr hosts 5 +for use by +.Xr getgrouplist 3 . +Falls back to +.Xr master.passwd 5 +in case +.Xr passwd 5 +is not available. +Requires the +.Xr mknetid 8 +utility. +.It Ic hosts +Generates the +.Pa hosts.byname +and +.Pa hosts.byaddr +maps from +.Xr hosts 5 +for use by +.Xr gethostbyname 3 . +.Pp +To get +.Xr ypserv 8 +to ask DNS for unknown hosts, set the +.Dv USEDNS +variable to +.Fl b . +.It Ic ethers +Generates the +.Pa ethers.byaddr +and +.Pa ethers.byname +maps from +.Xr ethers 5 +for use by +.Xr ether_aton 3 . +.It Ic rpc +Generates the +.Pa rpc.bynumber +map from +.Xr rpc 5 +for use by +.Xr getrpcent 3 . +.It Ic services +Generates the +.Pa services.byname +map from +.Xr services 5 +for use by +.Xr getservent 3 . +.It Ic protocols +Generates the +.Pa protocols.byname +and +.Pa protocols.bynumber +maps from +.Xr protocols 5 +for use by +.Xr getprotoent 3 . +.It Ic aliases +Generates the +.Pa mail.aliases +and +.Pa mail.byaddr +maps from +.Xr aliases 5 . +This target uses both +.Xr sendmail 8 +with the option +.Fl bi +and the +.Xr mkalias 8 +utility. +.It Ic amd.home +Generates the +.Pa amd.home +map from the file +.Pa /etc/amd/amd.home . +.It Ic all +Generates all of the above, and sends a hangup signal to +.Xr ypserv 8 +such that it uses the new maps. +.El +.Pp +In order to keep additional custom YP maps up to date, the +.Pa Makefile +should be extended to support additional targets. +.Sh FILES +.Bl -tag -width "/var/yp/domainname/ypservers.db" -compact +.It /var/yp/Makefile +Top level YP Makefile. +.It /var/yp/ Ns Ar domainname Ns /Makefile +Per domain YP maps Makefile. +.It /var/yp/ Ns Ar domainname Ns /ypservers.db +Database of hosts serving this domain. +.It /var/yp/ Ns Ar domainname/mapname Ns .db +Database files containing the YP maps. +.It /var/yp/ Ns Ar domainname/target Ns .time +Cookies controlling the operation of +.Xr make 1 . +.El +.Sh SEE ALSO +.Xr make 1 , +.Xr dbopen 3 , +.Xr makedbm 8 , +.Xr yp 8 , +.Xr ypinit 8 , +.Xr yppush 8 , +.Xr ypserv 8 +.Sh BUGS +When +.Dv NOPUSH +is set and individual maps are regenerated (as opposed to +.Ic all ) , +the hangup signal to +.Xr ypserv 8 +must be sent manually, or the new maps won't be used. +.Pp +When +.Dv NOPUSH +is unset, maps are pushed to the master server on the local host too, +slowing down +.Nm . diff --git a/static/openbsd/man8/ac.8 b/static/openbsd/man8/ac.8 new file mode 100644 index 00000000..be3df8b9 --- /dev/null +++ b/static/openbsd/man8/ac.8 @@ -0,0 +1,152 @@ +.\" $OpenBSD: ac.8,v 1.23 2020/02/08 01:43:22 jsg Exp $ +.\" +.\" Copyright (c) 1994 Simon J. Gerraty +.\" Copyright (c) 1994 Christopher G. Demetriou +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Christopher G. Demetriou. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 8 2020 $ +.Dt AC 8 +.Os +.Sh NAME +.Nm ac +.Nd connect time accounting +.Sh SYNOPSIS +.Nm ac +.Op Fl dp +.Op Fl t Ar tty +.Op Fl w Ar wtmp +.Op Ar user ... +.Sh DESCRIPTION +If the file +.Pa /var/log/wtmp +exists, a record of individual login and logout +times are written to it by +.Xr login 1 +and +.Xr init 8 , +respectively. +.Nm +examines these records and writes the accumulated connect time +for all logins to the standard output. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Display the connect times in 24 hour chunks. +.It Fl p +Print individual users' totals. +.It Fl t Ar tty +Only do accounting logins on certain ttys. +The +.Ar tty +specification can start with +.Ql \&! +to indicate not this +.Ar tty +and end with +.Ql * +to indicate all similarly named ttys. +Multiple +.Fl t +flags may be specified. +.It Fl w Ar wtmp +Read connect time data from +.Ar wtmp +instead of the default file, +.Pa /var/log/wtmp . +.It Ar user ... +Display totals for the given individuals only. +.El +.Pp +If no arguments are given, +.Nm +displays the total connect time for all +accounts with login sessions recorded in +.Xr wtmp 5 . +.Pp +The default +.Pa wtmp +file will increase without bound unless it is truncated. +It is normally truncated by +.Xr newsyslog 8 , +which renames and rotates the +.Pa wtmp +files every week. +In order for +.Nm +to run in sync with the rotation of +.Pa wtmp , +.Xr newsyslog 8 +is configured to run +just after +.Nm +completes. +.Pp +User accounting information can be mailed weekly +to the system administrator: +see +.Xr weekly 8 +for more information. +No login or connect time accounting is performed if +.Pa /var/log/wtmp +does not exist. +.Sh FILES +.Bl -tag -width "/var/log/wtmp.[0-7]XX" -compact +.It Pa /var/log/wtmp +connect time accounting file +.It Pa /var/log/wtmp.[0-7] +rotated files +.El +.Sh EXIT STATUS +.Ex -std ac +.Sh EXAMPLES +Allow times recorded in +.Pa modems +to be charged out at a different rate than +.Pa other : +.Bd -literal -offset indent +$ ac -p -t "ttyd*" \*(Gt modems +$ ac -p -t "!ttyd*" \*(Gt other +.Ed +.Sh SEE ALSO +.Xr login 1 , +.Xr wtmp 5 , +.Xr cron 8 , +.Xr init 8 , +.Xr newsyslog 8 , +.Xr sa 8 +.Sh HISTORY +An +.Nm +command appeared in +.At v5 . +This version of +.Nm +was written for +.Nx 0.9a +from the specification provided by various systems' manual pages. diff --git a/static/openbsd/man8/accton.8 b/static/openbsd/man8/accton.8 new file mode 100644 index 00000000..07a57d5e --- /dev/null +++ b/static/openbsd/man8/accton.8 @@ -0,0 +1,79 @@ +.\" $OpenBSD: accton.8,v 1.13 2020/11/03 09:23:46 schwarze Exp $ +.\" +.\" Copyright (c) 1993 Christopher G. Demetriou +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 3 2020 $ +.Dt ACCTON 8 +.Os +.Sh NAME +.Nm accton +.Nd enable/disable system accounting +.Sh SYNOPSIS +.Nm accton +.Op Ar file +.Sh DESCRIPTION +With an argument naming an existing +.Ar file , +.Nm +causes system accounting information for every process executed +to be placed at the end of the file. +If no argument is given, accounting is turned off. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable accounting , +which sets +.Pp +.Dl accounting=YES +.Pp +in +.Xr rc.conf.local 8 . +.Pp +Log rotation of the default accounting file, +.Pa /var/account/acct , +is performed by the +.Xr daily 8 +maintenance script. +.Sh FILES +.Bl -tag -width /var/account/acct +.It Pa /var/account/acct +default accounting file +.El +.Sh EXIT STATUS +.Ex -std +.Sh SEE ALSO +.Xr lastcomm 1 , +.Xr acct 2 , +.Xr acct 5 , +.Xr daily 8 , +.Xr sa 8 +.Sh HISTORY +The +.Nm +command first appeared in +.At v7 . diff --git a/static/openbsd/man8/acpidump.8 b/static/openbsd/man8/acpidump.8 new file mode 100644 index 00000000..18497e72 --- /dev/null +++ b/static/openbsd/man8/acpidump.8 @@ -0,0 +1,92 @@ +.\" $OpenBSD: acpidump.8,v 1.19 2020/11/22 17:10:06 jmc Exp $ +.\" +.\" Copyright (c) 1999 Doug Rabson +.\" Copyright (c) 2000 Mitsuru IWASAKI +.\" Copyright (c) 2000 Yasuo YOKOYAMA +.\" Copyright (c) 2000 Hiroki Sato +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/usr.sbin/acpi/acpidump/acpidump.8,v 1.9 2001/09/05 19:21:25 dd Exp $ +.\" +.Dd $Mdocdate: November 22 2020 $ +.Dt ACPIDUMP 8 +.Os +.Sh NAME +.Nm acpidump +.Nd dump ACPI tables +.Sh SYNOPSIS +.Nm +.Fl o Ar prefix +.Sh DESCRIPTION +The +.Nm +command stores ACPI tables from physical memory into files specified by +.Ar prefix . +If +.Ar prefix +specifies a directory, the generated files will be of the form +/.. +Otherwise, they will be named ... +.Dq sig +is the signature of the ACPI Table; +.Dq id +is unique for each table. +.Pp +Additionally a file called /headers or .headers will +be created that contains additional human readable information +pertaining to this specific dump. +.Pp +The ACPICA disassembler is available through the +.Ox +ports tree or package system: +.Bd -literal -offset indent +# pkg_add acpica +$ iasl -d .. +.Ed +.Pp +.Nm +requires the ability to open +.Pa /dev/kmem , +which may be restricted based upon the value of the +.Ar kern.allowkmem +.Xr sysctl 8 . +.Pp +.Nm +is run at startup and stores the results in +.Pa /var/db/acpi . +.Sh FILES +.Bl -tag -width /dev/mem +.It Pa /dev/mem +.It Pa /var/db/acpi +.El +.Sh SEE ALSO +.Xr pkg_add 1 , +.Xr mem 4 , +.Xr packages 7 , +.Xr ports 7 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 3.8 . diff --git a/static/openbsd/man8/adduser.8 b/static/openbsd/man8/adduser.8 new file mode 100644 index 00000000..639f7458 --- /dev/null +++ b/static/openbsd/man8/adduser.8 @@ -0,0 +1,424 @@ +.\" $OpenBSD: adduser.8,v 1.48 2022/02/18 23:17:16 jsg Exp $ +.\" +.\" Copyright (c) 1995-1996 Wolfram Schneider . Berlin. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $From: adduser.8,v 1.12 1996/08/28 17:54:13 adam Exp $ +.Dd $Mdocdate: February 18 2022 $ +.Dt ADDUSER 8 +.Os +.Sh NAME +.Nm adduser , +.Nm rmuser +.Nd add and delete users from the system +.Sh SYNOPSIS +.Nm adduser +.Bk -words +.Oo Fl batch Ar username +.Oo Ar group Ns Op , Ns Ar group +.Ar ... +.Oc +.Op Ar fullname +.Op Ar password +.Oc +.Op Fl check_only +.Op Fl class Ar login_class +.Op Fl config_create +.Op Fl dotdir Ar directory +.Oo +.Fl e +.Ar method | Fl encryption Ar method +.Oc +.Op Fl group Ar login_group +.Op Fl h | help | \&? +.Op Fl home Ar partition +.Op Fl message Ar file +.Op Fl noconfig +.Op Fl shell Ar shell +.Op Fl s | silent | q | quiet +.Op Fl uid_start Ar uid +.Op Fl uid_end Ar uid +.Op Fl v | verbose +.Op Fl unencrypted +.Ek +.Pp +.Nm rmuser +.Op Ar username +.Sh DESCRIPTION +The +.Nm adduser +program adds new users to the system. +The +.Nm rmuser +program removes users from the system. +When not passed any arguments, both +utilities operate in interactive mode and prompt for any required information. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Xo Fl batch Ar username +.Oo Ar group Ns Op , Ns Ar group +.Ar ... Oc +.Op Ar fullname +.Op Ar password +.Xc +Enter batch mode in which multiple users are specified on the command line +in a compact format. +By default the password is assumed to already be properly encrypted. +.It Fl check_only +Check the passwd, group, and shells databases for consistency and problems +then exit without performing any other operation. +.It Fl class Ar login_class +Use the specified +.Ar login_class +as the default user login class. +See +.Xr login.conf 5 +for further details. +.It Fl config_create +Create or edit default configuration information and message file before +proceeding with the normal interactive adduser procedure. +.It Fl dotdir Ar directory +Copy files from +.Ar directory +into the HOME directory of new users. +Files named in the fashion of +.Dq Pa dot.foo +will be renamed to +.Dq Pa .foo . +By default, all files are made writable and readable by +their owner. +.\" don't allow group or world to write files and allow only owner +.\" to read/execute/write .rhost, .Xauthority, .kermrc, .netrc, Mail, +.\" prv, iscreen, term. +.It Fl encryption , e Ar method +Encrypt local passwords using +.Ar method +of encryption as described in +.Xr login.conf 5 . +If +.Ar method +is +.Dq auto , +the encryption type will be derived from the user's login class. +.It Fl group Ar login_group +Specify the default login group. +A value of +.Ar USER +means that the username is to be used as the login group. +.It Fl help , h , \&? +Print a summary of options and exit. +.It Fl home Ar partition +Specify the default home partition where all users' home directories +are to be located. +.It Fl message Ar file +Send new users a welcome message from +.Ar file . +Specifying a value of +.Dq no +for +.Ar file +causes no message to be sent to new users. +.It Fl noconfig +Do not read the default configuration file. +.It Fl shell Ar shell +Specify the default shell for new users. +.It Xo +.Fl silent , s , +.Fl quiet , q +.Xc +Causes the program to print fewer warnings, questions, and bug reports. +.It Fl uid_start Ar uid +Use UIDs from +.Ar uid +up when automatically generating UIDs. +.It Fl uid_end Ar uid +Do not use UIDs higher than +.Ar uid +when generating UIDs. +.It Fl unencrypted +Causes the program to assume that the password given in batch mode is +unencrypted. +The password will be encrypted before being added to the password file. +Use of this option is discouraged, as the username and cleartext password +will appear in the process list, which is visible to users. +.It Fl verbose , v +Causes the program to print many warnings and questions. +This option is recommended for novice users. +.El +.Pp +.Nm adduser +first performs consistency checks on the password, group, and shell databases. +This includes finding any duplicate user or group names, illegal shells, or +shells that aren't executable. +Once these tests are passed, +.Nm +performs the following operations for each new user: +.Bl -enum -offset indent +.It +Add the appropriate entries to the password and group files and re-generate +the password database using +.Xr pwd_mkdb 8 . +.It +Create a home directory and copy all files from the skeletal +login directory (normally +.Pa /etc/skel ) +to this new directory. +Files named in the fashion of +.Dq Pa dot.foo +will be renamed to +.Dq Pa .foo +in the new directory. +.It +Mails the new user a welcome message at the discretion of the account creator. +.El +.Pp +Similarly, when removing a user, +.Nm rmuser +performs the following operations for the given +.Ar username : +.Bl -enum -offset indent +.It +Removes any +.Xr crontab 1 +entries or +.Xr at 1 +jobs belonging to the user. +.It +Removes the user from the password database and all groups in the group +database. +If a group becomes empty and its name is the same as the username, +the group is removed (this complements +.Nm adduser Ns 's +unique per-user groups). +.It +Recursively deletes all files in the user's home directory and removes the +directory itself (provided the directory actually belongs to the user). +.Nm rmuser +prompts for confirmation before actually doing this. +.It +Removes the user's incoming mail file if one exists. +.El +.Pp +Understandably, +.Nm rmuser +politely refuses to remove users whose UID is 0 (typically root). +.Sh RESTRICTIONS +.Bl -tag -width Ds +.It Sy username +It is recommended that login names contain only lowercase characters +and digits. +They may also contain uppercase characters, non-leading hyphens, +periods, underscores, and a trailing +.Ql $ . +Login names may not be longer than 31 characters. +.\" The reasons for this limit are "Historical". +.\" Given that people have traditionally wanted to break this +.\" limit for aesthetic reasons, it's never been of great importance to break +.\" such a basic fundamental parameter in UNIX. +.\" You can change UT_NAMESIZE in /usr/include/utmp.h and recompile the +.\" world; people have done this and it works, but you will have problems +.\" with any precompiled programs, or source that assumes the 8-character +.\" name limit and NIS. The NIS protocol mandates an 8-character username. +If you need a longer login name for email addresses, +you can define an alias in +.Pa /etc/mail/aliases . +.It Sy fullname +This should contain the user's first name and surname. +The +.Ql \&: +is not permitted. +.It Sy login_class +The specified user login class +must exist in +.Pa /etc/login.conf . +.It Sy shell +Only valid entries from the +.Xr shells 5 +database or entries corresponding to +.Xr pppd 8 +are permitted. +.It Sy uid_start +This value is the start of the range where free UID values are +searched for. +This value must be less than the value of uid_end. +The default value is 1000 or as configured in the configuration file. +.It Sy uid_end +This value is the end of the range where free UID values are +searched for. +This value must be more than the value of uid_start. +The default value is 2147483647 or as configured in the configuration file. +.It Sy gid/login group +This value is generated automatically, but can be specified at the +discretion of the person invoking the program. +.It Sy password +If not empty, the password is encrypted according to +.Xr login.conf 5 . +If empty, the account will be automatically disabled to prevent spurious +access to it. +.El +.\" .Sh UNIQUE GROUP +.\" Perhaps you're missing what *can* be done with this scheme that falls apart +.\" with most other schemes. With each user in their own group the user can +.\" safely run with a umask of 002 and have files created in their home +.\" directory and not worry about others being able to read them. +.\" +.\" For a shared area you create a separate uid/gid (like cvs or ncvs on +.\" freefall) you place each person that should be able to access this area +.\" into that new group. +.\" +.\" This model of uid/gid administration allows far greater flexibility than +.\" lumping users into groups and having to muck with the umask when working +.\" in a shared area. +.\" +.\" I have been using this model for almost 10 years and found that it works +.\" for most situations, and has never gotten in the way. (Rod Grimes) +.Sh CONFIGURATION +.Nm +follows these steps to extract its configuration +information: +.Pp +.Bl -enum -offset indent -compact +.It +Read internal variables. +.It +Read configuration file +.Pq Pa /etc/adduser.conf . +.It +Parse command-line options. +.El +.Pp +The +.Em adduser.conf +format is explained within that file and is quite straightforward. +The configuration file will be created the first time +.Nm +is run. +.\" .Sh FORMAT +.\" .Bl -tag -width Ds -compact +.\" .Ql Pa # +.\" is a comment. +.\" .P +.\" .It Sy config file +.\" .Nm adduser +.\" reads and writes this file. +.\" See /etc/adduser.conf for more details. +.\" .It Sy message file +.\" Eval variables in this file. See /etc/adduser.message for more +.\" details. +.\" .El +.Sh FILES +.Bl -tag -width /etc/adduser.message.bakX -compact +.It Pa /etc/master.passwd +user database +.It Pa /etc/group +group database +.It Pa /etc/group.bak +backup of original group database +.It Pa /etc/shells +shell database +.It Pa /etc/ptmp +lock file for the passwd database +.It Pa /etc/adduser.conf +configuration file for +.Nm adduser +.It Pa /etc/adduser.conf.bak +backup of original configuration file +.It Pa /etc/adduser.message +message file for +.Nm +.It Pa /etc/adduser.message.bak +backup of original message file +.It Pa /etc/skel +skeletal login directory +.It Pa /var/log/adduser +log file for +.Nm +.El +.Sh EXAMPLES +Start +.Nm +in interactive mode: +.Pp +.Dl # adduser +.Pp +Create user +.Dq falken +and +login group +.Dq falken . +Invite user +.Dq falken +into groups +.Dq guest , +.Dq staff , +and +.Dq beer . +Realname (fullname) +is +.Dq Prof. Falken . +The password has been created using +.Xr encrypt 1 : +.Bd -literal -offset indent +# adduser -batch falken guest,staff,beer 'Prof. Falken' \e + '$2b$10$aOadQNznQ1YJFnqNaRRneOvYvZAEO7atYiTND3EsLf6afHT5t1UIK' +.Ed +.Pp +Create user +.Dq vehlefanz +in login group +.Dq guest . +Start the free UID search at 5000. +No other groups, no realname, no password. +Send a welcome message: +.Bd -literal -offset indent +# adduser -uid_start 5000 -group guest \e + -message /etc/adduser.message -batch vehlefanz +.Ed +.Pp +Create user +.Dq jsmith +and place in the +.Dq jsmith +login group. +Also add to the +.Dq staff +group. +No password: +.Pp +.Dl "# adduser -group USER -batch jsmith staff" +.Sh SEE ALSO +.Xr chpass 1 , +.Xr finger 1 , +.Xr passwd 1 , +.Xr setlogin 2 , +.Xr aliases 5 , +.Xr group 5 , +.Xr login.conf 5 , +.Xr passwd 5 , +.Xr shells 5 , +.Xr nologin 8 , +.Xr pwd_mkdb 8 , +.Xr vipw 8 , +.Xr yp 8 diff --git a/static/openbsd/man8/amd.8 b/static/openbsd/man8/amd.8 new file mode 100644 index 00000000..849ac743 --- /dev/null +++ b/static/openbsd/man8/amd.8 @@ -0,0 +1,225 @@ +.\" $OpenBSD: amd.8,v 1.27 2022/07/30 07:19:31 jsg Exp $ +.\" +.\" Copyright (c) 1989 Jan-Simon Pendry +.\" Copyright (c) 1989 Imperial College of Science, Technology & Medicine +.\" Copyright (c) 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Jan-Simon Pendry at Imperial College, London. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)amd.8 5.10 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: July 30 2022 $ +.Dt AMD 8 +.Os +.Sh NAME +.Nm amd +.Nd automatically mount file systems +.Sh SYNOPSIS +.Nm amd +.Bk -words +.Op Fl nprv +.Op Fl a Ar mount_point +.Op Fl C Ar cluster +.Op Fl c Ar duration +.Op Fl D Ar option +.Op Fl d Ar domain +.Op Fl k Ar kernel-arch +.Op Fl l Ar logfile +.Op Fl t Ar interval.interval +.Op Fl w Ar interval +.Op Fl x Ar log-option +.Op Fl y Ar YP-domain +.Op Ar directory mapname Op Fl map-options +.Ar ... +.Ek +.Sh DESCRIPTION +.Nm amd +is a daemon that automatically mounts filesystems +whenever a file or directory +within that filesystem is accessed. +Filesystems are automatically unmounted when they +appear to be quiescent. +.Pp +.Nm amd +operates by attaching itself as an NFS server to each of the specified +.Ar directories . +Lookups within the specified directories +are handled by +.Nm amd , +which uses the map defined by +.Ar mapname +to determine how to resolve the lookup. +Generally, this will be a host name, some filesystem information +and some mount options for the given filesystem. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a Ar mount_point +Specify an alternative location for the real mount points. +The default is +.Pa /tmp_mnt . +.It Fl C Ar cluster +Specify an alternative +.Ar cluster +name. +The default is the system domain name. +This variable is available inside the configuration file as +.Va ${cluster} . +.It Fl c Ar duration +Specify a +.Ar duration , +in seconds, that a looked up name remains +cached when not in use. +The default is 5 minutes. +.It Fl D Ar option +Select from a variety of debug options. +Prefixing an option with the string +.Dq no +reverses the effect of that option. +Options are cumulative. +The most useful option is +.Ar all . +.Pp +Since +.Fl D +is only used for debugging, other options are not documented here: +the current supported set of options is listed by the +.Fl v +option +and a fuller description is available in the program source. +.It Fl d Ar domain +Specify the local domain name. +If this option is not given, the domain name is determined from the hostname. +.It Fl k Ar kernel-arch +Specifies the kernel architecture. +This is used solely to set the ${karch} selector. +.It Fl l Ar logfile +Specify a logfile in which to record mount and unmount events. +If +.Ar logfile +is the string +.Em syslog , +the log messages will be sent to the system log daemon by +.Xr syslog 3 . +.It Fl n +Normalize hostnames. +The name referred to by ${rhost} is normalized relative to the +host database before being used. +The effect is to translate aliases into +.Dq official +names. +.It Fl p +Print +.Em PID . +Outputs the process ID of +.Nm amd +to standard output where it can be saved into a file. +.It Fl r +Restart existing mounts. +.Nm amd +will scan the mount file table to determine which filesystems +are currently mounted. +Whenever one of these would have been auto-mounted, +.Nm amd +.Em inherits +it. +.It Fl t Ar interval.interval +Specify the +.Ar interval , +in tenths of a second, between NFS/RPC/UDP retries. +The default is 0.8 seconds. +The second value alters the retransmit counter. +Useful defaults are supplied if either or both +values are missing. +.It Fl v +Version. +Displays version and configuration information on standard error. +.It Fl w Ar interval +Specify an +.Ar interval , +in seconds, between attempts to dismount +filesystems that have exceeded their cached times. +The default is 2 minutes. +.It Fl x Ar log-option +Specify run-time logging options. +The options are a comma separated +list chosen from: fatal, error, user, warn, info, map, stats, all. +.It Fl y Ar YP-domain +Specify an alternative NIS domain from which to fetch the NIS maps. +The default is the system domain name. +This option is ignored if NIS support is not available. +This variable is available inside the configuration file as +.Va ${domain} . +.El +.Sh FILES +.Bl -tag -width /tmp_mntxx +.It Pa /tmp_mnt +directory under which filesystems are dynamically mounted +.El +.Sh SEE ALSO +.Xr hostname 1 , +.Xr amq 8 , +.\" .Xr fsinfo 8 , +.\".Xr mk-amd-map 8 , +.Xr mount 8 , +.Xr umount 8 +.Rs +.\" 4.4BSD SMM:13 +.%A J-S. Pendry +.%A N. Williams +.%T Amd \(em The 4.4 BSD Automounter +.%B 4.4BSD System Manager's Manual (SMM) +.Re +.Sh HISTORY +The +.Nm amd +utility first appeared in +.Bx 4.3 Reno . +.Sh AUTHORS +.An Jan-Simon Pendry Aq Mt jsp@doc.ic.ac.uk , +Department of Computing, Imperial College, London, UK. +.Sh CAVEATS +Some care may be required when creating a mount map. +.Pp +Symbolic links on an NFS filesystem can be incredibly inefficient. +In most implementations of NFS, their interpolations are not cached by +the kernel and each time a symbolic link is +encountered during a +.Em lookuppn +translation it costs an RPC call to the NFS server. +A large improvement in real-time +performance could be gained by adding a cache somewhere. +Replacing +.Xr symlink 2 +with a suitable incarnation of the auto-mounter +results in a large real-time speedup, but also causes a large +number of process context switches. +.Pp +A weird imagination is most useful to gain full advantage of all +the features. diff --git a/static/openbsd/man8/amq.8 b/static/openbsd/man8/amq.8 new file mode 100644 index 00000000..4705368c --- /dev/null +++ b/static/openbsd/man8/amq.8 @@ -0,0 +1,116 @@ +.\" $OpenBSD: amq.8,v 1.16 2019/06/02 06:53:11 bentley Exp $ +.\" +.\" Copyright (c) 1990 Jan-Simon Pendry +.\" Copyright (c) 1990 Imperial College of Science, Technology & Medicine +.\" Copyright (c) 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Jan-Simon Pendry at Imperial College, London. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)amq.8 8.3 (Berkeley) 4/18/94 +.\" +.Dd $Mdocdate: June 2 2019 $ +.Dt AMQ 8 +.Os +.Sh NAME +.Nm amq +.Nd automounter query tool +.Sh SYNOPSIS +.Nm amq +.Op Fl fmsuv +.Op Fl h Ar hostname +.\".Op Fl M Ar mountmap_entry +.Op Ar directory ... +.Sh DESCRIPTION +.Nm amq +provides a simple way of determining the current state of the +.Xr amd 8 +program. +Communication is by RPC. +Three modes of operation are supported by the current protocol. +By default a list of mount points and auto-mounted filesystems +is output. +An alternative host can be specified using the +.Fl h +option. +.Pp +If directory names are given, as output by default, +then per-filesystem information is displayed. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f +Request automounter to flush the internal caches. +.It Fl h Ar hostname +Query alternate host +.Ar hostname . +By default the local host is used. +In an HP-UX cluster, the root server is queried by default, since +that is the system on which the automounter is normally run. +.It Fl m +Request the automounter to provide a list of mounted filesystems, +including the number of references to each filesystem and any error +which occurred while mounting. +.It Fl s +Request the automounter to provide system-wide mount statistics. +.It Fl u +Request the automounter to unmount the named filesystems +instead of providing information about them. +Unmounts are requested, not forced. +They merely cause the mounted filesystem to timeout, +which will be picked up by +.Xr amd 8 Ns 's +main scheduler thus causing the normal timeout action to be taken. +.It Fl v +Request the automounter to provide version information. +This is a subset of the information provided by +.Xr amd 8 Ns 's Fl v +option. +.\".It Fl M +.\"Request automounter to add the given map entry to the root map and then +.\"trigger a mount request for it. +.El +.Sh FILES +.Bl -tag -width amq.xxxxx -compact +.It Pa amq.x +RPC protocol description +.El +.Sh SEE ALSO +.Xr amd 8 +.Sh AUTHORS +.An Jan-Simon Pendry Aq Mt jsp@doc.ic.ac.uk , +Department of Computing, Imperial College, London, UK. +.\" .Sh HISTORY +.\" .Nm amq +.\" .At +.Sh CAVEATS +.Nm amq +uses a Sun registered RPC program number (300019 decimal) which may not +be in the +.Pa /etc/rpc +database. diff --git a/static/openbsd/man8/apm.8 b/static/openbsd/man8/apm.8 new file mode 100644 index 00000000..d4afc472 --- /dev/null +++ b/static/openbsd/man8/apm.8 @@ -0,0 +1,168 @@ +.\" $OpenBSD: apm.8,v 1.46 2025/03/26 23:48:23 jca Exp $ +.\" +.\" Copyright (c) 1996 John T. Kohl +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 26 2025 $ +.Dt APM 8 +.Os +.Sh NAME +.Nm apm , +.Nm zzz , +.Nm ZZZ +.Nd Advanced Power Management control program +.Sh SYNOPSIS +.Nm apm +.Op Fl AabHLlmPSvZz +.Op Fl f Ar sockname +.Nm zzz +.Op Fl SZz +.Op Fl f Ar sockname +.Nm ZZZ +.Op Fl SZz +.Op Fl f Ar sockname +.Sh DESCRIPTION +.Nm +communicates with the Advanced Power Management daemon, +.Xr apmd 8 , +making requests of it for current power status or to place the system +into a suspend or stand-by state. +With no flags, +.Nm +displays the current power management state in verbose form. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +Switch to automatic performance adjustment mode. +.It Fl a +Display the external charger (AC) status. +0 means disconnected, 1 +means connected, 2 means backup power source, and 255 means unknown. +.It Fl b +Display the battery status. +0 means high, 1 means low, 2 means +critical, 3 means charging, 4 means absent, and 255 means unknown. +.It Fl f Ar sockname +Set the name of the socket via which to contact +.Xr apmd 8 +to +.Ar sockname . +.It Fl H +Switch to manual performance adjustment mode, +setting +.Va hw.setperf +to 100. +.It Fl L +Switch to manual performance adjustment mode, +setting +.Va hw.setperf +to 0. +.It Fl l +Display the estimated battery lifetime, in percent. +.It Fl m +Display the estimated battery lifetime, in minutes. +If charging, the estimated time to fully charge is displayed instead. +.It Fl P +Display the performance adjustment mode. +0 means manual mode. +1 means automatic mode. +.It Fl S +Put the system into stand-by (light sleep) state. +.It Fl v +Request more verbose description of the displayed states. +.It Fl Z +Put the system into hibernation. +System memory is saved to disk (swap space) +and the machine is powered down. +For machines supporting the +.Xr acpi 4 +style hibernate functionality, on resume a full kernel +boot will occur, followed by the reading of the saved +memory image. +The image will then be unpacked and the system resumed +at the point immediately after the hibernation request. +.It Fl z +Put the system into suspend (deep sleep) state. +.El +.Pp +The +.Nm zzz +and +.Nm ZZZ +commands are shortcuts for suspending and hibernating the system, +respectively. +With no arguments, +they are placed into their respective states. +The command line flags serve the same purpose as for +.Nm . +.Pp +These commands do not wait for positive confirmation that the requested +state has been entered; to do so would mean the command does not return +until the system resumes from its sleep state. +.Pp +Each system provides methods for waking from suspend or hibernate. +For those machines supporting +.Xr acpi 4 +style suspend/resume (or hibernate/unhibernate) semantics, the wakeup +devices for each sleep state are printed during system boot in +.Xr dmesg 8 . +.Pp +The system will attempt to provide as much feedback as is possible on +the specific hardware being suspended/resumed. +This includes setting system LEDs or other indicators +to illustrate progress throughout the suspend/resume +(or hibernate/unhibernate) process. +Such feedback is machine-dependent. +.Sh FILES +.Bl -tag -width /var/run/apmdev -compact +.It Pa /var/run/apmdev +The +default +.Ux Ns -domain +socket for communicating with +.Xr apmd 8 . +The +.Fl f +flag may be used to specify an alternate socket name. +The protection modes on this socket govern which users may access the +APM functions. +.El +.Sh SEE ALSO +.Xr apm 4 , +.Xr apmd 8 +.Pp +Advanced Power Management (APM) BIOS Interface Specification +(revision 1.2), +Intel Corporation and Microsoft Corporation +.Sh HISTORY +The +.Nm +command appeared in +.Nx 1.3 ; +.Ox +support was added in +.Ox 1.2 . diff --git a/static/openbsd/man8/apmd.8 b/static/openbsd/man8/apmd.8 new file mode 100644 index 00000000..3c7a7b20 --- /dev/null +++ b/static/openbsd/man8/apmd.8 @@ -0,0 +1,273 @@ +.\" $OpenBSD: apmd.8,v 1.62 2025/06/01 08:17:22 kn Exp $ +.\" +.\" Copyright (c) 1995 John T. Kohl +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 1 2025 $ +.Dt APMD 8 +.Os +.Sh NAME +.Nm apmd +.Nd Advanced Power Management daemon +.Sh SYNOPSIS +.Nm apmd +.Op Fl AadHLs +.Op Fl f Ar devname +.Op Fl S Ar sockname +.Op Fl t Ar seconds +.Op Fl w Ar percent +.Op Fl Z Ar percent +.Op Fl z Ar percent +.Sh DESCRIPTION +.Nm +monitors the advanced power management device, +.Xr apm 4 , +acting on signaled events and upon user requests as sent by the +.Xr apm 8 +program. +.Pp +On +.Ox , +power management is handled by the kernel, +and the default policy can be set using the +.Va hw.perfpolicy +.Xr sysctl 2 . +If +.Nm +is not running, +.Xr apm 8 +is still able to query the +.Xr apm 4 +driver for a limited amount of information, +but +.Nm +provides more advanced functionality, +such as the ability to switch performance modes. +.Pp +For suspend and standby request events delivered by the BIOS, or via +.Xr apm 8 , +.Nm +runs the appropriate configuration program (if one exists), +syncs the buffer cache to disk and initiates the requested state. +When resuming after suspend or standby, +.Nm +runs the appropriate configuration program (if one exists). +.Pp +When the power status changes +(external power is connected or disconnected), +.Nm +fetches the current status and reports it via +.Xr syslog 3 +with logging facility +.Dv LOG_DAEMON . +.Pp +.Nm +can change the system performance policy at startup when called +with the +.Fl A , +.Fl H +or +.Fl L +options, and during runtime when requested by +.Xr apm 8 . +.\" XXX keep in sync with hw.perfpolicy in sysctl(2) +The default performance policy is "high" when connected to line current, +and "auto" when running on battery. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +Start +.Nm +in automatic performance adjustment mode. +.It Fl a +BIOS-initiated suspend or standby requests are +ignored if the system is connected to line current and not running from +batteries (user requests are still honored). +.It Fl d +.Nm +enters debug mode, staying in the foreground. +Logging output is printed to stderr. +.It Fl f Ar devname +Specify an alternate device file name, +.Ar devname . +.It Fl H +Start +.Nm +in manual performance adjustment mode, initialising +.Va hw.setperf +to 100. +.It Fl L +Start +.Nm +in manual performance adjustment mode, initialising +.Va hw.setperf +to 0. +.It Fl S Ar sockname +Specify an alternate socket name, +.Ar sockname . +The socket is protected to mode 0660, UID 0, GID 0; this protects access +to suspend requests to authorized users only. +.It Fl s +Current battery statistics are reported via +.Xr syslog 3 +and +.Nm +exits without monitoring the APM status. +.It Fl t Ar seconds +.Nm +periodically polls the APM driver for the current power state. +If the battery charge level changes substantially or the external power +status changes, the new status is logged. +The polling rate defaults to +once per 10 minutes, but may be specified using the +.Fl t +command-line flag. +.It Fl w Ar percent +Log warning and enable +.Dq warnlow +actions if no AC is connected and the +estimated battery life is equal or below +.Ar percent . +.It Fl Z Ar percent +Automatically hibernate the system if no AC is connected and the +estimated battery life is equal or below +.Ar percent . +.It Fl z Ar percent +Automatically suspend the system if no AC is connected and the +estimated battery life is equal or below +.Ar percent . +.Pp +If both +.Fl Z +and +.Fl z +are specified, the last one will supersede the other. +After a resume, the effect of those options is inhibited for 60 seconds. +.El +.Pp +When a client requests a suspend or stand-by state, +.Nm +does not wait for positive confirmation that the requested +state has been entered before replying to the client; to do so would mean +the client does not get a reply until the system resumes from its sleep state. +Rather, +.Nm +replies with the intended state to the client and then places the system +in the requested state after running the configuration script and +flushing the buffer cache. +.Pp +Actions can be configured for the following transitions: +hibernate, +powerdown, +powerup, +resume, +standby, +suspend, +and +warnlow. +The warnlow action is run if +.Fl w +is used. +The suspend, hibernate and standby actions are run prior to +.Nm +performing any other actions (such as disk syncs) and entering the new +state. +The resume program is run after resuming from a stand-by or +suspended state. +The powerup and powerdown programs are run after the power status (AC +connected or not) changes, as well as after a resume (if the power +status changed in the mean time). +.Sh FILES +.Bl -tag -width "/etc/apm/powerdownXX" -compact +.It Pa /dev/apmctl +Default device used to control +.Xr apm 4 . +.Pp +.It Pa /etc/apm/hibernate +.It Pa /etc/apm/powerdown +.It Pa /etc/apm/powerup +.It Pa /etc/apm/resume +.It Pa /etc/apm/standby +.It Pa /etc/apm/suspend +.It Pa /etc/apm/warnlow +Action hook files which, if present, must be executable. +Each file must be an executable binary or shell script. +A single program or script can be used to control all transitions +by examining the name by which it was called. +.Pp +.It Pa /etc/random.seed +Random seed file read by the bootloader; +updated on +.Dq hibernate , +.Dq standby +and +.Dq suspend . +.Pp +.It Pa /var/run/apmdev +Default +.Ux Ns -domain +socket used for communication with +.Xr apm 8 . +.El +.Sh EXAMPLES +.Bl -tag -width Ds +.It Pa /etc/apm/suspend +.Bd -literal -offset indent -compact +# X11 screen lock +pkill -USR1 xidle +.Ed +.It Pa /etc/apm/warnlow +.Bd -literal -offset indent -compact +# low battery notifications +aucat -i /etc/apm/tired.wav +.Ed +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr apm 4 , +.Xr apm 8 , +.Xr sysctl 8 +.Pp +Advanced Power Management (APM) BIOS Interface Specification +(revision 1.2), +Intel Corporation and Microsoft Corporation. +.Sh HISTORY +The +.Nm +command first appeared in +.Nx 1.3 . +.Ox +support was added in +.Ox 1.2 . +.Sh CAVEATS +.Nm +does not support specifying an alternate performance policy to be used +when the system is running on battery. +See the +.Va hw.perfpolicy +setting documented in +.Xr sysctl 2 . diff --git a/static/openbsd/man8/apple_driver.8 b/static/openbsd/man8/apple_driver.8 new file mode 100644 index 00000000..af03e578 --- /dev/null +++ b/static/openbsd/man8/apple_driver.8 @@ -0,0 +1,50 @@ +'\" te +.\" To print, first run through tbl +.TH APPLE_DRIVER 8 "18 May 1998" "Version 1.0" +.SH NAME +apple_driver \- extract Macintosh partition label, maps and boot driver +.SH SYNOPSIS +.B apple_driver +CDROM_device > HFS_driver_file +.SH DESCRIPTION +.I Apple_driver +extracts the information from an Apple (or compatible) CD-ROM required +for the +.I \-hfs-boot-file +option to +.IR mkhybrid (1). +.PP +The +.I CDROM_device +is the device name used by the CD-ROM (e.g. /dev/cdrom). +.PP +The format of the HFS driver file is: +.PP +.TS +l l . +HFS CD Label Block 512 bytes +Driver Partition Map (for 2048 byte blocks) 512 bytes +Driver Partition Map (for 512 byte blocks) 512 bytes +Empty 512 bytes +Driver Partition N x 2048 bytes +HFS Partition Boot Block 1024 bytes +.TE +.PP +The Perl script +.I hdisk.pl +can be used to give a listing of what's on a Mac CD. hdisk.pl is part of +hfsutils. +.SH NOTE +By using a driver from an Apple CD and copying Apple software to your CD, +you become liable to obey Apple Computer, Inc. Software License Agreements. + +.SH SEE\ ALSO +.IR mkhybrid (1) +.SH PROGRAMMER +James Pearson (j.pearson@ge.ucl.ac.uk) 18/5/98 +.PP +The driver code (both extracting the driver and creating partitions etc. +is based on code from +.I mkisofs 1.05 PLUS +by Andy Polyakov +(see http://fy.chalmers.se/~appro/mkisofs_plus.html) diff --git a/static/openbsd/man8/arp.8 b/static/openbsd/man8/arp.8 new file mode 100644 index 00000000..5b7b65f9 --- /dev/null +++ b/static/openbsd/man8/arp.8 @@ -0,0 +1,220 @@ +.\" $OpenBSD: arp.8,v 1.40 2019/08/27 20:50:36 kn Exp $ +.\" $NetBSD: arp.8,v 1.7 1995/03/01 11:50:59 chopps Exp $ +.\" +.\" Copyright (c) 1985, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)arp.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: August 27 2019 $ +.Dt ARP 8 +.Os +.Sh NAME +.Nm arp +.Nd address resolution display and control +.Sh SYNOPSIS +.Nm arp +.Op Fl adn +.Op Fl V Ar rdomain +.Ar hostname +.Nm arp +.Op Fl F +.Op Fl f Ar file +.Op Fl V Ar rdomain +.Fl s Ar hostname ether_addr +.Op Cm temp | permanent +.Op Cm pub +.Nm +.Fl W Ar ether_addr Op Ar iface +.Sh DESCRIPTION +The +.Nm +program displays and modifies the Internet-to-Ethernet address translation +tables used by the address resolution protocol (ARP). +.Pp +.Nm +displays the current ARP entry for +.Ar hostname +when no optional parameters are supplied. +.Ar hostname +may be specified by name or by number, +using Internet dot notation. +.Pp +.Nm +can also be used to send Wake on LAN (WoL) frames over a local +Ethernet network to one or more hosts using their link layer (hardware) +addresses. +WoL functionality is generally enabled in a machine's BIOS +and can be used to power on machines from a remote system without +having physical access to them. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Display all of the current ARP entries. +See also the +.Fl d +option below. +The following information will be printed: +.Bl -tag -width Ds -offset 3n +.It Host +The network address of the host. +.It Ethernet Address +The Ethernet address of the host. +If the address is not available, +it will be displayed as +.Dq (incomplete) . +.It Netif +The network interface associated with the ARP entry. +.It Expire +The time until expiry of the entry. +If the entry is marked +.Dq permanent +or +.Dq static , +it will never expire. +.It Flags +Flags on the ARP entry, in a single letter. +They are: local +.Pq Sq l +and published +.Pq Sq p . +.El +.It Fl d +Delete an entry for the host called +.Ar hostname . +Alternatively, the +.Fl d +flag may be combined with the +.Fl a +flag to delete all entries, with hostname lookups automatically +disabled. +Only the superuser may delete entries. +.It Fl F +Force existing entries for the given host to be overwritten +(only relevant to the +.Fl f +and +.Fl s +options). +.It Fl f Ar file +Process entries from +.Ar file +to be set in the ARP tables. +See the +.Fl s +option for a description of the file format and the effect of the +.Fl F +option. +.It Fl n +Do not perform domain name resolution. +If a name cannot be resolved without DNS, an error will be reported. +.It Xo +.Fl s Ar hostname ether_addr +.Op Cm temp | permanent +.Op Cm pub +.Xc +Create an ARP entry for the host called +.Ar hostname +with the Ethernet address +.Ar ether_addr . +The Ethernet address is given as six hexadecimal bytes separated by +colons. +The entry will be static (will not time out) unless the word +.Cm temp +is given in the command. +A static ARP entry can be overwritten by network traffic, unless the word +.Cm permanent +is given. +If the word +.Cm pub +is given, the entry will be +.Dq published ; +that is, this system will act as an ARP server, +responding to requests for +.Ar hostname +even though the host address is not its own. +This behavior has traditionally been called +.Em proxy ARP . +.Pp +If the entry already exists for the given host, it will not +be replaced unless +.Fl F +is given. +.It Fl V Ar rdomain +Select the routing domain. +.It Fl W Ar ether_addr Op Ar iface +Send the Wake on LAN frame from all interfaces on the local machine +that are up, if +.Ar iface +has not been specified. +Otherwise the frame will be sent from +.Ar iface . +.Ar ether_addr +is the Ethernet address of the remote machine or a hostname entry in +.Pa /etc/ethers . +This option cannot be used in combination with any other option. +.El +.Sh FILES +.Bl -tag -width "/etc/ethers" -compact +.It Pa /etc/ethers +Ethernet host name database. +.El +.Sh EXAMPLES +View the current +.Xr arp 4 +table, +showing network addresses symbolically: +.Pp +.Dl $ arp -a +.Pp +Create a permanent +entry (one that cannot be overwritten by other network traffic): +.Pp +.Dl # arp -s 10.0.0.2 00:90:27:bb:cc:dd permanent +.Pp +Create proxy ARP +entries on interface fxp0 +(MAC address 00:90:27:bb:cc:dd), +for IP addresses 204.1.2.3 and 204.1.2.4: +.Bd -literal -offset indent +# arp -s 204.1.2.3 00:90:27:bb:cc:dd pub +# arp -s 204.1.2.4 00:90:27:bb:cc:dd pub +.Ed +.Sh SEE ALSO +.Xr inet_addr 3 , +.Xr arp 4 , +.Xr ethers 5 , +.Xr ifconfig 8 , +.Xr ndp 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 . +Wake on LAN functionality was added in +.Ox 4.9 . diff --git a/static/openbsd/man8/atactl.8 b/static/openbsd/man8/atactl.8 new file mode 100644 index 00000000..ff757f7f --- /dev/null +++ b/static/openbsd/man8/atactl.8 @@ -0,0 +1,520 @@ +.\" $OpenBSD: atactl.8,v 1.48 2022/03/31 17:27:19 naddy Exp $ +.\" $NetBSD: atactl.8,v 1.5 1999/02/24 18:49:14 jwise Exp $ +.\" +.\" Copyright (c) 1998 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Ken Hornstein. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt ATACTL 8 +.Os +.Sh NAME +.Nm atactl +.Nd a program to manipulate ATA (IDE) devices +.Sh SYNOPSIS +.Nm atactl +.Ar device +.Op Ar command Op Ar arg ... +.Sh DESCRIPTION +.Nm +allows a user or system administrator to issue commands to and otherwise +control devices which reside on standard IDE and ATA controllers. +It is used by specifying +a device to manipulate, a command to perform, and any arguments +the command may require. +.Pp +.Nm +supports the following commands: +acousticdisable, +acousticset, +apmdisable, +apmset, +checkpower, +dump, +identify (the default), +idle, +poddisable, +podenable, +puisdisable, +puisenable, +puisspinup, +readaheaddisable, +readaheadenable, +readattr, +secdisablepass, +secerase, +secfreeze, +secsetpass, +secunlock, +setidle, +setstandby, +sleep, +smartautosave, +smartdisable, +smartenable, +smartoffline, +smartread, +smartreadlog, +smartstatus, +standby, +writecachedisable, +and +writecacheenable. +.Pp +Support for +Self-Monitoring, Analysis, and Reporting Technology (SMART) functionality +is indicated by the device with +.Sq SMART feature set +in the output of the +.Li identify +command. +SMART commands and the +.Li readattr +command are for experts only. +.Pp +Support for +Security Mode functionality +is indicated by the device with +.Sq Security Mode feature set +in the output of the +.Li identify +command. +.Em Be very careful +while playing with these commands: +loss of the user and master passwords for the device will result +in an inaccessible device. +.Pp +A full description of the commands follows: +.Pp +.Bl -tag -width xxxxxxx -compact +.It Li acousticdisable +Disables support for automatic acoustic management on the specified device. +Note that devices supporting automatic acoustic management may refuse to +disable it, resulting in an +.Sq ATA device returned Aborted Command +warning. +.Pp +.It Li acousticset Ar acoustic-management-level +Enables and sets the automatic acoustic management level to the requested +level on the specified device (if supported). +Device performance may +increase with increasing automatic acoustic management levels at the cost of +potentially generating more noise and requiring more power. +Valid values are 0 up to and including 126. +Support for automatic acoustic management is indicated by the device with +.Sq Automatic Acoustic Management feature set +in the output of the +.Li identify +command. +.Pp +.It Li apmdisable +Disables support for advanced power management on the specified device. +Note that devices supporting advanced power management may refuse to +disable it, resulting in an +.Sq ATA device returned Aborted Command +warning. +.Pp +.It Li apmset Ar power-management-level +Enables and sets the advanced power management level to the requested +level on the specified device (if supported). +Device performance may +increase with increasing power management levels at the cost of +potentially requiring more power. +Values up to and including 126 allow +the device to go into standby mode and spin-down the disk. +This +.Em may cause disk time-outs +and is therefore +.Em not +recommended. +These values are more suitable optimization for low power +usage on infrequently used devices. +Values 127 up to and including 253 do not allow the device to go to +standby mode and are more suitable for optimization for performance. +Support for advanced power management is indicated by the device with +.Sq Advanced Power Management feature set +in the output of the +.Li identify +command. +.Pp +.It Li checkpower +Will print out if the device is in Active, Idle, or Standby power +management mode. +.Pp +.It Li dump +Extracts the records about issued ATA commands from the log buffer. +The log buffer is cleared after extraction. +.Pp +.It Li identify +Identify the specified device, displaying the device's vendor, product, +revision strings, supported capabilities and enabled capabilities. +This command is the default. +.Pp +.It Li idle +Place the specified device into Idle mode. +This mode may consume less power than Active mode. +.Pp +.It Li poddisable +Disallows the specified device to revert to power-on default (pod) settings +after a software reset. +In other words this permits the settings that have been modified since +power-on to remain after a software reset. +.Pp +.It Li podenable +Allows the specified device to revert to power-on default (pod) settings +after a software reset. +.Pp +.It Li puisdisable +Disables power-up in standby (puis) on the specified device, causing the +device to spin up the disks after power-up. +This should be the factory +default setting of the device and it is recommended to leave this +setting disabled. +.Pp +.It Li puisenable +Enables power-up in standby (puis) on the specified device, causing the +device to wait while spinning up the disks after power-up. +This may cause problems at boot if the device is too slow in spin-up. +This option is therefore +.Em not recommended +unless the implications are understood. +Note that the power-up in standby mode stays enabled over power-downs, +hardware and software resets. +Support for power-up in standby is indicated by the device with +.Sq Power-up in standby feature set +in the output of the +.Li identify +command. +.Pp +.It Li puisspinup +Explicitly spins up the device if power-up in standby (puis) mode +is enabled. +.Pp +.It Li readaheaddisable +Disables read look-ahead on the specified device. +This may decrease performance. +Note that the device may use +.Sq vendor specific +behaviour in implementing this, so it is +.Em not +recommended to issue this command on a disk containing any currently +mounted filesystems. +.Pp +.It Li readaheadenable +Enables read look-ahead on the specified device. +This may increase performance. +Support for and status of read look-ahead is indicated by +the device with +.Sq read look-ahead +in the output of the +.Li identify +command. +.Pp +.It Li readattr +Displays attribute thresholds and values for the specified device. +Besides attribute values, device vendors may provide additional information +shown in the last column, +.Dq Raw . +Attributes names can be completely wrong since they vary between vendors and +even models, so don't rely on it. +SMART must be enabled while executing this command or the device will return +an error. +.Pp +.It Li secdisablepass Ar user | master +Disables the lock mode for the specified device with user or master password. +This command won't change the master password. +The master password will be reactivated when a user password is set. +.Pp +.It Li secerase Ar user | master Oo +.Ar enhanced +.Oc +Erases all user data and unlocks the specified device. +Execution of this command with the master password is the only way to unlock a +device locked at maximum security level with the +.Li secsetpass +command if the user's password is lost or unknown. +There are two erase modes: normal and enhanced. +Default erase mode is normal. +In the normal erase mode this command will write binary zeroes to +all user data areas. +The enhanced erase mode is optional and may not be supported by the device. +When enhanced erase mode is specified, the device will write predetermined +data patterns to all user data areas. +In enhanced erase mode, all previously written user data will be overwritten, +including sectors that are no longer in use due to reallocation. +This command will disable the device lock mode, however, the master password +will still be stored internally within the device and may be reactivated later +when a new user password is set. +.Pp +.It Li secfreeze +Prevents changes to passwords until a following power cycle. +The purpose of this command is to prevent password setting attacks on the +security system. +After command completion any other commands that update the device lock mode +will be aborted. +.Pp +.It Li secsetpass Ar user high | maximum +.It Li secsetpass Ar master +Sets password and security level for the specified device. +There are two passwords, user and master, and two security levels, high and +maximum. +The maximum password length is 32 symbols. +The security system is enabled by sending a user password to the device with +this command. +When the security system is enabled, access to user data on the device is +denied after a power cycle until the user password is sent to the device with +the +.Li secunlock +command. +A master password may be set in addition to the user password. +The purpose of the master password is to allow an administrator to establish +a password that is kept secret from the user, and which may be used to unlock +the device if the user password is lost. +Setting the master password does not enable security system. +Each master password change decrements the master password revision +code value which is displayed in the +.Li identify +command output if supported. +After value 0x0001 is reached, the next value will be 0xfffe. +The security level determines device behavior when the master password is used +to unlock the device. +When the security level is set to high, the device requires the +.Li secunlock +command if the master password is used to unlock. +When the security level is set to maximum, the device requires a +.Li secerase +command if the master password is used to unlock it. +Execution of the +.Li secerase +command erases all user data on the device. +.Pp +.It Li secunlock Ar user | master +Unlocks the specified device with user or master password. +The device will always unlock if a valid user password is received. +If the security level was set to high during the last +.Li secsetpass +command, the device will unlock if the master password is received. +If the security level was set to maximum during the last +.Li secsetpass +command, the device won't unlock even if the master password is received. +.Pp +.It Li setidle Ar idle-timer +Places the specified device into Idle mode, and sets the Idle timer to +.Ar idle-timer +seconds. +A value of 0 will disable the Idle timer. +.Pp +.It Li setstandby Ar standby-timer +Places the specified device into Standby mode, and sets the Standby timer +to +.Ar standby-timer +seconds. +A value of 0 will disable the Standby timer. +.Pp +.It Li sleep +Place the specified device into Sleep mode. +This mode will consume less power than Standby mode, +but requires a device reset to resume operation. +Typically the +.Xr wd 4 +driver performs this reset automatically, but this should still be +used with caution. +.Pp +.It Li smartautosave Ar enable | disable +Enables/disables attribute autosave feature on the specified device. +.Pp +.It Li smartdisable +Disables support for SMART on the specified device. +Note that this means that the device will no longer record any SMART +information. +.Pp +Note that SMART +.Em must +be enabled while executing the following commands or the device will +return an error. +.Pp +.It Li smartenable +Enables SMART (Self-Monitoring, Analysis, and Reporting Technology) on the +specified device (if supported). +This causes the device to record information +for prediction of device degradation and/or faults. +.Pp +.It Li smartoffline Ar subcommand +Causes the specified device to immediately initiate the optional set of +activities that collect SMART data in off-line mode and then save this data +to the device's non-volatile memory, or execute self-diagnostic test +routines in either captive or off-line mode. +The +.Ar subcommand +may be one of the following: +.Pp +.Bl -tag -width indent -compact +.It Em abort +Abort off-line mode self-test routine. +.Pp +.It Em collect +Start SMART off-line data collection immediately. +.Pp +.It Em extencaptive +Execute SMART extended self-test routine immediately in captive mode. +.Pp +.It Em extenoffline +Execute SMART extended self-test routine immediately in off-line mode. +.Pp +.It Em shortcaptive +Execute SMART short self-test routine immediately in captive mode. +.Pp +.It Em shortoffline +Execute SMART short self-test routine immediately in off-line mode. +.El +.Pp +Note that executing self-test routines in captive mode causes the device to +be not accessible until the routine completes. +This option is therefore +.Em not recommended +unless the implications are understood. +.Pp +.It Li smartread +Reads various SMART information from the specified device and prints it to +stdout. +.Pp +.It Li smartreadlog Ar log +Reads specified +.Ar log +and prints it to stdout. +The +.Ar log +may be one of the following: +.Pp +.Bl -tag -width "directoryXX" -offset indent -compact +.It Em comp +The comprehensive error log. +.It Em directory +The error log directory. +.It Em selftest +The self-test log. +.It Em summary +The summary error log. +.El +.Pp +.It Li smartstatus +Reads the reliability status of the specified device. +If the device reports +that one of its thresholds is exceeded (a strong indication of imminent +failure), the warning +.Sq SMART threshold exceeded!\& +is printed to stderr and a status of 2 is returned. +.Pp +.It Li standby +Place the specified device into Standby mode. +This mode will consume less power than Idle mode. +.Pp +.It Li writecachedisable +Disable the write cache on the specified device (if supported). +This may decrease performance. +Support for and status of write caching is indicated by the device with +.Sq write cache +in the output of the +.Li identify +command. +.Pp +.It Li writecacheenable +Enables the write cache on the specified device (if supported). +This may increase performance, however data still in the device's cache at +powerdown +.Em may be lost . +The +.Xr wd 4 +driver performs a cache flush automatically before shutdown. +.El +.Sh EXAMPLES +Display the vendor, product, revision strings, and capabilities (such as +SMART support) as reported by +.Pa /dev/wd0 : +.Pp +.Dl # atactl /dev/wd0c identify +.Pp +Enable SMART support on +.Pa /dev/wd0 +for detection of early warning signs of device failure: +.Pp +.Dl # atactl /dev/wd0c smartenable +.Pp +A +.Xr crontab 5 +entry which queries +.Pa /dev/wd0 +each hour for early warning signs of failure. +If the device exceeds one of the SMART thresholds, +.Nm +will output +.Sq SMART threshold exceeded!\& +to stderr and +.Xr cron 8 +will mail it. +.Pp +.Dl 0 * * * * /sbin/atactl /dev/wd0c smartstatus \*(Gt/dev/null +.Sh SEE ALSO +.Xr ioctl 2 , +.Xr wd 4 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 2.6 . +Support for acoustic management, advanced power management, power-up in +standby, read look-ahead, and SMART was added in +.Ox 2.9 . +.Sh AUTHORS +.An -nosplit +The +.Nm +command was written by +.An Ken Hornstein . +It was based heavily on the scsictl command written by +.An Jason R. Thorpe . +Support for acoustic management, advanced power management, power-up in +standby, read look-ahead, and SMART was added by +.An Wouter Slegers . +.Sh CAVEATS +Not all devices are created equally. +Some may not support the feature sets +and/or commands needed to perform the requested action, even when the +.Li identify +command indicates support for the requested action. +The device will typically respond with an +.Sq ATA device returned Aborted Command +if the requested action is not supported. +Similarly a device might not implement all commands in a feature set, +so even though disabling a feature works, enabling might not. +.Sh BUGS +The output from the +.Li identify +command is rather ugly. +.Pp +Disabling read look-ahead with +.Li readaheaddisable +might cause problems with mounted filesystems on that device. diff --git a/static/openbsd/man8/audioctl.8 b/static/openbsd/man8/audioctl.8 new file mode 100644 index 00000000..2d5f152c --- /dev/null +++ b/static/openbsd/man8/audioctl.8 @@ -0,0 +1,162 @@ +.\" $OpenBSD: audioctl.8,v 1.7 2023/01/09 17:13:46 jmc Exp $ +.\" $NetBSD: audioctl.1,v 1.7 1998/04/27 16:55:23 augustss Exp $ +.\" Copyright (c) 1997 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Author: Lennart Augustsson +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 9 2023 $ +.Dt AUDIOCTL 8 +.Os +.Sh NAME +.Nm audioctl +.Nd get or set audio driver variables +.Sh SYNOPSIS +.Nm audioctl +.Op Fl nq +.Op Fl f Ar file +.Op Fl w Ar wait +.Op Ar name Ns Oo = Ns Ar value Oc Ar ... +.Sh DESCRIPTION +The +.Nm +utility retrieves or sets +.Xr audio 4 +driver variables. +The options are as follows: +.Bl -tag -width Ds +.It Fl f Ar file +Specifies the audio control device or the audio device. +The default is +.Pa /dev/audioctl0 . +.It Fl n +Suppress printing of the variable name. +.It Fl q +Suppress all output when setting a variable. +.It Fl w Ar wait +Display variables every +.Ar wait +seconds. +.Nm +will continue to display variables until interrupted. +.It Ar name Ns Op = Ns Ar value +Retrieve the specified variable +.Ar name , +or attempt to set it to value. +Multiple +.Ar name Ns Op = Ns Ar value +arguments may be given. +.El +.Pp +If the audio control device is used, then values are only stored in the +.Xr audio 4 +driver; they will be submitted to the hardware the next time the +device is opened for playback or recording. +If the audio device is used instead of the control device, +then values are negotiated with the hardware immediately; this requires +exclusive access to the device. +Variables may only be changed if the device is not opened for +playback or recording by another process. +.Pp +The following variable names are available: +.Bl -column "record.channels" -offset indent +.It Sy Name Ta Sy Meaning +.It name Ta device name, as shown by +.Xr dmesg 8 +.It mode Ta current device mode ( +.Va play , +.Va record , +or both) +.It pause Ta set if not attempting to start +.It active Ta set if playing or recording +.It nblks Ta number of blocks (in frames) in the play buffer +.It blksz Ta number of frames per block +.It rate Ta sample rate in Hz +.It encoding Ta current sample format +.It play.channels Ta number of play channels +.It play.bytes Ta bytes played since playback started +.It play.errors Ta bytes inserted during underruns +.It record.channels Ta number of recording channels +.It record.bytes Ta bytes recorded since device started +.It record.errors Ta bytes dropped during overruns +.El +.Pp +Encoding names use the following scheme: signedness +.Po +.Va s +or +.Va u +.Pc +followed +by the precision in bits, the byte-order +.Po +.Va le +or +.Va be +.Pc , +the number of +bytes per sample, and the alignment +.Po +.Va msb +or +.Va lsb +.Pc . +Only the signedness and the precision are mandatory. +Examples: +.Va u8 , s16le , s24le3 , s24le4lsb . +.Sh FILES +.Bl -tag -width /dev/audioctl0 -compact +.It Pa /dev/audioctlN +audio control devices +.It Pa /dev/audioN +audio devices +.El +.Sh EXAMPLES +Once per second, display the number of bytes of silence inserted due to buffer +underruns (since the device started playback): +.Bd -literal -offset indent +# audioctl -w 1 play.errors +.Ed +.Pp +Use signed 24-bit samples and 44100Hz sample rate: +.Bd -literal -offset indent +# audioctl -f /dev/audio0 encoding=s24 rate=44100 +.Ed +.Pp +Note the use of +.Pa /dev/audio0 +to force negotiation with the hardware. +If the above parameters are not supported by the +hardware, then supported ones will be selected instead. +.Sh SEE ALSO +.Xr aucat 1 , +.Xr cdio 1 , +.Xr audio 4 , +.Xr mixerctl 8 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Nx 1.3 . diff --git a/static/openbsd/man8/authpf.8 b/static/openbsd/man8/authpf.8 new file mode 100644 index 00000000..9b9ff58c --- /dev/null +++ b/static/openbsd/man8/authpf.8 @@ -0,0 +1,579 @@ +.\" $OpenBSD: authpf.8,v 1.57 2025/10/14 06:30:16 jsg Exp $ +.\" +.\" Copyright (c) 1998-2007 Bob Beck (beck@openbsd.org>. All rights reserved. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 14 2025 $ +.Dt AUTHPF 8 +.Os +.Sh NAME +.Nm authpf , +.Nm authpf-noip +.Nd authenticating gateway user shell +.Sh SYNOPSIS +.Nm authpf +.Nm authpf-noip +.Sh DESCRIPTION +.Nm +is a user shell for authenticating gateways. +It is used to change +.Xr pf 4 +rules when a user authenticates and starts a session with +.Xr sshd 8 +and to undo these changes when the user's session exits. +Typical use would be for a gateway that authenticates users before +allowing them Internet use, or a gateway that allows different users into +different places. +Combined with properly set up filter rules and secure switches, +.Nm +can be used to ensure users are held accountable for their network traffic. +It is meant to be used with users who can connect via +.Xr ssh 1 +only, and requires the +.Xr pf 4 +subsystem to be enabled. +.Pp +.Nm authpf-noip +is a user shell +which allows multiple connections to take +place from the same IP address. +It is useful primarily in cases where connections are tunneled via +the gateway system, and can be directly associated with the user name. +It cannot ensure accountability when +classifying connections by IP address; +in this case the client's IP address +is not provided to the packet filter via the +.Ar client_ip +macro or the +.Ar authpf_users +table. +Additionally, states associated with the client IP address +are not purged when the session is ended. +.Pp +To use either +.Nm +or +.Nm authpf-noip , +the user's shell needs to be set to +.Pa /usr/sbin/authpf +or +.Pa /usr/sbin/authpf-noip . +.Pp +.Nm +uses the +.Xr pf.conf 5 +syntax to change rules for an individual user or client IP address +as long as a user maintains an active +.Xr ssh 1 +session, and logs the successful start and end of a session to +.Xr syslogd 8 . +.Nm +retrieves the client's connecting IP address via the +.Ev SSH_CLIENT +environment variable and, after performing additional access checks, +reads a template file to determine what rules (if any) to add, and +maintains the list of IP addresses of connected users in the +.Ar authpf_users +table. +On session exit the same rules and table entries that were added at startup +are removed, and all states associated with the client's IP address are purged. +.Pp +Each +.Nm +process stores its rules in a separate ruleset inside a +.Xr pf 4 +.Pa anchor +shared by all +.Nm +processes. +By default, the +.Pa anchor +name "authpf" is used, and the ruleset names equal the username and PID of the +.Nm +processes as "username(pid)". +The following needs to be added to the main ruleset +.Pa /etc/pf.conf +in order to cause evaluation of any +.Nm +rules: +.Bd -literal -offset indent +anchor "authpf/*" +.Ed +.Pp +The "/*" at the end of the anchor name is required for +.Xr pf 4 +to process the rulesets attached to the anchor by +.Nm authpf . +.Sh FILTER RULES +Filter rules for +.Nm +use the same format described in +.Xr pf.conf 5 . +The only difference is that these rules may (and probably should) use +the macro +.Em user_ip , +which is assigned the connecting IP address whenever +.Nm +is run. +Additionally, the macro +.Em user_id +is assigned the user name. +.Pp +Rules are stored in a file called +.Pa authpf.rules . +This file will first be searched for in +.Pa /etc/authpf/users/$USER/ , +then in +.Pa /etc/authpf/groups/$GROUP/ +and finally in +.Pa /etc/authpf/ . +Only the first found file will be used. +.Pp +Per-user rules from the +.Pa /etc/authpf/users/$USER/ +directory are intended to be used when non-default rules +are needed on an individual user basis. +Per-group rules from the +.Pa /etc/authpf/groups/$GROUP/ +directory are intended to be used when non-default rules +are needed on a group basis. +It is important to ensure that a user cannot write or change +these configuration files. +.Pp +The +.Pa authpf.rules +file must exist in one of the above locations for +.Nm +to run. +.Sh CONFIGURATION +Options are controlled by the +.Pa /etc/authpf/authpf.conf +file. +If the file is empty, defaults are used for all +configuration options. +The file consists of pairs of the form +.Li name=value , +one per line. +Currently, the allowed values are as follows: +.Bl -tag -width Ds +.It anchor=name +Use the specified +.Pa anchor +name instead of "authpf". +.It table=name +Use the specified +.Pa table +name instead of "authpf_users". +.El +.Sh USER MESSAGES +On successful invocation, +.Nm +displays a message telling the user they have been authenticated. +It will additionally display the contents of the file called +.Pa authpf.message . +This file will first be searched for in +.Pa /etc/authpf/users/$USER/ +and then in +.Pa /etc/authpf/ . +Only one of these files will be used if both are present. +.Pp +There exist two methods for providing additional granularity to the control +offered by +.Nm +- it is possible to set the gateway to explicitly allow users who have +authenticated to +.Xr ssh 1 +and deny access to only a few troublesome individuals. +This is done by creating a file with the banned user's login name as the +filename in +.Pa /etc/authpf/banned/ . +The contents of this file will be displayed to a banned user, thus providing +a method for informing the user that they have been banned, and where they can +go and how to get there if they want to have their service restored. +This is the default behaviour. +.Pp +It is also possible to configure +.Nm +to only allow specific users access. +This is done by listing their login names, one per line, in +.Pa /etc/authpf/authpf.allow . +A group of users can also be indicated by prepending "%" to the group name, +and all members of a login class can be indicated by prepending "@" to the +login class name. +If "*" is found on a line, then all usernames match. +If +.Nm +is unable to verify the user's permission to use the gateway, it will +print a brief message and die. +It should be noted that a ban takes precedence over an allow. +.Pp +On failure, messages will be logged to +.Xr syslogd 8 +for the system administrator. +The user does not see these, but will be told the system is unavailable due to +technical difficulties. +The contents of the file +.Pa /etc/authpf/authpf.problem +will also be displayed if the file exists and is readable. +.Sh CONFIGURATION ISSUES +.Nm +maintains the changed rules as long as the user maintains an active session. +It is important to remember however, that the existence +of this session means the user is authenticated. +Because of this, it is important to configure +.Xr sshd 8 +to ensure the security of the session, and to ensure that the network +through which users connect is secure. +.Xr sshd 8 +should be configured to use the +.Ar ClientAliveInterval +and +.Ar ClientAliveCountMax +parameters to ensure that an SSH session is terminated quickly if +it becomes unresponsive, or if ARP or address spoofing is used to +hijack the session. +Note that TCP keepalives are not sufficient for +this, since they are not secure. +Also note that the various SSH tunnelling mechanisms, +such as +.Ar AllowTcpForwarding +and +.Ar PermitTunnel , +should be disabled for +.Nm +users to prevent them from circumventing restrictions imposed by the +packet filter ruleset. +.Pp +.Nm +will remove state table entries that were created during a user's +session. +This ensures that there will be no unauthenticated traffic +allowed to pass after the controlling +.Xr ssh 1 +session has been closed. +.Pp +.Nm +is designed for gateway machines which typically do not have regular +(non-administrative) users using the machine. +An administrator must remember that +.Nm +can be used to modify the +.Xr pf 4 +rules through the environment in which it is run, and as such could be +used to modify the rules (based on the contents of the configuration files) +by regular users. +In the case where a machine has regular users using it, as well +as users with +.Nm +as their shell, the regular users should be prevented from running +.Nm +by using the +.Pa /etc/authpf/authpf.allow +or +.Pa /etc/authpf/banned/ +facilities. +.Pp +.Nm +modifies the packet filter rules, and because of this it needs to +be configured carefully. +.Nm +will not run and will exit silently if the +.Pa /etc/authpf/authpf.conf +file does not exist. +After considering the effect +.Nm +may have on the main packet filter rules, the system administrator may +enable +.Nm +by creating an appropriate +.Pa /etc/authpf/authpf.conf +file. +.Sh EXAMPLES +.Sy Control Files +\- To illustrate the user-specific access control +mechanisms, let us consider a typical user named bob. +Normally, as long as bob can authenticate himself, the +.Nm +program will load the appropriate rules. +Enter the +.Pa /etc/authpf/banned/ +directory. +If bob has somehow fallen from grace in the eyes of the +powers-that-be, they can prohibit him from using the gateway by creating +the file +.Pa /etc/authpf/banned/bob +containing a message about why he has been banned from using the network. +Once bob has done suitable penance, his access may be restored by moving or +removing the file +.Pa /etc/authpf/banned/bob . +.Pp +Now consider a workgroup containing alice, bob, carol and dave. +They have a +wireless network which they would like to protect from unauthorized use. +To accomplish this, they create the file +.Pa /etc/authpf/authpf.allow +which lists their login ids, group prepended with "%", or login class +prepended with "@", one per line. +At this point, even if eve could authenticate to +.Xr sshd 8 , +she would not be allowed to use the gateway. +Adding and removing users from +the work group is a simple matter of maintaining a list of allowed userids. +If bob once again manages to annoy the powers-that-be, they can ban him from +using the gateway by creating the familiar +.Pa /etc/authpf/banned/bob +file. +Though bob is listed in the allow file, he is prevented from using +this gateway due to the existence of a ban file. +.Pp +.Sy Distributed Authentication +\- It is often desirable to interface with a +distributed password system rather than forcing the sysadmins to keep a large +number of local password files in sync. +The +.Xr login.conf 5 +mechanism in +.Ox +can be used to fork the right shell. +To make that happen, +.Xr login.conf 5 +should have entries that look something like this: +.Bd -literal -offset indent +shell-default:shell=/bin/csh + +default:\e + ... + :shell=/usr/sbin/authpf + +daemon:\e + ... + :shell=/bin/csh:\e + :tc=default: + +staff:\e + ... + :shell=/bin/csh:\e + :tc=default: +.Ed +.Pp +Using a default password file, all users will get +.Nm +as their shell except for root who will get +.Pa /bin/csh . +.Pp +.Sy SSH Configuration +\- As stated earlier, +.Xr sshd 8 +must be properly configured to detect and defeat network attacks. +To that end, the following options should be added to +.Xr sshd_config 5 : +.Bd -literal -offset indent +ClientAliveInterval 15 +ClientAliveCountMax 3 +.Ed +.Pp +This ensures that unresponsive or spoofed sessions are terminated within a +minute, since a hijacker should not be able to spoof ssh keepalive messages. +.Pp +.Sy Banners +\- Once authenticated, the user is shown the contents of +.Pa /etc/authpf/authpf.message . +This message may be a screen-full of the appropriate use policy, the contents +of +.Pa /etc/motd +or something as simple as the following: +.Bd -literal -offset indent +This means you will be held accountable by the powers that be +for traffic originating from your machine, so please play nice. +.Ed +.Pp +To tell the user where to go when the system is broken, +.Pa /etc/authpf/authpf.problem +could contain something like this: +.Bd -literal -offset indent +Sorry, there appears to be some system problem. To report this +problem so we can fix it, please phone 1-900-314-1597 or send +an email to remove@bulkmailerz.net. +.Ed +.Pp +.Sy Packet Filter Rules +\- In areas where this gateway is used to protect a +wireless network (a hub with several hundred ports), the default rule set as +well as the per-user rules should probably allow very few things beyond +encrypted protocols like +.Xr ssh 1 , +.Xr ssl 8 , +or +.Xr ipsec 4 . +On a securely switched network, with plug-in jacks for visitors who are +given authentication accounts, you might want to allow out everything. +In this context, a secure switch is one that tries to prevent address table +overflow attacks. +.Pp +Example +.Pa /etc/pf.conf : +.Bd -literal +# by default we allow internal clients to talk to us using +# ssh and use us as a dns server. +internal_if="fxp1" +gateway_addr="10.0.1.1" +block in on $internal_if from any to any +pass in quick on $internal_if proto tcp from any to $gateway_addr \e + port = ssh +pass in quick on $internal_if proto udp from any to $gateway_addr \e + port = domain +anchor "authpf/*" +.Ed +.Pp +.Sy For a switched, wired net +\- This example +.Pa /etc/authpf/authpf.rules +makes no real restrictions; it turns the IP address on and off, logging +TCP connections. +.Bd -literal +external_if = "xl0" +internal_if = "fxp0" + +pass in log quick on $internal_if proto tcp from $user_ip to any +pass in quick on $internal_if from $user_ip to any +.Ed +.Pp +.Sy For a wireless or shared net +\- This example +.Pa /etc/authpf/authpf.rules +could be used for an insecure network (such as a public wireless network) where +we might need to be a bit more restrictive. +.Bd -literal +internal_if="fxp1" +ipsec_gw="10.2.3.4" + +# rdr ftp for proxying by ftp-proxy(8) +match in on $internal_if proto tcp from $user_ip to any port 21 \e + rdr-to 127.0.0.1 port 8021 + +# allow out ftp, ssh, www and https only, and allow user to negotiate +# ipsec with the ipsec server. +pass in log quick on $internal_if proto tcp from $user_ip to any \e + port { 21, 22, 80, 443 } +pass in quick on $internal_if proto tcp from $user_ip to any \e + port { 21, 22, 80, 443 } +pass in quick proto udp from $user_ip to $ipsec_gw port = isakmp +pass in quick proto esp from $user_ip to $ipsec_gw +.Ed +.Pp +.Sy Dealing with NAT +\- The following +.Pa /etc/authpf/authpf.rules +shows how to deal with NAT, using tags: +.Bd -literal +ext_if = "fxp1" +ext_addr = 129.128.11.10 +int_if = "fxp0" +# nat and tag connections... +match out on $ext_if from $user_ip to any tag $user_ip nat-to $ext_addr +pass in quick on $int_if from $user_ip to any +pass out log quick on $ext_if tagged $user_ip +.Ed +.Pp +With the above rules added by +.Nm , +outbound connections corresponding to each users NAT'ed connections +will be logged as in the example below, where the user may be identified +from the ruleset name. +.Bd -literal +# tcpdump -n -e -ttt -i pflog0 +Oct 31 19:42:30.296553 rule 0.bbeck(20267).1/0(match): pass out on fxp1: \e +129.128.11.10.60539 > 198.137.240.92.22: S 2131494121:2131494121(0) win \e +16384 (DF) +.Ed +.Pp +.Sy Using the authpf_users table +\- Simple +.Nm +settings can be implemented without an anchor by just using the "authpf_users" +.Pa table . +For example, the following +.Xr pf.conf 5 +lines will give SMTP and IMAP access to logged in users: +.Bd -literal +table persist +pass in on $ext_if proto tcp from \e + to port { smtp imap } +.Ed +.Pp +It is also possible to use the "authpf_users" +.Pa table +in combination with anchors. +For example, +.Xr pf 4 +processing can be sped up by looking up the anchor +only for packets coming from logged in users: +.Bd -literal +table persist +anchor "authpf/*" from +.Ed +.Pp +.Sy Tunneled users +\- normally +.Nm +allows only one session per client IP address. +However in some cases, such as when connections are tunneled via +.Xr ssh 1 +or +.Xr ipsec 4 , +the connections can be authorized based on the userid of the user instead of +the client IP address. +In this case it is appropriate to use +.Nm authpf-noip +to allow multiple users behind a NAT gateway to connect. +In the +.Pa /etc/authpf/authpf.rules +example below, the remote user could tunnel a remote desktop session to their +workstation: +.Bd -literal +internal_if="bge0" +workstation_ip="10.2.3.4" + +pass out on $internal_if from (self) to $workstation_ip port 3389 \e + user $user_id +.Ed +.Sh FILES +.Bl -tag -width "/etc/authpf/authpf.conf" -compact +.It Pa /etc/authpf/authpf.conf +.It Pa /etc/authpf/authpf.allow +.It Pa /etc/authpf/authpf.rules +.It Pa /etc/authpf/authpf.message +.It Pa /etc/authpf/authpf.problem +.El +.Sh SEE ALSO +.Xr pf 4 , +.Xr pf.conf 5 , +.Xr securelevel 7 , +.Xr ftp-proxy 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.1 . +.Sh BUGS +Configuration issues are tricky. +The authenticating +.Xr ssh 1 +connection may be secured, but if the network is not secured the user may +expose insecure protocols to attackers on the same network, or enable other +attackers on the network to pretend to be the user by spoofing their IP +address. +.Pp +.Nm +is not designed to prevent users from denying service to other users. diff --git a/static/openbsd/man8/badsect.8 b/static/openbsd/man8/badsect.8 new file mode 100644 index 00000000..d383dae2 --- /dev/null +++ b/static/openbsd/man8/badsect.8 @@ -0,0 +1,131 @@ +.\" $OpenBSD: badsect.8,v 1.18 2022/03/31 17:27:19 naddy Exp $ +.\" $NetBSD: badsect.8,v 1.8 1995/03/18 14:54:27 cgd Exp $ +.\" +.\" Copyright (c) 1985, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)badsect.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt BADSECT 8 +.Os +.Sh NAME +.Nm badsect +.Nd create files to contain bad sectors +.Sh SYNOPSIS +.Nm badsect +.Ar bbdir sector ... +.Sh DESCRIPTION +.Nm +makes a file to contain a bad sector. +Normally, bad sectors +are made inaccessible by the standard formatter, which provides +a forwarding table for bad sectors to the driver. +If a driver supports the bad blocking standard, it is much more preferable +to use that method to isolate bad blocks, since the bad block forwarding +makes the pack appear perfect, and such packs can then be copied with +.Xr dd 1 . +The technique used by this program is also less general than +bad block forwarding, as +.Nm +can't make amends for +bad blocks in the i-list of file systems or in swap areas. +.Pp +On some disks, +adding a sector which is suddenly bad to the bad sector table +currently requires the running of the standard +.Tn DEC +formatter. +Thus to deal with a newly bad block +or on disks where the drivers +do not support the bad-blocking standard +.Nm +may be used to good effect. +.Pp +.Nm +is used on a quiet file system in the following way: +First mount the file system, and change to its root directory. +Make a directory +.Li BAD +there. +Run +.Nm badsect , +giving as argument the +.Ar BAD +directory followed by +all the bad sectors you wish to add. +(The sector numbers must be relative to the beginning of +the file system, but this is not hard as the system reports +relative sector numbers in its console error messages.) +Then change back to the root directory, unmount the file system +and run +.Xr fsck 8 +on the file system. +The bad sectors should show up in two files +or in the bad sector files and the free list. +Have +.Em fsck +remove files containing the offending bad sectors, but +.Em do not +have it remove the +.Pa BAD/ Ns Em nnnnn +files. +This will leave the bad sectors in only the +.Li BAD +files. +.Pp +.Nm +works by giving the specified sector numbers in a +.Xr mknod 2 +system call, +creating an illegal file whose first block address is the block containing +the bad sector, and whose name is the bad sector number. +When it is discovered by +.Em fsck , +it will ask +.Dq Li "HOLD BAD BLOCK?" +A positive response will cause +.Em fsck +to convert the inode to a regular file containing the bad block. +.Sh DIAGNOSTICS +.Nm +refuses to attach a block that +resides in a critical area or is out of range of the file system. +A warning is issued if the block is already in use. +.Sh SEE ALSO +.Xr fsck 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.1 . +.Sh BUGS +If more than one sector which comprises a file system fragment is bad, +you should specify only one of them to +.Nm badsect , +as the blocks in the bad sector files actually cover all the sectors in a +file system fragment. diff --git a/static/openbsd/man8/bgpctl.8 b/static/openbsd/man8/bgpctl.8 new file mode 100644 index 00000000..a1bd3636 --- /dev/null +++ b/static/openbsd/man8/bgpctl.8 @@ -0,0 +1,512 @@ +.\" $OpenBSD: bgpctl.8,v 1.112 2024/08/14 19:10:51 claudio Exp $ +.\" +.\" Copyright (c) 2003 Henning Brauer +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 14 2024 $ +.Dt BGPCTL 8 +.Os +.Sh NAME +.Nm bgpctl +.Nd control the BGP routing daemon +.Sh SYNOPSIS +.Nm bgpctl +.Op Fl jnV +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr bgpd 8 +daemon. +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm s su +for +.Cm show summary . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl j +Create output as JSON object. +.It Fl n +Show neighbors' IP addresses instead of their description. +.It Fl s Ar socket +Use +.Ar socket +to communicate with +.Xr bgpd 8 +instead of the default +.Pa /var/run/bgpd.sock. +where +.Ar +is the routing domain +.Nm +is running in. +To administer +.Xr bgpd 8 +in a different routing domain, run +.Nm +in said routing domain. +.It Fl V +Show the version and exit. +.El +.Pp +The commands are as follows: +.Bl -tag -width xxxxxx +.It Xo +.Cm fib +.Op Cm table Ar number +.Cm couple +.Xc +Insert the learned routes into the specified Forwarding Information Base +a.k.a. the kernel routing table. +.It Xo +.Cm fib +.Op Cm table Ar number +.Cm decouple +.Xc +Remove the learned routes from the specified Forwarding Information Base +a.k.a. the kernel routing table. +.It Cm flowspec add Ar family rule Op Cm set Ar argument ... +Add the specified flowspec rule to the list of announced rules. +Currently +.Ar family +can be either +.Cm inet +or +.Cm inet6 . +It is possible to set various path attributes with additional arguments. +Adding a rule will replace an existing equal rule, including rules loaded +from the configuration. +See +.Xr bgpd.conf 5 +for information on how to write a flowspec rule. +.It Cm flowspec delete Ar family rule +Remove the specified flowspec rule from the list of announced rules. +.It Cm flowspec flush +Remove all dynamically added (i.e. with +.Nm Cm flowspec add ) +flowspec rules from the list of announced rules. +.It Cm flowspec show Ar family +Show all announced flowspec rules. +.Ar family , +if given, limits the output to the given address family. +The supported families are +.Em inet +and +.Em inet6 . +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm neighbor Ar peer Cm clear Op Ar reason +Stop and restart the BGP session to the specified neighbor. +If a +.Ar reason +is provided, the +.Ar reason +is sent as Administrative Shutdown Communication to the neighbor. +.Ar peer +may be the neighbor's address, description or the word +.Cm group +followed by a group description. +.It Cm neighbor Ar peer Cm destroy +Destroy a previously cloned peer. +The peer must be down before calling this function. +.Ar peer +may be the neighbor's address, description or the word +.Cm group +followed by a group description. +.It Cm neighbor Ar peer Cm down Op Ar reason +Take the BGP session to the specified neighbor down. +If a +.Ar reason +is provided, the +.Ar reason +is sent as Administrative Shutdown Communication to the neighbor. +.Ar peer +may be the neighbor's address, description or the word +.Cm group +followed by a group description. +.It Cm neighbor Ar peer Cm refresh +Request the neighbor to re-send all routes. +Note that the neighbor is not obliged to re-send all routes, or any routes at +all, even if it announced the route refresh capability. +.Ar peer +may be the neighbor's address, description or the word +.Cm group +followed by a group description. +.It Cm neighbor Ar peer Cm up +Bring the BGP session to the specified neighbor up. +.Ar peer +may be the neighbor's address, description or the word +.Cm group +followed by a group description. +.It Cm network add Ar prefix Op Ar argument ... +Add the specified prefix to the list of announced networks. +It is possible to set various path attributes with additional arguments. +Adding a prefix will replace an existing equal prefix, including +prefixes loaded from the configuration. +.It Xo +.Cm network bulk add +.Op Ar argument ... +.Xc +Bulk add specified prefixes to the list of announced networks. +Prefixes should be sent via stdin. +It is possible to set various path attributes with additional arguments. +.It Cm network bulk delete +Bulk remove the specified prefixes from the list of announced networks. +Prefixes should be sent via stdin. +.It Cm network delete Ar prefix +Remove the specified prefix from the list of announced networks. +.It Cm network flush +Remove all dynamically added (i.e. with +.Nm Cm network add ) +prefixes from the list of announced networks. +.It Cm network mrt file Ar file filter +Import networks from an MRT table dump for debugging purposes. +.Ar filter +can be specified similarly to the +.Ar show mrt +command. +Only networks matching the filter will be imported. +.It Cm network show Ar family +Show all announced networks. +.Ar family , +if given, limits the output to the given address family. +The supported families are +.Em inet +and +.Em inet6 . +.It Cm reload Op reason +Reload the configuration file. +Changes to the following neighbor options in +.Xr bgpd.conf 5 +only take effect when the session is reset: +.Ic ipsec +and +.Ic tcp md5sig . +.It Cm show fib Ar filter +Show routes from +.Xr bgpd 8 Ns 's +view of the Forwarding Information Base. +.Ar filter +can be an IP address, in which case the route to this address is shown, +or a flag: +.Pp +.Bl -tag -width tableXnumber -compact +.It Cm bgp +Show only routes originating from +.Xr bgpd 8 +itself. +.It Cm connected +Show only connected routes. +.It Cm inet +Show only IPv4 routes. +.It Cm inet6 +Show only IPv6 routes. +.It Cm nexthop +Show only routes required to reach a BGP nexthop. +.It Cm static +Show only static routes. +.It Cm table Ar number +Show the routing table with ID +.Ar number +instead of the default routing table with ID 0. +.El +.It Cm show interfaces +Show the interface states. +.It Cm show metrics +Dump various BGP statistics in OpenMetrics format. +.It Xo +.Cm show mrt +.Op Ar options +.Ar filter +.Xc +Show routes from an MRT table dump file. +.Ar filter +can be an IP address, a CIDR prefix, an AS filter, a combination or nothing: +.Pp +.Bl -tag -width "address/len or-shorter" -compact +.It Ar address +Show best matching route for address. +.It Ar address Ns Li / Ns Ar len +Show RIB entry for this CIDR prefix. +.It Xo +.Ar address Ns Li / Ns Ar len +.Cm all +.Xc +Show all entries in the specified range. +.\".It Ar address/len Cm longer-prefixes +.It Xo +.Ar address Ns Li / Ns Ar len +.Cm or-shorter +.Xc +Show all entries covering and including the specified prefix. +.It Cm as Ar as +Show all entries with +.Ar as +anywhere in the AS path. +.It Cm empty-as +Show all entries that are internal routes with no AS's in the AS path. +.It Cm neighbor Ar ip +Show only entries from the specified peer. +.It Cm peer-as Ar as +Show all entries with +.Ar as +as leftmost AS. +.It Cm source-as Ar as +Show all entries with +.Ar as +as rightmost AS. +.It Cm transit-as Ar as +Show all entries with +.Ar as +anywhere but rightmost. +.El +.Pp +Additionally, the following +.Ar options +are defined: +.Pp +.Bl -tag -width "file name" -compact +.It Cm detail +Show more detailed output for matching routes. +.It Ar family +Limit the output to the given address family. +.It Cm file Ar name +Read the MRT dump from file +.Ar name +instead of using stdin. +.It Cm peers +Print the neighbor table of MRT TABLE_DUMP_V2 dumps. +Using this on other table dumps will only show the neighbor of the first entry. +.El +.Pp +Multiple options and filters can be used at the same time. +.It Cm show neighbor Ar peer modifier +Show detailed information about the neighbor identified by +.Ar peer , +according to the given +.Ar modifier : +.Pp +.Bl -tag -width messages -compact +.It Cm messages +Show statistics about sent and received BGP messages. +.It Cm terse +Show statistics in an easily parseable terse format. +The printed numbers are the sent and received open, sent and received +notifications, sent and received updates, sent and received keepalives, and +sent and received route refresh messages plus the current and maximum +prefix count, the number of sent and received updates, sent and +received withdraws, the neighbor's address (or subnet, for a template), +AS number, and finally description. +.It Cm timers +Show the BGP timers. +.El +.Ar peer +may be the neighbor's address, description or the word +.Cm group +followed by a group description. +.It Cm show nexthop +Show the list of BGP nexthops and the result of their validity check. +.It Xo +.Cm show rib +.Op Ar options +.Ar filter +.Xc +Show routes from the +.Xr bgpd 8 +Routing Information Base. +.Ar filter +can be an IP address, a CIDR prefix, an AS filter or nothing: +.Pp +.Bl -tag -width "address/len or-shorter" -compact +.It Ar address +Show best matching route for address. +.It Ar address Ns Li / Ns Ar len +Show RIB entry for this CIDR prefix. +.It Xo +.Ar address Ns Li / Ns Ar len +.Cm all +.Xc +Show all entries in the specified range. +.\".It Ar address/len Cm longer-prefixes +.\".It Ar address/len Cm or-longer +.It Xo +.Ar address Ns Li / Ns Ar len +.Cm or-shorter +.Xc +Show all entries covering and including the specified prefix. +.It Cm as Ar as +Show all entries with +.Ar as +anywhere in the AS path. +.It Cm avs Pq Ic valid | unknown | invalid +Show all entries with matching ASAP Validation State (AVS). +.It Cm community Ar community +Show all entries with community +.Ar community . +.It Cm empty-as +Show all entries that are internal routes with no AS's in the AS path. +.It Cm large-community Ar large-community +Show all entries with large-community +.Ar large-community . +.It Cm memory +Show RIB memory statistics. +.It Cm neighbor Ar peer +Show only entries from the specified peer. +.It Cm neighbor group Ar description +Show only entries from the specified peer group. +.It Cm ovs Pq Ic valid | not-found | invalid +Show all entries with matching Origin Validation State (OVS). +.It Cm path-id Ar pathid +Show only entries which match the specified +.Ar pathid . +Must be used together with either +.Cm neighbor +or +.Cm out . +.It Cm peer-as Ar as +Show all entries with +.Ar as +as leftmost AS. +.It Cm source-as Ar as +Show all entries with +.Ar as +as rightmost AS. +.It Cm summary +This is the same as the +.Ic show summary +command. +.It Cm table Ar rib +Show only entries from the specified RIB table. +.It Cm transit-as Ar as +Show all entries with +.Ar as +anywhere but rightmost. +.El +.Pp +Additionally, the following +.Ar options +are defined: +.Pp +.Bl -tag -width "disqualified" -compact +.It Cm best +Alias for +.Ic selected . +.It Cm detail +Show more detailed output for matching routes. +.It Cm disqualified +Show only routes which are not eligible. +.It Cm error +Show only prefixes which are marked invalid and were treated as withdrawn. +.It Ar family +Limit the output to the given address family. +.It Cm filtered +Show only routes which were filtered out. +Requires +.Ic rde rib Loc-RIB include filtered +to be set in the config. +.It Cm in +Show routes from the unfiltered Adj-RIB-In. +The +.Cm neighbor +needs to be specified. +.It Cm leaked +Show only routes where a route leak was detected. +.It Cm out +Show the filtered routes sent to a neighbor. +The +.Cm neighbor +needs to be specified. +.It Cm selected +Show only selected routes. +.It Cm ssv +Show each RIB entry as a single line, with fields separated by semicolons. +Only works if +.Cm detail +is specified. +.El +.Pp +Options are silently ignored when used together with +.Ar summary +or +.Ar memory . +Multiple options can be used at the same time and the +.Ar neighbor +filter can be combined with other filters. +.It Cm show rtr +Show a list of all +.Em RTR +sessions, including information about the session state. +.It Cm show sets +Show a list summarizing all +.Em roa-set , +.Em as-set , +.Em prefix-set , +and +.Em origin-set +tables. +.It Cm show summary +Show a list of all neighbors, including information about the session state +and message counters: +.Pp +.Bl -tag -width xxxxxxxxxxxxxx -compact +.It Neighbor +Description of the neighbor. +.It AS +Autonomous system number. +.It MsgRcvd +Number of messages received from the neighbor. +.It MsgSent +Number of messages sent to the neighbor. +.It OutQ +Number of outgoing messages queued. +.It Up/Down +Number of days and hours that the session has been up. +.It State/PrfRcvd +State of the session / Number of routes received. +The session is up if there is no information for the State column +(Established is not displayed). +.El +.It Cm show summary terse +Show a list of all neighbors, including information about the session state, +in a terse format. +.It Cm show tables +Show a list of all currently loaded fib routing tables. +.El +.Sh FILES +.Bl -tag -width "/var/run/bgpd.sockXXX" -compact +.It Pa /etc/bgpd.conf +default +.Xr bgpd 8 +configuration file +.It Pa /var/run/bgpd.sock +default +.Xr bgpd 8 +control socket +.El +.Sh SEE ALSO +.Xr bgpd.conf 5 , +.Xr bgpd 8 , +.Xr bgplg 8 , +.Xr bgplgsh 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.5 . diff --git a/static/openbsd/man8/bgpd.8 b/static/openbsd/man8/bgpd.8 new file mode 100644 index 00000000..c729279b --- /dev/null +++ b/static/openbsd/man8/bgpd.8 @@ -0,0 +1,485 @@ +.\" $OpenBSD: bgpd.8,v 1.86 2025/05/22 08:55:11 job Exp $ +.\" +.\" Copyright (c) 2003, 2004 Henning Brauer +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 22 2025 $ +.Dt BGPD 8 +.Os +.Sh NAME +.Nm bgpd +.Nd Border Gateway Protocol (BGP) routing daemon +.Sh SYNOPSIS +.Nm bgpd +.Bk -words +.Op Fl cdnvV +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Ek +.Sh DESCRIPTION +.Nm +is a Border Gateway Protocol +.Pq BGP +daemon which manages the network routing tables. +Its main purpose is to exchange information +concerning +.Qq network reachability +with other BGP systems. +.Nm +uses the Border Gateway Protocol, Version 4, +as described in RFC 4271. +.Pp +BGP is an exterior gateway protocol using a multiple step decision process +to find the best path. +Advanced filtering can be used to influence the route +decision for traffic engineering. +The session engine of +.Nm +is responsible for maintaining the TCP session with each neighbor. +Updates are passed to the Route Decision Engine (RDE) where the paths +are filtered and used to compute a Routing Information Base (RIB). +The parent process is responsible for keeping the RIB in sync with +the kernel routing table. +.Pp +The route decision process selects the best path by evaluating all paths to +the same destination. +The decision process continues to the next step if paths have equal attributes. +Paths that are less preferred are taken out of consideration until there is +only one path left. +.Bl -enum -width 42 -offset bula +.It +All paths with errors or loops are not eligible. +.It +Paths with an unreachable nexthop are not eligible. +After this step all remaining paths are valid. +.It +The path with the highest +.Em LOCAL_PREF +is selected. +.It +The path with the shortest +.Em AS path +attribute is selected. +.It +The +.Em ORIGIN +attribute is compared. +The order is IGP before EGP before incomplete origins. +.It +The path with the lowest +.Em MULTI_EXIT_DISC +metric is selected. +Normally, this value is only considered when choosing between multiple +routes sent by the same neighbouring AS. +However, if +.Dq Li rde med compare always +is set in the configuration, the metric is compared for routes sent by any AS. +.It +Comparison of the BGP session type. +Paths learned over an external (EBGP) session are preferred over those +learned via an internal (IBGP) session. +.It +The path with the highest local +.Em weight +is selected. +.It +If +.Dq Li rde route-age evaluate +is set then the oldest path is selected. +.It +The path coming from the neighbor with the lowest +.Em BGP ID +wins. +If the +.Em ORIGINATOR_ID +attribute is present, that value will be used in the comparison instead. +.It +The path with the shortest +.Em CLUSTER_LIST +attribute is selected. +If it is not present then a length of 0 is used in the comparison. +.It +The path coming from the peer with the lowest IP address is selected. +IPv4 sessions will be preferred over IPv6 ones. +.El +.Pp +Attributes set by filters can be used to tip the decision process to prefer +particular paths over others. +This can be achieved by changing the +.Em localpref , +.Em med , +or +.Em weight +attributes. +AS path prepending or changing the +.Em med +or +.Em origin +attribute can be used to influence the routing behaviour on remote systems. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable bgpd , +which sets +.Pp +.Dl bgpd_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +When +.Nm +starts up, it reads settings from a configuration file, +typically +.Xr bgpd.conf 5 . +A running +.Nm +process can be controlled using the +.Xr bgpctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width "-f fileXXX" +.It Fl c +Force +.Nm +to do +.Xr carp 4 +demotion at startup when the +.Em demote +functionality is used. +Normally, +.Nm +will only do demotion at startup when the demotion counter for the group +in question is already greater than 0. +.Nm +will start handling demotion after all sessions with demotion configured for +the given group have been successfully established. +At system startup, +.Xr rc 8 +has the demotion counter for the group +.Em carp +increased until after +.Nm +is started, so this option should +.Em not +be used in +.Xr rc.conf 8 . +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Use +.Ar file +as the configuration file, +instead of the default +.Pa /etc/bgpd.conf . +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +Produce more verbose output. +.It Fl V +Show the version and exit. +.El +.Sh FILES +.Bl -tag -width "/var/run/bgpd.sock." -compact +.It Pa /etc/bgpd.conf +Default +.Nm +configuration file. +.It Pa /var/run/bgpd.sock. +Default +.Nm +control socket, where +.Ar +is the routing domain in which +.Nm +has been started. +.El +.Sh SEE ALSO +.Xr bgpd.conf 5 , +.Xr bgpctl 8 , +.Xr bgplg 8 , +.Xr bgplgsh 8 +.Sh STANDARDS +.Rs +.%D August 1996 +.%R RFC 1997 +.%T BGP Communities Attribute +.Re +.Pp +.Rs +.%D August 1998 +.%R RFC 2385 +.%T Protection of BGP Sessions via the TCP MD5 Signature Option +.Re +.Pp +.Rs +.%D March 1999 +.%R RFC 2545 +.%T Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing +.Re +.Pp +.Rs +.%D September 2000 +.%R RFC 2918 +.%T Route Refresh Capability for BGP-4 +.Re +.Pp +.Rs +.%D April 2004 +.%R RFC 3765 +.%T NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control +.Re +.Pp +.Rs +.%D January 2006 +.%R RFC 4271 +.%T A Border Gateway Protocol 4 (BGP-4) +.Re +.Pp +.Rs +.%D February 2006 +.%R RFC 4360 +.%T BGP Extended Communities Attribute +.Re +.Pp +.Rs +.%D February 2006 +.%R RFC 4364 +.%T BGP/MPLS IP Virtual Private Networks (VPNs) +.Re +.Pp +.Rs +.%D April 2006 +.%R RFC 4456 +.%T "BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)" +.Re +.Pp +.Rs +.%D April 2006 +.%R RFC 4486 +.%T Subcodes for BGP Cease Notification Message +.Re +.Pp +.Rs +.%D January 2007 +.%R RFC 4724 +.%T Graceful Restart Mechanism for BGP +.Re +.Pp +.Rs +.%D January 2007 +.%R RFC 4760 +.%T Multiprotocol Extensions for BGP-4 +.Re +.Pp +.Rs +.%D October 2007 +.%R RFC 5082 +.%T The Generalized TTL Security Mechanism (GTSM) +.Re +.Pp +.Rs +.%D February 2009 +.%R RFC 5492 +.%T Capabilities Advertisement with BGP-4 +.Re +.Pp +.Rs +.%D October 2009 +.%R RFC 5668 +.%T 4-Octet AS Specific BGP Extended Community +.Re +.Pp +.Rs +.%D June 2011 +.%R RFC 6286 +.%T Autonomous-System-Wide Unique BGP Identifier for BGP-4 +.Re +.Pp +.Rs +.%D May 2012 +.%R RFC 6608 +.%T Subcodes for BGP Finite State Machine Error +.Re +.Pp +.Rs +.%D Dec 2012 +.%R RFC 6793 +.%T BGP Support for Four-Octet Autonomous System (AS) Number Space +.Re +.Pp +.Rs +.%D August 2015 +.%R RFC 7606 +.%T Revised Error Handling for BGP UPDATE Messages +.Re +.Pp +.Rs +.%D October 2011 +.%R RFC 6396 +.%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format +.Re +.Pp +.Rs +.%D May 2012 +.%R RFC 6608 +.%T Subcodes for BGP Finite State Machine Error +.Re +.Pp +.Rs +.%D July 2014 +.%R RFC 7313 +.%T Enhanced Route Refresh Capability for BGP-4 +.Re +.Pp +.Rs +.%D August 2015 +.%R RFC 7607 +.%T Codification of AS 0 Processing +.Re +.Pp +.Rs +.%D July 2016 +.%R RFC 7911 +.%T Advertisement of Multiple Paths in BGP +.Re +.Pp +.Rs +.%D September 2016 +.%R RFC 7947 +.%T Internet Exchange BGP Route Server +.Re +.Pp +.Rs +.%D May 2017 +.%R RFC 8050 +.%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format with BGP Additional Path Extensions +.Re +.Pp +.Rs +.%D February 2017 +.%R RFC 8092 +.%T BGP Large Communities Attribute +.Re +.Pp +.Rs +.%D March 2017 +.%R RFC 8097 +.%T BGP Prefix Origin Validation State Extended Community +.Re +.Pp +.Rs +.%D July 2017 +.%R RFC 8203 +.%T BGP Administrative Shutdown Communication +.Re +.Pp +.Rs +.%D September 2017 +.%R RFC 8210 +.%T The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1 +.Re +.Pp +.Rs +.%D July 2017 +.%R RFC 8212 +.%T Default External BGP (EBGP) Route Propagation Behavior without Policies +.Re +.Pp +.Rs +.%D March 2018 +.%R RFC 8326 +.%T Graceful BGP Session Shutdown +.Re +.Pp +.Rs +.%D March 2019 +.%R RFC 8538 +.%T Notification Message Support for BGP Graceful Restart +.Re +.Pp +.Rs +.%D October 2019 +.%R RFC 8654 +.%T Extended Message Support for BGP +.Re +.Pp +.Rs +.%D November 2020 +.%R RFC 8950 +.%T Advertising IPv4 Network Layer Reachability Information (NLRI) with an IPv6 Next Hop +.Re +.Pp +.Rs +.%D December 2020 +.%R RFC 8955 +.%T Dissemination of Flow Specification Rules +.Re +.Pp +.Rs +.%D December 2020 +.%R RFC 8956 +.%T Dissemination of Flow Specification Rules for IPv6 +.Re +.Pp +.Rs +.%D July 2021 +.%R RFC 9072 +.%T Extended Optional Parameters Length for BGP OPEN Message +.Re +.Pp +.Rs +.%D May 2022 +.%R RFC 9234 +.%T Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages +.Re +.Pp +.Rs +.%D November 2024 +.%R RFC 9687 +.%T Border Gateway Protocol 4 (BGP-4) Send Hold Timer +.Re +.Pp +.Rs +.%D May 2025 +.%R RFC 9774 +.%T Deprecation of AS_SET and AS_CONFED_SET in BGP +.Re +.Pp +.Rs +.%D October 2022 +.%R draft-ietf-sidrops-aspa-verification +.%T BGP AS_PATH Verification Based on Resource Public Key Infrastructure (RPKI) Autonomous System Provider Authorization (ASPA) Objects +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.5 . diff --git a/static/openbsd/man8/bgplg.8 b/static/openbsd/man8/bgplg.8 new file mode 100644 index 00000000..f162c3f8 --- /dev/null +++ b/static/openbsd/man8/bgplg.8 @@ -0,0 +1,219 @@ +.\" $OpenBSD: bgplg.8,v 1.16 2016/12/14 14:38:42 reyk Exp $ +.\" +.\" Copyright (c) 2005, 2006, 2013 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 14 2016 $ +.Dt BGPLG 8 +.Os +.Sh NAME +.Nm bgplg +.Nd looking glass for the OpenBSD Border Gateway Protocol daemon +.Sh SYNOPSIS +.Nm bgplg +.Sh DESCRIPTION +The +.Nm +CGI program is a looking glass for the +.Xr bgpd 8 +Border Gateway Protocol daemon. +The looking glass will provide a simple web interface with read-only +access to a restricted set of +.Xr bgpd 8 +and system status information, which is typically used on route +servers by Internet Service Providers (ISPs) and Internet eXchange +points (IXs). +It is intended to be used in a +.Xr chroot 2 +environment in +.Pa /var/www . +.Pp +.Nm +is disabled by default. +It requires four steps to enable the looking glass: +.Bl -enum +.It +Update the file permission mode to allow the execution of the +.Nm +CGI program and the additional statically linked programs that have +been installed into the +.Xr chroot 2 +environment. +.Pp +For example, +to allow execution of +.Nm +and the statically-linked version of +.Xr bgpctl 8 : +.Bd -literal -offset indent +# chmod 0555 /var/www/cgi-bin/bgplg +# chmod 0555 /var/www/bin/bgpctl +.Ed +.Pp +External commands like +.Xr ping 8 +and others will be hidden from the looking glass command +list unless given the correct permissions. +See the +.Sx FILES +section below for the list of installed programs. +.It +The programs +.Xr ping 8 , +.Xr ping6 8 , +.Xr traceroute 8 +and +.Xr traceroute6 8 +will require a copy of the resolver configuration file +.Xr resolv.conf 5 +in the +.Xr chroot 2 +environment for optional host name lookups. +.Bd -literal -offset indent +# mkdir /var/www/etc +# cp /etc/resolv.conf /var/www/etc +.Ed +.It +Start the Border Gateway Protocol daemon with a second, +restricted, control socket that can be used +from within the +.Xr chroot 2 +environment. +See +.Xr bgpd.conf 5 +for more information. +.Pp +For example, +add the following to +.Pa /etc/bgpd.conf +to have +.Xr bgpd 8 +open a second, restricted, control socket: +.Pp +.Dl socket \&"/var/www/run/bgpd.rsock\&" restricted +.It +Start the +.Xr httpd 8 +and +.Xr slowcgi 8 +servers after configuring the related +.Ic server +section in +.Xr httpd.conf 5 . +For example: +.Bd -literal -offset indent +ext_addr="0.0.0.0" + +server "lg.example.net" { + listen on $ext_addr port 80 + location "/cgi-bin/*" { + fastcgi + root "" + } +} +.Ed +.El +.Sh FILES +.Bl -tag -width "/var/www/conf/bgplg.headXX" -compact +.It Pa /var/www/conf/bgplg.css +Optional +.Nm +CSS style sheet. +.It Pa /var/www/conf/bgplg.head +Optional +.Nm +HTML header. +.It Pa /var/www/conf/bgplg.foot +Optional +.Nm +HTML footer. +.It Pa /var/www/run/bgpd.rsock +Position of the second, restricted, control socket of +.Xr bgpd 8 . +.El +.Pp +The following statically linked executables have been installed into +the +.Xr chroot 2 +environment of the +.Xr httpd 8 +server. +To enable the corresponding functionality, use the +.Xr chmod 1 +utility to manually set the file permission mode to 0555 or anything +appropriate. +Some of these executables need the set-user-ID bit, +so they should be mounted on a filesystem +without the +.Ic nosuid +option. +.Pp +.Bl -tag -width "/var/www/bin/traceroute6XX" -compact +.It Pa /var/www/cgi-bin/bgplg +The +.Nm +CGI executable. +.It Pa /var/www/bin/bgpctl +The +.Xr bgpctl 8 +program used to query information from +.Xr bgpd 8 +.It Pa /var/www/bin/ping +The +.Xr ping 8 +program used to send ICMP ECHO_REQUEST packets to network hosts. +Requires the set-user-ID bit, set the permission mode to 4555. +.It Pa /var/www/bin/ping6 +The +.Xr ping6 8 +program used to send ICMPv6 ICMP6_ECHO_REQUEST packets to network hosts. +Requires the set-user-ID bit, set the permission mode to 4555. +.It Pa /var/www/bin/traceroute +The +.Xr traceroute 8 +program used to print the route packets take to network hosts. +Requires the set-user-ID bit, set the permission mode to 4555. +.It Pa /var/www/bin/traceroute6 +The +.Xr traceroute6 8 +program used to print the route packets take to +.Xr inet6 4 +network hosts. +Requires the set-user-ID bit, set the permission mode to 4555. +.El +.Sh SEE ALSO +.Xr bgpctl 8 , +.Xr bgpd 8 , +.Xr bgplgsh 8 , +.Xr httpd 8 , +.Xr slowcgi 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.1 . +The initial implementation was done in 2005 for DE-CIX, the German +commercial internet exchange point. +.Sh AUTHORS +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . +.Sh CAVEATS +To prevent commands from running endlessly, +.Nm +will kill the corresponding processes after a hard limit of 60 seconds. +For example, this can take effect when using +.Xr traceroute 8 +with blackholed or bad routes. diff --git a/static/openbsd/man8/bgplgd.8 b/static/openbsd/man8/bgplgd.8 new file mode 100644 index 00000000..7ee1e01c --- /dev/null +++ b/static/openbsd/man8/bgplgd.8 @@ -0,0 +1,215 @@ +.\" $OpenBSD: bgplgd.8,v 1.13 2025/07/13 23:38:55 jsg Exp $ +.\" +.\" Copyright (c) 2021 Claudio Jeker +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 13 2025 $ +.Dt BGPLGD 8 +.Os +.Sh NAME +.Nm bgplgd +.Nd a bgpctl FastCGI server +.Sh SYNOPSIS +.Nm +.Op Fl d +.Op Fl p Ar path +.Op Fl S Ar socket +.Op Fl s Ar socket +.Op Fl U Ar user +.Op Fl V +.Sh DESCRIPTION +.Nm +is a server which implements the FastCGI Protocol to execute +.Xr bgpctl 8 +commands. +.Nm +is a simple server that implements a simple web API to query +.Xr bgpd 8 . +.Pp +.Nm +opens a socket at +.Pa /var/www/run/bgplgd.sock , +owned by www:www, +with permissions 0660. +It will then drop privileges to user +.Qq _bgplgd , +.Xr unveil 2 +the +.Xr bgpctl 8 +binary +and restrict itself with +.Xr pledge 2 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to stderr. +.It Fl p Ar path +Use +.Ar path +instead of +.Xr bgpctl 8 +to query +.Xr bgpd 8 . +.It Fl S Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/bgpd.rsock +to communicate with +.Xr bgpd 8 . +.It Fl s Ar socket +Create and bind to alternative local socket at +.Ar socket . +.It Fl U Ar user +Change the owner of +.Pa /var/www/run/bgplgd.sock +to +.Ar user +and its primary group instead of the default www:www. +.It Fl V +Show the version and exit. +.El +.Pp +.Nm +provides the following API endpoints. +Unless further specified the endpoints do not take any parameters: +.Pp +.Bl -tag -width "/interfaces" -compact +.It Pa /interfaces +Show the interface states. +.It Pa /memory +Show RIB memory statistics. +.It Pa /metrics +Output various statistics in OpenMetrics format. +.It Pa /neighbors +Show detailed neighbors information. +The output can be limited with the following parameters: +.Pp +.Bl -tag -width "neighbor=peer" -compact +.It Cm neighbor Ns = Ns Ar peer +Show information for a specific neighbor. +.Ar peer +may be the neighbor's address or description. +.It Cm group Ns = Ns Ar name +Show only entries from the specified peer group. +.El +.It Pa /nexthops +Show the list of BGP nexthops and the result of their validity check. +.It Pa /rib +.It Pa /rib/in +.It Pa /rib/out +Show routes from the bgpd(8) Routing Information Base. +For +.Pa /rib/in +the +.Ar Adj-RIB-In +will be queried and for +.Pa /rib/out +the +.Ar Adj-RIB-out . +The following parameters can be used to filter the output: +.Pp +.Bl -tag -width "neighbor=peer" -compact +.It Cm neighbor Ns = Ns Ar peer +Show information for a specific neighbor. +.Ar peer +may be the neighbor's address or description. +.It Cm group Ns = Ns Ar name +Show only entries from the specified peer group. +.It Cm as Ns = Ns Ar number +Show only entries with the specified source AS number. +.It Cm community Ns = Ns Ar string +.It Cm ext-community Ns = Ns Ar string +.It Cm large-community Ns = Ns Ar string +Show only entries that match the specified community. +.It Xo +.Ic af Ns = Ns +.Pq Ic ipv4 | ipv6 | vpnv4 | vpnv6 +.Xc +Show only entries that match the specified address family. +.It Cm rib Ns = Ns Ar name +Show only entries from the RIB with name +.Ar name . +Can only be used with the +.Pa /rib +endpoint. +.It Xo +.Ic ovs Ns = Ns +.Pq Ic valid | not-found | invalid +.Xc +Show only prefixes that match the specified Origin Validation State. +.It Xo +.Ic avs Ns = Ns +.Pq Ic valid | invalid | unknown +.Xc +Show only prefixes that match the specified ASPA Validation State. +.It Cm best Ns = Ns 1 +Show only selected routes. +.It Cm error Ns = Ns 1 +Show only prefixes which are marked invalid and were treated as withdrawn. +.It Cm filtered Ns = Ns 1 +Show only prefixes which are marked filtered by the input filter. +.It Cm invalid Ns = Ns 1 +Show only prefixes which are not eligible. +.It Cm leaked Ns = Ns 1 +Show only prefixes where a route leak was detected. +.It Cm prefix Ns = Ns Ar addr +Show only entries that match prefix either as the best matching route or +show the entry for this CIDR prefix. +.It Cm all Ns = Ns 1 +Show all entries in the specified prefix range. +.It Cm or-shorter Ns = Ns 1 +Show all entries covering and including the specified prefix. +.El +.It Pa /rtr +Show a list of all RTR sessions. +.It Pa /sets +Show a list summarizing all roa-set, as-set, prefix-set, and origin-set tables. +.It Pa /summary +Show a list of all neighbors, including information about the session state +and message counters. +.El +.Sh EXAMPLES +Add the following to +.Pa /etc/bgpd.conf +to have +.Xr bgpd 8 +open a second, restricted, control socket: +.Pp +.Dl socket \&"/var/run/bgpd.rsock\&" restricted +.Pp +An example setup in +.Xr httpd 8 +is: +.Bd -literal -offset indent + location "/bgplgd/*" { + fastcgi socket "/run/bgplgd.sock" + request strip 1 + } +.Ed +.Sh SEE ALSO +.Xr bgpctl 8 , +.Xr bgpd 8 , +.Xr httpd 8 +.Sh HISTORY +The +.Nm +server first appeared in +.Ox 7.2 . +.Sh AUTHORS +.An Claudio Jeker Aq Mt claudio@openbsd.org diff --git a/static/openbsd/man8/bgplgsh.8 b/static/openbsd/man8/bgplgsh.8 new file mode 100644 index 00000000..71ba0cb3 --- /dev/null +++ b/static/openbsd/man8/bgplgsh.8 @@ -0,0 +1,104 @@ +.\" $OpenBSD: bgplgsh.8,v 1.12 2019/03/17 10:43:24 jmc Exp $ +.\" +.\" Copyright (c) 2005, 2006 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 17 2019 $ +.Dt BGPLGSH 8 +.Os +.Sh NAME +.Nm bgplgsh +.Nd looking glass shell for the OpenBSD Border Gateway Protocol daemon +.Sh SYNOPSIS +.Nm bgplgsh +.Sh DESCRIPTION +The +.Nm +program is a looking glass shell for the +.Xr bgpd 8 +Border Gateway Protocol daemon. +The looking glass will provide a simple command line interface +with read-only access to a restricted set of +.Xr bgpd 8 +and system status information, which is typically used on route +servers by Internet Service Providers (ISPs) and Internet eXchange +points (IXs). +.Pp +It requires three steps to enable the looking glass shell: +.Bl -enum +.It +Add +.Nm +as a valid login shell. +See +.Xr shells 5 +for more information. +.Bd -literal -offset indent +# echo /usr/bin/bgplgsh \*(Gt\*(Gt /etc/shells +.Ed +.It +Create a new user for restricted looking glass access. +See +.Xr adduser 8 +for more information about system user management. +.Bd -literal -offset indent +# adduser -shell bgplgsh -batch bgplg +# passwd bgplg +.Ed +.It +Start the Border Gateway Protocol daemon with a second, +restricted, control socket. +See +.Xr bgpd.conf 5 +and +.Xr bgplg 8 +for more information. +.Pp +For example, +add the following to +.Pa /etc/bgpd.conf +to have +.Xr bgpd 8 +open a second, restricted, control socket: +.Pp +.Dl socket \&"/var/www/run/bgpd.rsock\&" restricted +.El +.Sh FILES +.Bl -tag -width "/var/www/run/bgpd.rsockXX" -compact +.It Pa /var/www/run/bgpd.rsock +Position of the second, restricted, control socket of +.Xr bgpd 8 . +.El +.Sh SEE ALSO +.Xr bgpd 8 , +.Xr bgplg 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.1 . +The initial implementation was done in 2005 for DE-CIX, the German +commercial internet exchange point. +.Sh AUTHORS +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . +.Sh CAVEATS +To prevent commands from running endlessly, +.Nm +will kill the corresponding processes after a hard limit of 60 seconds. +For example, this can take effect when using +.Xr traceroute 8 +with blackholed or bad routes. diff --git a/static/openbsd/man8/bioctl.8 b/static/openbsd/man8/bioctl.8 new file mode 100644 index 00000000..357baffd --- /dev/null +++ b/static/openbsd/man8/bioctl.8 @@ -0,0 +1,376 @@ +.\" $OpenBSD: bioctl.8,v 1.116 2024/07/15 05:36:08 jmc Exp $ +.\" +.\" Copyright (c) 2004, 2005 Marco Peereboom +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 15 2024 $ +.Dt BIOCTL 8 +.Os +.Sh NAME +.Nm bioctl +.Nd storage management interface +.Sh SYNOPSIS +.Nm bioctl +.Op Fl hiqv +.Op Fl a Ar alarm-function +.Op Fl b Ar channel : Ns Ar target Ns Op Pf . Ar lun +.Op Fl H Ar channel : Ns Ar target Ns Op Pf . Ar lun +.Op Fl R Ar chunk | channel : Ns Ar target Ns Op Pf . Ar lun +.Op Fl t Ar patrol-function +.Op Fl u Ar channel : Ns Ar target Ns Op Pf . Ar lun +.Ar device +.Pp +.Nm bioctl +.Op Fl dhiPqsv +.Op Fl C Ar flag Ns Op Pf , Ar ... +.Op Fl c Ar raidlevel +.Op Fl k Ar keydisk +.Op Fl l Ar chunk Ns Op Pf , Ar ... +.Op Fl O Ar chunk | channel : Ns Ar target Ns Op Pf . Ar lun +.Op Fl p Ar passfile +.Op Fl R Ar chunk | channel : Ns Ar target Ns Op Pf . Ar lun +.Op Fl r Ar rounds +.Ar device +.Sh DESCRIPTION +.Nm bioctl +is used to interact with device drivers that register with +.Xr bio 4 . +.Pp +The +.Fl h , +.Fl i , +.Fl q , +and +.Fl v +options are used to display information about the specified +.Ar device : +.Bl -tag -width disable +.It Fl h +Where appropriate, produce +.Dq human-readable +output. +Use unit suffixes: Byte, Kilobyte, Megabyte, +Gigabyte, Terabyte, Petabyte, Exabyte in order to reduce the number of +digits to four or less. +.It Fl i +Display default information for the specified device. +For example, for hardware RAID controllers enumerate attached devices. +This is the default if no options are specified. +.It Fl q +If +.Ar device +is an +.Xr sd 4 , +display its vendor, product, revision, and serial number. +.It Fl v +Be more verbose in output. +.El +.Pp +The first synopsis shows options used to manage +hardware RAID controllers. +.Ar device +specifies either a drive (e.g. sd1), a hardware RAID controller (e.g. ami0) or a +.Xr ses 4 +or +.Xr safte 4 +enclosure. +.Pp +The second synopsis shows options used to manage +.Xr softraid 4 +volumes (e.g. sd0) +or the softraid controller itself +(always softraid0). +.Pp +The options for hardware RAID controllers are as follows: +.Bl -tag -width Ds +.It Fl a Ar alarm-function +Control the RAID card's alarm functionality, if supported. +.Ar alarm-function +may be one of: +.Pp +.Bl -tag -width disable -compact +.It Cm disable +Disable the alarm on the RAID controller. +.It Cm enable +Enable the alarm on the RAID controller. +.It Cm get +Retrieve the current alarm state (enabled or disabled). +.It Cm silence | quiet +Silence the alarm if it is currently beeping. +.El +.Pp +The +.Ar alarm-function +may be specified as given above, +or by the first letter only +(e.g. -a e). +.It Fl b Ar channel : Ns Ar target Ns Op Pf . Ar lun +Instruct the device at +.Ar channel : Ns Ar target Ns Op Pf . Ar lun +to start blinking, if there is +.Xr ses 4 +or +.Xr safte 4 +support in the enclosure. +.It Fl H Ar channel : Ns Ar target Ns Op Pf . Ar lun +If the device at +.Ar channel : Ns Ar target Ns Op Pf . Ar lun +is currently marked +.Dq Unused , +promote it to being a +.Dq Hot Spare . +.It Fl R Ar chunk | channel : Ns Ar target Ns Op Pf . Ar lun +Manually kick off a rebuild of a degraded RAID volume, using +.Ar chunk +or +.Ar channel : Ns Ar target Ns Op Pf . Ar lun +as a new chunk replacing the offline chunk in the volume. +It is not possible to change the number of chunks. +The +.Ar chunk +must be specified as a full path to a device file (e.g. /dev/wd0d). +A RAID volume rather than a RAID controller is expected as the final argument. +.It Fl t Ar patrol-function +Control the RAID card's patrol functionality, if supported. +.Ar patrol-function +may be one of: +.Pp +.Bl -tag -width disable -compact +.It Cm stop +Stop the patrol on the RAID controller. +.It Cm start +Start the patrol on the RAID controller. +.It Cm get +Retrieve the current patrol configuration. +.It Cm disable +Disable the patrol functionality. +.It Cm manual +Enable the patrol functionality to start/stop manually. +.It Cm auto Ns Op Pf . Ar interval Ns Op Pf . Ar start +Enable the patrol functionality to start/stop automatically in every +.Ar interval +seconds, starting the first iteration after +.Ar start +seconds. +.El +.It Fl u Ar channel : Ns Ar target Ns Op Pf . Ar lun +Instruct the device at +.Ar channel : Ns Ar target Ns Op Pf . Ar lun +to cease blinking, if there is +.Xr ses 4 +or +.Xr safte 4 +support in the enclosure. +.El +.Pp +The options for +.Xr softraid 4 +devices are as follows: +.Bl -tag -width Ds +.It Fl C Ar flag Ns Op Pf , Ar ... +Pass +.Ar flag +to +.Nm . +May be one of: +.Pp +.Bl -tag -width disable -compact +.It Cm force +Force the operation; +for example, force the creation of volumes +with unclean data in the metadata areas. +.It Cm noauto +Do not automatically assemble this volume at boot time. +.El +.It Fl c Ar raidlevel +Create a new +.Xr softraid 4 +volume of level +.Ar raidlevel . +The +.Ar device +must be +.Dq softraid0 ; +it supports multiple volumes. +.Pp +Valid raidlevels are: +.Pp +.Bl -tag -width 2n -offset 3n -compact +.It Cm 0 +RAID 0: +A striping discipline. +.It Cm 1 +RAID 1: +A mirroring discipline. +.It Cm 5 +RAID 5: +A striping discipline with floating parity chunk. +.It Cm C +CRYPTO: +An encrypting discipline. +.It Cm c +CONCAT: +A concatenating discipline. +.It Cm 1C +RAID 1 + CRYPTO: +An encrypting and mirroring discipline. +.El +.Pp +The CONCAT discipline requires a minimum of one chunk, RAID 0 and RAID 1 +disciplines require a minimum of two chunks, RAID 5 requires a minimum +of three chunks and the CRYPTO discipline requires exactly one chunk to +be provided via +.Fl l . +.Pp +The RAID 1C discipline requires a minimum of two chunks when a new volume +is created, and a minimum of one chunk when an existing volume is assembled. +Missing RAID 1C chunks will be marked as offline and must be rebuilt before +they become part of the array again. +.It Fl d +Detach volume specified by +.Ar device . +.It Fl k Ar keydisk +Use special device +.Ar keydisk +as a key disk for a crypto volume. +.It Fl l Ar chunk Ns Op Pf , Ar ... +Use the +.Ar chunk +device list to create a new volume within the +.Xr softraid 4 +framework. +Requires +.Fl c . +.It Fl O Ar chunk | channel : Ns Ar target Ns Op Pf . Ar lun +Set the state of +.Ar chunk +or +.Ar channel : Ns Ar target Ns Op Pf . Ar lun +to offline. +The state of the RAID volume will change in the same way that it would if the +disk physically went offline. +The +.Ar chunk +must be specified as a full path to a device file (e.g. /dev/wd0d). +A RAID volume rather than a RAID controller is expected as the +.Ar device +argument. +.It Fl P +Change the passphrase on the selected crypto volume. +.It Fl p Ar passfile +Passphrase file used when crypto volumes are brought up. +This file must be root owned and have 0600 permissions. +.It Fl R Ar chunk | channel : Ns Ar target Ns Op Pf . Ar lun +Manually kick off a rebuild of a degraded volume, using +.Ar chunk +or +.Ar channel : Ns Ar target Ns Op Pf . Ar lun +as a new chunk, +replacing the offline chunk in the volume. +It is not possible to change the number of chunks. +The +.Ar chunk +must be specified as a full path to a device file (e.g. /dev/sd0d) which +refers to a partition of fstype RAID. +A +.Xr softraid 4 +volume rather than softraid0 is expected as the final argument. +.It Fl r Ar rounds +The number of iterations for the KDF algorithm to use when converting a +passphrase into a key, in order to create a new encrypted volume or change the +passphrase of an existing encrypted volume. +A larger number of iterations takes more time, but offers increased resistance +against passphrase guessing attacks. +By default, or if +.Ar rounds +is specified as +.Cm auto , +the number of rounds will automatically be based on system performance. +The minimum is 16 rounds. +.It Fl s +Read passphrases from +.Pa /dev/stdin +rather than +.Pa /dev/tty , +without prompts, confirmation or retry on mismatch. +.El +.Sh EXAMPLES +Configure a new +.Xr softraid 4 +volume with four chunks +(/dev/sd2e, /dev/sd3e, /dev/sd4e, /dev/sd5e) +and a RAID level of 1: +.Bd -literal -offset 3n +# bioctl -c 1 -l /dev/sd2e,/dev/sd3e,/dev/sd4e,/dev/sd5e softraid0 +.Ed +.Pp +Configure a new +.Xr softraid 4 +volume with one chunk (/dev/sd2e) and an encrypting discipline: +.Bd -literal -offset 3n +# bioctl -c C -l /dev/sd2e softraid0 +.Ed +.Pp +.Nm +will ask for a passphrase, which will be needed to unlock the encrypted +disk. +After creating a newly encrypted disk, the first megabyte of it should be +zeroed, so tools like +.Xr fdisk 8 +or +.Xr disklabel 8 +don't get confused by the random data that appears on the new disk: +.Bd -literal -offset 3n +# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1 +.Ed +.Pp +Detaching a softraid volume requires the exact volume name. +For example: +.Bd -literal -offset 3n +# bioctl -d sd2 +.Ed +.Pp +Start a rebuild of the degraded softraid volume sd0 +using a new chunk on wd0d: +.Bd -literal -offset 3n +# bioctl -R /dev/wd0d sd0 +.Ed +.Pp +Show detailed information about the nvme0 controller: +.Bd -literal -offset 3n +# bioctl -v nvme0 +.Ed +.Sh SEE ALSO +.Xr bio 4 , +.Xr scsi 4 , +.Xr softraid 4 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 3.8 . +.Sh AUTHORS +The +.Nm +interface was written by +.An Marco Peereboom Aq Mt marco@openbsd.org . diff --git a/static/openbsd/man8/biosboot.8 b/static/openbsd/man8/biosboot.8 new file mode 100644 index 00000000..e1dee735 --- /dev/null +++ b/static/openbsd/man8/biosboot.8 @@ -0,0 +1,256 @@ +.\" $OpenBSD: biosboot.8,v 1.15 2022/06/27 16:39:34 jmc Exp $ +.\" +.\" Copyright (c) 2003 Tom Cosgrove +.\" Copyright (c) 1997 Michael Shalayeff +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 27 2022 $ +.Dt BIOSBOOT 8 amd64 +.Os +.Sh NAME +.Nm biosboot +.Nd amd64-specific first-stage system bootstrap +.Sh DESCRIPTION +This small program (roughly 512 bytes of code) is responsible for +loading the second-stage +.Xr boot 8 +program (typically /boot), which in turn will load the kernel. +.Pp +.Nm +must be installed by +.Xr installboot 8 . +As part of the installation, +.Xr installboot 8 +patches +.Nm +with information about the location of +.Xr boot 8 +on disk. +Specifically, it writes the filesystem block number of +.Xr boot 8 Ns 's +inode, +the offset within this block of the inode, +and various filesystem parameters (taken from the superblock) +required to convert filesystem blocks to disk sectors. +Usually, +.Xr boot 8 +is loaded from the root filesystem of the boot disk. +If the boot disk is a +.Xr softraid 4 +volume, +.Xr installboot 8 +arranges for a copy of +.Xr boot 8 +to be loaded from a dedicated single-inode filesystem located within +the volume's meta data area. +.Pp +You must re-run +.Xr installboot 8 +whenever +.Xr boot 8 +is changed, as its inode may change. +While it should not be necessary, +it may also be advisable to re-run +.Xr installboot 8 +if you move your disk between machines and/or controllers. +.Pp +When +.Nm +receives control from either the BIOS or the +master boot record (MBR), it will print the message: +.Pp +.Dl Loading +.Pp +followed by a dot for every filesystem block it attempts to load. +If /boot is loaded successfully, +.Nm +will put the cursor on the next line just before +transferring control to the newly-loaded program. +.Pp +If possible, +.Nm +will read disk sectors using calls detailed in the Phoenix +Enhanced Disk Drive Specification (EDD, sometimes known as LBA, reads). +It will fall back to CHS reads only if EDD calls are not available. +.Pp +.Nm +prints a +.Sq ;\& +after the +.Dq Loading +message if it is going to use CHS reads for any reason. +For example, when booting from floppy or CD-ROM. +.Pp +.Nm +may fail with any of the following error messages: +.Bl -tag -width ERR_X__ +.It Er ERR I +Too many indirect blocks. +.Nm +is capable of reading the direct blocks in +.Xr boot 8 Ns 's +inode (the location of which is patched into +.Nm +by +.Xr installboot 8 ) +and the first indirect block, +but it is not capable of reading further indirect blocks. +This error indicates that further such indirect blocks were found. +The system will not be able to boot. +.Pp +This is unlikely to ever happen in practice, as +.Xr boot 8 +has to be quite large for this to be an issue. +The smallest possible filesystem block size is 512 bytes +(one sector per filesystem block). +On such a system, there are 140 filesystem blocks that +.Nm +can read, so +.Xr boot 8 +can be up to 70 KB. +.Pp +However, even on floppy disks the filesystem block size is 1024 bytes. +This allows +.Xr boot 8 +to occupy up to 268 disk blocks, +i.e. to be 268 KB. +On hard disks (default filesystem block size 16 KB) +4,108 disk blocks are available, to allow +.Xr boot 8 +to be over 64 MB in size! +(Only direct blocks are required for +.Xr boot 8 Ns s +of up to 192 KB.) +.It Er ERR M +Bad magic. +The ELF +.Dq magic number +\e7fELF in +.Xr boot 8 Ns 's +header was not found. +This indicates that the first block of +.Xr boot 8 +was not read correctly. +This could be due to disk corruption, +failing to run +.Xr installboot 8 , +giving an invalid +.Xr boot 8 +program as the +.Ar boot +argument to +.Xr installboot 8 , +or +incorrect geometry translation. +.It Er ERR R +Read error. +The BIOS returned an error indication when +.Nm +attempted to read a disk sector. +This might be any media error, including bad sectors (common on floppy disks), +and invalid sectors (can occur with bad geometry translations). +.It Er ERR X +Can't boot. +Issued when trying to read sectors in CHS mode, +but the BIOS call +.Em get\ drive\ parameters +failed or gave a value of 0 for the number of sectors per track. +In either case, it is not possible for +.Nm +to calculate the (cylinder, head, sector) values required to +read any sectors. +.El +.Sh NOTES +Using +.Nm +as the MBR, +as has been done in the past, +is not recommended, and is not supported. +Instead, create a single +.Xr fdisk 8 +partition that spans the entire disk. +.Pp +Despite the support for +.Xr boot 8 +over the 8 GB boundary, +good +.Xr disklabel 8 +partitioning practices should still be followed. +.Sh FILES +.Bl -tag -width /usr/mdec/biosbootxx -compact +.It Pa /usr/mdec/mbr +Master Boot Record block +.It Pa /usr/mdec/biosboot +primary bootstrap +.It Pa /boot +secondary bootstrap +.It Pa /usr/mdec/pxeboot +PXE bootstrap +.It Pa /bsd +.Ox +kernel +.It Pa /bsd.sp +.Ox +kernel for single processor machines +.It Pa /bsd.mp +.Ox +kernel for multiprocessor machines +.It Pa /bsd.rd +.Ox +kernel for installation/recovery +.El +.Sh SEE ALSO +.Xr softraid 4 , +.Xr boot 8 , +.Xr boot_amd64 8 , +.Xr disklabel 8 , +.Xr fdisk 8 , +.Xr installboot 8 , +.Xr pxeboot 8 +.Sh HISTORY +.Nm +was originally written by Michael Shalayeff for +.Ox 2.1 . +However it was based on bootstrap code from older versions of this +operating system, other operating systems, other programs, and +other people's work. +.Pp +It was significantly revised in December 2003 by Tom Cosgrove, +in order to support LBA disk access (via the Phoenix Enhanced Disk +Drive Specification API). +At that time the internal table of disk blocks was removed, and +.Nm +modified to read filesystem block numbers from the inode. +.Sh BUGS +.Nm +should perform and verify a checksum across the entire loaded +.Xr boot 8 +image, +rather than just checking the magic number in the first block. +.Pp +There is no BIOS error number reported nor is the location of the error +reported. +.Pp +You can pick your motherboard, and you can pick your BIOS, +but you can't pick your motherboard's BIOS. diff --git a/static/openbsd/man8/boot.8 b/static/openbsd/man8/boot.8 new file mode 100644 index 00000000..b879756e --- /dev/null +++ b/static/openbsd/man8/boot.8 @@ -0,0 +1,241 @@ +.\" $OpenBSD: boot.8,v 1.3 2024/11/05 09:42:48 miod Exp $ +.\" +.\" Copyright (c) 1997-2001 Michael Shalayeff +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +.\" THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 5 2024 $ +.Dt BOOT 8 alpha +.Os +.Sh NAME +.Nm boot , +.Nm boot.conf +.Nd alpha-specific bootstrap +.Sh DESCRIPTION +The main purpose of this program is to load the system kernel. +.Pp +As described in +.Xr boot_alpha 8 , +this program is loaded by the SRM firmware +and provides a convenient way to load the kernel. +This program acts as an enhanced boot monitor for alpha systems, providing +a common interface for the kernel to start from. +.Pp +Basic operations include: +.Pp +.Bl -bullet -compact +.It +Loading kernels from hard disk. +.It +Loading kernels compressed by +.Xr gzip 1 . +.It +Providing an interactive command line. +.El +.Pp +The sequence of its operation is as follows: initialization, +parsing the configuration file, then an interactive command line. +While at the command line you have 5 seconds to type any commands, if needed. +If time expires, the kernel will be loaded according to +the current variable settings (see the +.Ic set +command). +If the kernel load fails, a second attempt is made with the timeout increased +by one second. +The sequence of +.Nm +operations is as follows: +.Bl -enum +.It +If the file +.Pa /etc/boot.conf +exists on the filesystem in slice +.Sq a +on the disk +.Nm +was loaded from, open and parse it. +Lines beginning with the +.Sq # +character, +as well as whitespace at the beginning of lines, +are ignored. +The file may contain any commands +.Nm +accepts at the interactive prompt. +Though default settings usually suffice, they can be changed here. +.It +The header line +.Pp +.Dl >> OpenBSD/alpha BOOT [x.xx] +.Pp +is displayed to the active console, where +.Ar x.xx +is the version number of the +.Nm +program, followed by the +.Pp +.Dl boot> +.Pp +prompt, which means you are in interactive mode and may enter commands. +If you do not, +.Nm +will proceed to load the kernel with the current parameters after the +timeout period has expired. +.El +.Pp +By default, +.Nm +attempts to load the kernel executable specified in the SRM environment +variable +.Em boot_file , +defaulting to +.Pa /bsd +if not set. +If it fails to find the kernel and no alternative kernel image has +been specified, the system will be unable to boot. +.Sh COMMANDS +The following commands are accepted at the +.Nm +prompt: +.Bl -tag -width shorten +.It Ic boot Oo Ns Ar image Oc Op Fl cdns +Boots the specified kernel image with any options given. +If +.Ar image +is omitted, values from the +.Nm +variables will be used. +.Bl -tag -width _a_ +.\" XXX Consider documenting -a as silently doing nothing, accepted for +.\" XXX compatibility purpose (since multiuser boot is the default). +.It Fl c +Causes the kernel to go into +.Xr boot_config 8 +before performing +.Xr autoconf 4 +procedures. +.It Fl d +Causes the kernel to drop into +.Xr ddb 4 +at the earliest convenient point. +.It Fl n +Causes the kernel to ask for the +.Nm root +device to use. +.It Fl s +Causes the kernel to boot single-user. +.El +.It Ic echo Op Ar args +Displays +.Ar args +on the console device. +.It Ic help +Prints a list of available commands. +.It Ic hexdump Ar addr size +Show +.Ar size +bytes of memory at address +.Ar addr . +.It Ic ls Op Ar directory +Prints contents of the specified +.Ar directory +in long format including: attributes and file type, owner, group, +size, filename. +.It Ic reboot +Reboots the machine by initiating a warm boot procedure. +.It Ic set Op Ar varname Op Ar value +If invoked without arguments, prints a list of variables and their values. +If only +.Ar varname +is specified, displays contents of that variable. +If +.Ar varname +and +.Ar value +are both specified, sets that variable to the given value. +Variables include: +.Pp +.Bl -tag -compact -width boothow +.It Ic debug +Debug flag if +.Nm +was compiled with DEBUG defined. +.It Ic image +File name containing the kernel image. +.It Ic timeout +Number of seconds boot will wait for human intervention before +booting the default kernel image. +.\" .It Ic time +.\" Displays system time and date. +.El +.El +.Sh FILES +.Bl -tag -width /etc/boot.conf -compact +.It Pa /usr/mdec/boot +system bootstrap +.It Pa /etc/boot.conf +system bootstrap's startup file +.It Pa /bsd +kernel image +.It Pa /bsd.rd +kernel image for installation/recovery +.El +.Sh EXAMPLES +Boot the default kernel: +.Pp +.Dl boot> boot +.Pp +Remove the 5 second pause at boot-time permanently, causing +.Nm +to load the kernel immediately without prompting: +.Pp +.Dl # echo \&"boot\&" > /etc/boot.conf +.Pp +Boot the kernel named +.Pa /obsd +in +.Dq User Kernel Configuration +mode (see +.Xr boot_config 8 ) . +This mechanism allows for the explicit enabling and disabling of devices +during the current boot sequence, as well as the modification +of device parameters. +Once booted, such changes can be made permanent by using +.Xr config 8 Ns 's +.Fl e +option. +.Pp +.Dl boot> boot /obsd -c +.Sh SEE ALSO +.Xr gzip 1 , +.Xr autoconf 4 , +.Xr ddb 4 , +.Xr boot_alpha 8 , +.Xr boot_config 8 , +.Xr fdisk 8 , +.Xr reboot 8 +.Sh HISTORY +This program was written by Michael Shalayeff for +.Ox 2.1 +on the i386 platform, and was later ported to the alpha platform. diff --git a/static/openbsd/man8/boot_alpha.8 b/static/openbsd/man8/boot_alpha.8 new file mode 100644 index 00000000..e6eb7b39 --- /dev/null +++ b/static/openbsd/man8/boot_alpha.8 @@ -0,0 +1,115 @@ +.\" $OpenBSD: boot_alpha.8,v 1.17 2023/03/13 20:32:28 miod Exp $ +.\" +.\" Copyright (c) 2002, Miodrag Vallat. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.Dd $Mdocdate: March 13 2023 $ +.Dt BOOT_ALPHA 8 alpha +.Os +.Sh NAME +.Nm boot_alpha +.Nd Alpha system bootstrapping procedures +.Sh DESCRIPTION +.Ss Cold starts +When powered on, the SRM firmware will proceed to its initialization, and +will boot an operating system if the +.Em auto_action +variable is set to +.Dq boot +or +.Dq restart , +or will wait for interactive commands if set to +.Dq halt . +.Ss Warm starts +After a panic, or if the system is rebooted via +.Xr reboot 8 +or +.Xr shutdown 8 , +the SRM console will only restart the system if the +.Em auto_action +variable is set to +.Dq boot . +.Ss Boot process options +The SRM console will attempt to boot from the device listed in the +.Em bootdef_dev +variable. +A list of the recognized SRM devices can be obtained with the command +.Ic show dev +at the SRM prompt. +.Pp +The +.Ox +alpha boot loader program is extensively described in a separate document, +.Xr boot 8 . +.Ss Abnormal system termination +In case of system crashes, the kernel will usually enter the kernel +debugger, +.Xr ddb 4 , +unless it is not present in the kernel, or it is disabled via the +.Em ddb.panic +sysctl. +Upon leaving ddb, or if ddb was not entered, the kernel will halt the system +if it was still in device configuration phase, or attempt a dump to the +configured dump device, if possible. +The crash dump will then be recovered by +.Xr savecore 8 +during the next multi-user boot cycle. +It is also possible to force other behaviours from ddb. +.Sh FILES +.Bl -tag -width /usr/mdec/netboot -compact +.It Pa /bsd +default system kernel +.It Pa /bsd.rd +standalone installation kernel, suitable for disaster recovery +.It Pa /usr/mdec/bootxx +primary bootstrap for +.Dq ffs +file system +.It Pa /usr/mdec/boot +secondary bootstrap (usually also installed as +.Pa /boot ) +.It Pa /usr/mdec/netboot +network bootstrap +.El +.Sh SEE ALSO +.Xr ddb 4 , +.Xr boot 8 , +.Xr boot_config 8 , +.Xr halt 8 , +.Xr init 8 , +.Xr installboot 8 , +.Xr reboot 8 , +.Xr savecore 8 , +.Xr setnetbootinfo 8 , +.Xr shutdown 8 +.Rs +.%T "Alpha Architecture Reference Manual Third Edition" +.%Q "Alpha Architecture Committee" +.%I "Digital Press" +.%D 1998 +.Re +.Sh BUGS +The device names used by +.Ox Ns / Ns alpha +and the +.Tn SRM Console +often have no relation to each other. diff --git a/static/openbsd/man8/boot_amd64.8 b/static/openbsd/man8/boot_amd64.8 new file mode 100644 index 00000000..6c6926a2 --- /dev/null +++ b/static/openbsd/man8/boot_amd64.8 @@ -0,0 +1,191 @@ +.\" $OpenBSD: boot_amd64.8,v 1.9 2016/02/25 09:43:52 tb Exp $ +.\" +.\" Copyright (c) 1997 Tobias Weingartner +.\" +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 25 2016 $ +.Dt BOOT_AMD64 8 amd64 +.Os +.Sh NAME +.Nm boot_amd64 +.Nd amd64 system bootstrapping procedures +.Sh DESCRIPTION +.Ss Cold starts +The +.Tn Athlon64 +computers and clones will perform a POST (Power On Self Test) upon +being booted cold. +This test will find and initialize memory, keyboard, and other devices. +It will search for and initialize any extension ROMs that are present, +and then attempt to boot the operating system from an available boot +drive. +.Pp +The boot drive is usually specified in the BIOS setup. +.Ss Warm starts +The BIOS loads the first block (at physical location: track 0, head 0, +sector 1) off the boot device into memory, and if the last two bytes in the +block match the signature 0xAA55, the BIOS considers the block a valid +bootable drive. +The BIOS then proceeds to call the machine code program in this block. +If the BIOS is current, it will also pass the boot drive +to the boot block in register %dl. +.Pp +There are two different types of boot blocks on devices. +There is the +MBR (master boot record) and the PBR (partition boot record). +A digression +into a little piece of history will quickly give light as to why this is so. +In the beginning, the PC +.Dq architecture +came with single or dual floppy +drives, and no hard drives. +The only type of bootable sectors on any device were the PBRs. +They were responsible for loading the rest of the operating +system from the correct device. +When hard disks came out, it was felt that +such a huge space should be able to be partitioned into separate drives, +and this is when the MBR was invented. +.Pp +The MBR relocates itself upon being loaded and invoked by the BIOS. +Embedded within the MBR is a partition table, with four partition table +entries. +The MBR code traverses this table (which was loaded with the +MBR by the BIOS), looking for an active entry, and then loads the MBR or +PBR from the disk location specified by the partition table entry. +So in reality, the MBR is nothing more than a fancy chaining PBR. +.Pp +Note: The MBR could load another MBR, which is the case when you are booting +off an extended partition. +In other words, the first block of an extended +partition is really an MBR, which will then load the corresponding MBR or PBR +out of its extended partition's partition table. +.Ss Geometry translation +.Em WARNING : +This portion of the +.Dq PC BIOS Architecture +is a mess, and a compatibility nightmare. +.Pp +The PC BIOS has an API to manipulate any disk that the BIOS happens to +support. +This interface uses 10 bits to address the cylinder, 8 bits to +address the head, and 6 bits to address the sector of a drive. +This restricts any application using the BIOS to being able to address only +1024 cylinders, 256 heads, and 63 (since the sectors are 1 based) sectors +on a disk. +These limitations proved to be fine for roughly 3 years after +the debut of hard disks on PC computers. +.Pp +Many (if not all) newer drives have many more cylinders than the BIOS API +can support, and likely more sectors per track as well. +To allow the BIOS the ability of accessing these large drives, the BIOS would +.Dq re-map +the +cylinder/head/sector of the real drive geometry into something that would +allow the applications using the BIOS to access a larger portion of the +drive, still using the restricted BIOS API. +.Pp +The reason this has become a problem is that any modern OS will use its own +drivers to access the disk drive, bypassing the BIOS completely. +However, +the MBR, PBR, and partition tables are all still written using the original +BIOS access methods. +This is for backwards compatibility to the original IBM PC! +.Pp +So the gist of it is, the MBR, PBR, and partition table need to have BIOS +geometry offsets and cylinder/head/sector values for them to be able to +load any type of operating system. +This geometry can, and likely will, +change whenever you move a disk from machine to machine, or from controller +to controller. +.Em They are controller and machine specific . +.Ss Boot process options +On most +.Ox +systems, booting +.Ox +from the BIOS will load the +.Ox Ns -specific +first-stage bootstrap, +.Xr biosboot 8 , +which in turn will locate and load the second-stage bootstrap, +.Xr boot 8 . +Other bootstrapping software may be used, and can chain-load the +.Ox +bootstrapping code, or directly load the kernel. +In the latter case, refer to your bootloader documentation to know which +options are available. +.Ss Abnormal system termination +In case of system crashes, the kernel will usually enter the kernel +debugger, +.Xr ddb 4 , +unless it is not present in the kernel, or it is disabled via the +.Em ddb.panic +sysctl. +Upon leaving ddb, or if ddb was not entered, the kernel will halt the system +if it was still in device configuration phase, or attempt a dump to the +configured dump device, if possible. +The crash dump will then be recovered by +.Xr savecore 8 +during the next multi-user boot cycle. +It is also possible to force other behaviours from ddb. +.Sh FILES +.Bl -tag -width /usr/mdec/biosboot -compact +.It Pa /bsd +default system kernel +.It Pa /bsd.sp +single processor capable kernel +.It Pa /bsd.mp +multiprocessor capable kernel +.It Pa /bsd.rd +standalone installation kernel, suitable for disaster recovery +.It Pa /usr/mdec/mbr +system MBR image +.It Pa /usr/mdec/biosboot +system primary stage bootstrap (PBR) +.It Pa /usr/mdec/boot +system second stage bootstrap (usually also installed as +.Pa /boot ) +.It Pa /usr/mdec/pxeboot +PXE bootstrap +.El +.Sh SEE ALSO +.Xr ddb 4 , +.Xr biosboot 8 , +.Xr boot 8 , +.Xr halt 8 , +.Xr init 8 , +.Xr installboot 8 , +.Xr pxeboot 8 , +.Xr reboot 8 , +.Xr savecore 8 , +.Xr shutdown 8 +.Sh BUGS +The +.Dq PC BIOS Architecture +makes this process very prone to weird and +wonderful interactions between different operating systems. +.Pp +There is no published standard to the MBR and PBR, +which makes coding these a nightmare. diff --git a/static/openbsd/man8/boot_hppa.8 b/static/openbsd/man8/boot_hppa.8 new file mode 100644 index 00000000..70d0eeb5 --- /dev/null +++ b/static/openbsd/man8/boot_hppa.8 @@ -0,0 +1,347 @@ +.\" $OpenBSD: boot_hppa.8,v 1.15 2022/09/05 10:29:27 kn Exp $ +.\" +.\" Copyright (c) 2002, Miodrag Vallat. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 5 2022 $ +.Dt BOOT_HPPA 8 hppa +.Os +.Sh NAME +.Nm boot_hppa +.Nd hppa system bootstrapping procedures +.Sh DESCRIPTION +.Ss System starts +When powered on, after a panic, or if the system is rebooted via +.Xr reboot 8 +or +.Xr shutdown 8 , +the hppa firmware +.Pq Dq PDC +will proceed to its initialization, and will boot an operating system +if autoboot is enabled. +.\" +.Ss Boot process description +System boot blocks are provided as a +.Dq LIF +.Pq Logical Interchange Format +archive, either on a disk device, or via the network, using the +.Em bootp +or +.Em rboot +protocols, depending on the PDC version. +A small +.Xr mkboot 8 +utility +is provided for combining primary boot and a number +of images (OS kernels or standalone binaries) +into one +.Dq LIF +volume suitable for booting. +.Ss PDC concepts +If autoboot is enabled, the PDC will attempt to boot from the specified +.Dq boot path +value. +If no +.Dq boot path +has been specified, the PDC will then scan for bootable devices and +boot from the first found, after a few seconds allowing the user to +interrupt the boot process. +If autoboot is disabled, the PDC will enter interactive mode, after an +optional device scan. +In all cases, it is possible to enter interactive mode by holding the +escape key during the selftests, or when prompted to do so to abort +the current operation, unless the PDC has been configured in +.Dq secure mode . +.\" +.Ss ISL interaction +.Dq ISL +stands for +.Dq Initial System Loader +and is the +.Xr boot 8 +program in +.Ox . +On all versions of the PDC except for the 712 and 725 models the +.Dq boot +command (see below) will be followed by the question: +.Dq Interact with IPL (Y, N, or Cancel)?> +where a positive answer will invoke an interactive prompt in the +.Xr boot 8 +program later and negative will thus suppress it. +A cancellation will abort the boot process. +.Pp +On the 712 and 725 models firmware an additional +.Dq isl +argument should be given to the +.Dq boot +command to invoke the +.Xr boot 8 +interactive prompt. +With the default behaviour being a non-interactive boot process. +.\" +.Ss Old PDC operation +This version is used on the following models: +705, 7x0, 715/33/50/75, 725/50/75, 735, 755. +There are two levels of interactive commands in this version. +The first level is a short menu: +.Bd -literal -offset indent +b) Boot from specified device +s) Search for bootable device +a) Enter Boot Administration mode +x) Exit and continue boot sequence + +Select from menu: +.Ed +.Pp +which provides the following commands: +.Pp +.Bl -tag -width "XXX" -offset indent -compact +.It Cm b +boot from a device found during the scan, +either with its short +.Dq P# +form, or a complete name specification. +For example, to boot from the +.Tn SCSI +disk with id 6 off the built-in (first) controller, +one would enter +.Ic b Ar scsi.6.0 . +.It Cm s +rescan for bootable devices. +.It Cm a +enter the second part of interactive mode. +.It Cm x +resume an interrupted boot sequence. +.El +.Pp +The +.Dq Boot Administration +mode, recognizable with its +.Em BOOT_ADMIN> +prompt, controls the various boot options. +The complete list of commands depends on the machine and PDC version. +The following list only mentions commands impacting the boot process. +.Bl -tag -width AUTOSELECT -offset indent +.It AUTOSELECT +Displays or changes the autoboot setting. +If autoselect is set to +.Dq on , +the PDC will always attempt to boot the first bootable device found in +this order: +.Bl -enum -offset indent -compact +.It +Boot device +.Em path +setting. +.It +.Tn SCSI +devices connected to the built-in +.Tn SCSI +controller, +the highest ID numbers being preferred. +.It +Network +.Em rboot +server (see also +.Xr rbootd 8 ) . +.It +Other +.Tn SCSI +devices connected to secondary controllers, +the highest ID numbers being preferred. +.El +If the +.Em primary path +setting defines a bootable device, no device scan will occur. +.It BOOT +Boots off the specified device. +It is similar to the +.Ic b +command from the short menu above. +The +.Dq primary +and +.Dq alternate +path settings may be booted with +.Ic boot Ar pri +and +.Ic boot Ar alt +respectively. +.It PATH +Displays or changes the boot and console devices. +The boot device is defined as the +.Dq primary +path, and another setting may be stored as the +.Dq alternate +path for rescue purposes. +For example, to define the primary boot path to the +.Tn SCSI +disk with ID 5 connected to the built-in controller, one would enter +.Ic path primary Ar scsi.5 +.Pp +When invoked without parameters, +.Ic path +will list the various path settings. +.El +.\" +.Ss Modern PDC operation +Machines equipped with 7100LC, 7200 or 7300LC CPU types are +usually blessed with a different kind of PDC. +There is only one interactive mode, with a +.Em BOOT_ADMIN> +prompt, which provides both boot settings and commands. +The complete list of commands depends on the machine and PDC version. +The following list only mentions commands impacting the boot process. +.Bl -tag -width auto\ search -offset indent +.It Ic auto boot +Displays or changes the autoboot setting. +If +.Ic auto boot +is set to +.Dq on , +the PDC will always attempt to boot. +The booted device chosen will depend on the +.Ic auto search +setting. +.It Ic auto search +Displays or changes the device scan setting. +If +.Ic auto search +is set to +.Dq on , +the PDC will attempt to boot the first bootable device found in +this order: +.Bl -enum -offset indent -compact +.It +Boot device +.Em path +setting. +.It +.Tn SCSI +devices connected to the built-in +.Tn SCSI +controller, +the highest ID numbers being preferred. +.It +Network +.Em bootp +server (see also +.Xr dhcpd 8 ) . +.It +Other +.Tn SCSI +devices connected to secondary controllers, +the highest ID numbers being preferred. +.El +If +.Ic auto search +is set to +.Dq off +and the primary boot path points to a bootable device, +no device scan will occur. +.Pp +Note that setting +.Ic auto search +to +.Dq on +will force autoboot, regardless of the +.Ic auto boot +value. +.It Ic boot +Boots off the specified device. +The +.Dq primary +and +.Dq alternate +path settings may be booted with +.Ic boot Ar pri +and +.Ic boot Ar alt +respectively. +.It Ic path +Displays or changes the boot and console devices. +The boot device is defined as the +.Dq primary +path, and another setting may be stored as the +.Dq alternate +path for rescue purposes. +For example, to define the primary boot path to the +.Tn SCSI +disk with ID 5 connected to the built-in controller, one would enter +.Ic path pri Ar scsi.5 . +.Pp +When invoked without parameters, +.Ic path +will list the various path settings. +.El +.\" +.Ss Boot process options +The +.Ox +hppa boot loader program is extensively described in a separate document, +.Xr boot 8 . +.Ss Abnormal system termination +If the system crashes, it will enter the kernel debugger, +.Xr ddb 4 , +if it is configured in the kernel. +If the crash occurred during +initialization and the debugger is not present or is exited, the +kernel will halt the system. +If the crash occurred during normal operation and the debugger +is not present or is exited, the system will attempt a dump to the +configured dump device (which will be automatically recovered with +.Xr savecore 8 +during the next multi-user boot cycle), and after the dump is complete +(successful or not) the kernel will attempt a reboot. +.Sh FILES +.Bl -tag -width /usr/mdec/xxbootxx -compact +.It Pa /bsd +default system kernel +.It Pa /bsd.rd +standalone installation kernel, suitable for disaster recovery +.It Pa boot.lif +network bootstrap and kernel combined image +.It Pa /usr/mdec/cdboot +primary bootstrap for +.Dq cd9660 +file system +.It Pa /usr/mdec/xxboot +primary bootstrap for +.Dq ffs +file system +.It Pa /usr/mdec/boot +system bootstrap (usually also installed as +.Pa /boot ) +.El +.Sh SEE ALSO +.Xr ddb 4 , +.Xr boot 8 , +.Xr dhcpd 8 , +.Xr halt 8 , +.Xr init 8 , +.Xr installboot 8 , +.Xr rbootd 8 , +.Xr reboot 8 , +.Xr savecore 8 , +.Xr shutdown 8 diff --git a/static/openbsd/man8/boot_i386.8 b/static/openbsd/man8/boot_i386.8 new file mode 100644 index 00000000..793d2141 --- /dev/null +++ b/static/openbsd/man8/boot_i386.8 @@ -0,0 +1,193 @@ +.\" $OpenBSD: boot_i386.8,v 1.17 2016/02/25 09:43:52 tb Exp $ +.\" +.\" Copyright (c) 1997 Tobias Weingartner +.\" +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 25 2016 $ +.Dt BOOT_I386 8 i386 +.Os +.Sh NAME +.Nm boot_i386 +.Nd i386 system bootstrapping procedures +.Sh DESCRIPTION +.Ss Cold starts +The +.Tn IBM PC +computers and clones will perform a POST (Power On Self Test) upon +being booted cold. +This test will find and initialize memory, keyboard, and other devices. +It will search for and initialize any extension ROMs that are present, +and then attempt to boot the operating system from an available boot +drive. +.Pp +The boot drive is usually specified in the BIOS setup. +.Ss Warm starts +The BIOS loads the first block (at physical location: track 0, head 0, +sector 1) off the boot device into memory, and if the last two bytes in the +block match the signature 0xAA55, the BIOS considers the block a valid +bootable drive. +The BIOS then proceeds to call the machine code program in this block. +If the BIOS is current, it will also pass the boot drive +to the boot block in register %dl. +.Pp +There are two different types of boot blocks on devices. +There is the +MBR (master boot record) and the PBR (partition boot record). +A digression +into a little piece of history will quickly give light as to why this is so. +In the beginning, the PC +.Dq architecture +came with single or dual floppy +drives, and no hard drives. +The only type of bootable sectors on any device were the PBRs. +They were responsible for loading the rest of the operating +system from the correct device. +When hard disks came out, it was felt that +such a huge space should be able to be partitioned into separate drives, +and this is when the MBR was invented. +.Pp +The MBR relocates itself upon being loaded and invoked by the BIOS. +Embedded within the MBR is a partition table, with four partition table +entries. +The MBR code traverses this table (which was loaded with the +MBR by the BIOS), looking for an active entry, and then loads the MBR or +PBR from the disk location specified by the partition table entry. +So in reality, the MBR is nothing more than a fancy chaining PBR. +.Pp +Note: The MBR could load another MBR, which is the case when you are booting +off an extended partition. +In other words, the first block of an extended +partition is really an MBR, which will then load the corresponding MBR or PBR +out of its extended partition's partition table. +.Ss Geometry translation +.Em WARNING : +This portion of the +.Dq PC BIOS Architecture +is a mess, and a compatibility nightmare. +.Pp +The PC BIOS has an API to manipulate any disk that the BIOS happens to +support. +This interface uses 10 bits to address the cylinder, 8 bits to +address the head, and 6 bits to address the sector of a drive. +This restricts any application using the BIOS to being able to address only +1024 cylinders, 256 heads, and 63 (since the sectors are 1 based) sectors +on a disk. +These limitations proved to be fine for roughly 3 years after +the debut of hard disks on PC computers. +.Pp +Many (if not all) newer drives have many more cylinders than the BIOS API +can support, and likely more sectors per track as well. +To allow the BIOS the ability of accessing these large drives, the BIOS would +.Dq re-map +the +cylinder/head/sector of the real drive geometry into something that would +allow the applications using the BIOS to access a larger portion of the +drive, still using the restricted BIOS API. +.Pp +The reason this has become a problem is that any modern OS will use its own +drivers to access the disk drive, bypassing the BIOS completely. +However, +the MBR, PBR, and partition tables are all still written using the original +BIOS access methods. +This is for backwards compatibility to the original IBM PC! +.Pp +So the gist of it is, the MBR, PBR, and partition table need to have BIOS +geometry offsets and cylinder/head/sector values for them to be able to +load any type of operating system. +This geometry can, and likely will, +change whenever you move a disk from machine to machine, or from controller +to controller. +.Em They are controller and machine specific . +.Ss Boot process options +On most +.Ox +systems, booting +.Ox +from the BIOS will load the +.Ox Ns -specific +first-stage bootstrap, +.Xr biosboot 8 , +which in turn will locate and load the second-stage bootstrap, +.Xr boot 8 . +Other bootstrapping software may be used, and can chain-load the +.Ox +bootstrapping code, or directly load the kernel. +In the latter case, refer to your bootloader documentation to know which +options are available. +.Ss Abnormal system termination +In case of system crashes, the kernel will usually enter the kernel +debugger, +.Xr ddb 4 , +unless it is not present in the kernel, or it is disabled via the +.Em ddb.panic +sysctl. +Upon leaving ddb, or if ddb was not entered, the kernel will halt the system +if it was still in device configuration phase, or attempt a dump to the +configured dump device, if possible. +The crash dump will then be recovered by +.Xr savecore 8 +during the next multi-user boot cycle. +It is also possible to force other behaviours from ddb. +.Sh FILES +.Bl -tag -width /usr/mdec/biosboot -compact +.It Pa /bsd +default system kernel +.It Pa /bsd.sp +single processor capable kernel +.It Pa /bsd.mp +multiprocessor capable kernel +.It Pa /bsd.rd +standalone installation kernel, suitable for disaster recovery +.It Pa /usr/mdec/mbr +system MBR image +.It Pa /usr/mdec/biosboot +system primary stage bootstrap (PBR) +.It Pa /usr/mdec/boot +system second stage bootstrap (usually also installed as +.Pa /boot ) +.It Pa /usr/mdec/pxeboot +PXE bootstrap +.El +.Sh SEE ALSO +.Xr ddb 4 , +.Xr biosboot 8 , +.Xr boot 8 , +.Xr halt 8 , +.Xr init 8 , +.Xr installboot 8 , +.Xr pxeboot 8 , +.Xr reboot 8 , +.Xr savecore 8 , +.Xr shutdown 8 +.Sh BUGS +The +.Dq PC BIOS Architecture +makes this process very prone to weird and +wonderful interactions between different operating systems. +.Pp +There is no published standard to the MBR and PBR, +which makes coding these a nightmare. +.\" .Pp +.\" Somebody *please* write me a decent BIOS, and make them (the masses) use it! diff --git a/static/openbsd/man8/boot_luna88k.8 b/static/openbsd/man8/boot_luna88k.8 new file mode 100644 index 00000000..b289d64c --- /dev/null +++ b/static/openbsd/man8/boot_luna88k.8 @@ -0,0 +1,107 @@ +.\" $OpenBSD: boot_luna88k.8,v 1.8 2023/01/12 19:37:53 miod Exp $ +.\" +.\" Copyright (c) 2004, Miodrag Vallat. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistribution of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 12 2023 $ +.Dt BOOT_LUNA88K 8 luna88k +.Os +.Sh NAME +.Nm boot_luna88k +.Nd luna88k system bootstrapping procedures +.Sh DESCRIPTION +.Ss Boot process description +When powered on, or after a system reboot, the luna88k ROM monitor will +proceed to its initialization, and will boot the operating system +configured in nvram if autoboot is enabled. +.Ss DIP switches description +The behaviour of the ROM monitor, as well as some kernel options, are +controlled through the SW1 set of DIP switches on the front panel. +.Pp +The switch positions are not the same on LUNA-88K and LUNA-88K2 models. +On LUNA-88K, a switch is enabled when in the +.Em down +position, while on the LUNA-88K2, a switch is enabled when in the +.Em up +position. +.Pp +The following SW1 switches alter the ROM monitor behaviour: +.Bl -column "Switch" "interact with ROM monitor" "Disabled" +.It Sy Switch Ta Sy Enabled Ta Sy Disabled +.It Li 1 Ta "interact with ROM monitor" Ta "auto-boot" +.It Li 2 Ta "serial console" Ta "graphics console" +.El +.Pp +The following switches alter the kernel behaviour: +.Bl -column "Switch" "interact with ROM monitor" "Disabled" +.It Sy Switch Ta Sy Enabled Ta Sy Disabled +.It Li 1 Ta "boot in single-user mode" Ta "boot in multi-user mode" +.It Li 3 Ta "prompt for root device" Ta "do not prompt for root device" +.It Li 4 Ta "enter UKC mode" Ta "do not enter UKC mode" +.El +Note that the same behaviour can be used by passing the +.Fl s , +.Fl a , +and +.Fl c +options respectively in the boot loader, rather than using the switches. +.Pp +For more details about the +.Dq User Kernel Configuration +mode +.Pq UKC , +see +.Xr boot_config 8 . +.Pp +Note that the first switch controls both the kernel and the ROM monitor +behaviour. +.Ss Abnormal system termination +In case of system crashes, the kernel will usually enter the kernel +debugger, +.Xr ddb 4 , +unless it is not present in the kernel, or it is disabled via the +.Em ddb.panic +sysctl. +Upon leaving ddb, or if ddb was not entered, the kernel will halt the system +if it was still in device configuration phase, or attempt a dump to the +configured dump device, if possible. +The crash dump will then be recovered by +.Xr savecore 8 +during the next multi-user boot cycle. +It is also possible to force other behaviours from ddb. +.Sh FILES +.Bl -tag -width /bsd.rd -compact +.It Pa /bsd +default system kernel +.It Pa /bsd.rd +standalone installation kernel, suitable for disaster recovery +.El +.Sh SEE ALSO +.Xr ddb 4 , +.Xr boot 8 , +.Xr boot_config 8 , +.Xr halt 8 , +.Xr init 8 , +.Xr reboot 8 , +.Xr savecore 8 , +.Xr shutdown 8 diff --git a/static/openbsd/man8/boot_macppc.8 b/static/openbsd/man8/boot_macppc.8 new file mode 100644 index 00000000..93e580b1 --- /dev/null +++ b/static/openbsd/man8/boot_macppc.8 @@ -0,0 +1,177 @@ +.\" $OpenBSD: boot_macppc.8,v 1.23 2022/09/05 10:29:27 kn Exp $ +.\" +.\" Copyright (c) 1992, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)boot_macppc.8 +.\" +.Dd $Mdocdate: September 5 2022 $ +.Dt BOOT_MACPPC 8 macppc +.Os +.Sh NAME +.Nm boot_macppc +.Nd macppc system bootstrapping procedures +.Sh DESCRIPTION +.Ss System startup +When powered on, after a panic, or if the system is rebooted via +.Xr reboot 8 +or +.Xr shutdown 8 , +the Open Firmware will proceed to its initialization, +and will boot an operating system if the +.Va auto-boot?\& +variable is set to +.Dq true , +or will wait for interactive commands otherwise. +.Ss Boot process description +The Apple Open Firmware will normally load the kernel from the device and +filename as instructed by the +.Va boot-device +and +.Va boot-file +variables. +If the +.Va boot-file +variable is empty, the +.Ox +bootloader will look for a kernel named +.Pa bsd , +unless a different filename has been specified in the boot command. +To reset this variable to its default, empty, value, type the following +at the Open Firmware prompt: +.Pp +.Dl set-default boot-device +.Pp +The +.Ox +bootstrap program is named +.Dq ofwboot . +It can be installed either in a HFS partition or in a +MSDOS partition on the disk. +If MBR partitioning is chosen for +the disk, the bootstrap program will be installed automatically during the +.Ox +installation procedure. +For HFS shared disks, the +.Pa ofwboot +file must be installed manually. +The ofwboot program can be loaded from any Open Firmware recognized +disk or network device. +.Ss Boot process options +If invoked manually without parameters, or if the specified kernel could +not be loaded, the +.Ox +bootloader will let the user enter a boot device, kernel +filename and boot options. +.Pp +If the special line +.Ic exit +is entered, the bootloader will attempt to restart the machine. +.Pp +The file specification used is of the form: +.Pp +.Dl Oo Oo Ar promdev : Oc Ns Ar filename Oc Op Fl acds +.Pp +where +.Ar promdev +is an optional Open Firmware device name (such as +.Dq hd +or +.Dq ide ) . +Normal line editing characters can be used when typing the file +specification. +.Pp +The following options are recognized: +.Pp +.Bl -tag -width "-XXX" -offset indent -compact +.It Fl a +Prompt for the root filesystem and swap devices after the devices have +been configured. +.It Fl c +Enter the +.Dq User Kernel Config +mode upon startup +.Pq see Xr boot_config 8 . +.It Fl d +Enter the debugger, +.Xr ddb 4 , +as soon as the kernel console has been initialized. +.It Fl s +Boot the system single-user. +The system will be booted multi-user unless this option is specified. +.El +.Ss Abnormal system termination +In case of system crashes, the kernel will usually enter the kernel +debugger, +.Xr ddb 4 , +unless it is not present in the kernel, or it is disabled via the +.Va ddb.panic +sysctl. +Upon leaving ddb, or if ddb was not entered, the kernel will halt the system +if it was still in device configuration phase, or attempt a dump to the +configured dump device, if possible. +The crash dump will then be recovered by +.Xr savecore 8 +during the next multi-user boot cycle. +It is also possible to force other behaviours from ddb. +.Ss Accessing the PROM +The prom can only be accessed during system reset, or at power-up. +To enter Open Firmware, press and hold +.Dq Cntrl +.Dq Cmd +.Dq o +.Dq f +as the machine resets until it enters the Open Firmware debugger. +.Pp +On an Xserve using serial console the System Identifier button is used to +enter Open Firmware instead of the keyboard. +To enter Open Firmware, hold down the System Identifier button while pressing +the Power button. +When the upper LED bank begins lighting up in sequence, repeatedly press +the System Identifier button until the seventh LED from the right is +highlighted in the lower bank. +Now hold the System Identifier button for two seconds, until all the top +row LEDs light up. +.Sh FILES +.Bl -tag -width /usr/mdec/ofwboot -compact +.It Pa /bsd +default system kernel +.It Pa /bsd.rd +standalone installation kernel, suitable for disaster recovery +.It Pa /usr/mdec/ofwboot +system bootstrap (usually installed on a stand-alone FAT partition or an +Apple HFS partition, to be readable by Open Firmware) +.El +.Sh SEE ALSO +.Xr ddb 4 , +.Xr boot_config 8 , +.Xr halt 8 , +.Xr init 8 , +.Xr installboot 8 , +.Xr reboot 8 , +.Xr savecore 8 , +.Xr shutdown 8 diff --git a/static/openbsd/man8/boot_sparc64.8 b/static/openbsd/man8/boot_sparc64.8 new file mode 100644 index 00000000..173d9d01 --- /dev/null +++ b/static/openbsd/man8/boot_sparc64.8 @@ -0,0 +1,169 @@ +.\" $OpenBSD: boot_sparc64.8,v 1.18 2022/09/05 10:29:28 kn Exp $ +.\" +.\" Copyright (c) 1992, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)boot_sparc.8 8.2 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: September 5 2022 $ +.Dt BOOT_SPARC64 8 sparc64 +.Os +.Sh NAME +.Nm boot_sparc64 +.Nd sparc64 system bootstrapping procedures +.Sh DESCRIPTION +.Ss System starts +When powered on, after a panic, or if the system is rebooted via +.Xr reboot 8 +or +.Xr shutdown 8 , +the PROM will proceed to its initialization, and will boot an operating +system if autoboot is enabled. +.Ss Boot process description +The sparc64 boot process is split into two parts: a small first-stage bootblock +that is written into the superblock area of a partition +.Po +and hence is limited in size to SBSIZE - DEV_BSIZE bytes +.Pc , +and a second-stage boot program that resides in the filesystem proper. +The first-stage bootblock is loaded into memory by the PROM. +After it receives control, it loads the second-stage boot program +.Sy ofwboot +from the filesystem. +The second-stage boot program uses the device driver interface to +the PROM and the stand-alone filesystem code in +.Pa libsa.a +to locate and load the kernel. +The first-stage bootblock and second-stage boot program can be found in +.Pa /usr/mdec/bootblk +and +.Pa /usr/mdec/ofwboot +respectively. +The second-stage boot program commonly resides in the root directory as +.Pa /ofwboot . +.Pp +The boot program attempts to load the kernel from the selected +boot device, which must currently be an SCSI +.Pq Pa sd +or IDE +.Pq Pa wd +disk drive, or a CD-ROM +.Pq Pa cd , +or an SCSI tape drive +.Pq Pa st . +.Pp +The UltraSPARC Open Firmware +will normally look for a bootloader on the device specified by the +.Va boot-device +variable. +The +.Ox +bootloader will then look for a kernel named +.Pa bsd +by default, unless the +.Va boot-file +variable contains a filename, or a different filename has been specified +in the boot command. +To reset this variable to its default, empty, value, type the following: +.Pp +.D1 Sy ok Li set-default boot-file +.Pp +Autoboot is enabled by setting the +.Va auto-boot?\& +variable to +.Dq true , +and is the factory default. +.Ss Boot process options +The following options are recognized: +.Pp +.Bl -tag -width "-XXX" -offset indent -compact +.It Fl a +Prompt for the root filesystem and swap devices after the devices have +been configured. +.It Fl c +Enter the +.Dq User Kernel Configuration +mode upon startup +.Pq see Xr boot_config 8 . +.It Fl d +Enter the debugger, +.Xr ddb 4 , +as soon as the kernel console has been initialized. +.It Fl s +Boot the system single-user. +The system will be booted multi-user unless this option is specified. +.El +.Ss Accessing the PROM during runtime +If the +.Xr sysctl 8 +variable +.Va ddb.console +is enabled, at any time you can break back to the ROM by pressing the +.Sq L1 +.Pq also known as the Dq stop key +and +.Sq a +keys at the same time (if the console is a serial port the same is +achieved by sending a +.Dq break ) , +and entering +.Ic machine prom +at the prompt. +If you do this accidentally you can continue whatever was in progress +by typing +.Ic go +at the PROM prompt, and then +.Ic cont +to return to the system. +.Sh FILES +.Bl -tag -width /usr/mdec/ofwboot.net -compact +.It Pa /bsd +default system kernel +.It Pa /bsd.rd +standalone installation kernel, suitable for disaster recovery +.It Pa /usr/mdec/bootblk +primary bootstrap for +.Dq ffs +file system +.It Pa /usr/mdec/ofwboot +secondary bootstrap (usually also installed as +.Pa /ofwboot ) +.It Pa /usr/mdec/ofwboot.net +network bootstrap +.It Pa /usr/mdec/ofwbootfd +floppy disk bootstrap +.El +.Sh SEE ALSO +.Xr ddb 4 , +.Xr softraid 4 , +.Xr boot_config 8 , +.Xr halt 8 , +.Xr init 8 , +.Xr installboot 8 , +.Xr reboot 8 , +.Xr savecore 8 , +.Xr shutdown 8 diff --git a/static/openbsd/man8/bpflogd.8 b/static/openbsd/man8/bpflogd.8 new file mode 100644 index 00000000..ca9ef6fe --- /dev/null +++ b/static/openbsd/man8/bpflogd.8 @@ -0,0 +1,138 @@ +.\" $OpenBSD: bpflogd.8,v 1.7 2025/05/16 05:47:30 kn Exp $ +.\" +.\" Copyright (c) 2001 Can Erkin Acar. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 16 2025 $ +.Dt BPFLOGD 8 +.Os +.Sh NAME +.Nm bpflogd +.Nd Berkeley Packet Filter logging daemon +.Sh SYNOPSIS +.Nm bpflogd +.Op Fl dPp +.Op Fl F Ar filterfile +.Op Fl s Ar snaplen +.Op Fl u Ar user +.Op Fl w Ar waitms +.Op Fl y Ar datalinktype +.Fl f Ar filename +.Fl i Ar interface +.Op Ar expression ... +.Sh DESCRIPTION +.Nm +is a daemon which captures packets using +.Xr bpf 4 +and writes the packets to a logfile +in +.Xr tcpdump 8 +binary format. +These logs can be reviewed later using the +.Fl r +option of +.Xr tcpdump 8 . +.Pp +When starting up, +.Nm +drops privileges before opening its log file. +After receiving a +.Dv SIGHUP +signal it will write any pending packets to the log file, close it, +and then open it again, +permitting +.Xr newsyslog 8 +to rotate logfiles automatically. +If the log file contains data after being opened, +the PCAP header is checked before new logs are appended to the existing file. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Debugging mode. +.Nm +does not daemonise and logs to the terminal. +.It Fl f Ar filename +Log output filename. +The file must already exist, and be readable and writable by the +_pflogd user. +.It Fl F Ar filterfile +Specify a file containing a filter expression as per +.Xr pcap-filter 5 . +.It Fl i Ar interface +Specifies the interface to capture packets on using +.Xr bpf 4 . +This can be specified multiple times to capture packets from multiple +interfaces, but all the interfaces must support the same datalink type. +.It Fl P +Put the interfaces into promiscuous mode. +.It Fl p +Do not put the interfaces into promiscuous mode. +This is the default. +.It Fl s Ar snaplen +Capture at most the first +.Ar snaplen +bytes of data from each packet. +By default +.Nm +captures whole packets. +.It Fl u Ar user +Drop privileges to +.Ar user . +By default +.Nm +drops privileges to the _pflogd user. +.It Fl w Ar waitms +Specify the maximum amount of time in milliseconds between when a +packet is captured and when it will be written to the log file. +The default +.Ar waitms +value is 2000 milliseconds. +.It Fl y Ar datalinktype +Specify the datalink type when capturing packets. +If this is not specified then the default datalink type on the first +interface is used. +.It Ar expression +Specify a filter expression for matching packets as per +.Xr pcap-filter 5 . +.El +.Pp +A filter expression may only be specified by a file with +.Ar -F +or as arguments on the command line; specifying both is unsupported. +If a filter is not provided then all packets are captured. +.Sh SEE ALSO +.Xr pcap_open_live 3 , +.Xr pcap-filter 5 , +.Xr newsyslog 8 , +.Xr tcpdump 8 +.Sh HISTORY +The +.Nm +command appeared in +.Ox 7.8 . +.\" .Sh AUTHORS +.\" .Nm +.\" was written by +.\" .An David Gwynne Aq Mt dlg@uq.edu.au . diff --git a/static/openbsd/man8/btrace.8 b/static/openbsd/man8/btrace.8 new file mode 100644 index 00000000..4ac55ca7 --- /dev/null +++ b/static/openbsd/man8/btrace.8 @@ -0,0 +1,86 @@ +.\" $OpenBSD: btrace.8,v 1.11 2025/10/05 22:31:54 sashan Exp $ +.\" +.\" Copyright (c) 2019 Martin Pieuchot +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 5 2025 $ +.Dt BTRACE 8 +.Os +.Sh NAME +.Nm btrace +.Nd bug tracer +.Sh SYNOPSIS +.Nm btrace +.Op Fl lnv +.Ar programfile | Fl e Ar program +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +utility provides an interface to inspect the internals of the system and +programs. +It interprets the +.Xr bt 5 +program read from the +.Ar programfile , +passing the optional +.Ar arguments +to it, and communicates with the dynamic tracer device +using the interface described in +.Xr dt 4 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl e Ar program +Execute the +.Ar program +specified as the option argument instead of reading a program from a file. +In this case, all non-option +.Ar arguments +are passed through to the +.Ar program . +.It Fl l +List all available probes. +.It Fl n +No action. +Parse the program and then exit. +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages. +Multiple +.Fl v +options increase the verbosity. +The maximum is 2. +.El +.Sh FILES +.Bl -tag -width "/usr/share/btrace/XXXX" -compact +.It Pa /usr/share/btrace/* +collection of useful +.Nm +programs +.El +.Sh EXIT STATUS +.Ex -std +.Sh SEE ALSO +.Xr dt 4 , +.Xr bt 5 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 6.7 . +.Sh AUTHORS +.An Martin Pieuchot Aq Mt mpi@openbsd.org diff --git a/static/openbsd/man8/cdboot.8 b/static/openbsd/man8/cdboot.8 new file mode 100644 index 00000000..307100b7 --- /dev/null +++ b/static/openbsd/man8/cdboot.8 @@ -0,0 +1,124 @@ +.\" $OpenBSD: cdboot.8,v 1.10 2016/03/30 06:58:06 jmc Exp $ +.\" Copyright (c) 2004 Tom Cosgrove +.\" Copyright (c) 2003 Matthias Drochner +.\" Copyright (c) 1999 Doug White +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 30 2016 $ +.Dt CDBOOT 8 amd64 +.Os +.Sh NAME +.Nm cdboot +.Nd amd64-specific second-stage CD-specific bootstrap +.Sh DESCRIPTION +.Nm +is a modified version of the amd64 second-stage bootstrap program, +.Xr boot 8 , +configured to be run by the +.Ox +El Torito CD-ROM boot sector +.Pa cdbr . +.Nm +will look for an +.Pa /etc/boot.conf +configuration +file on the CD-ROM. +If it finds one, it processes the commands within it. +.Pa boot.conf +processing can be skipped by holding down either Control key as +.Nm +starts. +.Pp +.Nm +then sits in a loop, +processing commands given by the user. +It accepts all the commands accepted by +.Xr boot 8 . +.Pp +If no commands are given for a short time, +.Nm +will then attempt to load an +.Ox +kernel from the CD. +It first looks for the install kernel +.Pa bsd.rd +in the standard amd64 release directory +(e.g.\& +.Pa /3.6/amd64/bsd.rd ) , +then for +.Pa /bsd . +It may be told to boot an alternative kernel, +either by commands in the +.Pa boot.conf +file, +or by commands typed by the user at the +.Ic boot> +prompt. +.Sh FILES +.Bl -tag -width /usr/mdec/cdbootxx -compact +.It Pa /usr/mdec/cdboot +CD-specific second-stage bootstrap +.It Pa /etc/boot.conf +.Nm +configuration file (read from CD) +.El +.Sh EXAMPLES +Boot the install kernel: +.Pp +.Dl boot> bsd.rd +.Sh SEE ALSO +.Xr boot 8 , +.Xr boot_amd64 8 , +.Xr mkhybrid 8 +.Sh STANDARDS +.Rs +.%A Curtis E. Stevens +.%A Stan Merkin +.%D January 25, 1995 +.%N Version 1.0 +.%T "El Torito Bootable CD-ROM Format Specification" +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.6 . +.Sh CAVEATS +By default, many CD creation programs restrict filenames to +the MS-DOS 8.3 format. +Unless this is changed, +.Nm +will not be able to read its +.Xr boot.conf 8 +file. +For example, with +.Xr mkhybrid 8 +the +.Fl l +option should be specified. +.Sh BUGS +The +.Ic ls +command does not work on ISO 9660 (cd9660) filesystems, +which are used on most CDs. diff --git a/static/openbsd/man8/chat.8 b/static/openbsd/man8/chat.8 new file mode 100644 index 00000000..76e722b4 --- /dev/null +++ b/static/openbsd/man8/chat.8 @@ -0,0 +1,634 @@ +.\" $OpenBSD: chat.8,v 1.21 2023/08/07 06:21:53 guenther Exp $ +.\" Id: chat.8,v 1.7 1998/02/04 01:35:49 paulus Exp $ +.\" manual page [] for chat 1.8 +.Dd $Mdocdate: August 7 2023 $ +.Dt CHAT 8 +.Os +.Sh NAME +.Nm chat +.Nd automated conversational script with a modem +.Sh SYNOPSIS +.Nm chat +.Op Fl eSsVv +.Bk -words +.Op Fl f Ar chat_file +.Op Fl r Ar report_file +.Op Fl T Ar phone_number +.Op Fl t Ar timeout +.Op Fl U Ar phone_number_2 +.Ar script +.Ek +.Sh DESCRIPTION +The +.Nm +program defines a conversational exchange between the computer and the modem. +Its primary purpose is to establish a connection between the +Point-to-Point Protocol Daemon +.Pf ( Xr pppd 8 ) +and the remote's pppd process. +.Sh OPTIONS +.Bl -tag -width Ds +.It Fl e +Start with the echo option turned on. +Echoing may also be turned on or off at specific points in the chat script +by using the +.Ic ECHO +keyword. +When echoing is enabled, all output from the modem is echoed to +.Ar stderr . +.It Fl f Ar chat_file +Read the chat script from the +.Ar chat_file . +The use of this option is mutually exclusive with the chat +.Ar script +parameter. +The user must have read access to the file. +Multiple lines are permitted in the file. +Space or horizontal tab characters should be used to separate the strings. +.It Fl r Ar report_file +Set the file for output of the report strings. +If you use the keyword +.Ic REPORT , +the resulting strings are written to this file. +If this option is not used and you still use +.Ic REPORT +keywords, the +.Ar stderr +file is used for the report strings. +.It Fl S +Do not use +.Xr syslog 3 . +By default, error messages are logged through +.Xr syslog 3 +with facility +.Dq local2 +and level +.Dq warning . +The use of +.Fl S +will prevent both log messages from +.Fl v +and error messages from being logged via +.Xr syslog 3 . +.It Fl s +Use +.Ar stderr . +All log messages from +.Fl v +and all error messages will be sent to +.Ar stderr . +.It Fl T Ar phone_number +Pass in an arbitrary string, usually a phone number, that will be +substituted for the \eT substitution metacharacter in a send string. +.It Fl t Ar timeout +Set the timeout for the expected string to be received. +If the string is not received within the time limit then the reply string +is not sent. +An alternate reply may be sent or the script will fail if there +is no alternate reply string. +A failed script will cause the +.Nm +program to terminate with a non-zero error code. +.It Fl U Ar phone_number_2 +Pass in a second string, usually a phone number, that will be +substituted for the \eU substitution metacharacter in a send string. +This is useful when dialing an ISDN terminal adapter that requires two numbers. +.It Fl V +Request that the chat script be executed in a +.Ar stderr +verbose mode. +The +.Nm +program will then log all text received from the modem and the output strings +sent to the modem to the +.Ar stderr +device. +This device is usually the local console at the station running the +.Nm +or +.Xr pppd 8 +program. +.It Fl v +Request that the chat script be executed in a verbose mode. +The +.Nm +program will then log the execution state of the chat script as well as all +text received from the modem and the output strings sent to the modem. +The default is to log through +.Xr syslog 3 +with level +.Dq info , +though this may be altered with the +.Fl S +and +.Fl s +flags. +.It Ar script +If the script is not specified in a file with the +.Fl f +option, then the script is included as parameters to the +.Nm +program. +.El +.Sh CHAT SCRIPT +The chat script defines the communications. +.Pp +A script consists of one or more +.Dq expect-send +pairs of strings, +separated by spaces, with an optional +.Dq subexpect-subsend +string pair, separated by a dash as in the following example: +.Pp +.Dl ogin:-BREAK-ogin: ppp ssword: hello2u2 +.Pp +This line indicates that the +.Nm +program should expect the string +.Dq ogin: . +If it fails to receive a login prompt within the time interval allotted, +it is to send a break sequence to the remote and then expect the +string +.Dq ogin: . +If the first +.Dq ogin: +is received then the break sequence is not generated. +.Pp +Once it receives the login prompt, the +.Nm +program will send the string ppp and then expect the prompt +.Dq ssword: . +When it receives the prompt for the password, it will send the password +hello2u2. +.Pp +A carriage return is normally sent following the reply string. +It is not expected in the +.Dq expect +string unless it is specifically requested by using the \er character sequence. +.Pp +The expect sequence should contain only what is needed to identify the string. +Since it is normally stored on a disk file, it should not contain +variable information. +It is generally not acceptable to look for time strings, network +identification strings, or other variable pieces of data as an expect string. +.Pp +To help correct for characters which may be corrupted during the initial +sequence, look for the string +.Dq ogin: +rather than +.Dq login: . +It is possible that the leading +.Dq l +character may be received in error and you may never find the string +even though it was sent by the system. +For this reason, scripts look for +.Dq ogin: +rather than +.Dq login: +and +.Dq ssword: +rather than +.Dq password: . +.Pp +A very simple script might look like this: +.Pp +.Dl ogin: ppp ssword: hello2u2 +.Pp +In other words, expect ....ogin:, send ppp, expect ...ssword:, send hello2u2. +.Pp +In actual practice, simple scripts are rare. +At the very least, you should include sub-expect sequences should the +original string not be received. +For example, consider the following script: +.Pp +.Dl ogin:--ogin: ppp ssword: hello2u2 +.Pp +This would be a better script than the simple one used earlier. +This would look for the same login: prompt. +If one is not received, a single return sequence is sent and then it will +look for login: again. +Should line noise obscure the first login prompt then sending the empty line +will usually generate a login prompt again. +.Sh COMMENTS +Comments can be embedded in the chat script. +A comment is a line which starts with the +.Sq # +(hash) character in column 1. +Such comment lines are just ignored by the +.Nm +program. +If a +.Sq # +character is to be expected as the first character of the expect sequence, +you should quote the expect string. +If you want to wait for a prompt that starts with a +.Sq # +(hash) character, you would have to write something like this: +.Bd -literal -offset indent +# Now wait for the prompt and send logout string +\'# ' logout +.Ed +.Sh ABORT STRINGS +Many modems will report the status of the call as a string. +These strings may be +.Em CONNECT +or +.Em NO CARRIER +or +.Em BUSY . +It is often desirable to terminate the script should the modem fail to +connect to the remote. +The difficulty is that a script would not know exactly which modem string +it may receive. +On one attempt it may receive +.Em BUSY , +while the next time it may receive +.Em NO CARRIER . +.Pp +These +.Dq abort +strings may be specified in the script using the +.Ic ABORT +sequence. +It is written in the script as in the following example: +.Pp +.Dl "ABORT BUSY ABORT 'NO CARRIER' '' ATZ OK ATDT5551212 CONNECT" +.Pp +This sequence will expect nothing; and then send the string ATZ. +The expected response to this is the string +.Em OK . +When it receives +.Em OK , +it sends the string ATDT5551212 to dial the telephone. +The expected string is +.Em CONNECT . +If the string +.Em CONNECT +is received, the remainder of the script is executed. +However, should the modem find a busy telephone, it will send the string +.Em BUSY . +This will cause the string to match the abort character sequence. +The script will then fail because it found a match to the abort string. +If it received the string +.Em NO CARRIER , +it will abort for the same reason. +Either string may be received. +Either string will terminate the chat script. +.Sh CLR_ABORT STRINGS +This sequence allows for clearing previously set +.Ic ABORT +strings. +.Ic ABORT +strings are kept in an array of a pre-determined size (at compilation time); +.Ic CLR_ABORT +will reclaim the space for cleared entries so that new strings can use +that space. +.Sh SAY STRINGS +The +.Ic SAY +directive allows the script to send strings to the user +at the terminal via standard error. +If +.Nm +is being run by +.Xr pppd 8 , +and pppd is running as a daemon (detached from its controlling terminal), +standard error will normally be redirected to the file +.Pa /etc/ppp/connect-errors . +.Pp +.Ic SAY +strings must be enclosed in single or double quotes. +If carriage return and line feed are needed in the string to be output, +you must explicitly add them to your string. +.Pp +The +.Ic SAY +strings could be used to give progress messages in sections of +the script where you want to have 'ECHO OFF' but still let the user +know what is happening. +An example is: +.Bd -literal -offset indent +ABORT BUSY +ECHO OFF +SAY "Dialling your ISP...\en" +\'' ATDT5551212 +TIMEOUT 120 +SAY "Waiting up to 2 minutes for connection ... " +CONNECT '' +SAY "\enConnected, now logging in ...\en" +ogin: account +ssword: pass +$ \c +SAY "Logged in OK ...\en" +etc ... +.Ed +.Pp +This sequence will only present the +.Ic SAY +strings to the user and all the details of the script will remain hidden. +For example, if the above script works, the user will see: +.Bd -literal -offset indent +Dialling your ISP... +Waiting up to 2 minutes for connection ... +Connected, now logging in ... +Logged in OK ... +.Ed +.Sh REPORT STRINGS +A report string is similar to the +.Ic ABORT +string. +The difference is that the strings, and all characters to the next control +character such as a carriage return, are written to the report file. +.Pp +The report strings may be used to isolate the transmission rate of the +modem's connect string and return the value to the +.Nm +user. +The analysis of the report string logic occurs in conjunction with the +other string processing such as looking for the expect string. +The use of the same string for a report and abort sequence is probably not +very useful; however, it is possible. +.Pp +The report strings do not change the completion code of the program. +.Pp +These +.Dq report +strings may be specified in the script using the +.Ic REPORT +sequence. +It is written in the script as in the following example: +.Pp +.Dl "REPORT CONNECT ABORT BUSY '' ATDT5551212 CONNECT '' ogin: account" +.Pp +This sequence will expect nothing; and then send the string +ATDT5551212 to dial the telephone. +The expected string is +.Em CONNECT . +If the string +.Em CONNECT +is received, the remainder of the script is executed. +In addition the program will write to the expect-file the string +.Dq CONNECT +plus any characters which follow it such as the connection rate. +.Sh CLR_REPORT STRINGS +This sequence allows for clearing previously set +.Ic REPORT +strings. +.Ic REPORT +strings are kept in an array of a pre-determined size (at compilation time); +.Ic CLR_REPORT +will reclaim the space for cleared entries so that new strings can use +that space. +.Sh ECHO +The echo options controls whether the output from the modem is echoed to +.Ar stderr . +This option may be set with the +.Fl e +option, but it can also be controlled by the +.Ic ECHO +keyword. +The +.Dq expect-send +pair +.Ic ECHO ON +enables echoing, and +.Ic ECHO OFF +disables it. +With this keyword you can select which parts of the conversation should be +visible. +For instance, with the following script: +.Bd -literal -offset indent +ABORT 'BUSY' +ABORT 'NO CARRIER' +\&'' ATZ +OK\er\en ATD1234567 +\er\en \ec +ECHO ON +CONNECT \ec +ogin: account +.Ed +.Pp +all output resulting from modem configuration and dialing is not visible, +but starting with the +.Em CONNECT +(or +.Em BUSY ) +message, everything will be echoed. +.Sh HANGUP +The +.Ic HANGUP +options control whether a modem hangup should be considered as an error or not. +This option is useful in scripts for dialing systems which will hang up and +call your system back. +The +.Ic HANGUP +options can be +.Ic ON +or +.Ic OFF . +.Pp +When +.Ic HANGUP +is set +.Ic OFF +and the modem hangs up (e.g., after the first stage of logging in to a +callback system), +.Nm +will continue running the script +(e.g., waiting for the incoming call and second-stage login prompt). +As soon as the incoming call is connected, you should use the +.Ic HANGUP ON +directive to reinstall normal hangup signal behavior. +Here is an example script: +.Bd -literal -offset indent +ABORT 'BUSY' +\&'' ATZ +OK\er\en ATD1234567 +\er\en \ec +CONNECT \ec +\'Callback login:' call_back_ID +HANGUP OFF +ABORT "Bad Login" +\'Callback Password:' Call_back_password +TIMEOUT 120 +CONNECT \ec +HANGUP ON +ABORT "NO CARRIER" +ogin:--BREAK--ogin: real_account +etc ... +.Ed +.Sh TIMEOUT +The initial timeout value is 45 seconds. +This may be changed using the +.Fl t +parameter. +.Pp +The following example illustrates how to change the timeout value for +the next expect string: +.Pp +.Dl "ATZ OK ATDT5551212 CONNECT TIMEOUT 10 ogin:--ogin: TIMEOUT 5 assword: hello2u2" +.Pp +This will change the timeout to 10 seconds when it expects the login: prompt. +The timeout is then changed to 5 seconds when it looks for the password prompt. +.Pp +The timeout, once changed, remains in effect until it is changed again. +.Sh SENDING EOT +The special reply string of +.Ic EOT +indicates that the +.Nm +program should send an EOT character to the remote. +This is normally the End-of-file character sequence. +A return character is not sent following the EOT. +The EOT sequence may be embedded into the send string using the sequence +.Em ^D . +.Sh GENERATING BREAK +The special reply string of +.Ic BREAK +will cause a break condition to be sent. +The break is a special signal on the transmitter. +The normal processing on the receiver is to change the transmission rate. +It may be used to cycle through the available transmission rates on +the remote until you are able to receive a valid login prompt. +The break sequence may be embedded into the send string using the +.Em \eK +sequence. +.Sh ESCAPE SEQUENCES +The expect and reply strings may contain escape sequences. +All of the sequences are legal in the reply string. +Many are legal in the expect string. +Those which are not valid in the expect sequence are so indicated. +.Bl -tag -width Ds +.It '' +Expects or sends a null string. +If you send a null string then it will still send the return character. +This sequence may be a pair of either apostrophe or quote characters. +.It \eb +Represents a backspace character. +.It \ec +Suppresses the newline at the end of the reply string. +This is the only method to send a string without a trailing return character. +It must be at the end of the send string. +For example, the sequence +.Qq hello\ec +will simply send the characters h, e, l, l, o. +(Not valid in expect.) +.It \ed +Delay for one second. +The program uses +.Xr sleep 3 +to sleep for one second. +(Not valid in expect.) +.It \eK +Insert a +.Ic BREAK . +(Not valid in expect.) +.It \en +Send a newline or linefeed character. +.It \eN +Send a NUL character. +The same sequence may be represented by \e0. +(Not valid in expect.) +.It \ep +Pause for a fraction of a second. +The delay is 1/10th of a second. +(Not valid in expect.) +.It \eq +Suppress writing the string to the +.Xr syslog 3 +file. +The string +.Dq hidden +is written to the log in its place. +(Not valid in expect.) +.It \er +Send or expect a carriage return. +.It \es +Represents a space character in the string. +This may be used when it is not desirable to quote the strings which +contain spaces. +The sequence 'HI TIM' and HI\esTIM are the same. +.It \et +Send or expect a tab character. +.It \e\e +Send or expect a backslash character. +.It \eddd +Collapse the octal digits (ddd) into a single ASCII character and send that +character. +(Some characters are not valid in expect.) +.It ^C +Substitute the sequence with the control character represented by C. +For example, the character DC1 (17) is shown as ^Q. +(Some characters are not valid in expect.) +.El +.Sh TERMINATION CODES +The +.Nm +program will terminate with the following completion codes: +.Bl -tag -width Ds +.It 0 +The normal termination of the program. +This indicates that the script was executed without error to the normal +conclusion. +.It 1 +One or more of the parameters are invalid or an expect string was too +large for the internal buffers. +This indicates that the program was not properly executed. +.It 2 +An error occurred during the execution of the program. +This may be due to a read or write operation failing for some reason or +.Nm +receiving a signal such as +.Dv SIGINT . +.It 3 +A timeout event occurred when there was an +.Dq expect +string without having a +.Dq \-subsend +string. +This may mean that you did not program the script correctly for the condition +or that some unexpected event has occurred and the expected string could not +be found. +.It 4 +The first string marked as an +.Ic ABORT +condition occurred. +.It 5 +The second string marked as an +.Ic ABORT +condition occurred. +.It 6 +The third string marked as an +.Ic ABORT +condition occurred. +.It 7 +The fourth string marked as an +.Ic ABORT +condition occurred. +.It ... +The other termination codes are also strings marked as an +.Ic ABORT +condition. +.El +.Pp +Using the termination code, it is possible to determine which event +terminated the script. +It is possible to decide if the string +.Dq BUSY +was received from the modem as opposed to +.Dq NO DIAL TONE . +While the first event may be retried, the second will probably have little +chance of succeeding during a retry. +.\" .Sh SEE ALSO +.\" Additional information about chat scripts may be found with UUCP +.\" documentation. +.\" The chat script was taken from the ideas proposed +.\" by the scripts used by the uucico program. +.\" .Pp +.\" .Xr uucp 1 +.Sh COPYRIGHT +The +.Nm +program is in the public domain. +This is not the GNU public license. +If it breaks then you get to keep both pieces. diff --git a/static/openbsd/man8/chown.8 b/static/openbsd/man8/chown.8 new file mode 100644 index 00000000..75c12c90 --- /dev/null +++ b/static/openbsd/man8/chown.8 @@ -0,0 +1,175 @@ +.\" $OpenBSD: chown.8,v 1.25 2025/04/29 17:44:00 jmc Exp $ +.\" +.\" Copyright (c) 1990, 1991, 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)chown.8 8.3 (Berkeley) 3/31/94 +.\" +.Dd $Mdocdate: April 29 2025 $ +.Dt CHOWN 8 +.Os +.Sh NAME +.Nm chown +.Nd change file owner and group +.Sh SYNOPSIS +.Nm chown +.Op Fl h +.Oo +.Fl R +.Op Fl H | L | P +.Oc +.Ar owner Ns Op : Ns Ar group +.Ar +.Nm chown +.Op Fl h +.Oo +.Fl R +.Op Fl H | L | P +.Oc +.Pf : Ar group +.Ar +.Sh DESCRIPTION +.Nm +sets the user ID and/or the group ID of the specified files. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl H +If the +.Fl R +option is specified, symbolic links on the command line are followed. +Symbolic links encountered in the tree traversal are not followed. +.It Fl h +Treat symbolic links like other files: modify links instead of +following them. +The +.Fl h +and +.Fl R +options are mutually exclusive. +.It Fl L +If the +.Fl R +option is specified, all symbolic links are followed. +.It Fl P +If the +.Fl R +option is specified, no symbolic links are followed. +.It Fl R +Recurse. +Where +.Ar file +is a directory, +change the user ID and/or the group ID of the directory +and all the files and directories in the file hierarchy below it. +.El +.Pp +The +.Fl H , +.Fl L , +and +.Fl P +options are ignored unless the +.Fl R +option is specified; +if none of them are given, +the default is to not follow symbolic links. +In addition, these options override each other and the +command's actions are determined by the last one specified. +.Pp +The +.Ar owner +and +.Ar group +operands are both optional; however, one must be specified. +If the +.Ar group +operand is specified, it must be preceded by a colon +.Pq Sq \&: +character. +.Pp +The +.Ar owner +may be either a numeric user ID or a user name. +If a user name is also a numeric user ID, the operand is used as a +user name. +The +.Ar group +may be either a numeric group ID or a group name. +If a group name is also a numeric group ID, the operand is used as a +group name. +.Pp +By default, +.Nm +clears the set-user-ID and set-group-ID bits on the file +to prevent accidental or mischievous creation of +set-user-ID and set-group-ID programs. +.Pp +Only the superuser is permitted to change the owner of a file. +.Sh EXIT STATUS +.Ex -std chown +.Sh SEE ALSO +.Xr chgrp 1 , +.Xr find 1 , +.Xr chown 2 , +.Xr fts_open 3 , +.Xr symlink 7 +.Sh STANDARDS +The +.Nm +utility is compliant with the +.St -p1003.1-2024 +specification. +.Pp +The ability to specify +.Ar group +without +.Ar owner +is an extension to that specification. +.Pp +Some +.Pf non- Bx +systems may allow the (non-privileged) owner of a file to change +its ownership. +.Pp +Previous versions of the +.Nm +utility used the dot +.Pq Sq \&. +character to distinguish the group name. +This was changed when the utility was first standardised in +.St -p1003.2-92 +to be a colon +.Pq Sq \&: +character to allow user and group names to contain the dot +character, though the dot separator still remains supported +due to widely required backwards compatibility. +.Sh HISTORY +A +.Nm +command appeared in +.At v1 . diff --git a/static/openbsd/man8/chroot.8 b/static/openbsd/man8/chroot.8 new file mode 100644 index 00000000..6bf4cbb0 --- /dev/null +++ b/static/openbsd/man8/chroot.8 @@ -0,0 +1,114 @@ +.\" $OpenBSD: chroot.8,v 1.16 2015/09/12 15:52:37 schwarze Exp $ +.\" +.\" Copyright (c) 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)chroot.8 8.1 (Berkeley) 6/9/93 +.\" +.Dd $Mdocdate: September 12 2015 $ +.Dt CHROOT 8 +.Os +.Sh NAME +.Nm chroot +.Nd change root directory +.Sh SYNOPSIS +.Nm chroot +.Op Fl g Ar group Ns Op Pf , Ar group Ns Op Pf , Ar ... +.Op Fl u Ar user +.Ar newroot +.Op Ar command +.Sh DESCRIPTION +The +.Nm +command changes its root directory to the supplied directory +.Ar newroot +and executes +.Ar command , +if supplied, or an interactive copy of the user's shell. +.Pp +The +.Nm +command is restricted to the superuser. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl g Ar group Ns Op Pf , Ar group Ns Op Pf , Ar ... +Override the primary and supplemental group IDs. +The primary group ID is set to the first group in the list. +Any remaining groups are placed in the supplemental group ID vector. +Each group listed must exist in the +.Xr group 5 +databases. +.It Fl u Ar user +Set user ID to +.Ar user +(which must exist in the +.Xr passwd 5 +database). +The primary and supplemental group IDs will be set based on the user's +entries in the +.Xr passwd 5 +and +.Xr group 5 +databases unless overridden by the +.Fl g +option. +Additional settings may be applied as specified in +.Xr login.conf 5 +depending on +.Ar user Ns 's +login class. +.El +.Sh ENVIRONMENT +.Bl -tag -width SHELL +.It Ev SHELL +If set, +the string specified by +.Ev SHELL +is interpreted as the name of +the shell to execute. +If the variable +.Ev SHELL +is not set, +.Pa /bin/sh +is used. +.El +.Sh SEE ALSO +.Xr ldd 1 , +.Xr group 5 , +.Xr login.conf 5 , +.Xr passwd 5 , +.Xr environ 7 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.3 Reno . +.Sh CAVEATS +.Nm +should never be installed setuid root, as it would then be possible +to exploit the program to gain root privileges. diff --git a/static/openbsd/man8/clri.8 b/static/openbsd/man8/clri.8 new file mode 100644 index 00000000..f2900b85 --- /dev/null +++ b/static/openbsd/man8/clri.8 @@ -0,0 +1,78 @@ +.\" $OpenBSD: clri.8,v 1.13 2007/08/06 19:16:05 sobrado Exp $ +.\" $NetBSD: clri.8,v 1.2 1995/03/18 14:54:31 cgd Exp $ +.\" +.\" Copyright (c) 1980, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)clri.8 8.2 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: August 6 2007 $ +.Dt CLRI 8 +.Os +.Sh NAME +.Nm clri +.Nd clear inodes +.Sh SYNOPSIS +.Nm clri +.Ar special_device inode_number ... +.Sh DESCRIPTION +.Bf -symbolic +.Nm +is obsoleted for normal file system repair work by +.Xr fsck 8 . +.Ef +.Pp +.Nm +zeros out the inodes with the specified inode numbers +on the filesystem residing on the given +.Ar special_device . +The +.Xr fsck 8 +utility is usually run after +.Nm +to reclaim the zero'ed inodes and the +blocks previously claimed by those inodes. +Both read and write permission are required on the specified +.Ar special_device . +.Pp +The primary purpose of this routine +is to remove a file which +for some reason is not being properly handled by +.Xr fsck 8 . +Once removed, +it is anticipated that +.Xr fsck 8 +will be able to clean up the resulting mess. +.Sh SEE ALSO +.Xr inode 5 , +.Xr fsck 8 , +.Xr fsdb 8 , +.Xr ncheck 8 +.Sh BUGS +If the file is open, the work of +.Nm +will be lost when the inode is written back to disk from the inode cache. diff --git a/static/openbsd/man8/comsat.8 b/static/openbsd/man8/comsat.8 new file mode 100644 index 00000000..14651074 --- /dev/null +++ b/static/openbsd/man8/comsat.8 @@ -0,0 +1,93 @@ +.\" $OpenBSD: comsat.8,v 1.6 2007/05/31 19:19:39 jmc Exp $ +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)comsat.8 8.1 (Berkeley) 6/4/93 +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt COMSAT 8 +.Os +.Sh NAME +.Nm comsat +.Nd biff server +.Sh SYNOPSIS +.Nm comsat +.Sh DESCRIPTION +.Nm +is the server process which receives reports of incoming mail +and notifies users if they have requested this service. +.Nm +receives messages on a datagram port associated with the +.Dq biff +service +specification (see +.Xr services 5 +and +.Xr inetd 8 ) . +The one line messages are of the form: +.Pp +.Dl user@mailbox-offset +.Pp +If the +.Em user +specified is logged in to the system and the associated terminal has +the owner execute bit turned on (by a +.Dq Li biff y ) , +the +.Em offset +is used as a seek offset into the appropriate mailbox file and +the first 7 lines or 560 characters of the message are printed +on the user's terminal. +Lines which appear to be part of the message header other than the +.Dq From , +.Dq \&To , +.Dq Date , +or +.Dq Subject +lines are not included in the displayed message. +.Sh FILES +.Bl -tag -width /var/run/utmp -compact +.It Pa /var/run/utmp +to find out who's logged on and on what terminals +.El +.Sh SEE ALSO +.Xr biff 1 , +.Xr inetd 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Sh BUGS +The message header filtering is prone to error. +The density of the information presented is near the theoretical minimum. +.Pp +Users should be notified of mail which arrives on other +machines than the one to which they are currently logged in. +.Pp +The notification should appear in a separate window so it +does not mess up the screen. diff --git a/static/openbsd/man8/config.8 b/static/openbsd/man8/config.8 new file mode 100644 index 00000000..3ed744c3 --- /dev/null +++ b/static/openbsd/man8/config.8 @@ -0,0 +1,475 @@ +.\" $OpenBSD: config.8,v 1.76 2025/05/19 19:58:58 tedu Exp $ +.\" $NetBSD: config.8,v 1.10 1996/08/31 20:58:16 mycroft Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)config.8 8.2 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: May 19 2025 $ +.Dt CONFIG 8 +.Os +.Sh NAME +.Nm config +.Nd build kernel compilation directories or modify a kernel +.Sh SYNOPSIS +.Nm config +.Op Fl p +.Op Fl b Ar builddir +.Op Fl s Ar srcdir +.Op Ar config-file +.Nm config +.Fl e +.Op Fl u +.Op Fl c Ar cmdfile +.Op Fl f | o Ar outfile +.Ar infile +.Sh DESCRIPTION +In the first synopsis form, the +.Nm +program creates a kernel build directory from the kernel configuration file +specified by +.Ar config-file . +.Pp +In the second synopsis form, +.Nm +allows editing of the kernel binary specified by +.Ar infile . +Devices may be enabled, disabled, or modified without recompiling, +by editing the kernel executable. +Similarly, the same editing can be done at boot-time, +using the in-kernel editor, +as described in +.Xr boot_config 8 . +Note that any such edits will be lost during upgrades and prevent a newly +linked kernel from being installed at boot time. +For such cases, this process can also be automated during boot using the +.Xr bsd.re-config 5 +configuration file. +.Pp +For kernel building, the options are as follows: +.Bl -tag -width Ds +.It Fl b Ar builddir +Create the build directory in the path specified by +.Ar builddir +instead of the default +.Pa ../compile/SYSTEMNAME . +.It Fl p +Configure for a system that includes profiling code; see +.Xr kgmon 8 +and +.Xr gprof 1 . +When this option is specified, +.Nm +acts as if the lines +.Dq makeoptions PROF="-pg" +and +.Dq option GPROF +appeared in the specified kernel configuration file. +In addition, +.Dq .PROF +is appended to the default compilation directory name. +.Pp +The +.Fl p +flag is expected to be used for +.Dq one-shot +profiles of existing systems; for regular profiling, it is probably wiser to +make a separate configuration containing the makeoptions line. +.It Fl s Ar srcdir +Use +.Ar srcdir +as the top-level kernel source directory instead of the default (four +directories above the build directory). +.El +.Pp +For kernel modification, the options are as follows: +.Bl -tag -width Ds +.It Fl c Ar cmdfile +Read commands and answers from the specified file instead of the standard +input. +Save and quit automatically when the end of file is reached. +.It Fl e +Allows the modification of kernel device configuration (see +.Xr boot_config 8 ) . +Temporary changes can be made to the running kernel's configuration or a new +kernel binary may be written for permanent changes between system reboots. +See the section +.Sx KERNEL MODIFICATION +below for more details. +.It Fl f +Overwrite the +.Ar infile +kernel binary with the modified kernel. +Otherwise, +.Fl o +should be given to specify an alternate output file. +.It Fl o Ar outfile +Write the modified kernel to +.Ar outfile . +.It Fl u +Check to see if the kernel configuration was modified at boot-time +(i.e.\& +.Cm boot -c +was used). +If so, compare the running kernel with the kernel to be edited +.Pq Ar infile . +If they seem to be the same, apply all configuration changes performed at +boot. +Using this option requires read access to +.Pa /dev/mem , +which may be restricted based upon the value of the +.Ar kern.allowkmem +.Xr sysctl 8 . +.El +.Sh KERNEL BUILDING +The output of +.Nm +consists of a number of files, principally +.Pa ioconf.c +(a description of I/O devices that may be attached to the system) +and a +.Pa Makefile , +used by +.Xr make 1 +when building the kernel. +.Pp +If +.Nm +stops due to errors, the problems reported should be corrected and +.Nm +should be run again. +.Nm +attempts to avoid changing the compilation directory if there are +configuration errors, but this code is not well-tested and some problems +(such as running out of disk space) are unrecoverable. +.Pp +If +.Ar config-file +is not specified, +.Nm +uses the current directory as the build directory, and looks in it for +a file called +.Pa CONFIG . +If +.Nm +is run this way, the location of the top-level kernel source +directory must be specified using the +.Fl s +option or by using the +.Dq Li source +directive at the beginning of the system configuration file. +.Pp +The configuration files consists of various statements which +include the following: +.Bl -tag -offset indent -width indent +.It Ic machine Ar var +Required. +Specifies the machine architecture. +.It Ic include Ar file +Include another configuration file. +.It Ic option Ar name +Set a kernel option. +Kernel options may take either the form +.Ar NAME +or the form +.Ar NAME Ns = Ns Ar value . +These options are passed to the compiler with the +.Fl D +flag. +.It Ic rmoption Ar name +Delete a previously set option. +This is useful when including another kernel configuration file. +A typical use is to include the +.Va GENERIC +kernel provided with each release and remove options that are +unwanted, thus allowing for automatic inclusion of new device +drivers. +.It Ic maxusers Ar number +Required. +Used to size various system tables and maximum operating conditions +in an approximate fashion. +Multiple instances of this keyword may be specified. +The number provided in the last instance will be used, and +warnings will be printed for each duplicate value. +This is convenient when used with the +.Va include +directive. +.It Xo Ic config Cm bsd root on Ar dev +.Op Cm swap on Ar dev Op Cm and Ar dev ... +.Op Cm dumps on Ar dev +.Xc +Required. +Specifies the swap and dump devices which the system should use. +.It Ic config Cm bsd swap generic +Otherwise, if generic is specified, the system follows generic routines to +decide what should happen. +.El +.Pp +To debug kernels and their crash dumps with gdb, add +.Dq makeoptions DEBUG="-g" +to the kernel configuration file. +Refer to +.Xr options 4 +for further details. +.Pp +Many other statements exist, and the file format is fairly rich; for more +information see the various configuration files included in the system, as +well as +.Xr files.conf 5 +for the +.Nm +rules base. +.Sh KERNEL MODIFICATION +When +.Fl e +is specified, device parameters that are normally hard-coded into the kernel +may be changed. +This is useful to avoid the need for kernel recompilation or rebooting. +Modifications are made to the currently running kernel and can be written to +a new kernel binary so changes are preserved during subsequent system restarts. +.Pp +When invoked, the kernel identification is first shown. +.Bd -literal -offset indent +# config -e -o bsd.new /bsd +OpenBSD 5.3-current (GENERIC.MP) #91: Mon Mar 25 16:43:17 MDT 2013 + deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP +Enter 'help' for information +ukc> +.Ed +.Pp +One or more warnings may be printed before the +.Li ukc> +prompt. +.Bd -literal -offset indent +warning: no output file specified +.Ed +.Pp +Neither the +.Fl f +nor +.Fl o +option has been specified. +Changes will be ignored. +.Bd -literal -offset indent +WARNING kernel mismatch. -u ignored. +WARNING the running kernel version: +.Ed +.Pp +.Nm +does not believe the running kernel is the same as the +.Ar infile +specified. +Since the log of changes (from +.Cm boot -c ) +in the running kernel is kernel-specific, the +.Fl u +option is ignored. +.Pp +The commands are as follows: +.Bl -tag -width "disable attr val | devno | dev" +.It Ic add Ar dev +Add a device through copying another. +.It Ic base Cm 8 | 10 | 16 +Change the base of numbers displayed and entered. +.It Ic change Ar devno | dev +Modify one or more devices. +.It Ic disable Ar attr val | devno | dev +Disable one or more devices. +.It Ic enable Ar attr val | devno | dev +Enable one or more devices. +.It Ic exit +Exit without saving changes. +.It Ic find Ar devno | dev +Find one or more devices. +.It Ic help +Give a short summary of all commands and their arguments. +.It Ic lines Op Ar count +Set the number of rows per page. +.It Ic list +Show all known devices, a screen at a time. +.It Ic nkmempg Op Ar number +Change the NKMEMPAGES value. +Without arguments, displays its current value. +.It Ic quit +Exit and save changes. +.It Ic show Op Ar attr Op Ar val +Show all devices for which attribute +.Ar attr +has the value +.Ar val . +.It Ic # Op Ar cmd +Ignored. +Allows comments in +.Xr bsd.re-config 5 . +.El +.Sh EXIT STATUS +.Ex -std +.Sh EXAMPLES +The Ethernet card is not detected at boot because the kernel configuration +does not match the physical hardware configuration, +e.g. wrong IRQ in OpenBSD/i386. +The Ethernet card is supposed to use the +.Xr ne 4 +driver. +.Bd -literal +.No ukc> Ic find ne +24 ne0 at isa0 port 0x240 size 0 iomem 0xd8000 iosiz 0 irq 9 drq -1 drq2 -1 flags 0x0 +25 ne1 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 10 drq -1 drq2 -1 flags 0x0 +26 ne* at isapnp0 port -1 size 0 iomem -1 iosiz 0 irq -1 drq -1 flags 0x0 +27 ne* at pci* dev -1 function -1 flags 0x0 +28 ne* at pcmcia* function -1 irq -1 flags 0x0 +ukc> +.Ed +.Pp +ne1 seems to match the configuration except it uses IRQ 10 instead of IRQ 5. +So the irq on ne1 should be changed via the +.Ic change +command. +The device can be specified by either name or number. +.Bd -literal +.No ukc> Ic change ne1 +25 ne1 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 10 drq -1 drq2 -1 +.No change (y/n) \&? Ic y +.No port [0x300] \&? +.No size [0] \&? +.No iomem [-1] \&? +.No iosiz [0] \&? +.No irq [10] \&? Ic 5 +.No drq [-1] \&? +.No drq2 [-1] \&? +.No flags [0] \&? +25 ne1 changed +25 ne1 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 5 drq -1 drq2 -1 flags 0x0 +ukc> +.Ed +.Pp +It's also possible to disable all devices with a common attribute. +For example: +.Bd -literal +.No ukc> Ic disable port 0x300 + 25 ne1 disabled + 72 we1 disabled + 75 el0 disabled + 77 ie1 disabled +.Ed +.Pp +The +.Cm show +command is useful for finding which devices have a certain attribute. +It can also be used to find those devices with a particular value for +an attribute. +.Bd -literal +.No ukc> Ic show slot + 2 ahc* at eisa0 slot -1 + 10 uha* at eisa0 slot -1 + 12 ep0 at eisa0 slot -1 + 17 ep* at eisa0 slot -1 +102 ahb* at eisa0 slot -1 +103 fea* at eisa0 slot -1 +.No ukc> Ic show port 0x300 + 25 ne1 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 10 drq -1 drq2 -1 flags 0x0 + 72 we1 at isa0 port 0x300 size 0 iomem 0xcc000 iosiz 0 irq 10 drq -1 drq2 -1 flags 0x0 + 75 el0 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 9 drq -1 drq2 -1 flags 0x0 + 77 ie1 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 10 drq -1 drq2 -1 flags 0x0 +ukc> +.Ed +.Pp +It is possible to add new devices, but only devices that were linked into the +kernel. +If a new device is added, following devices will be renumbered. +.Bd -literal +.No ukc> Ic find ep + 11 ep0 at isa0 port -1 size 0 iomem -1 iosiz 0 irq -1 drq -1 drq2 -1 flags 0x0 + 12 ep0 at eisa0 slot -1 flags 0x0 + 13 ep0 at pci* dev -1 function -1 flags 0x0 + 14 ep* at isapnp0 port -1 size 0 iomem -1 iosiz 0 irq -1 drq -1 flags 0x0 + 15 ep* at isa0 port -1 size 0 iomem -1 iosiz 0 irq -1 drq -1 drq2 -1 flags 0x0 + 16 ep* at eisa0 slot -1 flags 0x0 + 17 ep* at pci* dev -1 function -1 flags 0x0 + 18 ep* at pcmcia* dev -1 irq -1 flags 0x0 +.No ukc> Ic add ep1 +.No "Clone Device (DevNo, 'q' or '\&?') \&?" Ic 13 +.No "Insert before Device (DevNo, 'q' or '\&?')" Ic 14 + 14 ep1 at pci* dev -1 function -1 +.No ukc> Ic change 14 + 14 ep1 at pci* dev -1 function -1 +.No change (y/n) \&? Ic y +.No dev [-1] \&? Ic 14 +.No function [-1] \&? +.No flags [0] \&? Ic 18 + 14 ep1 changed + 14 ep1 at pci* dev 14 function -1 flags 0x12 +ukc> +.Ed +.Pp +When done, exit the program with the +.Ic quit +or +.Ic exit +commands. +.Ic exit +will ignore any changes while +.Ic quit +writes the changes to +.Ar outfile +(if +.Fl o +or +.Fl f +was given, else ignore changes). +.Bd -literal +.No ukc> Ic quit +.Ed +.Sh SEE ALSO +.Xr options 4 , +.Xr bsd.re-config 5 , +.Xr files.conf 5 , +.Xr boot.conf 8 , +.Xr boot_config 8 +.Pp +The SYNOPSIS portion of each device in section 4 of the manual. +.Rs +.\" 4.4BSD SMM:2 +.%A S. J. Leffler +.%A M. J. Karels +.%T "Building 4.4 BSD Systems with Config" +.%B 4.4BSD System Manager's Manual (SMM) +.Re +.Sh HISTORY +The +.Nm +program appeared in +.Bx 4.1 +and was completely revised in +.Bx 4.4 . +The +.Fl e +option appeared in +.Ox 2.6 . +.Sh BUGS +Included files should start with an empty line or comment. diff --git a/static/openbsd/man8/cron.8 b/static/openbsd/man8/cron.8 new file mode 100644 index 00000000..72709765 --- /dev/null +++ b/static/openbsd/man8/cron.8 @@ -0,0 +1,166 @@ +.\" +.\" Copyright (c) 2002-2003 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.\" $OpenBSD: cron.8,v 1.36 2019/01/25 00:19:27 millert Exp $ +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt CRON 8 +.Os +.Sh NAME +.Nm cron +.Nd clock daemon +.Sh SYNOPSIS +.Nm cron +.Op Fl n +.Op Fl l Ar load_avg +.Sh DESCRIPTION +The +.Nm +daemon schedules commands to be run at specified dates and times. +Commands that are to be run periodically are specified within +.Xr crontab 5 +files. +Commands that are only to be run once are scheduled via the +.Xr at 1 +and +.Xr batch 1 +commands. +Normally, the +.Nm +daemon is started from the +.Pa /etc/rc +command script. +Because it can execute commands on a user's behalf, +.Nm +should be run late in the startup sequence, +as close to the time when logins are accepted as possible. +.Pp +.Nm +loads +.Xr crontab 5 +and +.Xr at 1 +files when it starts up and also when changes are made via the +.Xr crontab 1 +and +.Xr at 1 +commands. +Additionally, +.Nm +checks the modification time on the system crontab file +.Pq Pa /etc/crontab , +the crontab spool +.Pq Pa /var/cron/tabs , +and the at spool +.Pq Pa /var/cron/atjobs +once a minute. +If the modification time has changed, the affected files are reloaded. +.Pp +Any output produced by a command is sent to the user specified in the +.Ev MAILTO +environment variable as set in the +.Xr crontab 5 +file or, if no +.Ev MAILTO +variable is set (or if this is an +.Xr at 1 +or +.Xr batch 1 +job), to the job's owner. +If a command produces no output or if the +.Ev MAILTO +environment variable is set to the empty string, no mail will be sent. +The exception to this is +.Xr at 1 +or +.Xr batch 1 +jobs submitted with the +.Fl m +flag. +In this case, mail will be sent even if the job produces no output. +.Ss Daylight Saving Time and other time changes +Local time changes of less than three hours, such as those caused +by the start or end of Daylight Saving Time, are handled specially. +This only applies to jobs that run at a specific time and jobs that +are run with a granularity greater than one hour. +Jobs that run more frequently are scheduled normally. +.Pp +If time has moved forward, those jobs that would have run in the +interval that has been skipped will be run immediately. +Conversely, if time has moved backward, care is taken to avoid running +jobs twice. +.Pp +Time changes of more than 3 hours are considered to be corrections to +the clock or time zone, and the new time is used immediately. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl l Ar load_avg +If the current load average is greater than +.Ar load_avg , +.Xr batch 1 +jobs will not be run. +The default value is 1.5. +To allow +.Xr batch 1 +jobs to run regardless of the load, a value of 0.0 may be used. +.It Fl n +By default, +.Nm +will detach from the current tty and become a daemon. +The +.Fl n +option disables this behavior and causes it to run in the foreground. +.El +.Sh FILES +.Bl -tag -width "/var/run/cron.sock" -compact +.It Pa /etc/crontab +system crontab file +.It Pa /var/cron/atjobs +directory containing +.Xr at 1 +jobs +.It Pa /var/cron/log +cron's log file +.It Pa /var/cron/tabs +directory containing individual crontab files +.It Pa /var/run/cron.sock +used by +.Xr crontab 1 +to tell +.Nm +to check for crontab changes immediately +.El +.Sh SEE ALSO +.Xr at 1 , +.Xr crontab 1 , +.Xr syslog 3 , +.Xr crontab 5 +.Sh AUTHORS +.An Paul Vixie Aq Mt vixie@isc.org +.Sh CAVEATS +.Xr crontab 5 +files will be ignored if they do not have the proper file mode. +For user crontab files created by +.Xr crontab 1 , +the mode must be 0600. +If the system crontab file is used, +.Pa /etc/crontab +must not be writable by any user other than root and must not have +the execute, set-user-ID, set-group-ID or sticky bits set. diff --git a/static/openbsd/man8/crunchgen.8 b/static/openbsd/man8/crunchgen.8 new file mode 100644 index 00000000..e21f0a6b --- /dev/null +++ b/static/openbsd/man8/crunchgen.8 @@ -0,0 +1,327 @@ +.\" $OpenBSD: crunchgen.8,v 1.10 2017/06/11 16:58:49 schwarze Exp $ +.\" +.\" +.\" Copyright (c) 1994 University of Maryland +.\" All Rights Reserved. +.\" +.\" Permission to use, copy, modify, distribute, and sell this software and its +.\" documentation for any purpose is hereby granted without fee, provided that +.\" the above copyright notice appear in all copies and that both that +.\" copyright notice and this permission notice appear in supporting +.\" documentation, and that the name of U.M. not be used in advertising or +.\" publicity pertaining to distribution of the software without specific, +.\" written prior permission. U.M. makes no representations about the +.\" suitability of this software for any purpose. It is provided "as is" +.\" without express or implied warranty. +.\" +.\" U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M. +.\" BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +.\" IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Author: James da Silva, Systems Design and Analysis Group +.\" Computer Science Department +.\" University of Maryland at College Park +.\" +.Dd $Mdocdate: June 11 2017 $ +.Dt CRUNCHGEN 8 +.Os +.Sh NAME +.Nm crunchgen +.Nd generates build environment for a crunched binary +.Sh SYNOPSIS +.Nm crunchgen +.Bk -words +.Op Fl EfMq +.Op Fl c Ar c-file-name +.Op Fl D Ar src-root +.Op Fl e Ar exec-file-name +.Op Fl L Ar lib-dir +.Op Fl m Ar makefile-name +.Op Fl O Ar objdir-name +.Ar conf-file +.Ek +.Nm crunchgen +.Fl h +.Op Fl f Ar keep-list-file +.Op Fl k Ar keep-symbol +.Ar object-file ... +.Sh DESCRIPTION +A crunched binary is a program made up of many other programs linked +together into a single executable. +The crunched binary +.Fn main +function determines which component program +to run by the contents of argv[0]. +The main reason to crunch programs together is for fitting as many programs +as possible onto an installation or system recovery floppy. +.Pp +.Nm +reads in the specifications in +.Ar conf-file +for a crunched binary, and generates a Makefile and accompanying +top-level C source file that when built create the crunched executable +file from the component programs. +For each component program, +.Nm +can optionally attempt to determine the object (.o) files that make up +the program from its source directory Makefile. +This information is cached in a file named +.Pa .cache +between runs. +.Pp +.Nm +is later run again with the +.Fl h +flag to eliminate link-time conflicts between the component programs by +hiding all unnecessary symbols. +Some symbols may be left visible via the +.Fl k Ar keep-symbol +and +.Fl f Ar keep-list-file +options. +The +.Ar keep-list-file +must contain a list of symbols to keep visible, one symbol per line. +Note that the C compiler prepends an underscore in front of +symbols, so to keep the C function +.Dq foo +visible, the option +.Dq -k _foo +must be used. +.Pp +After +.Nm +is run, the crunched binary can be built by running +.Dq make -f .mk . +The component programs' object files must already be built. +An +.Dq objs +target, included in the output makefile, +will run make in each component program's source dir to build the object +files for the user. +This is not done automatically since in release engineering circumstances +it is generally not desirable to be modifying objects in other directories. +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl c Ar c-file-name +Set output C file name to +.Ar c-file-name . +The default name is +.Dq Ao conf-name Ac Ns \&.c . +.It Fl D Ar src-root +Assume that relative source directory specifications begin with +.Ar src-root . +.It Fl E +Don't prepend stub names with an underscore. +Used for architectures that don't have underscore prepended to symbol names, +such as ELF architectures. +.It Fl e Ar exec-file-name +Set crunched binary executable file name to +.Ar exec-file-name . +The default name is +.Dq Aq conf-name . +.It Fl f +Flush cache. +Forces the recalculation of cached parameters. +.It Fl h +Hide all unnecessary symbols. +Note that this is done on some ELF architectures by marking the symbol +local, while the +.Fl M +option causes it to mangle the symbol name to hide the symbol. +It is therefore not advisable to try to run +.Xr nm 1 +on a crunched object file. +This is due to the nature of the ELF symbol table +and how some architectures use the symbol attributes for their GOT build. +.It Fl L Ar lib-dir +Try to obtain libraries from +.Ar lib-dir . +.It Fl M +On ELF architectures mangle the symbol instead of marking it global; +necessary for some architectures due to GOT usage. +.It Fl m Ar makefile-name +Set output Makefile name to +.Ar makefile-name . +The default name is +.Dq Ao conf-name Ac Ns \&.mk . +.It Fl O Ar objdir-name +Specify an object directory to use. +It defaults to +.Dq obj , +though for cross building purposes it can be used to specify +obj.${HOST}.${MACHINE}. +Normally used with the make variable ${MAKEOBJDIR}. +.It Fl q +Quiet operation. +Status messages are suppressed. +.El +.Sh CRUNCHGEN CONFIGURATION FILE COMMANDS +.Nm +reads specifications from the +.Ar conf-file +that describe the components of the crunched binary. +In its simplest use, the component program names are merely listed +along with the top-level source directories in which their sources +can be found. +.Nm +then calculates (via the source makefiles) and caches the +list of object files and their locations. +For more specialized situations, the user can specify by hand +all the parameters that +.Nm +needs. +.Pp +The +.Ar conf-file +commands are as follows: +.Bl -tag -width indent +.It srcdirs Ar dirname ... +A list of source trees in which the source directories of the +component programs can be found. +These dirs are searched using the +.Bx +.Dq // +convention. +Multiple srcdirs lines can be specified. +The directories are searched in the order they are given. +.It libdirs Ar dirname +A list of source trees in which the source directories for supplementary +libraries can be found. +.It progs Ar progname ... +A list of programs that make up the crunched binary. +Multiple progs lines can be specified. +.It libs Ar libspec ... +A list of library specifications to be included in the crunched binary link. +Multiple libs lines can be specified. +.It ln Ar progname linkname +Causes the crunched binary to invoke +.Ar progname +whenever +.Ar linkname +appears in argv[0]. +This allows programs that change their behavior when +run under different names to operate correctly. +.El +.Pp +To handle specialized situations, such as when the source is not +available or not built via a conventional Makefile, the following +.Ic special +commands can be used to set +.Nm +parameters for a component program. +.Bl -tag -width indent +.It special Ar progname No srcdir Ar pathname +Set the source directory for +.Ar progname . +This is normally calculated by searching the specified srcdirs +for a directory named +.Ar progname . +.It special Ar progname No objdir Ar pathname +Set the obj directory for +.Ar progname . +This is normally calculated by looking for a directory named +.Dq obj +under the +.Ar srcdir , +and if that is not found, the +.Ar srcdir +itself becomes the objdir. +.It special Ar progname No objs Ar object-file-name ... +Set the list of object files for program +.Ar progname . +This is normally calculated by constructing a temporary makefile that includes +.Dq srcdir/Makefile +and outputs the value of $(OBJS). +.It special Ar progname No objpaths Ar full-pathname-to-object-file ... +Sets the pathnames of the object files for program +.Ar progname . +This is normally calculated by prepending the objdir +pathname to each file in the objs list. +.El +.Pp +Only the objpaths parameter is actually needed by +.Nm crunchgen , +but it is calculated from objdir and objs, +which are in turn calculated from srcdir, +so it is sometimes convenient to specify the earlier parameters and let +.Nm +calculate forward from there if it can. +.Pp +The makefile produced by +.Nm +contains an optional +.Ar objs +target that will build the object files for each component program by +running make inside that program's source directory. +For this to work the srcdir and objs parameters must also be valid. +If they are not valid for a particular program, that program is skipped in the +.Ar objs +target. +.Sh EXAMPLES +Here is an example +.Nm +input conf file, named +.Pa kcopy.conf : +.Bd -literal -offset indent +srcdirs /usr/src/bin /usr/src/sbin + +progs test cp echo sh fsck halt init mount umount myinstall +ln test [ # test can be invoked via [ +ln sh -sh # init invokes the shell with "-sh" in argv[0] + +special myprog objpaths /homes/leroy/src/myinstall.o # no sources + +libs -lutil -lcrypt +.Ed +.Pp +This conf file specifies a small crunched binary consisting of some +basic system utilities plus a home-grown install program +.Dq myinstall , +for which no source directory is specified, but its object file is +specified directly with the +.Ic special +line. +.Pp +The crunched binary +.Dq kcopy +can be built as follows: +.Bd -literal -offset indent +% crunchgen -m Makefile kcopy.conf # gen Makefile and kcopy.c +% make objs # build the component programs' .o files +% make # build the crunched binary kcopy +% kcopy sh # test that this invokes a sh shell +$ # it works! +.Ed +.Pp +At this point the binary +.Dq kcopy +can be copied onto an install floppy +and hard-linked to the names of the component programs. +.Sh AUTHORS +.Nm +was written by +.An James da Silva Aq Mt jds@cs.umd.edu +at the University of Maryland. +.Sh CAVEATS +While +.Nm +takes care to eliminate link conflicts between the component programs +of a crunched binary, conflicts are still possible between the +libraries that are linked in. +Some shuffling in the order of libraries may be required, +and in some rare cases two libraries may +have an unresolvable conflict and thus cannot be crunched together. +.Pp +Some versions of the +.Bx +build environment do not by default build the +intermediate object file for single-source file programs. +The +.Dq make objs +target must then be used to get those object files built, +or some other arrangements made. diff --git a/static/openbsd/man8/cvsbug.8 b/static/openbsd/man8/cvsbug.8 new file mode 100644 index 00000000..ecf2eb8a --- /dev/null +++ b/static/openbsd/man8/cvsbug.8 @@ -0,0 +1,243 @@ +.\" -*- nroff -*- +.\" --------------------------------------------------------------------------- +.\" man page for send-pr (by Heinz G. Seidl, hgs@cygnus.com) +.\" updated Feb 1993 for GNATS 3.00 by Jeffrey Osier, jeffrey@cygnus.com +.\" +.\" This file is part of the Problem Report Management System (GNATS) +.\" Copyright 1992 Cygnus Support +.\" +.\" This program is free software; you can redistribute it and/or +.\" modify it under the terms of the GNU General Public +.\" License as published by the Free Software Foundation; either +.\" version 2 of the License, or (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +.\" General Public License for more details. +.\" +.\" --------------------------------------------------------------------------- +.nh +.TH CVSBUG 8 xVERSIONx "February 1993" +.SH NAME +cvsbug \- send problem report (PR) about CVS to a central support site +.SH SYNOPSIS +.B cvsbug +[ +.I site +] +[ +.B \-f +.I problem-report +] +[ +.B \-t +.I mail-address +] +.br +.in +0.8i +[ +.B \-P +] +[ +.B \-L +] +[ +.B \-\-request-id +] +[ +.B \-v +] +.SH DESCRIPTION +.B cvsbug +is a tool used to submit +.I problem reports +.\" SITE ADMINISTRATORS - change this if you use a local default +(PRs) to a central support site. In most cases the correct +.I site +will be the default. This argument indicates the support site which +is responsible for the category of problem involved. Some sites may +use a local address as a default. +.I site +values are defined by using the +.BR aliases (5). +.LP +.B cvsbug +invokes an editor on a problem report template (after trying to fill +in some fields with reasonable default values). When you exit the +editor, +.B cvsbug +sends the completed form to the +.I Problem Report Management System +(\fBGNATS\fR) at a central support site. At the support site, the PR +is assigned a unique number and is stored in the \fBGNATS\fR database +according to its category and submitter-id. \fBGNATS\fR automatically +replies with an acknowledgement, citing the category and the PR +number. +.LP +To ensure that a PR is handled promptly, it should contain your (unique) +\fIsubmitter-id\fR and one of the available \fIcategories\fR to identify the +problem area. (Use +.B `cvsbug -L' +to see a list of categories.) +.LP +The +.B cvsbug +template at your site should already be customized with your +submitter-id (running `\|\fBinstall-sid\fP \fIsubmitter-id\fP\|' to +accomplish this is part of the installation procedures for +.BR cvsbug ). +If this hasn't been done, see your system administrator for your +submitter-id, or request one from your support site by invoking +.B `cvsbug \-\-request\-id'. +If your site does not distinguish between different user sites, or if +you are not affiliated with the support site, use +.B `net' +for this field. +.LP +The more precise your problem description and the more complete your +information, the faster your support team can solve your problems. +.SH OPTIONS +.TP +.BI \-f " problem-report" +specify a file (\fIproblem-report\fR) which already contains a +complete problem report. +.B cvsbug +sends the contents of the file without invoking the editor. If +the value for +.I problem-report +is +.BR `\|\-\|' , +then +.B cvsbug +reads from standard input. +.TP +.BI \-t " mail-address" +Change mail address at the support site for problem reports. The +default +.I mail-address +is the address used for the default +.IR site . +Use the +.I site +argument rather than this option in nearly all cases. +.TP +.B \-P +print the form specified by the environment variable +.B PR_FORM +on standard output. If +.B PR_FORM +is not set, print the standard blank PR template. No mail is sent. +.TP +.B -L +print the list of available categories. No mail is sent. +.TP +.B \-\-request\-id +sends mail to the default support site, or +.I site +if specified, with a request for your +.IR submitter-id . +If you are +not affiliated with +.IR site , +use a +.I submitter-id +of +.BR net \|'. +.TP +.B \-v +Display the +.B cvsbug +version number. +.LP +Note: use +.B cvsbug +to submit problem reports rather than mailing them directly. Using +both the template and +.B cvsbug +itself will help ensure all necessary information will reach the +support site. +.SH ENVIRONMENT +The environment variable +.B EDITOR +specifies the editor to invoke on the template. +.br +default: +.B vi +.sp +If the environment variable +.B PR_FORM +is set, then its value is used as the file name of the template for +your problem-report editing session. You can use this to start with a +partially completed form (for example, a form with the identification +fields already completed). +.SH "HOW TO FILL OUT A PROBLEM REPORT" +Problem reports have to be in a particular form so that a program can +easily manage them. Please remember the following guidelines: +.IP \(bu 3m +describe only +.B one problem +with each problem report. +.IP \(bu 3m +For follow-up mail, use the same subject line as the one in the automatic +acknowledgent. It consists of category, PR number and the original synopsis +line. This allows the support site to relate several mail messages to a +particular PR and to record them automatically. +.IP \(bu 3m +Please try to be as accurate as possible in the subject and/or synopsis line. +.IP \(bu 3m +The subject and the synopsis line are not confidential. This is +because open-bugs lists are compiled from them. Avoid confidential +information there. +.LP +See the GNU +.B Info +file +.B cvsbug.info +or the document \fIReporting Problems With cvsbug\fR\ for detailed +information on reporting problems +.SH "HOW TO SUBMIT TEST CASES, CODE, ETC." +Submit small code samples with the PR. Contact the support site for +instructions on submitting larger test cases and problematic source +code. +.SH FILES +.ta \w'/tmp/pbad$$ 'u +/tmp/p$$ copy of PR used in editing session +.br +/tmp/pf$$ copy of empty PR form, for testing purposes +.br +/tmp/pbad$$ file for rejected PRs +.SH INSTALLATION AND CONFIGURATION +See +.B INSTALL +for installation instructions. +.SH SEE ALSO +.BR gnats (l), +.BR query-pr (1), +.BR edit-pr (1), +.BR gnats (8), +.BR queue-pr (8), +.BR at-pr (8), +.BR mkcat (8), +.BR mkdist (8). +.SH AUTHORS +Jeffrey Osier, Brendan Kehoe, Jason Merrill, Heinz G. Seidl (Cygnus +Support) +.SH COPYING +Copyright (c) 1992, 1993 Free Software Foundation, Inc. +.PP +Permission is granted to make and distribute verbatim copies of +this manual provided the copyright notice and this permission notice +are preserved on all copies. +.PP +Permission is granted to copy and distribute modified versions of this +manual under the conditions for verbatim copying, provided that the +entire resulting derived work is distributed under the terms of a +permission notice identical to this one. +.PP +Permission is granted to copy and distribute translations of this +manual into another language, under the above conditions for modified +versions, except that this permission notice may be included in +translations approved by the Free Software Foundation instead of in +the original English. + diff --git a/static/openbsd/man8/dev_mkdb.8 b/static/openbsd/man8/dev_mkdb.8 new file mode 100644 index 00000000..73498e45 --- /dev/null +++ b/static/openbsd/man8/dev_mkdb.8 @@ -0,0 +1,83 @@ +.\" $OpenBSD: dev_mkdb.8,v 1.10 2022/08/04 11:50:46 schwarze Exp $ +.\" +.\" Copyright (c) 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)dev_mkdb.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: August 4 2022 $ +.Dt DEV_MKDB 8 +.Os +.Sh NAME +.Nm dev_mkdb +.Nd create /dev database +.Sh SYNOPSIS +.Nm dev_mkdb +.Sh DESCRIPTION +The +.Nm +command creates a +.Xr hash 3 +access method Berkeley database in +.Dq Pa /var/run/dev.db +which contains the names of all of the character and block special +files in the +.Dq Pa /dev +directory, using the file type and the +.Fa st_rdev +field as the key. +.Pp +Keys are a structure containing a +.Vt mode_t +followed by a +.Vt dev_t , +with any padding zeroed out. +The former is the type of the file +.Pq Fa st_mode No & Dv S_IFMT , +the latter is the +.Fa st_rdev +field. +.Sh FILES +.Bl -tag -width /var/run/dev.db -compact +.It Pa /dev +device directory +.It Pa /var/run/dev.db +database file +.El +.Sh SEE ALSO +.Xr ps 1 , +.Xr stat 2 , +.Xr dbopen 3 , +.Xr devname 3 , +.Xr kvm_nlist 3 , +.Xr ttyname 3 , +.Xr kvm_mkdb 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 Net/2 . diff --git a/static/openbsd/man8/dhcp6leasectl.8 b/static/openbsd/man8/dhcp6leasectl.8 new file mode 100644 index 00000000..bb07409b --- /dev/null +++ b/static/openbsd/man8/dhcp6leasectl.8 @@ -0,0 +1,71 @@ +.\" $OpenBSD: dhcp6leasectl.8,v 1.2 2024/06/07 17:38:22 jmc Exp $ +.\" +.\" Copyright (c) 2021 Florian Obser +.\" Copyright (c) 2016 Kenneth R Westerback +.\" Copyright (c) 2004, 2005 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: June 7 2024 $ +.Dt DHCP6LEASECTL 8 +.Os +.Sh NAME +.Nm dhcp6leasectl +.Nd control the dhcp6leased client +.Sh SYNOPSIS +.Nm +.Op Fl l +.Op Fl s Ar socket +.Op Fl w Ar maxwait +.Ar interface +.Sh DESCRIPTION +The +.Nm +program instructs the +.Xr dhcp6leased 8 +daemon to request a new lease. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl l +List the configured lease on +.Ar interface +instead of requesting a new lease. +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /dev/dhcp6leased.sock +to communicate with +.Xr dhcp6leased 8 . +.It Fl w Ar maxwait +Specify the maximum number of seconds to wait for +.Ar interface +to be configured. +The default is 10 seconds. +.El +.Sh FILES +.Bl -tag -width "/dev/dhcp6leased.sockXX" -compact +.It Pa /dev/dhcp6leased.sock +.Ux Ns -domain +socket used for communication with +.Xr dhcp6leased 8 . +.El +.Sh SEE ALSO +.Xr dhcp6leased.conf 5 , +.Xr dhcp6leased 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 7.6 . diff --git a/static/openbsd/man8/dhcp6leased.8 b/static/openbsd/man8/dhcp6leased.8 new file mode 100644 index 00000000..4c565a1f --- /dev/null +++ b/static/openbsd/man8/dhcp6leased.8 @@ -0,0 +1,113 @@ +.\" $OpenBSD: dhcp6leased.8,v 1.2 2024/10/30 17:01:28 florian Exp $ +.\" +.\" Copyright (c) 2024 Florian Obser +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 30 2024 $ +.Dt DHCP6LEASED 8 +.Os +.Sh NAME +.Nm dhcp6leased +.Nd Dynamic Host Configuration Protocol (DHCPv6) client daemon for IPv6 prefix delegation +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is an IPv6 dynamic host configuration protocol (DHCPv6) daemon for clients. +It requests IPv6 prefix delegations from DHCPv6 servers for assignment +to downstream interfaces. +.Pp +DHCPv6 clients are identified by DHCPv6 Unique Identifiers (DUID). +.Nm +uses a DUID based on a random Universally Unique Identifier +(UUID). +The DUID is stored in +.Pa /var/db/dhcp6leased/uuid . +If the file does not exist or the UUID is not readable a new UUID is +generated. +.Pp +A running +.Nm +can be controlled with the +.Xr dhcp6leasectl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +Multiple +.Fl v +options increase the verbosity. +.El +.Sh FILES +.Bl -tag -width "/var/db/dhcp6leased/" -compact +.It Pa /dev/dhcp6leased.sock +.Ux Ns -domain +socket used for communication with +.Xr dhcp6leasectl 8 . +.It Pa /etc/dhcp6leased.conf +Default +.Nm +configuration file. +.It Pa /var/db/dhcp6leased/ Ns Aq Ar if +Interface specific lease files. +.It Pa /var/db/dhcp6leased/uuid +DUID to identify this client. +.El +.Sh SEE ALSO +.Xr dhcp6leased.conf 5 , +.Xr dhcp6leasectl 8 , +.Xr ifconfig 8 +.Sh STANDARDS +.Rs +.%A T. Mrugalski +.%A M. Siodelski +.%A B. Volz +.%A A. Yourtchenko +.%A M. Richardson +.%A S. Jiang +.%A T. Lemon +.%A T. Winters +.%D November 2018 +.%R RFC 8415 +.%T Dynamic Host Configuration Protocol for IPv6 (DHCPv6) +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 7.6 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Florian Obser Aq Mt florian@openbsd.org . diff --git a/static/openbsd/man8/dhcpd.8 b/static/openbsd/man8/dhcpd.8 new file mode 100644 index 00000000..2a26ce75 --- /dev/null +++ b/static/openbsd/man8/dhcpd.8 @@ -0,0 +1,524 @@ +.\" $OpenBSD: dhcpd.8,v 1.38 2025/06/14 12:45:39 kn Exp $ +.\" +.\" Copyright (c) 1995, 1996 The Internet Software Consortium. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of The Internet Software Consortium nor the names +.\" of its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND +.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR +.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" This software has been written for the Internet Software Consortium +.\" by Ted Lemon in cooperation with Vixie +.\" Enterprises. To learn more about the Internet Software Consortium, +.\" see ``http://www.isc.org/''. To learn more about Vixie +.\" Enterprises, see ``http://www.vix.com''. +.\" +.Dd $Mdocdate: June 14 2025 $ +.Dt DHCPD 8 +.Os +.Sh NAME +.Nm dhcpd +.Nd Dynamic Host Configuration Protocol (DHCP) daemon +.Sh SYNOPSIS +.Nm dhcpd +.Bk -words +.Op Fl dfnv +.Op Fl A Ar abandoned_ip_table +.Op Fl C Ar changed_ip_table +.Op Fl c Ar config-file +.Op Fl L Ar leased_ip_table +.Op Fl l Ar lease-file +.Op Fl u Ns Op Ar bind_address +.Op Fl Y Ar synctarget +.Op Fl y Ar synclisten +.Op Ar interface ... +.Ek +.Sh DESCRIPTION +.Nm +implements the Dynamic Host Configuration Protocol (DHCP) and the +Internet Bootstrap Protocol (BOOTP). +DHCP allows hosts on a TCP/IP network to request and be assigned IP addresses, +and also to discover information about the network to which they are attached. +BOOTP provides similar functionality, with certain restrictions. +.Pp +The DHCP protocol allows a host which is unknown to the network +administrator to be automatically assigned a new IP address out of a +pool of IP addresses for its network. +In order for this to work, the network administrator allocates address pools +in each subnet and enters them into the +.Xr dhcpd.conf 5 +file. +.Pp +On startup, +.Nm +reads the +.Pa dhcpd.conf +file and stores a list of available addresses on each subnet in memory. +When a client requests an address using the DHCP protocol, +.Nm +allocates an address for it. +Each client is assigned a lease, which expires after an amount of time +chosen by the administrator (by default, one day). +When a leased IP address is assigned to a new hardware address, +.Nm +may delete the leased address from certain +.Xr pf 4 +tables. +Before leases expire, the clients to which leases are assigned are expected +to renew them in order to continue to use the addresses. +Once a lease has expired, the client to which that lease was assigned is no +longer permitted to use the leased IP address. +.Pp +Whenever changes are made to the +.Pa dhcpd.conf +file, +.Nm +must be restarted. +.Pp +In order to keep track of leases across system reboots and server restarts, +.Nm +keeps a list of leases it has assigned in the +.Xr dhcpd.leases 5 +file. +Before +.Nm +grants a lease to a host, it records the lease in this file and makes sure +that the contents of the file are flushed to disk. +This ensures that even in the event of a system crash, +.Nm +will not forget about a lease that it has assigned. +On startup, after reading the +.Pa dhcpd.conf +file, +.Nm +reads the +.Pa dhcpd.leases +file to refresh its memory about what leases have been assigned. +.Pp +When +.Nm +starts up, it identifies all network interfaces, +eliminating non-broadcast interfaces if possible, +and listens for DHCP broadcasts on each interface. +The names of the network interfaces on which +.Nm +should listen for broadcasts may also be specified on the command line +on systems where +.Nm +is unable to identify non-broadcast interfaces. +.Pp +DHCP traffic always bypasses IPsec. +Otherwise there could be situations when a server has an IPsec SA for the +client and sends replies over that, +which a newly booted client would not be able to grasp. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A Ar abandoned_ip_table +When an address is abandoned for some reason, add it to the +.Xr pf 4 +table named +.Ar abandoned_ip_table . +This can be used to defend against machines "camping" on an address +without obtaining a lease. +When an address is properly leased, +.Nm +will remove the address from this table. +.It Fl C Ar changed_ip_table +When an address is leased to a different hardware address, delete it from the +.Xr pf 4 +table named +.Ar changed_ip_table . +This feature complements the overload table in a stateful +.Xr pf 4 +rule. +If a host appears to be misbehaving, it can be quarantined by using the +overload feature. +When the address is leased to a different machine, +.Nm +can remove the address from the overload table, thus allowing a well-behaved +machine to reuse the address. +.It Fl c Ar config-file +Use an alternate configuration file, +.Ar config-file . +Because of the importance of using the same lease database at all times when +running +.Nm +in production, this option should be used +.Em only +for testing database files in a non-production environment. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f +An alias for +.Fl d . +.It Fl L Ar leased_ip_table +When an address is leased, +.Nm +will insert it into the +.Xr pf 4 +table named +.Ar leased_ip_table . +Addresses are removed from the table when the lease expires. +Combined with the table of abandoned addresses, this can help enforce a +requirement to use DHCP on a network, or can place DHCP users in a different +class of service. +Users are cautioned against placing much trust in Ethernet or IP addresses; +.Xr ifconfig 8 +can be used to trivially change the interface's address, and on a busy DHCP +network, IP addresses will likely be quickly recycled. +.It Fl l Ar lease-file +Use an alternate lease file, +.Ar lease-file . +Because of the importance of using the same lease database at all times when +running +.Nm +in production, this option should be used +.Em only +for testing lease files in a non-production environment. +.It Fl n +Only test configuration, do not run +.Nm . +.It Fl u Ns Op Ar bind_address +Use a UDP socket instead of BPF for receiving and sending packets. +Only +.Dv DHCPINFORM +messages can be handled on this socket; +other messages are discarded. +With this option, +.Nm +can answer +.Dv DHCPINFORM +from clients on non Ethernet interfaces +such as +.Xr tun 4 +or +.Xr pppx 4 . +If +.Ar bind_address +is specified, +.Nm +will bind to that address; otherwise +the limited broadcast address (255.255.255.255) is used as the default. +.It Fl v +Produce more verbose output. +.It Fl Y Ar synctarget +Add target +.Ar synctarget +to receive synchronisation messages. +.Ar synctarget +can be either an IPv4 address for unicast messages +or a network interface name followed optionally by a colon and a numeric TTL +value for multicast messages to the group 224.0.1.240. +If the multicast TTL is not specified, a default value of 1 is used. +This option can be specified multiple times. +See also +.Sx SYNCHRONISATION +below. +.It Fl y Ar synclisten +Listen on +.Ar synclisten +for incoming synchronisation messages. +The format for +.Ar synclisten +is the same as for +.Ar synctarget , +above. +This option can be specified only once. +See also +.Sx SYNCHRONISATION +below. +.El +.Sh BOOTP +.Nm +also provides BOOTP support. +Unlike DHCP, the BOOTP protocol does not provide a protocol for recovering +dynamically-assigned addresses once they are no longer needed. +It is still possible to dynamically assign addresses to BOOTP clients, but +some administrative process for reclaiming addresses is required. +By default, leases are granted to BOOTP clients in perpetuity, although +the network administrator may set an earlier cutoff date or a shorter +lease length for BOOTP leases if that makes sense. +.Pp +BOOTP clients may also be served in the old standard way, which is +simply to provide a declaration in the +.Pa dhcpd.conf +file for each BOOTP client, permanently assigning an address to each client. +.Sh CONFIGURATION +The syntax of the +.Xr dhcpd.conf 5 +file is discussed separately. +This section should be used as an overview of the configuration process, +and the +.Xr dhcpd.conf 5 +documentation should be consulted for detailed reference information. +.Bl -tag -width 3n +.It Subnets +.Nm +needs to know the subnet numbers and netmasks of all subnets for +which it will be providing service. +In addition, in order to dynamically allocate addresses, it must be assigned +one or more ranges of addresses on each subnet which it can in turn assign +to client hosts as they boot. +Thus, a very simple configuration providing DHCP support might look like this: +.Bd -literal -offset indent +subnet 239.252.197.0 netmask 255.255.255.0 { + range 239.252.197.10 239.252.197.250; +} +.Ed +.Pp +Multiple address ranges may be specified like this: +.Bd -literal -offset indent +subnet 239.252.197.0 netmask 255.255.255.0 { + range 239.252.197.10 239.252.197.107; + range 239.252.197.113 239.252.197.250; +} +.Ed +.Pp +If a subnet will only be provided with BOOTP service and no dynamic +address assignment, the range clause can be left out entirely, but the +subnet statement must appear. +.It Lease Lengths +DHCP leases can be assigned almost any length from zero seconds to infinity. +What lease length makes sense for any given subnet, or for any given +installation, will vary depending on the kinds of hosts being served. +.Pp +For example, in an office environment where systems are added from +time to time and removed from time to time, but move relatively +infrequently, it might make sense to allow lease times of a month or more. +In a final test environment on a manufacturing floor, it may make more sense +to assign a maximum lease length of 30 minutes \- enough time to go through a +simple test procedure on a network appliance before packaging it up for +delivery. +.Pp +It is possible to specify two lease lengths: the default length that +will be assigned if a client doesn't ask for any particular lease +length, and a maximum lease length. +These are specified as clauses to the subnet command: +.Bd -literal -offset indent +subnet 239.252.197.0 netmask 255.255.255.0 { + range 239.252.197.10 239.252.197.107; + default-lease-time 600; + max-lease-time 7200; +} +.Ed +.Pp +This particular subnet declaration specifies a default lease time of +600 seconds (ten minutes), and a maximum lease time of 7200 seconds +(two hours). +Other common values would be 86400 (one day), 604800 (one week) +and 2592000 (30 days). +.Pp +Each subnet need not have the same lease \- in the case of an office +environment and a manufacturing environment served by the same DHCP +server, it might make sense to have widely disparate values for +default and maximum lease times on each subnet. +.It BOOTP Support +Each BOOTP client must be explicitly declared in the +.Xr dhcpd.conf 5 +file. +A very basic client declaration will specify the client network interface's +hardware address and the IP address to assign to that client. +If the client needs to be able to load a boot file from the server, +that file's name must be specified. +A simple BOOTP client declaration might look like this: +.Bd -literal -offset indent +host haagen { + hardware ethernet 08:00:2b:4c:59:23; + fixed-address 239.252.197.9; + filename "haagen.boot"; +} +.Ed +.It Options +DHCP (and also BOOTP with Vendor Extensions) provides a mechanism +whereby the server can provide the client with information about how +to configure its network interface (e.g., subnet mask), and also how +the client can access various network services (e.g., DNS, IP routers, +and so on). +.Pp +These options can be specified on a per-subnet basis and, for BOOTP +clients, also on a per-client basis. +In the event that a BOOTP client declaration specifies options that are +also specified in its subnet declaration, the options specified in the +client declaration take precedence. +A reasonably complete DHCP configuration might look something like this: +.Bd -literal -offset indent +subnet 239.252.197.0 netmask 255.255.255.0 { + range 239.252.197.10 239.252.197.250; + default-lease-time 600; + max-lease-time 7200; + option subnet-mask 255.255.255.0; + option broadcast-address 239.252.197.255; + option routers 239.252.197.1; + option domain-name-servers 239.252.197.2, 239.252.197.3; + option domain-name "isc.org"; +} +.Ed +.Pp +A BOOTP host on that subnet that needs to be in a different domain and +use a different name server might be declared as follows: +.Bd -literal -offset indent +host haagen { + hardware ethernet 08:00:2b:4c:59:23; + fixed-address 239.252.197.9; + filename "haagen.boot"; + option domain-name-servers 192.5.5.1; + option domain-name "vix.com"; +} +.Ed +.El +.Pp +A more complete description of the +.Pa dhcpd.conf +file syntax is provided in +.Xr dhcpd.conf 5 . +.Sh SYNCHRONISATION +.Nm +supports realtime synchronisation of the lease allocations to +a number of +.Nm +daemons running on multiple machines, +using the +.Fl Y +and +.Fl y +options. +.Pp +The following example will accept incoming multicast and unicast +synchronisation messages, and send outgoing multicast messages through +the network interface +.Ar em0 : +.Bd -literal -offset indent +# /usr/sbin/dhcpd -y em0 -Y em0 +.Ed +.Pp +The second example will increase the multicast TTL to a value of 2, +add the unicast targets +.Ar foo.somewhere.org +and +.Ar bar.somewhere.org , +and accept incoming unicast messages sent to +.Ar example.somewhere.org +only. +.Bd -literal -offset indent +# /usr/sbin/dhcpd -y example.somewhere.org -Y em0:2 \e + -Y foo.somewhere.org -Y bar.somewhere.org +.Ed +.Pp +If the file +.Pa /var/db/dhcpd.key +exists, +.Nm +will calculate the message-digest fingerprint (checksum) for the file +and use it as a shared key to authenticate the synchronisation messages. +The file itself can contain any data. +For example, to create a secure random key: +.Bd -literal -offset indent +# dd if=/dev/random of=/var/db/dhcpd.key bs=2048 count=1 +.Ed +.Pp +The file needs to be copied to all hosts +sending or receiving synchronisation messages. +.Pp +All hosts using synchronisation must use the same configuration in the +.Pa /etc/dhcpd.conf +file. +.Sh FILES +.Bl -tag -width "/var/db/dhcpd.leases~ " -compact +.It Pa /etc/dhcpd.conf +DHCPD configuration file. +.It Pa /var/db/dhcpd.leases +DHCPD lease file. +.El +.Sh SEE ALSO +.Xr pf 4 , +.Xr dhcpd.conf 5 , +.Xr dhcpd.leases 5 , +.Xr dhcpleased 8 , +.Xr dhcrelay 8 , +.Xr pxeboot 8 +.Sh STANDARDS +.Rs +.%A R. Droms +.%D October 1993 +.%R RFC 1534 +.%T Interoperation Between DHCP and BOOTP +.Re +.Pp +.Rs +.%A R. Droms +.%D March 1997 +.%R RFC 2131 +.%T Dynamic Host Configuration Protocol +.Re +.Pp +.Rs +.%A S. Alexander +.%A R. Droms +.%D March 1997 +.%R RFC 2132 +.%T DHCP Options and BOOTP Vendor Extensions +.Re +.Pp +.Rs +.%A T. Lemon +.%A S. Cheshire +.%D November 2002 +.%R RFC 3396 +.%T Encoding Long Options in the Dynamic Host Configuration Protocol (DHCPv4) +.Re +.Pp +.Rs +.%A T. Lemon +.%A S. Cheshire +.%A B. Volz +.%D December 2002 +.%R RFC 3442 +.%T The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4 +.Re +.Sh AUTHORS +.An -nosplit +.Nm +is based on software from the Internet Software Consortium, +written by +.An Ted Lemon Aq Mt mellon@vix.com +under a contract with Vixie Labs. +The current implementation was reworked for +.Ox +by +.An Henning Brauer Aq Mt henning@openbsd.org . +.Sh BUGS +We realize that it would be nice if one could send a +.Dv SIGHUP +to the server and have it reload the database. +This is not technically impossible, but it would require a great deal of work, +our resources are extremely limited, and they can be better spent elsewhere. +So please don't complain about this on the mailing list unless you're prepared +to fund a project to implement this feature, or prepared to do it yourself. diff --git a/static/openbsd/man8/dhcpleasectl.8 b/static/openbsd/man8/dhcpleasectl.8 new file mode 100644 index 00000000..e346dd06 --- /dev/null +++ b/static/openbsd/man8/dhcpleasectl.8 @@ -0,0 +1,71 @@ +.\" $OpenBSD: dhcpleasectl.8,v 1.6 2024/06/07 17:38:22 jmc Exp $ +.\" +.\" Copyright (c) 2021 Florian Obser +.\" Copyright (c) 2016 Kenneth R Westerback +.\" Copyright (c) 2004, 2005 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: June 7 2024 $ +.Dt DHCPLEASECTL 8 +.Os +.Sh NAME +.Nm dhcpleasectl +.Nd control the dhcpleased client +.Sh SYNOPSIS +.Nm +.Op Fl l +.Op Fl s Ar socket +.Op Fl w Ar maxwait +.Ar interface +.Sh DESCRIPTION +The +.Nm +program instructs the +.Xr dhcpleased 8 +daemon to request a new lease. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl l +List the configured lease on +.Ar interface +instead of requesting a new lease. +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /dev/dhcpleased.sock +to communicate with +.Xr dhcpleased 8 . +.It Fl w Ar maxwait +Specify the maximum number of seconds to wait for +.Ar interface +to be configured. +The default is 10 seconds. +.El +.Sh FILES +.Bl -tag -width "/dev/dhcpleased.sockXX" -compact +.It Pa /dev/dhcpleased.sock +.Ux Ns -domain +socket used for communication with +.Xr dhcpleased 8 . +.El +.Sh SEE ALSO +.Xr dhcpleased.conf 5 , +.Xr dhcpleased 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.9 . diff --git a/static/openbsd/man8/dhcpleased.8 b/static/openbsd/man8/dhcpleased.8 new file mode 100644 index 00000000..23c6c2ff --- /dev/null +++ b/static/openbsd/man8/dhcpleased.8 @@ -0,0 +1,122 @@ +.\" $OpenBSD: dhcpleased.8,v 1.7 2024/08/11 06:07:37 jmc Exp $ +.\" +.\" Copyright (c) 2021 Florian Obser +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 11 2024 $ +.Dt DHCPLEASED 8 +.Os +.Sh NAME +.Nm dhcpleased +.Nd Dynamic Host Configuration Protocol (DHCP) client +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is a dynamic host configuration protocol (DHCP) daemon for clients. +If an interface has the +.Sy AUTOCONF4 +flag set +(auto configuration is enabled), +.Nm +sends requests for IP configuration information from a DHCP server, +such as +.Xr dhcpd 8 , +and uses that information to configure the relevant interface. +.Pp +See +.Xr hostname.if 5 +and +.Xr ifconfig 8 +on how to enable auto configuration on an interface. +.Pp +.Nm +monitors network interface states (interface going up or down, +auto configuration enabled or disabled, etc.) and sends requests +when necessary. +A running +.Nm +can be controlled with the +.Xr dhcpleasectl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +Multiple +.Fl v +options increase the verbosity. +.El +.Sh FILES +.Bl -tag -width "/var/db/dhcpleased/" -compact +.It Pa /dev/dhcpleased.sock +.Ux Ns -domain +socket used for communication with +.Xr dhcpleasectl 8 . +.It Pa /etc/dhcpleased.conf +Default +.Nm +configuration file. +.It Pa /var/db/dhcpleased/ Ns Aq Ar if +Interface specific lease files. +.El +.Sh SEE ALSO +.Xr dhcpleased.conf 5 , +.Xr hostname.if 5 , +.Xr dhcpd 8 , +.Xr dhcpleasectl 8 , +.Xr ifconfig 8 +.Sh STANDARDS +.Rs +.%A R. Droms +.%D March 1997 +.%R RFC 2131 +.%T Dynamic Host Configuration Protocol +.Re +.Pp +.Rs +.%A S. Alexander +.%A R. Droms +.%D March 1997 +.%R RFC 2132 +.%T DHCP Options and BOOTP Vendor Extensions +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.9 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Florian Obser Aq Mt florian@openbsd.org . diff --git a/static/openbsd/man8/dhcrelay.8 b/static/openbsd/man8/dhcrelay.8 new file mode 100644 index 00000000..898484be --- /dev/null +++ b/static/openbsd/man8/dhcrelay.8 @@ -0,0 +1,173 @@ +.\" $OpenBSD: dhcrelay.8,v 1.19 2024/06/27 16:39:31 florian Exp $ +.\" +.\" Copyright (c) 1997 The Internet Software Consortium. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of The Internet Software Consortium nor the names +.\" of its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND +.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR +.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" This software has been written for the Internet Software Consortium +.\" by Ted Lemon in cooperation with Vixie +.\" Enterprises. To learn more about the Internet Software Consortium, +.\" see ``http://www.isc.org/isc''. To learn more about Vixie +.\" Enterprises, see ``http://www.vix.com''. +.\" +.Dd $Mdocdate: June 27 2024 $ +.Dt DHCRELAY 8 +.Os +.Sh NAME +.Nm dhcrelay +.Nd Dynamic Host Configuration Protocol (DHCP) relay agent +.Sh SYNOPSIS +.Nm +.Op Fl dor +.Op Fl C Ar circuit-id +.Op Fl R Ar remote-id +.Fl i Ar interface +.Ar destination ... +.Sh DESCRIPTION +The +.Nm +utility provides a means for relaying DHCP and BOOTP requests from a subnet +to which no DHCP server is directly connected to one or more DHCP servers on +other subnets. +.Pp +.Nm +listens for DHCP requests on a given interface. +When a query is received, +.Nm +forwards it to the list of DHCP destinations specified on the command line. +When a reply is received, it is broadcast or unicast on the network from +whence the original request came. +.Pp +The server might be a name, address or interface. +.Nm +will operate in layer 2 mode when the specified servers are interfaces, +otherwise it will operate in layer 3 mode. +.Pp +The name of at least one DHCP server to which DHCP and BOOTP requests +should be relayed, +as well as the name of the network interface that +.Nm +should attempt to configure, +must be specified on the command line. +.Pp +.Nm +supports relaying of DHCP traffic to configure IPsec tunnel mode +clients when listening on the +.Xr enc 4 +interface using layer 3 mode only. +The DHCP server has to support RFC 3046 to echo back the relay agent +information to allow stateless DHCP reply to IPsec tunnel mapping. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C Ar circuit-id +The +.Ar circuit-id +relay agent information sub-option value that +.Nm +should append on relayed packets. +If this option is not specified, it will use the interface number by default. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl i Ar interface +The name of the network interface that +.Nm +should attempt to configure. +For layer 3 mode at least one IPv4 address has to be configured on this +interface. +.It Fl o +Add the relay agent information option. +By default, this is only enabled for the +.Xr enc 4 +interface. +.It Fl R Ar remote-id +The +.Ar remote-id +relay agent information sub-option value that +.Nm +should append on relayed packets. +If this option is not specified, it will use the destination address by default. +.It Fl r +Replace incoming Relay Agent Information with the one configured. +.El +.Sh SEE ALSO +.Xr dhcpd 8 , +.Xr dhcpleased 8 +.Sh STANDARDS +.Rs +.%A R. Droms +.%D March 1997 +.%R RFC 2131 +.%T Dynamic Host Configuration Protocol +.Re +.Pp +.Rs +.%A S. Alexander +.%A R. Droms +.%D March 1997 +.%R RFC 2132 +.%T DHCP Options and BOOTP Vendor Extensions +.Re +.Pp +.Rs +.%A M. Patrick +.%D January 2001 +.%R RFC 3046 +.%T DHCP Relay Agent Information Option +.Re +.Pp +.Rs +.%A B. Patel +.%A B. Aboba +.%A S. Kelly +.%A V. Gupta +.%D January 2003 +.%R RFC 3456 +.%T Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode +.Re +.Sh AUTHORS +.An -nosplit +.Nm +was written by +.An Ted Lemon Aq Mt mellon@fugue.com . +.Pp +The current implementation was reworked by +.An Henning Brauer Aq Mt henning@openbsd.org . +.Sh BUGS +Relayed DHCP traffic could actually safely be protected by IPsec but, +like +.Xr dhcpd 8 +and +.Xr dhcpleased 8 , +.Nm +will bypass IPsec for all its traffic. diff --git a/static/openbsd/man8/dhcrelay6.8 b/static/openbsd/man8/dhcrelay6.8 new file mode 100644 index 00000000..d9ace0ff --- /dev/null +++ b/static/openbsd/man8/dhcrelay6.8 @@ -0,0 +1,200 @@ +.\" $OpenBSD: dhcrelay6.8,v 1.5 2025/05/16 03:49:38 kn Exp $ +.\" +.\" Copyright (c) 1997 The Internet Software Consortium. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of The Internet Software Consortium nor the names +.\" of its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND +.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR +.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" This software has been written for the Internet Software Consortium +.\" by Ted Lemon in cooperation with Vixie +.\" Enterprises. To learn more about the Internet Software Consortium, +.\" see ``http://www.isc.org/isc''. To learn more about Vixie +.\" Enterprises, see ``http://www.vix.com''. +.\" +.Dd $Mdocdate: May 16 2025 $ +.Dt DHCRELAY6 8 +.Os +.Sh NAME +.Nm dhcrelay6 +.Nd Dynamic Host Configuration Protocol for IPv6 (DHCPv6) relay agent +.Sh SYNOPSIS +.Nm +.Op Fl dlov +.Op Fl E Ar enterprise-number +.Op Fl I Ar interface-id +.Op Fl R Ar remote-id +.Fl i Ar interface +.Ar destination ... +.Sh DESCRIPTION +The +.Nm +utility provides a means for relaying DHCPv6 requests from a subnet to +which no DHCP server is directly connected to one or more DHCPv6 servers +on other subnets. +.Pp +.Nm +listens for DHCPv6 requests on a given interface. +When a query is received, +.Nm +forwards it to the list of DHCP destinations specified on the command +line. +When a reply is received, it is sent on the network from whence the +original request came. +.Pp +The +.Ar destination +might be an address followed by a `%' and an interface name, +or just an interface name (e.g. "2001:db8::1%em0" or "em1"). +When no address is specified, +.Nm +will use multicast on the specified interface. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl E Ar enterprise-number +Choose the +.Ar enterprise-number +that will be used by the Remote-ID option (this only has effect when using +.Fl R ) . +.It Fl I Ar interface-id +The +.Ar interface-id +relay agent information option value that +.Nm +should use on relayed packets. +If this option is not specified, it will use the interface name by +default. +.Pp +Avoid using this option when using Lightweight DHCPv6 Relay Mode +(layer 2 relay), otherwise +.Nm +will always send replies back to the client interface, which will break +networks with multiple DHCPv6 layer 2 relay agents. +.It Fl i Ar interface +The name of the network interface +which will receive client DHCPv6 requests. +For layer 3 mode at least one IPv6 local, site or global address has to +be configured on this interface. +.It Fl l +Use the Lightweight DHCPv6 Relay Agent mode (layer 2 relaying). +.It Fl o +Add the Interface-ID option. +This option is activated by default when using layer 2 relaying. +.It Fl R Ar remote-id +Enable and add the specified Relay Agent +.Ar remote-id +to identify this relay segment. +.It Fl v +Show verbose messages. +Implies +.Fl d . +.El +.Sh EXAMPLES +Relay multicast packets in the current network to a unicast address +(the relay must have a global address in em0): +.Pp +.Dl # dhcrelay6 -i em0 2001:db8::1000%em0 +.Pp +Listen to one subnet and multicast DHCPv6 packets to another +(requires at least link-local addresses): +.Pp +.Dl # dhcrelay6 -i em0 em1 +.Pp +Relay DHCPv6 packets with Interface-ID (option 18) using the input +interface as its content: +.Pp +.Dl # dhcrelay6 -o -i em0 2001:db8::1000%em0 +.Pp +Same thing as before but with a custom Interface-ID: +.Pp +.Dl # dhcrelay6 -o -I \(dqOpenBSD Router 1\(dq -i em0 2001:db8::1000%em0 +.Pp +Use Lightweight DHCPv6 Relay Agent (layer 2 relay) in a bridged or +switched network (no IPv6 address required). +Only makes sense when em0 and em1 are configured in a +.Xr bridge 4 , +since +.Nm +needs to drop the original DHCPv6 packets and send modified ones with +Interface-ID option. +.Pp +.Dl # dhcrelay6 -l -i em0 em1 +.Pp +Identify a segment using Lightweight DHCPv6 Relay Agent (layer 2 relay) +with a Remote-ID (option 37) instead of an Interface-ID: +.Pp +.Dl # dhcrelay6 -l -R \&"OpenBSD Router A\&" -i em0 em1 +.Sh SEE ALSO +.Xr bridge 4 , +.Xr dhcrelay 8 +.Sh STANDARDS +.Rs +.%A R. Droms +.%A J. Bound +.%A B. Volz +.%A T. Lemon +.%A C. Perkins +.%A M. Carney +.%D July 2003 +.%R RFC 3315 +.%T Dynamic Host Configuration Protocol for IPv6 (DHCPv6) +.Re +.Pp +.Rs +.%A B. Volz +.%D August 2006 +.%R RFC 4649 +.%T Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Relay Agent Remote-ID Option +.Re +.Pp +.Rs +.%A D. Miles +.%A S. Ooghe +.%A W. Dec +.%A S. Krishnan +.%A A. Kavanagh +.%D May 2011 +.%R RFC 6221 +.%T Lightweight DHCPv6 Relay Agent +.Re +.Sh AUTHORS +.An -nosplit +.Xr dhcrelay 8 +was written by +.An Ted Lemon Aq Mt mellon@fugue.com +and reworked by +.An Henning Brauer Aq Mt henning@openbsd.org . +.Pp +IPv6 support was implemented by +.An Rafael Zalamena Aq Mt rzalamena@openbsd.org . diff --git a/static/openbsd/man8/disklabel.8 b/static/openbsd/man8/disklabel.8 new file mode 100644 index 00000000..c8bd457a --- /dev/null +++ b/static/openbsd/man8/disklabel.8 @@ -0,0 +1,611 @@ +.\" $OpenBSD: disklabel.8,v 1.159 2026/04/12 12:48:14 jsg Exp $ +.\" $NetBSD: disklabel.8,v 1.9 1995/03/18 14:54:38 cgd Exp $ +.\" +.\" Copyright (c) 1987, 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Symmetric Computer Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)disklabel.8 8.2 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: April 12 2026 $ +.Dt DISKLABEL 8 +.Os +.Sh NAME +.Nm disklabel +.Nd read and write disk pack label +.Sh SYNOPSIS +.Nm disklabel +.Op Fl Acdtv +.Op Fl h | p Ar unit +.Op Fl T Ar file +.Ar disk +.Nm disklabel +.Fl w +.Op Fl Acdnv +.Op Fl T Ar file +.Ar disk disktype +.Op Ar packid +.Nm disklabel +.Fl e +.Op Fl Acdnv +.Op Fl T Ar file +.Ar disk +.Nm disklabel +.Fl E +.Op Fl Acdnv +.Op Fl F Ns | Ns Fl f Ar file +.Op Fl T Ar file +.Ar disk +.Nm disklabel +.Fl R +.Op Fl nv +.Op Fl F Ns | Ns Fl f Ar file +.Ar disk protofile +.Sh DESCRIPTION +The +.Nm +utility can be used to install, examine, or modify the label on a disk drive or +pack. +The disk label contains information about disk characteristics +.Pq size, type, etc. +and the partition layout, stored on the disk itself. +It is used by the operating system to optimize disk I/O and +locate the filesystems resident on the disk. +.Pp +.Nm +supports 15 configurable partitions, +.Sq a +through +.Sq p , +excluding +.Sq c . +The +.Sq c +partition describes the entire physical disk, is automatically created +by the kernel, and cannot be modified or deleted by +.Nm . +By convention, the +.Sq a +partition of the boot disk is the root partition, and the +.Sq b +partition of the boot disk is the swap partition, +but all other letters can be used in any order for any other +partitions as desired. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +Automatically allocate all the disk space in the +.Ox +portion of the disk in the recommended manner. +See +.Sx AUTOMATIC DISK ALLOCATION , +below. +.It Fl c +Clear the system's in-core copy of the label and update it based on +the on-disk label. +.It Fl d +Use the +.Em default +label. +This ignores any existing +.Ox +disk label on the disk. +.It Fl E +Use the built-in command-driven label editor described below. +.It Fl e +Edit an existing disk label using the editor specified in the +.Ev EDITOR +environment variable, or +.Xr vi 1 +if none is specified. +.It Fl F Ar file +Write entries to +.Ar file +in +.Xr fstab 5 +format for any partitions for which mount point information is known. +The entries will be written using disklabel UIDs. +The +.Fl F +flag is only valid when used in conjunction with the +.Fl E +or +.Fl R +flags. +If +.Ar file +already exists, it will be overwritten. +.It Fl f Ar file +The same as +.Fl F +except that entries will be written using disk device names. +.It Fl h +Print partition sizes in human readable format. +.It Fl n +Make no permanent changes to the disklabel +.Pq useful for debugging purposes . +.It Fl p Ar unit +Print partition sizes in +.Ar unit +instead of sectors. +Valid units are b(ytes), c(ylinders), k(ilobytes), m(egabytes), g(igabytes) +and t(erabytes). +.It Fl R +Restore a disk label that was formatted in a prior operation and +saved in an ASCII file. +.It Fl T Ar file +Read the template for automatic allocation from +.Ar file +instead of using the builtin one. +See +.Sx AUTOMATIC DISK ALLOCATION +below for the format. +If +.Ar file +is a single dash +.Pq Sq - , +the template is read from the standard input. +.It Fl t +Format the label as a +.Xr disktab 5 +entry. +.It Fl v +Print additional information during operation +.Pq verbose mode . +.It Fl w +Write a standard label on the designated drive. +.It Ar disk +Specify the +.Ar disk +to operate on. +It can be specified by its full pathname, by an abbreviated disk form, +or by its disklabel UID. +In its abbreviated form, the path to the device, the +.Sq r +denoting +.Qq raw device , +and the partition letter, can all be omitted. +For example, the first IDE disk can be specified as either +.Pa /dev/rwd0c , +.Pa /dev/wd0c , +or +.Ar wd0 . +.It Ar disktype +Specify a +.Ar disktype +entry from the +.Xr disktab 5 +database. +.It Ar packid +Specify a pack identification string for the device +.Pq see below . +.It Ar protofile +Used with the restore option +.Pq Fl R +to specify a file to read an ASCII label from. +.El +.Pp +The first form of the command +.Pq read +is used to examine the label on the named disk drive. +It will display all of the parameters associated with the drive +and its partition layout. +The kernel's in-core copy of the label is displayed; if +the disk has no label, or the partition types on the disk are +incorrect, the kernel may have constructed or modified the label. +.Pp +The second form of the command +.Pq write +is used to write a standard label on the designated drive. +The drive parameters and partitions are taken from that file. +If different disks of the same physical type are +to have different partitions, it will be necessary to have separate +disktab entries describing each, or to edit the label after +installation as described below. +The optional argument is a pack +identification string, up to 16 characters long. +The pack ID must be quoted if it contains blanks. +The existing label will be updated via the in-core +copy. +.Pp +In the third form of the command +.Pq edit , +the label is read from the in-core kernel copy +and then supplied to an editor for changes. +If no editor is specified in an +.Ev EDITOR +environment variable, +.Xr vi 1 +is used. +When the editor terminates, the formatted label is reread and +used to rewrite the disk label. +.Pp +The built-in label editor +.Pq fourth form +provides a simple interactive label editor. +The editor prompt contains information about the state of the edit +process. +.Pp +.Dl Ar disk Ns *> +.Pp +Where +.Ar disk +is the name of the disk being edited, +.Sq * +means that the in-memory copy of the partition table has been modified but +not yet written to disk. +.Pp +Some commands or prompts take an optional unit. +Available units are +.Sq b +for bytes, +.Sq c +for cylinders, +.Sq k +for kilobytes, +.Sq m +for megabytes, +.Sq g +for gigabytes, +and +.Sq t +for terabytes. +If no unit is given, the default is to use sectors +(usually 512 bytes). +.Pp +Quantities are rounded to the nearest +cylinder when units are specified for sizes +.Pq or offsets . +At prompts that request a size, +.Ql * +may be entered to indicate the rest of the available space, +.Sq % +for percentage of total, and +.Sq & +for percentage free. +Commands may be aborted by entering +.Ql ^D +.Pq Control-D . +Entering +.Ql ^D +at the main prompt will exit the editor. +.Pp +The editor commands are as follows: +.Bl -tag -width "p [unit] " +.It Cm \&? | h +Display help message with all available commands. +There is also +.Pq simple +context-sensitive help available at most prompts. +.It Cm A +Allocate all the disk space in the recommended manner. +See +.Sx AUTOMATIC DISK ALLOCATION , +below. +.It Cm a Op Ar part +Add new partition. +This option adds a new partition to the disk label. +If no partition letter is specified +.Pq a\-p , +the user will be prompted for one. +.It Cm b +Set +.Ox +disk boundaries. +This option tells +.Nm +which parts of the disk it is allowed to modify. +This option is probably only useful for ports with +.Xr fdisk 8 +partition tables where the ending sector in the MBR is incorrect. +The user may enter +.Ql * +at the +.Dq Size +prompt to indicate the entire size of the disk +.Pq minus the starting sector . +This is useful for disks where the +fdisk partition table is incapable of storing the real size. +Note: data may become corrupted if boundaries are extended such +that they overlap with other resident operating systems. +.It Cm c Op Ar part +Change the size of an existing partition. +If no partition is specified, the user will be prompted for one. +The new size may be +in terms of the aforementioned units and may also be prefixed with +.Ql + +or +.Ql - +to change the size by a relative amount. +.It Cm D +Sets the disk label to the default values as reported by the kernel. +This simulates the case where there is no disk label. +.It Cm d Op Ar part +Delete an existing partition (or +.Ql * +to delete all partitions). +If no partition is specified, the user will be prompted for one. +.It Cm e +Edit label description, e.g. 'UMIS RPJTJ256MED'. +.It Cm i +Change the disklabel UID, specified as a 16-character hexadecimal string. +If set to all zeros, a new UID will automatically be allocated when the +disklabel is written to disk. +.It Cm l Op Ar unit +Print the disk label header. +.It Cm M +Display this manual page. +The manual page is piped through the pager specified by the +.Ev PAGER +environment variable or 'less' if +.Ev PAGER +is not set. +.It Cm m Op Ar part +Modify parameters for an existing partition. +If no partition is specified, the user will be prompted for one. +This option allows +the user to change the filesystem type, starting offset, partition size, +and mount point for the specified partition. +.It Cm n Op Ar part +Name the mount point for an existing partition. +If no partition is specified, the user will be prompted for one. +This option is only valid if +.Nm +was invoked with the +.Fl f +flag. +.It Cm p Op Ar unit +Print the current partition list. +If a +.Em unit +is given, the size and offsets are displayed in terms of the +specified unit. +If the unit is +.Sq * , +it is automatically determined by the size of the smallest +partition. +.It Cm q +Quit the editor. +If any changes have been made, the user will be +asked whether or not to save the changes to the on-disk label. +.It Cm R Op Ar part +Resize a partition in an automatically allocated label, +compacting unused space between partitions with a higher offset. +The last partition will be shrunk if necessary. +Works only for automatically allocated labels with no spoofed partitions. +.It Cm r +Recalculate free space. +This command displays all the free areas on the disk and the total +number of free sectors. +.It Cm s Op Ar path +Save the label to a file in ASCII format (suitable for loading via the +.Fl R +option). +If no path is specified, the user will be prompted for one. +.It Cm U +Undo all changes made since entering the editor. +.It Cm u +Undo +.Pq or redo +last change. +Entering +.Em u +once will undo the last change. +Entering it again will restore the change. +.It Cm w +Write the label to disk. +This option will commit any changes to the on-disk label. +.It Cm x +Exit the editor without saving any changes to the on-disk label. +.It Cm z +Zero out the existing partition table and mount point information, +leaving only the 'c' partition. +The drive parameters are not changed. +.El +.Pp +In the restore form of the command +.Pq fifth form , +the prototype file used to create the label should be in the same format +as that produced when reading or editing a label. +Comments are delimited by +.Ar # +and newline. +.Pp +Note that when a disk has no real +.Bx +disklabel, the kernel creates a +default label so that the disk can be used. +This default label will include other partitions found on the disk if +they are supported on your architecture. +For example, on systems that support +.Xr fdisk 8 +partitions the default label will also include DOS and Linux partitions. +However, these entries are not dynamic, they are fixed at the time +.Nm +is run. +That means that subsequent changes that affect +.Pf non- Ox +partitions will not be present in the default label, +though they may be updated by hand. +To see the default label, run +.Nm +with the +.Fl d +flag. +.Nm +can then be run with the +.Fl e +flag and any entries pasted as desired from the default label into the real one. +.Sh AUTOMATIC DISK ALLOCATION +The +.Fl A +option and the editor command +.Cm A +create disklabels that distribute a disk's free space into a set of +partitions appropriate for an +.Ox +installation. +The exact set of partitions created depends on available free space, +how fragmented the free space is +and some machine dependent variables, but will be approximately: +.Bl -column "/usr/X11R6" \ +"999MB \(en 999MB" "999MB \(en 999MB" "999MB \(en 999MB" \ +"< 700MB" +.It \ +Ta Sy > 10GB Free Ta Sy > 2.5GB Ta Sy > 700MB Ta \ +Sy < 700MB +.It Sy / \ +Ta 150MB \(en \0\01GB Ta 800MB \(en \0\02GB Ta 700MB \(en \0\04GB Ta \ +1MB \(en 2GB +.It Sy swap \ +Ta \080MB \(en 256MB Ta \080MB \(en 256MB Ta \0\01MB \(en 256MB Ta +.It Sy /usr \ +Ta 1.5GB \(en \030GB Ta 1.5GB \(en \030GB Ta Ta +.It Sy /home \ +Ta \0\01GB \(en 300GB Ta 256MB \(en \0\02GB Ta Ta +.It Sy /tmp \ +Ta 120MB \(en \0\04GB Ta Ta Ta +.It Sy /var \ +Ta \080MB \(en \0\04GB Ta Ta Ta +.It Sy /usr/X11R6 \ +Ta 384MB \(en \0\01GB Ta Ta Ta +.It Sy /usr/local \ +Ta \0\01GB \(en \020GB Ta Ta Ta +.It Sy /usr/src \ +Ta \0\02GB \(en \0\05GB Ta Ta Ta +.It Sy /usr/obj \ +Ta \0\08GB \(en \010GB Ta Ta Ta +.El +.Pp +The +.Fl A +option displays the partition set that would be created and +.Fl wA +writes it to disk. +.Pp +The default set can be overridden with +.Fl T . +Each line of input uses three fields to describe a partition. +There must not be whitespace before the first field, +fields are separated by whitespace and fields cannot contain whitespace. +.Pp +The first field is the partition's mount point or one of the +special tokens +.Sq RAID +or +.Sq SWAP . +.Pp +The second field is the partition size. +This can be +.Sq * +to make the partition as large as possible, +an exact size (e.g. 1G) or a size range +(e.g. 1M-10G or 1G-*). +.Pp +The third field is the partition's share of any space left after all +minimum sizes are accounted for. +This is expressed as a percentage from 0 (the default) to 100 +(e.g. 37%). +The last partition receives all remaining free space up to its +maximum size no matter what percentage is specified. +.Sh FILES +.Bl -tag -width "/etc/disktabXXX" +.It Pa /etc/disktab +Disk description file. +.El +.Sh EXAMPLES +Display, respectively, the current label, the default label and the +default auto allocation for sd0: +.Bd -literal -offset indent +# disklabel sd0 +# disklabel -d sd0 +# disklabel -A sd0 +.Ed +.Pp +Write the default auto allocation to sd0: +.Pp +.Dl # disklabel -wA sd0 +.Pp +Edit the label for the disk with DUID 3eb7f9da875cb9ee: +.Pp +.Dl # disklabel -E 3eb7f9da875cb9ee +.Pp +Restore the label for sd0 from information in +.Pa mylabel : +.Pp +.Dl # disklabel -R sd0 mylabel +.Pp +Put largest contiguous area of free space on sd0 into a single RAID partition: +.Dl # echo 'RAID *' | disklabel -wAT- sd0 +.Pp +Write the auto allocation defined in +.Pa /template +to sd0: +.Pp +.Dl # disklabel -wAT/template sd0 +.Pp +A template file that results in an auto allocation similar to the +default one for a disk with 5GB of free space is: +.Bl -column /home 1300MM256M 75% -offset indent +.It / Ta \0800M\(en2G Ta \05% +.It swap Ta \0\080M\(en256M Ta 10% +.It /usr Ta 1300M\(en\)3G Ta 75% +.It /home Ta \0256M\(en2G Ta 10% +.El +.Sh DIAGNOSTICS +The kernel device drivers will not allow the size of a disk partition +to be decreased or the offset of a partition to be changed while +it is open. +Some device drivers create a label containing only a +single large partition if a disk is unlabeled; thus, the label must +be written to the +.Sq a +partition of the disk while it is open. +This sometimes requires the desired label to be set in two steps, +the first one creating at least one other partition, and the second +setting the label on the new partition while shrinking the +.Sq a +partition. +.Sh SEE ALSO +.Xr softraid 4 , +.Xr disklabel 5 , +.Xr disktab 5 , +.Xr installboot 8 , +.Xr scan_ffs 8 +.Sh HISTORY +The +.Nm +utility appeared in +.Bx 4.3 Tahoe . +.Sh CAVEATS +The maximum disk and partition size is 64PB. +.Pp +On some machines, such as Sparc64, partition tables +may not exhibit the full functionality described above. diff --git a/static/openbsd/man8/dmesg.8 b/static/openbsd/man8/dmesg.8 new file mode 100644 index 00000000..06071500 --- /dev/null +++ b/static/openbsd/man8/dmesg.8 @@ -0,0 +1,85 @@ +.\" $OpenBSD: dmesg.8,v 1.18 2024/06/30 23:44:49 jsg Exp $ +.\" $NetBSD: dmesg.8,v 1.9 1995/03/18 14:54:47 cgd Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)dmesg.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd $Mdocdate: June 30 2024 $ +.Dt DMESG 8 +.Os +.Sh NAME +.Nm dmesg +.Nd display the system message buffer +.Sh SYNOPSIS +.Nm dmesg +.Op Fl s +.Op Fl M Ar core +.Op Fl N Ar system +.Sh DESCRIPTION +.Nm +displays the contents of the system message buffer. +It is most commonly used to review system startup messages. +On some systems the message buffer can survive reboot and be +retained (in the hope of exposing information from a crash). +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl M Ar core +Extract values associated with the name list from the specified +.Ar core +instead of the default +.Pa /dev/kmem . +.It Fl N Ar system +Extract the name list from the specified +.Ar system +instead of the default +.Pa /bsd . +.It Fl s +Display the contents of the console message buffer instead. +This can be used to review +.Xr rc 8 +system startup messages. +This option is limited to the superuser. +.El +.Sh FILES +.Bl -tag -width /var/run/dmesg.boot -compact +.It Pa /var/run/dmesg.boot +copy of +.Nm +saved by +.Xr rc 8 +at boot time +.El +.Sh SEE ALSO +.Xr syslogd 8 +.Sh HISTORY +The +.Nm +command appeared in +.At v7 . diff --git a/static/openbsd/man8/dump.8 b/static/openbsd/man8/dump.8 new file mode 100644 index 00000000..22c0c8e8 --- /dev/null +++ b/static/openbsd/man8/dump.8 @@ -0,0 +1,492 @@ +.\" $OpenBSD: dump.8,v 1.56 2022/10/13 21:37:05 jmc Exp $ +.\" $NetBSD: dump.8,v 1.17 1997/06/05 11:15:06 lukem Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)dump.8 8.1 (Berkeley) 6/16/93 +.\" +.Dd $Mdocdate: October 13 2022 $ +.Dt DUMP 8 +.Os +.Sh NAME +.Nm dump , +.Nm rdump +.Nd filesystem backup +.Sh SYNOPSIS +.Nm dump +.Bk -words +.Op Fl 0123456789acnSuWw +.Op Fl B Ar records +.Op Fl b Ar blocksize +.Op Fl d Ar density +.Op Fl f Ar file +.Op Fl h Ar level +.Op Fl s Ar feet +.Op Fl T Ar date +.Ar files-to-dump +.Ek +.Sh DESCRIPTION +.Nm +examines files +on a filesystem +and determines which files +need to be backed up. +These files are copied to the given disk, tape or other +storage medium for safe keeping. +A dump that is larger than the output medium is broken into +multiple volumes. +On most media the size is determined by writing until an +end-of-media indication is returned. +This can be enforced by using the +.Fl a +option. +.Pp +.Nm +works across networks, +replacing the functionality of the old +.Nm rdump +program +(though +.Nm +may still be invoked as +.Nm rdump ) . +See the +.Fl f +option for more on writing backups to remote hosts. +.Pp +Files can be marked with the +.Dq nodump +flag using +.Xr chflags 1 , +settable only by the file's owner or the superuser. +Files with this flag set will only be dumped during full backups. +When set on a directory, +.Dq nodump +effectively deselects the whole subtree from being dumped, +though it will still be scanned. +See also the +.Fl h +option, below. +.Pp +On media that cannot reliably return an end-of-media indication +(such as some cartridge tape drives), +each volume is of a fixed size; +the actual size is determined by the tape size, density and/or +block count options below. +By default, the same output file name is used for each volume +after prompting the operator to change media. +.Pp +Rewinding or ejecting tape features after a close operation on +a tape device depend on the name of the tape unit device used. +See the +.Fl f +option and +.Xr st 4 +for more information. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 0\-9 +Dump levels. +A level 0, full backup, +guarantees the entire file system is copied +(but see also the +.Fl h +option below). +A level number above 0, +incremental backup, +tells +.Nm +to +copy all files new or modified since the +last dump of a lower level. +The default level is 0. +.It Fl a +.Dq auto-size . +Bypass all tape length considerations, and enforce writing until +an end-of-media indication is returned. +This option is recommended for most modern tape drives. +Use of this option is particularly +recommended when appending to an existing tape, or using a tape +drive with hardware compression (where you can never be sure about +the compression ratio). +.It Fl B Ar records +The number of kilobytes per volume, rounded +down to a multiple of the blocksize. +This option overrides the calculation of tape size +based on length and density. +.It Fl b Ar blocksize +The number of kilobytes per dump record. +Since the I/O system slices all requests into chunks of MAXBSIZE +(typically 64KB), it is not possible to use a larger blocksize +without having problems later with +.Xr restore 8 . +Therefore +.Nm +will constrain writes to MAXBSIZE. +.It Fl c +Change the defaults for use with a cartridge tape drive, with a density +of 8000 bpi, and a length of 1700 feet. +.It Fl d Ar density +Set tape density to +.Ar density . +The default is 1600BPI. +.It Fl f Ar file +Write the backup to +.Ar file ; +.Ar file +may be a special device file +like +.Pa /dev/rst0 +(a tape drive), +.Pa /dev/rsd1c +(a disk drive), +an ordinary file, +or +.Sq - +(the standard output). +See also the +.Ev TAPE +environment variable, below. +.Pp +Multiple file names may be given as a single argument separated by commas. +Each file will be used for one dump volume in the order listed; +if the dump requires more volumes than the number of names given, +the last file name will be used for all remaining volumes after prompting +for media changes. +If the name of the file is of the form +.Dq host:file +or +.Dq user@host:file , +.Nm +writes to the named file on the remote host using +.Xr rmt 8 . +.It Fl h Ar level +Honor the user +.Dq nodump +flag (see above), +only for dumps at or above the given +.Ar level . +The default honor level is 1, +so that incremental backups omit such files +but full backups retain them. +.It Fl n +Whenever +.Nm +requires operator attention, +notify all operators in the group +.Dq operator +by means similar to a +.Xr wall 1 . +.It Fl S +Display an estimate of the backup size and the number of tapes +required, and exit without actually performing the dump. +.It Fl s Ar feet +Attempt to calculate the amount of tape needed +at a particular density. +If this amount is exceeded, +.Nm +prompts for a new tape. +It is recommended to be a bit conservative on this option. +The default tape length is 2300 feet. +.It Fl T Ar date +Use the specified date as the starting time for the dump +instead of the time determined from looking in +.Pa /etc/dumpdates . +The format of +.Ar date +is the same as that of +.Xr ctime 3 . +This option is useful for automated dump scripts that wish to +dump over a specific period of time. +The +.Fl T +flag is mutually exclusive from the +.Fl u +flag. +.It Fl u +Update the file +.Pa /etc/dumpdates +after a successful dump. +The format of +.Pa /etc/dumpdates +is human readable, consisting of one +free format record per line: +filesystem name (defaults to +.Xr disklabel 8 +UID when possible), +increment level +and +.Xr ctime 3 +format dump date. +There may be only one entry per filesystem at each level. +The file +.Pa /etc/dumpdates +may be edited to change any of the fields, +if necessary. +If a list of files or subdirectories is being dumped +(as opposed to an entire filesystem), then +.Fl u +is ignored. +.It Fl W +.Nm +tells the operator what file systems need to be dumped. +This information is gleaned from the files +.Pa /etc/dumpdates +and +.Pa /etc/fstab . +The +.Fl W +flag causes +.Nm +to print out, for each file system in +.Pa /etc/dumpdates , +the most recent dump date and level, +and highlights those file systems that should be dumped. +If the +.Fl W +flag is set, all other options are ignored, and +.Nm +exits immediately. +.It Fl w +Same as +.Fl W , +but prints only those filesystems which need to be dumped. +.El +.Pp +.Ar files-to-dump +is either a mount point of a filesystem +or a list of files and directories on a single filesystem to be backed +up as a subset of the filesystem. +In the former case, either the path to a mounted filesystem, +the device of an unmounted filesystem or the +.Xr disklabel 8 +UID can be used. +In the latter case, certain restrictions are placed on the backup: +.Fl u +is ignored, the only dump level that is supported is +.Fl 0 , +and all of the files must reside on the same filesystem. +If no options are specified, the first of the +.Ar files-to-dump +must contain a +.Ql / +character to prevent it from being interpreted as a +.Bx 4.3 +option string. +.Pp +.Nm +requires operator intervention on these conditions: +end of tape, +end of dump, +tape write error, +tape open error or +disk read error (if there is more than a threshold of 32). +In addition to alerting all operators implied by the +.Fl n +flag, +.Nm +interacts with the operator on +.Nm dump Ns 's +controlling terminal at times when +.Nm +can no longer proceed, +or if something is grossly wrong. +All questions +.Nm +poses +.Em must +be answered by typing +.Dq yes +or +.Dq no , +appropriately. +.Pp +Since making a dump involves a lot of time and effort for full dumps, +.Nm +checkpoints itself at the start of each tape volume. +If writing that volume fails for some reason, +.Nm +will, +with operator permission, +restart itself from the checkpoint +after the old tape has been rewound and removed, +and a new tape has been mounted. +.Pp +.Nm +tells the operator what is going on at periodic intervals, +including usually low estimates of the number of blocks to write, +the number of tapes it will take, the time to completion, and +the time to the tape change. +The output is verbose, +so that others know that the terminal +controlling +.Nm +is busy, +and will be for some time. +.Pp +If +.Nm +receives a +.Dv SIGINFO +signal +(see the +.Dq status +argument of +.Xr stty 1 ) +whilst a backup is in progress, statistics on the amount completed, +current transfer rate, and estimated finished time, will be written +to the standard error output. +.Pp +In the event of a catastrophic disk event, the time required +to restore all the necessary backup tapes or files to disk +is dependent on the levels of the dumps taken. +A few methods of staggering incremental dumps to either minimize +backup effort or restore effort follow: +.Bl -bullet -offset indent +.It +Always start with a level 0 backup, for example: +.Bd -literal -offset indent +# /sbin/dump -0u -f /dev/nrst1 /usr/src +.Ed +.Pp +This should be done at set intervals, say once a month or once every two months, +and on a set of fresh tapes that is saved forever. +.It +After the level 0 dump, +backups of active file systems are taken on each day in a cycle of a week. +Once a week, a level 1 dump is taken. +The other days of the week a higher level dump is done. +.Pp +The following cycle needs at most three tapes to restore to a given point +in time, +but the dumps at the end of the weekly cycle will require more +time and space: +.Bd -literal -offset indent +1 2 2 2 2 2 2 +.Ed +.Pp +This sequence requires at most eight tapes to restore, +but the size of the individual dumps will be smaller: +.Bd -literal -offset indent +1 2 3 4 5 6 7 +.Ed +.Pp +This sequence seeks a compromise between backup and restore effort: +.Bd -literal -offset indent +1 2 2 3 3 4 4 +.Ed +.Pp +The weekly level 1 dumps should be done on a set of tapes that +is used cyclically. +For the daily dumps a tape per day of the week can be used. +.It +After several months or so, the daily and weekly tapes should get +rotated out of the dump cycle and fresh tapes brought in. +.El +.Sh ENVIRONMENT +.Bl -tag -width /etc/dumpdates +.It Ev TAPE +The default file to use instead of +.Pa /dev/rst0 . +See also +.Fl f , +above. +.El +.Sh FILES +.Bl -tag -width /etc/dumpdates -compact +.It Pa /dev/rst0 +default tape unit to dump to +.It Pa /dev/rst* +raw SCSI tape interface +.It Pa /etc/dumpdates +dump date records +.It Pa /etc/fstab +dump table: file systems and frequency +.It Pa /etc/group +to find group +.Em operator +.El +.Sh EXIT STATUS +.Nm +exits with zero status on success. +Startup errors are indicated with an exit code of 1; +abnormal termination is indicated with an exit code of 3. +.Sh DIAGNOSTICS +Many, and verbose. +.Sh SEE ALSO +.Xr chflags 1 , +.Xr stty 1 , +.Xr fts_open 3 , +.Xr rcmd 3 , +.Xr st 4 , +.Xr fstab 5 , +.Xr restore 8 , +.Xr rmt 8 +.Sh HISTORY +A +.Nm +command appeared in +.At v4 . +.Pp +The +.Bx 4.3 +option syntax is implemented for backward compatibility but +is not documented here. +.Sh BUGS +Fewer than 32 read errors on the filesystem are ignored. +.Pp +Each reel requires a new process, so parent processes for +reels already written just hang around until the entire tape +is written. +.Pp +.Nm +with the +.Fl W +or +.Fl w +flag does not report filesystems that have never been recorded +in +.Pa /etc/dumpdates , +even if listed in +.Pa /etc/fstab . +.Pp +When dumping a list of files or subdirectories, access privileges are +required to scan the directory (as this is done via the +.Xr fts_open 3 +routines rather than directly accessing the filesystem). +.Pp +It would be nice if +.Nm +knew about the dump sequence, +kept track of the tapes scribbled on, +told the operator which tape to mount when, +and provided more assistance +for the operator running +.Xr restore 8 . diff --git a/static/openbsd/man8/dumpfs.8 b/static/openbsd/man8/dumpfs.8 new file mode 100644 index 00000000..75c6cb4a --- /dev/null +++ b/static/openbsd/man8/dumpfs.8 @@ -0,0 +1,80 @@ +.\" $OpenBSD: dumpfs.8,v 1.10 2007/05/31 19:19:44 jmc Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)dumpfs.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt DUMPFS 8 +.Os +.Sh NAME +.Nm dumpfs +.Nd dump file system information +.Sh SYNOPSIS +.Nm dumpfs +.Op Fl m +.Ar filesys | device +.Sh DESCRIPTION +.Nm +prints out the super block and cylinder group information +for the file system or special device specified, unless +.Fl m +is specified. +The listing is very long and detailed. +.Pp +.Nm +is useful mostly for finding out certain file system +information such as the file system block size, minimum +free space percentage, and the file system level that +can be upgraded with the +.Fl c +option of +.Xr fsck_ffs 8 . +All of this information can be found within the first twenty +lines of the output. +.Pp +If +.Fl m +is specified, a +.Xr newfs 8 +command is output that can be used to generate a new file system +with equivalent settings. +.Sh SEE ALSO +.Xr disktab 5 , +.Xr fs 5 , +.Xr disklabel 8 , +.Xr fsck 8 , +.Xr fsck_ffs 8 , +.Xr growfs 8 , +.Xr newfs 8 , +.Xr tunefs 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/dvmrpctl.8 b/static/openbsd/man8/dvmrpctl.8 new file mode 100644 index 00000000..80b52d55 --- /dev/null +++ b/static/openbsd/man8/dvmrpctl.8 @@ -0,0 +1,78 @@ +.\" $OpenBSD: dvmrpctl.8,v 1.11 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2004, 2005, 2006 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt DVMRPCTL 8 +.Os +.Sh NAME +.Nm dvmrpctl +.Nd control the DVMRP routing daemon +.Sh SYNOPSIS +.Nm +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr dvmrpd 8 +daemon. +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm s s +for +.Cm show summary . +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm show igmp +Show IGMP status for all interfaces. +.It Cm show interfaces Op Ar interface +Show details for all interfaces or the specified +.Ar interface . +.It Cm show mfc Op Cm detail +Show the Multicast Forwarding Cache. +.Cm detail +can be specified for additional detail. +.It Cm show neighbor Op Cm detail +Show neighbors. +.Cm detail +can be specified for additional detail. +.It Cm show rib Op Cm detail +Show the Routing Information Base. +.Cm detail +can be specified for additional detail. +.It Cm show summary +Show summary information. +.El +.Sh FILES +.Bl -tag -width "/var/run/dvmrpd.sockXX" -compact +.It Pa /var/run/dvmrpd.sock +.Ux Ns -domain +socket used for communication with +.Xr dvmrpd 8 . +.El +.Sh SEE ALSO +.Xr dvmrpd.conf 5 , +.Xr dvmrpd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.0 . diff --git a/static/openbsd/man8/dvmrpd.8 b/static/openbsd/man8/dvmrpd.8 new file mode 100644 index 00000000..128371e1 --- /dev/null +++ b/static/openbsd/man8/dvmrpd.8 @@ -0,0 +1,118 @@ +.\" $OpenBSD: dvmrpd.8,v 1.12 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2004, 2005, 2006 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt DVMRPD 8 +.Os +.Sh NAME +.Nm dvmrpd +.Nd Distance Vector Multicast Routing Protocol (DVMRP) daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl f Ar file +.Sh DESCRIPTION +.Nm +is the Distance Vector Multicast Routing Protocol +.Pq DVMRP +daemon, which manages multicast routing tables. +This implementation supports DVMRP version 3.255, +thus it is only capable of maintaining IPv4 multicast routing tables. +.Pp +DVMRP uses a distance vector routing algorithm to build +reverse path multicast delivery trees. +A flood and prune approach is used to determine which branches in +the network have multicast listeners. +The usual drawbacks of a distance vector route protocol applies to DVMRP: +slow convergence and scalability issues. +.Pp +DVMRP routers communicate via the multicast group 224.0.0.4 +All DVMRP Routers. +IP protocol number 2 +.Pq IGMP +is used, furthermore DVMRP packets omit the use of TCP and UDP. +.Pp +It is possible to interconnect multicast networks with the use of tunnels. +Tunnels can traverse routers and networks not supporting multicast. +.Nm +does not support tunneling as described in RFC 1075, +since it has been abandoned. +.Nm +can tunnel multicast traffic using generic solutions such as +.Xr gre 4 . +.Pp +DVMRP is used for handling multicast routing exclusively. +It is not required that a unicast routing protocol is used in +conjunction with DVMRP. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable dvmrpd , +which sets +.Pp +.Dl dvmrpd_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +A running +.Nm +can be controlled with the +.Xr dvmrpctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/dvmrpd.sockXX" -compact +.It Pa /etc/dvmrpd.conf +Default +.Nm +configuration file. +.It Pa /var/run/dvmrpd.sock +.Ux Ns -domain +socket used for communication with +.Xr dvmrpctl 8 . +.El +.Sh SEE ALSO +.Xr dvmrpd.conf 5 , +.Xr dvmrpctl 8 +.Sh STANDARDS +.Rs +.%D August 2000 +.%R draft-ietf-idmr-dvmrp-v3-11 +.%T DVMRP Version 3 +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.0 . diff --git a/static/openbsd/man8/edquota.8 b/static/openbsd/man8/edquota.8 new file mode 100644 index 00000000..8f30c55d --- /dev/null +++ b/static/openbsd/man8/edquota.8 @@ -0,0 +1,168 @@ +.\" $OpenBSD: edquota.8,v 1.13 2022/03/31 17:27:29 naddy Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Robert Elz at The University of Melbourne. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)edquota.8 8.1 (Berkeley) 6/6/93 +.\" $Id: edquota.8,v 1.13 2022/03/31 17:27:29 naddy Exp $ +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt EDQUOTA 8 +.Os +.Sh NAME +.Nm edquota +.Nd edit user quotas +.Sh SYNOPSIS +.Nm edquota +.Op Fl u +.Op Fl p Ar proto-username +.Ar username | uid ... +.Nm edquota +.Fl g +.Op Fl p Ar proto-groupname +.Ar groupname | gid ... +.Nm edquota +.Fl t +.Op Fl u +.Nm edquota +.Fl g +.Fl t +.Sh DESCRIPTION +.Nm edquota +is a quota editor. +By default, or if the +.Fl u +flag is specified, +one or more users may be specified on the command line. +If a numeric ID is given instead of a name, that UID/GID +will be used even if there is not a corresponding ID in +the +.Pa /etc/passwd +or +.Pa /etc/group +files. +For each user a temporary file is created +with an +.Tn ASCII +representation of the current +disk quotas for that user. +The list of filesystems with user quotas is determined from +.Pa /etc/fstab . +An editor is invoked on the +.Tn ASCII +file. +The editor invoked is +.Xr vi 1 +unless the environment variable +.Ev EDITOR +specifies otherwise. +.Pp +The quotas may then be modified, new quotas added, etc. +Setting a quota to zero indicates that no quota should be imposed. +Setting a hard limit to one indicates that no allocations should +be permitted. +Setting a soft limit to one with a hard limit of zero +indicates that allocations should be permitted on +only a temporary basis (see +.Fl t +below). +The current usage information in the file is for informational purposes; +only the hard and soft limits can be changed. +.Pp +On leaving the editor, +.Nm edquota +reads the temporary file and modifies the binary +quota files to reflect the changes made. +.Pp +If the +.Fl p +flag is specified, +.Nm edquota +will duplicate the quotas of the prototypical user +specified for each user specified. +This is the normal mechanism used to +initialize quotas for groups of users. +.Pp +If the +.Fl g +flag is specified, +.Nm edquota +is invoked to edit the quotas of +one or more groups specified on the command line. +The +.Fl p +flag can be specified in conjunction with +the +.Fl g +flag to specify a prototypical group +to be duplicated among the listed set of groups. +.Pp +Users are permitted to exceed their soft limits +for a grace period that may be specified per filesystem. +Once the grace period has expired, +the soft limit is enforced as a hard limit. +The default grace period for a filesystem is specified in +.Pa /usr/include/ufs/ufs/quota.h . +The +.Fl t +flag can be used to change the grace period. +By default, or when invoked with the +.Fl u +flag, the grace period is set for all the filesystems with user +quotas specified in +.Pa /etc/fstab . +When invoked with the +.Fl g +flag, the grace period is +set for all the filesystems with group quotas specified in +.Pa /etc/fstab . +The grace period may be specified in days, hours, minutes, or seconds. +Setting a grace period to zero indicates that the default +grace period should be imposed. +Setting a grace period to one second indicates that no +grace period should be granted. +.Pp +Only the superuser may edit quotas. +.Sh FILES +.Bl -tag -width quota.group -compact +.It Pa quota.user +at the filesystem root with user quotas +.It Pa quota.group +at the filesystem root with group quotas +.It Pa /etc/fstab +to find filesystem names and locations +.El +.Sh SEE ALSO +.Xr quota 1 , +.Xr quotactl 2 , +.Xr fstab 5 , +.Xr quotacheck 8 , +.Xr quotaon 8 , +.Xr repquota 8 diff --git a/static/openbsd/man8/eeprom.8 b/static/openbsd/man8/eeprom.8 new file mode 100644 index 00000000..88c01bfe --- /dev/null +++ b/static/openbsd/man8/eeprom.8 @@ -0,0 +1,236 @@ +.\" $OpenBSD: eeprom.8,v 1.24 2022/11/09 07:20:12 miod Exp $ +.\" $NetBSD: eeprom.8,v 1.2 1996/02/28 01:13:24 thorpej Exp $ +.\" +.\" Copyright (c) 1996 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Jason R. Thorpe. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 9 2022 $ +.Dt EEPROM 8 +.Os +.Sh NAME +.Nm eeprom +.Nd display or modify contents of the OpenPROM +.Sh SYNOPSIS +.Nm eeprom +.Op Fl pv +.Op Fl f Ar device +.Oo +.Ar field Ns Op = Ns Ar value +.Ar ... +.Oc +.Sh DESCRIPTION +.Nm eeprom +provides an interface for displaying and changing the contents of the +OpenPROM. +Without any arguments, +.Nm eeprom +will list all of the known fields and their corresponding values. +When given the name of a specific field, +.Nm eeprom +will display that value or set it if the field name is followed by +.Sq = +and a value. +Only the superuser may modify the contents of the OpenPROM. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl +Commands are taken from stdin and displayed on stdout. +.It Fl f Ar device +Use +.Ar device +instead of the default +.Pa /dev/openprom . +.It Fl p +Display the tree derived from the OpenPROM and exit. +.It Fl v +Be verbose when setting a value. +.El +.Sh FIELDS AND VALUES +Since the OpenPROM is designed such that the field names are arbitrary, +explaining them here is dubious. +Below are field names and values that one is likely to see. +NOTE: this list +may be incomplete or incorrect due to differences between revisions +of the OpenPROM. +.Bl -tag -width "network-boot-arguments " +.It Ar sunmon-compat? +If true, the old EEPROM-style interface will be used while in the monitor, +rather than the OpenPROM-style interface. +.It Ar selftest-#megs +A 32-bit integer specifying the number of megabytes of memory to +test upon power-up. +.It Ar oem-logo +A 64bitx64bit bitmap in Sun Iconedit format. +To set the bitmap, give the pathname of the file containing the image. +NOTE: this property is not yet supported. +.It Ar oem-logo? +If true, enables the use of the bitmap stored in +.Ar oem-logo +rather than the default Sun logo. +.It Ar oem-banner +A string to use at power-up, rather than the default Sun banner. +.It Ar oem-banner? +If true, enables the use of the banner stored in +.Ar oem-banner +rather than the default Sun banner. +.It Ar ttya-mode +A string of five comma separated fields in the format +.Dq 9600,8,n,1,- . +The first field is the baud rate. +The second field is the number of data bits. +The third field is the parity; acceptable values for parity are +.Dq n +(none), +.Dq e +(even), +.Dq o +(odd), +.Dq m +(mark), and +.Dq s +(space). +The fourth field is the number of stop bits. +The fifth field is the +.Dq handshake +field; acceptable values are +.Dq - +(none), +.Dq h +(RTS/CTS), and +.Dq s +(XON/XOFF). +.It Ar ttya-rts-dtr-off +If true, the system will ignore RTS/DTR. +.It Ar ttya-ignore-cd +If true, the system will ignore carrier detect. +.It Ar ttyb-mode +Similar to +.Ar ttya-mode , +but for ttyb. +.It Ar ttyb-rts-dtr-off +Similar to +.Ar ttya-rts-dtr-off , +but for ttyb. +.It Ar ttyb-ignore-cd +Similar to +.Ar ttya-ignore-cd , +but for ttyb. +.It Ar sbus-probe-list +Four digits in the format +.Dq 0123 +specifying which order to probe the SBus at power-up. +It is unlikely that this value should ever be changed. +.It Ar screen-#columns +An 8-bit integer specifying the number of columns on the console. +.It Ar screen-#rows +An 8-bit integer specifying the number of rows on the console. +.It Ar boot-device +Space separated list of device aliases or device paths to boot from, +in the given order. +.It Ar boot-file +File to boot. +The empty string lets the second-stage boot program +.Sy ofwboot +choose the default. +.It Ar auto-boot? +If true, the system will boot automatically at power-up. +.It Ar watchdog-reboot? +If true, the system will reboot upon reset. +Otherwise, the system will fall into the monitor. +.It Ar input-device +One of the strings +.Dq keyboard , +.Dq ttya , +or +.Dq ttyb +specifying the default console input device. +.It Ar output-device +One of the strings +.Dq screen , +.Dq ttya , +or +.Dq ttyb +specifying the default console output device. +.It Ar keyboard-click? +If true, the keys click annoyingly. +.It Ar network-boot-arguments +Comma separated list of arguments for booting over RARP or BOOTP/DHCP and TFTP. +.It Ar sd-targets +A string in the format +.Dq 31204567 +describing the translation of physical to logical target. +.It Ar st-targets +Similar to +.Ar sd-targets , +but for tapes. +The default translation is +.Dq 45670123 . +.It Ar scsi-initiator-id +The SCSI ID of the on-board SCSI controller. +.It Ar hardware-revision +A 7-character string describing a date, such as +.Dq 25May95 . +.It Ar last-hardware-update +Similar to +.Ar hardware-revision , +describing when the CPU was last updated. +.It Ar diag-switch? +If true, the system will boot and run in diagnostic mode. +.It Ar local-mac-address? +When set to +.Em false , +all Ethernet devices will use the same system default MAC address. +When +.Em true , +Ethernet devices which have a unique MAC address will use it +rather than the system default MAC address. +This option only really affects FCode-based Ethernet devices. +On Sparc64, all on-board devices, +as well as plug-in +.Xr hme 4 +boards, will respect this setting; +other hardware will not. +.El +.Sh FILES +.Bl -tag -width "/dev/openprom" -compact +.It /dev/openprom +the OpenPROM device +.El +.Sh SEE ALSO +.Xr openprom 4 +.Sh CAVEATS +The fields and their values are not necessarily well defined on +systems with an OpenPROM. +Your mileage may vary. +.Pp +There are a few fields known to exist in some revisions of the +OpenPROM that are not yet supported. +Most notable are those +relating to password protection of the OpenPROM. +.Pp +The date parser isn't very intelligent. diff --git a/static/openbsd/man8/eigrpctl.8 b/static/openbsd/man8/eigrpctl.8 new file mode 100644 index 00000000..cf612bb7 --- /dev/null +++ b/static/openbsd/man8/eigrpctl.8 @@ -0,0 +1,183 @@ +.\" $OpenBSD: eigrpctl.8,v 1.7 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2015 Renato Westphal +.\" Copyright (c) 2004, 2005 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt EIGRPCTL 8 +.Os +.Sh NAME +.Nm eigrpctl +.Nd control the EIGRP routing daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr eigrpd 8 +daemon. +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm s i +for +.Cm show interfaces . +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/eigrpd.sock +to communicate with +.Xr eigrpd 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Xo +.Cm clear neighbors +.Op Cm family Ar family +.Op Cm as Ar as +.Op Ar address +.Xc +Delete entries from the neighbor table. +.Ar family , +.Ar as , +and +.Ar address +can be used to limit the scope of the command to the given address family, autonomous system and/or address. +If no argument is given, all neighbors from all EIGRP instances will be deleted. +.It Cm fib couple +Insert the learned routes into the Forwarding Information Base +a.k.a. the kernel routing table. +.It Cm fib decouple +Remove the learned routes from the Forwarding Information Base +a.k.a. the kernel routing table. +Decoupling the FIB from an EIGRP router may create routing loops and could cause +major routing issues in the complete EIGRP cloud. +Only routers with just one link to the EIGRP cloud can safely decouple the FIB. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm reload +Reload the configuration file. +.It Xo +.Cm show fib +.Op Cm family Ar family +.Op Ar filter +.Xc +Show the Forwarding Information Base. +.Ar family , +if given, limit the output to the given address family. +.Ar filter +can be any of the following: +.Pp +.Bl -tag -width "interfaceXXinterfaceXX" -compact +.It Cm connected +Show only connected routes. +.It Cm interface Op Ar interface +Show only interfaces or the specified +.Ar interface . +.It Cm eigrp +Show only EIGRP routes. +.It Cm static +Show only static routes. +.El +.Pp +.Cm connected , +.Cm eigrp +and +.Cm static +may be specified together. +.It Xo +.Cm show interfaces +.Op Cm family Ar family +.Op Cm as Ar as +.Op Ar interface +.Xc +Show details for all EIGRP enabled interfaces or the specified +.Ar interface . +.Ar family +and +.Ar as , +if given, limit the output to the given address family and/or autonomous system. +.It Xo +.Cm show neighbor +.Op Cm family Ar family +.Op Cm as Ar as +.Xc +Show neighbors. +.Ar family +and +.Ar as , +if given, limit the output to the given address family and/or autonomous system. +.It Xo +.Cm show topology +.Op Cm family Ar family +.Op Cm as Ar as +.Op Ar prefix | filter +.Xc +Show the topology table. +.Ar family +and +.Ar as , +if given, limit the output to the given address family and/or autonomous system. +.Ar prefix +can be specified to show the entries matching a destination prefix. +.Ar filter +can be any of the following: +.Pp +.Bl -tag -width "interfaceXXinterfaceXX" -compact +.It Cm active +Show only active entries. +.It Cm all-links +Show all entries. +.El +.It Xo +.Cm show traffic +.Op Cm family Ar family +.Op Cm as Ar as +.Xc +Show traffic statistics. +.Ar family +and +.Ar as , +if given, limit the output to the given address family and/or autonomous system. +.El +.Sh FILES +.Bl -tag -width "/var/run/eigrpd.sockXX" -compact +.It Pa /var/run/eigrpd.sock +.Ux Ns -domain +socket used for communication with +.Xr eigrpd 8 . +.El +.Sh SEE ALSO +.Xr eigrpd.conf 5 , +.Xr eigrpd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 5.9 . +.Sh AUTHORS +The +.Nm +program was written by +.An Renato Westphal Aq Mt renato@openbsd.org . diff --git a/static/openbsd/man8/eigrpd.8 b/static/openbsd/man8/eigrpd.8 new file mode 100644 index 00000000..25362823 --- /dev/null +++ b/static/openbsd/man8/eigrpd.8 @@ -0,0 +1,111 @@ +.\" $OpenBSD: eigrpd.8,v 1.5 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2015 Renato Westphal +.\" Copyright (c) 2004, 2005, 2007 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt EIGRPD 8 +.Os +.Sh NAME +.Nm eigrpd +.Nd Enhanced Interior Gateway Routing Protocol (EIGRP) daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is an Enhanced Interior Gateway Routing Protocol +.Pq EIGRP +daemon which manages routing tables. +EIGRP is a routing protocol based on Distance Vector technology. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable eigrpd , +which sets +.Pp +.Dl eigrpd_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +A running +.Nm +can be controlled with the +.Xr eigrpctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/eigrpd.sockXX" -compact +.It Pa /etc/eigrpd.conf +Default +.Nm +configuration file. +.It Pa /var/run/eigrpd.sock +.Ux Ns -domain +socket used for communication with +.Xr eigrpctl 8 . +.El +.Sh SEE ALSO +.Xr eigrpd.conf 5 , +.Xr eigrpctl 8 +.Sh STANDARDS +.Rs +.%A Savage, et al. +.%D April 2014 +.%R draft-savage-eigrp-04 +.%T Enhanced Interior Gateway Routing Protocol +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 5.9 . +.Sh AUTHORS +The +.Nm +program was written by +.An Renato Westphal Aq Mt renato@openbsd.org . diff --git a/static/openbsd/man8/fdisk.8 b/static/openbsd/man8/fdisk.8 new file mode 100644 index 00000000..d26a17fd --- /dev/null +++ b/static/openbsd/man8/fdisk.8 @@ -0,0 +1,438 @@ +.\" $OpenBSD: fdisk.8,v 1.128 2025/06/29 16:15:52 krw Exp $ +.\" +.\" +.\" Copyright (c) 1997 Tobias Weingartner +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: June 29 2025 $ +.Dt FDISK 8 +.Os +.Sh NAME +.Nm fdisk +.Nd partition table maintenance program +.Sh SYNOPSIS +.Nm fdisk +.Op Fl evy +.Op Fl A | g | i | u +.Op Fl b Ar blocks Ns Op @ Ns Ar offset Ns Op : Ns Ar type +.Op Fl l Ar blocks | Fl c Ar cylinders Fl h Ar heads Fl s Ar sectors +.Op Fl f Ar file +.Ar disk +.Nm fdisk +.Fl R +.Op Fl evy +.Ar disk Op Ar file +.Sh DESCRIPTION +.Nm fdisk +creates and edits MBR and GPT partition tables. +These tables are used by the boot process of some +platforms to find the +.Ox +kernel and, when present, are used by the kernel to find the +.Xr disklabel 5 . +.Pp +Caution is advised when editing these tables since some platforms +rely on specific configurations created at install time. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +Modifies the GPT partition table entries on +.Ar disk +to put all available space not taken by +.Fl b +into a single +.Ox +partition. +The available space is maximized by deleting all existing partition +entries except for partition types APFS ISC, APFS, APFS Recovery, BIOS Boot, +HiFive FSBL, HiFive BBL and partitions with the +.Sq Required +GPT attribute set. +.Pp +If +APFS ISC, APFS, or APFS Recovery +partitions are detected then existing +EFI system +partitions are also preserved. +If the preserved EFI system partition has fewer blocks +than the number requested with +.Fl b , +the modified GPT is discarded. +.It Fl b Ar blocks Ns Op @ Ns Ar offset Ns Op : Ns Ar type +Creates a partition table entry of the specified number of blocks, offset +and type. +.Ar offset +defaults to the first available block, and +.Ar type +defaults to +.Sq EF . +.Pp +.Fl b +is only available in combination with +.Fl A , +.Fl g , +or +.Fl i . +.Pp +If +.Fl A +or +.Fl g +is specified, only the +.Ar blocks +value is used. +.It Xo +.Fl c Ar cylinders +.Fl h Ar heads +.Fl s Ar sectors +.Xc +Specifies a geometry for +.Nm +to use. +By default the disk size and geometry are obtained +from the default +.Xr disklabel 5 +constructed by the kernel for +.Ar disk . +See +.Xr disklabel 5 +and +.Xr disklabel 8 . +.It Fl e +Invokes the interactive partition table editor. +See +.Sx COMMAND MODE +below. +.It Fl f Ar file +Specifies a file containing the bootcode for an MBR. +The default file is +.Pa /usr/mdec/mbr . +.It Fl g +Writes a default GPT, including a protective MBR, to +.Ar disk . +The GPT has a single +.Ox +partition containing all available space not taken by +.Fl b . +.It Fl i +Writes a default MBR to +.Ar disk . +The MBR has a single +.Ox +partition containing all the available space not taken by +.Fl b . +The bootcode is initialized as described in +.Fl u . +.It Fl l Ar count +Treat +.Ar disk +as though it has a size of +.Ar count +blocks. +.It Fl R Ar disk Op Ar file +Creates a GPT or MBR partition table based on the contents of +.Ar file . +.Ar file +contains the output of +.Nm Fl v +(e.g. the fdisk* files in /var/backups) or +compact GPT partition descriptions of the form +.Pp +.Dl :[:] +.Pp +where a new partition UUID is always generated and is +optional. +For example: +.Pp +.Dl 0: EFI Sys [64:66560] 0x0 EFI System Area +.Pp +If is 0 it is set to the first usable LBA of the largest +chunk of free space. +.Pp +If +.Ar file +is not provided, +.Nm +attempts to fully restore a GPT if either a primary or secondary +GPT exists on +.Ar disk . +.It Fl u +Updates the MBR bootcode. +If a bootcode file is present (see +.Fl f ) +the MBR, except for the partition entries, is replaced by +the first block of the file. +If no bootcode file is present, zeros are used. +.Pp +Not available when editing a GPT. +.It Fl v +Prints detailed information about the MBR, the Primary GPT and the +Secondary GPT. +.It Fl y +New or modified partition table is written to disk without +asking for confirmation. +.It Ar disk +.Nm +creates or modifies the partition table of +.Ar disk . +.Ar disk +can be a full pathname, +e.g. +.Pa /dev/rsd0c , +a raw partition name, e.g. +.Pa sd0c , +or just the disk name, e.g. +.Pa sd0 . +.El +.Sh TYPICAL LAYOUT +When called without options, +.Nm +prints the partition table of +.Ar disk . +.Pp +If +.Ar disk +has a GPT a terse version of its contents is printed: +.Bd -literal -offset 1n +# fdisk sd0 +Disk: sd0 Usable LBA: 64 to 500118128 [500118192 Sectors] + #: type [ start: size ] +------------------------------------------------------------------------ + 1: EFI Sys [ 64: 960 ] + 3: OpenBSD [ 1024: 500117105 ] +.Ed +.Pp +When +.Ar disk +does not have a GPT, the first block of +.Ar disk +is printed as an MBR: +.Bd -literal -offset 1n +# fdisk sd0 +Disk: sd0 geometry: 121601/255/63 [1953525168 Sectors] +Offset: 0 Signature: 0xAA55 + Starting Ending LBA Info: + #: id C H S - C H S [ start: size ] +------------------------------------------------------------------------ + 0: 0B 0 1 1 - 26108 0 63 [ 63: 419425020 ] FAT32 + 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused + 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused +*3: A6 26108 1 1 - 121600 254 63 [ 419425083: 1534094982 ] OpenBSD +.Ed +.Pp +.Em NOTE : +Partition entry #3 of this MBR is flagged as bootable. +.Pp +.Em NOTE : +The +.Em S +field in the C/H/S values is +.Dq 1 based , +but the LBA "start" field is +.Dq 0 based . +.Pp +The +.Fl v +option causes more information to be printed: +.Bd -literal -offset 1n +# fdisk -v sd0 +Primary GPT: +Disk: sd0 Usable LBA: 64 to 500118128 [500118192 Sectors] +GUID: f0418899-4976-4604-a783-3ebe135a8f12 + #: type [ start: size ] + guid name +------------------------------------------------------------------------ + 1: EFI Sys [ 64: 960 ] + d0834013-dab8-44df-a5e4-123148f17e03 EFI System Area + 3: OpenBSD [ 1024: 500117105 ] + cd356d77-8369-44b4-996e-79e8b9a47bfe OpenBSD Area + +Secondary GPT: +Disk: sd0 Usable LBA: 64 to 500118128 [500118192 Sectors] +GUID: f0418899-4976-4604-a783-3ebe135a8f12 + #: type [ start: size ] + guid name +------------------------------------------------------------------------ + 1: EFI Sys [ 64: 960 ] + d0834013-dab8-44df-a5e4-123148f17e03 EFI System Area + 3: OpenBSD [ 1024: 500117105 ] + cd356d77-8369-44b4-996e-79e8b9a47bfe OpenBSD Area + +MBR: +Disk: sd0 geometry: 31130/255/63 [500118192 Sectors] +Offset: 0 Signature: 0xAA55 + Starting Ending LBA Info: + #: id C H S - C H S [ start: size ] +------------------------------------------------------------------------------- + 0: EE 0 0 2 - 31130 233 63 [ 1: 500118191 ] EFI GPT + 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused + 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused + 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused +.Ed +.Sh COMMAND MODE +When +.Nm +enters interactive command mode, +it copies the partition table from +.Ar disk +into memory and performs all edits on +that copy. +The partition table on +.Ar disk +is modified only by +.Em write +or +.Em quit +commands. +.Pp +The prompt contains information about the state of the edit +process. +.Pp +.Dl Ar disk Ns *:1> +.Pp +Where +.Ar disk +is the name of the disk being edited, +.Sq * +means that the partition table has been modified, but +not yet written to disk and +1 is the edit level when operating on the MBR or GPT. +This number is 2 when editing an extended partition in the MBR, +3 when editing an extended partition within the edit level 2 +extended partition, and so on. +.Pp +The list of commands and their functions is +given below. +Commands may be abbreviated. +The first command matching the abbreviation is selected. +.Bl -tag -width Ds +.It Cm ?\& +A synonym for +.Cm help . +.It Cm help +Displays a short summary of available commands. +.It Cm manual +Displays this manual page. +.It Cm reinit Op Cm gpt | Cm mbr +Initializes the partition table. +.Pp +By default an MBR partition table is initialized. +If +.Cm gpt +is specified a GPT partition table is initialized, including the +protective MBR. +.It Cm setpid Ar # +Sets the identifier of the partition table entry. +.It Cm edit Ar # | Ar desc +Edit an entry in the partition table. +.Pp +.Ar # +(MBR or GPT) triggers interactive editing of the partition. +.Pp +.Ar desc +(GPT only) immediately modifies the partition. +.Ar desc +is in the compact format supported by the +.Fl R +command line argument. +.Pp +The offset and size of the entry may be specified in CHS mode (MBR only), +by using sector offsets and sizes, or by using +the units +.Sq b , +.Sq k , +.Sq m , +.Sq g , +or +.Sq t +to indicate bytes, kilobytes, megabytes, gigabytes, or terabytes. +The special size value +.Sq * +causes the partition to be sized to use the remainder of the disk. +.It Cm flag Ar # Op Ar value +Set the partition's flag (MBR) or attribute (GPT) value. +.Ar value +can be a positive integer or a hex string. +An MBR partition will accept values from 0 to 0xff. +A GPT partition will accept values from 0 to 0xfffffffffffffff. +If +.Ar value +is not provided, the partition's bootable flag is set +and all other partitions have their bootable flags reset. +MBR partitions with the bootable flag set are printed with a +.Sq * +prefix. +GPT partitions with the bootable flag set display 'bootable' in +their attributes list. +.It Cm update +Updates the MBR bootcode. +If a bootcode file is present (see +.Fl f ) +the MBR, except for the partition entries, is replaced by +the first block of the file. +If no bootcode file is present, zeros are used. +.Pp +Not available when editing a GPT. +.It Cm select Ar # +Selects an extended partition entry, increasing the edit level by 1. +.Pp +Not available when editing a GPT. +.It Cm swap Ar # Ar # +Swaps two partition entries. +.It Cm print Op Ar unit +Prints the partition table. +If +.Ar unit +is +.Sq b , +.Sq k , +.Sq m , +.Sq g , +or +.Sq t +partition sizes are shown in bytes, +kilobytes, megabytes, gigabytes, or terabytes. +If +.Ar unit +is not provided, sizes are shown in sectors. +.It Cm write +Writes the partition table to disk. +.It Cm exit +Discards outstanding changes and exits the current edit level. +If the edit level is 1, +.Nm +terminates. +.It Cm quit +Writes outstanding changes to disk and exits the current edit +level. +If the edit level is 1, +.Nm +terminates. +.It Cm abort +Discards outstanding changes and terminates +.Nm . +.El +.Sh FILES +.Bl -tag -width /usr/mdec/mbr -compact +.It Pa /usr/mdec/mbr +default MBR bootcode +.El +.Sh SEE ALSO +.Xr disklabel 5 , +.Xr boot 8 , +.Xr boot_amd64 8 , +.Xr boot_i386 8 , +.Xr boot_macppc 8 , +.Xr disklabel 8 diff --git a/static/openbsd/man8/fingerd.8 b/static/openbsd/man8/fingerd.8 new file mode 100644 index 00000000..226d80ff --- /dev/null +++ b/static/openbsd/man8/fingerd.8 @@ -0,0 +1,166 @@ +.\" $OpenBSD: fingerd.8,v 1.22 2022/03/31 17:27:18 naddy Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)fingerd.8 8.1 (Berkeley) 6/4/93 +.\" $Id: fingerd.8,v 1.22 2022/03/31 17:27:18 naddy Exp $ +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt FINGERD 8 +.Os +.Sh NAME +.Nm fingerd +.Nd remote user information server +.Sh SYNOPSIS +.Nm fingerd +.Op Fl lMmpSsu +.Op Fl P Ar filename +.Sh DESCRIPTION +.Nm +implements a simple protocol based on RFC 1288 +that provides an interface to the +Name and Finger programs at several network sites. +The program is supposed to return a friendly, +human-oriented status report on either the system at the moment +or a particular person in depth. +There is no required format and the +protocol consists mostly of specifying a single +.Dq command line . +.Pp +.Nm +is started by +.Xr inetd 8 , +which listens for TCP requests at port 79. +Once connected, it reads a single command line +terminated by a +.Aq CRLF +which is passed to +.Xr finger 1 . +.Nm +closes its connections as soon as the output is finished. +.Pp +If the line is null (i.e., just a +.Aq CRLF +is sent) then +.Xr finger 1 +returns a +.Dq default +report that lists all people logged into +the system at that moment. +.Pp +If a user name is specified (e.g., +.Pf eric Aq CRLF ) +then the +response lists more extended information for only that particular user, +whether logged in or not. +Allowable +.Dq names +in the command line include both +.Dq login names +and +.Dq user names . +If a name is ambiguous, all possible derivations are returned. +.Pp +The following options may be passed to +.Nm +as server program arguments in +.Pa /etc/inetd.conf : +.Bl -tag -width Ds +.It Fl l +Enable logging. +The name of the host originating the query and the actual request +is reported via +.Xr syslog 3 +at LOG_NOTICE priority. +A request of the form +.Sq /W +or +.Sq /w +will return long output. +Empty requests will return all currently logged in users. +All other requests look for specific users. +See RFC 1288 for details. +.It Fl M +Enables matching of +.Ar user +names. +This is disabled by default if the system is running YP. +.It Fl m +Prevent matching of +.Ar user +names. +.Ar User +is usually a login name; however, matching will also be done on the +users' real names, unless the +.Fl m +option is supplied. +.It Fl P Ar filename +Use an alternate program as the local information provider. +The default local program +executed by +.Nm +is +.Xr finger 1 . +By specifying a customized local server, +this option allows a system manager +to have more control over what information is +provided to remote sites. +.It Fl p +Prevents +.Xr finger 1 +from displaying the contents of the +.Dq Pa .plan +and +.Dq Pa .project +files. +.It Fl S +Prints user information in short mode, one line per user. +This overrides the +.Dq Pa Whois switch +that may be passed in from the remote client. +.It Fl s +Enable secure mode. +Forwarding of queries to other remote hosts is denied. +.It Fl u +Queries without a user name are rejected. +.El +.Sh SEE ALSO +.Xr finger 1 , +.Xr inetd 8 +.Sh STANDARDS +.Rs +.%A D. Zimmerman +.%D December 1991 +.%R RFC 1288 +.%T The Finger User Information Protocol +.Re +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 . diff --git a/static/openbsd/man8/fsck.8 b/static/openbsd/man8/fsck.8 new file mode 100644 index 00000000..ca0d4e2c --- /dev/null +++ b/static/openbsd/man8/fsck.8 @@ -0,0 +1,182 @@ +.\" $OpenBSD: fsck.8,v 1.35 2023/01/04 13:00:11 jsg Exp $ +.\" $NetBSD: fsck.8,v 1.14 1996/10/03 20:08:29 christos Exp $ +.\" +.\" Copyright (c) 1996 Christos Zoulas. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 4 2023 $ +.Dt FSCK 8 +.Os +.Sh NAME +.Nm fsck +.Nd file system consistency check and interactive repair +.Sh SYNOPSIS +.Nm fsck +.Bk -words +.Op Fl dfNnpvy +.Op Fl b Ar block# +.Op Fl l Ar maxparallel +.Op Fl T Ar fstype : Ns Ar fsoptions +.Op Fl t Ar fstype +.Op Ar special | node ... +.Ek +.Sh DESCRIPTION +The +.Nm +command invokes file-system-specific programs to check the +special devices listed in the +.Xr fstab 5 +file or on the command line for consistency. +.Pp +It is normally used in the script +.Xr rc 8 +during automatic reboot. +If no file systems are specified, +.Nm +reads the file +.Xr fstab 5 +to determine which file systems to check and in what order. +Only partitions in fstab that are mounted +.Dq rw +or +.Dq ro +and that have non-zero pass numbers are checked. +File systems with pass number 1 (normally just the root file system) are +checked one at a time. +When pass 1 completes, all remaining file systems are checked, with one +process spawned per disk drive. +The disk drive containing each file system is inferred from the longest +prefix of the device name that ends in a digit; the remaining characters +are assumed to be the partition designator. +By default, file systems which are already mounted read/write are not +checked. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b Ar block# +Causes +.Nm +to use the specified block as the location of the superblock. +Block 32 is usually an alternate super block. +This option is only valid for filesystems that support backup superblocks +(ffs and ext2fs). +.It Fl d +Debugging mode. +Just print the commands without executing them. +Available only if +.Nm +is compiled to support it. +.It Fl f +Force checking of file systems, even when they are marked clean (for file systems +that support this). +.It Fl l Ar maxparallel +Limit the number of parallel checks to +.Ar maxparallel . +By default, the limit is the number of +disks, running one process per disk. +If a smaller limit is given, +the disks are checked round-robin, one file system at a time. +.It Fl N +When using +.Xr fstab 5 , +only check filesystems that have the +.Dq net +mount option set. +By default file systems with this option are ignored. +.It Fl n +Assume a +.Dq no +response to all questions asked by +.Nm +except for +.Dq CONTINUE? , +which is assumed to be affirmative. +File systems will not be opened for writing. +This is the default for file systems to be checked that are +concurrently mounted writable. +.It Fl p +Enter preen mode: +.Nm +will check all file systems listed in +.Xr fstab 5 +according to their pass number, +or any special devices listed on the command line, +and will make minor repairs without +human intervention. +Any major problems will cause +.Nm +to exit with a non-zero exit code, +so as to alert any invoking program or script +that human intervention is required. +.It Fl T Ar fstype : Ns Ar fsoptions +List of comma separated file system specific options for the specified +file system type, in the same format as +.Xr mount 8 . +.It Fl t Ar fstype +Invoke +.Nm +only for the comma separated list of file system types. +If the list starts with +.Dq no , +invoke +.Nm +only in the file system types that are +.Em not +specified in +the list. +.It Fl v +Print the commands before executing them. +.It Fl y +Cause +.Nm +to assume +.Dq yes +as the answer to all operator questions. +.El +.Pp +If neither of the +.Fl y +or +.Fl n +options are specified, the user may force +.Nm +to assume an answer of +.Dq yes +to all the remaining questions by replying to a question with a value of +.Dq F . +.Sh FILES +.Bl -tag -width /etc/fstab -compact +.It Pa /etc/fstab +file system table +.El +.Sh SEE ALSO +.Xr fs 5 , +.Xr fstab 5 , +.Xr fsck_ext2fs 8 , +.Xr fsck_ffs 8 , +.Xr fsck_msdos 8 , +.Xr fsdb 8 , +.Xr growfs 8 , +.Xr mount 8 , +.Xr newfs 8 , +.Xr rc 8 , +.Xr scan_ffs 8 diff --git a/static/openbsd/man8/fsck_ext2fs.8 b/static/openbsd/man8/fsck_ext2fs.8 new file mode 100644 index 00000000..8042e133 --- /dev/null +++ b/static/openbsd/man8/fsck_ext2fs.8 @@ -0,0 +1,249 @@ +.\" $OpenBSD: fsck_ext2fs.8,v 1.19 2022/03/31 17:27:19 naddy Exp $ +.\" $NetBSD: fsck_ext2fs.8,v 1.1 1997/06/11 11:21:48 bouyer Exp $ +.\" +.\" Copyright (c) 1997 Manuel Bouyer. +.\" Copyright (c) 1980, 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)fsck.8 8.3 (Berkeley) 11/29/94 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt FSCK_EXT2FS 8 +.Os +.Sh NAME +.Nm fsck_ext2fs +.Nd Second Extended File System consistency check and interactive repair +.Sh SYNOPSIS +.Nm fsck_ext2fs +.Op Fl dfnpy +.Op Fl b Ar block# +.Op Fl m Ar mode +.Ar filesystem +.Sh DESCRIPTION +.Nm +performs interactive file system consistency checks and repairs +the filesystem specified. +It is normally invoked from +.Xr fsck 8 . +.Pp +The kernel takes care that only a restricted class of innocuous file system +inconsistencies can happen unless hardware or software failures intervene. +These are limited to the following: +.Pp +.Bl -item -compact -offset indent +.It +Unreferenced inodes +.It +Link counts in inodes too large +.It +Missing blocks in the free map +.It +Blocks in the free map also in files +.It +Counts in the super-block wrong +.El +.Pp +These are the only inconsistencies that +.Nm +in +.Dq preen +mode (with the +.Fl p +option) will correct; if it encounters other inconsistencies, it exits +with an abnormal return status. +For each corrected inconsistency one or more lines will be printed +identifying the file system on which the correction will take place, +and the nature of the correction. +After successfully correcting a file system, +.Nm +will print the number of files on that file system +and the number of used and free blocks. +.Pp +If sent a +.Dv QUIT +signal, +.Nm +will finish the file system checks, then exit with an abnormal return status. +.Pp +Without the +.Fl p +option, +.Nm +audits and interactively repairs inconsistent conditions for the filesystem. +If the file system is inconsistent, the operator is prompted for concurrence +before each correction is attempted. +It should be noted that some of the corrective actions which are not +correctable under the +.Fl p +option will result in some loss of data. +The amount and severity of data lost may be determined from the diagnostic +output. +The default action for each consistency correction +is to wait for the operator to respond +.Dq yes +or +.Dq no . +If the operator does not have write permission on the file system, +.Nm +will default to a +.Fl n +action. +.Pp +The following flags are interpreted by +.Nm fsck_ext2fs : +.Bl -tag -width indent +.It Fl b Ar block# +Use the block specified immediately after the flag as +the super block for the file system. +Block 8193 is usually an alternate super block. +.It Fl d +Print debugging output. +.It Fl f +Force checking of the filesystem. +Normally, if a file system is cleanly unmounted, the kernel will set a +.Dq clean flag +in the file system superblock and +.Nm +will not check the file system. +This option forces +.Nm +to check the file system, regardless of the state of the clean flag. +.It Fl m Ar mode +Use the +.Ar mode +specified in octal as the +permission bits to use when creating the +.Pa lost+found +directory rather than the default 1777. +In particular, systems that do not wish to have lost files accessible +by all users on the system should use a more restrictive +set of permissions such as 700. +.It Fl n +Assume a +.Dq no +response to all questions asked by +.Nm +except for +.Dq CONTINUE? , +which is assumed to be affirmative. +The filesystem will not be opened for writing. +This is the default for file systems to be checked that are +concurrently mounted writable. +.It Fl p +Specify +.Dq preen +mode, described above. +.It Fl y +Assume a +.Dq yes +response to all questions asked by +.Nm fsck_ext2fs ; +this should be used with great caution as this is a free license +to continue after essentially unlimited trouble has been encountered. +.El +.Pp +If neither of the +.Fl y +or +.Fl n +options are specified, the user may force +.Nm +to assume an answer of +.Dq yes +to all the remaining questions by replying to a question with a value of +.Dq F . +.Pp +Inconsistencies checked are as follows: +.Pp +.Bl -enum -compact +.It +Blocks claimed more than once by inodes or the free map. +.It +Blocks claimed by an inode outside the range of the file system. +.It +Incorrect link counts. +.It +Size checks: +.Bl -item -compact -offset indent +.It +Directory size not a multiple of file system block size. +.It +Partially truncated file. +.El +.It +Bad inode format. +.It +Blocks not accounted for anywhere. +.It +Directory checks: +.Bl -item -compact -offset indent +.It +File pointing to unallocated inode. +.It +Inode number out of range. +.It +Dot or dot-dot not the first two entries of a directory +or having the wrong inode number. +.El +.It +Super Block checks: +.Bl -item -compact -offset indent +.It +More blocks for inodes than there are in the file system. +.It +Bad free block map format. +.It +Total free block and/or free inode count incorrect. +.El +.El +.Pp +Orphaned files and directories (allocated but unreferenced) are, +with the operator's concurrence, reconnected by +placing them in the +.Pa lost+found +directory. +The name assigned is the inode number. +If the +.Pa lost+found +directory does not exist, it is created. +If there is insufficient space, its size is increased. +.Pp +Because of inconsistencies between the block device and the buffer cache, +the raw device should always be used. +.Sh DIAGNOSTICS +The diagnostics produced by +.Nm +are fully enumerated and explained in Appendix A of +.Rs +.%T "Fsck_ffs \- The UNIX File System Check Program" +.Re +.Sh SEE ALSO +.Xr fs 5 , +.Xr fstab 5 , +.Xr fsck 8 , +.Xr mount_ext2fs 8 , +.Xr rc 8 diff --git a/static/openbsd/man8/fsck_ffs.8 b/static/openbsd/man8/fsck_ffs.8 new file mode 100644 index 00000000..8656154a --- /dev/null +++ b/static/openbsd/man8/fsck_ffs.8 @@ -0,0 +1,329 @@ +.\" $OpenBSD: fsck_ffs.8,v 1.28 2022/03/31 17:27:19 naddy Exp $ +.\" $NetBSD: fsck_ffs.8,v 1.12 1996/09/23 16:18:34 christos Exp $ +.\" +.\" Copyright (c) 1980, 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)fsck.8 8.3 (Berkeley) 11/29/94 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt FSCK_FFS 8 +.Os +.Sh NAME +.Nm fsck_ffs +.Nd Fast File System consistency check and interactive repair +.Sh SYNOPSIS +.Nm fsck_ffs +.Op Fl fnpy +.Op Fl b Ar block# +.Op Fl c Ar level +.Op Fl m Ar mode +.Ar filesystem +.Sh DESCRIPTION +.Nm +performs interactive file system consistency checks and repairs the +file system specified. +It is normally invoked from +.Xr fsck 8 . +.Pp +The kernel takes care that only a restricted class of innocuous file system +inconsistencies can happen unless hardware or software failures intervene. +These are limited to the following: +.Pp +.Bl -item -compact -offset indent +.It +Unreferenced inodes +.It +Link counts in inodes too large +.It +Missing blocks in the free map +.It +Blocks in the free map also in files +.It +Counts in the super-block wrong +.El +.Pp +These are the only inconsistencies that +.Nm +with the +.Fl p +option will correct; if it encounters other inconsistencies, it exits +with an abnormal return status and an automatic reboot will then fail. +For each corrected inconsistency, one or more lines will be printed +identifying the file system on which the correction will take place +along with the nature of the correction. +After successfully correcting a file system, +.Nm +will print the number of files on that file system, +the number of used and free blocks, +and the percentage of fragmentation. +.Pp +If sent a +.Dv QUIT +signal, +.Nm +will finish the file system checks, then exit with an abnormal +return status that causes an automatic reboot to fail. +This is useful when you want to finish the file system checks during an +automatic reboot, +but do not want the machine to come up multiuser after the checks complete. +.Pp +If sent an +.Dv INFO +signal, +.Nm +will print a line to standard error indicating the name of the device +currently being checked, the current phase number, and phase-specific +progress information. +.Pp +Without the +.Fl p +option, +.Nm +audits and interactively repairs inconsistent conditions for the filesystem. +If the file system is inconsistent, the operator is prompted for concurrence +before each correction is attempted. +It should be noted that some of the corrective actions which are not +correctable under the +.Fl p +option will result in some loss of data. +The amount and severity of data lost may be determined from the diagnostic +output. +The default action for each consistency correction +is to wait for the operator to respond +.Dq yes +or +.Dq no . +If the operator does not have write permission on the file system, +.Nm +will default to a +.Fl n +action. +.Pp +.Nm fsck +has more consistency checks than +its predecessors +.Em check , dcheck , fcheck , +and +.Em icheck +combined. +.Pp +The following flags are interpreted by +.Nm fsck_ffs : +.Bl -tag -width indent +.It Fl b Ar block# +Use the +.Ar block# +specified as +the super block for the file system. +If the primary superblock is corrupted, +.Nm +tries to find a valid alternate superblock based on the +information in the disklabel. +If that fails, a number printed by +.Nm newfs +(using +.Fl N +combined with the original flags used to create the filesystem) +can be used as a value to this argument. +.It Fl c Ar level +Convert the file system to the specified +.Ar level . +Note that the level of a file system can only be raised. +There are currently four levels defined: +.Bl -tag -width indent +.It 0 +The file system is in the old (static table) format. +.It 1 +The file system is in the new (dynamic table) format. +.It 2 +The file system supports 32-bit UIDs and GIDs, +short symbolic links are stored in the inode, +and directories have an added field showing the file type. +.It 3 +If +.Va maxcontig +is greater than one, +build the free segment maps to aid in finding contiguous sets of blocks. +If +.Va maxcontig +is equal to one, delete any existing segment maps. +.El +.It Fl f +Force checking of the filesystem. +Normally, if a file system is cleanly unmounted, the kernel will set a +.Dq clean flag +in the file system superblock and +.Nm +will not check the file system. +This option forces +.Nm +to check the file system, regardless of the state of the clean flag. +.It Fl m Ar mode +Use the +.Ar mode +specified in octal as the +permission bits to use when creating the +.Pa lost+found +directory rather than the default 1700. +In particular, systems that wish to have lost files accessible +by all users on the system should use a less restrictive +set of permissions such as 755. +.It Fl n +Assume a +.Dq no +response to all questions asked by +.Nm +except for +.Dq CONTINUE? , +which is assumed to be affirmative. +The filesystem will not be opened for writing. +This is the default for file systems to be checked that are +concurrently mounted writable. +.It Fl p +Enter preen mode: +.Nm +will check the filesystem on the +special (raw) device listed on the command line +and will make minor repairs without +human intervention. +Any major problems will cause +.Nm +to exit with a non-zero exit code, +so as to alert any invoking program or script +that human intervention is required. +.It Fl y +Assume a +.Dq yes +response to all questions asked by +.Nm fsck_ffs ; +this should be used with great caution as this is a free license +to continue after essentially unlimited trouble has been encountered. +.El +.Pp +If neither of the +.Fl y +or +.Fl n +options are specified, the user may force +.Nm +to assume an answer of +.Dq yes +to all the remaining questions by replying to a question with a value of +.Dq F . +.Pp +In interactive mode, +.Nm +will list the conversion to be made +and ask whether the conversion should be done. +If a negative answer is given, +no further operations are done on the file system. +In preen mode, +the conversion is listed and done if +possible without user interaction. +Conversion in preen mode is best used when all the file systems +are being converted at once. +The format of a file system can be determined from the +first line of output from +.Xr dumpfs 8 . +.Pp +Inconsistencies checked are as follows: +.Pp +.Bl -enum -compact +.It +Blocks claimed more than once by inodes or the free map. +.It +Blocks claimed by an inode outside the range of the file system. +.It +Incorrect link counts. +.It +Size checks: +.Bl -item -compact -offset indent +.It +Directory size not a multiple of +.Dv DIRBLKSIZ . +.It +Partially truncated file. +.El +.It +Bad inode format. +.It +Blocks not accounted for anywhere. +.It +Directory checks: +.Bl -item -compact -offset indent +.It +File pointing to unallocated inode. +.It +Inode number out of range. +.It +Dot or dot-dot not the first two entries of a directory +or having the wrong inode number. +.El +.It +Super Block checks: +.Bl -item -compact -offset indent +.It +More blocks for inodes than there are in the file system. +.It +Bad free block map format. +.It +Total free block and/or free inode count incorrect. +.El +.El +.Pp +Orphaned files and directories (allocated but unreferenced) are, +with the operator's concurrence, reconnected by +placing them in the +.Pa lost+found +directory. +The name assigned is the inode number. +If the +.Pa lost+found +directory does not exist, it is created. +If there is insufficient space, its size is increased. +.Pp +Because of inconsistencies between the block device and the buffer cache, +the raw device should always be used. +.Sh DIAGNOSTICS +The diagnostics produced by +.Nm +are fully enumerated and explained in Appendix A of +.Rs +.\" 4.4BSD SMM:3 +.%T "Fsck \- The UNIX File System Check Program" +.Re +.Sh SEE ALSO +.Xr fs 5 , +.Xr fstab 5 , +.Xr fsck 8 , +.Xr fsdb 8 , +.Xr growfs 8 , +.Xr mount_ffs 8 , +.Xr newfs 8 , +.Xr rc 8 , +.Xr scan_ffs 8 diff --git a/static/openbsd/man8/fsck_msdos.8 b/static/openbsd/man8/fsck_msdos.8 new file mode 100644 index 00000000..b0e89a81 --- /dev/null +++ b/static/openbsd/man8/fsck_msdos.8 @@ -0,0 +1,117 @@ +.\" $OpenBSD: fsck_msdos.8,v 1.16 2015/10/14 14:33:45 deraadt Exp $ +.\" $NetBSD: fsck_msdos.8,v 1.4 1996/10/17 20:41:24 cgd Exp $ +.\" +.\" Copyright (C) 1995 Wolfgang Solfrank +.\" Copyright (c) 1995 Martin Husemann +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: October 14 2015 $ +.Dt FSCK_MSDOS 8 +.Os +.Sh NAME +.Nm fsck_msdos +.Nd DOS/Windows (FAT) file system consistency checker +.Sh SYNOPSIS +.Nm fsck_msdos +.Op Fl fnpy +.Ar filesystem +.Sh DESCRIPTION +The +.Nm +utility verifies and repairs +.Tn FAT +file systems (more commonly known as +.Tn DOS +file systems). +It checks the specified filesystem and tries to repair all +detected inconsistencies, requesting confirmation before +making any changes. +.Pp +If the +.Fl p +flag is given, +.Nm +preens the specified filesystem. +It is normally started this way by +.Xr fsck 8 +run from +.Xr rc 8 +during automatic reboot, when a FAT file system is detected. +When preening file systems, +.Nm +will fix common inconsistencies non-interactively. +If more serious problems are found, +.Nm +does not try to fix them, indicates that it was not +successful, and exits. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f +This option is ignored by +.Nm fsck_msdos , +and is present only for compatibility with programs that +check other file system types for consistency, such as +.Xr fsck_ffs 8 . +.It Fl n +Assume a +.Dq no +response to all questions asked by +.Nm +except for +.Dq CONTINUE? , +which is assumed to be affirmative. +The filesystem will not be opened for writing. +This is the default for file systems to be checked that are +concurrently mounted writable. +.It Fl p +Preen the specified filesystem. +.It Fl y +Causes +.Nm +to assume +.Dq yes +as the answer to all operator questions. +.El +.Pp +If neither of the +.Fl y +or +.Fl n +options are specified, the user may force +.Nm +to assume an answer of +.Dq yes +to all the remaining questions by replying to a question with a value of +.Dq F . +.Sh SEE ALSO +.Xr fs 5 , +.Xr fstab 5 , +.Xr fsck 8 , +.Xr fsck_ffs 8 , +.Xr mount_msdos 8 , +.Xr newfs_msdos 8 , +.Xr rc 8 +.Sh BUGS +.Nm +is still under construction. diff --git a/static/openbsd/man8/fsdb.8 b/static/openbsd/man8/fsdb.8 new file mode 100644 index 00000000..cf67d36e --- /dev/null +++ b/static/openbsd/man8/fsdb.8 @@ -0,0 +1,242 @@ +.\" $OpenBSD: fsdb.8,v 1.20 2020/04/23 21:28:08 jmc Exp $ +.\" $NetBSD: fsdb.8,v 1.5 1997/01/11 05:51:40 lukem Exp $ +.\" +.\" Copyright (c) 1996 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by John T. Kohl. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt FSDB 8 +.Os +.Sh NAME +.Nm fsdb +.Nd FFS debugging/editing tool +.Sh SYNOPSIS +.Nm fsdb +.Op Fl d +.Fl f Ar fsname +.Sh DESCRIPTION +.Nm +opens +.Ar fsname +(usually a raw disk partition) and runs a command loop +allowing manipulation of the file system's inode data. +You are prompted to enter a command with +.Ic "fsdb (inum X)>" +where +.Va X +is the currently selected i-number. +The initial selected inode is the root of the file system (i-number 2). +.Pp +The command processor uses the +.Xr editline 3 +library, so you can use command line editing to reduce typing if desired. +When you exit the command loop, the file system superblock is marked +dirty and any buffered blocks are written to the file system. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Enables additional debugging output (which comes primarily from +.Xr fsck 8 Ns -derived +code). +.It Fl f Ar fsname +Open file system +.Ar fsname . +.El +.Pp +Besides the built-in +.Xr editline 3 +commands, +.Nm +supports these commands: +.Pp +.Bl -tag -width indent -compact +.It Cm help +Print out the list of accepted commands. +.Pp +.It Cm inode Ar i-number +Select inode +.Ar i-number +as the new current inode. +.Pp +.It Cm back +Revert to the previously current inode. +.Pp +.It Cm clri Ar i-number +Clear the inode +.Ar i-number . +.Pp +.It Cm lookup Ar name , Cm cd Ar name +Find +.Ar name +in the current directory and make its inode the current inode. +.Ar Name +may be a multi-component name or may begin with slash to indicate that +the root inode should be used to start the lookup. +If some component +along the pathname is not found, the last valid directory encountered is +left as the active inode. +.Pp +This command is valid only if the starting inode is a directory. +.Pp +.It Cm active , Cm print +Print out the active inode. +.Pp +.It Cm uplink +Increment the active inode's link count. +.Pp +.It Cm downlink +Decrement the active inode's link count. +.Pp +.It Cm linkcount Ar number +Set the active inode's link count to +.Ar number . +.Pp +.It Cm ls +List the current inode's directory entries. +This command is valid only if the current inode is a directory. +.Pp +.It Cm rm Ar name , Cm del Ar name +Remove the entry +.Ar name +from the current directory inode. +This command is valid only if the current inode is a directory. +.Pp +.It Cm ln Ar ino name +Create a link to inode +.Ar ino +under the name +.Ar name +in the current directory inode. +This command is valid only if the current inode is a directory. +.Pp +.It Cm chinum Ar dirslot inum +Change the i-number in directory entry +.Ar dirslot +to +.Ar inum . +.Pp +.It Cm chname Ar dirslot name +Change the name in directory entry +.Ar dirslot +to +.Ar name . +This command cannot expand a directory entry. +You can only rename an +entry if the name will fit into the existing directory slot. +.Pp +.It Cm chtype Ar type +Change the type of the current inode to +.Ar type . +.Ar type +may be one of: +.Em file , +.Em dir , +.Em socket , +or +.Em fifo . +.Pp +.It Cm chmod Ar mode +Change the mode bits of the current inode to +.Ar mode . +You cannot change the file type with this subcommand; use +.Ic chtype +to do that. +.Pp +.It Cm chflags Ar flags +Change the file flags of the current inode to +.Ar flags . +.Pp +.It Cm chown Ar uid +Change the owner of the current inode to +.Ar uid . +.Pp +.It Cm chlen Ar length +Change the length of the current inode to +.Ar length . +.Pp +.It Cm chgrp Ar gid +Change the group of the current inode to +.Ar gid . +.Pp +.It Cm chgen Ar gen +Change the generation number of the current inode to +.Ar gen . +.Pp +.It Xo Cm mtime Ar time , +.Cm ctime Ar time , +.Cm atime Ar time +.Xc +Change the modification, change, or access time (respectively) on the +current inode to +.Ar time . +.Ar Time +should be in the format +.Em YYYYMMDDHHMMSS[.nsec] +where +.Em nsec +is an optional nanosecond specification. +If no nanoseconds are specified, the +.Va mtimensec , +.Va ctimensec , +or +.Va atimensec +field will be set to zero. +.Pp +.It Cm quit , q , exit , Em +Exit the program. +.El +.Sh SEE ALSO +.Xr editline 3 , +.Xr fs 5 , +.Xr clri 8 , +.Xr fsck 8 +.Sh HISTORY +.Nm +uses the source code for +.Xr fsck 8 +to implement most of the file system manipulation code. +The remainder of +.Nm +first appeared in +.Nx 1.1 . +.Sh BUGS +Manipulation of +.Dq short +symlinks doesn't work (in particular, don't +try changing a symlink's type). +.Pp +You must specify modes as numbers rather than symbolic names. +.Pp +There are a bunch of other things that you might want to do which +.Nm +doesn't implement. +.Sh WARNING +Use this tool with extreme caution \(en you can damage an FFS file system +beyond what +.Xr fsck 8 +can repair. diff --git a/static/openbsd/man8/fsirand.8 b/static/openbsd/man8/fsirand.8 new file mode 100644 index 00000000..c84186e1 --- /dev/null +++ b/static/openbsd/man8/fsirand.8 @@ -0,0 +1,94 @@ +.\" $OpenBSD: fsirand.8,v 1.32 2019/01/25 00:19:26 millert Exp $ +.\" +.\" Copyright (c) 1997 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt FSIRAND 8 +.Os +.Sh NAME +.Nm fsirand +.Nd randomize inode generation numbers +.Sh SYNOPSIS +.Nm fsirand +.Op Fl bfp +.Ar special ... +.Sh DESCRIPTION +The +.Nm +command installs random generation numbers on all the inodes for +each filesystem specified on the command line by +.Ar special . +This increases the security of NFS-exported filesystems by making +it difficult to +.Dq guess +filehandles. +.Pp +.Em Note : +.Xr newfs 8 +now does the equivalent of +.Nm +itself so it is no longer necessary to +run +.Nm +by hand on a new filesystem. +It is only used to re-randomize or report on an existing filesystem. +.Pp +.Nm +should only be used on an unmounted filesystem that +has been checked with +.Xr fsck 8 +or a filesystem that is mounted read-only. +.Nm +may be used on the root filesystem in single-user mode +but the system should be rebooted via +.Dq reboot -n +afterwards. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b +Use the default block size (usually 512 bytes) instead +of the value gleaned from the disklabel. +.It Fl f +Force +.Nm +to run even if the filesystem on +.Ar special +is not marked as clean. +.It Fl p +Print the current generation numbers for all inodes instead of +generating new ones. +.El +.Sh SEE ALSO +.Xr fs 5 , +.Xr fsck 8 , +.Xr newfs 8 , +.Xr reboot 8 +.Sh HISTORY +The +.Nm +command appeared in SunOS 3.x. +This version of +.Nm +first appeared in +.Ox 2.1 . +.Sh AUTHORS +.An Todd C. Miller +.Sh CAVEATS +Since +.Nm +allocates enough memory to hold all the inodes in +a given cylinder group, it may use a large amount +of memory for large disks with few cylinder groups. diff --git a/static/openbsd/man8/ftp-proxy.8 b/static/openbsd/man8/ftp-proxy.8 new file mode 100644 index 00000000..4e3bfa24 --- /dev/null +++ b/static/openbsd/man8/ftp-proxy.8 @@ -0,0 +1,202 @@ +.\" $OpenBSD: ftp-proxy.8,v 1.26 2025/05/21 03:15:40 kn Exp $ +.\" +.\" Copyright (c) 2004, 2005 Camiel Dobbelaar, +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 21 2025 $ +.Dt FTP-PROXY 8 +.Os +.Sh NAME +.Nm ftp-proxy +.Nd Internet File Transfer Protocol proxy daemon +.Sh SYNOPSIS +.Nm +.Bk -words +.Op Fl 6Adrv +.Op Fl a Ar sourceaddr +.Op Fl b Ar address +.Op Fl D Ar level +.Op Fl m Ar maxsessions +.Op Fl P Ar port +.Op Fl p Ar port +.Op Fl q Ar queue +.Op Fl R Ar address +.Op Fl T Ar tag +.Op Fl t Ar timeout +.Ek +.Sh DESCRIPTION +.Nm +is a proxy for the Internet File Transfer Protocol. +FTP control connections should be redirected into the proxy using the +.Xr pf 4 +.Ar divert-to +command, after which the proxy connects to the server on behalf of +the client. +.Pp +The proxy allows data connections to pass, rewriting and redirecting +them so that the right addresses are used. +All connections from the client to the server have their source +address rewritten so they appear to come from the proxy. +Consequently, all connections from the server to the proxy have +their destination address rewritten, so they are redirected to the +client. +The proxy uses the +.Xr pf 4 +.Ar anchor +facility for this. +.Pp +Assuming the FTP control connection is from $client to $server, the +proxy connected to the server using the $proxy source address, and +$port is negotiated, then +.Nm +adds the following rules to the anchor. +$server and $orig_server are the same unless +.Fl R +is used to force a different $server address for all connections. +(These example rules use inet, but the proxy also supports inet6.) +.Pp +In case of active mode (PORT or EPRT): +.Bd -literal -offset 2n +pass in from $server to $proxy port $proxy_port \e + rdr-to $client port $port +pass out from $server to $client port $port \e + nat-to $orig_server port $natport +.Ed +.Pp +In case of passive mode (PASV or EPSV): +.Bd -literal -offset 2n +pass in from $client to $orig_server port $proxy_port \e + rdr-to $server port $port +pass out from $client to $server port $port nat-to $proxy +.Ed +.Pp +.Nm +needs to start as root and drops privileges to the _ftp_proxy user. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 6 +IPv6 mode. +The proxy will expect and use IPv6 addresses for all communication. +Only the extended FTP modes EPSV and EPRT are allowed with IPv6. +The proxy is in IPv4 mode by default. +.It Fl A +Only permit anonymous FTP connections. +Either user "ftp" or user "anonymous" is allowed. +.It Fl a Ar sourceaddr +The proxy will use this as the source address for the control +connection to a server, which is useful on machines with multiple +interfaces. +.It Fl b Ar address +Address where the proxy will listen for redirected control connections. +The default is 127.0.0.1, or ::1 in IPv6 mode. +.It Fl D Ar level +Debug level, ranging from 0 to 7. +Higher is more verbose. +The default is 5. +(These levels correspond to the +.Xr syslog 3 +levels.) +.It Fl d +Do not daemonize. +The process will stay in the foreground, logging to standard error. +.It Fl m Ar maxsessions +Maximum number of concurrent FTP sessions. +When the proxy reaches this limit, new connections are denied. +The default is 100 sessions. +The limit can be lowered to a minimum of 1, or raised to a maximum of 500. +.It Fl P Ar port +Fixed server port. +Only used in combination with +.Fl R . +The default is port 21. +.It Fl p Ar port +Port where the proxy will listen for redirected connections. +The default is port 8021. +.It Fl q Ar queue +Create rules with queue +.Ar queue +appended, so that data connections can be queued. +.It Fl R Ar address +Fixed server address, also known as reverse mode. +The proxy will always connect to the same server, regardless of +where the client wanted to connect to (before it was redirected). +Use this option to proxy for a server behind NAT, or to forward all +connections to another proxy. +.It Fl r +Rewrite sourceport to 20 in active mode to suit ancient clients that insist +on this RFC property. +.It Fl T Ar tag +The filter rules will add tag +.Ar tag +to data connections, and will use match rules instead of pass ones. +This way alternative rules that use the +.Ar tagged +keyword can be implemented following the +.Nm +anchor. +These rules can use special +.Xr pf 4 +features like route-to, reply-to, label, rtable, overload, etc. that +.Nm +does not implement itself. +There must be a matching pass rule after the +.Nm +anchor or the data connections will be blocked. +.It Fl t Ar timeout +Number of seconds that the control connection can be idle, before the +proxy will disconnect. +The maximum is 86400 seconds, which is also the default. +Do not set this too low, because the control connection is usually +idle when large data transfers are taking place. +.It Fl v +Set the 'log' flag on pf rules committed by +.Nm . +Use twice to set the 'log all' flag. +The pf rules do not log by default. +.El +.Sh CONFIGURATION +To make use of the proxy, +.Xr pf.conf 5 +needs the following rules. +Adjust the rules as needed; depending on the rest of the ruleset, the +last rule explicitly allowing FTP sessions from the proxy may not be +necessary. +.Bd -literal -offset 2n +anchor "ftp-proxy/*" +pass in quick proto tcp to port ftp divert-to 127.0.0.1 port 8021 +pass out inet proto tcp from (self) to any port ftp +.Ed +.Sh SEE ALSO +.Xr ftp 1 , +.Xr pf 4 , +.Xr pf.conf 5 +.Sh CAVEATS +.Xr pf 4 +does not allow the ruleset to be modified if the system is running at a +.Xr securelevel 7 +higher than 1. +At that level +.Nm +cannot add rules to the anchors and FTP data connections may get blocked. +.Pp +Negotiated data connection ports below 1024 are not allowed. +.Pp +The negotiated IP address for active modes is ignored for security +reasons. +This makes third party file transfers impossible. +.Pp +Since +.Nm +acts as a man-in-the-middle, it breaks explicit FTP TLS connections (RFC 4217). diff --git a/static/openbsd/man8/ftpd.8 b/static/openbsd/man8/ftpd.8 new file mode 100644 index 00000000..846e602a --- /dev/null +++ b/static/openbsd/man8/ftpd.8 @@ -0,0 +1,568 @@ +.\" $OpenBSD: ftpd.8,v 1.77 2022/03/31 17:27:18 naddy Exp $ +.\" $NetBSD: ftpd.8,v 1.8 1996/01/14 20:55:23 thorpej Exp $ +.\" +.\" Copyright (c) 1985, 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt FTPD 8 +.Os +.Sh NAME +.Nm ftpd +.Nd Internet File Transfer Protocol server +.Sh SYNOPSIS +.Nm ftpd +.Op Fl 46ADdlMnPSUW +.Op Fl m Ar minuid +.Op Fl T Ar maxtimeout +.Op Fl t Ar timeout +.Op Fl u Ar mask +.Sh DESCRIPTION +.Nm +is the Internet File Transfer Protocol server process. +The server uses the TCP protocol +and listens at the port specified in the +.Dq ftp +service specification; see +.Xr services 5 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +When +.Fl D +is specified, forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +When +.Fl D +is specified, forces +.Nm +to use IPv6 addresses only. +.It Fl A +Permit only anonymous FTP connections +(unless the +.Fl n +option is specified), +accounts listed in +.Pa /etc/ftpchroot +or users in a login class with the +.Dq ftp-chroot +variable set (see below). +Other connection attempts are refused. +.It Fl D +With this option set, +.Nm +will detach and become a daemon, accepting connections on the FTP port and +forking child processes to handle them. +This has lower overhead than starting +.Nm +from +.Xr inetd 8 +and is thus useful on busy servers to reduce load. +.It Fl d +Debugging information is written to the syslog using +.Dv LOG_FTP . +.It Fl l +Each successful and failed +FTP session is logged using syslog with a facility of +.Dv LOG_FTP . +If this option is specified twice, the retrieve (get), store (put), append, +delete, make directory, remove directory and rename operations and +their filename arguments are also logged. +.It Fl M +Enables multihomed mode. +Instead of simply using +.Pa ~ftp +for anonymous transfers, a directory matching the fully qualified name of +the IP number the client connected to, and located inside +.Pa ~ftp , +is used instead. +.It Fl m Ar minuid +Disallow login to user accounts with a UID below +.Ar minuid . +The default is 1000, to prevent access to administrative and daemon accounts. +Anonymous access is allowed even if the UID of the FTP user is smaller than +.Ar minuid . +.It Fl n +Do not permit anonymous FTP logins. +Normally they are permitted. +.It Fl P +Permit illegal port numbers or addresses for PORT command initiated connects. +By default +.Nm +violates the RFC and thus constrains the PORT command to non-reserved ports +and requires it use the same source address as the connection came from. +This prevents the "FTP bounce attack" against services on both the local +machine and other local machines. +.It Fl S +With this option set, +.Nm +logs all anonymous downloads to the file +.Pa /var/log/ftpd +when this file exists. +.It Fl T Ar maxtimeout +A client may also request a different timeout period; +the maximum period allowed may be set to +.Ar maxtimeout +seconds with the +.Fl T +option. +The default limit is 2 hours. +.It Fl t Ar timeout +The inactivity timeout period is set to +.Ar timeout +seconds (the default is 15 minutes). +.It Fl U +Each concurrent +FTP session is logged to the file +.Pa /var/run/utmp , +making them visible to commands such as +.Xr who 1 . +.Fl U +and +.Fl W +are mutually exclusive. +.It Fl u Ar mask +Force the umask to +.Ar mask , +instead of the default specified in +.Pa /etc/login.conf +(usually 022). +Also disallows chmod. +.It Fl W +Do not save login records to +.Pa /var/log/wtmp . +.Fl W +and +.Fl U +are mutually exclusive. +.El +.Pp +The file +.Pa /etc/nologin +can be used to disable FTP access. +If the file exists, +.Nm +displays it and exits. +Note: this method will disable +.Em all +non-root logins; see +.Xr login 1 +for further details. +If the file +.Pa /etc/ftpwelcome +exists, +.Nm +prints it before issuing the +.Dq ready +message. +If the welcome file exists +.Pa ( /etc/motd +by default), +.Nm +prints it after a successful login. +If the file +.Pa .message +exists in a directory, +.Nm +prints it when that directory is entered. +.Pp +The FTP server currently supports the following FTP requests. +The case of the requests is ignored. +.Bl -column "Request" -offset indent +.It Sy Request Ta Sy Description +.It ABOR Ta "abort previous command" +.It ACCT Ta "specify account (not implemented)" +.It ALLO Ta "allocate storage (vacuously)" +.It APPE Ta "append to a file" +.It CDUP Ta "change to parent of current working directory" +.It CWD Ta "change working directory" +.It DELE Ta "delete a file" +.It EPRT Ta "specify data connection port" +.It EPSV Ta "prepare for server-to-server transfer" +.It HELP Ta "give help information" +.It LIST Ta "give list of files in a directory" Pq Li "ls -lgA" +.It LPRT Ta "specify data connection port" +.It LPSV Ta "prepare for server-to-server transfer" +.It MDTM Ta "show last modification time of file" +.It MKD Ta "make a directory" +.It MODE Ta "specify data transfer" Em mode +.It NLST Ta "give name list of files in directory" +.It NOOP Ta "do nothing" +.It PASS Ta "specify password" +.It PASV Ta "prepare for server-to-server transfer" +.It PORT Ta "specify data connection port" +.It PWD Ta "print the current working directory" +.It QUIT Ta "terminate session" +.It REIN Ta "reinitialize (not implemented)" +.It REST Ta "restart incomplete transfer" +.It RETR Ta "retrieve a file" +.It RMD Ta "remove a directory" +.It RNFR Ta "specify rename-from file name" +.It RNTO Ta "specify rename-to file name" +.It SITE Ta "non-standard commands (see next section)" +.It SIZE Ta "return size of file" +.It SMNT Ta "structure mount (not implemented)" +.It STAT Ta "return status of server" +.It STOR Ta "store a file" +.It STOU Ta "store a file with a unique name" +.It STRU Ta "specify data transfer" Em structure +.It SYST Ta "show operating system type of server system" +.It TYPE Ta "specify data transfer" Em type +.It USER Ta "specify user name; not valid after login" +.It XCUP Ta "change to parent of current working directory (deprec.)" +.It XCWD Ta "change working directory (deprecated)" +.It XMKD Ta "make a directory (deprecated)" +.It XPWD Ta "print the current working directory (deprecated)" +.It XRMD Ta "remove a directory (deprecated)" +.El +.Pp +The following non-standard or UNIX specific commands +are supported by the SITE request: +.Bl -column Request -offset indent +.It Sy Request Ta Sy Description +.It CHMOD Ta "change mode of a file, e.g., SITE CHMOD 755 filename" +.It HELP Ta "give help information" +.It IDLE Ta "set idle-timer, e.g., SITE IDLE 60" +.It UMASK Ta "change umask, e.g., SITE UMASK 002" +.El +.Pp +The remaining FTP requests specified in Internet RFC 959 are recognized, +but not implemented. +MDTM and SIZE are specified in RFC 3659. +.Pp +The FTP server will abort an active file transfer only when the +ABOR +command is preceded by a Telnet "Interrupt Process" (IP) +signal and a Telnet "Synch" signal in the command Telnet stream, +as described in Internet RFC 959. +If a +STAT +command is received during a data transfer, preceded by a Telnet IP +and Synch, transfer status will be returned. +.Pp +.Nm +interprets file names according to the +.Dq globbing +conventions used by +.Xr csh 1 . +This allows users to utilize the metacharacters +.Dq Li \&*?[]{}~ . +.Pp +.Nm +authenticates users by using the service and type of +.Ar ftp , +as defined in the +.Pa /etc/login.conf +file (see +.Xr login.conf 5 ) . +An authentication style +may be specified by appending with a colon +.Pq Sq :\& +following the authentication style, i.e.\& +.Dq joe:skey . +The allowed authentication styles for +.Nm +may be explicitly specified by the +.Dq auth-ftp +entry in +.Pa /etc/login.conf . +.Pp +.Nm +authenticates users according to the following rules. +.Bl -enum -offset indent +.It +The login name must be in the password database and not have a null password. +In this case a password must be provided by the client before any +file operations may be performed. +.It +The login name must not appear in the file +.Pa /etc/ftpusers . +.It +The user account must have a UID not less than +.Ar minuid . +.It +The user must have a standard shell as described by +.Xr shells 5 . +.It +If the user name appears in the file +.Pa /etc/ftpchroot , +which is a text file containing one user name per line, +the session's root will be changed to the user's login directory by +.Xr chroot 2 +as for an +.Dq anonymous +or +.Dq ftp +account (see next item). +However, the user must still supply a password. +This feature is intended as a compromise between a fully anonymous account +and a fully privileged account. +The account should also be set up as for an anonymous account. +.It +If the user name is +.Dq anonymous +or +.Dq ftp , +an +anonymous FTP account must be present in the password +file (user +.Dq ftp ) . +In this case the user is allowed +to log in by specifying any password (by convention an email address for +the user should be used as the password). +.El +.Pp +Once a user is authenticated, the user must be approved by any approval +script defined (see +.Xr login.conf 5 ) . +If a valid approval script (by either :approve=...: or :approve-ftp=...: +for the user's class) is defined then it is run and must exit with a 0 +(success) status. +When +.Nm +is running under the +.Fl D +flag (and debugging is not turned on) then the approval script will be +called with at least the following variables specified via the +.Fl v +option (see +.Xr login.conf 5 ) +to the approve script: +.Bl -column "Variable" -offset indent +.It Sy Variable Ta Sy Description +.It FTPD_HOST Ta "The server's (virtual) hostname" +.El +.Pp +For example (the line is broken to fit the page): +.Bd -literal -offset indent +/usr/libexec/auth/approve_ftpd -v FTPD_HOST=ftp.mycompany.com \e + username class service +.Ed +.Pp +When the user logs in to the anonymous FTP account, +.Nm +takes special measures to restrict the client's access privileges. +The server performs a +.Xr chroot 2 +to the home directory of the +.Dq ftp +user. +In order that system security is not breached, it is recommended +that the +.Dq ftp +subtree be constructed with care, following these rules: +.Bl -tag -width "~ftp/pub" -offset indent +.It Pa ~ftp +Make the home directory owned by +.Dq root +and unwritable by anyone (mode 555). +.It Pa ~ftp/etc +Make this directory owned by +.Dq root +and unwritable by anyone (mode 511). +The files pwd.db (see +.Xr pwd_mkdb 8 ) +and +.Xr group 5 +must be present for the +.Xr ls 1 +command to be able to produce owner names rather than numbers. +The password field in +.Pa pwd.db +is not used, and should not contain real passwords. +The file +.Pa motd , +if present, will be printed after a successful login. +These files should be mode 444. +.It Pa ~ftp/pub +Make this directory mode 555 and owned by +.Dq root . +This is traditionally where publicly accessible files are +stored for download. +.El +.Pp +If logging to the +.Pa /var/log/ftpd +file is enabled, information will be written in the following format: +.Pp +.Bl -tag -width XXXXXXXXXXXXXX -offset indent -compact +.It time +The time and date of the download, in +.Xr ctime 3 +format. +.It elapsed time +The elapsed time, in seconds. +.It remote host +The remote host (or IP number). +.It bytes +The number of bytes transferred. +.It path +The full path (relative to the FTP chroot space) of the file transferred. +.It type +The type of transfer; either +.Sq a +for ASCII or +.Sq b +for binary. +.It unused +Unused field containing a +.Sq * , +for compatibility. +.It unused +Unused field containing an +.Sq o , +for compatibility. +.It user type +The type of user; either +.Sq a +for anonymous or +.Sq r +for a real user (should always be anonymous). +.It name +Either a system login name or the value given for +.Dq email address +if an anonymous user. +.It service name +The network service name (always ftp). +.It unused +Unused field containing a +.Sq 0 , +for compatibility. +.It real name +The system login name if the connection is not anonymous, or a +.Sq * +if it is. +.\" .It virtual host +.\" The virtual host that the connection was made to. +.El +.Pp +Although fields exist for logging information on real users, this file is +only used for anonymous downloads. +Unused fields exist only for compatibility with other +.Nm +implementations. +.Sh LOGIN.CONF VARIABLES +The +.Nm +daemon uses the following FTP-specific parameters: +.Bl -tag -width ftp-chroot +.It Pa auth-ftp +The list of authentication types available to this class. +See +.Xr login.conf 5 . +.It Pa ftp-chroot +A boolean value. +If set, users in this class will be automatically chrooted to +the user's login directory. +.It Pa ftp-dir +A path to a directory. +This value overrides the login directory for users in this class. +A leading tilde +.Pq Ql ~ +in +.Pa ftp-dir +will be expanded to the user's home directory based on the +contents of the password database. +.It Pa welcome +The path of the file containing the welcome message. +If this variable is not set, +.Pa /etc/motd +is used. +.El +.Sh PORT ALLOCATION +For passive mode data connections, +.Nm +will listen to a random high TCP port. +The interval of ports used are configurable using +.Xr sysctl 8 +variables +.Va net.inet.ip.porthifirst +and +.Va net.inet.ip.porthilast . +.Sh FILES +.Bl -tag -width /etc/ftpwelcome -compact +.It Pa /etc/ftpchroot +list of normal users who should be chrooted +.It Pa /etc/ftpusers +list of unwelcome/restricted users +.It Pa /etc/ftpwelcome +welcome notice +.It Pa /etc/login.conf +authentication styles +.It Pa /etc/motd +printed after a successful login +.It Pa /etc/nologin +displayed and access refused +.It Pa /var/log/ftpd +log file for anonymous downloads +.It Pa /var/log/wtmp +login account records +.It Pa /var/run/utmp +list of users on the system +.El +.Sh SEE ALSO +.Xr ftp 1 , +.Xr login 1 , +.Xr skey 1 , +.Xr who 1 , +.Xr chroot 2 , +.Xr ctime 3 , +.Xr group 5 , +.Xr login.conf 5 , +.Xr motd 5 , +.Xr services 5 , +.Xr shells 5 , +.Xr ftp-proxy 8 , +.Xr inetd 8 , +.Xr pwd_mkdb 8 , +.Xr sysctl 8 , +.Xr syslogd 8 +.Sh STANDARDS +.Rs +.%A J. Postel +.%A J. Reynolds +.%D October 1985 +.%R RFC 959 +.%T FILE TRANSFER PROTOCOL (FTP) +.Re +.Pp +.Rs +.%A P. Hethmon +.%D March 2007 +.%R RFC 3659 +.%T Extensions to FTP +.Re +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/fw_update.8 b/static/openbsd/man8/fw_update.8 new file mode 100644 index 00000000..7d4400d2 --- /dev/null +++ b/static/openbsd/man8/fw_update.8 @@ -0,0 +1,121 @@ +.\" $OpenBSD: fw_update.8,v 1.10 2026/04/12 12:35:06 jsg Exp $ +.\" +.\" Copyright (c) 2011 Alexander Hall +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 12 2026 $ +.Dt FW_UPDATE 8 +.Os +.Sh NAME +.Nm fw_update +.Nd install non-free firmware +.Sh SYNOPSIS +.Nm +.Op Fl adFlnv +.Op Fl D Ar path +.Op Fl p Ar path +.Op Ar driver | file ... +.Sh DESCRIPTION +The +.Nm +utility installs, updates, or deletes firmware for +.Ar driver +from the Internet. +By default, +.Nm +tries to determine which firmware are needed. +.Pp +Since firmware with an acceptable license is already present in +.Ox , +.Nm +exists purely to deal with firmware that may not be freely +distributed with +.Ox . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Install or update firmware for all drivers. +It is an error to specify this option with any +.Ar driver +arguments. +.It Fl d +Delete firmware for +.Ar driver . +If used without parameters, delete all firmware that is not required by +a driver. +If used in conjunction with +.Fl a , +delete firmware for all drivers. +.It Fl D Ar path +Use the content of +.Ar path +rather than output from +.Xr dmesg 8 +and +.Pa /var/run/dmesg.boot +to determine which firmware are needed. +.It Fl F +Download SHA256.sig and firmware .tgz to the current directory. +.It Fl l +List drivers without installing. +With +.Fl F +lists the full path to the files that will be downloaded. +.It Fl n +Dry run. +Do not actually install or update any firmware; +just report the steps that would be taken. +.It Fl p Ar path +Use +.Ar path , +either a local directory or a URL, +as the source for firmware instead of the default location. +.It Fl v +Turn on verbose output. +This flag can be specified multiple times for increased verbosity. +.El +.Pp +Firmware is downloaded from release-specific directories at +.Lk http://firmware.openbsd.org/firmware/ +unless overridden with +.Fl p . +.Sh ENVIRONMENT +.Bl -tag -width DESTDIRXXX +.It Ev DESTDIR +The root of the system to install into. +.El +.Sh FILES +.Bl -tag -width Ds +.It Pa ${DESTDIR}/usr/share/misc/firmware_patterns +A list of patterns used to detect needed firmware from the +.Xr dmesg 8 . +.It Pa ${DESTDIR}/etc/signify/openbsd-XX-fw.pub +Used with +.Xr signify 1 +to verify downloaded firmware files. +.El +.Sh SEE ALSO +.Xr pkg_add 1 , +.Xr dmesg 8 +.Sh AUTHORS +.An -nosplit +The +.Nm +program was designed by +.An Alexander Hall Aq Mt alexander@beard.se ; +it was then replaced with a perl version by +.An Marc Espie Aq Mt espie@openbsd.org . +It was rewritten to be able to be run from the installer by +.An Andrew Hewus Fresh Aq Mt afresh1@openbsd.org . diff --git a/static/openbsd/man8/getty.8 b/static/openbsd/man8/getty.8 new file mode 100644 index 00000000..b8886096 --- /dev/null +++ b/static/openbsd/man8/getty.8 @@ -0,0 +1,134 @@ +.\" $OpenBSD: getty.8,v 1.17 2022/03/31 17:27:18 naddy Exp $ +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)getty.8 8.1 (Berkeley) 6/4/93 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt GETTY 8 +.Os +.Sh NAME +.Nm getty +.Nd set terminal mode +.Sh SYNOPSIS +.Nm getty +.Oo +.Ar type +.Op Ar tty +.Oc +.Sh DESCRIPTION +The +.Nm +program +is called by +.Xr init 8 +to open and initialize the tty line, read a login name, and invoke +.Xr login 1 . +.Pp +The argument +.Ar tty +is the special device file in +.Pa /dev +to open for the terminal (for example, +.Pa ttyh0 ) . +If there is no argument or the argument is +.Sq - , +the tty line is assumed to be open as file descriptor 0. +.Pp +The +.Ar type +argument can be used to make +.Nm +treat the terminal line specially. +This argument is used as an index into the +.Xr gettytab 5 +database, to determine the characteristics of the line. +If there is no argument, or there is no such table, the +.Em default +table is used. +If there is no +.Pa /etc/gettytab , +a set of system defaults is used. +If indicated by the table located, +.Nm +will clear the terminal screen, +print a banner heading, +and prompt for a login name. +Usually either the banner or the login prompt will include +the system hostname. +.Pp +Most of the default actions of +.Nm +can be circumvented, or modified, by a suitable +.Xr gettytab 5 +table. +.Pp +The +.Nm +program +can be set to timeout after some interval, +which will cause dial up lines to hang up +if the login name is not entered reasonably quickly. +.Sh RESOURCES +.Nm +is started by +.Xr init 8 , +with a process priority, umask, and resource limits based on the +.Dq default +entry in +.Pa /etc/login.conf . +.Sh FILES +.Bl -tag -width /etc/gettytab -compact +.It Pa /etc/gettytab +.El +.Sh DIAGNOSTICS +.Bl -diag +.It "ttyxx: No such device or address." +.It "ttyxx: No such file or address." +A terminal which is turned +on in the +.Xr ttys 5 +file cannot be opened, likely because the requisite +lines are either not configured into the system, the associated device +was not attached during boot-time system configuration, +or the special file in +.Pa /dev +does not exist. +.El +.Sh SEE ALSO +.Xr login 1 , +.Xr ioctl 2 , +.Xr tty 4 , +.Xr gettytab 5 , +.Xr login.conf 5 , +.Xr ttys 5 , +.Xr init 8 +.Sh HISTORY +A +.Nm +program appeared in +.At v2 . diff --git a/static/openbsd/man8/gpioctl.8 b/static/openbsd/man8/gpioctl.8 new file mode 100644 index 00000000..6ff1b0da --- /dev/null +++ b/static/openbsd/man8/gpioctl.8 @@ -0,0 +1,215 @@ +.\" $OpenBSD: gpioctl.8,v 1.25 2018/03/12 12:52:14 jmc Exp $ +.\" +.\" Copyright (c) 2004 Alexander Yurchenko +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 12 2018 $ +.Dt GPIOCTL 8 +.Os +.Sh NAME +.Nm gpioctl +.Nd control GPIO devices +.Sh SYNOPSIS +.Nm gpioctl +.Op Fl q +.Ar device +.Ar pin +.Op Cm 0 | 1 | 2 | on | off | toggle +.Nm gpioctl +.Op Fl q +.Ar device +.Ar pin +.Cm set +.Op Ar flags +.Op Ar name +.Nm gpioctl +.Op Fl q +.Ar device +.Ar pin +.Cm unset +.Nm gpioctl +.Op Fl q +.Ar device +.Cm attach +.Ar device +.Ar offset +.Ar mask +.Op Ar flag +.Nm gpioctl +.Op Fl q +.Ar device +.Cm detach +.Ar device +.Sh DESCRIPTION +The +.Nm +program allows manipulation of GPIO +(General Purpose Input/Output) device pins. +Such devices can be either part of the chipset or embedded CPU, +or a separate chip. +The usual way of using GPIO +is to connect some simple devices such as LEDs and 1-wire thermal sensors +to its pins. +.Pp +Each GPIO device has an associated device file in the +.Pa /dev +directory. +.Ar device +can be specified with or without the +.Pa /dev +prefix. +For example, +.Pa /dev/gpio0 +or +.Pa gpio0 . +.Pp +GPIO pins can be either +.Dq read +or +.Dq written +with the values of logical 0 or 1. +If only a +.Ar pin +number is specified on the command line, the pin state will be read +from the GPIO controller and displayed. +To write to a pin, a value must be specified after the +.Ar pin +number. +Values can be either +.Cm 0 +or +.Cm 1 . +A value of +.Cm 2 +has a special meaning: it +.Dq toggles +the pin, i.e. changes its state to the opposite. +Instead of the numerical values, the word +.Cm on , +.Cm off , +or +.Cm toggle +can be used. +.Pp +Only pins that have been configured at securelevel 0, typically during system +startup, are accessible once the securelevel has been raised. +Pins can be given symbolic names for easier use. +Besides using individual pins, device drivers that use GPIO pins can be +attached to a +.Xr gpio 4 +device using the +.Nm +command. +.Pp +The following configuration +.Ar flags +are supported by the GPIO framework. +Note that not all the flags can be supported by the particular GPIO controller. +.Pp +.Bl -tag -width Ds -offset indent -compact +.It in +input direction +.It out +output direction +.It inout +bi-directional +.It od +open-drain output +.It pp +push-pull output +.It tri +tri-state (output disabled) +.It pu +internal pull-up enabled +.It pd +internal pull-down enabled +.It iin +invert input +.It iout +invert output +.El +.Pp +When attaching an I2C device, +if the +.Ar flag +argument is set to 1, +the order of the SDA and SCL signals is reversed +(see +.Xr gpioiic 4 ) . +.Pp +When executed with only the +.Xr gpio 4 +device name as argument, +.Nm +reads information about the GPIO device and displays it. +At securelevel 0 the number of physically available pins is displayed, +at higher securelevels the number of configured +.Pq Cm set +pins is displayed. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl q +Operate quietly i.e. nothing is printed to stdout. +.El +.Sh FILES +.Bl -tag -width "/dev/gpiou" -compact +.It /dev/gpio Ns Ar u +GPIO device unit +.Ar u +file. +.El +.Sh EXAMPLES +Configure pin 20 to have push-pull output: +.Pp +.Dl # gpioctl gpio0 20 set out pp +.Pp +Write logical 1 to pin 20: +.Pp +.Dl # gpioctl gpio0 20 1 +.Pp +Attach a +.Xr onewire 4 +bus on a +.Xr gpioow 4 +device on pin 4: +.Pp +.Dl # gpioctl gpio0 attach gpioow 4 0x01 +.Pp +Detach the gpioow0 device: +.Pp +.Dl # gpioctl gpio0 detach gpioow0 +.Pp +Configure pin 5 as output and name it error_led: +.Pp +.Dl # gpioctl gpio0 5 set out error_led +.Pp +Toggle the error_led: +.Pp +.Dl # gpioctl gpio0 error_led 2 +.Sh SEE ALSO +.Xr gpio 4 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 3.6 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Alexander Yurchenko Aq Mt grange@openbsd.org . +Device attachment was added by +.An Marc Balmer Aq Mt mbalmer@openbsd.org . diff --git a/static/openbsd/man8/group.8 b/static/openbsd/man8/group.8 new file mode 100644 index 00000000..a6d4752a --- /dev/null +++ b/static/openbsd/man8/group.8 @@ -0,0 +1,87 @@ +.\" $OpenBSD: group.8,v 1.18 2022/02/06 00:29:03 jsg Exp $ +.\" $NetBSD: group.8,v 1.10 2003/02/25 10:36:21 wiz Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: February 6 2022 $ +.Dt GROUP 8 +.Os +.Sh NAME +.Nm group +.Nd manage group information on the system +.Sh SYNOPSIS +.Nm group +.Cm add +.Op Fl ov +.Op Fl g Ar gid +.Ar group +.Nm group +.Cm del +.Op Fl v +.Ar group +.Nm group +.Cm info +.Op Fl ev +.Ar group +.Nm group +.Cm mod +.Op Fl ov +.Op Fl g Ar gid +.Op Fl n Ar newname +.Ar group +.Sh DESCRIPTION +The +.Nm +utility acts as a frontend to the +.Xr groupadd 8 , +.Xr groupmod 8 , +.Xr groupinfo 8 , +and +.Xr groupdel 8 +commands. +.Pp +For a full explanation of the options, see the relevant manual page. +.Sh EXIT STATUS +.Ex -std group +.Sh SEE ALSO +.Xr group 5 , +.Xr groupadd 8 , +.Xr groupdel 8 , +.Xr groupinfo 8 , +.Xr groupmod 8 , +.Xr user 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/groupadd.8 b/static/openbsd/man8/groupadd.8 new file mode 100644 index 00000000..763427b5 --- /dev/null +++ b/static/openbsd/man8/groupadd.8 @@ -0,0 +1,72 @@ +.\" $OpenBSD: groupadd.8,v 1.17 2016/11/29 03:59:31 jsg Exp $ +.\" $NetBSD: groupadd.8,v 1.9 2003/02/14 16:11:37 grant Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 29 2016 $ +.Dt GROUPADD 8 +.Os +.Sh NAME +.Nm groupadd +.Nd add a group to the system +.Sh SYNOPSIS +.Nm groupadd +.Op Fl ov +.Op Fl g Ar gid +.Ar group +.Sh DESCRIPTION +The +.Nm +utility adds a group to the system. +The options are as follows: +.Bl -tag -width Ds +.It Fl g Ar gid +Gives the numeric group identifier to be used for the new group. +.It Fl o +Allows the new group to have a GID which is already in use for another group. +.It Fl v +Enables verbose mode - explain the commands as they are executed. +.El +.Sh EXIT STATUS +.Ex -std groupadd +.Sh SEE ALSO +.Xr group 5 , +.Xr groupdel 8 , +.Xr groupinfo 8 , +.Xr groupmod 8 , +.Xr user 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/groupdel.8 b/static/openbsd/man8/groupdel.8 new file mode 100644 index 00000000..32785057 --- /dev/null +++ b/static/openbsd/man8/groupdel.8 @@ -0,0 +1,67 @@ +.\" $OpenBSD: groupdel.8,v 1.17 2016/11/29 03:59:31 jsg Exp $ +.\" $NetBSD: groupdel.8,v 1.9 2003/02/14 16:11:37 grant Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 29 2016 $ +.Dt GROUPDEL 8 +.Os +.Sh NAME +.Nm groupdel +.Nd remove a group from the system +.Sh SYNOPSIS +.Nm groupdel +.Op Fl v +.Ar group +.Sh DESCRIPTION +The +.Nm +utility removes a group from the system. +The options are as follows: +.Bl -tag -width Ds +.It Fl v +Enables verbose mode - explain the commands as they are executed. +.El +.Sh EXIT STATUS +.Ex -std groupdel +.Sh SEE ALSO +.Xr group 5 , +.Xr groupadd 8 , +.Xr groupinfo 8 , +.Xr groupmod 8 , +.Xr user 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/groupinfo.8 b/static/openbsd/man8/groupinfo.8 new file mode 100644 index 00000000..6d8c217e --- /dev/null +++ b/static/openbsd/man8/groupinfo.8 @@ -0,0 +1,92 @@ +.\" $OpenBSD: groupinfo.8,v 1.15 2016/11/29 03:59:31 jsg Exp $ +.\" $NetBSD: groupinfo.8,v 1.3 2000/10/03 19:32:23 bjh21 Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 29 2016 $ +.Dt GROUPINFO 8 +.Os +.Sh NAME +.Nm groupinfo +.Nd display group information +.Sh SYNOPSIS +.Nm groupinfo +.Op Fl e +.Ar group +.Sh DESCRIPTION +The +.Nm +utility displays the name, group ID (GID), +and members of the specified +.Ar group . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl e +Do not display anything (quiet mode). +This form of the command is useful for +scripts which need to check whether a particular group +name or GID is already in use on the system. +.El +.Pp +The +.Ar group +argument may be either a group name or a GID. +.Sh EXIT STATUS +The +.Nm +utility exits 0 if +.Ar group +exists, and non-zero if it does not. +.Sh SEE ALSO +.Xr group 5 , +.Xr passwd 5 , +.Xr group 8 , +.Xr userinfo 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . +.Sh CAVEATS +If the specified +.Ar group +is the primary group of a user, but that user is not listed as a +member of the +.Ar group +in the +.Xr group 5 +file, the +.Nm +utility fails to list that user as a member of the +.Ar group . diff --git a/static/openbsd/man8/groupmod.8 b/static/openbsd/man8/groupmod.8 new file mode 100644 index 00000000..a001088e --- /dev/null +++ b/static/openbsd/man8/groupmod.8 @@ -0,0 +1,75 @@ +.\" $OpenBSD: groupmod.8,v 1.19 2016/11/29 03:59:31 jsg Exp $ +.\" $NetBSD: groupmod.8,v 1.10 2003/02/14 16:11:37 grant Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 29 2016 $ +.Dt GROUPMOD 8 +.Os +.Sh NAME +.Nm groupmod +.Nd modify an existing group on the system +.Sh SYNOPSIS +.Nm groupmod +.Op Fl ov +.Op Fl g Ar gid +.Op Fl n Ar newname +.Ar group +.Sh DESCRIPTION +The +.Nm +utility modifies an existing group. +The options are as follows: +.Bl -tag -width Ds +.It Fl g Ar gid +Gives the numeric group identifier to be used for the new group. +.It Fl n Ar newname +Gives the new name which the group shall have. +.It Fl o +Allows the new group to have a GID which is already in use for another group. +.It Fl v +Enables verbose mode - explain the commands as they are executed. +.El +.Sh EXIT STATUS +.Ex -std groupmod +.Sh SEE ALSO +.Xr group 5 , +.Xr groupadd 8 , +.Xr groupdel 8 , +.Xr groupinfo 8 , +.Xr user 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/growfs.8 b/static/openbsd/man8/growfs.8 new file mode 100644 index 00000000..3a104024 --- /dev/null +++ b/static/openbsd/man8/growfs.8 @@ -0,0 +1,147 @@ +.\" $OpenBSD: growfs.8,v 1.16 2017/10/17 22:47:58 schwarze Exp $ +.\" Copyright (c) 2000 Christoph Herrmann, Thomas-Henning von Kamptz +.\" Copyright (c) 1980, 1989, 1993 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Christoph Herrmann and Thomas-Henning von Kamptz, Munich and Frankfurt. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgment: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors, as well as Christoph +.\" Herrmann and Thomas-Henning von Kamptz. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $TSHeader: src/sbin/growfs/growfs.8,v 1.3 2000/12/12 19:31:00 tomsoft Exp $ +.\" $FreeBSD: src/sbin/growfs/growfs.8,v 1.24 2005/01/18 10:09:34 ru Exp $ +.\" +.Dd $Mdocdate: October 17 2017 $ +.Dt GROWFS 8 +.Os +.Sh NAME +.Nm growfs +.Nd grow size of an existing ffs file system +.Sh SYNOPSIS +.Nm +.Op Fl Nqy +.Op Fl s Ar size +.Ar special +.Sh DESCRIPTION +The +.Nm +utility extends the +.Xr newfs 8 +program. +Before starting +.Nm growfs , +the partition must be set to a larger size using +.Xr disklabel 8 . +The +.Nm +utility extends the size of the file system on the specified special file. +.Pp +Currently +.Nm +can only enlarge unmounted file systems. +Do not try enlarging a mounted file system \- your system may panic and +you will not be able to use the file system any longer. +Most of the +.Xr newfs 8 +options cannot be changed by +.Nm growfs . +In fact, you can only increase the size of the file system. +Use +.Xr tunefs 8 +for other changes. +.Pp +The following options are available: +.Bl -tag -width "-s sizeXX" +.It Fl N +Test mode. +Causes the new file system parameters to be printed out without actually +enlarging the file system. +.It Fl q +Operate in quiet mode. +With this option, +.Nm +will not print extraneous information like superblock backups. +.It Fl s Ar size +Determines the +.Ar size +of the file system after enlarging in sectors. +This value defaults to the size of the raw partition specified in +.Ar special +(in other words, +.Nm +will enlarge the file system to the size of the entire partition). +.It Fl y +Expert mode. +Usually +.Nm +will ask you if you have taken a backup of your data and will test +whether +.Ar special +is currently mounted. +The +.Fl y +flag suppresses this, +so use this option with great care! +.El +.Sh ENVIRONMENT +.Bl -tag -width COLUMNS +.It Ev COLUMNS +If set to a positive integer, +output is formatted to the given width in columns. +Otherwise, +.Nm +defaults to the terminal width, or 80 columns if the output is not a terminal. +.El +.Sh SEE ALSO +.Xr disklabel 8 , +.Xr dumpfs 8 , +.Xr fdisk 8 , +.Xr fsck 8 , +.Xr newfs 8 , +.Xr tunefs 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Fx 4.4 +and has been available since +.Ox 3.4 . +.Sh AUTHORS +.An Christoph Herrmann Aq Mt chm@FreeBSD.org +.An Thomas-Henning von Kamptz Aq Mt tomsoft@FreeBSD.org +.br +and the +.Nm +team +.Aq Mt growfs@tomsoft.com +.Sh BUGS +Filesystems must be checked with +.Xr fsck 8 +after enlarging. diff --git a/static/openbsd/man8/hostapd.8 b/static/openbsd/man8/hostapd.8 new file mode 100644 index 00000000..e8c2c05c --- /dev/null +++ b/static/openbsd/man8/hostapd.8 @@ -0,0 +1,142 @@ +.\" $OpenBSD: hostapd.8,v 1.23 2022/03/31 17:27:29 naddy Exp $ +.\" +.\" Copyright (c) 2004, 2005 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt HOSTAPD 8 +.Os +.Sh NAME +.Nm hostapd +.Nd Host Access Point daemon +.Sh SYNOPSIS +.Nm hostapd +.Op Fl dv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Sh DESCRIPTION +.Nm +is a daemon which allows communication between different 802.11 +wireless access points running in +.Em Host AP +mode. +.Pp +.Nm +implements the Inter Access Point Protocol (IAPP). +Its purpose is to exchange station association updates between access +points in large wireless networks. +IAPP has been designed to speed up roaming between different access +points in the same Extended Service Set (ESS). +IAPP is described in the IEEE 802.11f standard. +.Pp +.Nm +additionally allows the monitoring and logging of station associations on a +non-hostap host which is receiving IAPP messages. +.Pp +.Nm +uses two network interfaces on startup specified in the configuration file +.Xr hostapd.conf 5 . +The first interface is used to access the Host AP, +which is a wireless interface running in Host AP mode. +Host AP mode can be enabled using +.Xr ifconfig 8 . +The second interface is used to communicate with other +.Nm +in the same broadcast domain or multicast group. +Usually a wired interface is used to communicate with other +.Nm . +.Pp +.Nm +broadcasts an +.Em ADD.notify +IAPP message when a new station is associated to the Host AP. +When +.Nm +receives an ADD.notify message, it tells the Host AP +to remove the specified station. +.Pp +.Nm +may also handle dynamic roaming of IP addresses and routes in +addition to the standard IAPP ADD.notify behaviour. +See the section called IP Roaming in +.Xr hostapd.conf 5 +for details. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize and log to +.Em stderr . +.It Fl f Ar file +Use +.Ar file +as the configuration file, instead of the default +.Pa /etc/hostapd.conf . +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/etc/hostapd.confXXX" -compact +.It Pa /etc/hostapd.conf +default +.Nm +configuration file +.El +.Sh SEE ALSO +.Xr hostapd.conf 5 , +.Xr ifconfig 8 +.Rs +.%R IEEE 802.11f +.%T Inter Access Point Protocol +.%D March 2001 +.Re +.Sh HISTORY +The +.Nm +program first appeared at the 21st Chaos Communication Congress +.Pq Lk https://events.ccc.de/congress/2004/ +and later in +.Ox 3.8 . +.Sh AUTHORS +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . +.Sh CAVEATS +.Nm +depends on drivers using the net80211 +kernel wireless layer with support of Host AP mode. +For traditional reasons, +the +.Xr wi 4 +driver still uses its own Host AP code in +.Fn if_wi_hostap , +which is not supported by +.Nm . +.Pp +The IEEE 802.11 WLAN protocol lacks authentication of management +frames and is vulnerable to various denial of service and +man-in-the-middle attacks. +That should be considered when implementing wireless networks +with +.Nm . diff --git a/static/openbsd/man8/hostctl.8 b/static/openbsd/man8/hostctl.8 new file mode 100644 index 00000000..18de9baf --- /dev/null +++ b/static/openbsd/man8/hostctl.8 @@ -0,0 +1,155 @@ +.\" $OpenBSD: hostctl.8,v 1.5 2017/07/21 20:58:07 mikeb Exp $ +.\" +.\" Copyright (c) 2016 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 21 2017 $ +.Dt HOSTCTL 8 +.Os +.Sh NAME +.Nm hostctl +.Nd display or modify contents of the host's key-value store +.Sh SYNOPSIS +.Nm +.Op Fl qt +.Op Fl f Ar device +.Op Fl i Ar input +.Op Fl o Ar output +.Ar key +.Op Ar value +.Sh DESCRIPTION +The +.Nm +program provides a generic interface for accessing key-value stores on +the system's host. +It is primarily used for an abstracted way to exchange information +with hypervisors that are supported by the +.Xr pvbus 4 +subsystem. +When given the name of a specific +.Ar key , +.Nm +will display the value or list the key names of the subtree. +If the key is followed by a +.Ar value , +.Nm +will write the new key-value pair to the key-value store. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f Ar device +Use +.Ar device +instead of the default +.Pa /dev/pvbus0 . +.It Fl i Ar input +Read the new value for the specified +.Ar key +from the +.Ar input +file. +.It Fl o Ar output +Save the returned value in the +.Ar output +file. +.It Fl q +Don't ask for confirmation of any default options. +.It Fl t +Print the type of the underlying driver. +.El +.Pp +Multiple hypervisor interfaces and key-value stores can be simultaneously +available and reached through different device nodes. +.Sh FILES +.Bl -tag -width "/dev/pvbusX" -compact +.It /dev/pvbus Ns Ar u +.Xr pvbus 4 +device unit +.Ar u +file. +.El +.Sh EXAMPLES +The +.Xr vmt 4 +driver provides access to the +.Dq guestinfo +information that is available in VMware virtual machines: +.Bd -literal -offset indent +# hostctl guestinfo.hostname +vm-111.example.com +# hostctl guestinfo.ip 192.168.100.111 +.Ed +.Pp +The +.Xr xen 4 +driver provides access to the XenStore that is available in Xen +virtual machines. +The +.Xr pvbus 4 +layer abstracts it as a simple key-value interface: +.Bd -literal -offset indent +# hostctl device/vif/0/mac +fe:e1:ba:d0:27:0f +# hostctl device/vif/0/description "My interface" +.Ed +.Pp +The XenStore is a virtual filesystem that also provides directories. +The directory name can be specified as a key to return the contents, +other keys, of the directory: +.Bd -literal -offset indent +# hostctl device +vfb +vbd +vif +console +.Ed +.Pp +Access to the Hyper-V Key-Value Pair exchange interface is provided by the +.Xr hyperv 4 +driver. +The +.Xr pvbus 4 +layer abstracts access to several pre-defined key pools: +.Em Auto , +.Em Guest , +.Em External +and +.Em Guest/Parameters . +Available keys can be listed and set: +.Bd -literal -offset indent +# hostctl Auto/ +FullyQualifiedDomainName +IntegrationServicesVersion +NetworkAddressIPv4 +NetworkAddressIPv6 +OSBuildNumber +OSName +OSMajorVersion +OSMinorVersion +OSVersion +ProcessorArchitecture +# hostctl Auto/FullyQualifiedDomainName `hostname` +.Ed +.Sh SEE ALSO +.Xr pvbus 4 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 5.9 . +.Sh AUTHORS +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/static/openbsd/man8/hotplugd.8 b/static/openbsd/man8/hotplugd.8 new file mode 100644 index 00000000..5836a8b0 --- /dev/null +++ b/static/openbsd/man8/hotplugd.8 @@ -0,0 +1,127 @@ +.\" $OpenBSD: hotplugd.8,v 1.13 2015/07/27 17:28:39 sobrado Exp $ +.\" +.\" Copyright (c) 2004 Alexander Yurchenko +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 27 2015 $ +.Dt HOTPLUGD 8 +.Os +.Sh NAME +.Nm hotplugd +.Nd devices hot plugging monitor daemon +.Sh SYNOPSIS +.Nm hotplugd +.Op Fl d Ar device +.Sh DESCRIPTION +The +.Nm +daemon monitors the +.Xr hotplug 4 +pseudo-device, acting on signaled events by executing the scripts in the +.Pa /etc/hotplug +directory. +By default it uses the +.Pa /dev/hotplug +device for reading events from, but an alternative device can be +specified with the +.Fl d +option. +.Pp +Actions can be configured either for device attachment or detachment. +On device attachment the +.Pa attach +script is executed if it exists. +On device detachment the +.Pa detach +script is executed if it exists. +In both cases two parameters are passed to the scripts: the class and name +of the attached or detached device. +The device class corresponds to the classes described in the +.In sys/device.h +header file and can be one of the following: +.Pp +.Bl -tag -width Ds -offset indent -compact +.It 0 +generic, no special info +.It 1 +CPU (carries resource utilization) +.It 2 +disk drive +.It 3 +network interface +.It 4 +tape device +.It 5 +serial line interface +.El +.Pp +Not all classes are really usable. +For example, it's unlikely that a CPU will be hotplugged. +.Pp +The device name is the usual name, +as listed in +.Xr MAKEDEV 8 , +and the unit number, e.g.\& +.Pa sd1 . +.Sh FILES +.Bl -tag -width "/dev/hotplug/attach" -compact +.It Pa /dev/hotplug +Pseudo-device file. +.It Pa /etc/hotplug +Directory where the scripts to execute are located. +.It Pa /etc/hotplug/attach +Script to execute on device attachment. +.It Pa /etc/hotplug/detach +Script to execute on device detachment. +.El +.Sh EXAMPLES +Sample +.Pa attach +script: +.Bd -literal -offset indent +#!/bin/sh + +DEVCLASS=$1 +DEVNAME=$2 + +case $DEVCLASS in +2) + # disk devices + disklabel=`/sbin/disklabel $DEVNAME 2\*(Gt&1 | \e + sed -n '/^label: /s/^label: //p'` + case $disklabel in + Sony*DSC*) + # Sony DSC camera + mount -o nodev,nosuid /dev/"$DEVNAME"i /mnt/camera + ;; + esac + ;; +3) + # network devices; requires hostname.$DEVNAME + sh /etc/netstart $DEVNAME + ;; +esac +.Ed +.Sh SEE ALSO +.Xr hotplug 4 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.6 . +.Sh AUTHORS +The +.Nm +program was written by +.An Alexander Yurchenko Aq Mt grange@openbsd.org . diff --git a/static/openbsd/man8/httpd.8 b/static/openbsd/man8/httpd.8 new file mode 100644 index 00000000..d2908fac --- /dev/null +++ b/static/openbsd/man8/httpd.8 @@ -0,0 +1,100 @@ +.\" $OpenBSD: httpd.8,v 1.54 2022/10/24 15:02:01 jmc Exp $ +.\" +.\" Copyright (c) 2014 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 24 2022 $ +.Dt HTTPD 8 +.Os +.Sh NAME +.Nm httpd +.Nd HTTP daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Sh DESCRIPTION +The +.Nm +daemon is an HTTP server with FastCGI and TLS support. +.Pp +The FastCGI implementation has optional socket support. +.Nm +can log to +.Xr syslog 3 +or per-server files with several standard formats. +.Pp +.Nm +rereads its configuration file when it receives +.Dv SIGHUP +and reopens log files when it receives +.Dv SIGUSR1 . +.Pp +The options are as follows: +.Bl -tag -width Dssmacro=value +.It Fl D Ar macro Ns = Ns Ar value +Set a +.Ar macro +to a +.Ar value . +Macros can be referenced in the configuration files. +.It Fl d +Debug mode. +Create one server and don't detach or become a daemon. +This allows for easy monitoring of +.Nm . +.It Fl f Ar file +Specifies the configuration file. +The default is +.Pa /etc/httpd.conf . +.It Fl n +Check that the configuration is valid, but don't start any servers. +.It Fl v +Verbose mode. +Multiple +.Fl v +options increase the verbosity. +.El +.Sh FILES +.Bl -tag -width "/etc/ssl/private/server.key" -compact +.It Pa /etc/httpd.conf +Default configuration file. +.It Pa /etc/ssl/private/server.key +Default SSL/TLS server key. +.It Pa /etc/ssl/server.crt +Default SSL/TLS server certificate. +.It Pa /var/www/logs/access.log +Default access log file. +.It Pa /var/www/logs/error.log +Default error log file. +.El +.Sh SEE ALSO +.Xr acme-client 1 , +.Xr httpd.conf 5 , +.Xr slowcgi 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 5.6 . +.Nm +is based on +.Xr relayd 8 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/static/openbsd/man8/identd.8 b/static/openbsd/man8/identd.8 new file mode 100644 index 00000000..f02828ef --- /dev/null +++ b/static/openbsd/man8/identd.8 @@ -0,0 +1,104 @@ +.\" $OpenBSD: identd.8,v 1.11 2013/07/17 15:38:47 okan Exp $ +.\" +.\" Copyright (c) 2013 David Gwynne +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 17 2013 $ +.Dt IDENTD 8 +.Os +.Sh NAME +.Nm identd +.Nd Identification Protocol daemon +.Sh SYNOPSIS +.Nm +.Op Fl 46deHhNn +.Op Fl l Ar address +.Op Fl t Ar timeout +.Sh DESCRIPTION +.Nm +is a server which implements the Identification Protocol as specified in +RFC 1413. +.Pp +.Nm +operates by looking up specific TCP/IP connections and returning +the name of the user running the process responsible for the connection. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to stderr. +.It Fl e +Always return +.Dq UNKNOWN-ERROR +instead of the +.Dq NO-USER +or +.Dq INVALID-PORT +errors. +.It Fl H +Hide information about existing and non-existent users. +This flag implies +.Fl h . +.It Fl h +Hide the actual information about the user by providing an opaque +token instead. +This token is entered into the local system logs +so that the administrator can later discover who the real user was. +.It Fl l Ar address +Listen on the specified address. +By default +.Nm +listens on wildcard addresses. +.It Fl N +When replying with a user name or ID, first +check for a file +.Pa .noident +in the user's home directory. +If this file is accessible, return +.Dq HIDDEN-USER +instead of the normal USERID response. +.It Fl n +Always return UID numbers instead of usernames. +.It Fl t Ar timeout +Specifies the idle timeout for client connections, +in seconds. +The default timeout is 120 seconds. +.El +.\" .Sh SEE ALSO +.Sh STANDARDS +.Rs +.%A M. St. Johns +.%D February 1993 +.%R RFC 1413 +.%T Identification Protocol +.Re +.Sh HISTORY +The +.Nm +command was originally a process run via +.Xr inetd 8 . +It was rewritten for +.Ox 5.4 +as a persistent non-blocking daemon. diff --git a/static/openbsd/man8/ifconfig.8 b/static/openbsd/man8/ifconfig.8 new file mode 100644 index 00000000..bf5cc390 --- /dev/null +++ b/static/openbsd/man8/ifconfig.8 @@ -0,0 +1,2663 @@ +.\" $OpenBSD: ifconfig.8,v 1.413 2025/12/03 10:19:27 stsp Exp $ +.\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ +.\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)ifconfig.8 8.4 (Berkeley) 6/1/94 +.\" +.Dd $Mdocdate: December 3 2025 $ +.Dt IFCONFIG 8 +.Os +.Sh NAME +.Nm ifconfig +.Nd configure network interface parameters +.Sh SYNOPSIS +.Nm ifconfig +.Op Fl AaC +.Op Fl M Ar lladdr +.Op Ar interface +.Op Ar address_family +.Op Ar address Op Ar dest_address +.Op Ar parameters +.Sh DESCRIPTION +The +.Nm +utility is used to assign an address +to a network interface and/or configure +network interface parameters. +Generally speaking, +.Xr hostname.if 5 +files are used at boot-time to define the network address +of each interface present on a machine; +.Nm +is used at +a later time to redefine an interface's address +or other operating parameters. +.Pp +.Nm +displays the current configuration for a network interface +when no optional parameters are supplied. +If a protocol family is specified, +.Nm +will report only the details specific to that protocol family. +If no parameters are provided, a summary of all interfaces is provided. +.Pp +Only the superuser may modify the configuration of a network interface. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl A +Causes full interface alias information for each interface to +be displayed. +.It Fl a +Causes +.Nm +to print information on all interfaces. +The protocol family may be specified as well. +This is the default, if no parameters are given to +.Nm . +.It Fl C +Print the names of all network pseudo-devices that +can be created dynamically at runtime using +.Nm Cm create . +.It Fl M Ar lladdr +Scan the non-cloned interface list for the MAC address +.Ar lladdr +and print the name of that interface. +If the MAC address is found on multiple interfaces, print nothing. +.It Ar interface +The +.Ar interface +parameter is a string of the form +.Dq name unit , +for example, +.Dq en0 . +If no optional parameters are supplied, this string can instead be just +.Dq name . +If an interface group of that name exists, all interfaces in the group +will be shown. +Otherwise all interfaces of the same type will be displayed +(for example, +.Dq fxp +will display all +.Xr fxp 4 +interfaces). +.It Ar address_family +Specifies the address family +which affects interpretation of the remaining parameters. +Since an interface can receive transmissions in differing protocols +with different naming schemes, specifying the address family is recommended. +The address or protocol families currently +supported are +.Dq inet +and +.Dq inet6 . +.It Ar address +An Internet version 4 or 6 address. +Valid formats are dot notation (IPv4), +colon-separated (IPv6), +CIDR notation, +or a host name present in the host name database, +.Xr hosts 5 . +.It Ar dest_address +Specify the address of the correspondent on the other end +of a point-to-point link. +.El +.Pp +The following +.Ar parameters +may be set with +.Nm : +.Bl -tag -width dest_addressxx +.It Cm alias +Establish an additional network address for this interface. +This is sometimes useful when changing network numbers, and +one wishes to accept packets addressed to the old interface. +.It Cm -alias +A synonym for +.Cm delete . +Use of this option is discouraged in favour of +.Cm delete . +.It Cm arp +Enable the use of the Address Resolution Protocol (ARP) +in mapping +between network level addresses and link level addresses (default). +.It Cm -arp +Disable the use of ARP. +.It Cm autoconf +Set the +.Sy AUTOCONF4 +or +.Sy AUTOCONF6 +flag on the interface, depending on +.Ar address_family . +.Xr slaacd 8 +automatically configures IPv6 addresses for interfaces with +.Sy AUTOCONF6 +set. +.Xr dhcpleased 8 +automatically configures IPv4 addresses (using DHCP protocol) +for interfaces with +.Sy AUTOCONF4 +set. +.Pp +Automatically mark the interface as +.Dq up . +.It Cm -autoconf +Unset the +.Sy AUTOCONF4 +or +.Sy AUTOCONF6 +flag on the interface, depending on +.Ar address_family . +.It Cm broadcast Ar addr +(inet only) +Specify the address to use to represent broadcasts to the +network. +The default broadcast address is the address with a host part of all 1's. +.It Cm create +Create the specified network pseudo-device. +A list of devices which can be dynamically created may be shown with the +.Fl C +option. +.It Cm debug +Enable driver-dependent debugging code; usually, this turns on +extra console error logging. +.It Cm -debug +Disable driver-dependent debugging code. +.It Cm delete +Remove the default inet address associated with the interface, +including any netmask or destination address configured with it. +An address and address family can be given to make the deletion more specific. +.Tg description +.It Cm descr Ns Oo Cm iption Oc Ar value +Specify a description of the interface. +This can be used to label interfaces in situations where they may +otherwise be difficult to distinguish. +.It Cm -descr Ns Op Cm iption +Clear the interface description. +.It Cm destroy +Destroy the specified network pseudo-device. +.It Cm down +Mark an interface +.Dq down . +When an interface is marked +.Dq down , +the system will not attempt to +transmit messages through that interface. +If possible, the interface will be reset to disable reception as well. +This action automatically disables routes using the interface. +.It Cm group Ar group-name +Assign the interface to a group. +The +.Ar group-name +may not be longer than 15 characters and must not end with a digit. +Any interface can be in multiple groups. +.Pp +For instance, a group could be used to create a hardware independent +.Xr pf 4 +ruleset (i.e. not one based on the names of NICs) using +existing (egress, carp, etc.) or user-defined groups. +.Pp +Some interfaces belong to specific groups by default: +.Pp +.Bl -tag -width netboot -compact +.It Cm all +All interfaces. +.It Cm egress +Any interfaces in the default +.Xr rdomain 4 +to which default routes point to. +.It Cm netboot +Any interfaces used for network booting, e.g. via +.Xr pxeboot 8 . +.It Cm pppx +All +.Xr pppx 4 +interfaces. +.It Cm wlan +All IEEE 802.11 wireless interfaces, e.g.\& +.Xr athn 4 +or +.Xr iwx 4 . +.It Ar driver +Every cloned interface is in the respective driver group, e.g.\& +.Dq tun0 +in +.Cm tun . +Use +.Fl C +to list all possible driver groups. +.El +.It Cm -group Ar group-name +Remove the interface from the given group. +.It Cm hwfeatures +Display the interface hardware features: +.Pp +.Bl -tag -width 14n -offset indent -compact +.It Sy CSUM_IPv4 +The device supports IPv4 checksum offload. +.It Sy CSUM_TCPv4 +As above, for TCP in IPv4 datagrams. +.It Sy CSUM_UDPv4 +As above, for UDP. +.It Sy CSUM_TCPv6 +As CSUM_TCPv4, but supports IPv6 datagrams. +.It Sy CSUM_UDPv6 +As above, for UDP. +.It Sy LRO +The device supports TCP large receive offload (LRO). +.It Sy TSOv4 +The device supports IPv4 TCP segmentation offload (TSO). +TSO is used by default. +Use the +.Xr sysctl 8 +variable +.Va net.inet.tcp.tso +to disable this feature. +.It Sy TSOv6 +As above, for IPv6. +.It Sy VLAN_MTU +The device can handle full sized frames, plus the size +of the +.Xr vlan 4 +tag. +.It Sy VLAN_HWTAGGING +On transmit, the device can add the +.Xr vlan 4 +tag. +.It Sy VLAN_HWOFFLOAD +On transmit, the device can handle checksum or TSO offload without +.Sy VLAN_HWTAGGING . +.It Sy WOL +The device supports Wake on LAN (WoL). +.It Sy hardmtu +The maximum MTU supported. +.El +.It Cm -inet +Remove all configured +.Xr inet 4 +addresses on the given interface. +.It Cm -inet6 +Disable +.Xr inet6 4 +on the given interface and remove all configured +.Xr inet6 4 +addresses, including the link-local ones. +This is the default. +To turn inet6 on, use +.Cm eui64 +or +.Cm autoconf , +or assign any inet6 address. +.It Cm instance Ar minst +Set the media instance to +.Ar minst . +This is useful for devices which have multiple physical layer interfaces +(PHYs). +Setting the instance on such devices may not be strictly required +by the network interface driver as the driver may take care of this +automatically; see the driver's manual page for more information. +.It Cm link[0-2] +Enable special processing of the link level of the interface. +These three options are interface specific in actual effect; however, +they are in general used to select special modes of operation. +An example +of this is to select the connector type for some Ethernet cards. +Refer to the man page for the specific driver for more information. +.It Cm -link[0-2] +Disable special processing at the link level with the specified interface. +.It Cm lladdr Ar etheraddr Ns | Ns Cm random +Change the link layer address (MAC address) of the interface. +This should be specified as six colon-separated hex values, or can +be chosen randomly. +.It Cm llprio Ar prio +Set the priority for link layer communications +.Pf ( Xr arp 4 , +.Xr bpf 4 , +.Xr pppoe 4 ) . +.It Cm media Op Ar type +Set the media type of the interface to +.Ar type . +If no argument is given, +display a list of all available media. +.Pp +Some interfaces support the mutually exclusive use of one of several +different physical media connectors. +For example, a 10Mb/s Ethernet interface might support the use of either +AUI or twisted pair connectors. +Setting the media type to +.Dq 10base5 +or +.Dq AUI +would change the currently active connector to the AUI port. +Setting it to +.Dq 10baseT +or +.Dq UTP +would activate twisted pair. +Refer to the interface's driver-specific man page for a complete +list of the available types, +or use the following command +for a listing of choices: +.Pp +.Dl $ ifconfig interface media +.It Cm mediaopt Ar opts +Set the specified media options on the interface. +.Ar opts +is a comma delimited list of options to apply to the interface. +Refer to the interface's driver-specific man page for a complete +list of available options, +or use the following command +for a listing of choices: +.Pp +.Dl $ ifconfig interface media +.It Cm -mediaopt Ar opts +Disable the specified media options on the interface. +.It Cm metric Ar nhops +Set the routing metric of the interface to +.Ar nhops , +default 0. +The routing metric can be used by routing protocols. +Higher metrics have the effect of making a route less favorable. +.It Cm mode Ar mode +If the driver for the interface supports the media selection system, +force the mode of the interface to the given +.Ar mode . +For IEEE 802.11 wireless interfaces that support multiple modes, +this directive is used to select between 802.11a +.Pq Dq 11a , +802.11b +.Pq Dq 11b , +802.11g +.Pq Dq 11g , +802.11n +.Pq Dq 11n , +and 802.11ac +.Pq Dq 11ac +modes. +.It Cm -mode +Select the mode automatically. +This is the default for IEEE 802.11 wireless interfaces. +.It Cm monitor +Enable monitor mode on the interface, preventing the processing of +incoming packets by the network stack. +.It Cm -monitor +Disable monitor mode on the interface, allowing the processing of +incoming packets by the network stack. +.It Cm mpls +Enable Multiprotocol Label Switching (MPLS) on the interface, +allowing it to send and receive MPLS traffic. +.It Cm -mpls +Disable MPLS on the interface. +.It Cm mtu Ar value +Set the MTU for this device to the given +.Ar value . +Cloned routes inherit this value as a default. +For Ethernet devices which support setting the MTU, +a value greater than 1500 enables jumbo frames. +The +.Sy hardmtu +output from +.Cm hwfeatures +shows the maximum supported MTU. +.It Cm netmask Ar mask +(inet and inet6 only) +Specify how much of the address to reserve for subdividing +networks into subnetworks. +The mask includes the network part of the local address +and the subnet part, which is taken from the host field of the address. +The mask can be specified as a single hexadecimal number +with a leading 0x, or with a dot-notation Internet address. +The mask contains 1's for the bit positions in the 32-bit address +which are to be used for the network and subnet parts, +and 0's for the host part. +The mask should contain at least the standard network portion, +and the subnet field should be contiguous with the network +portion. +.It Cm prefixlen Ar n +(inet and inet6 only) +Effect is similar to +.Cm netmask , +but you can specify prefix length by digits. +.It Cm priority Ar n +Set the interface routing priority to +.Ar n . +.Ar n +is in the range of 0 to 15 with smaller numbers being better. +The default priority of an interface is 0, +except for IEEE 802.11 wireless interfaces (priority 4), +.Xr umb 4 +interfaces (priority 6), +and +.Xr carp 4 +interfaces (priority 15). +The default priority of newly connected routes (routes created by +configuring an IP address on an interface) is calculated by adding 4 +(RTP_CONNECTED) to the interface priority. +The default priority of new static routes added to the kernel is +calculated by adding 8 (RTP_STATIC) to the interface priority. +.It Cm rdomain Ar rdomainid +Attach the interface to the routing domain with the specified +.Ar rdomainid . +Interfaces in different routing domains are separated and cannot directly +pass traffic between each other. +It is therefore possible to reuse the same addresses in different routing +domains. +If the specified rdomain does not yet exist it will be created, including +a routing table with the same id. +By default all interfaces belong to routing domain 0. +.It Cm -rdomain +Remove the interface from the routing domain and return it to routing +domain 0. +Any inet and inet6 addresses on the interface will also be removed. +.It Cm rtlabel Ar route-label +(inet) +Attach +.Ar route-label +to new network routes of the specified interface. +Route labels can be used to implement policy routing; +see +.Xr route 4 , +.Xr route 8 , +and +.Xr pf.conf 5 . +.It Cm -rtlabel +Clear the route label. +.It Cm sff +Query and display Small Form Factor pluggable module information. +This is an alias for +.Cm transceiver . +.It Cm sffdump +Query and display Small Form Factor pluggable module information, +and dump the raw bytes from the pages requested from module. +.It Cm staticarp +If ARP is enabled, the host will only reply to requests for its addresses, +and will never send any requests. +.It Cm -staticarp +If ARP is enabled, the host will perform normally, +sending out requests and listening for replies. +.It Cm transceiver +Query and display information and diagnostics from GBIC, SFP, or QSFP +Small Form Factor modules installed in an interface. +It is only supported by drivers implementing the necessary functionality +on hardware which supports it. +.It Cm tcplro +Enable TCP large receive offload (LRO) if it's supported by the hardware; see +.Cm hwfeatures . +LRO enabled network interfaces modify received TCP/IP packets. +This will also affect traffic of upper layer interfaces, +such as +.Xr vlan 4 , +.Xr aggr 4 , +and +.Xr carp 4 . +It is not possible to use LRO with interfaces attached to a +.Xr bridge 4 , +.Xr veb 4 , +or +.Xr tpmr 4 . +Changing this option will re-initialize the network interface. +.It Cm -tcplro +Disable LRO. +.It Cm up +Mark an interface +.Dq up . +This may be used to enable an interface after an +.Cm ifconfig down . +It happens automatically when setting the first address on an interface. +If the interface was reset when previously marked down, +the hardware will be re-initialized. +.It Cm wol +Enable Wake on LAN (WoL). +When enabled, reception of a WoL frame will cause the network card to +power up the system from standby or suspend mode. +WoL frames are sent using +.Xr arp 8 . +.It Cm -wol +Disable WoL. +WoL is disabled at boot by the driver, if possible. +.El +.Sh BPE +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar bpe-interface +.Op Oo Fl Oc Ns Cm parent Ar parent-interface +.Op Ns Cm vnetid Ar vnetid-tag +.Ek +.nr nS 0 +.Pp +The following options are available for +.Xr bpe 4 +interfaces: +.Bl -tag -width Ds +.It Cm parent Ar parent-interface +Associate the BPE interface with the interface +.Ar parent-interface . +.It Cm -parent +Disassociate from the parent interface. +This breaks the link between the BPE interface and its parent. +.It Cm vnetid Ar vnetid-tag +Set the virtual network identifier tag value to +.Ar vnetid-tag . +This is a 24-bit value in the range 0 to 16777215. +.El +.Sh BRIDGE +The following options are available for a +.Xr bridge 4 +interface: +.Bl -tag -width Ds +.It Cm add Ar interface +Add +.Ar interface +as a member of the bridge. +The interface is put into promiscuous mode so +that it can receive every packet sent on the +network. +An interface can be a member of at most one bridge. +.It Cm addr +Display the addresses that have been learned by the bridge. +.It Cm addspan Ar interface +Add +.Ar interface +as a span port on the bridge. +.It Cm autoedge Ar interface +Automatically detect the spanning tree edge port status on +.Ar interface . +This is the default for interfaces added to the bridge. +.It Cm -autoedge Ar interface +Disable automatic spanning tree edge port detection on +.Ar interface . +.It Cm autoptp Ar interface +Automatically detect the point-to-point status on +.Ar interface +by checking the full duplex link status. +This is the default for interfaces added to the bridge. +.It Cm -autoptp Ar interface +Disable automatic point-to-point link detection on +.Ar interface . +.It Cm blocknonip Ar interface +Mark +.Ar interface +so that only IPv4, IPv6, ARP, and Reverse +ARP packets are accepted from it or forwarded to it from other +bridge member interfaces. +.It Cm -blocknonip Ar interface +Allow non-IPv4, IPv6, ARP, or Reverse ARP packets through +.Ar interface . +.It Cm del Ar interface +Remove +.Ar interface +from the bridge. +Promiscuous mode is turned off for the interface when it is +removed from the bridge. +.It Cm deladdr Ar address +Delete +.Ar address +from the cache. +.It Cm delspan Ar interface +Delete +.Ar interface +from the list of span ports of the bridge. +.It Cm discover Ar interface +Mark +.Ar interface +so that packets are sent out of the interface +if the destination port of the packet is unknown. +If the bridge has no address cache entry for the destination of +a packet, meaning that there is no static entry and no dynamically learned +entry for the destination, the bridge will forward the packet to all member +interfaces that have this flag set. +This is the default for interfaces added to the bridge. +.It Cm -discover Ar interface +Mark +.Ar interface +so that packets are not sent out of the interface +if the destination port of the packet is unknown. +Turning this flag +off means that the bridge will not send packets out of this interface +unless the packet is a broadcast packet, multicast packet, or a +packet with a destination address found on the interface's segment. +This, in combination with static address cache entries, +prevents potentially sensitive packets from being sent on +segments that have no need to see the packet. +.It Cm down +Stop the bridge from forwarding packets. +.It Cm edge Ar interface +Set +.Ar interface +as a spanning tree edge port. +An edge port is a single connection to the network and cannot create +bridge loops. +This allows a straight transition to forwarding. +.It Cm -edge Ar interface +Disable edge port status on +.Ar interface . +.It Cm flush +Remove all dynamically learned addresses from the cache. +.It Cm flushall +Remove all addresses from the cache including static addresses. +.It Cm flushrule Ar interface +Remove all Ethernet MAC filtering rules from +.Ar interface . +.It Cm fwddelay Ar time +Set the time (in seconds) before an interface begins forwarding packets. +Defaults to 15 seconds, minimum of 4, maximum of 30. +.It Cm hellotime Ar time +Set the time (in seconds) between broadcasting spanning tree protocol +configuration packets. +Defaults to 2 seconds, minimum of 1, maximum of 2. +This option is only supported in STP mode with rapid transitions disabled; +see the +.Cm proto +command for setting the protocol version. +.It Cm holdcnt Ar time +Set the transmit hold count, which is the number of spanning tree protocol +packets transmitted before being rate limited. +Defaults to 6, minimum of 1, maximum of 10. +.It Cm ifcost Ar interface num +Set the spanning tree path cost of +.Ar interface +to +.Ar num . +Defaults to 55, minimum of 1, maximum of 200000000 in RSTP mode, +and maximum of 65535 in STP mode. +.It Cm -ifcost Ar interface +Automatically calculate the spanning tree priority of +.Ar interface +based on the current link speed, interface status, and spanning tree mode. +This is the default for interfaces added to the bridge. +.It Cm ifpriority Ar interface num +Set the spanning tree priority of +.Ar interface +to +.Ar num . +Defaults to 128, minimum of 0, maximum of 240. +.It Cm learn Ar interface +Mark +.Ar interface +so that the source address of packets received from +the interface +are entered into the address cache. +This is the default for interfaces added to the bridge. +.It Cm -learn Ar interface +Mark +.Ar interface +so that the source address of packets received from interface +are not entered into the address cache. +.It Cm link0 +Setting this flag stops all IP multicast packets from +being forwarded by the bridge. +.It Cm -link0 +Clear the +.Cm link0 +flag on the bridge interface. +.It Cm link1 +Setting this flag stops all non-IP multicast packets from +being forwarded by the bridge. +.It Cm -link1 +Clear the +.Cm link1 +flag on the bridge interface. +.It Cm link2 +Setting this flag causes all packets to be passed on to +.Xr ipsec 4 +for processing, based on the policies established by the administrator +using the +.Xr ipsecctl 8 +command and +.Xr ipsec.conf 5 . +If appropriate security associations (SAs) exist, they will be used to +encrypt or decrypt the packets. +Otherwise, any key management daemons such as +.Xr isakmpd 8 +that are running on the bridge will be invoked to establish the +necessary SAs. +These daemons have to be configured as if they were running on the +host whose traffic they are protecting (i.e. they need to have the +appropriate authentication and authorization material, such as keys +and certificates, to impersonate the protected host(s)). +.It Cm -link2 +Clear the +.Cm link2 +flag on the bridge interface. +.It Cm maxaddr Ar size +Set the address cache size to +.Ar size . +The default is 100 entries. +.It Cm maxage Ar time +Set the time (in seconds) that a spanning tree protocol configuration is valid. +Defaults to 20 seconds, minimum of 6, maximum of 40. +.It Cm protected Ar interface ids +Put +.Ar interface +in protected domains. +.Ar ids +is a comma delimited list of domain IDs, between 1 and 31, to put the +interface in. +Interfaces that are part of a protected domain cannot forward traffic to any +other interface in that domain. +Interfaces do not belong to any protected domain by default. +.It Cm -protected Ar interface +Remove +.Ar interface +from all protected domains. +.It Cm proto Ar value +Force the spanning tree protocol version. +The available values are +.Ar rstp +to operate in the default Rapid Spanning Tree (RSTP) mode +or +.Ar stp +to force operation in Spanning Tree (STP) mode with rapid transitions disabled. +.It Cm ptp Ar interface +Set +.Ar interface +as a point-to-point link. +This is required for straight transitions to forwarding and +should be enabled for a full duplex link or a +.Xr trunk 4 +with at least two physical links to the same network segment. +.It Cm -ptp Ar interface +Disable point-to-point link status on +.Ar interface . +This should be disabled for a half duplex link and for an interface +connected to a shared network segment, +like a hub or a wireless network. +.It Xo +.Cm rule +.Cm block Ns | Ns Cm pass +.Op Cm in | out +.Cm on Ar interface +.Op Cm src Ar lladdr +.Op Cm dst Ar lladdr +.Bk -words +.Op Cm tag Ar tagname +.Oo +.Cm arp Ns | Ns Cm rarp Op Cm request | reply +.Op Cm sha Ar lladdr +.Op Cm spa Ar ipaddr +.Op Cm tha Ar lladdr +.Op Cm tpa Ar ipaddr +.Oc +.Ek +.Xc +Add a filtering rule to an interface. +Rules have a similar syntax to those in +.Xr pf.conf 5 . +Rules can be used to selectively +.Cm block +or +.Cm pass +frames based on Ethernet +MAC addresses or to +.Cm tag +packets for +.Xr pf 4 +to filter on. +.Pp +.Xr arp 4 +packets can be matched with the +.Cm arp +keyword for regular packets and +.Cm rarp +for reverse arp. +.Cm request +and +.Cm reply +limit matches to requests or replies. +The source and target host addresses can be matched with the +.Cm sha +and +.Cm tha +keywords, +and the protocol addresses with +.Cm spa +and +.Cm tpa . +.Pp +Rules are processed in the order in which they were added to the interface. +The first rule matched takes the action (block or pass) +and, if given, the tag of the rule. +If no source or destination address is specified, the +rule will match all frames (good for creating a catchall policy). +.It Cm rulefile Ar filename +Load a set of rules from the file +.Ar filename . +.It Cm rules Ar interface +Display the active filtering rules in use on +.Ar interface . +.It Cm spanpriority Ar num +Set the spanning priority of this bridge to +.Ar num . +Defaults to 32768, minimum of 0, maximum of 61440. +.It Cm static Ar interface address +Add a static entry into the address cache pointing to +.Ar interface . +Static entries are never aged out of the cache or replaced, even if the address +is seen on a different interface. +.It Cm stp Ar interface +Enable spanning tree protocol on +.Ar interface . +.It Cm -stp Ar interface +Disable spanning tree protocol on +.Ar interface . +This is the default for interfaces added to the bridge. +.It Cm timeout Ar time +Set the timeout, in seconds, for addresses in the cache to +.Ar time . +The default is 240 seconds. +If +.Ar time +is set to zero, then entries will not be expired. +.It Cm up +Start the bridge forwarding packets. +.El +.Sh CARP +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar carp-interface +.Op Cm advbase Ar n +.Op Cm advskew Ar n +.Op Cm balancing Ar mode +.Op Cm carpnodes Ar vhid:advskew,vhid:advskew,... +.Op Cm carpdev Ar iface +.Op Oo Fl Oc Ns Cm carppeer Ar peer_address +.Op Cm pass Ar passphrase +.Op Cm state Ar state +.Op Cm vhid Ar host-id +.Ek +.nr nS 0 +.Pp +The following options are available for a +.Xr carp 4 +interface: +.Bl -tag -width Ds +.It Cm advbase Ar n +Set the base advertisement interval to +.Ar n +seconds. +Acceptable values are 0 to 254; the default value is 1 second. +.It Cm advskew Ar n +Skew the advertisement interval by +.Ar n . +Acceptable values are 0 to 254; the default value is 0. +.It Cm balancing Ar mode +Set the load balancing mode to +.Ar mode . +Valid modes are +.Cm ip , +.Cm ip-stealth , +and +.Cm ip-unicast . +.It Cm carpnodes Ar vhid:advskew,vhid:advskew,... +Create a load balancing group consisting of up to 32 nodes. +Each node is specified as a +.Ar vhid:advskew +tuple in a comma-separated list. +.It Cm carpdev Ar iface +Attach to parent interface +.Ar iface . +.It Cm carppeer Ar peer_address +Send the carp advertisements to a specified +point-to-point peer or multicast group instead of sending the messages +to the default carp multicast group. +The +.Ar peer_address +is the IP address of the other host taking part in the carp cluster. +With this option, +.Xr carp 4 +traffic can be protected using +.Xr ipsec 4 +and it may be desired in networks that do not allow or have problems +with IPv4 multicast traffic. +.It Cm -carppeer +Send the advertisements to the default carp multicast +group. +.It Cm pass Ar passphrase +Set the authentication key to +.Ar passphrase . +There is no passphrase by default. +.It Cm state Ar state +Explicitly force the interface to enter this state. +Valid states are +.Ar init , +.Ar backup , +and +.Ar master . +.It Cm vhid Ar n +Set the virtual host ID to +.Ar n . +Acceptable values are 1 to 255. +.El +.Pp +Taken together, the +.Cm advbase +and +.Cm advskew +indicate how frequently, in seconds, the host will advertise the fact that it +considers itself master of the virtual host. +The formula is +.Cm advbase ++ +.Pf ( Cm advskew +/ 256). +If the master does not advertise within three times this interval, this host +will begin advertising as master. +.Sh IEEE 802.11 (WIRELESS DEVICES) +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar wireless-interface +.Op Oo Fl Oc Ns Cm bssid Ar bssid +.Op Oo Fl Oc Ns Cm chan Op Ar n +.Op Oo Fl Oc Ns Cm join Ar id +.Op Oo Fl Oc Ns Cm joinlist +.Op Oo Fl Oc Ns Cm nwflag Ar flag +.Op Oo Fl Oc Ns Cm nwid Ar id +.Op Oo Fl Oc Ns Cm nwkey Ar key +.Op Oo Fl Oc Ns Cm powersave Op Ar duration +.Op Cm scan +.Op Oo Fl Oc Ns Cm wpa +.Op Cm wpaakms Ar akm,akm,... +.Op Cm wpaciphers Ar cipher,cipher,... +.Op Cm wpagroupcipher Ar cipher +.Op Oo Fl Oc Ns Cm wpakey Ar passphrase | hexkey +.Op Cm wpaprotos Ar proto,proto,... +.Ek +.nr nS 0 +.Pp +The following options are available for a wireless interface: +.Bl -tag -width Ds +.It Cm bssid Ar bssid +Set the desired BSSID. +.It Cm -bssid +Unset the desired BSSID. +The interface will automatically select a BSSID in this mode, which is +the default. +.It Cm chan Op Ar n +Set the channel (radio frequency) to +.Ar n . +.Pp +With no channel specified, +show the list of channels supported by the device. +.It Cm -chan +Unset the desired channel. +It doesn't affect the channel to be created for IBSS or Host AP mode. +.It Cm join Ar id +Add the network with ESSID +.Ar id +to the +.Cm join +list. +The interface will automatically attempt to connect to networks on this +list if they are found during a scan. +.Pp +The +.Ar id +can either be a printable ASCII string up to 32 characters in length, +or a series of hexadecimal digits up to 64 digits preceded by +.Dq 0x . +If +.Ar id +is the empty string +.Pq Qq +and none of the networks on the +.Cm join +list are found during a scan, the interface will automatically +connect to any available networks, provided they do not require +WEP or WPA authentication. +.Pp +Apart from the +.Ar id , +the +.Cm join +list will record +.Cm wpakey , +.Cm wpaprotos , +or +.Cm nwkey +parameters for the network, provided they are passed in the same invocation of +.Nm . +Because multiple access points may exist in a given network, the +.Cm mode +(11a/11b/11g/11n/11ac), +.Cm chan , +and +.Cm bssid +parameters cannot be stored with +.Cm join . +However, they may be used separately to force the selection of a +particular access point when the automatic access point selection +turns out to be suboptimal. +.Pp +.Cm join +and +.Cm nwid +cannot be used together in the same invocation of +.Nm . +.It Cm -join Ar id +Remove the network with ESSID +.Ar id +from the +.Cm join +list and disconnect the interface from the access point if it is currently +connected to this network. +The interface will keep scanning for access points as long as it remains +marked as +.Dq up . +A new connection will be established either if a network on the +.Cm join +list is found during the scan or if a network ID is configured with +.Cm nwid . +.It Cm joinlist +Show the list of networks stored on the +.Cm join +list. +.It Cm -joinlist +Remove all networks from the +.Cm join +list. +.It Cm nwflag Ar flag +Set specified flag. +The flag name can be: +.Bl -tag -width tenletters +.It hidenwid +The +.Ql hidenwid +flag will hide the network ID (ESSID) in beacon frames when operating +in Host AP mode. +It will also prevent responses to probe requests with an unspecified +network ID. +.It nobridge +The +.Ql nobridge +flag will disable the direct bridging of frames between associated +nodes when operating in Host AP mode. +Setting this flag will block and filter direct inter-station +communications. +.It nomimo +The +.Ql nomimo +flag will disable MIMO reception and transmission even if the driver +and wireless network device support MIMO. +This flag can be used to work around packet loss in 11n mode if the +wireless network device has unused antenna connectors. +.It stayauth +The +.Ql stayauth +flag will cause the interface to ignore deauth frames. +This flag should only be used on wifi networks which are being +attacked with spoofed deauth frames. +It breaks interoperability with spectrum management solutions and access +points that perform band-steering of clients. +.El +.Pp +Note that the +.Ql hidenwid +and +.Ql nobridge +options do not provide any security. +The hidden network ID will be sent in clear text by associating +stations and can be easily discovered with tools like +.Xr tcpdump 8 +and +.Xr hostapd 8 . +.It Cm -nwflag Ar flag +Remove specified flag. +.It Cm nwid Ar id +Connect to the network with NWID/ESSID +.Ar id . +The +.Ar id +can either be a printable ASCII string up to 32 characters in length, +or a series of hexadecimal digits up to 64 digits preceded by +.Dq 0x . +.Pp +Unlike +.Cm join , +the +.Cm nwid +option only allows one network to be configured at a time. +The +.Cm nwid +option may not be used together with +.Cm join +in the same invocation of +.Nm +but may be used to momentarily override the automatic selection of +networks stored in the +.Cm join +list. +.It Cm -nwid +Clear the network ID configured with +.Cm nwid +and disconnect the interface from the access point if it is currently +connected to this network. +The interface will keep scanning for access points as long as it remains +marked as +.Dq up . +A new connection will be established either if a network on the +.Cm join +list is found during the scan or if a network ID is configured with +.Cm nwid . +.It Cm nwkey Ar key +Enable WEP encryption using the specified +.Ar key . +The +.Ar key +can either be a string, a series of hexadecimal digits (preceded by +.So 0x Sc ) , +or a set of keys +of the form +.Dq n:k1,k2,k3,k4 +where +.Sq n +specifies which of the keys will be used for transmitted packets, +and the four keys, +.Dq k1 +through +.Dq k4 , +are configured as WEP keys. +If a set of keys is specified, a comma +.Pq Sq \&, +within the key must be escaped with a backslash. +Note that if multiple keys are used, their order must be the same within +the network. +.Pp +The length of each key must be either 40 bits for 64-bit encryption +(5-character ASCII string +or 10 hexadecimal digits) +or 104 bits for 128-bit encryption +(13-character ASCII string +or 26 hexadecimal digits). +.It Cm -nwkey +Disable WEP encryption. +.It Cm nwkey Cm persist +Enable WEP encryption using the persistent key stored in the network card. +.It Cm nwkey Cm persist : Ns Ar key +Write +.Ar key +to the persistent memory of the network card, and +enable WEP encryption using that +.Ar key . +.It Cm powersave +Enable 802.11 power saving mode. +This option is generally only relevant to older devices where power +saving is disabled by default. +On modern hardware, drivers will ask the firmware to automatically +enable any applicable power-saving features. +.\" XXX +.\" Undocumented because optional sleep period +.\" only configurable on legacy an(4) and atw(4) devices. +.\" XXX +.\" Op Ar duration +.\" If enabled, the receiver sleep period is set to 100ms, +.\" though some drivers allow this to be altered via the +.\" .Ar duration +.\" argument. +.It Cm -powersave +Disable 802.11 power saving mode. +.It Cm scan +Show the results of an access point scan. +In Host AP mode, this will dump the list of known nodes without scanning. +In station mode, this will list each access point's SSID, channel, +MAC address (BSSID), received signal strength indicator, maximum data +transfer rate, and supported feature flags. +If an access point cannot be selected due to incompatibilities with the +interface configuration, +.Nm +indicates mismatching configuration items with an exclamation mark. +.Pp +Because the list of access points is continuously updated while a scan +is in progress, +.Cm scan +may sometimes show incomplete scan results. +.Pp +Some interfaces support scanning in the background while remaining +associated to the current access point. +The superuser may use +.Cm scan +to trigger a background scan while associated, which will update the scan +result list and also trigger a search for a better access point to roam to. +.It Cm wpa +Enable Wi-Fi Protected Access. +WPA is a Wi-Fi Alliance protocol based on the IEEE 802.11i standard. +It was designed to enhance the security of wireless networks. +Notice that not all drivers support WPA. +Check the driver's manual page to know if this option is supported. +.It Cm -wpa +Disable Wi-Fi Protected Access. +.It Cm wpaakms Ar akm,akm,... +Set the comma-separated list of allowed authentication and key management +protocols. +.Pp +The supported values are +.Dq psk , +.Dq sha256-psk , +and +.Dq 802.1x . +.Ar psk +authentication (also known as personal mode) uses a 256-bit pre-shared key. +.Ar 802.1x +authentication (also known as enterprise mode) is used with +an external IEEE 802.1X authentication server, +such as wpa_supplicant. +The default value is +.Dq psk , +or +.Dq psk,sha256-psk +if the driver for the interface supports protected management frames (PMF). +.Dq psk +and +.Dq sha256-psk +can only be used if a pre-shared key is configured using the +.Cm wpakey +option. +.It Cm wpaciphers Ar cipher,cipher,... +Set the comma-separated list of allowed pairwise ciphers. +.Pp +The supported values are +.Dq tkip , +.Dq ccmp , +and +.Dq usegroup . +.Ar usegroup +specifies that no pairwise ciphers are supported and that only group keys +should be used. +The default value is +.Dq ccmp . +If multiple pairwise ciphers are specified, the pairwise cipher will +be negotiated between the station and the access point at association +time. +A station will always try to use +.Ar ccmp +over +.Ar tkip +if both ciphers are allowed and supported by the access point. +If the selected cipher is not supported by the hardware, software +encryption will be used. +Check the driver's manual page to know which ciphers are supported in +hardware. +.It Cm wpagroupcipher Ar cipher +Set the group cipher used to encrypt broadcast and multicast traffic. +.Pp +The supported values are +.Dq wep40 , +.Dq wep104 , +.Dq tkip , +and +.Dq ccmp . +The default value is +.Dq ccmp . +The use of +.Ar tkip +or +.Ar wep40 +or +.Ar wep104 +as the group cipher is discouraged due to weaknesses in TKIP and WEP. +The +.Cm wpagroupcipher +option is available in Host AP mode only. +A station will always use the group cipher of the BSS. +.It Cm wpakey Ar passphrase | hexkey +Set the WPA key and enable WPA. +The key can be given using either a passphrase or a full length hex key, +starting with 0x. +If a passphrase is used the +.Cm nwid +or +.Cm join +option must first be specified, since +.Nm +will hash the nwid along with the passphrase to create the key. +.It Cm -wpakey +Delete the pre-shared WPA key and disable WPA. +.It Cm wpaprotos Ar proto,proto,... +Set the comma-separated list of allowed WPA protocol versions. +.Pp +The supported values are +.Dq wpa1 +and +.Dq wpa2 . +.Ar wpa1 +is based on draft 3 of the IEEE 802.11i standard whereas +.Ar wpa2 +is based on the ratified standard. +The default value is +.Dq wpa2 . +If +.Dq wpa1,wpa2 +is specified, a station will always use the +.Ar wpa2 +protocol when supported by the access point. +.El +.Sh INET6 +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar interface +.Cm inet6 +.Op Oo Fl Oc Ns Cm anycast +.Op Oo Fl Oc Ns Cm temporary +.Op Cm eui64 +.Op Cm pltime Ar n +.Op Oo Fl Oc Ns Cm soii +.Op Oo Fl Oc Ns Cm tentative +.Op Cm vltime Ar n +.Ek +.nr nS 0 +.Pp +The following options are available for an +.Xr ip6 4 +interface: +.Bl -tag -width Ds +.It Cm anycast +Set the IPv6 anycast address bit. +.It Cm -anycast +Clear the IPv6 anycast address bit. +.It Cm temporary +Enable temporary address extensions for stateless IPv6 address +autoconfiguration (RFC 8981) on the interface. +These extensions are enabled by default. +The purpose of these extensions is to prevent tracking of individual +devices which connect to the IPv6 internet from different networks +using stateless autoconfiguration. +The interface identifier often remains constant and provides the lower +64 bits of an autoconfigured IPv6 address, facilitating tracking of +individual devices (and hence, potentially, users of these devices) +over long periods of time (weeks to months to years). +When these extensions are active, random interface identifiers are used +for autoconfigured addresses. +.Pp +Autoconfigured addresses are also made temporary, which means that they +will automatically be replaced regularly. +Temporary addresses are deprecated after 24 hours. +Once a temporary address has been deprecated, a new temporary address +will be configured upon reception of a router advertisement indicating +that the prefix is still valid. +Deprecated addresses will not be used for new connections as long as a +non-deprecated address remains available. +Temporary addresses become invalid after another 24 hours, at which time they +will be removed from the interface. +.It Cm -temporary +Disable IPv6 autoconf temporary address extensions on the interface. +Currently configured addresses will not be removed until they become +invalid. +.It Cm eui64 +Fill the interface index +.Pq the lowermost 64 bits of an IPv6 address +automatically. +.It Cm pltime Ar n +Set preferred lifetime for the address, in seconds. +.It Cm soii +Enable persistent Semantically Opaque Interface Identifiers (SOIIs), +as per RFC 7217, for SLAAC addresses on the interface. +The purpose of these identifiers is to make discovery of hosts by +scanning a whole prefix more difficult. +SOIIs use the whole 64 bits of the host part while SLAAC addresses are +formed from MAC addresses which can lower the entropy to 24 bits if +the host is running in a virtualization environment or the hardware +manufacturer is known. +See RFC 7721 and RFC 8064 for details. +SOIIs are enabled by default. +.It Cm -soii +Disable IPv6 persistent Semantically Opaque Interface Identifiers on the +interface. +Currently configured addresses will not be removed until they become +invalid. +.It Cm tentative +Set the IPv6 tentative address bit. +.It Cm -tentative +Clear the IPv6 tentative address bit. +.It Cm vltime Ar n +Set valid lifetime for the address, in seconds. +.El +.Sh INTERFACE GROUPS +.Nm ifconfig +.Fl g +.Ar group-name +.Oo +.Oo Fl Oc Ns Cm carpdemote +.Op Ar number +.Oc +.Pp +The following options are available for interface groups: +.Bl -tag -width Ds +.It Fl g Ar group-name +Specify the group. +.It Cm carpdemote Op Ar number +Increase +.Xr carp 4 +demotion counter for given interface group by +.Ar number . +Acceptable values are 0 to 128. +If +.Ar number +is omitted, it is increased by 1. +The maximum value for a demotion counter is 255. +.It Cm -carpdemote Op Ar number +Decrease +.Xr carp 4 +demotion counter for given interface group by +.Ar number . +Acceptable values are 0 to 128. +If +.Ar number +is omitted, it is decreased by 1. +.El +.Sh MPLS +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar mpls-interface +.Op Oo Fl Oc Ns Cm mplslabel Ar mpls-label +.Op Oo Fl Oc Ns Cm pwecw +.Op Oo Fl Oc Ns Cm pwefat +.Op Oo Fl Oc Ns Cm pweneighbor Ar mpls-label Ar neighbor +.Op Oo Fl Oc Ns Cm tunneldomain Ar rdomain +.Ek +.nr nS 0 +.Pp +The following options are available for +.Xr mpe 4 , +.Xr mpip 4 , +and +.Xr mpw 4 +interfaces: +.Bl -tag -width Ds +.It Cm mplslabel Ar mpls-label +Set the local MPLS label to +.Ar mpls-label . +MPLS packets sent to this label on the local system will be +decapsulated for input. +An MPLS label is a 20-bit number. +Labels 0 to 15 inclusive are reserved labels and cannot be used. +.It Cm -mplslabel +Unset the local MPLS label. +.It Cm tunneldomain Ar rdomain +Use the routing domain +.Ar rdomain +for MPLS transit. +The MPLS encapsulated traffic does not need to terminate in the same +routing domain as the interface itself. +.It Cm -tunneldomain +Use the default routing domain 0 for MPLS transit. +.El +.Pp +The following options are available for the +.Xr mpip 4 +and +.Xr mpw 4 +interfaces that provide MPLS Pseudowire Emulation Edge-to-Edge (PWE3) +functionality: +.Bl -tag -width Ds +.It Cm pwecw +Enable the use of the PWE3 Control Word. +.It Fl Ns Cm pwecw +Disable the use of the PWE3 Control Word. +.It Cm pwefat +Enable the use of the Flow-Aware Transport (FAT) flow label. +.It Fl Ns Cm pwefat +Disable the use of the Flow-Aware Transport (FAT) flow label. +.It Cm pweneighbor Ar mpls-label Ar neighbor +Use +.Ar mpls-label +and +.Ar neighbor +as the remote MPLS label and neighbor respectively. +Remote MPLS labels have the same restrictions on values as local MPLS labels. +.It Fl Ns Cm pweneighbor +Unset the remote MPLS label and neighbor. +.El +.Sh PAIR +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar pair-interface +.Op Oo Fl Oc Ns Cm patch Ar interface +.Ek +.nr nS 0 +.Pp +The following options are available for a +.Xr pair 4 +interface: +.Bl -tag -width Ds +.It Cm patch Ar interface +Connect the interface with a second +.Xr pair 4 +interface. +Any outgoing packets from the first +.Ar pair-interface +will be received by the second +.Ar interface , +and vice versa. +This makes it possible to interconnect two routing domains locally. +.It Cm -patch +If configured, disconnect the interface pair. +.El +.Sh PFLOW +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar pflow-interface +.Op Oo Fl Oc Ns Cm flowdst Ar addr : Ns Ar port +.Op Oo Fl Oc Ns Cm flowsrc Ar addr Ns Op Pf : Ar port +.Op Cm pflowproto Ar n +.Ek +.nr nS 0 +.Pp +The following options are available for a +.Xr pflow 4 +interface: +.Bl -tag -width Ds +.It Cm flowdst Ar addr : Ns Ar port +Set the receiver address and the port for +.Xr pflow 4 +packets. +Both must be defined to export pflow data. +.Ar addr +is the IP address and +.Ar port +is the port number of the flow collector. +Pflow data will be sent to this address/port. +.It Cm -flowdst +Unset the receiver address and stop sending pflow data. +.It Cm flowsrc Ar addr Ns Op Pf : Ar port +Set the source IP address for pflow packets. +.Ar addr +is the IP address used as sender of the UDP packets and may be used to +identify the source of the data on the pflow collector. +.It Cm -flowsrc +Unset the source address. +.It Cm pflowproto Ar n +Set the protocol version. +The default is version 5. +.El +.Sh PFSYNC +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar pfsync-interface +.Op Oo Fl Oc Ns Cm defer +.Op Cm maxupd Ar n +.Op Oo Fl Oc Ns Cm syncdev Ar iface +.Op Oo Fl Oc Ns Cm syncpeer Ar peer_address +.Ek +.nr nS 0 +.Pp +The following options are available for a +.Xr pfsync 4 +interface: +.Bl -tag -width Ds +.It Cm defer +Defer transmission of the first packet in a state until a peer has +acknowledged that the associated state has been inserted. +See +.Xr pfsync 4 +for more information. +.It Cm -defer +Do not defer the first packet in a state. +This is the default. +.It Cm maxupd Ar n +Indicate the maximum number +of updates for a single state which can be collapsed into one. +This is an 8-bit number; the default value is 128. +.It Cm syncdev Ar iface +Use the specified interface +to send and receive pfsync state synchronisation messages. +.It Cm -syncdev +Stop sending pfsync state synchronisation messages over the network. +.It Cm syncpeer Ar peer_address +Make the pfsync link point-to-point rather than using +multicast to broadcast the state synchronisation messages. +The peer_address is the IP address of the other host taking part in +the pfsync cluster. +With this option, +.Xr pfsync 4 +traffic can be protected using +.Xr ipsec 4 . +.It Cm -syncpeer +Broadcast the packets using multicast. +.El +.Sh PPPOE +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar pppoe-interface +.Op Cm authkey Ar key +.Op Cm authname Ar name +.Op Cm authproto Ar proto +.Op Oo Fl Oc Ns Cm peerflag Ar flag +.Op Cm peerkey Ar key +.Op Cm peername Ar name +.Op Cm peerproto Ar proto +.Op Oo Fl Oc Ns Cm pppoeac Ar access-concentrator +.Op Cm pppoedev Ar parent-interface +.Op Oo Fl Oc Ns Cm pppoesvc Ar service +.Ek +.nr nS 0 +.Pp +.Xr pppoe 4 +uses the +.Xr sppp 4 +"generic" SPPP framework. +Any options not described in the section immediately following +are described in the +.Sx SPPP +section, below. +.Pp +The following options are available for a +.Xr pppoe 4 +interface: +.Bl -tag -width Ds +.It Cm pppoeac Ar access-concentrator +Set the name of the access-concentrator. +.It Cm -pppoeac +Clear a previously set access-concentrator name. +.It Cm pppoedev Ar parent-interface +Set the name of the interface through which +packets will be transmitted and received. +.It Cm pppoesvc Ar service +Set the service name of the interface. +.It Cm -pppoesvc +Clear a previously set service name. +.El +.Sh SPPP (PPP LINK CONTROL PROTOCOL) +.nr nS 1 +.Bk -words +.Nm +.Ar sppp-interface +.Op Cm authkey Ar key +.Op Cm authname Ar name +.Op Cm authproto Ar proto +.Op Oo Fl Oc Ns Cm peerflag Ar flag +.Op Cm peerkey Ar key +.Op Cm peername Ar name +.Op Cm peerproto Ar proto +.Ek +.nr nS 0 +.Pp +The following options are available for an +.Xr sppp 4 +or +.Xr pppoe 4 +interface: +.Bl -tag -width Ds +.It Cm authkey Ar key +Set the client key or password for the PPP authentication protocol. +.It Cm authname Ar name +Set the client name for the PPP authentication protocol. +.It Cm authproto Ar proto +Set the PPP authentication protocol on the specified +interface acting as a client. +The protocol name can be either +.Ql chap , +.Ql pap , +or +.Ql none . +In the latter case, authentication will be turned off. +.It Cm peerflag Ar flag +Set a specified PPP flag for the remote authenticator. +The flag name can be either +.Ql callin +or +.Ql norechallenge . +The +.Ql callin +flag will require the remote peer to authenticate only when he's +calling in, but not when the peer is called by the local client. +This is required for some peers that do not implement the +authentication protocols symmetrically. +The +.Ql norechallenge +flag is only meaningful with the CHAP protocol to not re-challenge +once the initial CHAP handshake has been successful. +This is used to work around broken peer implementations that can't +grok being re-challenged once the connection is up. +.It Cm -peerflag Ar flag +Remove a specified PPP flag for the remote authenticator. +.It Cm peerkey Ar key +Set the authenticator key or password for the PPP authentication protocol. +.It Cm peername Ar name +Set the authenticator name for the PPP authentication protocol. +.It Cm peerproto Ar proto +Set the PPP authentication protocol on the specified +interface acting as an authenticator. +The protocol name can be either +.Ql chap , +.Ql pap , +or +.Ql none . +In the latter case, authentication will be turned off. +.El +.Sh TPMR +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar tpmr-interface +.Op Cm add Ar child-iface +.Op Cm del Ar child-iface +.Op Oo Fl Oc Ns Cm link0 +.Op Oo Fl Oc Ns Cm link1 +.Op Oo Fl Oc Ns Cm link2 +.Ek +.Pp +The following options are available for a +.Xr tpmr 4 +interface: +.Bl -tag -width Ds +.It Cm add Ar child-iface +Add +.Ar child-iface +as a member. +.It Cm del Ar child-iface +Remove the member +.Ar child-iface . +.It Cm link0 +Disable the filtering of Ethernet frames destined for the TPMR +component reserved addresses, as specified by IEEE 802.1Q. +.It Cm -link0 +Enable the filtering of Ethernet frames destined for the TPMR +component reserved addresses, as specified by IEEE 802.1Q. +This is the default. +.It Cm link1 +Disable the filtering of IPv4 and IPv6 packets with +.Xr pf 4 . +.It Cm -link1 +Enable the filtering of IPv4 and IPv6 packets with +.Xr pf 4 . +This is the default. +.It Cm link2 +Disable the filtering of 802.1Q VLAN and QinQ SVLAN packets. +.It Cm -link2 +Enable the filtering of 802.1Q VLAN and QinQ SVLAN packets. +This is the default. +.El +.Sh TRUNK (LINK AGGREGATION) +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar trunk-interface +.Op Cm lacpmode Cm active Ns | Ns Cm passive +.Op Cm lacptimeout Cm fast Ns | Ns Cm slow +.Op Oo Fl Oc Ns Cm trunkport Ar child-iface +.Op Cm trunkproto Ar proto +.Ek +.nr nS 0 +.Pp +The following options are available for +.Xr aggr 4 +and +.Xr trunk 4 +interfaces: +.Bl -tag -width Ds +.It Cm lacpmode Cm active Ns | Ns Cm passive +Set the LACP trunk mode to either +.Cm active +(default) or +.Cm passive . +.It Cm lacptimeout Cm fast Ns | Ns Cm slow +Set the LACP timeout speed to either +.Cm fast +or +.Cm slow +(default). +.It Cm trunkport Ar child-iface +Add +.Ar child-iface +as a trunk port. +.It Cm -trunkport Ar child-iface +Remove the trunk port +.Ar child-iface . +.It Cm trunkproto Ar proto +Set the link aggregation protocol on +.Xr trunk 4 +interfaces. +Refer to +.Xr trunk 4 +for a complete list of the available protocols. +.El +.Sh TUNNEL +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar tunnel-interface +.Op Oo Fl Oc Ns Cm endpoint Ar dest_address dest_mac +.Op Oo Fl Oc Ns Cm keepalive Ar period count +.Op Oo Fl Oc Ns Cm parent Ar parent-interface +.Op Cm rxprio Ar prio +.Op Oo Fl Oc Ns Cm tunnel Ar src_address dest_address +.Op Cm tunneladdr Ar src_address +.Op Oo Fl Oc Ns Cm tunneldf +.Op Oo Fl Oc Ns Cm tunneldomain Ar rtable +.Op Cm tunnelttl Ar ttl +.Op Cm txprio Ar prio +.Op Oo Fl Oc Ns Cm vnetflowid +.Op Oo Fl Oc Ns Cm vnetid Ar network-id +.Ek +.nr nS 0 +.Pp +.Xr egre 4 , +.Xr eoip 4 , +.Xr etherip 4 , +.Xr gif 4 , +.Xr gre 4 , +.Xr mgre 4 , +.Xr nvgre 4 , +and +.Xr vxlan 4 +are all tunnel interfaces. +The following options are available: +.Bl -tag -width Ds +.It Cm endpoint Ar dest_address dest_mac +When +.Xr vxlan 4 +is in endpoint mode, set the tunnel endpoint +.Ar dest_address +where +.Ar dest_mac +MAC address can be reached. +.It Cm -endpoint Ar dest_mac +When +.Xr vxlan 4 +is in endpoint mode, remove the tunnel endpoint for +.Ar dest_mac +MAC address. +.It Cm keepalive Ar period count +Enable +.Xr gre 4 +and +.Xr eoip 4 +keepalive with a packet sent every +.Ar period +seconds. +A second timer is run with a timeout of +.Ar count +* +.Ar period . +If no keepalive response is received during that time, the link is considered +down. +The minimal usable +.Ar count +is 2 since the round-trip time of keepalive packets needs to be accounted for. +.It Cm -keepalive +Disable the +.Xr gre 4 +keepalive mechanism. +.It Cm parent Ar parent-interface +Associate the +.Xr nvgre 4 +interface with the interface +.Ar parent-interface . +.It Cm -parent +Disassociate from the parent interface. +This breaks the link between the +.Xr nvgre 4 +interface and its parent. +.It Cm rxprio Ar prio +Configure the source used for the packet priority when decapsulating a packet. +The value can be a priority number from 0 to 7, or +.Ar packet +to use the priority currently set on the packet. +If supported by the interface, the value may also be set to +.Ar outer +to have the priority field copied from the tunnel protocol headers, or +.Ar payload +to have the priority field copied from the encapsulated protocol headers. +.It Cm tunnel Ar src_address dest_address Ns Op : Ns Ar dest_port +Set the source and destination tunnel addresses on a tunnel interface. +Packets routed to this interface will be encapsulated in +IPv4 or IPv6, depending on the source and destination address families. +Both addresses must be of the same family. +The optional destination port can be specified for interfaces such as +.Xr vxlan 4 , +which further encapsulate the packets in UDP datagrams. +This directive is incompatible with +.Cm tunneladdr . +.It Cm -tunnel +Remove the source and destination tunnel addresses. +.It Cm tunneladdr Ar src_address +Set the outer IP address of the tunnel. +This is useful for point-to-multipoint tunnels where peers are in different +subnets like +.Xr vxlan 4 +endpoint mode or +.Xr mgre 4 . +It is incompatible with the +.Cm tunnel +directive. +.It Cm tunneldf +Do not allow fragmentation of encapsulated packets. +.It Cm -tunneldf +Allow fragmentation of encapsulated packets. +.It Cm tunneldomain Ar rtable +Use routing table +.Ar rtable +instead of the default table. +The tunnel does not need to terminate in the same routing domain as the +interface itself. +.Ar rtable +can be set to any valid routing table ID; +the corresponding routing domain is derived from this table. +.It Cm -tunneldomain +Use the default routing table and routing domain 0. +.It Cm tunnelttl Ar ttl +Set the IP or multicast TTL of the tunnel packets. +If supported by the tunnel protocol, +the value can also be set to +.Ar copy +to have the TTL copied between the encapsulated protocol headers +and the tunnel protocol headers. +.It Cm txprio Ar prio +Configure the value used for the priority field in the tunnel +protocol headers. +The value can be a priority number from 0 to 7, or +.Ar packet +to use the priority currently set on the packet. +If supported by the interface, the value can also be set to +.Ar payload +to have the priority field copied from the encapsulated protocol headers +to the tunnel protocol headers. +.It Cm vnetflowid +Use a portion of the virtual network identifier space for a flow identifier. +This allows load balancing of the encapsulated traffic over multiple +links. +.It Cm -vnetflowid +Disable the use of a flow identifier in the virtual network identifier. +.It Cm vnetid Ar network-id +Set the virtual network identifier. +This is a number which is used by tunnel protocols such as +.Xr eoip 4 +and +.Xr vxlan 4 +to identify packets with a virtual network. +The accepted size of the number depends on the individual tunnel protocol; +it is a 16-bit number for +.Xr eoip 4 , +and a 24-bit number for +.Xr vxlan 4 . +If supported by the tunnel protocol, +the value can also be set to +.Ar any +to accept packets with arbitrary network identifiers (for example for +multipoint-to-multipoint modes). +.It Cm -vnetid +Clear the virtual network identifier. +.El +.Sh UMB +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar umb-interface +.Op Oo Fl Oc Ns Cm apn Ar apn +.Op Cm chgpin Ar oldpin newpin +.Op Oo Fl Oc Ns Cm class Ar class,class,... +.Op Cm pin Ar pin +.Op Cm puk Ar puk newpin +.Op Oo Fl Oc Ns Cm roaming +.Ek +.nr nS 0 +.Pp +The following options are available for a +.Xr umb 4 +interface: +.Bl -tag -width Ds +.It Cm apn Ar apn +Set the Access Point Name (APN) required by the network provider. +.It Cm -apn +Clear the current APN. +.It Cm chgpin Ar oldpin newpin +Permanently change the PIN of the SIM card from the current value +.Ar oldpin +to +.Ar newpin . +.It Cm class +List all available cell classes. +.It Cm class Ar class,class,... +Set the preferred cell classes. +Apart from those listed by +.Cm class +the following aliases can be used: +.Ar 4G , +.Ar 3G , +and +.Ar 2G . +.It Cm -class +Clear any cell class preferences. +.It Cm down +Marking the interface as "down" will terminate any existing data connection +and deregister with the service provider. +.It Cm pin Ar pin +Enter the PIN required to unlock the SIM card. +Most SIM cards will not be able to establish a network association without +providing a PIN. +.It Cm puk Ar puk newpin +Sets the PIN of the SIM card to +.Ar newpin +using the PUK +.Ar puk +to validate the request. +.It Cm roaming +Enable data roaming. +.It Cm -roaming +Disable data roaming. +.It Cm up +As soon as the interface is marked as "up", the +.Xr umb 4 +device will try to establish a data connection with the service provider. +.El +.Sh VEB +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar veb-interface +.Op Cm add Ar child-iface +.Op Cm addspan Ar child-iface +.Op Cm del Ar child-iface +.Op Cm deladdr Ar address Ns Op Pf @ Ar vid +.Op Cm delspan Ar child-iface +.Op Oo Fl Oc Ns Cm discover Ar child-iface +.Op Cm flushrule Ar interface +.Op Oo Fl Oc Ns Cm learn Ar child-iface +.Op Oo Fl Oc Ns Cm locked Ar child-iface +.Op Oo Fl Oc Ns Cm link0 +.Op Oo Fl Oc Ns Cm link1 +.Op Cm maxaddr Ar size +.Op Oo Fl Oc Ns Cm protected Ar child-iface ids +.Op Cm rule Ar filtering-rule +.Op Cm rulefile Ar filename +.Op Cm rules Ar interface +.Op Cm static Ar child-iface Ar address Ns Op Pf @ Ar vid +.Op Cm timeout Ar time +.Op Cm tagged Ar child-iface Ar vids +.Op Cm -tagged Ar child-iface +.Op Cm untagged Ar child-iface Ar vid +.Op Cm -untagged Ar child-iface +.Op Cm pvlan Ar vid +.Op Cm -pvlan Ar vid +.Op Cm pvlan-isolated Ar vid Ar ivid +.Op Cm -pvlan-isolated Ar vid Ar ivid +.Op Cm pvlan-community Ar vid Ar cvid +.Op Cm -pvlan-community Ar vid Ar cvid +.Op Cm rxprio Ar prio +.Op Cm txprio Ar prio +.Op Cm vnetid Ar vid +.Op Cm -vnetid +.Op Cm up +.Ek +.nr nS 0 +.Pp +The following options are available for a +.Xr veb 4 +interface: +.Bl -tag -width Ds +.It Cm add Ar child-iface +Add +.Ar child-iface +as a member. +.It Cm addspan Ar child-iface +Add +.Ar child-iface +as a span port on the bridge. +.It Cm del Ar child-iface +Remove the member +.Ar child-iface . +.It Cm deladdr Ar address Ns Op Pf @ Ar vid +Delete +.Ar address +on VLAN +.Ar vid +from the cache. +if +.Ar vid +is not specified it uses the default VLAN identifier on the bridge. +.It Cm delspan Ar child-iface +Delete +.Ar child-iface +from the list of span ports of the bridge. +.It Cm discover Ar child-iface +Mark +.Ar child-iface +so that packets are sent out of the interface +if the destination port of the packet is unknown. +If the bridge has no address cache entry for the destination of +a packet, meaning that there is no static entry and no dynamically learned +entry for the destination, the bridge will forward the packet to all member +interfaces that have this flag set. +This is the default for interfaces added to the bridge. +.It Cm -discover Ar child-iface +Mark +.Ar child-iface +so that packets are not sent out of the interface +if the destination port of the packet is unknown. +Turning this flag +off means that the bridge will not send packets out of this interface +unless the packet is a broadcast packet, multicast packet, or a +packet with a destination address found on the interface's segment. +This, in combination with static address cache entries, +prevents potentially sensitive packets from being sent on +segments that have no need to see the packet. +.It Cm flushrule Ar interface +Remove all Ethernet MAC filtering rules from +.Ar interface . +.It Cm learn Ar child-iface +Mark +.Ar child-iface +so that the source address of packets received from +the interface +are entered into the address cache. +This is the default for interfaces added to the bridge. +.It Cm -learn Ar child-iface +Mark +.Ar child-iface +so that the source address of packets received from interface +are not entered into the address cache. +.It Cm locked Ar child-iface +Mark +.Ar child-iface +so that the source address of packets received from +the interface must have an entry in the address cache that refers +to this interface. +This option is mutually exclusive with the +.Cm learn +and +.Cm discover +options on the same interface. +.It Cm -locked Ar child-iface +Mark +.Ar child-iface +so that the source address of packets received from the interface +does not need an existing entry in the address cache that refers to +this interface. +This is the default for interfaces added to the bridge. +.It Cm link0 +Disable the filtering of 802.1Q VLAN and QinQ SVLAN packets. +.It Cm -link0 +Enable the filtering of 802.1Q VLAN and QinQ SVLAN packets. +This is the default. +.It Cm link1 +Enable the filtering of IPv4 and IPv6 packets with +.Xr pf 4 . +.It Cm -link1 +Disable the filtering of IPv4 and IPv6 packets with +.Xr pf 4 . +This is the default. +.It Cm protected Ar child-iface ids +Put +.Ar child-iface +in protected domains. +.Ar ids +is a comma delimited list of domain IDs, between 1 and 31, to put the +interface in. +Interfaces that are part of a protected domain cannot forward traffic to any +other interface in that domain. +Interfaces do not belong to any protected domain by default. +.It Cm -protected Ar child-iface +Remove +.Ar child-iface +from all protected domains. +.It Cm maxaddr Ar size +Set the address cache size to +.Ar size . +The default is 100 entries. +.It Xo +.Cm rule +.Cm block Ns | Ns Cm pass +.Op Cm in | out +.Cm on Ar interface +.Op Cm src Ar lladdr +.Op Cm dst Ar lladdr +.Bk -words +.Op Cm tag Ar tagname +.Oo +.Cm arp Ns | Ns Cm rarp Op Cm request | reply +.Op Cm sha Ar lladdr +.Op Cm spa Ar ipaddr +.Op Cm tha Ar lladdr +.Op Cm tpa Ar ipaddr +.Oc +.Ek +.Xc +Add a filtering rule to an interface. +Rules have a similar syntax to those in +.Xr pf.conf 5 . +Rules can be used to selectively +.Cm block +or +.Cm pass +frames based on Ethernet +MAC addresses or to +.Cm tag +packets for +.Xr pf 4 +to filter on. +.Pp +.Xr arp 4 +packets can be matched with the +.Cm arp +keyword for regular packets and +.Cm rarp +for reverse arp. +.Cm request +and +.Cm reply +limit matches to requests or replies. +The source and target host addresses can be matched with the +.Cm sha +and +.Cm tha +keywords, +and the protocol addresses with +.Cm spa +and +.Cm tpa . +.Pp +Rules are processed in the order in which they were added to the interface. +The first rule matched takes the action (block or pass) +and, if given, the tag of the rule. +If no source or destination address is specified, the +rule will match all frames (good for creating a catchall policy). +.It Cm rulefile Ar filename +Load a set of rules from the file +.Ar filename . +.It Cm rules Ar interface +Display the active filtering rules in use on +.Ar interface . +.It Cm static Ar child-iface Ar address Ns Op Pf @ Ar vid +Add a static entry for +.Ar address +on VLAN +.Ar vid +into the address cache pointing to +.Ar child-iface . +If +.Ar vid +is not specified it defaults to the VLAN used by untagged packets on +.Ar child-iface . +Static entries are never aged out of the cache or replaced, even +if the address is seen on a different interface. +.It Cm timeout Ar time +Set the timeout, in seconds, for addresses in the cache to +.Ar time . +The default is 240 seconds. +If +.Ar time +is set to zero, then entries will not be expired. +.It Cm tagged Ar child-iface Ar vids +Modify the set of VLAN identifiers that can be sent and received +as VLAN tagged traffic on +.Ar child-iface +with the specified +.Ar vids . +Multiple VLAN identifiers can specified as comma separated values. +Each VLAN identifier may be specified as a range with a minimum and +maximum value separated by a hyphen. +If +.Ar vids +is prefixed with +, -, or =, the identifiers are added to, removed +from, or replaced with the set respectively. +Without a prefix the VLAN identifiers are added to the set. +.\" XXX tagged all|none +By default the set of tagged VLAN is empty. +.It Cm -tagged Ar child-iface +Clear all the VLAN identifiers from the set that can be sent or +received as VLAN tagged traffic on +.Ar child-iface . +This effectively disables VLAN tagged packet handling by the bridge +on the specified port. +.It Cm untagged Ar child-iface Ar vid +Set untagged traffic on +.Ar child-iface +to operate in the VLAN specified by +.Ar vid . +The +.Ar vid +can be specified as +.Cm passthrough +to configure the bridge to decline untagged packets on this port +and return them to the network stack for local processing. +By default ports are configured with the default VLAN identifier +configured on the bridge. +.It Cm -untagged Ar child-iface +Block untagged traffic on +.Ar child-iface . +.It Cm pvlan Ar vid +Configure a Private VLAN (PVLAN) with +.Ar vid +as a primary VLAN identifier. +.It Cm -pvlan Ar vid +Remove the Private VLAN identified by the primary VLAN identifier +.Ar vid . +.It Cm pvlan-isolated Ar vid Ar ivid +Configure +.Ar ivid +as an isolated VLAN within the Private VLAN identified by the +primary VLAN identifier +.Ar vid . +A PVLAN only supports a single isolated VLAN. +An isolated VLAN can only be configured if the identifier is not +in use. +.It Cm -pvlan-isolated Ar vid Ar ivid +Remove the isolated VLAN +.Ar ivid +from the Private VLAN identified by the +primary VLAN identifier +.Ar vid . +An isolated VLAN can only be removed from the PVLAN if it not in +use. +.It Cm pvlan-community Ar vid Ar cvid +Configure +.Ar cvid +as a community VLAN within the Private VLAN identified by the +primary VLAN identifier +.Ar vid . +A community VLAN can only be configured if the identifier is not +in use. +.It Cm -pvlan-community Ar vid Ar cvid +Remove the community VLAN +.Ar cvid +from the Private VLAN identified by the +primary VLAN identifier +.Ar vid . +A community VLAN can only be removed from the PVLAN if it not in +use. +.It Cm pvptags Ar child-iface +Configure the +.Ar child-iface +port so PVLANs will only use primary VLANs when sending tagged packets. +.It Cm -pvptags Ar child-iface +Configure the +.Ar child-iface +port so PVLANs will use primary and secondary VLANs when sending +tagged packets. +This is the default. +.It Cm rxprio Ar prio +Configure the handling of the VLAN priority field in received packets. +This is compatible with the configuration of +.Cm rxprio +on +.Xr vlan 4 +interfaces. +.It Cm txprio Ar prio +Configure the handling of the VLAN priority field in transmitted packets. +This is compatible with the configuration of +.Cm txprio +on +.Xr vlan 4 +interfaces. +.It Cm vnetid Ar vid +Set the default VLAN identifier for untagged packets for ports added +to the bridge. +The default is VLAN 1. +.It Cm -vnetid +Remove the default VLAN identifier for untagged packets for ports added +to the bridge. +Ports added to the bridge will not be able to send or receive packets +until they are explicitly configured. +.It Cm up +Start forwarding packets. +.El +.Sh VLAN +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar vlan-interface +.Op Oo Fl Oc Ns Cm parent Ar parent-interface +.Op Cm rxprio Ar prio +.Op Cm txprio Ar prio +.Op Oo Fl Oc Ns Cm vnetid Ar vlan-tag +.Ek +.nr nS 0 +.Pp +The following options are available for +.Xr vlan 4 +and +.Xr svlan 4 +VLAN interfaces: +.Bl -tag -width Ds +.It Cm parent Ar parent-interface +Associate the VLAN interface with the interface +.Ar parent-interface . +Packets transmitted on +.Xr vlan 4 +or +.Xr svlan 4 +interfaces will be tagged with 802.1Q or 802.1ad headers respectively +and transmitted on the specified parent interface. +Packets with 802.1Q or 802.1ad tags received +by the parent interface with the specified VLAN tag will be diverted to +the associated VLAN interface. +Unless a custom Ethernet address is assigned to the VLAN interface, +it will inherit a copy of the parent interface's Ethernet address. +.It Cm -parent +Disassociate from the parent interface. +This breaks the link between the VLAN interface and its parent. +.It Cm rxprio Ar prio +Set the value used for the packet priority field. +Values may be from 0 to 7, +.Ar packet +to maintain the current packet priority, or +.Ar outer +to use the priority field in the 802.1Q or 802.1ad headers. +.It Cm txprio Ar prio +Set the value used for the priority field in the 802.1Q or 802.1ad +headers. +Values may be from 0 to 7, or +.Ar packet +to use the priority of packets transmitted on the interface. +.It Cm vnetid Ar vlan-tag +Set the VLAN tag value to +.Ar vlan-tag . +This value is a 12-bit number which is used in the 802.1Q or 802.1ad +headers in packets handled by +.Xr vlan 4 +or +.Xr svlan 4 +interfaces respectively. +Valid tag values are from 1 to 4094 inclusive. +.It Cm -vnetid +Clear the tag value. +Packets on a VLAN interface without a tag set will use a value of +0 in their headers. +.El +.Sh WIREGUARD +.nr nS 1 +.Bk -words +.Nm ifconfig +.Ar wg-interface +.Op Cm wgkey Ar privatekey +.Op Cm wgport Ar port +.Op Cm wgrtable Ar rtable +.Op Fl wgpeerall +.Oo +.Oo Fl Oc Ns Cm wgpeer Ar publickey +.Op Oo Fl Oc Ns Cm wgdescr Ns Oo Cm iption Oc Ar value +.Op Cm wgaip Ar allowed-ip_address/prefix +.Op Cm wgendpoint Ar peer_address port +.Op Cm wgpka Ar interval +.Op Cm wgpsk Ar presharedkey +.Op Fl wgpsk +.Oc +.Ek +.nr nS 0 +.Pp +Detailed peer information is available to the superuser when +.Nm +is run with the +.Fl A +flag or when passed specific +.Ar wg-interface +names. +.Pp +The following options are available for +.Xr wg 4 +interfaces: +.Bl -tag -width Ds +.It Cm wgkey Ar privatekey +Set the private key of the interface. +The +.Ar privatekey +is 32 bytes, base64-encoded. +It can be generated as follows: +.Pp +.Dl $ openssl rand -base64 32 +.Pp +The corresponding public key will then be displayed +in the interface status for distribution to peers. +.It Cm wgpeer Ar publickey +Specify an interface peer by its +.Ar publickey , +which is 32 bytes, base64-encoded. +Repeat the option to specify multiple peers in a single command. +.It Cm -wgpeer Ar publickey +Remove the peer with the given +.Ar publickey . +.It Cm -wgpeerall +Remove all peers from the interface. +.It Cm wgport Ar port +Set the interface's UDP +.Ar port +for exchanging traffic with its peers. +The interface will bind to +.Dv INADDR_ANY +and +.Dv IN6ADDR_ANY_INIT . +By default, the interface will choose a port. +.It Cm wgrtable Ar rtable +Exchange traffic with peers under the routing table +.Ar rtable , +instead of the default +.Xr rtable 4 . +The routing domain of the +.Ar rtable +needn't be the routing domain to which the interface is attached, in which +the interface's tunneled traffic appears. +.El +.Pp +Peer configuration options, which apply to the +.Cm wgpeer +immediately preceding them, +are as follows: +.Bl -tag -width Ds +.Tg wgdescription +.It Cm wgdescr Ns Oo Cm iption Oc Ar value +Set the peer's description. +This can be used to label peers in situations where they may +otherwise be difficult to distinguish. +.It Cm -wgdescr Ns Op Cm iption +Clear the peer description. +.It Cm wgaip Ar allowed-ip_address/prefix +Set the peer's IPv4 or IPv6 +.Ar allowed-ip_address +range for tunneled traffic. +Repeat the option to set multiple ranges. +By default, no addresses are allowed. +.It Cm wgendpoint Ar peer_address port +Address traffic to the peer's IPv4 or IPv6 +.Ar peer_address +and UDP +.Ar port . +The interface will track the peer, updating +.Cm wgendpoint +to the source of its last authenticated packet. +By default, the endpoint is unknown and so the peer cannot be addressed until +it initiates communication. +This implies that at least one peer in each pair must specify +.Cm wgendpoint . +.It Cm wgpka Ar interval +Set the +.Ar interval +of persistent keepalive packets in seconds. +The default, zero, disables these. +They can be used to maintain connectivity to a peer otherwise blocked +to unsolicited traffic by an intermediate firewall or NAT device. +For this, an +.Ar interval +of 25 seconds should suffice. +.It Cm wgpsk Ar presharedkey +Set a unique key pre-shared with the peer. +This strengthens the Diffie-Hellman exchange should in future a +quantum-computational attack on it become feasible. +The +.Ar presharedkey +is 32 bytes, base64-encoded. +It is optional but recommended and can be generated as follows: +.Pp +.Dl $ openssl rand -base64 32 +.It Cm -wgpsk +Remove the pre-shared key for this peer. +.El +.Sh EXAMPLES +Assign the +address of 192.168.1.10 with a network mask of +255.255.255.0 to interface fxp0: +.Pp +.Dl # ifconfig fxp0 inet 192.168.1.10 netmask 255.255.255.0 +.Pp +Configure the xl0 interface to use 100baseTX, full duplex: +.Pp +.Dl # ifconfig xl0 media 100baseTX mediaopt full-duplex +.Pp +Label the em0 interface as an uplink: +.Pp +.Dl # ifconfig em0 description \&"Uplink to Gigabit Switch 2\&" +.Pp +Create the gif1 network interface: +.Pp +.Dl # ifconfig gif1 create +.Pp +Put the athn0 wireless interface into monitor mode: +.Pp +.Dl # ifconfig athn0 mediaopt monitor +.Sh DIAGNOSTICS +Messages indicating the specified interface does not exist, the +requested address is unknown, or the user is not privileged and +tried to alter an interface's configuration. +.Sh SEE ALSO +.Xr netstat 1 , +.Xr ifmedia 4 , +.Xr inet 4 , +.Xr intro 4 , +.Xr netintro 4 , +.Xr rtable 4 , +.Xr hostname.if 5 , +.Xr hosts 5 , +.Xr rc 8 , +.Xr route 8 , +.Xr slaacd 8 , +.Xr tcpdump 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/ifstated.8 b/static/openbsd/man8/ifstated.8 new file mode 100644 index 00000000..c17dd97d --- /dev/null +++ b/static/openbsd/man8/ifstated.8 @@ -0,0 +1,89 @@ +.\" $OpenBSD: ifstated.8,v 1.10 2017/08/08 14:16:12 rob Exp $ +.\" +.\" Copyright (c) 2004 Ryan McBride +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 8 2017 $ +.Dt IFSTATED 8 +.Os +.Sh NAME +.Nm ifstated +.Nd Interface State daemon +.Sh SYNOPSIS +.Nm ifstated +.Op Fl dhinv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Sh DESCRIPTION +The +.Nm +daemon runs commands in response to network state changes, which it +determines by monitoring interface link state or running external +tests. +For example, it can be used with +.Xr carp 4 +to change running services or to ensure that +.Xr carp 4 +interfaces stay in sync, or with +.Xr pf 4 +to test server or link availability and modify translation or routing rules. +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize and log to +.Em stdout . +.It Fl f Ar file +Specify an alternate location, +.Ar file , +for the configuration file. +.It Fl h +Print help message. +.It Fl i +Ignore initial interface states. +.It Fl n +Configtest mode. +Check config validity, then exit. +.It Fl v +Verbose mode. +Use twice to further increase verbosity. +.El +.Pp +Upon receiving +.Dv SIGHUP , +.Nm +reloads the configuration file. +.Sh FILES +.Bl -tag -width "/etc/ifstated.conf" -compact +.It Pa /etc/ifstated.conf +.Nm +configuration file. +.El +.Sh SEE ALSO +.Xr carp 4 , +.Xr pf 4 , +.Xr ifstated.conf 5 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.8 . diff --git a/static/openbsd/man8/ikectl.8 b/static/openbsd/man8/ikectl.8 new file mode 100644 index 00000000..7a79c949 --- /dev/null +++ b/static/openbsd/man8/ikectl.8 @@ -0,0 +1,366 @@ +.\" $OpenBSD: ikectl.8,v 1.28 2022/03/31 17:27:30 naddy Exp $ +.\" +.\" Copyright (c) 2007-2013 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt IKECTL 8 +.Os +.Sh NAME +.Nm ikectl +.Nd control the IKEv2 daemon +.Sh SYNOPSIS +.Nm +.Op Fl q +.Op Fl s Ar socket +.Ar command +.Op Ar arg ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr iked 8 +daemon and provides commands to maintain a simple X.509 certificate +authority (CA) for IKEv2 peers. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl q +Don't ask for confirmation of any default options. +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/iked.sock +to communicate with +.Xr iked 8 . +.El +.Sh IKED CONTROL COMMANDS +The following commands are available to control +.Xr iked 8 : +.Bl -tag -width Ds +.It Cm active +Set +.Xr iked 8 +to active mode. +.It Cm passive +Set +.Xr iked 8 +to passive mode. +In passive mode no packets are sent to peers and no connections +are initiated by +.Xr iked 8 . +.It Cm couple +Load the negotiated security associations (SAs) and flows into the kernel. +.It Cm decouple +Unload the negotiated SAs and flows from the kernel. +This mode is only useful for testing and debugging. +.It Cm load Ar filename +Reload the configuration from the specified file. +.It Cm log brief +Disable verbose logging. +.It Cm log verbose +Enable verbose logging. +.It Cm monitor +Monitor internal messages of the +.Xr iked 8 +subsystems. +.It Cm reload +Reload the configuration from the default configuration file. +.It Cm reset all +Reset the running state. +.It Cm reset ca +Reset the X.509 CA and certificate state. +.It Cm reset policy +Flush the configured policies. +.It Cm reset sa +Flush the running SAs. +.It Cm reset user +Flush the local user database. +.It Cm reset id Ar ikeid +Delete all IKE SAs with matching ID. +.It Cm show sa +Show internal state of active IKE SAs, Child SAs and IPsec flows. +.El +.Sh PKI AND CERTIFICATE AUTHORITY COMMANDS +In order to use public key based authentication with IKEv2, +a public key infrastructure (PKI) has to be set up to create and sign +the peer certificates. +.Nm +includes commands to simplify maintenance of the PKI +and to set up a simple certificate authority (CA) for +.Xr iked 8 +and its peers. +.Pp +The following commands are available to control the CA: +.Bl -tag -width Ds +.It Xo +.Cm ca Ar name Cm create +.Op Cm password Ar password +.Xc +Create a new certificate authority with the specified +.Ar name . +The command will prompt for a CA password unless it is specified with +the optional +.Ar password +argument. +The password will be saved in a protected file +.Pa ikeca.passwd +in the CA directory and used for subsequent commands. +.It Cm ca Ar name Cm delete +Delete the certificate authority with the specified +.Ar name . +.It Xo +.Cm ca Ar name Cm export +.Op Cm peer Ar peer +.Op Cm password Ar password +.Xc +Export the certificate authority with the specified +.Ar name +into the current directory for transport to other systems. +This command will create a compressed tarball called +.Pa ca.tgz +in the local directory and optionally +.Pa ca.zip +if the +.Sq zip +tool is installed. +The optional +.Ar peer +argument can be used to specify the address or FQDN of the local gateway +which will be written into a text file +.Pa peer.txt +and included in the archives. +.It Xo +.Cm ca Ar name +.Cm install Op Ar path +.Xc +Install the certificate and Certificate Revocation List (CRL) for CA +.Ar name +as the currently active CA or into the specified +.Ar path . +.It Xo +.Cm ca Ar name Cm certificate Ar host +.Cm create +.Op Ic server | client | ocsp +.Xc +Create a private key and certificate for +.Ar host +and sign then with the key of certificate authority with the specified +.Ar name . +.Pp +The certificate will be valid for client and server authentication by +default by setting both flags as the extended key usage in the certificate; +this can be restricted using the optional +.Ic server +or +.Ic client +argument. +If the +.Ic ocsp +argument is specified, the extended key usage will be set for OCSP signing. +.It Xo +.Cm ca Ar name Cm certificate Ar host +.Cm delete +.Xc +Deletes the private key and certificates associated with +.Ar host . +.It Xo +.Cm ca Ar name Cm certificate Ar host +.Cm export +.Op Cm peer Ar peer +.Op Cm password Ar password +.Xc +Export key files for +.Ar host +of the certificate authority with the specified +.Ar name +into the current directory for transport to other systems. +This command will create a compressed tarball +.Pa host.tgz +in the local directory and optionally +.Pa host.zip +if the +.Sq zip +tool is installed. +The optional +.Ar peer +argument can be used to specify the address or FQDN of the local gateway +which will be written into a text file +.Pa peer.txt +and included in the archives. +.It Xo +.Cm ca Ar name Cm certificate Ar host +.Cm install Op Ar path +.Xc +Install the private and public key for +.Ar host +into the active configuration or specified +.Ar path . +.It Xo +.Cm ca Ar name Cm certificate Ar host +.Cm revoke +.Xc +Revoke the certificate specified by +.Ar host +and generate a new Certificate Revocation List (CRL). +.It Xo +.Cm show Cm ca Ar name Cm certificates +.Op Ar host +.Xc +Display a listing of certificates associated with CA +.Ar name +or display certificate details if +.Ar host +is specified. +.It Xo +.Cm ca Ar name Cm key Ar host +.Cm create +.Xc +Create a private key for +.Ar host +if one does not already exist. +.It Xo +.Cm ca Ar name Cm key Ar host +.Cm install Op Ar path +.Xc +Install the private and public keys for +.Ar host +into the active configuration or specified +.Ar path . +.It Xo +.Cm ca Ar name Cm key Ar host +.Cm delete +.Xc +Delete the private key for +.Ar host . +.It Xo +.Cm ca Ar name Cm key Ar host +.Cm import +.Ar file +.Xc +Source the private key for +.Ar host +from the named +.Ar file . +.El +.Sh FILES +.Bl -tag -width "/var/run/iked.sockXX" -compact +.It Pa /etc/iked/ +Active configuration. +.It Pa /etc/ssl/ +Directory to store the CA files. +.It Pa /usr/share/iked/ +If this optional directory exists, +.Nm +will include the contents with the +.Cm ca export +commands. +.It Pa /var/run/iked.sock +Default +.Ux Ns -domain +socket used for communication with +.Xr iked 8 . +.El +.Sh EXAMPLES +First create a new certificate authority: +.Bd -literal -offset indent +# ikectl ca vpn create +.Ed +.Pp +Now create the certificates for the VPN peers. +The specified hostname, either IP address or FQDN, will be saved in +the signed certificate and has to match the IKEv2 identity, or +.Ar srcid , +of the peers: +.Bd -literal -offset indent +# ikectl ca vpn certificate 10.1.2.3 create +# ikectl ca vpn certificate 10.2.3.4 create +# ikectl ca vpn certificate 10.3.4.5 create +.Ed +.Pp +It is possible that the host that was used to create the CA is also +one of the VPN peers. +In this case you can install the peer and CA certificates locally: +.Bd -literal -offset indent +# ikectl ca vpn install +# ikectl ca vpn certificate 10.1.2.3 install +.Ed +.Pp +Now export the individual host key, the certificate and the CA +certificate to each other peer. +First run the +.Ic export +command to create tarballs that include the required files: +.Bd -literal -offset indent +# ikectl ca vpn certificate 10.2.3.4 export +# ikectl ca vpn certificate 10.3.4.5 export +.Ed +.Pp +These commands will produce two tarballs +.Em 10.2.3.4.tgz +and +.Em 10.3.4.5.tgz . +Copy these tarballs over to the appropriate peers and extract them +to the +.Pa /etc/iked/ +directory: +.Bd -literal -offset indent +10.2.3.4# tar -C /etc/iked -xzpf 10.2.3.4.tgz +10.3.4.5# tar -C /etc/iked -xzpf 10.3.4.5.tgz +.Ed +.Pp +.Nm +will also create +.Sq zip +archives 10.2.3.4.zip and 10.3.4.5.zip +in addition to the tarballs if the zip tool is found in +.Pa /usr/local/bin/zip . +These archives can be exported to peers running Windows and will +include the certificates in a format that is supported by the OS. +The zip tool can be installed from the +.Ox +packages or ports collection before running the +.Ic export +commands, see +.Xr packages 7 +for more information. +For example: +.Bd -literal -offset indent +# pkg_add zip +.Ed +.Sh SEE ALSO +.Xr packages 7 , +.Xr iked 8 , +.Xr ssl 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.8 . +.Sh AUTHORS +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org +and +.An Jonathan Gray Aq Mt jsg@openbsd.org . +.Sh CAVEATS +For ease of use, the +.Ic ca +commands maintain all peers' private keys on the CA machine. +In contrast to a +.Sq real +CA, it does not support signing of public keys that have been imported +from peers that do not want to expose their private keys to the CA. diff --git a/static/openbsd/man8/iked.8 b/static/openbsd/man8/iked.8 new file mode 100644 index 00000000..7134e54f --- /dev/null +++ b/static/openbsd/man8/iked.8 @@ -0,0 +1,215 @@ +.\" $OpenBSD: iked.8,v 1.30 2021/11/29 13:20:24 jmc Exp $ +.\" +.\" Copyright (c) 2010 - 2014 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 29 2021 $ +.Dt IKED 8 +.Os +.Sh NAME +.Nm iked +.Nd Internet Key Exchange version 2 (IKEv2) daemon +.Sh SYNOPSIS +.Nm iked +.Op Fl dnSTtVv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl p Ar udpencap_port +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is an Internet Key Exchange (IKEv2) daemon which performs mutual +authentication and which establishes and maintains IPsec flows and +security associations (SAs) between the two peers. +.Pp +The IKEv2 protocol is defined in RFC 7296, +which combines and updates the previous standards: +ISAKMP/Oakley (RFC 2408), +IKE (RFC 2409), +and the Internet DOI (RFC 2407). +.Nm +only supports the IKEv2 protocol; +support for +ISAKMP/Oakley and IKEv1 +is provided by +.Xr isakmpd 8 . +.Pp +.Nm +supports mutual authentication using RSA or ECDSA public keys and X.509 +certificates. +See the +.Sx PUBLIC KEY AUTHENTICATION +section below and PKI AND CERTIFICATE AUTHORITY COMMANDS in +.Xr ikectl 8 +for more information about creating and maintaining the public key +infrastructure. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize and log to +.Em stderr . +.It Fl f Ar file +Use +.Ar file +as the configuration file, instead of the default +.Pa /etc/iked.conf . +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl p Ar udpencap_port +Specify the listen port for encapsulated UDP that +the daemon will bind to as well as the UDP encapsulation port set +in resulting IPsec SAs. +In order to receive UDP encapsulated IPsec packets on ports other +than 4500, the +.Em net.inet.esp.udpencap_port +.Xr sysctl 2 +variable has to be set accordingly. +Implies -t. +.It Fl S +Start +.Nm +in passive mode. +See the +.Ic set passive +option in +.Xr iked.conf 5 +for more information. +.It Fl s Ar socket +Use +.Ar socket +as the control socket, instead of the default +.Pa /var/run/iked.sock . +.It Fl T +Disable NAT-Traversal and do not propose NAT-Traversal support to the peers. +.It Fl t +Enforce NAT-Traversal and only listen to NAT-Traversal messages. +This option is only recommended for testing; the default is to +negotiate NAT-Traversal with the peers. +.It Fl V +Show the version and exit. +.It Fl v +Produce more verbose output. +.El +.Sh PUBLIC KEY AUTHENTICATION +It is possible to store trusted public keys to make them directly +usable by +.Nm , +bypassing the need to use certificates. +The keys should be saved in PEM format (see +.Xr openssl 1 ) +and named and stored as follows: +.Pp +.Bl -tag -width "for_ufqdn_identitiesXX" -offset 3n -compact +.It For IPv4 identities: +/etc/iked/pubkeys/ipv4/A.B.C.D +.It For IPv6 identities: +/etc/iked/pubkeys/ipv6/abcd:abcd::ab:bc +.It For FQDN identities: +/etc/iked/pubkeys/fqdn/foo.bar.org +.It For UFQDN identities: +/etc/iked/pubkeys/ufqdn/user@foo.bar.org +.El +.Pp +Depending on the +.Ic srcid +and +.Ic dstid +specifications in +.Xr iked.conf 5 , +keys may be named after their IPv4 address, IPv6 address, +fully qualified domain name (FQDN) or user fully qualified domain name (UFQDN). +.Pp +For example, +.Nm +can authenticate using the pre-generated keys if the local public key, +by default +.Pa /etc/iked/local.pub , +is copied to the remote gateway as +.Pa /etc/iked/pubkeys/ipv4/local.gateway.ip.address +and the remote gateway's public key +is copied to the local gateway as +.Pa /etc/iked/pubkeys/ipv4/remote.gateway.ip.address . +Of course, new keys may also be generated +(the user is not required to use the pre-generated keys). +In this example, +.Ic srcid +and +.Ic dstid +would also have to be set to the specified addresses +in +.Xr iked.conf 5 . +.Sh FILES +.Bl -tag -width "/etc/iked/private/XXX" -compact +.It Pa /etc/iked.conf +The default +.Nm +configuration file. +.It Pa /etc/iked/ca/ +The directory where CA certificates are kept. +.It Pa /etc/iked/certs/ +The directory where IKE certificates are kept, both the local +certificate(s) and those of the peers, if a choice to have them kept +permanently has been made. +.It Pa /etc/iked/crls/ +The directory where CRLs are kept. +.It Pa /etc/iked/private/ +The directory where local private keys used for public key authentication +are kept. +The file +.Pa local.key +is used to store the local private key. +.It Pa /etc/iked/pubkeys/ +The directory in which trusted public keys are kept. +The keys must be named in the fashion described above. +.It Pa /var/run/iked.sock +The default +.Nm +control socket. +.El +.Sh SEE ALSO +.Xr iked.conf 5 , +.Xr ikectl 8 , +.Xr isakmpd 8 +.Sh STANDARDS +.Rs +.%A C. Kaufman +.%A P. Hoffman +.%A Y. Nir +.%A P. Eronen +.%A T. Kivinen +.%D October 2014 +.%R RFC 7296 +.%T Internet Key Exchange Protocol Version 2 (IKEv2) +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.8 . +.Sh AUTHORS +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/static/openbsd/man8/inetd.8 b/static/openbsd/man8/inetd.8 new file mode 100644 index 00000000..f1a8e140 --- /dev/null +++ b/static/openbsd/man8/inetd.8 @@ -0,0 +1,392 @@ +.\" $OpenBSD: inetd.8,v 1.42 2020/02/10 13:18:21 schwarze Exp $ +.\" Copyright (c) 1985, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)inetd.8 6.7 (Berkeley) 3/16/91 +.\" +.Dd $Mdocdate: February 10 2020 $ +.Dt INETD 8 +.Os +.Sh NAME +.Nm inetd , +.Nm inetd.conf +.Nd internet super-server +.Sh SYNOPSIS +.Nm inetd +.Op Fl d +.Op Fl R Ar rate +.Op Ar configuration_file +.Sh DESCRIPTION +.Nm inetd +should be run at boot time by +.Pa /etc/rc +(see +.Xr rc 8 ) . +It then listens for connections on certain internet sockets. +When a connection is found on one +of its sockets, it decides what service the socket +corresponds to, and invokes a program to service the request. +After the program is +finished, it continues to listen on the socket (except in some cases which +will be described below). +Essentially, +.Nm inetd +allows running one daemon to invoke several others, +reducing load on the system. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Turns on debugging. +.It Fl R Ar rate +Specify the maximum number of times a service can be invoked +in one minute; the default is 256. +If a service exceeds this limit, +.Nm +will log the problem +and stop servicing requests for the specific service for ten minutes. +See also the wait/nowait configuration fields below. +.El +.Pp +Upon execution, +.Nm inetd +reads its configuration information from a configuration +file which, by default, is +.Pa /etc/inetd.conf . +There must be an entry for each field of the configuration +file, with entries for each field separated by a tab or +a space. +Comments are denoted by a +.Dq # +at the beginning +of a line. +The fields of the configuration file are as follows: +.Bd -unfilled -offset indent +service name +socket type +protocol +wait/nowait[.max] +user[.group] or user[:group] +server program +server program arguments +.Ed +.Pp +To specify a Sun-RPC +based service, the entry would contain these fields. +.Bd -unfilled -offset indent +service name/version +socket type +rpc/protocol +wait/nowait[.max] +user[.group] or user[:group] +server program +server program arguments +.Ed +.Pp +For internet services, the first field of the line may also have a host +address specifier prefixed to it, separated from the service name by a +colon. +If this is done, the string before the colon in the first field +indicates what local address +.Nm +should use when listening for that service. +Multiple local addresses +can be specified on the same line, separated by commas. +Numeric IP +addresses in dotted-quad notation can be used as well as symbolic +hostnames. +Symbolic hostnames are looked up using +.Fn getaddrinfo . +If a hostname has multiple address mappings, inetd creates a socket +to listen on each address. +.Pp +The single character +.Dq \&* +indicates +.Dv INADDR_ANY , +meaning +.Dq all local addresses . +To avoid repeating an address that occurs frequently, a line with a +host address specifier and colon, but no further fields, causes the +host address specifier to be remembered and used for all further lines +with no explicit host specifier (until another such line or the end of +the file). +A line +.Dl *: +is implicitly provided at the top of the file; thus, traditional +configuration files (which have no host address specifiers) will be +interpreted in the traditional manner, with all services listened for +on all local addresses. +If the protocol is +.Dq unix , +this value is ignored. +.Pp +The +.Em service name +entry is the name of a valid service in +the file +.Pa /etc/services . +For +.Dq internal +services (discussed below), the service +name +.Em must +be the official name of the service (that is, the first entry in +.Pa /etc/services ) . +When used to specify a Sun-RPC +based service, this field is a valid RPC service name in +the file +.Pa /etc/rpc . +The part on the right of the +.Dq / +is the RPC version number. +This can simply be a single numeric argument or a range of versions. +A range is bounded by the low version to the high version - +.Dq rusers/1-3 . +For +.Ux Ns -domain +sockets this field specifies the path name of the socket. +.Pp +The +.Em socket type +should be one of +.Dq stream +or +.Dq dgram , +depending on whether the socket is a stream or datagram socket. +.Pp +The +.Em protocol +must be a valid protocol as given in +.Pa /etc/protocols . +Examples might be +.Dq tcp +or +.Dq udp . +RPC based services are specified with the +.Dq rpc/tcp +or +.Dq rpc/udp +service type. +.Dq tcp +and +.Dq udp +will be recognized as +.Dq TCP or UDP over default IP version . +This is currently IPv4, but in the future it will be IPv6. +If you need to specify IPv4 or IPv6 explicitly, use something like +.Dq tcp4 +or +.Dq udp6 . +A +.Em protocol +of +.Dq unix +is used to specify a socket in the +.Ux Ns -domain . +.Pp +The +.Em wait/nowait +entry is used to tell +.Nm +if it should wait for the server program to return, +or continue processing connections on the socket. +If a datagram server connects +to its peer, freeing the socket so +.Nm inetd +can receive further messages on the socket, it is said to be +a +.Dq multi-threaded +server, and should use the +.Dq nowait +entry. +For datagram servers which process all incoming datagrams +on a socket and eventually time out, the server is said to be +.Dq single-threaded +and should use a +.Dq wait +entry. +.Xr comsat 8 +.Pq Xr biff 1 +and +.Xr talkd 8 +are both examples of the latter type of +datagram server. +The optional +.Dq max +suffix (separated from +.Dq wait +or +.Dq nowait +by a dot) specifies the maximum number of times a service can be invoked +in one minute; the default is 256. +If a service exceeds this limit, +.Nm +will log the problem +and stop servicing requests for the specific service for ten minutes. +See also the +.Fl R +option above. +.Pp +Stream servers are usually marked as +.Dq nowait +but if a single server process is to handle multiple connections, it may be +marked as +.Dq wait . +The master socket will then be passed as fd 0 to the server, which will then +need to accept the incoming connection. +The server should eventually time +out and exit when no more connections are active. +.Nm +will continue to +listen on the master socket for connections, so the server should not close +it when it exits. +.Pp +The +.Em user +entry should contain the user name of the user as whom the server +should run. +This allows for servers to be given less permission +than root. +An optional group name can be specified by appending a dot to +the user name followed by the group name. +This allows for servers to run with +a different (primary) group ID than specified in the password file. +If a group +is specified and user is not root, the supplementary groups associated with +that user will still be set. +.Pp +The +.Em server program +entry should contain the pathname of the program which is to be +executed by +.Nm inetd +when a request is found on its socket. +If +.Nm inetd +provides this service internally, this entry should +be +.Dq internal . +.Pp +The +.Em server program arguments +should be just as arguments +normally are, starting with argv[0], which is the name of +the program. +If the service is provided internally, the word +.Dq internal +should take the place of this entry. +.Pp +.Nm inetd +provides several +.Dq trivial +services internally by use of routines within itself. +These services are +.Dq echo , +.Dq discard , +.Dq chargen +(character generator), +.Dq daytime +(human readable time), and +.Dq time +(machine readable time, +in the form of the number of seconds since midnight, January +1, 1900). +All of these services are TCP based. +For details of these services, consult the appropriate RFC +from the Network Information Center. +.Pp +.Nm inetd +rereads its configuration file when it receives a hangup signal, +.Dv SIGHUP . +Services may be added, deleted or modified when the configuration file +is reread. +.Ss IPv6 TCP/UDP behavior +If you wish to run a server for IPv4 and IPv6 traffic, +you'll need to run two separate processes for the same server program, +specified as two separate lines in +.Pa inetd.conf , +for +.Dq tcp4 +and +.Dq tcp6 . +.Pp +Under various combinations of IPv4/v6 daemon settings, +.Nm +will behave as follows: +.Bl -bullet -compact +.It +If you have only one server on +.Dq tcp4 , +IPv4 traffic will be routed to the server. +IPv6 traffic will not be accepted. +.It +If you have two servers on +.Dq tcp4 +and +.Dq tcp6 , +IPv4 traffic will be routed to the server on +.Dq tcp4 , +and IPv6 traffic will go to server on +.Dq tcp6 . +.It +If you have only one server on +.Dq tcp6 , +only IPv6 traffic will be routed to the server. +.El +.Sh FILES +.Bl -tag -width /etc/examples/inetd.conf -compact +.It Pa /etc/inetd.conf +.It Pa /etc/examples/inetd.conf +.El +.Sh SEE ALSO +.Xr comsat 8 , +.Xr fingerd 8 , +.Xr ftp-proxy 8 , +.Xr ftpd 8 , +.Xr identd 8 , +.Xr talkd 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 . +Support for Sun-RPC +based services is modelled after that +provided by SunOS 4.1. +IPv6 support was added by the KAME project in 1999. +.Sh BUGS +Host address specifiers, while they make conceptual sense for RPC +services, do not work entirely correctly. +This is largely because the +portmapper interface does not provide a way to register different ports +for the same service on different local addresses. +Provided you never +have more than one entry for a given RPC service, everything should +work correctly. +(Note that default host address specifiers do apply to +RPC lines with no explicit specifier.) diff --git a/static/openbsd/man8/init.8 b/static/openbsd/man8/init.8 new file mode 100644 index 00000000..16a02bf6 --- /dev/null +++ b/static/openbsd/man8/init.8 @@ -0,0 +1,329 @@ +.\" $OpenBSD: init.8,v 1.50 2018/01/16 15:57:51 cheloha Exp $ +.\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Donn Seeley at Berkeley Software Design, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)init.8 8.6 (Berkeley) 5/26/95 +.\" +.Dd $Mdocdate: January 16 2018 $ +.Dt INIT 8 +.Os +.Sh NAME +.Nm init +.Nd process control initialization +.Sh SYNOPSIS +.Nm init +.Op Fl fs +.Sh DESCRIPTION +The +.Nm +program +is the last stage of the boot process. +It normally executes the sequence of events described in +.Xr rc 8 +and begins multi-user operation. +.Pp +The kernel may pass the following options to +.Nm , +usually when requested by the +.Xr boot 8 +program: +.Bl -tag -width Ds +.It Fl f +Activate fastboot mode. +This is not currently supported by the +.Ox +kernel. +Instead, use the +.Pa /fastboot +file as explained in the +.Xr rc 8 +manual. +.It Fl s +Boot directly into single-user mode. +.El +.Pp +Single-user mode is also entered if the boot scripts fail. +.Pp +In single-user mode, the +.Xr rc 8 +script is not run and normal daemons are not started, +but instead a super-user shell is started on the system console. +If the +.Ar console +entry in the +.Xr ttys 5 +file does not contain the +.Dq secure +flag, then +.Nm +will require that the superuser password be +entered before the system will start a single-user shell. +The password check is skipped if the +.Ar console +is marked as +.Dq secure . +.Pp +In single-user mode, the system is quiescent for maintenance work and may +later be made to go to multi-user by exiting the +single-user shell (with ^D). +This +causes +.Nm +to run the +.Xr rc 8 +startup command file in fastboot mode (skipping disk checks). +.Pp +The kernel +.Xr securelevel 7 +is normally set to 0 while in single-user mode, and raised to 1 when +the system begins multi-user operations. +This action will not take +place if the securelevel is \-1, and can be modified via the +.Pa /etc/rc.securelevel +script. +.Pp +In multi-user operation, +.Nm +maintains +processes for the terminal ports found in the file +.Xr ttys 5 . +.Nm +reads this file, and executes the command found in the second field. +This command is usually +.Xr getty 8 ; +.Em getty +opens and initializes the tty line +and +executes the +.Em login +program. +The +.Em login +program, when a valid user logs in, +executes a shell for that user. +When this shell dies, either because the user logged out +or an abnormal termination occurred (a signal), +the +.Nm +program wakes up, deletes the user +from the +.Xr utmp 5 +file of current users and records the logout in the +.Em wtmp +file. +The cycle is +then restarted by +.Nm +executing a new +.Em getty +for the line. +.Pp +Line status (on, off, secure, getty, or window information) +may be changed in the +.Em ttys +file without a reboot by sending the signal +.Dv SIGHUP +to +.Nm +with the command +.Dq Li "kill \-s HUP 1" . +On receipt of this signal, +.Nm +re-reads the +.Em ttys +file. +When a line is turned off in +.Em ttys , +.Nm +will send a +.Dv SIGHUP +signal to the controlling process +for the session associated with the line. +For any lines that were previously turned off in the +.Em ttys +file and are now on, +.Nm +executes a new +.Em getty +to enable a new login. +If the getty or window field for a line is changed, +the change takes effect at the end of the current +login session (e.g., the next time +.Nm +starts a process on the line). +If a line is commented out or deleted from +.Em ttys , +.Nm +will not do anything at all to that line. +However, it will complain that the relationship between lines +in the +.Em ttys +file and records in the +.Em utmp +file is out of sync, +so this practice is not recommended. +.Pp +.Nm +will terminate multi-user operations and resume single-user mode +if sent a terminate +.Pq Dv TERM +signal, for example, +.Dq Li "kill \-s TERM 1" . +If there are processes outstanding that are deadlocked (because of +hardware or software failure), +.Nm +will not wait for them all to die (which might take forever), but +will time out after 30 seconds and print a warning message. +.Pp +.Nm +will cease creating new +.Xr getty 8 +and allow the system to slowly die away, if it is sent a terminal stop +.Pq Dv TSTP +signal, i.e., +.Dq Li "kill \-s TSTP 1" . +A later hangup will resume full +multi-user operations, or a terminate will start a single-user shell. +This hook is used by +.Xr reboot 8 +and +.Xr halt 8 . +.Pp +.Nm +will terminate multi-user operations, kill all +.Xr getty 8 , +and run +.Pa /etc/rc.shutdown +if a user-defined signal 1 +.Pq Dv USR1 , +user-defined signal 2 +.Pq Dv USR2 , +or interrupt +.Pq Dv INT +signal is received. +Following this, +.Dv USR1 +will halt the system; +.Dv USR2 +will request a powerdown; and +.Dv INT +will cause a reboot. +.Pa /etc/rc.shutdown +can specify that a powerdown is requested instead of the action +specified by the signal. +.Pp +The role of +.Nm +is so critical that if it dies, the system will reboot itself +automatically. +If, at bootstrap time, the +.Nm +process cannot be located, the system will panic with the message +.Dq panic: "init died (signal %d, exit %d)" . +.Sh RESOURCES +When +.Nm +spawns a process it sets the process priority, umask, and resource +limits based on +.Pa /etc/login.conf . +When starting the +.Xr rc 8 +files, the login class +.Dq daemon +is used. +When starting a window system or +.Xr getty 8 , +the login class +.Dq default +is used. +No resource changes are made when entering single-user mode. +.Sh FILES +.Bl -tag -width /etc/rc.securelevel -compact +.It Pa /dev/console +system console device +.It Pa /dev/tty* +terminal ports found in +.Em ttys +.It Pa /etc/rc +system startup commands +.It Pa /etc/rc.securelevel +commands that run before the security level changes +.It Pa /etc/rc.shutdown +script run at shutdown time +.It Pa /etc/ttys +terminal initialization information file +.It Pa /fastboot +tells +.Xr rc 8 +not to run +.Xr fsck 8 +during the next boot +.It Pa /var/run/utmp +record of users currently logged in +.It Pa /var/log/wtmp +record of all logins and logouts +.El +.Sh DIAGNOSTICS +.Bl -diag +.It "getty repeating too quickly on port %s, sleeping" +A process being started to service a line is exiting quickly +each time it is started. +This is often caused by a ringing or noisy terminal line. +.Em "Init will sleep for 30 seconds" , +.Em "then continue trying to start the process" . +.It "some processes would not die; ps axl advised." +A process +is hung and could not be killed when the system was shutting down. +This condition is usually caused by a process +that is stuck in a device driver because of +a persistent device error condition. +.El +.Sh SEE ALSO +.Xr kill 1 , +.Xr login 1 , +.Xr sh 1 , +.Xr fbtab 5 , +.Xr login.conf 5 , +.Xr ttys 5 , +.Xr securelevel 7 , +.Xr crash 8 , +.Xr getty 8 , +.Xr halt 8 , +.Xr rc 8 , +.Xr rc.shutdown 8 , +.Xr reboot 8 , +.Xr shutdown 8 +.Sh HISTORY +An +.Nm +command appeared in +.At v1 . diff --git a/static/openbsd/man8/installboot.8 b/static/openbsd/man8/installboot.8 new file mode 100644 index 00000000..a16593d0 --- /dev/null +++ b/static/openbsd/man8/installboot.8 @@ -0,0 +1,134 @@ +.\" $OpenBSD: installboot.8,v 1.11 2010/03/06 16:16:42 jmc Exp $ +.\" $NetBSD: installboot.8,v 1.2 1997/04/06 08:41:11 cgd Exp $ +.\" +.\" Copyright (c) 1996, 1997 Christopher G. Demetriou. All rights reserved. +.\" Copyright (c) 1995 Paul Kranenburg +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Paul Kranenburg. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 6 2010 $ +.Dt INSTALLBOOT 8 alpha +.Os +.Sh NAME +.Nm installboot +.Nd install disk bootstrap software +.Sh SYNOPSIS +.Nm installboot +.Op Fl nv +.Ar boot +.Ar bootxx +.Ar rawdiskdevice +.Sh DESCRIPTION +The +.Nm installboot +utility prepares a disk for bootstrapping. +.Pp +The OpenBSD/alpha disk bootstrap software is split into two parts: +a small first-stage boot program that is written into the disklabel +area of a disk +.Po +and hence is limited in size to 7680 bytes +.Pc , +and a second-stage boot program that resides in the filesystem proper +.Po +typically with the name +.Pa /boot +.Pc . +The first-stage boot program is loaded into memory by the SRM console +software. +After receiving control of the system, it loads the second-stage boot +program from a set of filesystem block numbers that have been +hard-coded into it by +.Nm installboot . +The second-stage boot program locates and loads the kernel. +.Pp +The second-stage boot program and the prototype code for the +first-stage boot program can be found in +.Pa /usr/mdec/boot +and +.Pa /usr/mdec/bootxx , +respectively. +.Pa /usr/mdec/boot +may be installed simply by copying it to the root directory of the +partition you wish to boot from, but after it is installed +.Nm installboot +.Em must +be run. +.Pp +The options recognized by +.Nm installboot +are as follows: +.Bl -tag -width flag +.It Fl n +Do not actually write anything on the disk. +.It Fl v +Verbose mode. +.El +.Pp +The arguments are: +.Bl -tag -width rawdiskdevice +.It Ar boot +The name of the second-stage boot program in the file system +where the first-stage boot program is to be installed. +.It Ar bootxx +The name of the prototype file for the first-stage boot program. +.It Ar rawdiskdevice +The name of the device corresponding to the raw whole-disk partition (the +.Dq raw partition ) +of the disk on which the first-stage boot program is to be installed. +.El +.Sh EXAMPLES +.Pa boot +resides in the FFS file system mounted on +.Pa / +from +.Dq sd0a , +you would install the first-stage boot program on the disk +(and therefore make the disk bootable) by using the command: +.Bd -literal -offset indent +# cp /usr/mdec/boot /boot +# /usr/mdec/installboot -n -v /boot /usr/mdec/bootxx /dev/rsd0c +.Ed +.Pp +And if the information supplied looks right, run the above without the +.Fl n +flag. +.Sh SEE ALSO +.Xr disklabel 8 , +.Xr init 8 , +.Xr sysctl 8 +.Sh HISTORY +The alpha +.Nm +command first appeared in +.Nx 1.2 . +.Sh BUGS +The OpenBSD/alpha boot blocks can only load kernels from disks' +.Dq a +partitions. +(However, the second-stage boot program may be located on any FFS file system +partition on the disk.) diff --git a/static/openbsd/man8/iostat.8 b/static/openbsd/man8/iostat.8 new file mode 100644 index 00000000..6a9071f4 --- /dev/null +++ b/static/openbsd/man8/iostat.8 @@ -0,0 +1,202 @@ +.\" $OpenBSD: iostat.8,v 1.28 2022/09/17 11:39:09 jmc Exp $ +.\" $NetBSD: iostat.8,v 1.10 1996/10/25 18:21:57 scottr Exp $ +.\" +.\" Copyright (c) 1985, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)iostat.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: September 17 2022 $ +.Dt IOSTAT 8 +.Os +.Sh NAME +.Nm iostat +.Nd report I/O statistics +.Sh SYNOPSIS +.Nm iostat +.Op Fl CDdIT +.Op Fl c Ar count +.Op Fl M Ar core +.Op Fl N Ar system +.Op Fl w Ar wait +.Op Ar drives +.Sh DESCRIPTION +.Nm +displays kernel I/O statistics on terminal, disk and CPU operations. +By default, +.Nm +displays one line of statistics averaged over the machine's run time. +The +.Fl I +option causes +.Nm iostat +to print raw, unaveraged values. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C +Show CPU statistics. +This is enabled by default unless the +.Fl D , +.Fl d , +or +.Fl T +flags are used. +.It Fl c Ar count +Repeat the display +.Ar count +times. +Unless the +.Fl I +flag is in effect, the first display is for the time since a reboot and +each subsequent report is for the time period since the last display. +Unless overridden by the +.Fl w +option, the wait interval between lines is 1 second. +.It Fl D +Show alternate disk statistics. +Displays kilobytes transferred, number of +transfers, and time spent in transfers. +Use of this flag disables the default display. +.It Fl d +Show disk statistics. +This is the default. +Displays kilobytes per +transfer, number of transfers, and megabytes transferred. +Use of this flag disables display of CPU and tty statistics. +.It Fl I +Show the running total values, rather than an average. +.It Fl M Ar core +Extract values associated with the name list from the specified +.Ar core +instead of the default +.Pa /dev/mem . +.It Fl N Ar system +Extract the name list from the specified +.Ar system +instead of the default +.Dq Pa /bsd . +.It Fl T +Show tty statistics. +This is enabled by default unless the +.Fl C , +.Fl D , +or +.Fl d +flags are used. +.It Fl w Ar wait +Pause +.Ar wait +seconds between each display. +Unless a +.Ar count +is specified via the +.Fl c +option, +.Nm +will display output until it is interrupted. +.El +.Pp +.Nm +displays its information in the following format: +.Bl -tag -width flag +.It tty +.Bl -tag -width indent -compact +.It tin +characters read from terminals +.It tout +characters written to terminals +.El +.It disks +Disk operations. +The header of the field is the disk name and unit number. +If more than four disk drives are configured in the system, +.Nm +displays only the first four drives. +To force +.Nm +to display specific drives, their names may be supplied on the command +line. +.Pp +.Bl -tag -width indent -compact +.It KB/t +Kilobytes transferred per disk transfer +.It t/s +Transfers per second +.It MB/s +Megabytes transferred per second +.El +.Pp +The alternate display format, selected with +.Fl D , +presents the following values: +.Pp +.Bl -tag -width indent -compact +.It KB +Kilobytes transferred +.It xfr +Disk transfers +.It time +Seconds spent in disk activity +.El +.It cpu +.Bl -tag -width indent -compact +.It \&us +% of CPU time in user mode +.It \&ni +% of CPU time in user mode running niced processes +.It \&sy +% of CPU time in system mode +.It \&sp +% of CPU time spent spinning +.It \&in +% of CPU time processing interrupts +.It \&id +% of CPU time in idle mode +.El +.El +.Sh FILES +.Bl -tag -width /dev/mem -compact +.It Pa /bsd +default kernel namelist +.It Pa /dev/mem +default memory file +.El +.Sh SEE ALSO +.Xr fstat 1 , +.Xr netstat 1 , +.Xr nfsstat 1 , +.Xr ps 1 , +.Xr systat 1 , +.Xr top 1 , +.Xr pstat 8 , +.Xr vmstat 8 +.Pp +The sections starting with +.Dq Interpreting system activity +in +.%T "Installing and Operating 4.3BSD" . diff --git a/static/openbsd/man8/ipsecctl.8 b/static/openbsd/man8/ipsecctl.8 new file mode 100644 index 00000000..5e24efbf --- /dev/null +++ b/static/openbsd/man8/ipsecctl.8 @@ -0,0 +1,122 @@ +.\" $OpenBSD: ipsecctl.8,v 1.29 2017/11/20 10:51:24 mpi Exp $ +.\" +.\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 20 2017 $ +.Dt IPSECCTL 8 +.Os +.Sh NAME +.Nm ipsecctl +.Nd control flows for IPsec +.Sh SYNOPSIS +.Nm ipsecctl +.Op Fl cdFkmnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl i Ar fifo +.Op Fl s Ar modifier +.Sh DESCRIPTION +The +.Nm +utility controls flows that determine which packets are to be processed by +IPsec. +It allows ruleset configuration, and retrieval of status information from the +kernel's SPD (Security Policy Database) and SAD (Security Association +Database). +It also can control +.Xr isakmpd 8 +and establish tunnels using automatic keying with +.Xr isakmpd 8 . +The ruleset grammar is described in +.Xr ipsec.conf 5 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c +Use in combination with the +.Fl s +option to collapse flow output. +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the ruleset. +.It Fl d +When the +.Fl d +option is set, specified flows will be deleted from the SPD. +Otherwise, +.Nm +will add flows. +.It Fl F +The +.Fl F +option flushes the SPD and the SAD. +.It Fl f Ar file +Load the rules contained in +.Ar file . +.It Fl i Ar fifo +If given, the +.Fl i +option specifies an alternate FIFO instead of +.Pa /var/run/isakmpd.fifo , +used to talk to +.Xr isakmpd 8 . +.It Fl k +Show secret keying material when printing the active SAD entries. +.It Fl m +Continuously display all +.Dv PF_KEY +messages exchanged with the kernel. +.It Fl n +Do not actually load rules, just parse them. +.It Fl s Ar modifier +Show the kernel's databases, specified by +.Ar modifier +(may be abbreviated): +.Pp +.Bl -tag -width xxxxxxxxxxxxx -compact +.It Fl s Cm flow +Show the ruleset loaded into the SPD. +.It Fl s Cm sa +Show the active SAD entries. +.It Fl s Cm all +Show all of the above. +.El +.It Fl v +Produce more verbose output. +A second use of +.Fl v +will produce even more verbose output. +.El +.Sh SEE ALSO +.Xr ipsec 4 , +.Xr tcp 4 , +.Xr ipsec.conf 5 , +.Xr isakmpd 8 +.\" .Sh STANDARDS +.\" .Sh HISTORY +.\" .Sh AUTHORS +.\" .Sh CAVEATS +.\" .Sh BUGS +.Sh HISTORY +The +.Nm ipsecctl +program first appeared in +.Ox 3.8 . diff --git a/static/openbsd/man8/isakmpd.8 b/static/openbsd/man8/isakmpd.8 new file mode 100644 index 00000000..7f6a6e3d --- /dev/null +++ b/static/openbsd/man8/isakmpd.8 @@ -0,0 +1,827 @@ +.\" $OpenBSD: isakmpd.8,v 1.123 2019/08/30 17:51:47 jmc Exp $ +.\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $ +.\" +.\" Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. +.\" All rights reserved. +.\" Copyright (c) 1999 Angelos D. Keromytis. All rights reserved. +.\" Copyright (c) 2001, 2002 Håkan Olsson. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" This code was written under funding by Ericsson Radio Systems. +.\" +.\" Manual page, using -mandoc macros +.\" +.Dd $Mdocdate: August 30 2019 $ +.Dt ISAKMPD 8 +.Os +.Sh NAME +.Nm isakmpd +.Nd ISAKMP/Oakley a.k.a. IKEv1 key management daemon +.Sh SYNOPSIS +.Nm isakmpd +.Op Fl 46adKLnSTv +.Op Fl c Ar config-file +.Op Fl D Ar class Ns = Ns Ar level +.Op Fl f Ar fifo +.Op Fl i Ar pid-file +.Op Fl l Ar packetlog-file +.Op Fl N Ar udpencap-port +.Op Fl p Ar listen-port +.Op Fl R Ar report-file +.Sh DESCRIPTION +The +.Nm +daemon establishes Security Associations (SAs) for encrypted +and/or authenticated network traffic. +At this moment, and probably forever, this means +.Xr ipsec 4 +traffic. +Traditionally, +.Nm +was configured using the +.Xr isakmpd.conf 5 +file format. +A newer, much simpler format is now available: +.Xr ipsec.conf 5 . +.Pp +.Nm +implements the IKEv1 protocol which is defined in the standards +ISAKMP/Oakley (RFC 2408), IKE (RFC 2409), and the Internet DOI (RFC 2407). +The newer IKEv2 protocol, +as defined in RFC 5996, +is not supported by +.Nm +but by +.Xr iked 8 . +It follows then that references to IKE in this document +pertain to IKEv1 only, +and not IKEv2. +.Pp +The way +.Nm +goes about its work is by maintaining an internal configuration +as well as a policy database which describes what kinds of SAs to negotiate, +and by listening for different events that trigger these negotiations. +The events that control +.Nm +consist of negotiation initiations from a remote party, user input via +a FIFO or by signals, upcalls from the kernel via a +.Dv PF_KEY +socket, and lastly by scheduled events triggered by timers running out. +.Pp +Most uses of +.Nm +will be to implement so called "virtual private networks" (VPNs). +The ability to provide redundancy is made available through +.Xr carp 4 +and +.Xr sasyncd 8 . +For other uses, some more knowledge of IKEv1 as a protocol is required. +The RFCs mentioned below are a possible starting point. +.Pp +On startup +.Nm +forks into two processes for privilege separation. +The unprivileged child jails itself with +.Xr chroot 8 +to +.Pa /var/empty . +The privileged process communicates with the child, reads configuration files +and PKI information, and binds to privileged ports on its behalf. +See the +.Sx CAVEATS +section below. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 | 6 +These options control what address family +.Pf ( Dv AF_INET +and/or +.Dv AF_INET6 ) +.Nm +will use. +The default is to use both IPv4 and IPv6. +.It Fl a +If given, +.Nm +does not set up flows automatically. +Instead manual flows may be configured using +.Xr ipsec.conf 5 +or by programs such as +.Xr bgpd 8 . +Thus +.Nm +only takes care of SA establishment. +.It Fl c Ar config-file +If given, the +.Fl c +option specifies an alternate configuration file instead of +.Pa /etc/isakmpd/isakmpd.conf . +As this file may contain sensitive information, it must be readable +only by the user running the daemon. +.Nm +will reread the configuration file when sent a +.Dv SIGHUP +signal. +.Pp +Note that this option applies only to configuration files in the +.Xr isakmpd.conf 5 +format, not those in the +.Xr ipsec.conf 5 +format. +.It Fl D Ar class Ns = Ns Ar level +Debugging class. +It's possible to specify this argument many times. +It takes a parameter of the form +.Ar class Ns = Ns Ar level , +where both +.Ar class +and +.Ar level +are numbers. +.Ar class +denotes a debugging class, and +.Ar level +the level you want that debugging class to +limit debug printouts at (i.e. all debug printouts above the level specified +will not output anything). +If +.Ar class +is set to +.Sq A , +then all debugging classes are set to the specified level. +.Pp +Valid values for +.Ar class +are as follows: +.Pp +.Bl -tag -width 2n -offset indent -compact +.It 0 +Misc +.It 1 +Transport +.It 2 +Message +.It 3 +Crypto +.It 4 +Timer +.It 5 +Sysdep +.It 6 +SA +.It 7 +Exchange +.It 8 +Negotiation +.It 9 +Policy +.It 10 +FIFO user interface +.It A +All +.El +.Pp +Currently used values for +.Ar level +are 0 to 99. +.It Fl d +The +.Fl d +option is used to make the daemon run in the foreground, logging to stderr. +.It Fl f Ar fifo +The +.Fl f +option specifies the FIFO +(a.k.a. named pipe) where the daemon listens for +user requests. +If the path given is a dash +.Pq Sq \&- , +.Nm +will listen to stdin instead. +.It Fl i Ar pid-file +By default the PID of the daemon process will be written to +.Pa /var/run/isakmpd.pid . +This path can be overridden by specifying another one as the argument to the +.Fl i +option. +Note that only paths beginning with +.Pa /var/run +are allowed. +.It Fl K +When this option is given, +.Nm +does not read the policy configuration file and no +.Xr keynote 4 +policy check is accomplished. +This option can be used when policies for flows and SA establishment are +arranged by other programs like +.Xr ipsecctl 8 +or +.Xr bgpd 8 . +.It Fl L +Enable IKE packet capture. +When this option is given, +.Nm +will write an unencrypted copy of the negotiation packets it +is sending and receiving to the file +.Pa /var/run/isakmpd.pcap , +which can later be read by +.Xr tcpdump 8 +and other utilities using +.Xr pcap_open_offline 3 . +.It Fl l Ar packetlog-file +As option +.Fl L +above, but capture to a specified file. +Note that only paths beginning with +.Pa /var/run +are allowed. +.It Fl N Ar udpencap-port +The +.Fl N +option specifies the listen port for encapsulated UDP +that the daemon will bind to. +.It Fl n +When the +.Fl n +option is given, the kernel will not take part in the negotiations. +This is a non-destructive mode, so to speak, in that it won't alter any +SAs in the IPsec stack. +.It Fl p Ar listen-port +The +.Fl p +option specifies the listen port the daemon will bind to. +.It Fl R Ar report-file +When you signal +.Nm +a +.Dv SIGUSR1 , +it will report its internal state to a report file, normally +.Pa /var/run/isakmpd.report , +but this can be changed by feeding +the file name as an argument to the +.Fl R +flag. +Note that only paths beginning with +.Pa /var/run +are allowed. +.It Fl S +This option is used for setups using +.Xr sasyncd 8 +and +.Xr carp 4 +to provide redundancy. +.Nm +starts in passive mode and will not initiate any connections +or process any incoming traffic until +sasyncd has determined that the host is the carp master. +Additionally, +.Nm +will not delete SAs on shutdown +by sending delete messages to all peers. +.It Fl T +When this option is given, NAT-Traversal will be disabled and +.Nm +will not advertise support for NAT-Traversal to its peers. +.It Fl v +Enables verbose logging. +Normally, +.Nm +is silent and outputs only messages when a warning or an error occurs. +With verbose logging +.Nm +reports successful completion of phase 1 (Main and Aggressive) and phase 2 +(Quick) exchanges (Information and Transaction exchanges do not generate any +additional status information). +.El +.Sh THE FIFO USER INTERFACE +When +.Nm +starts, it creates a FIFO (named pipe) where it listens for user +requests. +All commands start with a single letter, followed by command-specific options. +Available commands are: +.Pp +.Bl -tag -width Ds -compact +.It Ic C add Oo Ar section Oc : Ns Ar tag Ns = Ns Ar value +.It Ic C rmv Oo Ar section Oc : Ns Ar tag Ns = Ns Ar value +.It Ic C rm Oo Ar section Oc : Ns Ar tag +.It Ic C rms Op Ar section +.It Ic C set Oo Ar section Oc : Ns Ar tag Ns = Ns Ar value Op Ic force +Update the running +.Nm +configuration atomically. +.Sq set +sets a configuration value consisting of a section, tag, and value triplet. +.Sq set +will fail if the configuration already contains a section with the named tag; +use the +.Sq force +option to change this behaviour. +.Sq add +appends a configuration value to the named configuration list tag, +unless the value is already in the list. +.Sq rm +removes a tag in a section. +.Sq rms +removes an entire section. +.Sq rmv +removes an entry from a list, thus reversing an +.Sq add +operation. +.Pp +NOTE: Sending +.Nm +a +.Dv SIGHUP +or an "R" through the FIFO will void any updates done to the configuration. +.Pp +.It Ic C get Oo Ar section Oc : Ns Ar tag +Get the configuration value of the specified section and tag. +The result is stored in +.Pa /var/run/isakmpd.result . +.Pp +.It Ic c Ar name +Start the named connection, if stopped or inactive. +.Pp +.It Ic D Ar class level +.It Ic D A Ar level +.It Ic D T +Set debug class +.Ar class +to level +.Ar level . +If +.Ar class +is specified as +.Sq A , +the level applies to all debug classes. +.Ic D T +toggles all debug classes to level zero. +Another +.Ic D T +command will toggle them back to the earlier levels. +.Pp +.It Ic d Ar cookies msgid +Delete the specified SA from the system. +Specify +.Ar msgid +as +.Sq - +to match a Phase 1 SA. +.Pp +.It Ic M active +.It Ic M passive +Set +.Nm +to active or passive mode. +In passive mode no packets are sent to peers. +.Pp +.It Ic p on Ns Op = Ns Ar path +.It Ic p off +Enable or disable cleartext IKE packet capture. +When enabling, optionally specify which file +.Nm +should capture the packets to +(the default is +.Pa /var/run/isakmpd.pcap ) . +Note that only paths beginning with +.Pa /var/run +are allowed. +.Pp +.It Ic Q +Cleanly shutdown the daemon, as when sent a +.Dv SIGTERM +signal. +.Pp +.It Ic R +Reinitialize +.Nm isakmpd , +as when sent a +.Dv SIGHUP +signal. +.Pp +.It Ic r +Report +.Nm +internal state to +.Xr syslog 3 . +See the +.Fl R +option. +Same as when sent a +.Dv SIGUSR1 +signal. +.Pp +.It Ic S +Report information on all known SAs to the +.Pa /var/run/isakmpd.result +file. +.Pp +.It Ic T +Tear down all active quick mode connections. +.Pp +.It Ic t Oo Ar phase Oc Ar name +Tear down the named connection, if active. +For +.Ar name , +the tag specified in +.Xr isakmpd.conf 5 +or the IP address of the remote host can be used. +The optional parameter +.Ar phase +specifies whether to delete a phase 1 or phase 2 SA. +The value +.Sq main +indicates a phase 1 connection; +the value +.Sq quick +a phase 2 connection. +If no phase is specified, +.Sq quick +will be assumed. +.El +.Sh SETTING UP AN IKE PUBLIC KEY INFRASTRUCTURE (PKI) +In order to use public key based authentication, there has to be an +infrastructure managing the key signing. +Either there is an already existing PKI +.Nm +should take part in, or there will be a need to set one up. +The procedures for using a pre-existing PKI varies depending on the +actual Certificate Authority (CA) used, and is therefore not covered here, +other than mentioning that +.Xr openssl 1 +needs to be used to create a Certificate Signing Request (CSR) that the +CA understands. +.Pp +A number of methods exist to allow authentication: +.Bl -ohang -offset indent +.It Passphrase: +This method does not use keys at all, but relies on a shared passphrase. +.It Host Keys: +Public keys are used to authenticate. +See +.Sx PUBLIC KEY AUTHENTICATION +below. +.It X.509 Certificates: +X.509 Certificates are used to authenticate. +See +.Sx X.509 AUTHENTICATION +below. +.It Keynote Certificates: +Keynote Certificates are used to authenticate. +See +.Sx KEYNOTE AUTHENTICATION +below. +.El +.Pp +When configuring +.Nm +for key- and certificate-based authentication, +the +.Dq Transforms +tag in +.Xr isakmpd.conf 5 +should include +.Dq RSA_SIG . +For example, the transform +.Dq 3DES-SHA-RSA_SIG +means: +3DES encryption, SHA hash, authentication using RSA signatures. +.Sh PUBLIC KEY AUTHENTICATION +It is possible to store trusted public keys to make them directly +usable by +.Nm , +bypassing the need to use certificates. +The keys should be saved in PEM format (see +.Xr openssl 1 ) +and named and stored after this easy formula: +.Pp +.Bl -tag -width "for_ufqdn_identitiesXX" -offset 3n -compact +.It For IPv4 identities: +.Pa /etc/isakmpd/pubkeys/ipv4/A.B.C.D +.It For IPv6 identities: +.Pa /etc/isakmpd/pubkeys/ipv6/abcd:abcd::ab:bc +.It For FQDN identities: +.Pa /etc/isakmpd/pubkeys/fqdn/foo.bar.org +.It For UFQDN identities: +.Pa /etc/isakmpd/pubkeys/ufqdn/user@foo.bar.org +.El +.Pp +Depending on the +.Dv ID-type +field of +.Xr isakmpd.conf 5 , +keys may be named after their IPv4 address (IPV4_ADDR or IPV4_ADDR_SUBNET), +IPv6 address (IPV6_ADDR or IPV6_ADDR_SUBNET), +fully qualified domain name (FDQN), +user fully qualified domain name (USER_FQDN), +or key ID (KEY_ID). +.Pp +For example, +.Nm +can authenticate using the pre-generated keys if the local public key, +by default +.Pa /etc/isakmpd/local.pub , +is copied to the remote gateway as +.Pa /etc/isakmpd/pubkeys/ipv4/local.gateway.ip.address +and the remote gateway's public key +is copied to the local gateway as +.Pa /etc/isakmpd/pubkeys/ipv4/remote.gateway.ip.address . +Of course, new keys may also be generated +(the user is not required to use the pre-generated keys). +In this example, +.Dv ID-type +would also have to be set to IPV4_ADDR or IPV4_ADDR_SUBNET +in +.Xr isakmpd.conf 5 . +.Sh X.509 AUTHENTICATION +X.509 is a framework for public key certificates. +Certificates can be generated using +.Xr openssl 1 +and provide a means for PKI authentication. +In the following example, a CA is created along with host certificates +to be signed by the CA. +.Bl -enum +.It +Create your own Certificate Authority (CA). +.Pp +First, create a private key for the CA, and a Certificate Signing Request +(CSR) to enable the CA to sign its own key: +.Bd -literal -offset indent +# openssl genrsa -out /etc/ssl/private/ca.key 2048 +# openssl req -new -key /etc/ssl/private/ca.key \e + -out /etc/ssl/private/ca.csr +.Ed +.Pp +.Ic openssl req +will prompt for information that will be incorporated +into the certificate request. +The information entered comprises a Distinguished Name (DN). +There are quite a few fields, but some can be left blank. +For some fields there will be a default value; if +.Sq \&. +is entered, the field will be left blank. +.Pp +After the CSR has been generated, it is used to create and sign +a certificate for the CA: +.Bd -literal -offset indent +# openssl x509 -req -days 365 -in /etc/ssl/private/ca.csr \e + -signkey /etc/ssl/private/ca.key \e + -extfile /etc/ssl/x509v3.cnf -extensions x509v3_CA \e + -out /etc/ssl/ca.crt +.Ed +.It +Create Certificate Signing Requests (CSRs) for IKE peers. +The CSRs are signed with a pre-generated private key. +.Pp +This step, as well as the next one, needs to be done for every peer. +Furthermore the last step will need to be done once for each ID you +want the peer to have. +The 10.0.0.1 below symbolizes that ID, in this case an IPv4 ID, +and should be changed for each invocation. +A fully qualified domain name (FQDN) may be used instead of an IPv4 ID. +You will be asked for a DN for each run. +Encoding the ID in the common name is recommended, as it should be unique. +.Bd -literal -offset indent +# openssl req -new -key /etc/isakmpd/private/local.key \e + -out /etc/isakmpd/private/10.0.0.1.csr +.Ed +.Pp +Now take these certificate signing requests to your CA and process +them as below. +A configuration file is used to add a +.Em subjectAltName +extension field matching the ID used by +.Nm +to the certificate. +.Pp +If using an IPv4 ID, copy +.Pa /etc/ssl/x509v3.cnf +to a temporary file and edit it to replace +.Dv $ENV::CERTIP +with the IP address (10.0.0.1 in this example), then generate a signed +certificate: +.Bd -literal -offset indent +# sed 's,\\$ENV::CERTIP,10.0.0.1,' \e + < /etc/ssl/x509v3.cnf > ~/tmp_x509v3.cnf +# openssl x509 -req \e + -days 365 -in 10.0.0.1.csr \e + -CA /etc/ssl/ca.crt -CAkey /etc/ssl/private/ca.key \e + -CAcreateserial -extfile ~/tmp_x509v3.cnf \e + -extensions x509v3_IPAddr -out 10.0.0.1.crt +.Ed +.Pp +For an FQDN certificate, replace +.Dv $ENV::CERTFQDN +with the hostname and generate a signed certificate: +.Bd -literal -offset indent +# sed 's,\\$ENV::CERTFQDN,somehost.somedomain,' \e + < /etc/ssl/x509v3.cnf > ~/tmp_x509v3.cnf +# openssl x509 -req \e + -days 365 -in somehost.somedomain.csr \e + -CA /etc/ssl/ca.crt -CAkey /etc/ssl/private/ca.key \e + -CAcreateserial -extfile ~/tmp_x509v3.cnf \e + -extensions x509v3_FQDN -out somehost.somedomain.crt +.Ed +.Pp +If CERTFQDN is being used, +make sure that the +.Va subjectAltName +field of the certificate is specified using +.Ic srcid +in +.Xr ipsec.conf 5 . +A similar setup will be required if +.Xr isakmpd.conf 5 +is being used instead. +.Pp +Put the certificate (the file ending in .crt) in +.Pa /etc/isakmpd/certs/ +on your local system. +Also carry over the CA cert +.Pa /etc/ssl/ca.crt +and put it in +.Pa /etc/isakmpd/ca/ . +.El +.Pp +To revoke certificates, create a Certificate Revocation List (CRL) file +and install it in the +.Pa /etc/isakmpd/crls/ +directory. +See +.Xr openssl 1 +and the +.Sq crl +subcommand for more info. +.Sh KEYNOTE AUTHENTICATION +Keynote is a trust-management framework. +Keys can be generated using +.Xr keynote 1 +and provide an alternative means for +.Nm +to authenticate. +See +.Xr keynote 4 +for further information. +.Sh FILES +.Bl -tag -width Ds +.It Pa /etc/isakmpd/ca/ +The directory where CA certificates are kept. +.It Pa /etc/isakmpd/certs/ +The directory where IKE certificates are kept, both the local +certificate(s) and those of the peers, if a choice to have them kept +permanently has been made. +.It Pa /etc/isakmpd/crls/ +The directory where CRLs are kept. +.It Pa /etc/isakmpd/isakmpd.conf +The configuration file. +As this file can contain sensitive information +it must not be readable by anyone but the user running +.Nm . +.It Pa /etc/isakmpd/isakmpd.policy +The keynote policy configuration file. +The same mode requirements as +.Pa isakmpd.conf . +.It Pa /etc/isakmpd/keynote/ +The directory where KeyNote credentials are kept. +.It Pa /etc/isakmpd/private/ +The directory where local private keys used for public key authentication +are kept. +By default, the system startup script +.Xr rc 8 +generates a key-pair when starting, if one does not already exist. +The entire keypair is in +.Pa local.key , +and a copy of the public key suitable for transferring to other hosts +is extracted into +.Pa /etc/isakmpd/local.pub . +There has to be a certificate for +.Pa local.key +in the certificate directory, +.Pa /etc/isakmpd/certs/ . +.Pa local.key +has the same mode requirements as +.Pa isakmpd.conf . +.It Pa /etc/isakmpd/pubkeys/ +The directory in which trusted public keys are kept. +The keys must be named in the fashion described above. +.It Pa /var/run/isakmpd.fifo +The FIFO used to manually control +.Nm isakmpd . +.It Pa /var/run/isakmpd.pcap +The default IKE packet capture file. +.It Pa /var/run/isakmpd.pid +The PID of the current daemon. +.It Pa /var/run/isakmpd.report +The report file written when +.Dv SIGUSR1 +is received. +.It Pa /var/run/isakmpd.result +The report file written when the +.Sq S +or +.Sq "C get" +command is issued in the command FIFO. +.El +.Sh SEE ALSO +.Xr openssl 1 , +.Xr getnameinfo 3 , +.Xr pcap_open_offline 3 , +.Xr ipsec 4 , +.Xr ipsec.conf 5 , +.Xr isakmpd.conf 5 , +.Xr isakmpd.policy 5 , +.Xr iked 8 , +.Xr sasyncd 8 , +.Xr ssl 8 , +.Xr tcpdump 8 +.Sh STANDARDS +.Rs +.%A D. Piper +.%D November 1998 +.%R RFC 2407 +.%T The Internet IP Security Domain of Interpretation for ISAKMP +.Re +.Pp +.Rs +.%A D. Maughan +.%A M. Schertler +.%A M. Schneider +.%A J. Turner +.%D November 1998 +.%R RFC 2408 +.%T Internet Security Association and Key Management Protocol (ISAKMP) +.Re +.Pp +.Rs +.%A D. Harkins +.%A D. Carrel +.%D November 1998 +.%R RFC 2409 +.%T The Internet Key Exchange (IKE) +.Re +.Pp +.Rs +.%A T. Kivinen +.%A B. Swander +.%A A. Huttunen +.%A V. Volpe +.%D January 2005 +.%R RFC 3947 +.%T Negotiation of NAT-Traversal in the IKE +.Re +.Sh HISTORY +This implementation of the ISAKMP/Oakley key management protocol +was done in 1998 by Niklas Hallqvist and Niels Provos, +sponsored by Ericsson Radio Systems. +.Sh CAVEATS +When storing a trusted public key for an IPv6 identity, the +.Em most efficient +form of address representation, i.e. "::" instead of ":0:0:0:", +must be used or the matching will fail. +.Nm +uses the output from +.Xr getnameinfo 3 +for the address-to-name translation. +The privileged process only allows binding to the default port 500 or +unprivileged ports (>1024). +It is not possible to change the interfaces +.Nm +listens on without a restart. +.Pp +For redundant setups with +.Xr carp 4 +and +.Xr sasyncd 8 , +.Xr sasyncd 8 +must be manually restarted every time +.Nm +is restarted, and +.Xr isakmpd.conf 5 +must explicitly configure +.Nm +to listen on the virtual IP address of each +.Xr carp 4 +interface. diff --git a/static/openbsd/man8/iscsictl.8 b/static/openbsd/man8/iscsictl.8 new file mode 100644 index 00000000..48609b6d --- /dev/null +++ b/static/openbsd/man8/iscsictl.8 @@ -0,0 +1,79 @@ +.\" $OpenBSD: iscsictl.8,v 1.7 2021/05/05 12:34:12 claudio Exp $ +.\" +.\" Copyright (c) 2010 David Gwynne +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 5 2021 $ +.Dt ISCSICTL 8 +.Os +.Sh NAME +.Nm iscsictl +.Nd control the Internet SCSI (iSCSI) daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr iscsid 8 +daemon. +Commands may be abbreviated to the minimum unambiguous prefix. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/iscsid.sock +to communicate with +.Xr iscsid 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm reload +Reload the configuration file and wait to return until iscsid reports all +connections have completed (successfully or otherwise), or for up to 10 +seconds. +.It Cm show Op Cm summary +Show a list of all configured sessions. +.It Cm show Cm vscsi stats +Show statistics of +.Xr vscsi 4 +usage. +It shows how many calls were issued and how many bytes were read or written. +.El +.Sh FILES +.Bl -tag -width "/var/run/iscsid.sockXX" -compact +.It Pa /etc/iscsi.conf +Default +.Xr iscsid 8 +configuration file. +.It Pa /var/run/iscsid.sock +.Ux Ns -domain +socket used for communication with +.Xr iscsid 8 . +.El +.Sh SEE ALSO +.Xr iscsi.conf 5 , +.Xr iscsid 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.9 . diff --git a/static/openbsd/man8/iscsid.8 b/static/openbsd/man8/iscsid.8 new file mode 100644 index 00000000..c49b3502 --- /dev/null +++ b/static/openbsd/man8/iscsid.8 @@ -0,0 +1,93 @@ +.\" $OpenBSD: iscsid.8,v 1.11 2025/01/21 12:26:47 claudio Exp $ +.\" +.\" Copyright (c) 2010 David Gwynne +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 21 2025 $ +.Dt ISCSID 8 +.Os +.Sh NAME +.Nm iscsid +.Nd iSCSI (Internet SCSI) daemon +.Sh SYNOPSIS +.Nm +.Op Fl dv +.Op Fl n Ar device +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is an Internet SCSI +.Pq iSCSI +initiator implementation. +.Pp +.Nm +is usually started at boot time. +.Pp +A running +.Nm +can be controlled with the +.Xr iscsictl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl n Ar device +Use an alternate /dev entry for communicating with the kernel. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/iscsid.sockXX" -compact +.It Pa /etc/iscsi.conf +Default +.Nm +configuration file. +.It Pa /dev/vscsi0 +Default device used to exchange SCSI messages with the kernel midlayer. +.It Pa /var/run/iscsid.sock +.Ux Ns -domain +socket used for communication with +.Xr iscsictl 8 . +.El +.Sh SEE ALSO +.Xr vscsi 4 , +.Xr iscsi.conf 5 , +.Xr iscsictl 8 +.Sh STANDARDS +.Rs +.%D April 2004 +.%R RFC 3721 +.%T Internet Small Computer Systems Interface (iSCSI) Naming and Discovery +.Re +.Pp +.Rs +.%D April 2014 +.%R RFC 7143 +.%T Internet Small Computer System Interface (iSCSI) Protocol (Consolidated) +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.9 . +.Sh AUTHORS +.An Claudio Jeker Aq Mt claudio@openbsd.org . diff --git a/static/openbsd/man8/isoinfo.8 b/static/openbsd/man8/isoinfo.8 new file mode 100644 index 00000000..7473e530 --- /dev/null +++ b/static/openbsd/man8/isoinfo.8 @@ -0,0 +1,124 @@ +.\" +.\" $Id: isoinfo.8,v 1.1 2000/10/10 20:40:28 beck Exp $ +.\" +.\" -*- nroff -*- +.TH ISOINFO 8 "23 Feb 1997" "Version 1.12b5" +.SH NAME +isoinfo, isovfy, isodump \- Utility programs for dumping and verifying iso9660 +images. +.SH SYNOPSIS +.B isodump +.I isoimage +.PP +.B isoinfo +[ +.B \-R +] +[ +.B \-f +] +[ +.B \-l +] +[ +.B \-T +] +[ +.B \-N +] +[ +.B \-i +.I isoimage +] +[ +.B \-x +.I path +] +.PP +.B isovfy +.I isoimage +.SH DESCRIPTION +.B isodump +is a crude utility to interactively display the contents of iso9660 images +in order to verify directory integrity. The initial screen is a display +of the first part of the root directory, and the prompt shows you the +extent number and offset in the extent. You can use the 'a' and 'b' +commands to move backwards and forwards within the image. The 'g' command +allows you to goto an arbitrary extent, and the 'f' command specifies +a search string to be used. The '+' command searches forward for the next +instance of the search string, and the 'q' command exits +.B isodump. +.PP +.B isoinfo +is a utility to perform directory like listings of iso9660 images. +.PP +.B isovfy +is a utility to verify the integrity of an iso9660 image. Most of the tests +in +.B isovfy +were added after bugs were discovered in early versions of +.B mkisofs. +It isn't all that clear how useful this is anymore, but it doesn't hurt to +have this around. + +.SH OPTIONS +Only the +.B isoinfo +program has any command line options. These are: +.TP +.I -f +generate output as if a 'find . -print' command had been run on the iso9660 +image. You should not use the +.B -l +image with the +.B -f +option. +.TP +.I -i iso_image +Specifies the path of the iso9660 image that we wish to examine. +.TP +.I -l +generate output as if a 'ls -lR' command had been run on the iso9660 image. +You should not use the +.B -f +image with the +.B -l +option. +.TP +.I -N sector +Quick hack to help examine single session disc files that are to be written to +a multi-session disc. The sector number specified is the sector number at +which the iso9660 image should be written when send to the cd-writer. Not +used for the first session on the disc. +.TP +.I \-R +Extract information from Rock Ridge extensions (if present) for permissions, +file names and ownerships. +.TP +.I -T sector +Quick hack to help examine multi-session images that have already been burned +to a multi-session disc. The sector number specified is the sector number for +the start of the session we wish to display. +.TP +.I -x pathname +Extract specified file to stdout. +.SH AUTHOR +Eric Youngdale or is to blame +for these shoddy hacks. Patches to improve general usability would be +gladly accepted. +.SH BUGS +The user interface really sucks. +.SH FUTURE IMPROVEMENTS +These utilities are really quick hacks, which are very useful for debugging +problems in mkisofs or in an iso9660 filesystem. In the long run, it would +be nice to have a daemon that would NFS export a iso9660 image. +.PP +The isoinfo program is probably the program that is of the most use to +the general user. +.SH AVAILABILITY +These utilities come with the mkisofs package, and the primary ftp site +is tsx-11.mit.edu in /pub/linux/BETA/cdrom/mkisofs and many other mirror +sites. Despite the name, the software is not beta. +.SH SEE ALSO +mkisofs(8) + diff --git a/static/openbsd/man8/kbd.8 b/static/openbsd/man8/kbd.8 new file mode 100644 index 00000000..ae0d4dbe --- /dev/null +++ b/static/openbsd/man8/kbd.8 @@ -0,0 +1,81 @@ +.\" $OpenBSD: kbd.8,v 1.14 2026/01/03 08:54:25 helg Exp $ +.\" +.\" Copyright (c) 1996 Juergen Hannken-Illjes +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed for the NetBSD Project +.\" by Juergen Hannken-Illjes. +.\" 4. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 3 2026 $ +.Dt KBD 8 +.Os +.Sh NAME +.Nm kbd +.Nd set national keyboard translation +.Sh SYNOPSIS +.Nm kbd +.Fl l +.Nm kbd +.Op Fl q +.Ar name +.Sh DESCRIPTION +.Nm +is used to change the keyboard encoding. +The encoding is set to national keyboard layout +.Ar name , +and a short message is printed to stdout. +.Pp +The execution of +.Nm +normally occurs in the system multi-user initialization file +.Pa /etc/rc +using the encoding defined in +.Pa /etc/kbdtype . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl l +List all available keyboard encodings. +.It Fl q +Quiet mode. +No message is printed unless an error occurs. +.El +.Pp +The +.Dq .metaesc +option can be applied to any layout. +If set, keys pressed together with the ALT modifier are prefixed by an ESC +character. +(Standard behaviour is to add 128 to the ASCII value.) +.Sh FILES +.Bl -tag -width "/etc/kbdtypeXXX" +.It Pa /etc/kbdtype +Default national encoding. +.El +.Sh SEE ALSO +.Xr wskbd 4 , +.Xr wsconsctl 8 diff --git a/static/openbsd/man8/kgmon.8 b/static/openbsd/man8/kgmon.8 new file mode 100644 index 00000000..48dfe588 --- /dev/null +++ b/static/openbsd/man8/kgmon.8 @@ -0,0 +1,136 @@ +.\" $OpenBSD: kgmon.8,v 1.14 2016/09/25 23:31:50 deraadt Exp $ +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)kgmon.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: September 25 2016 $ +.Dt KGMON 8 +.Os +.Sh NAME +.Nm kgmon +.Nd generate a dump of the operating system's profile buffers +.Sh SYNOPSIS +.Nm kgmon +.Op Fl bhpr +.Op Fl c Ar cpuid +.Op Fl M Ar core +.Op Fl N Ar system +.Sh DESCRIPTION +.Nm kgmon +is a tool used when profiling the operating system. +When no arguments are supplied, +.Nm kgmon +indicates the state of per-CPU operating system profilings as +.Dq running , +.Dq off , +or +.Dq not configured +(see +.Xr config 8 ) . +If the +.Fl p +flag is specified, +.Nm kgmon +extracts profile data from the operating system and produces a file for each +CPU suitable for later analysis by +.Xr gprof 1 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b +Resume the collection of profile data. +.It Fl c Ar cpuid +Operate on the CPU specified by +.Pa cpuid , +instead of all of them. +.It Fl h +Stop the collection of profile data. +.It Fl M Ar core +Extract values associated with the name list from the specified +.Ar core +instead of the default +.Pa /dev/kmem . +.It Fl N Ar system +Extract the name list from the specified +.Ar system +instead of the default +.Pa /bsd . +.It Fl p +Dump the contents of the profile buffers into a +.Pa gmon-.out +file, where +.Dq id +is the ID of the CPU. +.It Fl r +Reset all the profile buffers. +If the +.Fl p +flag is also specified, the profile files are generated before the buffers are +reset. +.El +.Pp +If neither +.Fl b +nor +.Fl h +is specified, the state of profiling collection remains unchanged. +For example, if the +.Fl p +flag is specified and profile data is being collected, +profiling will be momentarily suspended, +the operating system profile buffers will be dumped, +and profiling will be immediately resumed. +.Pp +.Nm +requires the ability to open +.Pa /dev/kmem +which may be restricted based upon the value of the +.Ar kern.allowkmem +.Xr sysctl 8 . +.Sh FILES +.Bl -tag -width /dev/kmemx -compact +.It Pa /bsd +default system +.It Pa /dev/kmem +default memory +.El +.Sh DIAGNOSTICS +Users with only read permission on +.Pa /dev/kmem +cannot change the state +of profiling collection. +They can get profile files with the warning that the data may be inconsistent +if profiling is in progress. +.Sh SEE ALSO +.Xr gprof 1 , +.Xr config 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/kvm_mkdb.8 b/static/openbsd/man8/kvm_mkdb.8 new file mode 100644 index 00000000..6e00e305 --- /dev/null +++ b/static/openbsd/man8/kvm_mkdb.8 @@ -0,0 +1,85 @@ +.\" $OpenBSD: kvm_mkdb.8,v 1.12 2022/07/30 07:19:31 jsg Exp $ +.\" Copyright (c) 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)kvm_mkdb.8 8.1 (Berkeley) 6/9/93 +.\" +.Dd $Mdocdate: July 30 2022 $ +.Dt KVM_MKDB 8 +.Os +.Sh NAME +.Nm kvm_mkdb +.Nd create kernel database +.Sh SYNOPSIS +.Nm kvm_mkdb +.Op Fl v +.Op Fl o Ar directory +.Op Ar file +.Sh DESCRIPTION +.Nm kvm_mkdb +creates a database in +.Pa /var/db +containing information about the specified file. +If no file is specified, +.Pa /bsd +is used by default. +The file is named +.Pa kvm_filename.db , +where +.Ar filename +is the name of the file read. +Various library routines consult this database. +The only information currently stored is the kernel namelist, which is +used by the +.Xr kvm_nlist 3 +function. +However, in the future the database may contain other static +information about the current system. +.Pp +The options are as follows: +.Bl -tag -width "-o directory" +.It Fl o Ar directory +Allows the specification of a +.Ar directory +other than +.Pa /var/db +for the database to be created in. +.It Fl v +Yields slightly more verbose operation. +.El +.Sh FILES +.Bl -tag -width /var/db/kvm_bsd.db -compact +.It Pa /bsd +.It Pa /var/db/kvm_bsd.db +.El +.Sh SEE ALSO +.Xr kvm_nlist 3 +.Sh HISTORY +The +.Nm kvm_mkdb +utility first appeared in +.Bx 4.3 Reno . diff --git a/static/openbsd/man8/ldapctl.8 b/static/openbsd/man8/ldapctl.8 new file mode 100644 index 00000000..e1bd3637 --- /dev/null +++ b/static/openbsd/man8/ldapctl.8 @@ -0,0 +1,103 @@ +.\" $OpenBSD: ldapctl.8,v 1.7 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2009, 2010 Martin Hedenfalk +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt LDAPCTL 8 +.Os +.Sh NAME +.Nm ldapctl +.Nd control the LDAP daemon +.Sh SYNOPSIS +.Nm ldapctl +.Op Fl v +.Op Fl f Ar file +.Op Fl r Ar directory +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr ldapd 8 +daemon. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f Ar file +Use +.Ar file +as the configuration file, instead of the default +.Pa /etc/ldapd.conf . +.It Fl r Ar directory +Store and read database files in +.Ar directory , +instead of the default +.Pa /var/db/ldap . +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/ldapd.sock +to communicate with +.Xr ldapd 8 . +.It Fl v +Produce more verbose output. +.El +.Pp +The commands are as follows: +.Bl -tag -width xxxxxx +.It Cm stats +Show statistics counters. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm compact +Compact all databases. +.Xr ldapd 8 +does not have to be running. +When compaction of a database file is complete, a special marker is appended +to the database file that tells +.Xr ldapd 8 +to reopen the file and perform new requests against the compacted database. +A write transaction is opened to force other processes to buffer write +requests while performing compaction. +Read requests are handled without disruption. +.It Cm index +Re-index all databases. +.Xr ldapd 8 +does not have to be running. +.El +.Sh FILES +.Bl -tag -width "/var/run/ldapd.sockXXXXXXX" -compact +.It Pa /var/run/ldapd.sock +default +.Nm +control socket +.It Pa /etc/ldapd.conf +default +.Xr ldapd 8 +configuration file +.El +.Sh SEE ALSO +.Xr ldapd.conf 5 , +.Xr ldapd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.8 . diff --git a/static/openbsd/man8/ldapd.8 b/static/openbsd/man8/ldapd.8 new file mode 100644 index 00000000..e464ddc6 --- /dev/null +++ b/static/openbsd/man8/ldapd.8 @@ -0,0 +1,169 @@ +.\" $OpenBSD: ldapd.8,v 1.16 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2009, 2010 Martin Hedenfalk +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt LDAPD 8 +.Os +.Sh NAME +.Nm ldapd +.Nd Lightweight Directory Access Protocol (LDAP) daemon +.Sh SYNOPSIS +.Nm ldapd +.Op Fl dnv +.Oo +.Fl D Ar macro Ns = Ns Ar value +.Oc +.Op Fl f Ar file +.Op Fl r Ar directory +.Op Fl s Ar file +.Sh DESCRIPTION +.Nm +is a daemon which implements version 3 of the LDAP protocol. +.Pp +A running +.Nm +process can be controlled using the +.Xr ldapctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize and log to +.Em stderr . +.It Fl f Ar file +Use +.Ar file +as the configuration file, instead of the default +.Pa /etc/ldapd.conf . +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl r Ar directory +Store and read database files in +.Ar directory , +instead of the default +.Pa /var/db/ldap . +.It Fl s Ar file +Specify an alternative location for the socket file. +.It Fl v +Produce more verbose output. +A second +.Fl v +together with the +.Fl d +flag produces debug traces of decoded BER messages on stderr. +.El +.Sh AUTHENTICATION +.Nm +can authenticate users via simple binds or SASL with the PLAIN +mechanism. +.Pp +When using simple binds, the bind DN entry must exist in a namespace +and have a +.Ic userPassword +attribute. +The following formats of the +.Ic userPassword +attribute are recognized: +.Bl -tag -width Ds +.It Ic {SHA}digest +Verify the password against the SHA-1 digest. +.It Ic {SSHA}digest +Verify the password against the salted SHA-1 digest. +.It Ic {CRYPT}hash +Verify the password against the +.Xr crypt 3 +hash. +.It Ic {BSDAUTH}username +Use +.Bx +Authentication with the given username and authentication style +.Dq auth-ldap . +This is similar to using SASL PLAIN authentication with +.Ar username +as the authentication ID. +.It Ic {BSDAUTH}username#class +Same as above, but overrides the login class. +.El +.Pp +Without a prefix, the +.Ic userPassword +attribute is compared literally with the provided plain text password. +.Pp +When using SASL binds, the authentication ID should be a valid +username for +.Bx +Authentication. +.Pp +For plain text passwords to be accepted, the connection must be +considered secure, either by using an encrypted connection, or by +using the +.Ic secure +keyword in the configuration file. +.Sh FILES +.Bl -tag -width "/var/run/ldapd.sockXXXXXXX" -compact +.It Pa /etc/ldapd.conf +default +.Nm +configuration file +.It Pa /var/run/ldapd.sock +default +.Nm +control socket +.It Pa /var/db/ldap/*.db +.Nm +database files +.El +.Sh SEE ALSO +.Xr ldap 1 , +.Xr ldapd.conf 5 , +.Xr login.conf 5 , +.Xr ldapctl 8 +.Sh STANDARDS +.Rs +.%A J. Sermersheim +.%D June 2006 +.%R RFC 4511 +.%T Lightweight Directory Access Protocol (LDAP): The Protocol +.Re +.Pp +.Rs +.%A K. Zeilenga +.%D June 2006 +.%R RFC 4512 +.%T Lightweight Directory Access Protocol (LDAP): Directory Information Models +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.8 . +.Sh CAVEATS +.Nm +is not yet fully LDAPv3 compliant. +.Pp +Database files are not expected to work across architectures and may +not work across versions. diff --git a/static/openbsd/man8/ldattach.8 b/static/openbsd/man8/ldattach.8 new file mode 100644 index 00000000..83b2224f --- /dev/null +++ b/static/openbsd/man8/ldattach.8 @@ -0,0 +1,174 @@ +.\" $OpenBSD: ldattach.8,v 1.18 2014/10/02 09:28:03 jmc Exp $ +.\" +.\" Copyright (c) 2007, 2008 Marc Balmer +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 2 2014 $ +.Dt LDATTACH 8 +.Os +.Sh NAME +.Nm ldattach +.Nd attach a line discipline to a serial line +.Sh SYNOPSIS +.Nm ldattach +.Op Fl 27dehmop +.Op Fl s Ar baudrate +.Op Fl t Ar cond +.Ar discipline +.Ar device +.Sh DESCRIPTION +.Nm +is used to attach a line discipline to a serial line to allow for in-kernel +processing of the received and/or sent data. +Depending on the line discipline being attached, one or more options may be +applied. +.Pp +.Nm +can be run from the command line or at system startup by having +.Xr init 8 +read +.Xr ttys 5 +entries to attach line disciplines. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl 2 +Use 2 stopbits instead of 1. +.It Fl 7 +Use 7 databits instead of 8. +.It Fl d +Do not daemonize. +.It Fl e +Use even parity. +.It Fl h +Turn on RTS/CTS flow control. +By default, no flow control is done. +.It Fl m +Maintain modem control signals after closing the line. +Specifically, this disables HUPCL. +.It Fl o +Use odd parity. +.It Fl p +Pass the data received from +.Ar device +to the master device of a +.Xr pty 4 +pair and vice versa. +The name of the slave device is written to standard output. +.It Fl s Ar baudrate +Specifies the speed of the connection. +If not specified, the default of 9600 baud is used +(4800 baud for +.Xr nmea 4 ) . +.It Fl t Ar cond +.Xr nmea 4 , +.Xr msts 4 +and +.Xr endrun 4 +line disciplines only. +Chooses the condition which will cause the current system time to be +immediately copied to the terminal timestamp storage for subsequent use by +.Xr nmea 4 , +.Xr msts 4 +or +.Xr endrun 4 . +Only one can be used. +.Pp +.Bl -tag -width DCDXX -offset indent -compact +.It dcd +Copy the timestamp when DCD is asserted. +.It !dcd +Copy the timestamp when DCD is deasserted. +.It cts +Copy the timestamp when CTS is asserted. +.It !cts +Copy the timestamp when CTS is deasserted. +.El +.Pp +If no condition is specified, the +.Xr nmea 4 +line discipline will timestamp on receiving the leading +.Sq $ +character of each block of NMEA sentences. +.It Ar discipline +Specifies the name of the line discipline to be attached. +.Pp +.Bl -tag -width nmeaXX -offset indent -compact +.It endrun +Attach the +.Xr endrun 4 +line discipline. +.It msts +Attach the +.Xr msts 4 +line discipline. +.It nmea +Attach the +.Xr nmea 4 +line discipline. +.El +.It Ar device +Specifies the name of the serial line. +.Ar device +should be a string of the form +.Dq cuaXX +or +.Dq /dev/cuaXX . +.Pp +.Xr cua 4 +devices should be used when +.Nm +is started from the command line; +when started using +.Xr init 8 , +.Xr tty 4 +devices should be used. +.El +.Pp +If +.Nm +was not started by +.Xr init 8 , +the line discipline can be detached by +killing off the +.Nm +process. +.Sh EXAMPLES +To start +.Nm +using +.Xr init 8 +to attach the +.Xr nmea 4 +line discipline to +.Pa /dev/tty01 +at 4800 baud using a device without a carrier (DCD) line, +add a line of the following form to +.Pa /etc/ttys : +.Bd -literal -offset indent +tty01 "/sbin/ldattach nmea" unknown on softcar +.Ed +.Sh SEE ALSO +.Xr endrun 4 , +.Xr msts 4 , +.Xr nmea 4 , +.Xr pty 4 , +.Xr tty 4 , +.Xr ttys 5 , +.Xr init 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 4.3 . diff --git a/static/openbsd/man8/ldconfig.8 b/static/openbsd/man8/ldconfig.8 new file mode 100644 index 00000000..3433a0b4 --- /dev/null +++ b/static/openbsd/man8/ldconfig.8 @@ -0,0 +1,170 @@ +.\" $OpenBSD: ldconfig.8,v 1.30 2020/05/08 11:04:50 jca Exp $ +.\" +.\" Copyright (c) 1993,1995 Paul Kranenburg +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Paul Kranenburg. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: May 8 2020 $ +.Dt LDCONFIG 8 +.Os +.Sh NAME +.Nm ldconfig +.Nd configure the shared library cache +.Sh SYNOPSIS +.Nm ldconfig +.Op Fl mRrsUv +.Op Ar path ... +.Sh DESCRIPTION +.Nm +is used to prepare a set of +.Dq hints +for use by the run-time linker +.Xr ld.so 1 +to facilitate quick lookup of shared libraries available in multiple +directories. +It scans a set of built-in system directories and any +.Ar directories +specified on the command line (in the given order) looking for shared +libraries and stores the results in the file +.Pa /var/run/ld.so.hints +to forestall the overhead that would otherwise result from the +directory search operations +.Xr ld.so 1 +would have to perform to load the required shared libraries. +.Pp +The shared libraries so found will be automatically available for loading +if needed by the program being prepared for execution. +This obviates the need for storing search paths within the executable. +.Pp +The +.Ev LD_LIBRARY_PATH +environment variable can be used to override the use of +directories (or the order thereof) from the cache or to specify additional +directories where shared libraries might be found. +.Ev LD_LIBRARY_PATH +is a +.Sq \&: +separated list of directory paths which are searched by +.Xr ld.so 1 +when it needs to load a shared library. +It can be viewed as the run-time equivalent of the +.Fl L +switch of +.Xr ld 1 . +.Pp +.Nm +is typically run as part of the boot sequence. +In addition to the built-in system directories, +directories containing shared libraries may be specified via the +.Ev shlib_dirs +variable in +.Pa /etc/rc.conf.local . +See +.Xr rc.conf 8 +for further information. +.Pp +The following options are recognized by +.Nm ldconfig : +.Bl -tag -width indent +.It Fl m +Merge the result of the scan of the directories given as arguments into +the existing hints file. +The default action is to build the hints file afresh. +This option cannot be used with +.Fl U . +.It Fl R +Rescan the previously configured directories. +This opens the hints file and fetches the directory list from the header. +Any additional pathnames on the command line are also processed. +.It Fl r +List the current contents of +.Pa ld.so.hints +on the standard output. +The hints file will not be modified. +.It Fl s +Do not scan the built-in system directory +.Pq Dq /usr/lib +for shared libraries. +.It Fl U +Unconfigure directories specified on the command line or remove inaccessible +directories from search path if no directories specified. +This option cannot be used with +.Fl m . +.It Fl v +Switch on verbose mode. +.El +.Sh SECURITY +Special care must be taken when loading shared libraries into the address +space of set-user-ID and set-group-ID programs. +Whenever such a program is run, +.Xr ld.so 1 +will only load shared libraries from the +.Pa ld.so.hints +file. +In particular, the +.Ev LD_LIBRARY_PATH +is not used to search for libraries. +Thus, the role of +.Nm +is dual. +In addition to building a set of hints for quick lookup, it also serves to +specify the trusted collection of directories from which shared objects can +be safely loaded. +It is presumed that the set of directories specified to +.Nm +are under control of the system's administrator. +.Xr ld.so 1 +further assists set-user-ID and set-group-ID programs by erasing the +.Ev LD_LIBRARY_PATH +from the environment. +.Sh ENVIRONMENT +.Bl -tag -width Ds +.It Ev LD_LIBRARY_PATH +Additional directories containing shared libraries, +settable in the user's environment. +.It Ev shlib_dirs +Additional directories containing shared libraries, +settable in +.Pa /etc/rc.conf.local . +.El +.Sh FILES +.Bl -tag -width Ds -compact +.It Pa /etc/rc.conf +.It Pa /etc/rc.conf.local +.It Pa /var/run/ld.so.hints +.El +.Sh SEE ALSO +.Xr ld 1 , +.Xr elf 5 , +.Xr rc.conf 8 +.Sh HISTORY +An +.Nm +utility first appeared in SunOS 4.0. +It appeared in its current form in +.Nx 0.9a . diff --git a/static/openbsd/man8/ldomctl.8 b/static/openbsd/man8/ldomctl.8 new file mode 100644 index 00000000..6d4b6dee --- /dev/null +++ b/static/openbsd/man8/ldomctl.8 @@ -0,0 +1,218 @@ +.\" $OpenBSD: ldomctl.8,v 1.31 2021/11/17 13:48:12 kn Exp $ +.\" +.\" Copyright (c) 2012 Mark Kettenis +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 17 2021 $ +.Dt LDOMCTL 8 sparc64 +.Os +.Sh NAME +.Nm ldomctl +.Nd Logical Domain management interface +.Sh SYNOPSIS +.Nm ldomctl +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program is used to manage logical domains on sun4v systems. +It can be used to assign resources to the primary and guest domains, +start and stop guest domains from the primary domain, and to display +information about domains running on the system. +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm create-vdisk Fl s Ar size file +Create a virtual disk image with the specified +.Ar file +path and +.Ar size , +in bytes. +.Ar size +can be specified with a human-readable scale, using the format described in +.Xr scan_scaled 3 , +e.g. 512M. +.It Cm console Ar domain +Using +.Xr cu 1 +connect to the console of the guest domain. +.It Cm delete Ar configuration +Delete the specified configuration from non-volatile storage. +.It Cm download Ar directory +Save a logical domain configuration to non-volatile storage on the +service processor. +The name of the configuration is taken from the name of the +.Ar directory +which must contain files created with the +.Cm init-system +command. +The download is aborted if a configuration with the same name already exists. +Depending on the firmware, the new configuration must be activated explicitly +using the +.Cm select +command. +.It Cm dump +Dump the current configuration from non-volatile storage into the current +working directory. +.It Cm init-system Oo Fl n Oc Ar file +Generate files in the current working directory for a logical domain +configuration +.Ar file +as described in +.Xr ldom.conf 5 . +.Bl -tag -width 3n +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.El +.It Cm list +List configurations stored in non-volatile storage. +Indicate the currently running configuration, +and the configuration which will be used next +(after resetting the machine) if it differs from the currently running one. +.It Cm list-io +List available PCIe devices for the configuration in the current directory. +.It Cm panic Oo Fl c Oc Ar domain +Panic a guest domain. +The exact behaviour of this command depends on the OS running in the domain. +For +.Ox +the default behaviour is to enter +.Xr ddb 4 . +.Bl -tag -width 3n +.It Fl c +Automatically connect to the guest console. +.El +.It Cm select Ar configuration +Select the next logical domain configuration to use +(after resetting the machine). +.It Cm start Oo Fl c Oc Ar domain +Start a guest domain. +.Bl -tag -width 3n +.It Fl c +Automatically connect to the guest console. +.El +.It Cm status Op Ar domain +Display status information for +.Ar domain , +or for all domains running on the system. +.It Cm stop Ar domain +Stop a guest domain. +.El +.Sh EXAMPLES +A system using factory defaults has a single "factory-default" configuration: +.Bd -literal -offset indent +# ldomctl list +factory-default [current] +.Ed +.Pp +Create a new configuration based on the defaults: +.Bd -literal -offset indent +# mkdir factory-default +# cd factory-default +# ldomctl dump +# cd .. +# cp -R factory-default openbsd +# cd openbsd +.Ed +.Pp +A file describing the desired configuration must be created - see +.Xr ldom.conf 5 . +.Pp +Generate a set of configuration files and download to non-volatile storage. +If a configuration with the same name already exists, it must be removed first: +.Bd -literal -offset indent +# ldomctl init-system ldom.conf +# cd .. +# ldomctl delete openbsd +# ldomctl download openbsd +# ldomctl list +factory-default [current] +openbsd [next] +.Ed +.Pp +Create a virtual disk image for each guest domain: +.Bd -literal -offset indent +# ldomctl create-vdisk -s 8G /home/puffy/vdisk0 +# ldomctl create-vdisk -s 8G /home/salmah/vdisk0 +.Ed +.Pp +The minirootfs install media can be used to boot guest domains: +.Bd -literal -offset indent +# cp miniroot67.img /home/puffy/vdisk1 +# cp miniroot67.img /home/salmah/vdisk1 +.Ed +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable ldomd , +which sets +.Pp +.Dl ldomd_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +Halt the primary domain and reset the hardware: +.Bd -literal -offset indent +# halt +sc> reset -c # ALOM +-> reset /SYS # ILOM +.Ed +.Pp +The machine will now reset and boot into the new configuration. +The primary domain should have less CPUs and memory, since they +are now assigned to the guest domains: +.Bd -literal -offset indent +# ldomctl status +primary - running OpenBSD running 1% +puffy ttyV0 running OpenBoot Primary Boot Loader 8% +salmah ttyV1 running OpenBoot Primary Boot Loader 12% +.Ed +.Pp +Configure the +.Xr vnet 4 +interfaces for the guest domains. +This example bridges guest domains into the physical network: +.Bd -literal -offset indent +# ifconfig vnet0 up +# ifconfig vnet1 up +# ifconfig bridge0 create +# ifconfig bridge0 add em0 add vnet0 add vnet1 up +.Ed +.Pp +Access the console of the first domain and boot it: +.Bd -literal -offset indent +# ldomctl console puffy +Connected to /dev/ttyV0 (speed 9600) +{0} ok boot disk1 +.Ed +.Sh SEE ALSO +.Xr dd 1 , +.Xr ddb 4 , +.Xr vnet 4 , +.Xr ldom.conf 5 , +.Xr ldomd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 5.3 . +.Sh AUTHORS +The +.Nm +program was written by +.An Mark Kettenis Aq Mt kettenis@openbsd.org . diff --git a/static/openbsd/man8/ldomd.8 b/static/openbsd/man8/ldomd.8 new file mode 100644 index 00000000..d6b36bf2 --- /dev/null +++ b/static/openbsd/man8/ldomd.8 @@ -0,0 +1,57 @@ +.\" $OpenBSD: ldomd.8,v 1.6 2019/07/27 09:55:46 kn Exp $ +.\" +.\" Copyright (c) 2012 Mark Kettenis +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 27 2019 $ +.Dt LDOMD 8 sparc64 +.Os +.Sh NAME +.Nm ldomd +.Nd Logical Domain daemon +.Sh SYNOPSIS +.Nm ldomd +.Op Fl d +.Sh DESCRIPTION +The +.Nm +daemon manages the logical domains on sun4v systems. +It manages the logical domain configuration and provides domain +services to guest domains. +Currently it only implements support for the Variable +Configuration domain service. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.El +.Sh SEE ALSO +.Xr vldc 4 , +.Xr ldom.conf 5 , +.Xr ldomctl 8 +.Sh HISTORY +The +.Nm +daemon first appeared in +.Ox 5.3 . +.Sh AUTHORS +The +.Nm +daemon was written by +.An Mark Kettenis Aq Mt kettenis@openbsd.org . diff --git a/static/openbsd/man8/ldpctl.8 b/static/openbsd/man8/ldpctl.8 new file mode 100644 index 00000000..2321fdde --- /dev/null +++ b/static/openbsd/man8/ldpctl.8 @@ -0,0 +1,133 @@ +.\" $OpenBSD: ldpctl.8,v 1.14 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2009 Michele Marchetto +.\" Copyright (c) 2004, 2005 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt LDPCTL 8 +.Os +.Sh NAME +.Nm ldpctl +.Nd control the LDP routing daemon +.Sh SYNOPSIS +.Nm +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr ldpd 8 +daemon. +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm s i +for +.Cm show interfaces . +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Xo +.Cm clear neighbors +.Op Ar address +.Xc +Delete entries from the neighbor table. +.Ar address +can be used to limit the scope of the command to the given neighbor. +.It Cm fib couple +Insert the learned labels into the Label Forwarding Information Base a.k.a. +the kernel routing table. +.It Cm fib decouple +Remove the learned labels from the Label Forwarding Information Base a.k.a. +the kernel routing table. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm reload +Reload the configuration file. +.It Xo +.Cm show fib +.Op Cm family Ar family +.Op Ar destination | filter +.Xc +Show the Label Forwarding Information Base. +.Ar family , +if given, limit the output to the given address family. +.Ar destination +can be specified to show the route matching a destination IP address. +.Ar filter +can be any of the following: +.Pp +.Bl -tag -width "interfaceXXinterfaceXX" -compact +.It Cm connected +Show only connected routes. +.It Cm interface +Show only interfaces. +.It Cm static +Show only static routes. +.El +.Pp +.Cm connected , +and +.Cm static +may be specified together. +.It Xo +.Cm show interfaces +.Op Cm family Ar family +.Xc +Show details for all interfaces. +.Ar family , +if given, limit the output to the given address family. +.It Xo +.Cm show discovery +.Op Cm family Ar family +.Xc +Show adjacencies. +.Ar family , +if given, limit the output to the given address family. +.It Xo +.Cm show neighbor +.Op Cm family Ar family +.Xc +Show neighbors. +.Ar family , +if given, limit the output to the given address family. +.It Xo +.Cm show lib +.Op Cm family Ar family +.Xc +Show the Label Information Base. +.Ar family , +if given, limit the output to the given address family. +.It Cm show l2vpn bindings +Show the PWID Label Information Base. +.It Cm show l2vpn pseudowires +Show the status of the configured pseudowires. +.El +.Sh FILES +.Bl -tag -width "/var/run/ldpd.sockXX" -compact +.It Pa /var/run/ldpd.sock +.Ux Ns -domain +socket used for communication with +.Xr ldpd 8 . +.El +.Sh SEE ALSO +.Xr ldpd.conf 5 , +.Xr ldpd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.6 . diff --git a/static/openbsd/man8/ldpd.8 b/static/openbsd/man8/ldpd.8 new file mode 100644 index 00000000..42f8a255 --- /dev/null +++ b/static/openbsd/man8/ldpd.8 @@ -0,0 +1,195 @@ +.\" $OpenBSD: ldpd.8,v 1.22 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2013, 2016 Renato Westphal +.\" Copyright (c) 2009 Michele Marchetto +.\" Copyright (c) 2004, 2005, 2006 Esben Norby +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt LDPD 8 +.Os +.Sh NAME +.Nm ldpd +.Nd Label Distribution Protocol (LDP) routing daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is the Label Distribution Protocol +.Pq LDP +daemon, which distributes MPLS label mappings between routers. +.Pp +A running +.Nm +can be controlled with the +.Xr ldpctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/ldpd.sockXX" -compact +.It Pa /etc/ldpd.conf +Default +.Nm +configuration file. +.It Pa /var/run/ldpd.sock +.Ux Ns -domain +socket used for communication with +.Xr ldpctl 8 . +.El +.Sh SEE ALSO +.Xr mpe 4 , +.Xr ldpd.conf 5 , +.Xr ldpctl 8 , +.Xr rc.conf 8 +.Sh STANDARDS +.Rs +.%A E. Rosen +.%A A. Viswanathan +.%A R. Callon +.%D January 2001 +.%R RFC 3031 +.%T Multiprotocol Label Switching Architecture +.Re +.Pp +.Rs +.%A S. Bryant +.%A G. Swallow +.%A L. Martini +.%A D. McPherson +.%D February 2006 +.%R RFC 4385 +.%T Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN +.Re +.Pp +.Rs +.%A L. Martini +.%A E. Rosen +.%A N. El-Aawar +.%A T. Smith +.%A G. Heron +.%D April 2006 +.%R RFC 4447 +.%T Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) +.Re +.Pp +.Rs +.%A M. Lasserre +.%A V. Kompella +.%D January 2007 +.%R RFC 4762 +.%T Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling +.Re +.Pp +.Rs +.%A L. Andersson +.%A I. Minei +.%A B. Thomas +.%D October 2007 +.%R RFC 5036 +.%T LDP Specification +.Re +.Pp +.Rs +.%A B. Thomas +.%A K. Raza +.%A S. Aggarwal +.%A R. Aggarwal +.%A JL. Le Roux +.%D July 2009 +.%R RFC 5561 +.%T LDP Capabilities +.Re +.Pp +.Rs +.%A R. Asati +.%A I. Minei +.%A B. Thomas +.%D August 2010 +.%R RFC 5918 +.%T Label Distribution Protocol (LDP) 'Typed Wildcard' Forward Equivalence Class (FEC) +.Re +.Pp +.Rs +.%A R. Asati +.%A P. Mohapatra +.%A E. Chen +.%A B. Thomas +.%D August 2010 +.%R RFC 5919 +.%T Signaling LDP Label Advertisement Completion +.Re +.Pp +.Rs +.%A K. Raza +.%A S. Boutros +.%A C. Pignataro +.%D July 2012 +.%R RFC 6667 +.%T LDP 'Typed Wildcard' Forwarding Equivalence Class (FEC) for PWid and Generalized PWid FEC Elements +.Re +.Pp +.Rs +.%A C. Pignataro +.%A R. Asati +.%D August 2012 +.%R RFC 6720 +.%T The Generalized TTL Security Mechanism (GTSM) for the Label Distribution Protocol (LDP) +.Re +.Pp +.Rs +.%A R. Asati +.%A C. Pignataro +.%A K. Raza +.%A V. Manral +.%A R. Papneja +.%D June 2015 +.%R RFC 7552 +.%T Updates to LDP for IPv6 +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.6 . diff --git a/static/openbsd/man8/lldp.8 b/static/openbsd/man8/lldp.8 new file mode 100644 index 00000000..c251bc34 --- /dev/null +++ b/static/openbsd/man8/lldp.8 @@ -0,0 +1,62 @@ +.\" $OpenBSD: lldp.8,v 1.5 2025/06/08 08:21:30 bentley Exp $ +.\" +.\" Copyright (c) 2025 David Gwynne +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: June 8 2025 $ +.Dt LLDP 8 +.Os +.Sh NAME +.Nm lldp +.Nd control the lldpd agent +.Sh SYNOPSIS +.Nm lldp +.Op Fl v +.Op Fl i Ar interface +.Op Fl s Ar socket +.Sh DESCRIPTION +The +.Nm +program communicates with the +.Xr lldpd 8 +Link Layer Discovery Protocol (LLDP) +agent to fetch and display LLDP entries received by the agent. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl i Ar interface +Limit the LLDP entries to those received on the specified +.Ar interface . +.It Fl s Ar socket +Use +.Ar socket +to communicate with +.Xr lldpd 8 . +.It Fl v +Increase the verbosity of output. +.El +.Sh FILES +.Bl -tag -width "/var/run/lldp.sock" -compact +.It Pa /var/run/lldp.sock +default +.Xr lldpd 8 +control socket +.El +.Sh SEE ALSO +.Xr lldpd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 7.8 . diff --git a/static/openbsd/man8/lldpd.8 b/static/openbsd/man8/lldpd.8 new file mode 100644 index 00000000..ba54b67d --- /dev/null +++ b/static/openbsd/man8/lldpd.8 @@ -0,0 +1,71 @@ +.\" $OpenBSD: lldpd.8,v 1.6 2025/05/16 04:26:43 kn Exp $ +.\" +.\" Copyright (c) 2025 David Gwynne +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 16 2025 $ +.Dt LLDPD 8 +.Os +.Sh NAME +.Nm lldpd +.Nd Link Layer Discovery Protocol (LLDP) daemon +.Sh SYNOPSIS +.Nm +.Op Fl d +.Op Fl s Ar socket +.Sh DESCRIPTION +The +.Nm +daemon receives +Link Layer Discovery Protocol +.Pq LLDP +messages on Ethernet interfaces and stores them for display by +.Xr lldp 8 . +.Pp +LLDP is a link layer protocol for advertising and discovering identity +and capability. +.Pp +The options are as follows: +.Bl -tag -width "-f fileXXX" +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to stderr. +.It Fl s Ar socket +Use +.Ar socket +to communicate with +.Xr lldp 8 . +.El +.Sh FILES +.Bl -tag -width "/var/run/lldp.sock" -compact +.It Pa /var/run/lldp.sock +default +.Nm +control socket +.El +.Sh SEE ALSO +.\" Xr frame 4 , +.Xr lldp 8 +.Sh STANDARDS +.Rs +.%R IEEE 802.1AB +.%T Station and Media Access Control Connectivity Discovery +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 7.8 . diff --git a/static/openbsd/man8/locate.mklocatedb.8 b/static/openbsd/man8/locate.mklocatedb.8 new file mode 100644 index 00000000..87d5f8d2 --- /dev/null +++ b/static/openbsd/man8/locate.mklocatedb.8 @@ -0,0 +1,45 @@ +.\" $OpenBSD: locate.mklocatedb.8,v 1.1 2021/07/30 09:28:26 espie Exp $ +.\" +.\" Copyright (c) 2021 Marc Espie +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 30 2021 $ +.Dt LOCATE.MKLOCATEDB 8 +.Os +.Sh NAME +.Nm locate.mklocatedb +.Nd create locate database +.Sh SYNOPSIS +.Nm +.Op Fl presort +.Sh DESCRIPTION +.Nm +reads a list of filenames (one per line) +from standard input and +creates a database usable by +.Xr locate 1 +on standard output. +It is typically run by +.Xr locate.updatedb 8 , +but it can be used independently to generate +a database from any list of paths. +.Pp +The options are as follows: +.Bl -tag -width -presort +.It Fl presort +Assume the input list is already sorted. +.El +.Sh SEE ALSO +.Xr locate 1 , +.Xr locate.updatedb 8 diff --git a/static/openbsd/man8/locate.updatedb.8 b/static/openbsd/man8/locate.updatedb.8 new file mode 100644 index 00000000..c30db961 --- /dev/null +++ b/static/openbsd/man8/locate.updatedb.8 @@ -0,0 +1,108 @@ +.\" $OpenBSD: locate.updatedb.8,v 1.23 2022/06/12 05:36:20 gnezdo Exp $ +.\" +.\" Copyright (c) 1996 +.\" Mike Pritchard . All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Mike Pritchard. +.\" 4. Neither the name of the author nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 12 2022 $ +.Dt LOCATE.UPDATEDB 8 +.Os +.Sh NAME +.Nm locate.updatedb +.Nd update locate database +.Sh SYNOPSIS +.Nm locate.updatedb +.Op Fl \-fcodes Ns = Ns Ar dbfile +.Op Fl \-filesystems Ns = Ns Eo \(aq Ar type ... Ec \(aq +.Op Fl \-prunepaths Ns = Ns Eo \(aq Ar dir ... Ec \(aq +.Op Fl \-searchpaths Ns = Ns Eo \(aq Ar dir ... Ec \(aq +.Op Fl \-tmpdir Ns = Ns Ar dir +.Sh DESCRIPTION +.Nm +updates the database used by +.Xr locate 1 . +It is typically run once a week by the +.Xr weekly 8 +script. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl \-fcodes +Output to an alternate database file instead of the default +.Pa /var/db/locate.database . +If +.Ql \- +is specified in place of the file name, +send the database to the standard output. +.It Fl \-filesystems +A list of filesystem types to be traversed by +.Xr find 1 . +The default is +.Eo \(aq ffs ufs ext2fs Ec \(aq . +.It Fl \-prunepaths +Set the list of parent directories that should not go in the database. +The default is +.Eo \(aq Pa /tmp /var/tmp Ec \(aq . +.It Fl \-searchpaths +Set the list of directories to be put in the database. +The default is +.Eo \(aq Pa / Ec \(aq . +.It Fl \-tmpdir +Set the directory temporary files are stored in. +The default is +.Pa /tmp . +.El +.Pp +The default settings are modified by the optional configuration file +.Pa /etc/locate.rc . +It is a +.Xr sh 1 +script that can be used to set variables. +The names of the variables match the names of the command line +options, but in all caps. +.Sh FILES +.Bl -tag -width /var/db/locate.database -compact +.It Pa /etc/locate.rc +configuration file +.It Pa /var/db/locate.database +default database +.El +.Sh SEE ALSO +.Xr find 1 , +.Xr locate 1 , +.Xr locate.mklocatedb 8 , +.Xr weekly 8 +.Rs +.%A Woods, James A. +.%D 1983 +.%T "Finding Files Fast" +.%J ";login" +.%V 8:1 +.%P pp. 8-10 +.Re diff --git a/static/openbsd/man8/login_chpass.8 b/static/openbsd/man8/login_chpass.8 new file mode 100644 index 00000000..12de9daf --- /dev/null +++ b/static/openbsd/man8/login_chpass.8 @@ -0,0 +1,69 @@ +.\" $OpenBSD: login_chpass.8,v 1.6 2007/05/31 19:19:40 jmc Exp $ +.\" +.\" Copyright (c) 1996 Berkeley Software Design, Inc. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI $From: login_chpass.8,v 1.2 1997/01/15 20:50:13 bostic Exp $ +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt LOGIN_CHPASS 8 +.Os +.Sh NAME +.Nm login_chpass +.Nd change password authentication type +.Sh SYNOPSIS +.Nm login_chpass +.Op Fl s Ar service +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility is typically called from +.Xr login 1 . +It is functionally the same as calling the program: +.Dq passwd Ar user . +This will use the +.Xr login_lchpass 8 +utility to change the user's local password. +.Pp +Only the +.Li login +service is supported. +See +.Xr login.conf 5 . +The +.Ar class +argument is not used. +.Sh SEE ALSO +.Xr login 1 , +.Xr passwd 1 , +.Xr login.conf 5 , +.Xr login_lchpass 8 diff --git a/static/openbsd/man8/login_lchpass.8 b/static/openbsd/man8/login_lchpass.8 new file mode 100644 index 00000000..0a7b4c2d --- /dev/null +++ b/static/openbsd/man8/login_lchpass.8 @@ -0,0 +1,65 @@ +.\" $OpenBSD: login_lchpass.8,v 1.5 2015/11/26 20:02:46 jmc Exp $ +.\" +.\" Copyright (c) 1996 Berkeley Software Design, Inc. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI $From: login_lchpass.8,v 1.1 1996/08/06 15:56:57 prb Exp $ +.\" +.Dd $Mdocdate: November 26 2015 $ +.Dt LOGIN_LCHPASS 8 +.Os +.Sh NAME +.Nm login_lchpass +.Nd change local password authentication type +.Sh SYNOPSIS +.Nm login_lchpass +.Op Fl s Ar service +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility is typically called from +.Xr login 1 . +It is functionally the same as calling the program: +.Dq passwd Ar user . +.Pp +Only the +.Li login +service is supported. +See +.Xr login.conf 5 . +The +.Ar class +argument is not used. +.Sh SEE ALSO +.Xr login 1 , +.Xr passwd 1 , +.Xr login.conf 5 diff --git a/static/openbsd/man8/login_ldap.8 b/static/openbsd/man8/login_ldap.8 new file mode 100644 index 00000000..36d043b1 --- /dev/null +++ b/static/openbsd/man8/login_ldap.8 @@ -0,0 +1,253 @@ +.\" $OpenBSD: login_ldap.8,v 1.3 2022/03/31 17:27:18 naddy Exp $ +.\" Copyright (c) 2002 Institute for Open Systems Technology Australia (IFOST) +.\" Copyright (c) 2007 Michael Erdely +.\" Copyright (c) 2019 Martijn van Duren +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt LOGIN_LDAP 8 +.Os +.Sh NAME +.Nm login_ldap +.Nd contact LDAP directory server for authentication +.Sh SYNOPSIS +.Nm login_ldap +.Op Fl d +.Op Fl s Ar service +.Op Fl v Ar name Ns = Ns Ar value +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility contacts an LDAP server to authenticate a +.Ar user . +.Pp +Available options are: +.Bl -tag -width indent +.It Fl d +Print debugging information. +.It Fl s +Specify the service. +Currently only +.Dq login +and +.Dq response +are supported. +The challenge service is not supported, but it is not an error to specify +this service. +If this happens, +.Nm +will request the response service. +.It Fl v +This option is for compatibility and is ignored. +.El +.Pp +.Nm +searches for the +.Ar user +on the LDAP server based on the filter parameters in the configuration file. +If the user is found, it will try to bind to it using the supplied password. +.Pp +.Nm +uses the +.Ar ldap-conffile +.Xr login.conf 5 +variable to determine the location of the configuration file. +If no +.Ar ldap-conffile +can be found, it will fall back to +.Pa /etc/login_ldap.conf . +The configuration file must be owned by root with group auth and permissions +0640. +.Sh LOGIN_LDAP.CONF VARIABLES +The login_ldap.conf file takes one key value pair per line separated by a +.Sq = . +No spaces are allowed between the +.Sq = +and +.Ar value . +The +.Ar key +may have leading and trailing whitespaces. +Empty lines and lines starting with a +.Sq # +are ignored. +.Pp +The +.Nm +utility requires the following variables: +.Bl -tag -width basedn +.It Ar host +The hostname of the LDAP server or an LDAP URL. +The LDAP URL is described in the following format: +.Pp +.Sm off +.Op Ar protocol No :// +.Ar host Op : Ar port +.Sm on +.Pp +The following protocols are supported: +.Pp +.Bl -tag -width "ldap+tls" -compact +.It ldap +Connect with TCP in plain text. +This is the default. +.It ldaps +Connect with TLS. +The default port is 636. +.It ldap+tls +Connect with TCP and enable TLS using the StartTLS operation. +.El +.Pp +Multiple host entries are supported and are tried in order of appearance. +.It Ar basedn +Point in the LDAP server's Directory Information Tree +.Nm +should begin searching for user objects. +This option can be omitted if the binddn points directly to the user entry. +.It Ar binddn +DN used by +.Nm +to bind to the LDAP server. +If no basedn is set, this is used to bind directly to the user and uses the user +supplied password. +Use FORMAT FILTERS to specify the username in this case. +.Pp +If basedn is set, it is used together with bindpw to bind to the LDAP server and +search for the user entry based on filter and scope. +If +.Ar binddn +is omitted and basedn is set, an anonymous bind is used to search for the user +entry. +.El +.Pp +In most cases, you will need to configure additional options. +The following entries to login_ldap.conf are also recognised by +.Nm +and are optional: +.Bl -tag -width cacertdir +.It Ar bindpw +Password used by +.Nm +to bind to the LDAP server. +Leave this out for a passwordless bind. +.It Ar filter +LDAP search filter (in accordance with RFC 1558) which identifies the +objectclasses and attributes necessary for +.Nm +to locate the user object. +See the +.Sx FILTER FORMATS +section for details. +.It Ar timeout +Time in seconds to wait for the LDAP server to respond to a query. +The default is 60 seconds per query, with up to four queries occurring. +.It Ar scope +The directory scope when performing the user lookup (first pass) search. +Acceptable values are: +.Pp +.Bl -tag -width baseXXX -offset indent -compact +.It base +Base object search +.It one +One level search +.It sub +Full subtree search +.El +.Pp +The default is sub if scope is unspecified. +.It Ar cacert +The pathname of the CA used for SSL certificates. +.It Ar cacertdir +The directory containing the certificates of trusted CAs. +.El +.Pp +An additional groupcheck can be performed to verify the user is allowed to log +in. +This can be done by specifying +.Ar gbasedn , Ar gfilter +and optionally +.Ar gscope . +See +.Ar basedn , Ar filter +and +.Ar scope +for semantics. +These checks are performed by the binddn user. +.Sh FILTER FORMATS +The following format specifiers are valid for the filter: +.Bl -tag -width xxx +.It %u +Username. +The username of the user to be authenticated as specified by the +.Ar user +argument. +.It %h +Hostname. +The hostname of the host the user is trying to authenticate on, +as returned by +.Xr gethostname 3 +and displayed by +.Xr hostname 1 . +.It %d +The dn of the user attempting authentication as returned from the first pass of +the search. +This option is only available to gfilter and gbasedn. +.It %% +A literal +.Sq % +character. +.El +.Sh FILES +.Bl -tag -width /etc/examples/login_ldap.conf -compact +.It Pa /etc/examples/login_ldap.conf +Example configuration file. +.El +.Sh SEE ALSO +.Xr ldap 1 , +.Xr login 1 , +.Xr login.conf 5 , +.Xr ldapd 8 , +.Xr ypldap 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 3.3 +ports and was later mostly rewritten by +.An Martijn van Duren Aq Mt martijn@openbsd.org +and imported into +.Ox 6.8 . +.Sh AUTHORS +The +.Nm +utility was originally written by: +.Pp +.An Peter Werner Aq Mt peterw@ifost.org.au +.An Michael Erdely Aq Mt merdely@openbsd.org +.Sh CAVEATS +As there is no SASL support, passwords are sent to the LDAP server. +TLS should be used to protect the password in transit. diff --git a/static/openbsd/man8/login_passwd.8 b/static/openbsd/man8/login_passwd.8 new file mode 100644 index 00000000..734fd624 --- /dev/null +++ b/static/openbsd/man8/login_passwd.8 @@ -0,0 +1,88 @@ +.\" $OpenBSD: login_passwd.8,v 1.11 2019/01/25 00:19:26 millert Exp $ +.\" +.\" Copyright (c) 2000 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt LOGIN_PASSWD 8 +.Os +.Sh NAME +.Nm login_passwd +.Nd provide standard password authentication type +.Sh SYNOPSIS +.Nm login_passwd +.Op Fl s Ar service +.Op Fl v Cm wheel Ns = Ns Cm yes Ns | Ns Cm no +.Op Fl v Cm lastchance Ns = Ns Cm yes Ns | Ns Cm no +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility is called by +.Xr login 1 , +.Xr su 1 , +.Xr ftpd 8 , +and others to authenticate the +.Ar user +with passwd-style authentication. +.Pp +The +.Ar user +argument is the login name of the user to be authenticated. +.Pp +The +.Ar service +argument specifies which protocol to use with the +invoking program. +The allowed protocols are +.Em login , +.Em challenge , +and +.Em response . +(The +.Em challenge +protocol is silently ignored but will report success as passwd-style +authentication is not challenge-response based). +.Pp +If the +.Cm wheel +argument is specified and is not set to +.Cm yes , +then the user will be rejected as not being in group +.Dq wheel . +This is used by +.Xr su 1 . +.Pp +If the +.Cm lastchance +argument is specified and is equal to +.Cm yes , +then if the user's password has expired, and it has not been +expired longer than +.Dq password-dead +seconds (see +.Xr login.conf 5 ) , +the user will be able to log in one last time to change the password. +.Pp +.Nm +will prompt the user for a password and report back to the +invoking program whether or not the authentication was +successful. +.Sh SEE ALSO +.Xr login 1 , +.Xr passwd 1 , +.Xr su 1 , +.Xr login.conf 5 , +.Xr ftpd 8 diff --git a/static/openbsd/man8/login_radius.8 b/static/openbsd/man8/login_radius.8 new file mode 100644 index 00000000..e9ae169e --- /dev/null +++ b/static/openbsd/man8/login_radius.8 @@ -0,0 +1,170 @@ +.\" $OpenBSD: login_radius.8,v 1.16 2022/03/31 17:27:18 naddy Exp $ +.\" +.\" Copyright (c) 1996 Berkeley Software Design, Inc. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI $From: login_radius.8,v 1.2 1996/11/11 18:42:02 prb Exp $ +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt LOGIN_RADIUS 8 +.Os +.Sh NAME +.Nm login_radius +.Nd provide RADIUS authentication type +.Sh SYNOPSIS +.Nm login_radius +.Op Fl d +.Op Fl s Ar service +.Op Fl v Ar name Ns = Ns Ar value +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility contacts a RADIUS server to authenticate a +.Ar user . +If no +.Ar class +is specified, the login class will be obtained from the password database. +.Pp +When executed as the name +.Pa login_ Ns Ar style , +.Nm +will request that the RADIUS server use the authentication specified by +.Ar style . +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl d +Debug mode. +Output is sent to the standard output instead of the +.Bx +Authentication backchannel. +.It Fl s Ar service +Specify the service. +Currently only +.Li challenge , +.Li login , +and +.Li response +are supported. +.It Fl v Ar name Ns = Ns Ar value +This option and its value are ignored. +.El +.Pp +The +.Nm +utility needs to know a shared secret for each RADIUS server it talks to. +Shared secrets are stored in the file +.Pa /etc/raddb/servers +with the format: +.Bd -literal -offset indent +server shared_secret +.Ed +.Pp +It is expected that rather than requesting the RADIUS style directly +(in which case the server uses a default style) that +.Nm +will be linked to the various mechanisms desired. +For instance, to have all CRYPTOCard and ActivCard authentication take +place on a remote server via the RADIUS protocol, remove the +.Pa login_activ +and +.Pa login_crypto +modules and link +.Pa login_radius +to both of those names. +Now when the user requests one of those authentication styles, +.Nm +will automatically forward the request to the remote RADIUS server +and request it do the requested style of authentication. +.Sh LOGIN.CONF VARIABLES +The +.Nm +utility uses the following RADIUS-specific +.Pa /etc/login.conf +variables: +.Bl -tag -width radius-challenge-styles +.It radius-port +Port name or number to connect to on the RADIUS server. +.It radius-server +Hostname of the RADIUS server to contact. +.It radius-server-alt +Alternate RADIUS server to use when the primary is not responding. +.It radius-challenge-styles +Comma-separated list of authentication styles that the RADIUS server +knows about. +If the user's authentication style is in this list, the challenge will +be provided by the RADIUS server. +If not, +.Nm +will prompt the user for the password before sending the request +(along with the password) to the RADIUS server. +.It radius-timeout +Number of seconds to wait for a response from the RADIUS server. +Defaults to 2 seconds. +.It radius-retries +Number of times to attempt to contact the RADIUS server before giving up +(or falling back to the alternate server if there is one). +Defaults to 6 tries. +.El +.Sh FILES +.Bl -tag -compact -width xetcxraddbxserversxx +.It Pa /etc/login.conf +login configuration database +.It Pa /etc/raddb/servers +list of RADIUS servers and their associated shared secrets +.El +.Sh SEE ALSO +.Xr login 1 , +.Xr login.conf 5 , +.Xr radiusd 8 +.Sh STANDARDS +.Rs +.%A C. Rigney +.%A S. Willens +.%A A. Rubens +.%A W. Simpson +.%D June 2000 +.%R RFC 2865 +.%T "Remote Authentication Dial In User Service (RADIUS)" +.Re +.Sh CAVEATS +For +.Nm +to function, the +.Pa /etc/raddb +directory must be owned by group +.Dq _radius +and have group-execute permissions. +Likewise, the +.Pa /etc/raddb/servers +file must be readable by group +.Dq _radius . diff --git a/static/openbsd/man8/login_reject.8 b/static/openbsd/man8/login_reject.8 new file mode 100644 index 00000000..d9b8175b --- /dev/null +++ b/static/openbsd/man8/login_reject.8 @@ -0,0 +1,74 @@ +.\" $OpenBSD: login_reject.8,v 1.7 2014/04/23 18:24:23 ajacoutot Exp $ +.\" +.\" Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI $From: login_reject.8,v 1.2 1996/08/01 21:02:26 prb Exp $ +.\" +.Dd $Mdocdate: April 23 2014 $ +.Dt LOGIN_REJECT 8 +.Os +.Sh NAME +.Nm login_reject +.Nd provide rejected authentication +.Sh SYNOPSIS +.Nm login_reject +.Op Fl s Ar service +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility provides the rejection authentication class. +The +.Ar user +name, while required, is ignored. +The +.Ar class +name, which is optional, is also ignored. +The +.Nm reject +authentication mechanism is intended to be used to disallow certain +types of logins. +For example, a class entry (see +.Xr login.conf 5 ) +may contain: +.Bd -literal -offset indent +:auth=passwd: +:auth-ftp=reject: +.Ed +.Pp +which would allow password authentication for this class +but would reject attempts to authenticate from +.Xr ftpd 8 . +.Sh SEE ALSO +.Xr login 1 , +.Xr login.conf 5 , +.Xr ftpd 8 diff --git a/static/openbsd/man8/login_skey.8 b/static/openbsd/man8/login_skey.8 new file mode 100644 index 00000000..bfea5289 --- /dev/null +++ b/static/openbsd/man8/login_skey.8 @@ -0,0 +1,107 @@ +.\" $OpenBSD: login_skey.8,v 1.11 2019/01/25 00:19:26 millert Exp $ +.\" +.\" Copyright (c) 2000, 2002 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt LOGIN_SKEY 8 +.Os +.Sh NAME +.Nm login_skey +.Nd provide S/Key authentication type +.Sh SYNOPSIS +.Nm login_skey +.Op Fl s Ar service +.Op Fl v Ar fd Ns = Ns Ar number +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility is called by +.Xr login 1 , +.Xr su 1 , +.Xr ftpd 8 , +and others to authenticate the +.Ar user +with S/Key authentication. +.Pp +The +.Ar service +argument specifies which protocol to use with the +invoking program. +The allowed protocols are +.Em login , +.Em challenge , +and +.Em response . +The default protocol is +.Em login . +.Pp +The +.Ar fd +argument is used to specify the number of an open, locked file descriptor +that references the user's S/Key entry. +This is used to prevent simultaneous S/Key authorization attempts from +using the same challenge. +.Pp +The +.Ar user +argument is the login name of the user to be authenticated. +.Pp +The optional +.Ar class +argument is accepted for consistency with the other login scripts but +is not used. +.Pp +.Nm +will look up +.Ar user +in the S/Key database and, depending on the desired protocol, +will do one of three things: +.Bl -tag -width challenge +.It login +Present +.Ar user +with an S/Key challenge, accept a response and report back to the +invoking program whether or not the authentication was successful. +.It challenge +Return the current S/Key challenge for +.Ar user . +.It response +Report back to the invoking program whether or not the specified +response matches the current S/Key challenge for +.Ar user . +.El +.Pp +If +.Ar user +does not have an entry in the S/Key database, a fake challenge will +be generated by the S/Key library. +.Sh FILES +.Bl -tag -width /etc/skey +.It Pa /etc/skey +directory containing user entries for S/Key +.El +.Sh SEE ALSO +.Xr login 1 , +.Xr skey 1 , +.Xr skeyinfo 1 , +.Xr skeyinit 1 , +.Xr login.conf 5 , +.Xr ftpd 8 diff --git a/static/openbsd/man8/login_token.8 b/static/openbsd/man8/login_token.8 new file mode 100644 index 00000000..a249deeb --- /dev/null +++ b/static/openbsd/man8/login_token.8 @@ -0,0 +1,103 @@ +.\" $OpenBSD: login_token.8,v 1.13 2013/07/16 14:09:38 schwarze Exp $ +.\" +.\" Copyright (c) 1995 Migration Associates Corporation. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 16 2013 $ +.Dt LOGIN_TOKEN 8 +.Os +.Sh NAME +.Nm login_activ , login_crypto , login_snk +.Nd provide ActivCard, CRYPTOCard and SNK-004 authentication +.Sh SYNOPSIS +.Nm login_token +.Op Fl s Ar service +.Op Fl v Ar name Ns = Ns Ar value +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm login_token +program implements an X9.9 token card challenge response authentication +mechanism (see +.Xr login.conf 5 ) . +It must be invoked by one of the names: +.Nm login_activ , login_crypto , +or +.Nm login_snk . +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl s Ar service +Specify the service. +Currently only +.Li challenge , +.Li login , +and +.Li response +are supported. +.It Fl v Ar name Ns = Ns Ar value +This option and its value are ignored. +.El +.Pp +.Nm login_token +will look up +.Ar user +in the appropriate database file, depending on what name it was called as: +.Pa /etc/activ.db , +.Pa /etc/crypto.db , +or +.Pa /etc/snk.db . +It then will issue a challenge, and if the user +is able to correctly respond (by using the appropriate token) +the user will be authenticated. +The +.Ar class +argument is unused. +.Sh FILES +.Bl -tag -width xetcxcrypto.db +.It Pa /etc/activ.db +data base of information for the ActivCard tokens. +.It Pa /etc/crypto.db +data base of information for the CRYPTOCard tokens. +.It Pa /etc/snk.db +data base of information for the SNK-004 tokens. +.El +.Sh DIAGNOSTICS +Diagnostic messages are logged via +.Xr syslog 3 +with the LOG_AUTH facility. +.Sh SEE ALSO +.Xr syslog 3 , +.Xr login.conf 5 , +.Xr tokenadm 8 , +.Xr tokeninit 8 +.Sh AUTHORS +.An Jack Flory Aq Mt jpf@mig.com diff --git a/static/openbsd/man8/login_yubikey.8 b/static/openbsd/man8/login_yubikey.8 new file mode 100644 index 00000000..c512e91d --- /dev/null +++ b/static/openbsd/man8/login_yubikey.8 @@ -0,0 +1,138 @@ +.\" $OpenBSD: login_yubikey.8,v 1.10 2020/07/08 10:41:38 job Exp $ +.\" +.\" Copyright (c) 2010 Daniel Hartmeier +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" - Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" - Redistributions in binary form must reproduce the above +.\" copyright notice, this list of conditions and the following +.\" disclaimer in the documentation and/or other materials provided +.\" with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +.\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 8 2020 $ +.Dt LOGIN_YUBIKEY 8 +.Os +.Sh NAME +.Nm login_yubikey +.Nd provide YubiKey OTP authentication type +.Sh SYNOPSIS +.Nm login_yubikey +.Op Fl dv +.Op Fl s Ar service +.Ar user +.Op Ar class +.Sh DESCRIPTION +The +.Nm +utility is called by +.Xr login 1 , +.Xr su 1 , +.Xr ftpd 8 , +and others to authenticate the +.Ar user +with the Yubico one-time password (OTP) authentication mechanism. +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl d +Debug mode. +Output is sent to the standard output instead of the +.Bx +Authentication backchannel. +.It Fl s Ar service +Specify the service. +Currently, only +.Li challenge , +.Li login , +and +.Li response +are supported. +The default protocol is +.Em login . +.It Fl v +This option and its value are ignored. +.El +.Pp +The +.Ar user +argument is the login name of the user to be authenticated. +.Pp +The optional +.Ar class +argument is accepted for consistency with the other login scripts but +is not used. +.Pp +.Nm +will read the user's UID (12 hex digits) from the file +.Em user.uid , +the user's key (32 hex digits) from +.Em user.key , +and the user's last-use counter from +.Em user.ctr +in the +.Em /var/db/yubikey +directory. +.Pp +If +.Ar user +does not have a UID or key, the login is rejected. +If +.Ar user +does not have a last-use counter, a value of zero is used and +any counter is accepted during the first login. +.Pp +The one-time password provided by the user is decrypted using the +user's key. +After the decryption, the checksum embedded in the one-time password +is verified. +If the checksum is not valid, the login is rejected. +.Pp +If the checksum is valid, the UID embedded in the one-time password +is compared against the user's UID. +If the UID does not match, the login is rejected. +.Pp +If the UID matches, the use counter embedded in the one-time password +is compared to the last-use counter. +If the counter is less than or equal to the last-use counter, the +login is rejected. +This indicates a replay attack. +.Pp +If the counter is larger than the last-use counter, the counter +is stored as the new last-use counter, and the login is accepted. +.Sh FILES +.Bl -tag -width /var/db/yubikey +.It Pa /var/db/yubikey +Directory containing user entries for YubiKey OTP security keys. +.El +.Sh SEE ALSO +.Xr login 1 , +.Xr login.conf 5 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 5.1 . +.Sh AUTHORS +.An Daniel Hartmeier +.Sh CAVEATS +The +.Nm +utility does not implement the U2F/FIDO2 open authentication standard. diff --git a/static/openbsd/man8/lpc.8 b/static/openbsd/man8/lpc.8 new file mode 100644 index 00000000..072d240b --- /dev/null +++ b/static/openbsd/man8/lpc.8 @@ -0,0 +1,188 @@ +.\" $OpenBSD: lpc.8,v 1.14 2009/10/29 20:11:09 sobrado Exp $ +.\" $NetBSD: lpc.8,v 1.14 2002/01/19 03:22:19 wiz Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)lpc.8 8.5 (Berkeley) 4/28/95 +.\" +.Dd $Mdocdate: October 29 2009 $ +.Dt LPC 8 +.Os +.Sh NAME +.Nm lpc +.Nd line printer control program +.Sh SYNOPSIS +.Nm lpc +.Bk -words +.Oo +.Ar command +.Op Ar argument ... +.Oc +.Ek +.Sh DESCRIPTION +.Nm +is used by the system administrator to control the +operation of the line printer system. +For each line printer configured in +.Pa /etc/printcap , +.Nm +may be used to: +.Bl -bullet -offset indent +.It +disable or enable a printer, +.It +disable or enable a printer's spooling queue, +.It +rearrange the order of jobs in a spooling queue, +.It +find the status of printers, and their associated +spooling queues and printer daemons. +.El +.Pp +Without any arguments, +.Nm +will prompt for commands from the standard input. +If arguments are supplied, +.Nm +interprets the first argument as a command and the remaining +arguments as parameters to the command. +The standard input may be redirected causing +.Nm +to read commands from file. +Commands may be abbreviated; +the following is the list of recognized commands. +.Pp +.Bl -tag -width Ds -compact +.It Ic \&? Op Ar command ... +.It Ic help Op Ar command ... +Print a short description of each command specified in the argument list, +or, if no argument is given, a list of the recognized commands. +.Pp +.It Ic abort No {all | printer ...} +Terminate an active spooling daemon on the local host immediately and +then disable printing (preventing new daemons from being started by +.Xr lpr 1 ) +for the specified printers. +.Pp +.It Ic clean No {all | printer ...} +Remove any temporary files, data files, and control files that cannot +be printed (i.e., do not form a complete printer job) +from the specified printer queue(s) on the local machine. +.Pp +.It Ic disable No {all | printer ...} +Turn the specified printer queues off. +This prevents new printer jobs from being entered into the queue by +.Xr lpr 1 . +.Pp +.It Xo Ic down No {all | printer} +.Op Ar message ... +.Xc +Turn the specified printer queue off, disable printing and put +.Em message +in the printer status file. +The message doesn't need to be quoted, the +remaining arguments are treated like +.Xr echo 1 . +This is normally used to take a printer down and let users know why. +.Xr lpq 1 +will indicate the printer is down and print the status message. +.Pp +.It Ic enable No {all | printer ...} +Enable spooling on the local queue for the listed printers. +This will allow +.Xr lpr 1 +to put new jobs in the spool queue. +.Pp +.It Ic exit +.It Ic quit +Exit from +.Nm lpc . +.Pp +.It Ic restart No {all | printer ...} +Attempt to start a new printer daemon. +This is useful when some abnormal condition causes the daemon to +die unexpectedly, leaving jobs in the queue. +.Xr lpq 1 +will report that there is no daemon present when this condition occurs. +If the user is the superuser, +try to abort the current daemon first (i.e., kill and restart a stuck daemon). +.Pp +.It Ic start No {all | printer ...} +Enable printing and start a spooling daemon for the listed printers. +.Pp +.It Ic status No {all | printer ...} +Display the status of daemons and queues on the local machine. +.Pp +.It Ic stop No {all | printer ...} +Stop a spooling daemon after the current job completes and disable +printing. +.Pp +.It Xo Ic topq No printer +.Op Ar jobnum ... +.Op Ar user ... +.Xc +Place the jobs in the order listed at the top of the printer queue. +.Pp +.It Ic up No {all | printer ...} +Enable everything and start a new printer daemon. +Undoes the effects of +.Ic down . +.El +.Sh FILES +.Bl -tag -width /var/spool/output/*/lock -compact +.It Pa /etc/printcap +printer description file +.It Pa /var/spool/output/* +spool directories +.It Pa /var/spool/output/*/lock +lock file for queue control +.El +.Sh DIAGNOSTICS +.Bl -tag -width Ds +.It Sy "?Ambiguous command" +Abbreviation matches more than one command. +.It Sy "?Invalid command" +No match was found. +.It Sy "?Privileged command" +You must be a member of group +.Dq operator +or user +.Dq root +to execute this command. +.El +.Sh SEE ALSO +.Xr lpq 1 , +.Xr lpr 1 , +.Xr lprm 1 , +.Xr printcap 5 , +.Xr lpd 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/lpd.8 b/static/openbsd/man8/lpd.8 new file mode 100644 index 00000000..4289d48c --- /dev/null +++ b/static/openbsd/man8/lpd.8 @@ -0,0 +1,363 @@ +.\" $OpenBSD: lpd.8,v 1.33 2023/06/17 15:35:08 jmc Exp $ +.\" $NetBSD: lpd.8,v 1.23 2002/02/08 01:38:50 ross Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)lpd.8 8.3 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: June 17 2023 $ +.Dt LPD 8 +.Os +.Sh NAME +.Nm lpd +.Nd line printer spooler daemon +.Sh SYNOPSIS +.Nm lpd +.Op Fl dlrs +.Op Fl b Ar bind-address +.Op Fl n Ar maxchild +.Op Fl w Ar maxwait +.Op Ar port +.Sh DESCRIPTION +.Nm +is the line printer daemon (spool area handler) and is normally invoked +at boot time from the +.Xr rc 8 +file. +It makes a single pass through the +.Xr printcap 5 +file to find out about the existing printers and prints any files +left after a crash. +It then uses the system calls +.Xr listen 2 +and +.Xr accept 2 +to receive requests to print files in the queue, transfer files to +the spooling area, display the queue, or remove jobs from the queue. +In each case, it forks a child to handle the request so the parent +can continue to listen for more requests. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b Ar bind-address +Normally, if the +.Fl s +option is not specified, +.Nm +will listen on all network interfaces for incoming TCP connections. +The +.Fl b +option, followed by a +.Ar bind-address +specifies that +.Nm +should listen on that address instead of INADDR_ANY. +Multiple +.Fl b +options are permitted, allowing a list of addresses to be specified. +Use of this option silently overrides the +.Fl s +option if it is also present on the command line. +.Ar bind-address +can be a numeric host name in IPv4 or IPv6 notation, or a symbolic host +name which will be looked up in the normal way. +.It Fl d +The +.Fl d +option turns on the +.Dv SO_DEBUG +.Xr socket 2 +option. +See +.Xr setsockopt 2 +for more details. +.It Fl l +The +.Fl l +flag causes +.Nm +to log valid requests received from the network. +This can be useful for debugging purposes. +.It Fl n Ar maxchild +The +.Fl n +flag sets +.Ar maxchild +as the maximum number of child processes that +.Nm +will spawn. +The default is 32. +.It Fl r +The +.Fl r +flag allows the +.Dq of +filter to be used if specified for a remote +printer. +Traditionally, +.Nm +would not use the output filter for remote printers. +.It Fl s +The +.Fl s +flag selects +.Dq secure +mode, in which +.Nm +does not listen on a TCP socket but only takes commands from a +.Ux Ns -domain +socket. +This is valuable when the machine on which +.Nm +runs is subject to attack over the network and it is desired that the +machine be protected from attempts to remotely fill spools and similar +attacks. +.It Fl w Ar maxwait +The +.Fl w +flag sets +.Ar maxwait +as the wait time (in seconds) for dead remote server detection. +If no response is returned from a connected server within this period, +the connection is closed and a message logged. +The default is 300 seconds. +.El +.Pp +If the +.Ar port +parameter is passed, +.Nm +listens on this port instead of the usual +.Dq printer/tcp +port from +.Pa /etc/services . +.Pp +Access control is provided by two means. +First, all requests must come from one of the machines listed in the file +.Pa /etc/hosts.lpd , +one hostname per line. +A plus "+" may be used as a wildcard to grant access to all hosts. +Second, if the +.Dq rs +capability is specified in the +.Xr printcap 5 +entry for the printer being accessed, +.Em lpr +requests will only be honored for those users with accounts on the +machine with the printer. +.Pp +.Nm +performs reverse DNS lookups on network clients. +If a client hostname cannot be determined from its IP address, +the print request will be silently dropped. +This is important to note when debugging print problems +in dynamic address environments. +.Pp +The file +.Em minfree +in each spool directory contains the number of disk blocks to leave free +so that the line printer queue won't completely fill the disk. +The +.Em minfree +file can be edited with your favorite text editor. +.Pp +The daemon begins processing files +after it has successfully set the lock for exclusive +access (described a bit later), +and scans the spool directory +for files beginning with +.Em cf . +Lines in each +.Em cf +file specify files to be printed or non-printing actions to be performed. +Each such line begins with a key character to specify what to do +with the remainder of the line. +.Bl -tag -width Ds +.It J +Job Name. +String to be used for the job name on the burst page. +.It C +Classification. +String to be used for the classification line on the burst page. +.It L +Literal. +The line contains identification info from the password file and +causes the banner page to be printed. +.It T +Title. +String to be used as the title for +.Xr pr 1 . +.It H +Host Name. +Name of the machine where +.Xr lpr 1 +was invoked. +.It P +Person. +Login name of the person who invoked +.Xr lpr 1 . +This is used to verify ownership by +.Xr lprm 1 . +.It M +Send mail to the specified user when the current print job completes. +.It f +Formatted File. +Name of a file to print which is already formatted. +.It l +Like +.Dq f +but passes control characters and does not make page breaks. +.It p +Name of a file to print using +.Xr pr 1 +as a filter. +.It t +Troff File. +The file contains troff output (cat phototypesetter commands). +.It n +Ditroff File. +The file contains device independent troff output. +.It d +DVI File. +The file contains +.Tn Tex l +output +DVI format from Stanford. +.It g +Graph File. +The file contains data produced by +.Ic plot . +.It c +Cifplot File. +The file contains data produced by +.Ic cifplot . +.It v +The file contains a raster image. +.It r +The file contains text data with +FORTRAN carriage control characters. +.It \&1 +Troff Font R. +Name of the font file to use instead of the default. +.It \&2 +Troff Font I. +Name of the font file to use instead of the default. +.It \&3 +Troff Font B. +Name of the font file to use instead of the default. +.It \&4 +Troff Font S. +Name of the font file to use instead of the default. +.It W +Width. +Changes the page width (in characters) used by +.Xr pr 1 +and the text filters. +.It I +Indent. +The number of characters to indent the output by (in ASCII). +.It U +Unlink. +Name of file to remove upon completion of printing. +.It N +File name. +The name of the file which is being printed, or a blank for the +standard input (when +.Xr lpr 1 +is invoked in a pipeline). +.El +.Pp +If a file cannot be opened, a message will be logged via +.Xr syslog 3 +using the +.Dv LOG_LPR +facility. +.Nm +will try up to 20 times to reopen a file it expects to be there, +after which it will skip the file to be printed. +.Pp +.Nm +uses +.Xr flock 2 +to provide exclusive access to the lock file and to prevent multiple +daemons from becoming active simultaneously. +If the daemon should be killed or die unexpectedly, the lock file +need not be removed. +The lock file is kept in a readable +.Tn ASCII +form +and contains two lines. +The first is the process ID of the daemon and the second is the control +file name of the current job being printed. +The second line is updated to reflect the current status of +.Nm +for the programs +.Xr lpq 1 +and +.Xr lprm 1 . +.Sh FILES +.Bl -tag -width "/var/spool/output/*/minfree" -compact +.It Pa /etc/printcap +printer description file +.It Pa /var/spool/output/* +spool directories +.It Pa /var/spool/output/*/minfree +minimum free space to leave +.It Pa /dev/lp* +line printer devices +.It Pa /var/run/printer +socket for local requests +.It Pa /etc/hosts.lpd +lists machine names allowed printer access +.El +.Sh SEE ALSO +.Xr lpq 1 , +.Xr lpr 1 , +.Xr lprm 1 , +.Xr syslog 3 , +.Xr hosts 5 , +.Xr printcap 5 , +.Xr resolv.conf 5 , +.Xr lpc 8 +.Rs +.\" 4.4BSD SMM:7 +.%A Ralph Campbell +.%T "4.3BSD Line Printer Spooler Manual" +.Re +.Sh HISTORY +An +.Nm +daemon appeared in +.At v5 . +.Pp +.Nm +previously required that clients connected using a privileged port +(below 1024). +This restriction was removed because it does not provide additional +security and also because many modern clients connect using an +unprivileged port. diff --git a/static/openbsd/man8/mail.lmtp.8 b/static/openbsd/man8/mail.lmtp.8 new file mode 100644 index 00000000..98dee00d --- /dev/null +++ b/static/openbsd/man8/mail.lmtp.8 @@ -0,0 +1,55 @@ +.\" $OpenBSD: mail.lmtp.8,v 1.1 2017/02/14 15:16:34 gilles Exp $ +.\" +.\" Copyright (c) 2017 Gilles Chehade +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 14 2017 $ +.Dt MAIL.LMTP 8 +.Os +.Sh NAME +.Nm mail.lmtp +.Nd deliver mail through LMTP +.Sh SYNOPSIS +.Nm mail.lmtp +.Op Fl d Ar destination +.Op Fl f Ar from +.Op Fl l Ar lhlo +.Ar user ... +.Sh DESCRIPTION +.Nm +reads the standard input up to an end-of-file and delivers it to +an LMTP server for each +.Ar user Ns 's +address. +The +.Ar user +must be a valid user name or email address. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar destination +Specify the destination LMTP address. +.It Fl f Ar from +Specify the sender's name or email address. +.It Fl l Ar lhlo +Specify the LHLO argument used in the LMTP session. +By default, +.Nm mail.lmtp +will default to "localhost". +.El +.Sh EXIT STATUS +.Ex -std mail.lmtp +.Sh SEE ALSO +.Xr mail 1 , +.Xr smtpd 8 diff --git a/static/openbsd/man8/mail.local.8 b/static/openbsd/man8/mail.local.8 new file mode 100644 index 00000000..28bfc75b --- /dev/null +++ b/static/openbsd/man8/mail.local.8 @@ -0,0 +1,182 @@ +.\" $OpenBSD: mail.local.8,v 1.33 2022/03/31 17:27:19 naddy Exp $ +.\" Copyright (c) 1990 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)mail.local.8 6.8 (Berkeley) 4/27/91 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt MAIL.LOCAL 8 +.Os +.Sh NAME +.Nm mail.local +.Nd store mail in a mailbox +.Sh SYNOPSIS +.Nm mail.local +.Op Fl Ll +.Op Fl f Ar from +.Ar user ... +.Sh DESCRIPTION +.Nm +reads the standard input up to an end-of-file and appends it to each +.Ar user Ns 's +.Pa mail +file. +The +.Ar user +must be a valid user name. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f Ar from +Specify the sender's name. +.It Fl L +Don't create a +.Pa username.lock +file while locking the spool. +.It Fl l +For compatibility, request that files named +.Pa username.lock +be used for locking. +(This is the default behavior.) +.El +.Pp +Individual mail messages in the mailbox are delimited by an empty +line followed by a line beginning with the string +.Dq "From\&\ " . +A line containing the string +.Dq "From\&\ " , +the sender's name and a timestamp is prepended to each delivered mail message. +A blank line is appended to each message. +A greater-than character +.Pq Ql > +is prepended to any line in the message which could be mistaken for a +.Dq "From\&\ " +delimiter line. +.Pp +Significant effort has been made to ensure that +.Nm +acts as securely as possible. +It will only deliver to a mail spool directory that is not world-writable. +The default mode of +.Pa /var/mail +on +.Ox +is 755, which prevents non-root processes from creating mail spool files. +The MTA is expected to either create the mail spool file itself, or call +.Nm +as root. +.Pp +The mailbox is always locked using +.Xr flock 2 +while mail is appended. +Unless the +.Fl L +flag is specified, a +.Pa username.lock +file is also used. +.Pp +If the +.Xr biff 1 +service is returned by +.Xr getservbyname 3 , +the biff server is notified of delivered mail. +.Sh ENVIRONMENT +.Bl -tag -width indent +.It Ev TZ +Used to set the appropriate time zone on the timestamp. +.El +.Sh FILES +.Bl -tag -width /tmp/local.XXXXXXXXXX -compact +.It Pa /tmp/local.XXXXXXXXXX +temporary files +.It Pa /var/mail/user +user's mailbox directory +.El +.Sh EXIT STATUS +.Ex -std mail.local +.Sh SEE ALSO +.Xr biff 1 , +.Xr mail 1 , +.Xr flock 2 , +.Xr getservbyname 3 , +.Xr comsat 8 , +.Xr smtpd 8 +.Sh HISTORY +A superset of +.Nm +(handling mailbox reading as well as mail delivery) appeared in +.At v7 +as the program +.Xr mail 1 . +.Sh BUGS +Using quotas in +.Pa /var/mail +can be problematic if using +.Xr sendmail 8 +as an MTA, +since it asks +.Nm +to deliver a message to multiple recipients if possible. +This causes problems in a quota environment since a message may be +delivered to some users but not others due to disk quotas. +Even though the message was delivered to some of the recipients, +.Nm +will exit with an exit code > 0, causing +.Xr sendmail 8 +to attempt redelivery later. +That means that some users will keep getting the same message every time +.Xr sendmail 8 +runs its queue. +This problem does not exist for +.Xr smtpd 8 +users. +.Pp +If you are running +.Xr sendmail 8 +and have disk quotas on +.Pa /var/mail , +it is imperative that you unset the +.Dq m +mailer flag for the +.Sq local +mailer. +To do this, locate the line beginning with +.Dq Mlocal +in +.Pa /etc/mail/sendmail.cf +and remove the +.Dq m +from the flags section, denoted by +.Dq F= . +Alternately, you can override the default mailer flags by adding the line: +.Pp +.Dl define(`LOCAL_MAILER_FLAGS', `rn9S')dnl +.Pp +to your +.Dq \.mc +file (this is the source file that is used to generate +.Pa /etc/mail/sendmail.cf ) . diff --git a/static/openbsd/man8/mail.maildir.8 b/static/openbsd/man8/mail.maildir.8 new file mode 100644 index 00000000..f4379d7d --- /dev/null +++ b/static/openbsd/man8/mail.maildir.8 @@ -0,0 +1,46 @@ +.\" $OpenBSD: mail.maildir.8,v 1.6 2021/02/13 07:28:50 jmc Exp $ +.\" +.\" Copyright (c) 2017 Gilles Chehade +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 13 2021 $ +.Dt MAIL.MAILDIR 8 +.Os +.Sh NAME +.Nm mail.maildir +.Nd store mail in a maildir +.Sh SYNOPSIS +.Nm mail.maildir +.Op Fl j +.Op Ar pathname +.Sh DESCRIPTION +.Nm +reads the standard input up to an end-of-file and adds it to the +mail directory located in +.Ar pathname +or to the mail directory +.Pa Maildir +located in the user's home directory. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl j +Scan the message for an X-Spam header and move to the Junk folder +if the result is positive. +.El +.Sh EXIT STATUS +.Ex -std mail.maildir +.Sh SEE ALSO +.Xr mail 1 , +.Xr smtpd 8 diff --git a/static/openbsd/man8/mail.mboxfile.8 b/static/openbsd/man8/mail.mboxfile.8 new file mode 100644 index 00000000..015adcb5 --- /dev/null +++ b/static/openbsd/man8/mail.mboxfile.8 @@ -0,0 +1,34 @@ +.\" $OpenBSD: mail.mboxfile.8,v 1.1 2018/07/25 10:19:28 gilles Exp $ +.\" +.\" Copyright (c) 2017 Gilles Chehade +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 25 2018 $ +.Dt MAIL.MDA 8 +.Os +.Sh NAME +.Nm mail.mboxfile +.Nd deliver mail to a file in mbox format +.Sh SYNOPSIS +.Nm mail.mboxfile +.Ar file +.Sh DESCRIPTION +.Nm +appends mail to a file in mbox format and acknowledges delivery success or failure +with its exit status. +.Sh EXIT STATUS +.Ex -std mail.mboxfile +.Sh SEE ALSO +.Xr mail 1 , +.Xr smtpd 8 diff --git a/static/openbsd/man8/mail.mda.8 b/static/openbsd/man8/mail.mda.8 new file mode 100644 index 00000000..61fed733 --- /dev/null +++ b/static/openbsd/man8/mail.mda.8 @@ -0,0 +1,35 @@ +.\" $OpenBSD: mail.mda.8,v 1.1 2017/08/09 07:56:10 gilles Exp $ +.\" +.\" Copyright (c) 2017 Gilles Chehade +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 9 2017 $ +.Dt MAIL.MDA 8 +.Os +.Sh NAME +.Nm mail.mda +.Nd deliver mail to a program +.Sh SYNOPSIS +.Nm mail.mda +.Ar program +.Sh DESCRIPTION +.Nm +executes the program and its parameters. +The program must read from the standard input up to an end-of-file +and acknowledge delivery success or failure with its exit status. +.Sh EXIT STATUS +.Ex -std mail.mda +.Sh SEE ALSO +.Xr mail 1 , +.Xr smtpd 8 diff --git a/static/openbsd/man8/mailwrapper.8 b/static/openbsd/man8/mailwrapper.8 new file mode 100644 index 00000000..7b7e7358 --- /dev/null +++ b/static/openbsd/man8/mailwrapper.8 @@ -0,0 +1,145 @@ +.\" $OpenBSD: mailwrapper.8,v 1.13 2015/12/14 02:56:07 sunil Exp $ +.\" $NetBSD: mailwrapper.8,v 1.5 1999/03/22 18:44:01 garbled Exp $ +.\" +.\" Copyright (c) 1998 +.\" Perry E. Metzger. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgment: +.\" This product includes software developed for the NetBSD Project +.\" by Perry E. Metzger. +.\" 4. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 14 2015 $ +.Dt MAILWRAPPER 8 +.Os +.Sh NAME +.Nm mailwrapper +.Nd invoke appropriate MTA software based on configuration file +.Sh SYNOPSIS +Special. +See below. +.Sh DESCRIPTION +At one time, the only Mail Transfer Agent (MTA) software easily available +was +.Xr sendmail 8 . +As a result of this, most Mail User Agents (MUAs) such as +.Xr mail 1 +had the path and calling conventions expected by +.Xr sendmail 8 +compiled in. +.Pp +Times have changed, however. +On a modern system, the administrator may wish to use one of several +available MTAs. +.Pp +It would be difficult to modify all MUA software typically available +on a system, so most of the authors of alternative MTAs have written +their front end message submission programs so that they use the same +calling conventions as +.Xr sendmail 8 +and may be put into place instead of +.Xr sendmail 8 +in +.Pa /usr/sbin/sendmail . +.Pp +.Xr sendmail 8 +also typically has aliases named +.Xr mailq 8 +and +.Xr newaliases 8 +linked to it. +The program knows to behave differently when its +.Va argv[0] +is +.Dq mailq +or +.Dq newaliases +and behaves appropriately. +Typically, replacement MTAs provide similar +functionality, either through a program that also switches behavior +based on calling name, or through a set of programs that provide +similar functionality. +.Pp +Although having drop-in replacements for +.Xr sendmail 8 +helps in installing alternative MTAs, it essentially makes the +configuration of the system depend on hard installing new programs in +.Pa /usr . +This leads to configuration problems for many administrators, since +they may wish to install a new MTA without altering the system +provided +.Pa /usr . +(This may be, for example, to avoid having upgrade problems when a new +version of the system is installed over the old.) +They may also have a shared +.Pa /usr +among several +machines, and may wish to avoid placing implicit configuration +information in a read-only +.Pa /usr . +.Pp +The +.Nm +program is designed to replace +.Pa /usr/sbin/sendmail +and to invoke an appropriate MTA instead of +.Xr sendmail 8 +based on configuration information placed in +.Pa /etc/mailer.conf . +This permits the administrator to configure which MTA is to be invoked on +the system at run time. +.Sh FILES +Configuration for +.Nm +is kept in +.Pa /etc/mailer.conf . +.Pa /usr/sbin/sendmail +is typically set up as a symlink to +.Nm +which is not usually invoked on its own. +.Sh DIAGNOSTICS +.Nm +will invoke +.Xr smtpd 8 +if its configuration file is missing. +It will return an error value and print a diagnostic if its configuration +file is malformed, or does not contain a mapping for the name under which +.Nm +was invoked. +.Sh SEE ALSO +.Xr mail 1 , +.Xr mailer.conf 5 , +.Xr mailq 8 , +.Xr newaliases 8 , +.Xr sendmail 8 , +.Xr smtpd 8 +.Sh AUTHORS +.An Perry E. Metzger Aq Mt perry@piermont.com +.Sh BUGS +The entire reason this program exists is a crock. +Instead, a command +for how to submit mail should be standardized, and all the "behave +differently if invoked with a different name" behavior of things like +.Xr mailq 8 +should go away. diff --git a/static/openbsd/man8/makedbm.8 b/static/openbsd/man8/makedbm.8 new file mode 100644 index 00000000..b6289ee8 --- /dev/null +++ b/static/openbsd/man8/makedbm.8 @@ -0,0 +1,94 @@ +.\" $OpenBSD: makedbm.8,v 1.19 2015/11/30 17:03:05 jmc Exp $ +.\" +.\" Copyright (c) 1994-97 Mats O Jansson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 30 2015 $ +.Dt MAKEDBM 8 +.Os +.Sh NAME +.Nm makedbm +.Nd create a YP database +.Sh SYNOPSIS +.Nm makedbm +.Bk -words +.Op Fl blsUu +.Op Fl d Ar yp_domain_name +.Op Fl i Ar yp_input_file +.Op Fl m Ar yp_master_name +.Op Fl o Ar yp_output_file +.Ar infile outfile +.Ek +.Sh DESCRIPTION +.Nm +is the utility in YP that creates the database file containing the YP map. +The database format is a slightly modified version of ndbm. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b +Interdomain. +Include an entry in the database informing a YP server to use +DNS to get information about unknown hosts. +This option will only have +effect on the two maps hosts.byname and hosts.byaddr. +.It Fl d Ar yp_domain_name +Include an entry in the map with the key YP_DOMAIN_NAME and the argument +as value. +.It Fl i Ar yp_input_file +Include an entry in the map with the key YP_INPUT_FILE and the argument +as value. +.It Fl l +Lowercase. +Convert all keys to lower case before adding them to the YP database. +.It Fl m Ar yp_master_name +Include an entry in the map with the key YP_MASTER_NAME and the argument +as value. +.It Fl o Ar yp_output_file +Include an entry in the map with the key YP_OUTPUT_FILE and the argument +as value. +.It Fl s +Secure map. +Include an entry in the database informing +.Xr ypxfr 8 +and +.Xr ypserv 8 +that the YP map is going to be handled as secure. +.It Fl U +Same as +.Fl u +but also try the +.Xr hash 3 +format. +.It Fl u +Dump a database to standard output. +.El +.Sh SEE ALSO +.Xr dbopen 3 , +.Xr Makefile.yp 8 , +.Xr yp 8 , +.Xr ypserv 8 , +.Xr ypxfr 8 +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se diff --git a/static/openbsd/man8/makefs.8 b/static/openbsd/man8/makefs.8 new file mode 100644 index 00000000..25af4a83 --- /dev/null +++ b/static/openbsd/man8/makefs.8 @@ -0,0 +1,332 @@ +.\" $OpenBSD: makefs.8,v 1.21 2023/04/25 08:57:11 krw Exp $ +.\" $NetBSD: makefs.8,v 1.55 2015/11/25 16:32:00 wiz Exp $ +.\" +.\" Copyright (c) 2001-2003 Wasabi Systems, Inc. +.\" All rights reserved. +.\" +.\" Written by Luke Mewburn for Wasabi Systems, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed for the NetBSD Project by +.\" Wasabi Systems, Inc. +.\" 4. The name of Wasabi Systems, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2023 $ +.Dt MAKEFS 8 +.Os +.Sh NAME +.Nm makefs +.Nd create a file system image from a directory tree +.Sh SYNOPSIS +.Nm +.Op Fl b Ar free-blocks +.Op Fl f Ar free-files +.Op Fl M Ar minimum-size +.Op Fl m Ar maximum-size +.Op Fl O Ar offset +.Op Fl o Ar fs-options +.Op Fl S Ar sector-size +.Op Fl s Ar image-size +.Op Fl T Ar timestamp +.Op Fl t Ar fs-type +.Ar image-file +.Ar directory +.Sh DESCRIPTION +The utility +.Nm +creates a file system image into +.Ar image-file +from the directory tree +.Ar directory . +No special devices or privileges are required to perform this task. +.Pp +The options are as follows: +.Bl -tag -width flag +.It Fl b Ar free-blocks +Ensure that a minimum of +.Ar free-blocks +exist in the image. +An optional +.Ql % +suffix may be provided to indicate that +.Ar free-blocks +indicates a percentage of the calculated image size. +.It Fl f Ar free-files +Ensure that a minimum of +.Ar free-files +(inodes) exist in the image. +An optional +.Ql % +suffix may be provided to indicate that +.Ar free-files +indicates a percentage of the calculated image size. +.It Fl M Ar minimum-size +Set the minimum size of the file system image to +.Ar minimum-size . +.It Fl m Ar maximum-size +Set the maximum size of the file system image to +.Ar maximum-size . +An error will be raised if the target file system needs to be larger +than this to accommodate the provided directory tree. +.It Fl O Ar offset +Instead of creating the file system at the beginning of the file, start +at offset. +Valid only for +.Sy ffs +and +.Sy msdos . +.It Fl o Ar fs-options +Set file system specific options. +.Ar fs-options +is a comma separated list of options. +Valid file system specific options are detailed below. +.It Fl S Ar sector-size +Set the file system sector size to +.Ar sector-size . +.\" XXX: next line also true for cd9660? +Defaults to 512. +.It Fl s Ar image-size +Set the size of the file system image to +.Ar image-size . +.It Fl T Ar timestamp +Specify a timestamp to be set for all file system files and directories +created so that repeatable builds are possible. +The +.Ar timestamp +is an integer value interpreted as the number of seconds from the Epoch. +.It Fl t Ar fs-type +Create an +.Ar fs-type +file system image. +The following file system types are supported: +.Pp +.Bl -tag -width cd9660 -offset indent -compact +.It Sy cd9660 +ISO 9660 file system. +.It Sy ffs +BSD Fast File System (the default). +.It Sy msdos +FAT12, FAT16, or FAT32 file system. +.El +.El +.Pp +Sizes are specified as a decimal number of bytes +and may use a multiplier, as documented in +.Xr scan_scaled 3 . +Two or more numbers may be separated by an +.Sq x +to indicate a product. +.Ss ffs options +.Sy ffs +images have ffs-specific optional parameters that may be provided. +Each of the options consists of a keyword, an equal sign +.Pq Ql = , +and a value. +The following keywords are supported: +.Pp +.Bl -tag -width optimization -offset indent -compact +.It Sy avgfilesize +Expected average file size. +.It Sy avgfpdir +Expected number of files per directory. +.It Sy bsize +Block size. +.It Sy density +Bytes per inode. +.It Sy disklabel +Name of a disk described in +.Xr disktab 5 . +A disklabel with the information will be written at a machine dependent +location in the image. +The size of the file system image, the sector size and the +.Sy bsize +and +.Sy fsize +parameters are inferred from the disklabel. +.It Sy extent +Maximum extent size. +.It Sy fsize +Fragment size. +.It Sy label +Label name of the image. +.It Sy maxbpcg +Maximum total number of blocks in a cylinder group. +.It Sy maxbpg +Maximum blocks per file in a cylinder group. +.It Sy minfree +Minimum % free. +.It Sy optimization +Optimization preference: one of +.Ql space +(default) +or +.Ql time . +.It Sy rdroot +A disklabel appropriate for a ramdisk will be built and +written at a machine dependent location in the image. +The filesystem will be described by a FS_BSDFFS partition +.Sq a , +with defaults offset=0, fsize=512, bsize=4096, minfree=0 and density=4096. +.It Sy version +UFS version. +1 for FFS (default) or 2 for UFS2. +.El +.Ss cd9660 options +.Sy cd9660 +images have ISO9660-specific optional parameters that may be +provided. +The arguments consist of a keyword and, optionally, an equal sign +.Pq Ql = , +and a value. +The following keywords are supported: +.Pp +.Bl -tag -width omit-trailing-period -offset indent -compact +.It Sy allow-deep-trees +Allow the directory structure to exceed the maximum specified in +the spec. +.It Sy allow-multidot +Allow multiple dots in a filename. +.It Sy applicationid +Application ID of the image. +.It Sy boot-load-segment +Set load segment for the boot image. +.It Sy bootimage +Filename of a boot image in the format +.Dq sysid;filename , +where +.Dq sysid +is one of +.Ql i386 , +.Ql macppc , +.Ql powerpc , +or +.Ql efi . +.It Sy generic-bootimage +Load a generic boot image into the first 32K of the CD9660 image. +.It Sy hard-disk-boot +Boot image is a hard disk image. +.It Sy isolevel +ISO Level. +.It Sy label +Label name of the image. +.It Sy no-boot +Boot image is not bootable. +.It Sy no-emul-boot +Boot image is a +.Dq no emulation +ElTorito image. +.It Sy no-trailing-padding +Do not pad the image (apparently Linux needs the padding). +.It Sy omit-trailing-period +Omit trailing periods in filenames. +.It Sy preparer +Preparer ID of the image. +.It Sy publisher +Publisher ID of the image. +.It Sy rockridge +Use RockRidge extensions (for longer filenames, etc.). +.It Sy volumeid +Volume set identifier of the image. +.El +.Ss msdos options +.Sy msdos +images have MS-DOS-specific optional parameters that may be +provided. +The arguments consist of a keyword, an equal sign +.Pq Ql = , +and a value. +The following keywords are supported: +.Pp +.Bl -tag -width omit-trailing-period -offset indent -compact +.It Cm backup_sector +Location of the backup boot sector. +.It Cm block_size +Block size. +.It Cm bootstrap +Bootstrap file. +.It Cm bytes_per_sector +Bytes per sector. +.It Cm create_size +Create file size. +.It Cm directory_entries +Directory entries. +.It Cm drive_heads +Drive heads. +.It Cm fat_type +FAT type (12, 16, or 32). +.It Cm floppy +Preset drive parameters for standard format floppy disks +(160, 180, 320, 360, 640, 720, 1200, 1232, 1440, or 2880). +.It Cm hidden_sectors +Hidden sectors. +.It Cm info_sector +Location of the info sector. +.It Cm media_descriptor +Media descriptor. +.It Cm num_FAT +Number of FATs. +.It Cm OEM_string +OEM string. +.It Cm offset +Offset in device. +.It Cm reserved_sectors +Reserved sectors. +.It Cm sectors_per_cluster +Sectors per cluster. +.It Cm sectors_per_fat +Sectors per FAT. +.It Cm sectors_per_track +Sectors per track. +.It Cm size +File System size. +.It Cm volume_id +Volume ID. +.It Cm volume_label +Volume Label. +.El +.Sh SEE ALSO +.Xr scan_scaled 3 , +.Xr installboot 8 , +.Xr newfs 8 +.Sh HISTORY +The +.Nm +utility appeared in +.Nx 1.6 . +.Sh AUTHORS +.An -nosplit +.An Luke Mewburn +.Aq lukem@NetBSD.org +(original program), +.An Daniel Watt , +.An Walter Deignan , +.An Ryan Gabrys , +.An Alan Perez-Rathke , +.An Ram Vedam +(cd9660 support), +and +.An Christos Zoulas +(msdos support). diff --git a/static/openbsd/man8/makemap.8 b/static/openbsd/man8/makemap.8 new file mode 100644 index 00000000..9ee42e17 --- /dev/null +++ b/static/openbsd/man8/makemap.8 @@ -0,0 +1,174 @@ +.\" $OpenBSD: makemap.8,v 1.31 2021/02/13 07:37:13 jmc Exp $ +.\" +.\" Copyright (c) 2009 Jacek Masiulaniec +.\" Copyright (c) 2008-2009 Gilles Chehade +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 13 2021 $ +.Dt MAKEMAP 8 +.Os +.Sh NAME +.Nm makemap +.Nd create database maps for smtpd +.Sh SYNOPSIS +.Nm makemap +.Op Fl U +.Op Fl d Ar dbtype +.Op Fl o Ar dbfile +.Op Fl t Ar type +.Ar file +.Sh DESCRIPTION +Maps provide a generic interface for associating a textual key to a value. +Such associations may be accessed through a plaintext file, database, or DNS. +The format of these file types is described below. +.Nm +itself creates the database maps used by keyed map lookups specified in +.Xr smtpd.conf 5 . +.Pp +.Nm +reads input from +.Ar file +and writes data to a file which is named by adding a +.Dq .db +suffix to +.Ar file . +The current line can be extended over multiple lines using a backslash +.Pq Sq \e . +Comments can be put anywhere in the file using a hash mark +.Pq Sq # , +and extend to the end of the current line. +Care should be taken when commenting out multi-line text: +the comment is effective until the end of the entire block. +In all cases, +.Nm +reads lines consisting of words separated by whitespace. +The first word of a line is the database key; +the remainder represents the mapped value. +The database key and value may optionally be separated +by the colon character. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar dbtype +Specify the format of the database. +Available formats are +.Ar hash +and +.Ar btree . +The default value is +.Ar hash . +.It Fl o Ar dbfile +Write the generated database to +.Ar dbfile . +.It Fl t Ar type +Specify the format of the resulting map file. +The default map format is suitable for storing simple, unstructured, +key-to-value string associations. +However, if the mapped value has special meaning, +as in the case of a virtual domains file, +a suitable +.Ar type +must be provided. +The available output types are: +.Bl -tag -width "aliases" +.It Cm aliases +The mapped value is a comma-separated list of mail destinations. +This format can be used for building user aliases and +user mappings for virtual domain files. +.It Cm set +There is no mapped value \(en a map of this type will only allow for +the lookup of keys. +This format can be used for building primary domain maps. +.El +.It Fl U +Instead of generating a database map from text input, +dump the contents of a database map as text +with the key and value separated with a tab. +.El +.Sh PRIMARY DOMAINS +Primary domains can be kept in tables. +To create a primary domain table, add each primary domain on a +single line by itself. +.Pp +In addition to adding an entry to the primary domain map, +one must add a filter rule that accepts mail for the domain +map, for example: +.Bd -literal -offset indent +table domains db:/etc/mail/domains.db + +action "local" mbox + +match for domain action "local" +.Ed +.Sh VIRTUAL DOMAINS +Virtual domains may also be kept in tables. +To create a virtual domain table, add each virtual domain on a +single line by itself. +.Pp +Virtual domains expect a mapping of virtual users to real users +in order to determine if a recipient is accepted or not. +The mapping format is an extension to +.Xr aliases 5 , +which allows the use of +.Dq user@domain.tld +to accept user only on the specified domain, +.Dq user +to accept the user for any of the virtual domains, +.Dq @domain.tld +to provide a catch-all for the specified domain and +.Dq @ +to provide a global catch-all for all domains. +.Xr smtpd 8 +will perform the lookups in that specific order. +.Pp +To create a single virtual address, add +.Dq user@example.com user +to the users map. +To handle all mail destined to any user at example.com, add +.Dq @example.com user +to the virtual map. +.Pp +In addition to adding an entry to the virtual map, +one must add a filter rule that accepts mail for virtual domains, +for example: +.Bd -literal -offset indent +table vdomains db:/etc/mail/vdomains.db +table vusers db:/etc/mail/users.db + +action "local" mbox virtual + +match for domain action "local" +match for domain "example.org" action "local" +.Ed +.Sh FILES +.Bl -tag -width "/etc/mail/aliasesXXX" -compact +.It Pa /etc/mail/aliases +List of user mail aliases. +.It Pa /etc/mail/secrets +List of remote host credentials. +.El +.Sh EXIT STATUS +.Ex -std makemap +.Sh SEE ALSO +.Xr aliases 5 , +.Xr smtpd.conf 5 , +.Xr table 5 , +.Xr newaliases 8 , +.Xr smtpd 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 4.6 +as a replacement for the equivalent command shipped with sendmail. diff --git a/static/openbsd/man8/makewhatis.8 b/static/openbsd/man8/makewhatis.8 new file mode 100644 index 00000000..10eb5a7a --- /dev/null +++ b/static/openbsd/man8/makewhatis.8 @@ -0,0 +1,226 @@ +.\" $OpenBSD: makewhatis.8,v 1.15 2022/03/16 23:23:24 schwarze Exp $ +.\" +.\" Copyright (c) 2011, 2012 Kristaps Dzonsons +.\" Copyright (c) 2011, 2012, 2014, 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 16 2022 $ +.Dt MAKEWHATIS 8 +.Os +.Sh NAME +.Nm makewhatis +.Nd index UNIX manuals +.Sh SYNOPSIS +.Nm +.Op Fl aDnpQ +.Op Fl T Cm utf8 +.Op Fl C Ar file +.Nm +.Op Fl aDnpQ +.Op Fl T Cm utf8 +.Ar dir ... +.Nm +.Op Fl DnpQ +.Op Fl T Cm utf8 +.Fl d Ar dir +.Op Ar +.Nm +.Op Fl Dnp +.Op Fl T Cm utf8 +.Fl u Ar dir +.Op Ar +.Nm +.Op Fl DQ +.Fl t Ar +.Sh DESCRIPTION +The +.Nm +utility extracts keywords from +.Ux +manuals and indexes them in a database for fast retrieval by +.Xr apropos 1 , +.Xr whatis 1 , +and +.Xr man 1 . +.Pp +By default, +.Nm +creates a database in each +.Ar dir +using the files +.Sm off +.Sy man Ar section Li / +.Op Ar arch Li / +.Ar title . section +.Sm on +and +.Sm off +.Sy cat Ar section Li / +.Op Ar arch Li / +.Ar title . Sy 0 +.Sm on +in that directory. +Existing databases are replaced. +If a directory contains no manual pages, no database is created in that +directory. +If +.Ar dir +is not provided, +.Nm +uses the default paths stipulated by +.Xr man.conf 5 . +.Pp +The arguments are as follows: +.Bl -tag -width "-C file" +.It Fl a +Use all directories and files found below +.Ar dir ... . +.It Fl C Ar file +Specify an alternative configuration +.Ar file +in +.Xr man.conf 5 +format. +.It Fl D +Display all files added or removed to the index. +With a second +.Fl D , +also show all keywords added for each file. +.It Fl d Ar dir +Merge (remove and re-add) +.Ar +to the database in +.Ar dir . +.It Fl n +Do not create or modify any database; scan and parse only, +and print manual page names and descriptions to standard output. +.It Fl p +Print warnings about potential problems with manual pages +to the standard error output. +.It Fl Q +Quickly build reduced-size databases +by reading only the NAME sections of manuals. +The resulting databases will usually contain names and descriptions only. +.It Fl T Cm utf8 +Use UTF-8 encoding instead of ASCII for strings stored in the databases. +.It Fl t Ar +Check the given +.Ar files +for potential problems. +Implies +.Fl a , +.Fl n , +and +.Fl p . +All diagnostic messages are printed to the standard output; +the standard error output is not used. +.It Fl u Ar dir +Remove +.Ar +from the database in +.Ar dir . +If that causes the database to become empty, also delete the database file. +.El +.Pp +If fatal parse errors are encountered while parsing, the offending file +is printed to stderr, omitted from the index, and the parse continues +with the next input file. +.Sh ENVIRONMENT +.Bl -tag -width MANPATH +.It Ev MANPATH +A colon-separated list of directories to create databases in. +Ignored if a +.Ar dir +argument or the +.Fl t +option is specified. +.El +.Sh FILES +.Bl -tag -width Ds +.It Pa mandoc.db +A database of manpages relative to the directory of the file. +This file is portable across architectures and systems, so long as the +manpage hierarchy it indexes does not change. +.It Pa /etc/man.conf +The default +.Xr man 1 +configuration file. +.El +.Sh EXIT STATUS +The +.Nm +utility exits with one of the following values: +.Pp +.Bl -tag -width Ds -compact +.It 0 +No errors occurred. +.It 5 +Invalid command line arguments were specified. +No input files have been read. +.It 6 +An operating system error occurred, for example memory exhaustion or an +error accessing input files. +Such errors cause +.Nm +to exit at once, possibly in the middle of parsing or formatting a file. +The output databases are corrupt and should be removed. +.El +.Sh SEE ALSO +.Xr apropos 1 , +.Xr man 1 , +.Xr whatis 1 , +.Xr man.conf 5 +.Sh HISTORY +A +.Nm +utility first appeared in +.Bx 2 . +It was rewritten in +.Xr perl 1 +for +.Ox 2.7 +and in C for +.Ox 5.6 . +.Pp +The +.Ar dir +argument first appeared in +.Nx 1.0 ; +the options +.Fl dpt +in +.Ox 2.7 ; +the option +.Fl u +in +.Ox 3.4 ; +and the options +.Fl aCDnQT +in +.Ox 5.6 . +.Sh AUTHORS +.An -nosplit +.An Bill Joy +wrote the original +.Bx +.Nm +in February 1979, +.An Marc Espie +started the Perl version in 2000, +and the current version of +.Nm +was written by +.An Kristaps Dzonsons Aq Mt kristaps@bsd.lv +and +.An Ingo Schwarze Aq Mt schwarze@openbsd.org . diff --git a/static/openbsd/man8/man.cgi.8 b/static/openbsd/man8/man.cgi.8 new file mode 100644 index 00000000..2175640e --- /dev/null +++ b/static/openbsd/man8/man.cgi.8 @@ -0,0 +1,428 @@ +.\" $OpenBSD: man.cgi.8,v 1.23 2022/07/06 15:47:10 schwarze Exp $ +.\" +.\" Copyright (c) 2014, 2015, 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 6 2022 $ +.Dt MAN.CGI 8 +.Os +.Sh NAME +.Nm man.cgi +.Nd CGI program to search and display manual pages +.Sh DESCRIPTION +The +.Nm +CGI program searches for manual pages on a WWW server +and displays them to HTTP clients, +providing functionality equivalent to the +.Xr man 1 +and +.Xr apropos 1 +utilities. +It can use multiple manual trees in parallel. +.Ss HTML search interface +At the top of each generated HTML page, +.Nm +displays a search form containing these elements: +.Bl -enum +.It +An input box for search queries, expecting +either a name of a manual page or an +.Ar expression +using the syntax described in the +.Xr apropos 1 +manual; filling this in is required for each search. +.Pp +The expression is broken into words at whitespace. +Whitespace characters and backslashes can be escaped +by prepending a backslash. +The effect of prepending a backslash to another character is undefined; +in the current implementation, it has no effect. +.It +A +.Xr man 1 +submit button. +The string in the input box is interpreted as the name of a manual page. +.It +An +.Xr apropos 1 +submit button. +The string in the input box is interpreted as a search +.Ar expression . +.It +A dropdown menu to optionally select a manual section. +If one is provided, it has the same effect as the +.Xr man 1 +and +.Xr apropos 1 +.Fl s +option. +Otherwise, pages from all sections are shown. +.It +A dropdown menu to optionally select an architecture. +If one is provided, it has the same effect as the +.Xr man 1 +and +.Xr apropos 1 +.Fl S +option. +By default, pages for all architectures are shown. +.It +A dropdown menu to select a manual tree. +If the configuration file +.Pa /var/www/man/manpath.conf +contains only one manpath, the dropdown menu is not shown. +By default, the first manpath given in the file is used. +.El +.Ss Program output +The +.Nm +program generates five kinds of output pages: +.Bl -tag -width Ds +.It The index page. +This is returned when calling +.Nm +without +.Ev PATH_INFO +and without a +.Ev QUERY_STRING . +It serves as a starting point for using the program +and shows the search form only. +.It A list page. +Lists are returned when searches match more than one manual page. +The first column shows the names and section numbers of manuals +as clickable links. +The second column shows the one-line descriptions of the manuals. +For +.Xr man 1 +style searches, the content of the first manual page follows the list. +.It A manual page. +This output format is used when a search matches exactly one +manual page, or when a link on a list page or an +.Ic \&Xr +link on another manual page is followed. +.It A no-result page. +This is shown when a search request returns no results - +either because it violates the query syntax, or because +the search does not match any manual pages. +.It \&An error page. +This cannot happen by merely clicking the +.Dq Search +button, but only by manually entering an invalid URI. +It does not show the search form, but only an error message +and a link back to the index page. +.El +.Ss Setup +For each manual tree, create one first-level subdirectory below +.Pa /var/www/man . +The name of one of these directories is called a +.Dq manpath +in the context of +.Nm . +Create a single ASCII text file +.Pa /var/www/man/manpath.conf +containing the names of these directories, one per line. +The directory given first is used as the default manpath. +.Pp +Inside each of these directories, use the same directory and file +structure as found below +.Pa /usr/share/man , +that is, second-level subdirectories +.Pa /var/www/man/*/man1 , /var/www/man/*/man2 +etc. containing source +.Xr mdoc 7 +and +.Xr man 7 +manuals with file name extensions matching the section numbers, +second-level subdirectories +.Pa /var/www/man/*/cat1 , /var/www/man/*/cat2 +etc. containing preformatted manuals with the file name extension +.Sq 0 , +and optional third-level subdirectories for architectures. +Use +.Xr makewhatis 8 +to create a +.Xr mandoc.db 5 +database inside each manpath. +.Pp +Configure your web server to execute CGI programs located in +.Pa /cgi-bin . +When using +.Ox +.Xr httpd 8 , +the +.Xr slowcgi 8 +proxy daemon is needed to translate FastCGI requests to plain old CGI. +.Pp +To compile +.Nm , +first copy +.Pa cgi.h.example +to +.Pa cgi.h +and edit it according to your needs. +It contains the following compile-time definitions: +.Bl -tag -width Ds +.It Ev COMPAT_OLDURI +Only useful for running on www.openbsd.org to deal with old URIs containing +.Qq "manpath=OpenBSD " +where the blank character has to be translated to a hyphen. +When compiling for other sites, this definition can be deleted. +.It Dv CSS_DIR +An optional file system path to the directory containing the file +.Pa mandoc.css , +to be specified relative to the server's document root, +and to be specified without a trailing slash. +When empty, the CSS file is assumed to be in the document root. +Otherwise, a leading slash is needed. +This is used in generated HTML code. +.It Dv CUSTOMIZE_TITLE +An ASCII string to be used for the HTML element. +.It Dv MAN_DIR +A file system path to the +.Nm +data directory relative to the web server +.Xr chroot 2 +directory, to be specified with a leading slash and without a trailing slash. +It needs to have at least one component; the root directory cannot be used +for this purpose. +The files +.Pa manpath.conf , +.Pa header.html , +and +.Pa footer.html +are looked up in this directory. +It is also prepended to the manpath when opening +.Xr mandoc.db 5 +and manual page files. +.It Dv SCRIPT_NAME +The initial component of URIs, to be specified without leading +and trailing slashes. +It can be empty. +.El +.Pp +After editing +.Pa cgi.h , +run +.Pp +.Dl make man.cgi +.Pp +and copy the resulting binary to the proper location, +for example using the command: +.Pp +.Dl make installcgi +.Pp +In addition to that, make sure the default manpath contains the files +.Pa man1/apropos.1 +and +.Pa man8/man.cgi.8 , +or the documentation links at the bottom of the index page will not work. +.Ss URI interface +.Nm +uniform resource identifiers are not needed for interactive use, +but can be useful for deep linking. +They consist of: +.Bl -enum +.It +The +.Cm http:// +or +.Cm https:// +protocol specifier. +.It +The host name. +.It +The +.Dv SCRIPT_NAME , +preceded by a slash unless empty. +.It +To show a single page, a slash, the manpath, another slash, +and the name of the requested file, for example +.Pa /OpenBSD-current/man1/mandoc.1 . +This can be abbreviated according to the following syntax: +.Sm off +.Op / Ar manpath +.Op / Cm man Ar sec +.Op / Ar arch +.Pf / Ar name Op \&. Ar sec +.Sm on +.It +For searches, a query string starting with a question mark +and consisting of +.Ar key Ns = Ns Ar value +pairs, separated by ampersands, for example +.Pa ?manpath=OpenBSD-current&query=mandoc . +Supported keys are +.Cm manpath , +.Cm query , +.Cm sec , +.Cm arch , +corresponding to +.Xr apropos 1 +.Fl M , +.Ar expression , +.Fl s , +.Fl S , +respectively, and +.Cm apropos , +which is a boolean parameter to select or deselect the +.Xr apropos 1 +query mode. +For backward compatibility with the traditional +.Nm , +.Cm sektion +is supported as an alias for +.Cm sec . +.El +.Ss Restricted character set +For security reasons, in particular to prevent cross site scripting +attacks, some strings used by +.Nm +can only contain the following characters: +.Pp +.Bl -dash -compact -offset indent +.It +lower case and upper case ASCII letters +.It +the ten decimal digits +.It +the dash +.Pq Sq - +.It +the dot +.Pq Sq \&. +.It +the slash +.Pq Sq / +.It +the underscore +.Pq Sq _ +.El +.Pp +In particular, this applies to all manpaths and architecture names. +.Sh ENVIRONMENT +The web server may pass the following CGI variables to +.Nm : +.Bl -tag -width Ds +.It Ev SCRIPT_NAME +The initial part of the URI passed from the client to the server, +starting after the server's host name and ending before +.Ev PATH_INFO . +This is ignored by +.Nm . +When constructing URIs for links and redirections, the +.Dv SCRIPT_NAME +preprocessor constant is used instead. +.It Ev PATH_INFO +The final part of the URI path passed from the client to the server, +starting after the +.Ev SCRIPT_NAME +and ending before the +.Ev QUERY_STRING . +It is used by the +.Cm show +page to acquire the manpath and filename it needs. +.It Ev QUERY_STRING +The HTTP query string passed from the client to the server. +It is the final part of the URI, after the question mark. +It is used by the +.Cm search +page to acquire the named parameters it needs. +.El +.Sh FILES +.Bl -tag -width Ds +.It Pa /var/www +Default web server +.Xr chroot 2 +directory. +All the following paths are specified relative to this directory. +.It Pa /cgi-bin/man.cgi +The usual file system path to the +.Nm +program inside the web server +.Xr chroot 2 +directory. +A different name can be chosen, but in any case, it needs to be configured in +.Xr httpd.conf 5 . +.It Pa /htdocs +The file system path to the server document root directory +relative to the server +.Xr chroot 2 +directory. +This is part of the web server configuration and not specific to +.Nm . +.It Pa /htdocs/mandoc.css +A style sheet for +.Xr mandoc 1 +HTML styling, referenced from each generated HTML page. +.It Pa /man +Default +.Nm +data directory containing all the manual trees. +Can be overridden by +.Dv MAN_DIR . +.It Pa /man/manpath.conf +The list of available manpaths, one per line. +If any of the lines in this file contains a slash +.Pq Sq / +or any character not contained in the +.Sx Restricted character set , +.Nm +reports an internal server error and exits without doing anything. +.It Pa /man/header.html +An optional file containing static HTML code to be wrapped in +a <HEADER> element and inserted right after opening the <BODY> element. +For example, it can contain an <H1> element +specifying the name of the website. +.It Pa /man/footer.html +An optional file containing static HTML code to be wrapped in +a <FOOTER> element and inserted right before closing the <BODY> element. +.It Pa /man/OpenBSD-current/man1/mandoc.1 +An example +.Xr mdoc 7 +source file located below the +.Dq OpenBSD-current +manpath. +.El +.Sh COMPATIBILITY +The +.Nm +CGI program is call-compatible with queries from the traditional +.Pa man.cgi +script by Wolfram Schneider. +However, the output looks quite different. +.Sh SEE ALSO +.Xr apropos 1 , +.Xr mandoc.db 5 , +.Xr makewhatis 8 , +.Xr slowcgi 8 +.Sh HISTORY +A version of +.Nm +based on +.Xr mandoc 1 +first appeared in mdocml-1.12.1 (March 2012). +The current +.Xr mandoc.db 5 +database format first appeared in +.Ox 6.1 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Kristaps Dzonsons Aq Mt kristaps@bsd.lv +and is maintained by +.An Ingo Schwarze Aq Mt schwarze@openbsd.org , +who also designed and implemented the database format. diff --git a/static/openbsd/man8/map-mbone.8 b/static/openbsd/man8/map-mbone.8 new file mode 100644 index 00000000..c9dba18e --- /dev/null +++ b/static/openbsd/man8/map-mbone.8 @@ -0,0 +1,130 @@ +.\" $OpenBSD: map-mbone.8,v 1.16 2024/12/01 09:58:15 kn Exp $ +.\" $NetBSD: map-mbone.8,v 1.2 1995/10/03 23:16:53 thorpej Exp $ +.\" +.\" Mapper for connections between MRouteD multicast routers. +.\" Written by Pavel Curtis <Pavel@PARC.Xerox.Com> +.\" +.\" Copyright (c) 1992, 2001 Xerox Corporation. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions are met: +.\" +.\" Redistributions of source code must retain the above copyright notice, +.\" this list of conditions and the following disclaimer. +.\" +.\" Redistributions in binary form must reproduce the above copyright notice, +.\" this list of conditions and the following disclaimer in the documentation +.\" and/or other materials provided with the distribution. +.\" +.\" Neither name of the Xerox, PARC, nor the names of its contributors may be +.\" used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE XEROX CORPORATION OR +.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +.\" EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 1 2024 $ +.Dt MAP-MBONE 8 +.Os +.Sh NAME +.Nm map-mbone +.Nd Multicast connection mapper +.Sh SYNOPSIS +.Nm map-mbone +.Op Fl fgn +.Op Fl d Ns Op Ar level +.Op Fl r Ar count +.Op Fl t Ar seconds +.Op Ar starting_router +.Sh DESCRIPTION +.Nm +attempts to display all multicast routers that are reachable from the multicast +router +.Ar starting_router . +If not specified on the command line, +.Ar starting_router +is +.Dq localhost . +.Nm +must be run as root. +.Pp +.Nm +sends an +.Dv ASK_NEIGHBORS +.Tn IGMP +message to +.Ar starting_router . +A response contains the +multicast version number +of +.Ar starting_router +and the addresses of +all its neighboring multicast routers. +If the multicast version number is recent, then +.Nm +requests additional information such as metrics, thresholds, and flags. +.Pp +If a recursive search has been requested (see +.Fl f ) , +.Nm +repeats the above operation for each new +multicast router in the list of neighbors and +continues the process until no new multicast routers are reported. +.Pp +The options are as follows: +.Bl -tag -width "-t seconds" +.It Fl d Ns Op Ar level +Sets the debug level to +.Ar level . +When the debug level is greater than the default value of +0, additional debugging messages are printed to stderr. +Regardless of +the debug level, an error condition will always write an error message and will +cause +.Nm +to terminate. +Non-zero debug levels are: +.Bl -enum -offset indent +.It +Print packet warnings, plus level 0 messages. +.It +Print notifications of down networks, plus level 1 messages. +.It +Print notifications of all packet timeouts, plus level 2 messages. +.El +.Pp +Default is 0. +.It Fl f +Causes a recursive (flooding) search. +If no +.Ar starting_router +is specified, a recursive search is always performed. +.It Fl g +Sets graphing format to GraphEd format. +.It Fl n +Disables DNS lookup for the names of the multicast routers. +.It Fl r Ar count +Sets the neighbor query retry limit to +.Ar count . +Default is 1. +.It Fl t Ar seconds +Sets the number of seconds to wait for a neighbor query +reply before retrying to +.Ar seconds . +Default is 2. +.El +.Sh SEE ALSO +.Xr mrinfo 8 , +.Xr mrouted 8 , +.Xr mtrace 8 +.Sh AUTHORS +.An Pavel Curtis diff --git a/static/openbsd/man8/mbr.8 b/static/openbsd/man8/mbr.8 new file mode 100644 index 00000000..22f09837 --- /dev/null +++ b/static/openbsd/man8/mbr.8 @@ -0,0 +1,61 @@ +.\" $OpenBSD: mbr.8,v 1.7 2017/07/06 17:24:49 schwarze Exp $ +.\" +.\" Copyright (c) 2006 Michael Shalayeff +.\" All rights reserved. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN +.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 6 2017 $ +.Dt MBR 8 landisk +.Os +.Sh NAME +.Nm mbr +.Nd LANDISK-specific Master Boot Record +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +The +.Nm MBR +program comprises only one sector (512 bytes) and includes +a partition table, since the disk is located in the 0th sector of the disk. +Upon receiving control from the system firmware +.Nm +will scan the partition table for an active partition and continue +loading the Primary Boot Record (PBR) from the beginning of the +partition, if found. +.Pp +.Nm +is installed on the disk by +.Xr fdisk 8 , +which is also used to operate the partition table. +.Pp +The partition table consists of four entries, only one of which may be +marked as +.Dq active . +The PBR is loaded from there. +.Sh DIAGNOSTICS +A few messages are printed in case of errors: +.Bl -tag -width "no_active_partitionXX" +.It "No active partition" +Indicates that none of the partitions are marked +.Dq active . +.It Read error +An error occurred while fetching the primary boot loader. +.It "No O/S" +The partition table is empty. +.El +.Sh SEE ALSO +.Xr boot 8 , +.Xr disklabel 8 , +.Xr fdisk 8 , +.Xr xxboot 8 diff --git a/static/openbsd/man8/memconfig.8 b/static/openbsd/man8/memconfig.8 new file mode 100644 index 00000000..9215bf30 --- /dev/null +++ b/static/openbsd/man8/memconfig.8 @@ -0,0 +1,122 @@ +.\" $OpenBSD: memconfig.8,v 1.12 2014/01/20 05:07:48 schwarze Exp $ +.\" +.\" Copyright (c) 1999 Chris Costello +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: /home/ncvs/src/usr.sbin/memcontrol/memcontrol.8,v 1.9 2002/09/15 15:07:55 dwmalone Exp $ +.\" +.Dd $Mdocdate: January 20 2014 $ +.Dt MEMCONFIG 8 +.Os +.Sh NAME +.Nm memconfig +.Nd control system cache behaviour with respect to memory +.Sh SYNOPSIS +.Nm memconfig +.Ar list +.Op Fl a +.Nm memconfig +.Ar set +.Fl b Ar base +.Fl l Ar length +.Fl o Ar owner +.Ar attribute +.Nm memconfig +.Ar clear +.Fl o Ar owner +.Nm memconfig +.Ar clear +.Fl b Ar base +.Fl l Ar length +.Sh DESCRIPTION +A number of supported system architectures allow the behaviour of the CPU +cache to be programmed to behave differently depending on the region being +written. +.Pp +.Nm +provides an interface to this facility, allowing CPU cache behavior to +be altered for ranges of system physical memory. +.Pp +These ranges are typically power-of-2 aligned and sized, however the specific +rules governing their layout vary between architectures. +The +.Nm +program does not attempt to enforce these rules, however the system will +reject any attempt to set an illegal combination. +.Pp +The operands and their options are as follows: +.Bl -tag -width clear +.It Ar list +List range slots. +.Bl -tag -width xxxxxx +.It Fl a +List all range slots, even those that are inactive. +.El +.It Ar set +Set memory range attributes. +.Bl -tag -width xxxxxx +.It Fl b Ar base +Memory range base address. +.It Fl l Ar length +Length of memory range in bytes, power of 2. +.It Fl o Ar owner +Text identifier for this setting (7 char max). +.It Ar attribute +Attributes applied to this range; combinations of +.Ar force , +.Ar uncacheable , +.Ar write-combine , +.Ar write-through , +.Ar write-back , +or +.Ar write-protect . +.El +.It Ar clear +Clear memory range attributes. +Ranges may be cleared by owner or by base/length combination. +.Pp +To clear based on ownership: +.Bl -tag -width xxxxxx +.It Fl o Ar owner +All ranges with this owner will be cleared. +.El +.Pp +To clear based on the base/length combination: +.Bl -tag -width xxxxxx +.It Fl b Ar base +Memory range base address. +.It Fl l Ar length +Length of memory range in bytes, power of 2. +.El +.Pp +Base and length must exactly match an existing range. +.El +.Sh SEE ALSO +.Xr mtrr 4 +.Sh HISTORY +.Nm +was originally introduced in +.Fx 3.3 +as +.Sy memcontrol . diff --git a/static/openbsd/man8/mixerctl.8 b/static/openbsd/man8/mixerctl.8 new file mode 100644 index 00000000..d01d5870 --- /dev/null +++ b/static/openbsd/man8/mixerctl.8 @@ -0,0 +1,209 @@ +.\" $OpenBSD: mixerctl.8,v 1.7 2020/04/23 14:47:20 ratchov Exp $ +.\" $NetBSD: mixerctl.1,v 1.8 1998/05/09 12:41:16 augustss Exp $ +.\" +.\" Copyright (c) 1997 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Author: Lennart Augustsson +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt MIXERCTL 8 +.Os +.Sh NAME +.Nm mixerctl +.Nd manipulate controls for audio hardware +.Sh SYNOPSIS +.Nm mixerctl +.Op Fl anv +.Op Fl f Ar file +.Nm mixerctl +.Op Fl nv +.Op Fl f Ar file +.Ar name ... +.Nm mixerctl +.Op Fl qt +.Op Fl f Ar file +.Ar name ... +.Nm mixerctl +.Op Fl q +.Op Fl f Ar file +.Ar name Ns = Ns Ar value ... +.Sh DESCRIPTION +The +.Nm +command displays or sets various controls for audio hardware, +such as microphone reference voltage or output level. +Where hardware defaults are not the desired ones, +controls can be set at system startup using the configuration file +.Xr mixerctl.conf 5 . +.Pp +.Nm +itself can only be run by the superuser. +Common controls should be adjusted at runtime using +.Xr sndioctl 1 , +which is intended for every day use and requires no superuser privileges. +Manual use of +.Nm +is intended for controls which cannot be set using +.Xr sndioctl 1 . +.Pp +If a list of control names is present on the command line, +.Nm +prints the current value of those controls for the specified device. +.Pp +The options are as follows: +.Bl -tag -width "-f file" +.It Fl a +Print all device controls and their current values. +This is the default, if no parameters are given to +.Nm . +.It Fl f Ar file +Specify an alternative audio control device. +The default is +.Pa /dev/audioctl0 . +.It Fl n +Suppress printing of the control name. +.It Fl q +Suppress all printing when setting a control. +.It Fl t +Toggle. +Attempt to select the next possible value +of an enum +(see below). +.It Fl v +Show all possible values of controls. +Enum values are shown in +.Sq [] +and values belonging to a set are shown in +.Sq {} +(see below). +.It Ar name Ns = Ns Ar value +Attempt to set the control with given +.Ar name +to +.Ar value . +.El +.Pp +The exact set of controls that can be manipulated depends on +the device. +The general format (in both getting and setting a value) is: +.Pp +.D1 class.name=value +.Pp +The +.Ar class +can have values like +.Dq inputs +or +.Dq outputs , +indicating that the control affects the input or output, respectively, +to the device. +The +.Ar name +indicates what part of the device the control affects. +Continuous values, e.g. volume, +have numeric values in the range 0\-255. +If +.Ar value +can be set for each channel independently, +the values are printed separated by commas. +Discrete values, e.g. the recording source, +have symbolic names. +.Pp +Variables may take one of three types, +again dependent on the mixer: +.Bl -enum +.It +Enums. +These may take only one out of a possible list of symbolic values +or the literal string +.Dq toggle , +which toggles the value, +e.g. inputs.mic.source=mic0. +.It +Sets. +These can take one or more of a possible list of symbolic values; +multiple values are specified as a comma-separated list, +e.g. record.source=mic,cd. +Additionally, +.Ar value +may be omitted to specify the empty set, +e.g. record.source=. +.It +Numbers. +Numerical values may be specified in either absolute or relative forms. +The relative form is indicated by a prefix of +.Ql + +or +.Ql - +to denote an increase or decrease, respectively. +.El +.Sh ENVIRONMENT +.Bl -tag -width "MIXERDEVICEXXX" +.It Ev MIXERDEVICE +The audio control device to use. +.El +.Sh FILES +.Bl -tag -width "/etc/mixerctl.confXXX" -compact +.It Pa /dev/audioctl0 +Default audio control device. +.It Pa /etc/mixerctl.conf +.Nm +configuration file. +.El +.Sh EXAMPLES +Show possible values for all controls, +and their current settings: +.Bd -literal -offset indent +# mixerctl -av +inputs.mic=0,0 volume +inputs.mic.mute=off [ off on ] +inputs.cd=220,220 volume +inputs.cd.mute=off [ off on ] +inputs.dac=220,220 volume +inputs.dac.mute=off [ off on ] +record.record=220,220 volume +record.record.source=mic [ mic cd dac ] +monitor.monitor=0 volume +.Ed +.Pp +Toggle inputs.dac.mute: +.Bd -literal -offset indent +# mixerctl -t inputs.dac.mute +inputs.dac.mute: off -> on +# mixerctl inputs.dac.mute=toggle +inputs.dac.mute: on -> off +.Ed +.Sh SEE ALSO +.Xr aucat 1 , +.Xr cdio 1 , +.Xr audio 4 , +.Xr mixerctl.conf 5 , +.Xr audioctl 8 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 2.4 . diff --git a/static/openbsd/man8/mkalias.8 b/static/openbsd/man8/mkalias.8 new file mode 100644 index 00000000..6860d3ae --- /dev/null +++ b/static/openbsd/man8/mkalias.8 @@ -0,0 +1,91 @@ +.\" $OpenBSD: mkalias.8,v 1.13 2022/03/31 17:27:32 naddy Exp $ +.\" +.\" Copyright (c) 1997 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt MKALIAS 8 +.Os +.Sh NAME +.Nm mkalias +.Nd a YP map conversion program +.Sh SYNOPSIS +.Nm mkalias +.Op Fl nv +.Oo +.Fl E | e +.Op Fl du +.Oc +.Ar input +.Op Ar output +.Sh DESCRIPTION +.Nm +is used to convert a mail.aliases map to a mail.byaddr map. +This is an inverse map of user@host (or user!host) back to alias. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Assume domain names are OK. +Only useful together with +.Fl E +or +.Fl e . +.It Fl E +Same as +.Fl e , +but also check for any MX-record. +.It Fl e +Check host to verify that it exists. +.It Fl n +Capitalize name. e.g., mats.o.jansson becomes Mats.O.Jansson. +.It Fl u +Assume UUCP names are OK. +Only useful together with +.Fl E +or +.Fl e . +.It Fl v +Verbose mode. +.It Ar input +Use this map as input. +.It Ar output +Use this map as output. +If the output map isn't given, don't create database. +Can be useful together with +.Fl E +or +.Fl e . +.El +.Sh SEE ALSO +.Xr yp 8 , +.Xr ypserv 8 +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se +.Sh BUGS +.Nm +on SunOS 4.1.x seems to have a +.Fl s . +Since I don't know what it is supposed to do, I haven't implemented it. +But it is accepted by the program. diff --git a/static/openbsd/man8/mkboot.8 b/static/openbsd/man8/mkboot.8 new file mode 100644 index 00000000..f1261c82 --- /dev/null +++ b/static/openbsd/man8/mkboot.8 @@ -0,0 +1,55 @@ +.\" $OpenBSD: mkboot.8,v 1.10 2015/01/15 19:06:32 schwarze Exp $ +.\" +.\" Copyright (c) 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 15 2015 $ +.Dt MKBOOT 8 hppa +.Os +.Sh NAME +.Nm mkboot +.Nd create LIF files +.Sh SYNOPSIS +.Nm mkboot +.Op Fl v +.Op Fl l Ar loadpoint +.Ar program ... outfile +.Sh DESCRIPTION +Creates the LIF file containing the bootstrap +.Ar program +and possibly other programs to be used +by the HP 9000/700 and HP 9000/800 systems. +.Pp +An argument to the +.Fl l +option specifies the load point for the boot program, +with the default value of zero. +.Sh HISTORY +An +.Nm +utility first appeared in +.Ox 2.4 . diff --git a/static/openbsd/man8/mkhybrid.8 b/static/openbsd/man8/mkhybrid.8 new file mode 100644 index 00000000..33b0a82b --- /dev/null +++ b/static/openbsd/man8/mkhybrid.8 @@ -0,0 +1,1651 @@ +'\" te +.\" To print, first run through tbl +.\" -*- nroff -*- +.\" +.\" $Id: mkhybrid.8,v 1.5 2023/11/21 08:46:06 jmatthew Exp $ +.\" +.TH MKHYBRID 8 "7 April 1999" "Version 1.12b5.1" +.SH NAME +mkhybrid \- create an hybrid ISO9660/JOLIET/HFS filesystem with optional Rock Ridge attributes. +.SH SYNOPSIS +.B mkhybrid +[ +.B \-a +] +[ +.B \-abstract +.I FILE +] +[ +.B \-biblio +.I FILE +] +[ +.B \-b +.I boot_image +] +[ +.B \-c +.I boot_catalog +] +[ +.B \-copyright +.I FILE +] +[ +.B \-A +.I application_id +] +[ +.B \-f +] +[ +.B \-d +] +[ +.B \-D +] +[ +.B \-e +.I efi_boot_image +] +[ +.B \-hide +.I glob +] +[ +.B \-hide-list +.I file +] +[ +.B \-hide-joliet +.I glob +] +[ +.B \-hide-joliet-list +.I file +] +[ +.B \-J +] +[ +.B \-l +] +[ +.B \-L +] +[ +.B \-log-file +.I log_file +] +[ +.B -no-split-symlink-components +] +[ +.B -no-split-symlink-fields +] +[ +.B \-path-list +.I file +] +[ +.B \-p +.I preparer +] +[ +.B \-print-size +] +[ +.B \-P +.I publisher +] +[ +.B \-quiet +] +[ +.B \-r +] +[ +.B \-R +] +[ +.B \-sysid +.I ID +] +[ +.B \-T +| +.B \-table-name +.I TABLE_NAME +] +[ +.B \-v +] +[ +.B \-V +.I volid +] +[ +.B \-volset +.I ID +] +[ +.B \-volset-size +.I # +] +[ +.B \-volset-seqno +.I # +] +[ +.B \-x +.I path +] +[ +.B \-z +] +[ +.B \-m +.I glob +] +[ +.B \-hfs +| +.B \-apple +] +[ +.B \-map +.I mapping_file +] +[ +.B \-magic +.I magic_file +] +[ +.B \-no-mac-files +] +[ +.B \-probe +] +[ +.B \-no-desktop +] +[ +.B \-mac-name +] +[ +.B \-boot-hfs-file +.I driver_file +[ +.B \-part +] +[ +.B \-auto +.I AutoStart_file +] +[ +.B \-cluster-size +.I size +] +[ +.B \-hide-hfs +.I glob +] +[ +.B \-hide-hfs-list +.I file +] +[ +.B \-hfs-volid +.I hfs_volid +] +[ +.B \-hfs-bless +.I folder_name +] +[ +.B \--cap +] +[ +.B \--netatalk +] +[ +.B \--double +] +[ +.B \--ethershare +] +[ +.B \--ushare +] +[ +.B \--exchange +] +[ +.B \--sgi +] +[ +.B \--xinet +] +[ +.B \--macbin +] +[ +.B \--single +] +.B \-o +.I filename +.I pathspec [pathspec] +.SH DESCRIPTION +.B mkhybrid +is effectively a pre-mastering program to generate an HFS/ISO9660/JOLIET hybrid +filesystem. It is based on +.BR mkisofs (1) +and will generate a pure ISO9660 filesystem unless the HFS hybrid command +line options are given. +.PP +.B mkhybrid +can generate a +.I true +(or +.IR shared) +HFS hybrid filesystem. The same files are seen as HFS files when +accessed from a Macintosh and as ISO9660 files when accessed from other +machines. HFS stands for +.I Hierarchical File System +and is the native file system used on Macintosh computers. +.PP +As an alternative, +.B mkhybrid +can generate the +.I Apple Extensions to ISO9660 +for each file. These extensions provide each file with CREATOR, TYPE and +certain Finder Flags when accessed from a Macintosh. See the +.B MACINTOSH FILE FORMATS +section below. +.PP +.B mkhybrid +takes a snapshot of a given directory tree, and generates a +binary image which will correspond to an ISO9660 or HFS filesystem when +written to a block device. +.PP +.B mkhybrid +is also capable of generating the System Use Sharing Protocol records specified +by the Rock Ridge Interchange Protocol. This is used to further describe the +files in the iso9660 filesystem to a unix host, and provides information such +as longer filenames, uid/gid, posix permissions, and block and character +devices. +.PP +Each file written to the iso9660 filesystem must have a filename in the 8.3 +format (8 characters, period, 3 characters, all upper case), even if Rock Ridge +is in use. This filename is used on systems that are not able to make use of +the Rock Ridge extensions (such as MS-DOS), and each filename in each directory +must be different from the other filenames in the same directory. +.B mkhybrid +generally tries to form correct names by forcing the unix filename to upper +case and truncating as required, but often times this yields unsatisfactory +results when there are cases where the +truncated names are not all unique. +.B mkhybrid +assigns weightings to each filename, and if two names that are otherwise the +same are found the name with the lower priority is renamed to have a 3 digit +number as an extension (where the number is guaranteed to be unique). An +example of this would be the files foo.bar and +foo.bar.~1~ - the file foo.bar.~1~ would be written as FOO.000;1 and the file +foo.bar would be written as FOO.BAR;1 +.PP +When used with the HFS options, +.B mkhybrid +will attempt to recognise files stored in a number of Apple/Unix file formats +and will copy the data and resource forks as well as any +relevant finder information. See the +.B MACINTOSH FILE FORMATS +section below for more about formats +.B mkhybrid +supports. +.PP +Note that +.B mkhybrid +is not designed to communicate with the writer directly. Most writers +have proprietary command sets which vary from one manufacturer to +another, and you need a specialized tool to actually burn the disk. +The +.B cdwrite +utility is one such tool that runs under Linux and performs this task. +The latest version of +.B cdwrite +is capable of communicating with Phillips/IMS/Kodak, HP and Yamaha drives. +Most writers come with some version of DOS software that allows a direct image +copy of an iso9660 image to the writer. +.\"The current version of +.\".B cdwrite +.\"is available from ftp://sunsite.unc.edu/utils/disk-management/cdwrite-2.0.tar.gz +Note that cdwrite has not been actively maintained in recent times. +.PP +The +.B +cdrecord +utility is another utility capable of burning an actual disc. The latest version +of +.\".B cdrecord +.\"is available +.\"from ftp://ftp.fokus.gmd.de/pub/unix/cdrecord +Cdrecord is under constant development. +.PP +Also you should know that most cd writers are very particular about timing. +Once you start to burn a disc, you cannot let their buffer empty before you +are done, or you will end up with a corrupt disc. Thus it is critical +that you be able to maintain an uninterrupted data stream to the writer +for the entire time that the disc is being written. +.PP +.br +.I +pathspec +is the path of the directory tree to be copied into the iso9660 filesystem. +Multiple paths can be specified, and +.B +mkhybrid +will merge the files found in all of the specified path components to form the cdrom +image. +.PP +It is possible to graft the paths at points other than the root +directory, and it is possible to graft files or directories onto the +cdrom image with names different than what they have in the source filesystem. This is +easiest to illustrate with a couple of examples. Let's start by assuming that a local +file ../old.lis exists, and you wish to include it in the cdrom image. + + + foo/bar/=../old.lis + +will include the file old.lis in the cdrom image at /foo/bar/old.lis, while + + foo/bar/xxx=../old.lis + +will include the file old.lis in the cdrom image at /foo/bar/xxx. The +same sort of syntax can be used with directories as well. +.B +mkhybrid +will create any directories required such that the graft +points exist on the cdrom image - the directories do not need to +appear in one of the paths. Any directories that are created on the +fly like this will have permissions 0555 and appear to be owned by the +person running mkhybrid. If you wish other permissions or owners of +the intermediate directories, the easiest solution is to create real +directories in the path such that mkhybrid doesn't have to invent them. +.PP +.I +mkhybrid +will also run on Win9X/NT4 machines when compiled with Cygnus' cygwin. +Therefore most +references in this man page to +.I Unix +can be replaced with +.IR Win32 . + +.SH OPTIONS +.TP +.B \-a +Include all files on the iso9660 filesystem. Normally files that contain the +characters '~' or '#' will not be included (these are typically backup files +for editors under unix). +.TP +.BI \-abstract " FILE +Specifies the abstract file name. +This parameter can also be set in the file +.B \&.mkisofsrc +with ABST=filename. +If specified in both places, the command line version is used. +.TP +.BI \-A " application_id +Specifies a text string that will be written into the volume header. +This should describe the application that will be on the disc. There +is space on the disc for 128 characters of information. This parameter can +also be set in the file +.I \&.mkisofsrc +with APPI=id. +If specified in both places, the command line version is used. +.TP +.BI \-biblio " FILE +Specifies the bibliographic file name. +This parameter can also be set in the file +.B \&.mkisofsrc +with BIBLO=filename. +If specified in both places, the command line version is used. +.TP +.BI \-b " boot_image +Specifies the path and filename of the boot image to be used when making +an "El Torito" bootable CD. The pathname must be relative to the source +path specified to +.B mkhybrid. +This option is required to make a bootable CD. +The boot image must be exactly the size of one of a 1.2, 1.44, or +2.88 MB floppy, or of a 2 KB CD sector, +and +.B mkhybrid +will use this size when creating the output iso9660 filesystem. +If the boot file is 2 KB long, a no-emulation boot CD will be created, +and the whole 2 KB will be read on boot. +If the boot file is a floppy image, +then only the first 512-byte sector will be read from the boot image +(it is emulating a normal floppy drive). +This will work, for example, if the boot image is a LILO-based boot floppy. +.TP +.BI \-C " last_sess_start,next_sess_start +This option is needed when +.B mkisofs +is used to create the image of a second session or a higher level session +for a multi session disk. +The option +.B \-C +takes a pair of two numbers separated by a comma. The first number is the +sector number of the first sector in the last session of the disk +that should be appended to. +The second number is the starting sector number of the new session. +The expected pair of numbers may be retrieved by calling +.B "cdrecord -msinfo ... +the +.B \-C +option may only be uses in conjunction with the +.B \-M +option. +.TP +.BI \-c " boot_catalog +Specifies the path and filename of the boot catalog to be used when making +an "El Torito" bootable CD. The pathname must be relative to the source +path specified to +.B mkhybrid. +This option is required to make a bootable CD. +This file will be created by +.B mkhybrid +in the source filesystem, so be +sure the specified filename does not conflict with an existing file, as +it will be quietly overwritten! Usually a name like "boot.catalog" is +chosen. +.TP +.BI \-copyright " FILE +Specifies the Copyright file name. +This parameter can also be set in the file +.B \&.mkisofsrc +with COPY=filename. +If specified in both places, the command line version is used. +.TP +.B \-d +Omit trailing period from files that do not have a period. This violates the +ISO9660 standard, but it happens to work on many systems. Use with caution. +.TP +.B \-D +Do not use deep directory relocation, and instead just pack them in the +way we see them. This violates the ISO9660 standard, but it works on many +systems. Use with caution. +.TP +.BI \-e " efi_boot_image +Specifies the path and filename of the EFI boot image to be used when making +an "El Torito" bootable CD. +The pathname must be relative to the source path specified to +.B mkhybrid. +The file should contain an EFI system partition image. +The +.B \-e +option can be used with or without the +.B \-b +option. +.TP +.B \-f +Follow symbolic links when generating the filesystem. When this option is not +in use, symbolic links will be entered using Rock Ridge if enabled, otherwise +the file will be ignored. +.TP +.BI \-hide " glob +Hide +.I glob +from being seen on the ISO9660 or Rock Ridge directory. +.I glob +is a shell wild-card-style pattern that must match any part of the filename +or path. +Multiple globs may be hidden (up to 1000). +If +.I glob +matches a directory, then the contents of that directory will be hidden. +All the hidden files will still be written to the output CD image file. +Should be used with the +.I \-hide-joliet +option. +.TP +.BI \-hide-list " file +A file containing a list of +.I globs +to be hidden as above. +.TP +.BI \-hide-joliet " glob +Hide +.I glob +from being seen on the Joliet directory. +.I glob +is a shell wild-card-style pattern that must match any part of the filename +or path. +Multiple globs may be hidden (up to 1000). +If +.I glob +matches a directory, then the contents of that directory will be hidden. +All the hidden files will still be written to the output CD image file. +Should be used with the +.I \-hide +option. +.TP +.BI \-hide-joliet-list " file +A file containing a list of +.I globs +to be hidden as above. +.TP +.B \-l +Allow full 32 character filenames. Normally the ISO9660 filename will be in an +8.3 format which is compatible with MS-DOS, even though the ISO9660 standard +allows filenames of up to 32 characters. If you use this option, the disc may +be difficult to use on a MS-DOS system, but this comes in handy on some other +systems (such as the Amiga). Use with caution. +.TP +.B \-J +Generate Joliet directory records in addition to regular iso9660 file +names. This is primarily useful when the discs are to be used on Windows-NT +or Windows-95 machines. The Joliet filenames are specified in Unicode and +each path component can be up to 64 Unicode characters long. +.TP +.B \-L +Allow filenames to begin with a period. Usually, a leading dot is +replaced with an underscore in order to maintain MS-DOS compatibility. +.TP +.BI \-log-file " log_file +Redirect all error, warning and informational messages to +.I log_file +instead of the standard error. +.TP +.BI \-m " glob +Exclude +.I glob +from being written to CDROM. +.I glob +is a shell wild-card-style pattern that must match part of the filename (not +the path as with option +.BR -x ). +Technically +.I glob +is matched against the +.I d->d_name +part of the directory entry. +Multiple globs may be excluded (up to 1000). +Example: + +mkhybrid \-o rom \-m '*.o' \-m core \-m foobar + +would exclude all files ending in ".o", called "core" or "foobar" to be +copied to CDROM. Note that if you had a directory called "foobar" it too (and +of course all its descendants) would be excluded. +.sp +NOTE: The \-m and \-x option description should both be updated, they are wrong. +Both now work identical and use filename globbing. A file is excluded if either +the last component matches or the whole path matches. +.TP +.BI \-exclude-list " file +A file containing a list of +.I globs +to be exclude as above. +.TP +.BI \-M " path +or +.TP +.BI \-M " device +Specifies path to existing iso9660 image to be merged. The alternate form +takes a SCSI device specifier that uses the same syntax as the +.B "dev= +parameter of +.B cdrecord. +The output +of +.B mkhybrid +will be a new session which should get written to the end of the +image specified in -M. Typically this requires multi-session capability +for the recorder and cdrom drive that you are attempting to write this +image to. +This option may only be used in conjunction with the +.B \-C +option. +.TP +.B \-N +Omit version numbers from ISO9660 file names. This may violate the ISO9660 +standard, but no one really uses the version numbers anyway. Use with caution. +.TP +.B \-no-split-symlink-components +Don't split the SL components, but begin a new Continuation Area (CE) +instead. This may waste some space, but the SunOS 4.1.4 cdrom driver +has a bug in reading split SL components (link_size = component_size +instead of link_size += component_size). +.TP +.B \-no-split-symlink-fields +Don't split the SL fields, but begin a new Continuation Area (CE) +instead. This may waste some space, but the SunOS 4.1.4 and +Solaris 2.5.1 cdrom driver have a bug in reading split SL fields +(a `/' can be dropped). +.TP +.BI \-o " filename +is the name of the file to which the iso9660 filesystem image should be +written. This can be a disk file, a tape drive, or it can correspond directly +to the device name of the optical disc writer. If not specified, stdout is +used. Note that the output can also be a block special device for a regular +disk drive, in which case the disk partition can be mounted and examined to +ensure that the premastering was done correctly. +.TP +.BI \-path-list " file +A file containing a list of +.I filespec +directories and filenames to be added to the ISO9660 filesystem. This list +of filespecs are processed after any that appear on the command line. If the +argument is +.IR - , +then the list is read from the standard input. +.TP +.BI \-P " publisher_id +Specifies a text string that will be written into the volume header. +This should describe the publisher of the CDROM, usually with a +mailing address and phone number. There is space on the disc for 128 +characters of information. This parameter can also be set in the file +.I \&.mkisofsrc +with PUBL=. +If specified in both places, the command line version is used. +.TP +.BI \-p " preparer_id +Specifies a text string that will be written into the volume header. +This should describe the preparer of the CDROM, usually with a mailing +address and phone number. There is space on the disc for 128 +characters of information. This parameter can also be set in the file +.I \&.mkisofsrc +with PREP=. +If specified in both places, the command line version is used. +.TP +.B \-print-size +Print estimated filesystem size and exit. This option is needed for +Disk At Once mode and with some CD-R drives when piping directly into +.B cdrecord. +In this case it is needed to know the size of the filesystem before the +actual CD-creation is done. +The option \-print-size allows to get this size from a "dry-run" before +the CD is actually written. +.TP +.B \-quiet +This makes +.B mkhybrid +even less verbose. No progress output will be provided. +.TP +.B \-R +Generate SUSP and RR records using the Rock Ridge protocol to further describe +the files on the iso9660 filesystem. +.TP +.B \-r +This is like the \-R option, but file ownership and modes are set to +more useful values. The uid and gid are set to zero, because they are +usually only useful on the author's system, and not useful to the +client. All the file read bits are set true, so that files and +directories are globally readable on the client. If any execute bit is +set for a file, set all of the execute bits, so that executables are +globally executable on the client. If any search bit is set for a +directory, set all of the search bits, so that directories are globally +searchable on the client. All write bits are cleared, because the +CD-Rom will be mounted read-only in any case. If any of the special +mode bits are set, clear them, because file locks are not useful on a +read-only file system, and set-id bits are not desirable for uid 0 or +gid 0. +When used on Win32, the execute bit is set on +.I all +files. +.TP +.BI \-sysid " ID +Specifies the system ID. +This parameter can also be set in the file +.B \&.mkisofsrc +with SYSI=system_id. +If specified in both places, the command line version is used. +.TP +.B \-T +Generate a file TRANS.TBL in each directory on the CDROM, which can be used +on non-Rock Ridge capable systems to help establish the correct file names. +There is also information present in the file that indicates the major and +minor numbers for block and character devices, and each symlink has the name of +the link file given. +.TP +.BI \-table-name " TABLE_NAME +Alternative translation table file name (see above). Implies the +.I \-T +option. +.TP +.BI \-V " volid +Specifies the volume ID (volume name or label) to be written into the +master block. This parameter can also be set in the file +.I \&.mkisofsrc +with VOLI=id. +If specified in both places, the command line version is used. Note that +if you assign a volume ID, this is the name that will be used as the mount +point used by the Solaris volume management system and the name that is +assigned to the disc on a Windows or Mac platform. +.TP +.BI \-volset " ID +Specifies the volset ID. +This parameter can also be set in the file +.B \&.mkisofsrc +with VOLS=volset_id. +If specified in both places, the command line version is used. +.TP +.BI \-volset-size " # +Sets the volume set size to #. +The volume set size is the number of CD's that are in a CD set. +The +.B \-volset-size +option may be used to create CD's that are part of e.g. a Operation +System installation set of CD's. +The option +.B \-volset-size +must be specified before +.B \-volset-seqno +on each command line. +.TP +.BI \-volset-seqno " # +Sets the volume set sequence number to #. +The volume set sequence number is the index number of the current +CD in a CD set. +The option +.B \-volset-size +must be specified before +.B \-volset-seqno +on each command line. +.TP +.B \-v +Verbose execution. If given twice on the command line, extra debug information will be printed. +.TP +.BI \-x " path +Exclude +.I path +from being written to CDROM. +.I path +must be the complete pathname that results from concatenating the pathname +given as command line argument and the path relative to this directory. +Multiple paths may be excluded (up to 1000). +Example: + +mkhybrid \-o cd \-x /local/dir1 \-x /local/dir2 /local +.sp +NOTE: The \-m and \-x option description should both be updated, they are wrong. +Both now work identical and use filename globbing. A file is excluded if either +the last component matches or the whole path matches. +.TP +.B \-z +Generate special SUSP records for transparently compressed files. This is +only of use and interest for hosts that support transparent decompression. +This is an experimental feature, and no hosts yet support this, but there +are ALPHA patches for Linux that can make use of this feature. +.SH HFS OPTIONS +.TP +.B \-hfs +Create an ISO9660/HFS hybrid CD. By default, all source files are checked to +attempt to recognise files stored in one of the known Apple/Unix file formats. +See the +.B MACINTOSH FILE FORMATS +section below for more about these formats +.TP +.B \-apple +Create an ISO9660 CD with Apple's extensions. Similar to the +.I \-hfs +option, except that the Apple Extensions to ISO9660 are added instead of +creating an HFS hybrid volume. +.TP +.BI \-map " mapping_file +Use the +.I mapping_file +to set the CREATOR and TYPE information for a file based on the +filename's extension. A filename is +mapped only if it is not one of the know Apple/Unix file formats. See the +.B CREATOR/TYPE +section below. +.TP +.BI \-magic " magic_file +The CREATOR and TYPE information is set by using a file's +.I magic number +(usually the first few bytes of a file). The +.I magic_file +is only used if a file is not one of the known Apple/Unix file formats, or +the filename extension has not been mapped using the +.I \-map +option. See the +.B CREATOR/TYPE +section below for more details. +.TP +.B \-no-mac-files +Disables searching for Apple/Unix files. This will speed up processing if +there are none of the known Apple/Unix format files in the source directory +trees (the source directories just contain ordinary files). The +.I \-map +and/or +.I \-magic +option can be used to set the CREATOR and TYPE for each file. +.TP +.B \-probe +Search the contents of files for Apple/Unix file formats. When +.I \-hfs +or +.I \-apple +is used, mkhybrid will attempt to work out automatically what type of +Apple/Unix format each file is. However, the only way to check for +.I MacBinary +and +.I AppleSingle +files is to open and read them. Therefore, if +.I MacBinary +or +.I AppleSingle +format files are being used, then you need to give this option. +This saves opening and searching every file if no +.I MacBinary +and/or +.I AppleSingle +files exist. Or you could use the relevant +.I double dash +options given below. +.TP +.B \-no-desktop +Do not create (empty) Desktop files. New HFS Desktop files will be created +when the CD is used on a Macintosh (and stored in the System Folder). +By default, empty Desktop files are added to the HFS volume. +.TP +.B \-mac-name +Use the HFS filename as the starting point for the ISO9660, Joliet and +Rock Ridge file names. See the +.B MACINTOSH FILE NAMES +section below for more information. +.TP +.BI \-boot-hfs-file " driver_file +Installs the +.I driver_file +that +.I may +make the CD bootable on a Macintosh. See the +.B HFS BOOT DRIVER +section below. (Alpha). +.TP +.B \-part +Generate an HFS partition table. By default, no partition table is generated, +but some older Macintosh CDROM drivers need an HFS partition table on the +CDROM to be able to recognize a hybrid CDROM. +.TP +.BI \-auto " AutoStart_file +Make the HFS CD use the QuickTime 2.0 Autostart feature to launch an +application or document. The given filename must be the name of a document or +application located at the top level of the CD. The filename must be less +than 12 characters. (Alpha). +.TP +.BI \-cluster-size " size +Set the size in bytes of the cluster or allocation units of PC Exchange +files. See the +.B MACINTOSH FILE FORMATS +section below. +.TP +.BI \-hide-hfs " glob +Hide +.I glob +from the HFS volume. The file or directory will still exist in the +ISO9660 and/or Joliet directory. +.I glob +is a shell wild-card-style pattern that must match any part of the filename +Multiple globs may be excluded (up to 1000). +Example: + +mkhybrid \-o rom \-hfs \-hide-hfs '*.o' \-hide-hfs foobar + +would exclude all files ending in ".o" or called "foobar" +from the HFS volume. Note that if you had a directory called +"foobar" it too (and of course all its descendants) would be excluded. +The +.I glob +can also be a path name relative to the source directories given on the +command line. Example: + +mkhybrid \-o rom \-hfs \-hide-hfs src/html src + +would exclude just the file or directory called "html" from the "src" +directory. Any other file or directory called "html" in the tree will +not be excluded. +Should be used with the +.I \-hide +and/or +.I \-hide-joliet +options. +.TP +.BI \-hide-hfs-list " file +A file containing a list of +.I globs +to be hidden as above. +.TP +.BI \-hfs-volid " hfs_volid +Volume name for the HFS partition. This is the name that is +assigned to the disc on a Macintosh and replaces the +.I volid +used with the +.I \-V +option +.TP +.BI \-hfs-bless " folder_name +"Bless" the given directory (folder). This is usually the +.B System Folder +and is used in creating HFS bootable CDs. The name of the directory must +be the whole path name as +.B mkisofs +sees it. e.g. if the given pathspec is ./cddata and the required folder is +called System Folder, then the whole path name is "./cddata/System Folder" +(remember to use quotes if the name contains spaces). +.TP +.B \--cap +Look for AUFS CAP Macintosh files. Search for CAP Apple/Unix file formats +only. Searching for the other possible Apple/Unix file formats is disabled, +unless other +.I double dash +options are given. +.TP +.B \--netatalk +Look for NETATALK Macintosh files +.TP +.B \--double +Look for AppleDouble Macintosh files +.TP +.B \--ethershare +Look for Helios EtherShare Macintosh files +.TP +.B \--ushare +Look for IPT UShare Macintosh files +.TP +.B \--exchange +Look for PC Exchange Macintosh files +.TP +.B \--sgi +Look for SGI Macintosh files +.TP +.B \--xinet +Look for XINET Macintosh files +.TP +.B \--macbin +Look for MacBinary Macintosh files +.TP +.B \--single +Look for AppleSingle Macintosh files + + +.SH CREATOR/TYPE +A Macintosh file has two properties associated with it which define +which application created the file, the +.I CREATOR +and what data the file contains, the +.IR TYPE . +Both are (exactly) 4 letter strings. Usually this +allows a Macintosh user to double-click on a file and launch the correct +application etc. The CREATOR and TYPE of a particular file can be found by +using something like ResEdit (or similar) on a Macintosh. +.LP +The CREATOR and TYPE information is stored in all the various Apple/Unix +encoded files. +For other files it is possible to base the CREATOR and TYPE on the +filename's extension using a +.I mapping +file (the +.I -map +option) and/or using the +.I magic number +(usually a +.I signature +in the first few bytes) +of a file (the +.I -magic +option). If both these options are given, then their order on the command +line is important. If the +.I -map +option is given first, then a filename extension match is attempted +before a magic number match. However, if the +.I -magic +option is given first, then a magic number match is attempted before a +filename extension match. +.PP +If a mapping or magic file is not used, or no match is found then the default +CREATOR and TYPE for all regular files can be set by using entries in the +.I \&.mkisofsrc +file, otherwise the default CREATOR and TYPE are 'unix' and 'TEXT'. +.PP +The format of the +.I mapping +file is the same +.I afpfile +format as used by +.IR aufs . +This file has five columns for the +.IR extension , +.I file +.IR translation , +.IR CREATOR , +.I TYPE +and +.IR Comment . +Lines starting with the '#' character are +comment lines and are ignored. An example file would be like: +.LP +.TS +tab (/); +l s s s s +l s s s s +l l l l l . +# Example filename mapping file +# +# EXTN/XLate/CREATOR/TYPE/Comment +\&.tif/Raw/'8BIM'/'TIFF'/"Photoshop TIFF image" +\&.hqx/Ascii/'BnHq'/'TEXT'/"BinHex file" +\&.doc/Raw/'MSWD'/'WDBN'/"Word file" +\&.mov/Raw/'TVOD'/'MooV'/"QuickTime Movie" +*/Ascii/'ttxt'/'TEXT'/"Text file" +.TE +.LP +Where: +.IP +The first column +.I EXTN +defines the Unix filename extension to be +mapped. The default mapping for any filename extension that doesn't +match is defined with the "*" character. +.IP +The +.I Xlate +column defines the type of text translation between the Unix and +Macintosh file it is ignored by +.IR mkhybrid, +but is kept to be compatible with +.IR aufs (1). +Although +.I mkhybrid +does not alter the contents of a file, if a binary file has it's TYPE +set as 'TEXT', it +.I may +be read incorrectly on a Macintosh. Therefore a better choice for the +default TYPE may be '????' +.IP +The +.I CREATOR +and +.I TYPE +keywords must be 4 characters long and enclosed in single quotes. +.IP +The comment field is enclosed in double quotes - it is ignored by +.IR mkhybrid , +but is kept to be compatible with +.IR aufs . +.PP +The format of the +.I magic +file is almost identical to the +.IR magic (4) +file used by the Linux +.IR file (1) +command - the routines for reading and decoding the +.I magic +file are based on the Linux +.IR file (1) +command. +.PP +This file has four tab separated columns for the +.I byte +.IR offset , +.IR type , +.I test +and +.IR message . +Lines starting with the '#' character are +comment lines and are ignored. An example file would be like: +.LP +.TS +tab (/); +l s s s +l s s s +l l l l . +# Example magic file +# +# off/type/test/message +0/string/GIF8/8BIM GIFf GIF image +0/beshort/0xffd8/8BIM JPEG image data +0/string/SIT!/SIT! SIT! StuffIt Archive +0/string/\\037\\235/LZIV ZIVU standard unix compress +0/string/\\037\\213/GNUz ZIVU gzip compressed data +0/string/%!/ASPS TEXT Postscript +0/string/\\004%!/ASPS TEXT PC Postscript with a ^D to start +4/string/moov/txtt MooV QuickTime movie file (moov) +4/string/mdat/txtt MooV QuickTime movie file (mdat) +.TE +.PP +The format of the file is described in the +.IR magic (4) +man page. The only difference here is that for each entry in the magic file, the +.I message +for the initial offset +.B must +be 4 characters for the CREATOR followed by 4 characters for the TYPE - +white space is +optional between them. Any other characters on this line are ignored. +Continuation lines (starting with a '>') are also ignored i.e. only the initial +offset lines are used. +.PP +Using the +.I \-magic +option may significantly increase processing time as each file has to opened +and read to find it's magic number. +.PP +In summary, for all files, the default CREATOR is 'unix' and the default +TYPE is 'TEXT'. These can be changed by using entries in the +.I \&.mkisofsrc +file. +.PP +If the a file is in one of the known Apple/Unix formats (and the format +has been selected), then the CREATOR and TYPE are taken from the values +stored in the Apple/Unix file. +.PP +Other files can have their CREATOR and TYPE set from their file name +extension (the +.I \-map +option), or their magic number (the +.I \-magic +option). If the default match is used in the +.I mapping +file, then these values override the default CREATOR and TYPE. +.\".PP +.\"A full CREATOR/TYPE database can be found at +.\"http://www.angelfire.com/il/szekely/index.html + +.SH MACINTOSH FILE FORMATS +Macintosh files have two parts called the +.I Data +and +.I Resource +fork. Either may be empty. Unix (and many other OSs) can only +cope with files having one part (or fork). To add to this, Macintosh files +have a number of attributes associated with them - probably the most +important are the TYPE and CREATOR. Again Unix has no concept of these +types of attributes. +.PP +e.g. a Macintosh file may be a JPEG image where the image is stored in the +Data fork and a desktop thumbnail stored in the Resource fork. It is usually +the information in the data fork that is useful across platforms. +.PP +Therefore to store a Macintosh file on a Unix filesystem, a way has to be +found to cope with the two forks and the extra attributes (which are +referred to as the +.I finder +.IR info). +Unfortunately, it seems that every software package that stores Macintosh +files on Unix has chosen a completely different storage method. +.PP +The Apple/Unix formats that +.I mkhybrid +(partially) supports are: +.IP "CAP AUFS format" +Data fork stored in a file. Resource fork in subdirectory .resource +with same filename as data fork. Finder info +in .finderinfo subdirectory with same filename. +.IP "AppleDouble/Netatalk" +Data fork stored in a file. Resource fork stored in a file with +same name prefixed with "%". Finder info also stored in same +"%" file. Netatalk uses the same format, but the resource +fork/finderinfo stored in subdirectory .AppleDouble with same +name as data fork. +.IP AppleSingle +Data structures similar to above, except both forks and finder +info are stored in one file. +.IP "Helios EtherShare" +Data fork stored in a file. Resource fork and finder info together in +subdirectory .rsrc with same filename as data fork. +.IP "IPT UShare" +Very similar to the EtherShare format, but the finder info +is stored slightly differently. +.IP MacBinary +Both forks and finder info stored in one file. +.IP "Apple PC Exchange" +Used by Macintoshes to store Apple files on DOS (FAT) disks. +Data fork stored in a file. Resource fork in subdirectory +resource.frk (or RESOURCE.FRK). Finder info as one record +in file finder.dat (or FINDER.DAT). Separate finder.dat for +each data fork directory. +.IP +Note: normally files should be accessed directly from the DOS media as +.I mkhybrid +needs to find out the native FAT cluster size. +If the native FAT cluster size is known, then the +.I -cluster-size +option can be used to set the cluster size - useful if PC Exchange files have +be copied from DOS disks before running +.IR mkhybrid . +The cluster or allocation size can be found by using the DOS utility +.IR CHKDSK . +.IP +May not work with PC Exchange v2.2 or higher files (available with MacOS 8.1). +DOS media containing PC Exchange files should be mounted as type +.B msdos +(not +.BR vfat ) +when using Linux. +.IP "SGI/XINET" +Used by SGI machines when they mount HFS disks. Data fork stored +in a file. Resource fork in subdirectory .HSResource with same +name. Finder info as one record in file .HSancillary. Separate .HSancillary +for each data fork directory. +.LP +.I mkhybrid +will attempt to set the CREATOR, TYPE, date and possibly other flags from +the finder info. Additionally, if it exists, the Macintosh filename is set +from the finder info, otherwise the Macintosh name is based on the Unix +filename - see the MACINTOSH FILE NAMES section below. +.PP +When using the +.I \-apple +option, the TYPE and CREATOR are stored in the optional System Use or SUSP field +in the ISO9660 Directory Record - in much the same way as the Rock Ridge +attributes are. In fact to make life easy, the Apple extensions are added +at the beginning of the existing Rock Ridge attributes (i.e. to get the Apple +extensions you get the Rock Ridge extensions as well). +.PP +The Apple extensions require the resource fork to be stored as an ISO9660 +.I associated +file. This is just like any normal file stored in the ISO9660 filesystem +except that the associated file flag is set in the Directory Record (bit +2). This file has the same name as the data fork (the file seen by +non-Apple machines). Associated files are normally ignored by other OSs +.PP +When using the +.I \-hfs +option, the TYPE and CREATOR plus other finder info, are stored in a separate +HFS directory, not visible on the ISO9660 volume. The HFS directory references +the same data and resource fork files described above. +.PP +In most cases, it is better to use the +.I \-hfs +option instead of the +.I \-apple +option, as the latter imposes the limited ISO9660 characters allowed in +filenames. However, the Apple extensions do give the advantage that the +files are packed on the disk more efficiently and it may be possible to fit +more files on a CD - important when the total size of the source files is +approaching 650MB. + + + +.SH MACINTOSH FILE NAMES +Where possible, the HFS filename that is stored with an Apple/Unix file +is used for the HFS part of the CD. However, not all the Apple/Unix +encodings store the HFS filename with the finderinfo. In these cases, +the Unix filename is used - with escaped special characters. Special +characters include '/' and characters with codes over 127. +.PP +Aufs escapes these characters by using ":" followed by the character code +as two hex digits. Netatalk and EtherShare have a similar scheme, but uses +"%" instead of a ":". +.PP +If mkhybrid can't find an HFS filename, then it uses the Unix name, with +any %xx or :xx characters (xx == two hex digits) converted to a single +character code. If "xx" are not hex digits ([0-9a-fA-F]), then they are +left alone - although any remaining ":" is converted to "%" as colon +is the HFS directory separator. Care must be taken, as an ordinary Unix +file with %xx or :xx will also be converted. e.g. +.PP +.TS +l l +l s +l l +l s +l l . +This:2fFile converted to This/File + +This:File converted to This%File + +This:t7File converted to This%t7File +.TE +.PP +Although HFS filenames appear to support upper and lower case letters, +the filesystem is case insensitive. i.e. the filenames "aBc" and "AbC" +are the same. If a file is found in a directory with the same HFS name, +then +.I mkhybrid +will attempt, where possible, to make a unique name by adding '_' characters +to one of the filenames. +.PP +If an HFS filename exists for a file, then mkhybrid can use this name as +the starting point for the ISO9660, Joliet and Rock Ridge filenames using +the +.I \-mac-name +option. Normal Unix files without an HFS name will still use their Unix name. +e.g. +.PP +If a +.I MacBinary +(or +.I PC +.IR Exchange ) +file is stored as +.I someimage.gif.bin +on the Unix filesystem, but contains a HFS file called +.IR someimage.gif , +then this is the name that would appear on the HFS part of the CD. However, as +mkhybrid uses the Unix name as the starting point for the other names, then +the ISO9660 name generated will probably be +.I SOMEIMAG.BIN +and the Joliet/Rock Ridge would be +.IR someimage.gif.bin . +Although the actual data (in this case) is a GIF image. This option will use +the HFS filename as the starting point and the ISO9660 name will probably be +.I SOMEIMAG.GIF +and the Joliet/Rock Ridge would be +.IR someimage.gif . +.PP +Using the +.I \-mac-name +option will not currently work with the +.I \-T +option - the Unix +name will be used in the TRANS.TBL file, not the Macintosh name. +.PP +The existing mkisofs code will filter out any illegal characters for the +ISO9660 and Joliet filenames, but as mkisofs expects to be dealing +directly with Unix names, it leaves the Rock Ridge names as is. +But as '/' is a legal HFS filename character, the +.I -mac-name +option coverts '/' to a '_' in a Rock Ridge filenames. +.PP +If the Apple extensions are used, then only the ISO9660 filenames will +appear on the Macintosh. However, as the Macintosh ISO9660 drivers can use +.I Level 2 +filenames, then you can use the +.I \-l +option without problems on +a Macintosh - still take care over the names, for example +.I this.file.name +will be converted to +.I THIS.FILE +i.e. only have one '.', also filename +.I abcdefgh +will be seen as +.I ABCDEFGH +but +.I abcdefghi +will be seen as +.I ABCDEFGHI. +i.e. with a '.' at the end - don't know if this is a Macintosh +problem or mkisofs/mkhybrid problem. All filenames will be in uppercase +when viewed on a Macintosh. Of course, DOS/Win3.X machines will not be able +to see Level 2 filenames... +.PP +As Macintosh filenames do use the '~' and '#' characters (especially when +using PC Exchange Macintosh files), then the +.I \-a +option should be given. + +.SH HFS BOOT DRIVER +It +.I may +be possible to make the hybrid CD bootable on a Macintosh. +.PP +A bootable HFS CD requires an Apple CD-ROM (or compatible) driver, a bootable +HFS partition and the necessary System, Finder, etc. files. +.PP +A driver can be obtained from any other Macintosh bootable CD-ROM using the +.I apple_driver +utility. This file can then be used with the +.I \-boot-hfs-file +option. +.PP +The HFS partition (i.e. the hybrid disk in our case) must contain a +suitable System Folder, again from another CD-ROM or disk. +.PP +For a partition to be bootable, it must have it's +.I boot block +set. The boot +block is in the first two blocks of a partition. For a non-bootable partition +the boot block is full of zeros. Normally, when a System file is copied to +partition on a Macintosh disk, the boot block is filled with a number of +required settings - unfortunately I don't know the full spec for the boot +block, so I'm guessing that the following will work OK. +.PP +Therefore, the utility +.I apple_driver +also extracts the boot block from the +first HFS partition it finds on the given CD-ROM and this is used for the +HFS partition created by +.IR mkhybrid . +.IP "PLEASE NOTE" +By using a driver from an Apple CD and copying Apple software to your CD, +you become liable to obey Apple Computer, Inc. Software License Agreements. +.PP + +.SH CONFIGURATION +.B mkhybrid +looks for the +.IR \&.mkisofsrc +file, +first in the current working directory, +then in the user's home directory, +and then in the directory in which the +.B mkhybrid +binary is stored. This file is assumed to contain a series of lines +of the form "TAG=value", and in this way you can specify certain +options. +The case of the tag is not significant. +Some fields in the volume header +are not settable on the command line, but can be altered through this +facility. +Comments may be placed in this file, +using lines which start with a hash (#) character. +.TP +APPI +The application identifier +should describe the application that will be on the disc. +There is space on the disc for 128 characters of information. +May be overridden using the \-A command line option. +.TP +COPY +The copyright information, +often the name of a file on the disc containing the copyright notice. +There is space in the disc for 37 characters of information. +May be overridden using the +.B \-copyright +command line option. +.TP +ABST +The abstract information, +often the name of a file on the disc containing an abstract. +There is space in the disc for 37 characters of information. +May be overridden using the +.B \-abstract +command line option. +.TP +BIBL +The bibliographic information, +often the name of a file on the disc containing a bibliography. +There is space in the disc for 37 characters of information. +May be overridden using the +.B \-bilio +command line option. +.TP +PREP +This should describe the preparer of the CDROM, +usually with a mailing address and phone number. +There is space on the disc for 128 characters of information. +May be overridden using the +.B \-p +command line option. +.TP +PUBL +This should describe the publisher of the CDROM, +usually with a mailing address and phone number. +There is space on the disc for 128 characters of information. +May be overridden using the +.B \-P +command line option. +.TP +SYSI +The System Identifier. +There is space on the disc for 32 characters of information. +May be overridden using the +.B \-sysid +command line option. +.TP +VOLI +The Volume Identifier. +There is space on the disc for 32 characters of information. +May be overridden using the +.B \-V +command line option. +.TP +VOLS +The Volume Set Name. +There is space on the disc for 278 characters of information. +May be overridden using the +.B \-volset +command line option. +.TP +TYPE +The default TYPE for Macintosh files. Must be exactly 4 characters. +.TP +CREATOR +The default CREATOR for Macintosh files. Must be exactly 4 characters. +.PP +.B mkhybrid +can also be configured at compile time with defaults for many of these fields. +See the file defaults.h. +.SH AUTHOR +.B mkisofs +is not based on the standard mk*fs tools for unix, because we must generate +a complete copy of an existing filesystem on a disk in the iso9660 +filesystem. The name mkisofs is probably a bit of a misnomer, since it +not only creates the filesystem, but it also populates it as well. +.PP +.br +Eric Youngdale <ericy@gnu.ai.mit.edu> or <eric@andante.jic.com> wrote both the +Linux isofs9660 filesystem and the mkisofs utility, and is currently +maintaining them. The copyright for the mkisofs utility is held by +Yggdrasil Computing, Incorporated. +.PP +.B mkhybrid +is based on +.B mkisofs +and works in exactly the same way as +.B mkisofs +without the HFS options. The change in name is to signify that it does +something extra. If you do not need the HFS options, then you should +really be using +.IR mkisofs . +.PP +HFS hybrid code Copyright (C) James Pearson 1997, 1998, 1999 +.br +libhfs code Copyright (C) 1996, 1997 Robert Leslie +.br +libfile code Copyright (C) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, +1992, 1994, 1995. +.PP + +.SH BUGS +Any files that have hard links to files not in the tree being copied to the +iso9660 filesystem will have an incorrect file reference count. +.PP +There may be some other ones. Please, report them to the author. + +.SH HFS PROBLEMS/LIMITATIONS +I have had to make several assumptions on how I expect the modified +libhfs routines to work, however there may be situations that either +I haven't thought of, or come across when these assumptions fail. +Therefore I can't guarantee that mkhybrid will work as expected +(although I haven't had a major problem yet). Most of the HFS features work +fine, however, some are not fully tested. These are marked as +.I Alpha +above. +.PP +Output volume size must be at least 800Kb (libhfs limit - shouldn't +really be a problem). +.PP +Although HFS filenames appear to support upper and lower case letters, +the filesystem is case insensitive. i.e. the filenames "aBc" and "AbC" +are the same. If a file is found in a directory with the same HFS name, then +.I mkhybrid +will attempt, where possible, to make a unique name by adding '_' characters +to one of the filenames. +.PP +HFS file/directory names that share the first 31 characters have +_N' (N == decimal number) substituted for the last few characters +to generate unique names. +.PP +Care must be taken when "grafting" Apple/Unix files or directories (see +above for the method and syntax involved). It is not possible to use a +new name for an Apple/Unix encoded file/directory. e.g. If a Apple/Unix +encoded file called "oldname" is to added to the CD, then you can not use +the command line: +.IP +mkhybrid -o output.raw -hfs newname=oldname cd_dir +.LP +mkhybrid will be unable to decode "oldname". However, you can graft +Apple/Unix encoded files or directories as long as you do not attempt to +give them new names as above. +.PP +The +.I -M +option has no real meaning with an HFS volume - and will probably not work. +.PP +Symbolic links (as with all other non-regular files) are not added to +the HFS directory. +.PP +Hybrid volumes may be larger than pure ISO9660 volumes +containing the same data. +.PP +The resulting hybrid volume can be accessed on a Unix machine by using +the hfsutils routines. However, no changes should be made to the +contents of the volume as it's not a "real" HFS volume. +.PP +Using the +.I \-mac-name +option will not currently work with the +.I \-T +option - the Unix +name will be used in the TRANS.TBL file, not the Macintosh name. +.PP +Although +.I mkhybrid +does not alter the contents of a file, if a binary file has it's TYPE +set as 'TEXT', it +.I may +be read incorrectly on a Macintosh. Therefore a better choice for the +default TYPE may be '????' +.PP +The +.I \-mac-boot-file +option may not work at all... +.PP +The +.I \-a +option should be used at all times. It may well become the default in future +releases. +.PP +May not work with PC Exchange v2.2 or higher files (available with MacOS 8.1). +DOS media containing PC Exchange files should be mounted as type +.B msdos +(not +.BR vfat ) +when using Linux. +.PP +.SH SEE ALSO +.IR mkisofs (8), +.IR magic (5), +.IR apple_driver (8) +.SH FUTURE IMPROVEMENTS +Some sort of gui interface. +.\".SH AVAILABILITY +.\".B mkisofs +.\"is available for anonymous ftp +.\"from ftp://tsx-11.mit.edu/pub/linux/packages/mkisofs +.\"and many other mirror sites. +.\".PP +.\".B mkhybrid +.\"is available from ftp://ftp.ge.ucl.ac.uk/pub/mkhfs and +.\".B hfsutils +.\"from ftp://ftp.mars.org/pub/hfs diff --git a/static/openbsd/man8/mkisofs.8 b/static/openbsd/man8/mkisofs.8 new file mode 100644 index 00000000..4aad2ec9 --- /dev/null +++ b/static/openbsd/man8/mkisofs.8 @@ -0,0 +1,689 @@ +.\" -*- nroff -*- +.\" +.\" $Id: mkisofs.8,v 1.1 2000/10/10 20:40:19 beck Exp $ +.\" +.TH MKISOFS 8 "17 Feb 1998" "Version 1.12b5" +.SH NAME +mkisofs \- create a iso9660 filesystem with optional Rock Ridge attributes. +.SH SYNOPSIS +.B mkisofs +[ +.B \-a +] +[ +.B \-abstract +.I FILE +] +[ +.B \-biblio +.I FILE +] +[ +.B \-b +.I boot_image +] +[ +.B \-c +.I boot_catalog +] +[ +.B \-copyright +.I FILE +] +[ +.B \-A +.I application_id +] +[ +.B \-f +] +[ +.B \-d +] +[ +.B \-D +] +[ +.B \-hide +.I glob +] +[ +.B \-hide-joliet +.I glob +] +[ +.B \-J +] +[ +.B \-l +] +[ +.B \-L +] +[ +.B \-log-file +.I log_file +] +[ +.B -no-split-symlink-components +] +[ +.B -no-split-symlink-fields +] +[ +.B \-p +.I preparer +] +[ +.B \-print-size +] +[ +.B \-P +.I publisher +] +[ +.B \-quiet +] +[ +.B \-r +] +[ +.B \-R +] +[ +.B \-sysid +.I ID +] +[ +.B \-T +] +[ +.B \-v +] +[ +.B \-V +.I volid +] +[ +.B \-volset +.I ID +] +[ +.B \-volset-size +.I # +] +[ +.B \-volset-seqno +.I # +] +[ +.B \-x +.I path +] +[ +.B \-z +] +[ +.B \-m +.I glob +] +.B \-o +.I filename +.I pathspec [pathspec] +.SH DESCRIPTION +.B mkisofs +is effectively a pre-mastering program to generate the iso9660 filesystem - it +takes a snapshot of a given directory tree, and generates a binary image which +will correspond to an iso9660 filesystem when written to a block device. +.PP +.B mkisofs +is also capable of generating the System Use Sharing Protocol records specified +by the Rock Ridge Interchange Protocol. This is used to further describe the +files in the iso9660 filesystem to a unix host, and provides information such +as longer filenames, uid/gid, posix permissions, and block and character +devices. +.PP +Each file written to the iso9660 filesystem must have a filename in the 8.3 +format (8 characters, period, 3 characters, all upper case), even if Rock Ridge +is in use. This filename is used on systems that are not able to make use of +the Rock Ridge extensions (such as MS-DOS), and each filename in each directory +must be different from the other filenames in the same directory. +.B mkisofs +generally tries to form correct names by forcing the unix filename to upper +case and truncating as required, but often times this yields unsatisfactory +results when there are cases where the +truncated names are not all unique. +.B mkisofs +assigns weightings to each filename, and if two names that are otherwise the +same are found the name with the lower priority is renamed to have a 3 digit +number as an extension (where the number is guaranteed to be unique). An +example of this would be the files foo.bar and +foo.bar.~1~ - the file foo.bar.~1~ would be written as FOO.000;1 and the file +foo.bar would be written as FOO.BAR;1 +.PP +Note that +.B mkisofs +is not designed to communicate with the writer directly. Most writers +have proprietary command sets which vary from one manufacturer to +another, and you need a specialized tool to actually burn the disk. +The +.B cdwrite +utility is one such tool that runs under Linux and performs this task. +The latest version of +.B cdwrite +is capable of communicating with the Phillips/IMS/Kodak, HP and Yamaha drives +that have been manufactured before 1997. +Most writers come with some version of DOS software that allows a direct image +copy of an iso9660 image to the writer. The current version of +.B cdwrite +is available from sunsite.unc.edu: /utils/disk-management/cdwrite-2.0.tar.gz +Note that cdwrite has not been actively maintained since 1995. +.PP +The +.B +cdrecord +utility is another utility capable of burning an actual disc. The latest version +of +.B cdrecord +is available from +ftp://ftp.fokus.gmd.de/pub/unix/cdrecord +Cdrecord is under constant development. +.PP +Also you should know that most cd writers are very particular about timing. +Once you start to burn a disc, you cannot let their buffer empty before you +are done, or you will end up with a corrupt disc. Thus it is critical +that you be able to maintain an uninterrupted data stream to the writer +for the entire time that the disc is being written. +.PP +.br +.B path +is the path of the directory tree to be copied into the iso9660 filesystem. +Multiple paths can be specified, and +.B +mkisofs +will merge the files found in all of the specified path components to form the cdrom +image. +.PP +It is possible to graft the paths at points other than the root +directory, and it is possible to graft files or directories onto the +cdrom image with names different than what they have in the source filesystem. This is +easiest to illustrate with a couple of examples. Let's start by assuming that a local +file ../old.lis exists, and you wish to include it in the cdrom image. + + + foo/bar/=../old.lis + +will include the file old.lis in the cdrom image at /foo/bar/old.lis, while + + foo/bar/xxx=../old.lis + +will include the file old.lis in the cdrom image at /foo/bar/xxx. The +same sort of syntax can be used with directories as well. +.B +mkisofs will create any directories required such that the graft +points exist on the cdrom image - the directories do not need to +appear in one of the paths. Any directories that are created on the +fly like this will have permissions 0555 and appear to be owned by the +person running mkisofs. If you wish other permissions or owners of +the intermediate directories, the easiest solution is to create real +directories in the path such that mkisofs doesn't have to invent them. + +.SH OPTIONS +.TP +.B \-a +Include all files on the iso9660 filesystem. Normally files that contain the +characters '~' or '#' will not be included (these are typically backup files +for editors under unix). +.TP +.BI \-abstract " FILE +Specifies the abstract file name. +This parameter can also be set in the file +.B \&.mkisofsrc +with ABST=filename. +If specified in both places, the command line version is used. +.TP +.BI \-A " application_id +Specifies a text string that will be written into the volume header. +This should describe the application that will be on the disc. There +is space on the disc for 128 characters of information. This parameter can +also be set in the file +.B \&.mkisofsrc +with APPI=id. +If specified in both places, the command line version is used. +.TP +.BI \-biblio " FILE +Specifies the bibliographic file name. +This parameter can also be set in the file +.B \&.mkisofsrc +with BIBLO=filename. +If specified in both places, the command line version is used. +.TP +.BI \-b " boot_image +Specifies the path and filename of the boot image to be used when making +an "El Torito" bootable CD. The pathname must be relative to the source +path specified to +.B mkisofs. +This option is required to make a bootable CD. +The boot image must be exactly the size of either a 1.2, 1.44, or a 2.88 +meg floppy, and +.B mkisofs +will use this size when creating the output iso9660 +filesystem. It is assumed that the first 512 byte sector should be read +from the boot image (it is essentially emulating a normal floppy drive). +This will work, for example, if the boot image is a LILO based boot floppy. +.TP +.BI \-C " last_sess_start,next_sess_start +This option is needed when +.B mkisofs +is used to create the image of a second session or a higher level session +for a multi session disk. +The option +.B \-C +takes a pair of two numbers separated by a comma. The first number is the +sector number of the first sector in the last session of the disk +that should be appended to. +The second number is the starting sector number of the new session. +The expected pair of numbers may be retrieved by calling +.B "cdrecord -msinfo ... +the +.B \-C +option may only be uses in conjunction with the +.B \-M +option. +.TP +.BI \-c " boot_catalog +Specifies the path and filename of the boot catalog to be used when making +an "El Torito" bootable CD. The pathname must be relative to the source +path specified to +.B mkisofs. +This option is required to make a bootable CD. +This file will be created by +.B mkisofs +in the source filesystem, so be +sure the specified filename does not conflict with an existing file, as +it will be quietly overwritten! Usually a name like "boot.catalog" is +chosen. +.TP +.BI \-copyright " FILE +Specifies the Copyright file name. +This parameter can also be set in the file +.B \&.mkisofsrc +with COPY=filename. +If specified in both places, the command line version is used. +.TP +.B \-d +Omit trailing period from files that do not have a period. This violates the +ISO9660 standard, but it happens to work on many systems. Use with caution. +.TP +.B \-D +Do not use deep directory relocation, and instead just pack them in the +way we see them. This violates the ISO9660 standard, but it works on many +systems. Use with caution. +.TP +.B \-f +Follow symbolic links when generating the filesystem. When this option is not +in use, symbolic links will be entered using Rock Ridge if enabled, otherwise +the file will be ignored. +.TP +.BI \-hide " glob +Hide +.I glob +from being seen on the ISO9660 or Rock Ridge directory. +.I glob +is a shell wild-card-style pattern that must match any part of the filename +or path. +Multiple globs may be hidden (up to 1000). +If +.I glob +matches a directory, then the contents of that directory will be hidden. +All the hidden files will still be written to the output CD image file. +Should be used with the +.B \-hide-joliet +option. +.TP +.BI \-hide-joliet " glob +Hide +.I glob +from being seen on the Joliet directory. +.I glob +is a shell wild-card-style pattern that must match any part of the filename +or path. +Multiple globs may be hidden (up to 1000). +If +.I glob +matches a directory, then the contents of that directory will be hidden. +All the hidden files will still be written to the output CD image file. +Should be used with the +.B \-hide +option. +.TP +.B \-l +Allow full 32 character filenames. Normally the ISO9660 filename will be in an +8.3 format which is compatible with MS-DOS, even though the ISO9660 standard +allows filenames of up to 32 characters. If you use this option, the disc may +be difficult to use on a MS-DOS system, but this comes in handy on some other +systems (such as the Amiga). Use with caution. +.TP +.B \-J +Generate Joliet directory records in addition to regular iso9660 file +names. This is primarily useful when the discs are to be used on Windows-NT +or Windows-95 machines. The Joliet filenames are specified in Unicode and +each path component can be up to 64 Unicode characters long. +.TP +.B \-L +Allow filenames to begin with a period. Usually, a leading dot is +replaced with an underscore in order to maintain MS-DOS compatibility. +.TP +.BI \-log-file " log_file +Redirect all error, warning and informational messages to +.I log_file +instead of the standard error. +.TP +.BI \-m " glob +Exclude +.I glob +from being written to CDROM. +.I glob +is a shell wild-card-style pattern that must match part of the filename (not +the path as with option +.BR -x ). +Technically +.I glob +is matched against the +.I d->d_name +part of the directory entry. +Multiple globs may be excluded (up to 1000). +Example: + +mkisofs \-o rom \-m '*.o' \-m core \-m foobar + +would exclude all files ending in ".o", called "core" or "foobar" to be +copied to CDROM. Note that if you had a directory called "foobar" it too (and +of course all its descendants) would be excluded. +.sp +NOTE: The \-m and \-x option description should both be updated, they are wrong. +Both now work identical and use filename globbing. A file is exluded if either +the last component matches or the whole path matches. +.TP +.BI \-M " path +or +.TP +.BI \-M " device +Specifies path to existing iso9660 image to be merged. The alternate form +takes a SCSI device specifier that uses the same syntax as the +.B "dev= +parameter of +.B cdrecord. +The output of +.B mkisofs +will be a new session which should get written to the end of the +image specified in -M. Typically this requires multi-session capability +for the recorder and cdrom drive that you are attempting to write this +image to. +This option may only be used in conjunction with the +.B \-C +option. +.TP +.B \-N +Omit version numbers from ISO9660 file names. This may violate the ISO9660 +standard, but no one really uses the version numbers anyway. Use with caution. +.TP +.B \-no-split-symlink-components +Don't split the SL components, but begin a new Continuation Area (CE) +instead. This may waste some space, but the SunOS 4.1.4 cdrom driver +has a bug in reading split SL components (link_size = component_size +instead of link_size += component_size). +.TP +.B \-no-split-symlink-fields +Don't split the SL fields, but begin a new Continuation Area (CE) +instead. This may waste some space, but the SunOS 4.1.4 and +Solaris 2.5.1 cdrom driver have a bug in reading split SL fields +(a `/' can be dropped). +.TP +.BI \-o " filename +is the name of the file to which the iso9660 filesystem image should be +written. This can be a disk file, a tape drive, or it can correspond directly +to the device name of the optical disc writer. If not specified, stdout is +used. Note that the output can also be a block special device for a regular +disk drive, in which case the disk partition can be mounted and examined to +ensure that the premastering was done correctly. +.TP +.BI \-P " publisher_id +Specifies a text string that will be written into the volume header. +This should describe the publisher of the CDROM, usually with a +mailing address and phone number. There is space on the disc for 128 +characters of information. This parameter can also be set in the file +.B \&.mkisofsrc +with PUBL=. +If specified in both places, the command line version is used. +.TP +.BI \-p " preparer_id +Specifies a text string that will be written into the volume header. +This should describe the preparer of the CDROM, usually with a mailing +address and phone number. There is space on the disc for 128 +characters of information. This parameter can also be set in the file +.B \&.mkisofsrc +with PREP=. +If specified in both places, the command line version is used. +.TP +.B \-print-size +Print estimated filesystem size and exit. This option is needed for +Disk At Once mode and with some CD-R drives when piping directly into +.B cdrecord. +In this case it is needed to know the size of the filesustem before the +actual CD-creation is done. +The option \-print-size allows to get this size from a "dry-run" before +the CD is actually written. +.TP +.B \-R +Generate SUSP and RR records using the Rock Ridge protocol to further describe +the files on the iso9660 filesystem. +.TP +.B \-r +This is like the \-R option, but file ownership and modes are set to +more useful values. The uid and gid are set to zero, because they are +usually only useful on the author's system, and not useful to the +client. All the file read bits are set true, so that files and +directories are globally readable on the client. If any execute bit is +set for a file, set all of the execute bits, so that executables are +globally executable on the client. If any search bit is set for a +directory, set all of the search bits, so that directories are globally +searchable on the client. All write bits are cleared, because the +CD-Rom will be mounted read-only in any case. If any of the special +mode bits are set, clear them, because file locks are not useful on a +read-only file system, and set-id bits are not desirable for uid 0 or +gid 0. +.TP +.BI \-sysid " ID +Specifies the system ID. +This parameter can also be set in the file +.B \&.mkisofsrc +with SYSI=system_id. +If specified in both places, the command line version is used. +.TP +.B \-T +Generate a file TRANS.TBL in each directory on the CDROM, which can be used +on non-Rock Ridge capable systems to help establish the correct file names. +There is also information present in the file that indicates the major and +minor numbers for block and character devices, and each symlink has the name of +the link file given. +.TP +.BI \-V " volid +Specifies the volume ID to be written into the master block. This +parameter can also be set in the file +.B \&.mkisofsrc +with VOLI=id. +If specified in both places, the command line version is used. Note that +if you assign a volume ID, this is the name that will be used as the mount +point used by the Solaris volume management system and the name that is +assigned to the disc on a Windows or Mac platform. +.TP +.BI \-volset " ID +Specifies the volset ID. +This parameter can also be set in the file +.B \&.mkisofsrc +with VOLS=volset_id. +If specified in both places, the command line version is used. +.TP +.BI \-volset-size " # +Sets the volume set size to #. +The volume set size is the number of CD's that are in a CD set. +The +.B \-volset-size +option may be used to create CD's that are part of e.g. a Operation +System installation set of CD's. +The option +.B \-volset-size +must be specified before +.B \-volset-seqno +on each command line. +.TP +.BI \-volset-seqno " # +Sets the volume set sequence number to #. +The volume set sequence number is the index number of the current +CD in a CD set. +The option +.B \-volset-size +must be specified before +.B \-volset-seqno +on each command line. +.TP +.B \-v +Verbose execution. +.TP +.BI \-x " path +Exclude +.I path +from being written to CDROM. +.I path +must be the complete pathname that results from concatenating the pathname +given as command line argument and the path relative to this directory. +Multiple paths may be excluded (up to 1000). +Example: + +mkisofs \-o cd \-x /local/dir1 \-x /local/dir2 /local +.sp +NOTE: The \-m and \-x option description should both be updated, they are wrong. +Both now work identical and use filename globbing. A file is exluded if either +the last component matches or the whole path matches. +.TP +.B \-z +Generate special SUSP records for transparently compressed files. This is +only of use and interest for hosts that support transparent decompression. +This is an experimental feature, and no hosts yet support this, but there +are ALPHA patches for Linux that can make use of this feature. +.SH CONFIGURATION +.B mkisofs +looks for the +.B \&.mkisofsrc +file, +first in the current working directory, +then in the user's home directory, +and then in the directory in which the +.B mkisofs +binary is stored. This file is assumed to contain a series of lines +of the form +.BI TAG= value, +and in this way you can specify certain options. +The case of the tag is not significant. +Some fields in the volume header +are not settable on the command line, but can be altered through this +facility. +Comments may be placed in this file, +using lines which start with a hash (#) character. +.TP +.B APPI +The application identifier +should describe the application that will be on the disc. +There is space on the disc for 128 characters of information. +May be overridden using the +.B \-A +command line option. +.TP +.B COPY +The copyright information, +often the name of a file on the disc containing the copyright notice. +There is space in the disc for 37 characters of information. +May be overridden using the +.B \-copyright +command line option. +.TP +.B ABST +The abstract information, +often the name of a file on the disc containing an abstract. +There is space in the disc for 37 characters of information. +May be overridden using the +.B \-abstract +command line option. +.TP +.B BIBL +The bibliographic information, +often the name of a file on the disc containing a bibliography. +There is space in the disc for 37 characters of information. +May be overridden using the +.B \-bilio +command line option. +.TP +.B PREP +This should describe the preparer of the CDROM, +usually with a mailing address and phone number. +There is space on the disc for 128 characters of information. +May be overridden using the +.B \-p +command line option. +.TP +.B PUBL +This should describe the publisher of the CDROM, +usually with a mailing address and phone number. +There is space on the disc for 128 characters of information. +May be overridden using the +.B \-P +command line option. +.TP +.B SYSI +The System Identifier. +There is space on the disc for 32 characters of information. +May be overridden using the +.B \-sysid +command line option. +.TP +.B VOLI +The Volume Identifier. +There is space on the disc for 32 characters of information. +May be overridden using the +.B \-V +command line option. +.TP +.B VOLS +The Volume Set Name. +There is space on the disc for 128 characters of information. +May be overridden using the +.B \-volset +command line option. +.PP +.B mkisofs +can also be configured at compile time with defaults for many of these fields. +See the file defaults.h. +.SH AUTHOR +.B mkisofs +is not based on the standard mk*fs tools for unix, because we must generate +a complete copy of an existing filesystem on a disk in the iso9660 +filesystem. The name mkisofs is probably a bit of a misnomer, since it +not only creates the filesystem, but it also populates it as well. +.PP +.br +Eric Youngdale <ericy@gnu.ai.mit.edu> or <eric@andante.jic.com> wrote both the +Linux isofs9660 filesystem and the mkisofs utility, and is currently +maintaining them. The copyright for the mkisofs utility is held by +Yggdrasil Computing, Incorporated. +.SH BUGS +Any files that have hard links to files not in the tree being copied to the +iso9660 filessytem will have an incorrect file reference count. +.PP +There may be some other ones. Please, report them to the author. +.SH FUTURE IMPROVEMENTS +Some sort of gui interface. +.SH AVAILABILITY +.B mkisofs +is available for anonymous ftp from tsx-11.mit.edu in +/pub/linux/packages/mkisofs and many other mirror sites. diff --git a/static/openbsd/man8/mknetid.8 b/static/openbsd/man8/mknetid.8 new file mode 100644 index 00000000..eac95ff2 --- /dev/null +++ b/static/openbsd/man8/mknetid.8 @@ -0,0 +1,125 @@ +.\" $OpenBSD: mknetid.8,v 1.16 2013/07/16 11:13:34 schwarze Exp $ +.\" +.\" Copyright (c) 1996 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 16 2013 $ +.Dt MKNETID 8 +.Os +.Sh NAME +.Nm mknetid +.Nd generate a YP map of group and domain memberships +.Sh SYNOPSIS +.Nm mknetid +.Bk -words +.Op Fl q +.Op Fl d Ar domain +.Op Fl g Ar groupfile +.Op Fl h Ar hostfile +.Op Fl m Ar netidfile +.Op Fl P Ar master.passwdfile +.Op Fl p Ar passwdfile +.Ek +.Sh DESCRIPTION +The +.Nm +utility combines information from the +.Xr passwd 5 , +.Xr group 5 , +.Xr hosts 5 , +and +.Xr netid 5 +files, printing it in +.Xr netid 5 +format to the standard output. +If the +.Xr passwd 5 +file is not available, the +.Xr master.passwd 5 +file is used instead. +The +.Xr netid 5 +file is optional and does not need to exist. +.Pp +The most common application is to pass the output to +.Xr makedbm 8 +in order to create a +.Pa netid.byname +map for the +.Xr yp 8 +subsystem. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar domain +Use +.Ar domain +instead of the default +.Xr domainname 1 . +.It Fl g Ar groupfile +Use +.Ar groupfile +instead of +.Pa /etc/group . +.It Fl h Ar hostfile +Use +.Ar hostfile +instead of +.Pa /etc/hosts . +.It Fl m Ar netidfile +Use +.Ar netidfile +instead of +.Pa /etc/netid . +.It Fl P Ar master.passwdfile +Use +.Ar master.passwdfile +instead of +.Pa /etc/master.passwd . +.It Fl p Ar passwdfile +Use +.Ar passwdfile +instead of +.Pa /etc/passwd . +.It Fl q +Keep quiet about multiple occurrences of a user ID. +Ignore all but the first. +.El +.Sh FILES +.Bl -tag -width /etc/master.passwd -compact +.It Pa /etc/passwd +.It Pa /etc/master.passwd +.It Pa /etc/group +.It Pa /etc/hosts +.It Pa /etc/netid +.El +.Sh SEE ALSO +.Xr domainname 1 , +.Xr group 5 , +.Xr hosts 5 , +.Xr netid 5 , +.Xr passwd 5 , +.Xr Makefile.yp 8 +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se diff --git a/static/openbsd/man8/mknod.8 b/static/openbsd/man8/mknod.8 new file mode 100644 index 00000000..5420fd0a --- /dev/null +++ b/static/openbsd/man8/mknod.8 @@ -0,0 +1,143 @@ +.\" $OpenBSD: mknod.8,v 1.22 2016/10/06 11:43:30 schwarze Exp $ +.\" $NetBSD: mknod.8,v 1.9 1995/08/10 23:47:32 jtc Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mknod.8 8.2 (Berkeley) 12/11/93 +.\" +.Dd $Mdocdate: October 6 2016 $ +.Dt MKNOD 8 +.Os +.Sh NAME +.Nm mknod +.Nd make device special files +.Sh SYNOPSIS +.Nm mknod +.Op Fl m Ar mode +.Ar name +.Cm b Ns | Ns Cm c +.Ar major minor +.Nm mknod +.Op Fl m Ar mode +.Ar name +.Cm p +.Sh DESCRIPTION +The +.Nm +command creates device special files. +Normally the shell script +.Pa /dev/MAKEDEV +is used to create special files for commonly known devices; it executes +.Nm +with the appropriate arguments and can make all the files required for the +device. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl m Ar mode +Set the file permission bits of newly created device special files to +.Ar mode . +The mode argument can be in any of the formats specified to the +.Xr chmod 1 +utility. +If a symbolic mode is specified, the operators +.Ql + +and +.Ql - +are interpreted relative to an initial mode of +.Dq a=rw . +.El +.Pp +To make nodes manually, the arguments are: +.Bl -tag -width majorx +.It Ar name +Device or FIFO name. +For example +.Dq sd +for a SCSI disk or a +.Dq pty +for pseudo-devices. +FIFOs may be named arbitrarily by the user. +.It Cm b | c | p +Type of device or FIFO. +If the device is a block type device such as a tape or disk drive which needs +both cooked and raw special files, +the type is +.Cm b . +All other devices are character type devices, such as terminal +and pseudo devices, and are type +.Cm c . +A FIFO (also known as a named pipe) is type +.Cm p . +.It Ar major +The major device number is an integer number which tells the kernel +which device driver entry point to use. +To learn what major device number to use for a particular device, +check the file +.Pa /dev/MAKEDEV +to see if the device is known. +.It Ar minor +The minor device number tells the kernel which subunit +the node corresponds to on the device; for example, +a subunit may be a filesystem partition +or a tty line. +.Pp +Major and minor device numbers can be given in any format acceptable to +.Xr strtoul 3 , +so that a leading +.Dq 0x +indicates a hexadecimal number, and a leading +.Dq 0 +will cause the number to be interpreted as octal. +.El +.Sh SEE ALSO +.Xr chmod 1 , +.Xr mkfifo 1 , +.Xr mkfifo 2 , +.Xr mknod 2 , +.Xr MAKEDEV 8 +.Sh STANDARDS +As an extension, +.Nm +can also take multiple lists of parameters in one go. +Note that +.Fl m +is not reset from one list to the next so, for example, in +.Pp +.Dl mknod -m 700 name b 12 5 name2 b 12 6 +.Pp +both +.Ar name +and +.Ar name2 +will be mode 700. +.Sh HISTORY +A +.Nm +command appeared in +.At v4 . diff --git a/static/openbsd/man8/mkuboot.8 b/static/openbsd/man8/mkuboot.8 new file mode 100644 index 00000000..fcf51c63 --- /dev/null +++ b/static/openbsd/man8/mkuboot.8 @@ -0,0 +1,96 @@ +.\" $OpenBSD: mkuboot.8,v 1.2 2021/06/01 02:13:15 jsg Exp $ +.\" +.\" Copyright (c) 2008 Mark Kettenis <kettenis@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: June 1 2021 $ +.Dt MKUBOOT 8 +.Os +.Sh NAME +.Nm mkuboot +.Nd create U-Boot files +.Sh SYNOPSIS +.Nm +.Op Fl a Ar arch +.Op Fl e Ar entry +.Op Fl l Ar loadaddr +.Op Fl n Ar name +.Op Fl o Ar os +.Op Fl t Ar type +.Ar infile outfile +.Sh DESCRIPTION +The +.Nm +utility creates images suitable for loading using the U-Boot bootloader. +.Pp +The options are as follows: +.Bl -tag -width xxxxxxxxxxx +.It Fl a Ar arch +Sets the image architecture to +.Ar arch . +For a list of valid arguments, see below. +.It Fl e Ar entry +Sets the entry point to +.Ar entry . +.It Fl l Ar loadaddr +Sets the load address to +.Ar loadaddr . +.It Fl n Ar name +Sets the name of the loaded object inside the generated image. +.It Fl o Ar os +Sets the image OS to +.Ar os . +.Ar os +can be either +.Dq Linux +or +.Dq OpenBSD . +.It Fl t Ar type +Sets the type of the object to be loaded. +For a list of valid arguments, see below. +.El +.Pp +The following arguments are valid as the +.Ar arch +parameter: +.Bd -unfilled -offset indent -compact +aarch64 +alpha +amd64 +arm +i386 +m68k +mips +mips64 +powerpc +sparc +sparc64 +superh +.Ed +.Pp +The following arguments are valid as the +.Ar type +parameter: +.Bd -unfilled -offset indent -compact +standalone +kernel +script +.Ed +.Sh HISTORY +An +.Nm +utility first appeared in +.Ox 4.4 +as +.Nm mkboot . diff --git a/static/openbsd/man8/mopd.8 b/static/openbsd/man8/mopd.8 new file mode 100644 index 00000000..83b2bdb3 --- /dev/null +++ b/static/openbsd/man8/mopd.8 @@ -0,0 +1,119 @@ +.\" $OpenBSD: mopd.8,v 1.20 2022/11/27 14:35:27 schwarze Exp $ +.\" +.\" Copyright (c) 1993-96 Mats O Jansson. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 27 2022 $ +.Dt MOPD 8 +.Os +.Sh NAME +.Nm mopd +.Nd MOP loader daemon +.Sh SYNOPSIS +.Nm mopd +.Op Fl 3 | 4 +.Op Fl adfv +.Ar interface +.Sh DESCRIPTION +.Nm +services MOP Load requests on the Ethernet connected to +.Ar interface +or all interfaces if +.Fl a +is given. +In a load request received by +.Nm +a filename can be given. +This is the normal case for, e.g., terminal servers. +If a filename isn't given, +.Nm +must know what image to load. +.Pp +Upon receiving a request, +.Nm +checks if the requested file exists in +.Pa /tftpboot/mop . +The filename is normally all uppercase and with an extension of +.Pa .SYS . +If the filename isn't given, the Ethernet address of the target is used as +filename (e.g., +.Pa 08002b09f4de.SYS ) , +and it might be a soft link to another file. +.Pp +.Nm +supports two kinds of files. +The file is first checked to see if it is in a.out format. +If not, a few of Digital's formats are checked. +.Pp +In normal operation, +.Nm +forks a copy of itself and runs in +the background. +Anomalies and errors are reported via +.Xr syslog 3 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 3 +Ignore MOP V3 messages (Ethernet II). +.It Fl 4 +Ignore MOP V4 messages (Ethernet 802.3). +.It Fl a +Listen on all the Ethernets attached to the system. +If +.Fl a +is omitted, an interface must be specified. +.It Fl d +Run in debug mode, with all the output to stdout. +The process will run in the foreground. +.It Fl f +Run in the foreground. +.It Fl v +Show version of +.Nm . +.El +.Sh FILES +.Bl -tag -width Pa -compact +.It Pa /tftpboot/mop +.El +.Sh SEE ALSO +.Xr mopa.out 1 , +.Xr mopchk 1 , +.Xr mopprobe 1 , +.Xr moptrace 1 , +.Xr bpf 4 +.Rs +.%B DECnet Digital Network Architecture Phase IV +.%R Maintenance Operations Functional Specification V3.0.0 +.%N AA-X436A-TK +.Re +.Rs +.%B DECnet Digital Network Architecture +.%R Maintenance Operations Protocol Functional Specification V4.0.0 +.%N EK-DNA11-FS-001 +.Re +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se +.Sh BUGS +a.out isn't supported yet on +.Pf non- Bx +implementations (otherOS). diff --git a/static/openbsd/man8/mount.8 b/static/openbsd/man8/mount.8 new file mode 100644 index 00000000..7efff2ea --- /dev/null +++ b/static/openbsd/man8/mount.8 @@ -0,0 +1,411 @@ +.\" $OpenBSD: mount.8,v 1.92 2023/11/10 00:26:00 schwarze Exp $ +.\" $NetBSD: mount.8,v 1.11 1995/07/12 06:23:21 cgd Exp $ +.\" +.\" Copyright (c) 1980, 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mount.8 8.7 (Berkeley) 3/27/94 +.\" +.Dd $Mdocdate: November 10 2023 $ +.Dt MOUNT 8 +.Os +.Sh NAME +.Nm mount +.Nd mount file systems +.Sh SYNOPSIS +.Nm mount +.Op Fl AadfNruvw +.Op Fl t Ar type +.Nm mount +.Op Fl dfrsuvw +.Ar special | node +.Nm mount +.Op Fl dfruvw +.Op Fl o Ar options +.Op Fl t Ar type +.Ar special node +.Sh DESCRIPTION +The +.Nm +command invokes a file system specific program to prepare +and graft the +.Ar special +device or remote node (rhost:path) on to the file system +tree at the point +.Ar node . +If either +.Ar special +or +.Ar node +are not provided, the appropriate information is taken from the +.Xr fstab 5 +file. +.Pp +For disk partitions, the +.Ar special +device is either a +.Xr disklabel 8 +UID (DUID) or an entry in +.Pa /dev . +If it is a DUID, +it will be automatically mapped to the appropriate entry in +.Pa /dev . +In either case the partition must be present +in the disklabel loaded from the device. +The partition name is the last letter in the entry name. +For example, /dev/sd0a and 3eb7f9da875cb9ee.a both refer to the +.Sq a +partition. +.Pp +A mount point +.Ar node +must be an existing directory for a mount to succeed +.Po +except in the special case of +.Pa / , +of course +.Pc . +Only the superuser may mount file systems. +.Pp +The system maintains a list of currently mounted file systems. +If no arguments are given to +.Nm mount , +this list is printed. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +Causes +.Nm +to try to mount all of the file systems listed in the +.Xr fstab 5 +table except those for which the +.Dq noauto +or +.Dq net +options are specified. +.It Fl a +Similar to the +.Fl A +flag, except that if a file system (other than the root file system) +appears to be already mounted, +.Nm +will not try to mount it again. +.Nm +assumes that a file system is already mounted if a file system with +the same type is mounted on the given mount point. +More stringent checks are not possible because some file system types +report strange values for the mounted-from device for mounted file +systems. +.It Fl d +Causes everything to be done except for the invocation of +the file system specific program. +This option is useful in conjunction with the +.Fl v +flag to +determine what the +.Nm +command is trying to do. +.It Fl f +Either force mounting of dirty file systems or, in the case of a +downgrade from read-write to read-only operation, the revocation of +opened files with write access. +.It Fl N +If used with either +.Fl A +or +.Fl a , +.Nm +will only look at file systems which have the +.Dq net +option specified. +By default file systems with the +.Dq net +option are ignored. +.It Fl o Ar options +Options can be given with (or without) a +.Sq no +prefix to invert their meaning. +The options listed below specify non-default values. +For example, +.Sq nosync +is the default, so +.Sq sync +can be used to write regular data synchronously. +Multiple options can be specified in a comma-separated list. +The available options are as follows: +.Bl -tag -width 9n +.It Cm async +Metadata I/O to the file system should be done asynchronously. +By default, only regular data is read/written asynchronously. +.Pp +This is a +.Em dangerous +flag to set since it does not guarantee to keep a consistent +file system structure on the disk. +You should not use this flag +unless you are prepared to recreate the file system should your +system crash. +The most common use of this flag is to speed up +.Xr restore 8 +where it can give a factor of two speed increase. +.It Cm force +The same as +.Fl f ; +forces the revocation of write access when trying to downgrade +a file system mount status from read-write to read-only. +.It Cm noatime +Do not update atime on files in the system unless the mtime or ctime +is being changed as well. +This option is useful for laptops and news servers where one does +not want the extra disk activity associated with updating the atime. +.It Cm nodev +Do not interpret character or block special devices on the file system. +This option is useful for a server that has file systems containing +special devices for architectures other than its own. +.It Cm noexec +Do not allow execution of any binaries on the mounted file system. +This option is useful for a server that has file systems containing +binaries for architectures other than its own. +.It Cm noperm +(FFS only) +Do not check permissions when creating, accessing or modifying files and +directories in the mounted file system. +This allows unprivileged users to construct a file hierarchy containing +special device nodes and files with arbitrary file mode, owner or group +without restriction. +Only the owner, group and mode of the root directory of the filesystem +will be honored so access to the filesystem can be locked down. +The noperm option also enables the nodev and noexec options to ensure +that interpretation of the file modes and special devices cannot be +used to gain privileges. +.It Cm norw +An alias for rdonly. +.It Cm nosuid +Do not allow set-user-identifier or set-group-identifier bits to take effect. +.It Cm rdonly +The same as +.Fl r ; +mount the file system read-only (even the superuser may not write it). +.It Cm ro +An alias for rdonly. +.It Cm softdep +Mount an FFS file system using soft dependencies. +This option is only supported for compatibility and has no effect on +.Ox . +.It Cm sync +Regular data I/O to the file system should be done synchronously. +By default, only metadata is read/written synchronously. +.It Cm update +The same as +.Fl u ; +indicate that the status of an already mounted file system should be changed. +.It Cm wxallowed +Processes that ask for memory to be made writeable plus executable +using the +.Xr mmap 2 +and +.Xr mprotect 2 +system calls are killed by default. +This option allows those processes to continue operation. +It is typically used on the +.Pa /usr/local +filesystem. +.El +.Pp +Any additional options specific to a given file system type (see the +.Fl t +option) may be passed as a comma separated list; these options are +distinguished by a leading +.Dq \&- +(dash). +Options that take a value are specified using the syntax -option=value. +For example: +.Bd -literal -offset 3n +# mount -t mfs -o rw,nodev,nosuid,-s=153600 /dev/sd0b /tmp +.Ed +.Pp +That causes +.Nm +to execute the equivalent of: +.Bd -literal -offset 3n +# /sbin/mount_mfs -o rw,nodev,nosuid -s 153600 /dev/sd0b /tmp +.Ed +.Pp +The equivalent example in +.Xr fstab 5 +would be: +.Bd -literal -offset 3n +swap /tmp mfs rw,nodev,nosuid,-s=153600 0 0 +.Ed +.It Fl r +The file system is to be mounted read-only. +Mount the file system read-only (even the superuser may not write it). +The same as the +.Dq rdonly +argument to the +.Fl o +option. +.It Fl s +Skip mounting the file system if it is already mounted. +See the +.Fl a +flag for a description of the criteria used to decide if a file system +is already mounted. +.It Fl t Ar type +The argument following the +.Fl t +is used to indicate the file system type. +The type +.Ar ffs +is the default. +The +.Fl t +option can be used +to indicate that the actions should only be taken on +file systems of the specified type. +More than one type may be specified in a comma separated list. +The list of file system types can be prefixed with +.Dq no +to specify the file system types for which action should +.Em not +be taken. +For example, the +.Nm +command: +.Bd -literal -offset indent +# mount -a -t nonfs,mfs +.Ed +.Pp +mounts all file systems except those of type NFS and MFS. +.Pp +.Nm +will attempt to execute a program in +.Pa /sbin/mount_ Ns Em XXX +where +.Em XXX +is replaced by the type name. +For example, NFS file systems are mounted by the program +.Pa /sbin/mount_nfs . +.It Fl u +The +.Fl u +flag indicates that the status of an already mounted file +system should be changed. +Any of the options discussed above (the +.Fl o +option) +may be changed; +also a file system can be changed from read-only to read-write +or vice versa. +An attempt to change from read-write to read-only will fail if any +files on the file system are currently open for writing unless the +.Fl f +flag is also specified. +Only options specified on the command line with +.Fl o +are changed; +other file system options are unaltered. +The options set in the +.Xr fstab 5 +table are ignored. +.It Fl v +Verbose mode. +.It Fl w +The file system object is to be read and write. +.El +.Pp +The options specific to the various file system types are +described in the manual pages for those file systems' +.Nm mount_XXX +commands. +For instance, the options specific to Berkeley +Fast File Systems are described in the +.Xr mount_ffs 8 +manual page. +.Sh FILES +.Bl -tag -width /etc/fstab -compact +.It Pa /etc/fstab +file system table +.El +.Sh EXAMPLES +Mount a CD-ROM on node +.Pa /mnt/cdrom : +.Pp +.Dl # mount -t cd9660 -r /dev/cd0a /mnt/cdrom +.Pp +Mount an MS-DOS USB stick with DUID 3eb7f9da875cb9ee on node +.Pa /mnt/key : +.Pp +.Dl # mount -t msdos 3eb7f9da875cb9ee.i /mnt/key +.Pp +Graft a remote NFS file system on host +.Ar host , +path +.Pa /path/name , +on node +.Pa /mnt/nfs : +.Pp +.Dl # mount host:/path/name /mnt/nfs +.Pp +Remount +.Pa /var +with option +.Dq dev : +.Pp +.Dl # mount -u -o dev /var +.Sh SEE ALSO +.Xr mount 2 , +.Xr fstab 5 , +.Xr disklabel 8 , +.Xr mount_cd9660 8 , +.Xr mount_ext2fs 8 , +.Xr mount_ffs 8 , +.Xr mount_mfs 8 , +.Xr mount_msdos 8 , +.Xr mount_nfs 8 , +.Xr mount_ntfs 8 , +.Xr mount_tmpfs 8 , +.Xr mount_udf 8 , +.Xr mount_vnd 8 , +.Xr showmount 8 , +.Xr sysctl 8 , +.Xr umount 8 +.Sh HISTORY +A +.Nm +command appeared in +.At v1 . +.Sh CAVEATS +After a successful +.Nm mount , +the permissions on the original mount point determine if +.Dq \&.\&. +is accessible from the mounted file system. +The minimum permissions for +the mount point for traversal across the mount point in both +directions to be possible for all users is 0111 (execute for all). diff --git a/static/openbsd/man8/mount_cd9660.8 b/static/openbsd/man8/mount_cd9660.8 new file mode 100644 index 00000000..f69365d9 --- /dev/null +++ b/static/openbsd/man8/mount_cd9660.8 @@ -0,0 +1,117 @@ +.\" $OpenBSD: mount_cd9660.8,v 1.25 2020/04/23 21:28:09 jmc Exp $ +.\" $NetBSD: mount_cd9660.8,v 1.3 1995/04/23 10:33:13 cgd Exp $ +.\" +.\" Copyright (c) 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software donated to Berkeley by +.\" Christopher G. Demetriou. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mount_cd9660.8 8.3 (Berkeley) 3/27/94 +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt MOUNT_CD9660 8 +.Os +.Sh NAME +.Nm mount_cd9660 +.Nd mount an ISO 9660 filesystem +.Sh SYNOPSIS +.Nm mount_cd9660 +.Op Fl egjR +.Op Fl o Ar options +.Op Fl s Ar offset +.Ar special node +.Sh DESCRIPTION +The +.Nm +command attaches the ISO 9660 filesystem residing on the device +.Ar special +to the global filesystem namespace at the location indicated by +.Ar node . +The filesystem is always mounted readonly. +This command is invoked by +.Xr mount 8 +when using the syntax +.Bd -ragged -offset 4n +.Nm mount Op options +-t cd9660 +.Ar special node +.Ed +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl e +Enable the use of extended attributes. +.It Fl g +Do not strip version numbers on files. +(By default, if there are files with different version numbers on the disk, +only the last one will be listed.) +In either case, files may be opened without explicitly stating a +version number. +.It Fl j +Do not use any Joliet extensions included in the filesystem. +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.It Fl R +Do not use any Rockridge extensions included in the filesystem. +.It Fl s Ar offset +Use the session starting at +.Ar offset +(counted in 2048-byte blocks from the start of the media) instead of +the last session from the Table of Contents (TOC). +The TOC can be inspected by using +.Xr cdio 1 . +.El +.Sh SEE ALSO +.Xr cdio 1 , +.Xr mount 2 , +.Xr fstab 5 , +.Xr mount 8 , +.Xr umount 8 , +.Xr vnconfig 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.4 . +.Sh BUGS +The cd9660 filesystem does not support the original "High Sierra" +("CDROM001") format. +.Pp +POSIX device node mapping is currently not supported. +.Pp +Version numbers are not stripped if Rockridge extensions are in use. +In this case, accessing files that don't have Rockridge names without +version numbers gets the one with the lowest version number and not +the one with the highest. +.Pp +There is no ECMA support. diff --git a/static/openbsd/man8/mount_ext2fs.8 b/static/openbsd/man8/mount_ext2fs.8 new file mode 100644 index 00000000..e65199c4 --- /dev/null +++ b/static/openbsd/man8/mount_ext2fs.8 @@ -0,0 +1,88 @@ +.\" $OpenBSD: mount_ext2fs.8,v 1.15 2020/04/23 21:28:09 jmc Exp $ +.\" +.\" Copyright (c) 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt MOUNT_EXT2FS 8 +.Os +.Sh NAME +.Nm mount_ext2fs +.Nd mount an ext2fs file system +.Sh SYNOPSIS +.Nm mount_ext2fs +.Op Fl o Ar options +.Ar special +.Ar node +.Sh DESCRIPTION +The +.Nm +command attaches an ext2fs file system +.Ar special +device on to the file system tree at the point +.Ar node . +This command is invoked by +.Xr mount 8 +when using the syntax +.Bd -ragged -offset 4n +.Nm mount Op options +-t ext2fs +.Ar special node +.Ed +.Pp +The +.Ar special +device must correspond to a partition registered in the +.Xr disklabel 5 . +.Pp +This command is normally executed by +.Xr mount 8 +at boot time. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.El +.Sh SEE ALSO +.Xr mount 2 , +.Xr disklabel 5 , +.Xr fstab 5 , +.Xr disklabel 8 , +.Xr mount 8 , +.Xr umount 8 +.Sh HISTORY +The +.Nm +function first appeared in +.Fx 2.2 . diff --git a/static/openbsd/man8/mount_ffs.8 b/static/openbsd/man8/mount_ffs.8 new file mode 100644 index 00000000..5a97bdda --- /dev/null +++ b/static/openbsd/man8/mount_ffs.8 @@ -0,0 +1,108 @@ +.\" $OpenBSD: mount_ffs.8,v 1.19 2020/04/23 21:28:09 jmc Exp $ +.\" $NetBSD: mount_ffs.8,v 1.2 1996/02/05 06:33:47 jtc Exp $ +.\" +.\" Copyright (c) 1980, 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mount.8 8.7 (Berkeley) 3/27/94 +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt MOUNT_FFS 8 +.Os +.Sh NAME +.Nm mount_ffs +.Nd mount a Berkeley Fast File System +.Sh SYNOPSIS +.Nm mount_ffs +.Op Fl o Ar options +.Ar special node +.Sh DESCRIPTION +The +.Nm +command attaches the Berkeley Fast File System on the +.Ar special +device on to the file system tree at point +.Ar node . +.Pp +This command is invoked by +.Xr mount 8 +when using any of the following syntax: +.Bd -ragged -offset 4n +.Nm mount Op options +.Ar special node +.br +.Nm mount Op options +-t ffs +.Ar special node +.br +.Ed +.Pp +The +.Ar special +device is either a +.Xr disklabel 8 +UID (DUID) or an entry in +.Pa /dev . +If it is a DUID, +it will be automatically mapped to the appropriate entry in +.Pa /dev . +In either case the partition must be present +in the disklabel loaded from the device. +The partition name is the last letter in the entry name. +For example, /dev/sd0a and 3eb7f9da875cb9ee.a both refer to the +.Sq a +partition. +.Pp +This command is normally executed per file system by +.Xr rc 8 +at boot time using the +.Xr mount 8 +command. +The options are as follows: +.Bl -tag -width Ds +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.El +.Sh SEE ALSO +.Xr mount 2 , +.Xr disklabel 5 , +.Xr fstab 5 , +.Xr disklabel 8 , +.Xr mount 8 , +.Xr umount 8 +.Sh HISTORY +A +.Nm +command appeared in +.Nx 1.1 . +.Sh BUGS +It is possible for a corrupted file system to cause a crash. diff --git a/static/openbsd/man8/mount_msdos.8 b/static/openbsd/man8/mount_msdos.8 new file mode 100644 index 00000000..6d548a3d --- /dev/null +++ b/static/openbsd/man8/mount_msdos.8 @@ -0,0 +1,184 @@ +.\" $OpenBSD: mount_msdos.8,v 1.33 2022/08/20 07:03:24 tb Exp $ +.\" $NetBSD: mount_msdos.8,v 1.10 1996/01/19 21:14:43 leo Exp $ +.\" +.\" Copyright (c) 1993,1994 Christopher G. Demetriou +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Christopher G. Demetriou. +.\" 4. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 20 2022 $ +.Dt MOUNT_MSDOS 8 +.Os +.Sh NAME +.Nm mount_msdos +.Nd mount an MS-DOS file system +.Sh SYNOPSIS +.Nm mount_msdos +.Op Fl 9ls +.Op Fl g Ar group +.Op Fl m Ar mask +.Op Fl o Ar options +.Op Fl u Ar user +.Ar special +.Ar node +.Sh DESCRIPTION +The +.Nm +command attaches the MS-DOS file system residing on +the device +.Ar special +to the global file system namespace at the location +indicated by +.Ar node . +This command is invoked by +.Xr mount 8 +when using the syntax +.Bd -ragged -offset 4n +.Nm mount Op options +-t msdos +.Ar special node +.Ed +.Pp +The +.Ar special +device must correspond to a partition registered in the +.Xr disklabel 5 . +.Pp +This command is normally executed by +.Xr mount 8 +at boot time, but can be used by any user to mount an +MS-DOS file system on any directory that they own (provided, +of course, that they have appropriate access to the device that +contains the file system). +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 9 +Ignore the special Windows 95/98 directory entries even +if deleting or renaming a file. +This forces +.Fl s . +.It Fl g Ar group +Specifies the group name or GID of the root inode of the file system. +Defaults to the mount point's GID. +.It Fl l +Force listing and generation of +Windows 95/98 long filenames +and separate creation/modification/access dates. +.Pp +This is the default. +.It Fl m Ar mask +Specify the maximum permissions for files and directories +in the file system. +Only the nine low-order bits of +.Ar mask +are used. +.It Fl o Ar options +Use the specified mount +.Ar options , +as described in +.Xr mount 8 . +.It Fl s +Force behaviour to +ignore and not generate Windows 95/98 long filenames. +.It Fl u Ar user +Specifies the user name or UID of the root inode of the file system. +Defaults to the mount point's UID. +.El +.Pp +File permissions for FAT file systems are imitated, +since the file system has no real concept of permissions. +The default mask is taken from the +directory on which the file system is being mounted, +except when the +.Fl m +option is used. +FAT does have a +.Dq read only +mode, +in which the writable bit is unset. +If such files are found, +they are marked non-writable; +it can be set using +.Li chmod -w +or unset using +.Li chmod +w . +.Pp +File modes work the same way for directories. +However a directory will inherit the executable bit if it is readable. +See +.Xr chmod 1 +for more information about octal file modes. +.Sh SEE ALSO +.Xr chmod 1 , +.Xr mount 2 , +.Xr disklabel 5 , +.Xr fstab 5 , +.Xr disklabel 8 , +.Xr mount 8 , +.Xr umount 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Nx 0.9 . +Its predecessor, the +.Nm mount_pcfs +utility, appeared in +.Nx 0.8 , +and was abandoned in favor +of the more aptly named +.Nm mount_msdos . +.Sh AUTHORS +.An -nosplit +The original code was written by +.An Paul Popelka Aq Mt paulp@uts.amdahl.com +as a patch to +.Bx 386 0.1 +in November 1992. +The current version is based on code written by +.An Christopher G. Demetriou Aq Mt cgd@netbsd.org +in April 1994. +.Sh CAVEATS +The maximum file size supported by the MS-DOS file system is +one byte less than 4GB. +This is a FAT file system limitation, documented by Microsoft +in Knowledge Base article 314463. +.Pp +The MS-DOS file system (even with long filenames) does not support +filenames with trailing dots or spaces. +Any such characters will be silently removed before the directory entry +is written. +This too is a FAT file system limitation. +.Pp +The use of the +.Fl 9 +flag could result in damaged file systems, +albeit the damage is in part taken care of by +procedures similar to the ones used in Windows 95/98. +.Pp +Note that Windows 95/98 handles only access dates, +but not access times. diff --git a/static/openbsd/man8/mount_nfs.8 b/static/openbsd/man8/mount_nfs.8 new file mode 100644 index 00000000..dc5ca8d3 --- /dev/null +++ b/static/openbsd/man8/mount_nfs.8 @@ -0,0 +1,268 @@ +.\" $OpenBSD: mount_nfs.8,v 1.41 2023/11/09 13:47:27 kn Exp $ +.\" $NetBSD: mount_nfs.8,v 1.3 1996/02/18 11:59:10 fvdl Exp $ +.\" +.\" Copyright (c) 1992, 1993, 1994, 1995 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 +.\" +.Dd $Mdocdate: November 9 2023 $ +.Dt MOUNT_NFS 8 +.Os +.Sh NAME +.Nm mount_nfs +.Nd mount NFS file systems +.Sh SYNOPSIS +.Nm mount_nfs +.Bk -words +.Op Fl 23bcdilsTU +.Op Fl a Ar maxreadahead +.Op Fl g Ar maxgroups +.Op Fl I Ar readdirsize +.Op Fl o Ar options +.Op Fl R Ar retrycnt +.Op Fl r Ar readsize +.Op Fl t Ar timeout +.Op Fl w Ar writesize +.Op Fl x Ar retrans +.Ar rhost : Ns Ar path node +.Ek +.Sh DESCRIPTION +The +.Nm +command +calls the +.Xr mount 2 +system call to prepare and graft a remote NFS file system (rhost:path) +on to the file system tree at the point +.Ar node . +This command is normally executed by +.Xr mount 8 . +It implements the mount protocol as described in RFC 1094, Appendix A and +.%T "NFS: Network File System Version 3 Protocol Specification" , +Appendix I. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 2 +Use the NFS Version 2 protocol. +.It Fl 3 +Use the NFS Version 3 protocol. +The default is to try version 3 first, and +fall back to version 2 if the mount fails. +.It Fl a Ar maxreadahead +Set the read-ahead count to the specified value. +This may be in the range of 0\-4, and determines how many blocks +will be read ahead when a large file is being read sequentially. +Trying a value greater than 1 for this is suggested for +mounts with a large bandwidth-delay product. +.It Fl b +If an initial attempt to contact the server fails, fork off a child to keep +trying the mount in the background. +Useful for +.Xr fstab 5 , +where the file system mount is not critical to multiuser operation. +.It Fl c +For UDP mount points, do not do a +.Xr connect 2 . +This must be used for servers that do not reply to requests from the +standard NFS port number 2049. +It may also be required for servers +with more than one IP address (only necessary if replies come from +an address other than the one specified in the mount request). +.It Fl d +Turn off the dynamic retransmit timeout estimator. +This may be useful for UDP mounts that exhibit high retry rates, +since it is possible that the dynamically estimated timeout interval is too +short. +.It Fl g Ar maxgroups +Set the maximum size of the group list for the credentials to the +specified value. +This should be used for mounts on old servers that cannot handle a +group list size of 16, as specified in RFC 1057. +Try 8, if users in a lot of groups cannot get a response from the mount +point. +.It Fl I Ar readdirsize +Set the readdir read size to the specified value. +The value should normally be a multiple of +.Dv DIRBLKSIZ +that is less than or equal to the read size for the mount. +.It Fl i +Make the mount interruptible, which implies that file system calls that +are delayed due to an unresponsive server will fail with EINTR when a +termination signal is posted for the process. +.It Fl l +Used with NFSV3 to specify that the +.Dq readdir plus +RPC should +be used. +This option reduces RPC traffic for cases such as +.Dq "ls -l" , +but tends to flood the attribute and name caches with prefetched entries. +Try this option and see whether performance improves or degrades. +Probably +most useful for client to server network interconnects with a large +bandwidth-delay product. +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +The prefix +.Dq no +may be added to invert the behavior of default options that do not +take arguments. +See the +.Xr mount 8 +man page for possible options and their meanings. +.Pp +The following NFS specific options are also available: +.Bl -tag -width 15n +.It Cm ac +Enable attribute caching for both files and directories (default). +.It Cm acdirmax Ns = Ns Ar num +Cache directory attributes for no more than +.Ar num +seconds. +The default is 60 seconds. +.It Cm acdirmin Ns = Ns Ar num +Cache directory attributes for at least +.Ar num +seconds. +The default is 5 seconds. +.It Cm acregmax Ns = Ns Ar num +Cache file attributes for no more than +.Ar num +seconds. +The default is 60 seconds. +.It Cm acregmin Ns = Ns Ar num +Cache file attributes for at least +.Ar num +seconds. +The default is 5 seconds. +.It Cm port Ns = Ns Ar portnumber +Use the specified port number for NFS requests. +The default is to query the portmapper for the NFS port. +.El +.It Fl R Ar retrycnt +Set the retry count for doing the mount to the specified value. +The default is 10000. +.It Fl r Ar readsize +Set the read data size to the specified value. +It should normally be a power of 2 greater than or equal to 1024. +This should be used for UDP mounts when the +.Dq "fragments dropped after timeout" +value is getting large while actively using a mount point. +(Use +.Xr netstat 1 +with the +.Fl s +option to see what this +value is.) +See the +.Fl w +option as well. +.It Fl s +A soft mount, which implies that file system calls will fail +after +.Ar retrans +round trip timeout intervals have been reached (see +.Fl x ) . +.It Fl T +Use TCP instead of UDP. +Note that TCP may not be supported by some very old NFS servers. +.It Fl t Ar timeout +Set the initial retransmit timeout to the specified value in milliseconds. +May be useful for fine tuning UDP mounts over internetworks +with high packet loss rates or an overloaded server. +Try increasing the interval if +.Xr nfsstat 1 +shows high retransmit rates while the file system is active or reducing the +value if there is a low retransmit rate but long response delay observed. +(Normally, the +.Fl d +option should be specified when using this option to manually +tune the timeout +interval.) +.It Fl U +Force the mount protocol to use UDP, even for TCP NFS mounts. +(Necessary for some old +.Bx +servers.) +.It Fl w Ar writesize +Set the write data size to the specified value. +Ditto the comments w.r.t. the +.Fl r +option, but using the +.Dq "fragments dropped after timeout" +value on the server instead of the client. +Note that both the +.Fl r +and +.Fl w +options should only be used as a last ditch effort at improving performance +when mounting servers that do not support TCP mounts. +.It Fl x Ar retrans +Set the retransmit timeout count for soft mounts to the specified value. +Defaults to 10. +.El +.Pp +In versions prior to +.Ox 2.7 , +.Li nfsiod +daemons were running to improve performance of client NFS I/O. +This is no longer done this way. +Use +.Xr sysctl 8 +or modify +.Xr sysctl.conf 5 +to adjust the +.Va vfs.nfs.iothreads +value, which is the number of kernel threads created +to serve asynchronous NFS I/O requests. +.Sh SEE ALSO +.Xr nfsstat 1 , +.Xr mount 2 , +.Xr tcp 4 , +.Xr udp 4 , +.Xr fstab 5 , +.Xr mount 8 , +.Xr nfsd 8 , +.Xr showmount 8 , +.Xr sysctl 8 , +.Xr umount 8 +.Sh HISTORY +The +.Fl P +flag historically informed the kernel to use a reserved port when +communicating with clients. +In +.Ox , +a reserved port is always used. +.Sh BUGS +Due to the way that Sun RPC is implemented on top of UDP (unreliable datagram), +tuning such mounts is really a black art that can only be expected +to have limited success. diff --git a/static/openbsd/man8/mount_ntfs.8 b/static/openbsd/man8/mount_ntfs.8 new file mode 100644 index 00000000..e2729435 --- /dev/null +++ b/static/openbsd/man8/mount_ntfs.8 @@ -0,0 +1,169 @@ +.\" $OpenBSD: mount_ntfs.8,v 1.18 2022/11/14 14:35:39 sthen Exp $ +.\" $NetBSD: mount_ntfs.8,v 1.13 2003/02/14 16:21:48 grant Exp $ +.\" +.\" Copyright (c) 1993,1994 Christopher G. Demetriou +.\" Copyright (c) 1999 Semen Ustimenko +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgment: +.\" This product includes software developed by Christopher G. Demetriou. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" Id: mount_ntfs.8,v 1.3 1999/05/04 11:34:33 jkoshy Exp +.\" +.Dd $Mdocdate: November 14 2022 $ +.Dt MOUNT_NTFS 8 +.Os +.Sh NAME +.Nm mount_ntfs +.Nd mount an NTFS file system +.Sh SYNOPSIS +.Nm mount_ntfs +.Op Fl ai +.Op Fl g Ar group +.Op Fl m Ar mask +.Op Fl o Ar options +.Op Fl u Ar user +.Ar special +.Ar node +.Sh DESCRIPTION +The +.Nm +command attaches the NTFS filesystem residing on the device +.Ar special +to the global filesystem namespace at the location +indicated by +.Ar node . +This command is invoked by +.Xr mount 8 +when using the syntax +.Bd -ragged -offset 4h +.Nm mount Op options +-t ntfs +.Ar special node +.Ed +.Pp +The +.Ar special +device is either a +.Xr disklabel 8 +UID (DUID) or an entry in +.Pa /dev . +If it is a DUID, +it will be automatically mapped to the appropriate entry in +.Pa /dev . +In either case the partition must be present +in the disklabel loaded from the device. +The partition name is the last letter in the entry name. +For example, /dev/sd0a and 3eb7f9da875cb9ee.a both refer to the +.Sq a +partition. +.Pp +The supported NTFS versions include both NTFS4, as used by Microsoft +Windows NT 4.0, and NTFS5, as used by Microsoft Windows 2000 and XP. +Only read-only operation is permitted, which is automatically enforced. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Force behaviour to return MS-DOS 8.3 names also on +.Fn readdir . +.It Fl g Ar group +Specifies the group name or GID of the root inode of the file system. +Defaults to the mount point's GID. +.It Fl i +Make name lookup case insensitive for all names except POSIX names. +.It Fl m Ar mask +Specify the maximum file permissions for files +in the file system. +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.It Fl u Ar user +Specifies the user name or UID of the root inode of the file system. +Defaults to the mount point's UID. +.El +.Sh FEATURES +.Ss NTFS file attributes +NTFS file attributes can be accessed in the following way: +.Bd -literal -offset indent +foo[[:ATTRTYPE]:ATTRNAME] +.Ed +.Pp +.Sq ATTRTYPE +is one of identifier listed in $AttrDef file of volume. +Default is $DATA. +.Sq ATTRNAME +is an attribute name. +Default is none. +.Pp +.Sy Examples : +.Pp +To get volume name (in Unicode): +.Bd -literal -offset indent +# cat /mnt/\e$Volume:\e$VOLUME_NAME +.Ed +.Pp +To read directory raw data: +.Bd -literal -offset indent +# cat /mnt/foodir:\e$INDEX_ROOT:\e$I30 +.Ed +.Sh SEE ALSO +.Xr mount 2 , +.Xr unmount 2 , +.Xr disklabel 5 , +.Xr fstab 5 , +.Xr disklabel 8 , +.Xr mount 8 +.Sh HISTORY +Support for NTFS first appeared in +.Fx 3.0 . +It was later ported to +.Ox +and first appeared in +.Ox 3.4 . +.Sh AUTHORS +.An -nosplit +NTFS kernel implementation, +.Nm mount_ntfs , +and this manual were originally written by +.An Semen Ustimenko Aq Mt semenu@FreeBSD.org . +.Pp +The +.Ox +port was done by +.An Julien Bordet Aq Mt zejames@greyhats.org . +.Sh BUGS +Only read support is enabled. +.Pp +If the NTFS partition is marked as +.Ql dynamic +under Microsoft Windows XP, +it won't be possible to access it under +.Ox +anymore. diff --git a/static/openbsd/man8/mount_tmpfs.8 b/static/openbsd/man8/mount_tmpfs.8 new file mode 100644 index 00000000..423926f1 --- /dev/null +++ b/static/openbsd/man8/mount_tmpfs.8 @@ -0,0 +1,149 @@ +.\" $OpenBSD: mount_tmpfs.8,v 1.5 2022/02/18 23:17:15 jsg Exp $ +.\" $NetBSD: mount_tmpfs.8,v 1.14 2008/04/30 13:10:53 martin Exp $ +.\" +.\" Copyright (c) 2005, 2006 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Julio M. Merino Vidal, developed as part of Google's Summer of Code +.\" 2005 program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 18 2022 $ +.Dt MOUNT_TMPFS 8 +.Os +.Sh NAME +.Nm mount_tmpfs +.Nd mount an efficient memory file system +.Sh SYNOPSIS +.Nm +.Op Fl g Ar group +.Op Fl m Ar mode +.Op Fl n Ar nodes +.Op Fl o Ar options +.Op Fl s Ar size +.Op Fl u Ar user +.Ar tmpfs +.Ar mount_point +.Sh DESCRIPTION +The +.Nm +command attaches an instance of the efficient memory file system to the +global file system namespace. +The +.Ar tmpfs +parameter only exists for compatibility with the other mount commands and +is ignored. +The directory specified by +.Ar mount_point +is converted to an absolute path before use and its attributes (owner, +group and mode) are inherited unless explicitly overridden by the options +described below. +.Pp +The following options are supported: +.Bl -tag -width XoXoptions +.It Fl g Ar group +Specifies the group name or GID of the root inode of the file system. +Defaults to the mount point's GID. +.It Fl m Ar mode +Specifies the mode (in octal notation) of the root inode of the file system. +Defaults to the mount point's mode. +.It Fl n Ar nodes +Specifies the maximum number of nodes available to the file system. +If not specified, the file system chooses a reasonable maximum given its +size at mount time, which can be limited with +.Fl s . +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma-separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.It Fl s Ar size +Specifies the total file system size in bytes. +If zero is given (the default), the available amount of memory (including +main memory and swap space) will be used. +Note that four megabytes are always reserved for the system and cannot +be assigned to the file system. +.It Fl u Ar user +Specifies the user name or UID of the root inode of the file system. +Defaults to the mount point's UID. +.El +.Pp +Every option that accepts a numerical value as its argument can take a +trailing +.Sq b +to indicate bytes (the default), a +.Sq k +to indicate kilobytes, a +.Sq M +to indicate megabytes or a +.Sq G +to indicate gigabytes. +Note that both lowercase and uppercase forms of these letters are allowed. +.Sh EXAMPLES +The following command mounts a tmpfs instance over the +.Pa /tmp +directory, inheriting its owner, group and mode settings: +.Pp +.Dl # mount -t tmpfs tmpfs /tmp +.Pp +The following command mounts a tmpfs instance over the +.Pa /mnt +directory, setting a 20 megabytes limit in space, owned by the +.Sq joe +user and belonging to the +.Sq users +group, with a restricted 0700 mode: +.Pp +.Dl # mount -t tmpfs -o -s20M -o -ujoe -o -gusers -o -m0700 tmpfs /mnt +.Pp +A corresponding +.Xr fstab 5 +entry, using "swap" as a place holder: +.Pp +.Dl swap /mnt tmpfs rw,-s20M,-ujoe,-gusers,-m0700 0 0 +.Sh SEE ALSO +.Xr fstab 5 , +.Xr mount 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Nx 4.0 +and +.Ox 5.5 . +.Sh CAVEATS +The update of mount options (through mount -u) is currently not supported. +.Sh BUGS +File system meta-data is not pageable. +If there is not enough main memory to hold this information, the system may +become unstable or very unresponsive because it will not be able to allocate +required memory. +A malicious user could trigger this condition by creating lots of +files inside a size-unbounded tmpfs file system. +Limiting the number of nodes per file system +.Pq Fl n +will prevent this; the default value for this setting is also often adjusted +to an adequate value to resolve this. diff --git a/static/openbsd/man8/mount_udf.8 b/static/openbsd/man8/mount_udf.8 new file mode 100644 index 00000000..d1749251 --- /dev/null +++ b/static/openbsd/man8/mount_udf.8 @@ -0,0 +1,59 @@ +.\" $OpenBSD: mount_udf.8,v 1.13 2020/04/23 21:28:09 jmc Exp $ +.\" Written by Pedro Martelletto <pedro@ambientworks.net> in March 2005. +.\" Public domain. +.Dd $Mdocdate: April 23 2020 $ +.Dt MOUNT_UDF 8 +.Os +.Sh NAME +.Nm mount_udf +.Nd mount a UDF filesystem +.Sh SYNOPSIS +.Nm mount_udf +.Op Fl o Ar options +.Ar special node +.Sh DESCRIPTION +The +.Nm +command attaches a UDF filesystem (typically found on a DVD) residing on the +device +.Ar special +to the global filesystem namespace at the location indicated by +.Ar node . +The filesystem is always mounted readonly. +This command is invoked by +.Xr mount 8 +when using the syntax +.Bd -ragged -offset 4n +.Nm mount Op options +-t udf +.Ar special node +.Ed +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.El +.Sh SEE ALSO +.Xr mount 2 , +.Xr fstab 5 , +.Xr mount 8 , +.Xr umount 8 , +.Xr vnconfig 8 +.Sh HISTORY +UDF support first appeared in +.Fx 5.0 , +and was then ported to +.Ox 3.8 . +.Sh AUTHORS +.An -nosplit +.An Scott Long Aq Mt scottl@freebsd.org +did the original work; +.An Pedro Martelletto Aq Mt pedro@openbsd.org +adapted it to +.Ox . diff --git a/static/openbsd/man8/mount_vnd.8 b/static/openbsd/man8/mount_vnd.8 new file mode 100644 index 00000000..7aa3f164 --- /dev/null +++ b/static/openbsd/man8/mount_vnd.8 @@ -0,0 +1,186 @@ +.\" $OpenBSD: mount_vnd.8,v 1.24 2020/04/23 21:33:04 jmc Exp $ +.\" +.\" Copyright (c) 1993 University of Utah. +.\" Copyright (c) 1980, 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" the Systems Programming Group of the University of Utah Computer +.\" Science Department. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)vnconfig.8 8.1 (Berkeley) 6/5/93 +.\" +.\" +.\" Copyright (c) 2007 Alexander von Gernler <grunk@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt MOUNT_VND 8 +.Os +.Sh NAME +.Nm mount_vnd +.Nd mount vnode disks +.Sh SYNOPSIS +.Nm mount_vnd +.Op Fl k +.Op Fl K Ar rounds +.Op Fl o Ar options +.Op Fl S Ar saltfile +.Op Fl t Ar disktype +.Ar image vnd_dev +.Sh DESCRIPTION +.Nm mount_vnd +works similarly to +.Xr vnconfig 8 , +but it provides an interface that can be used by the +.Xr fstab 5 +infrastructure, so that an +.Ar image +file can be configured to a device +.Ar vnd_dev +while booting. +.Pp +For +.Xr fstab 5 +lines with type +.Dq ffs , +the +.Dq noauto +option must be set to prevent a +.Xr mount 8 +of the FFS partitions +before the necessary vnd devices are configured. +Also, the +.Dq fs_passno +field has to be set to 0 to prevent +.Xr fsck 8 +from checking the file system for the same reasons. +.Pp +.Nm mount_vnd +is invoked by +.Xr mount 8 +when using the following syntax: +.Bd -ragged -offset 4n +.Nm mount Op options +-t vnd +.Ar image vnd_dev +.Ed +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl K Ar rounds +Associate an encryption key with the device. +All data will be encrypted using the Blowfish cipher before it is +written to the disk. +The user is asked for both a passphrase and the name of a salt file. +The salt file can also be specified on the command line using the +.Fl S +option. +The passphrase and salt are combined according to PKCS #5 PBKDF2 for the +specified number of +rounds to generate the actual key used. +.Ar rounds +is a number between 1000 and +.Dv INT_MAX . +DO NOT LOSE THE SALT FILE. +.It Fl k +Associate an encryption key with the device. +All data will be encrypted using the Blowfish cipher before it is +written to the disk. +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.Pp +At the moment, +.Fl o +is only here for compatibility reasons, but no use is made of supplied +options. +.It Fl S Ar saltfile +When +.Fl K +is used, specify the +.Pa saltfile . +.It Fl t Ar disktype +Specify a +.Ar disktype +entry from the +.Xr disktab 5 +database. +The +.Ar vnd_dev +will have the sector size, sectors per track, and tracks per cylinder values +of the specified +.Ar disktype . +The defaults are 512-byte sectors, 100 sectors per track and 1 track per +cylinder. +.El +.Sh FILES +.Bl -tag -width /etc/rvnd?? -compact +.It Pa /dev/{,r}vnd* +.El +.Sh EXAMPLES +An example +.Xr fstab 5 +entry is: +.Bd -literal -offset indent +/tmp/cryptimg /dev/vnd0c vnd rw,noauto,-k 0 0 +/dev/vnd0a /mnt ffs rw,noauto 0 0 +.Ed +.Pp +Mounting images during the first pass of +.Xr fsck 8 +and +.Xr mount 8 +is not possible, because the image to be configured to a vnd itself +resides on a file system that first has to be checked and mounted. +.Sh SEE ALSO +.Xr vnd 4 , +.Xr disktab 5 , +.Xr fstab 5 , +.Xr mount 8 , +.Xr swapon 8 , +.Xr umount 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 4.2 . diff --git a/static/openbsd/man8/mountd.8 b/static/openbsd/man8/mountd.8 new file mode 100644 index 00000000..ad7e6fa6 --- /dev/null +++ b/static/openbsd/man8/mountd.8 @@ -0,0 +1,116 @@ +.\" $OpenBSD: mountd.8,v 1.21 2022/07/30 07:19:30 jsg Exp $ +.\" $NetBSD: mountd.8,v 1.11 1996/02/18 11:57:51 fvdl Exp $ +.\" +.\" Copyright (c) 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mountd.8 8.4 (Berkeley) 4/28/95 +.\" +.Dd $Mdocdate: July 30 2022 $ +.Dt MOUNTD 8 +.Os +.Sh NAME +.Nm mountd +.Nd service remote NFS mount requests +.Sh SYNOPSIS +.Nm mountd +.Op Fl d +.Op Ar exportsfile +.Sh DESCRIPTION +.Nm +is the server for NFS mount requests from other client machines. +.Nm +listens for service requests at the port indicated in the NFS +server specification; see +.%T "Network File System Protocol Specification" , +RFC 1094, Appendix A and +.%T "NFS: Network File System Version 3 Protocol Specification" , +RFC 1813, Appendix I. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Enable debugging mode. +.Nm +will not detach from the controlling terminal and will print +debugging messages to stderr. +.It Ar exportsfile +The +.Ar exportsfile +argument specifies an alternate location +for the exports file. +.El +.Pp +When +.Nm +is started, +it loads the export host addresses and options into the kernel +using the +.Xr mount 2 +system call. +After changing the exports file, +a hangup signal should be sent to the +.Nm +daemon +to get it to reload the export information. +After sending the +.Dv SIGHUP +(kill \-HUP `cat /var/run/mountd.pid`), +check the syslog output to see if +.Nm +logged any parsing +errors in the exports file. +.Sh FILES +.Bl -tag -width /var/run/mountd.pid -compact +.It Pa /etc/exports +list of exported filesystems +.It Pa /var/db/mountdtab +list of exported filesystems currently mounted +.It Pa /var/run/mountd.pid +PID of the currently running +.Nm +.El +.Sh SEE ALSO +.Xr nfsstat 1 , +.Xr exports 5 , +.Xr nfsd 8 , +.Xr portmap 8 , +.Xr showmount 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.3 Reno . +.Pp +The +.Fl n +flag historically allowed clients to use non-reserved ports +when communicating with +.Nm . +In +.Ox , +a reserved port is always used. diff --git a/static/openbsd/man8/mrinfo.8 b/static/openbsd/man8/mrinfo.8 new file mode 100644 index 00000000..2e7499b2 --- /dev/null +++ b/static/openbsd/man8/mrinfo.8 @@ -0,0 +1,148 @@ +.\" $OpenBSD: mrinfo.8,v 1.13 2024/12/01 09:58:15 kn Exp $ +.\" $NetBSD: mrinfo.8,v 1.2 1995/10/03 23:20:39 thorpej Exp $ +.\" +.\" Written Wed Mar 24 1993 by Van Jacobson (adapted from the +.\" multicast mapper written by Pavel Curtis). +.\" +.\" The lawyers insist we include the following UC copyright notice. +.\" The mapper from which this is derived contained a Xerox copyright +.\" notice which follows the UC one. Try not to get depressed noting +.\" that the legal gibberish is larger than the program. +.\" +.\" Copyright (c) 1993 Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the Computer Systems +.\" Engineering Group at Lawrence Berkeley Laboratory. +.\" 4. Neither the name of the University nor of the Laboratory may be used +.\" to endorse or promote products derived from this software without +.\" specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" --------------------------------- +.\" Copyright (c) 1992, 2001 Xerox Corporation. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions are met: +.\" +.\" Redistributions of source code must retain the above copyright notice, +.\" this list of conditions and the following disclaimer. +.\" +.\" Redistributions in binary form must reproduce the above copyright notice, +.\" this list of conditions and the following disclaimer in the documentation +.\" and/or other materials provided with the distribution. +.\" +.\" Neither name of the Xerox, PARC, nor the names of its contributors may be +.\" used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE XEROX CORPORATION OR +.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +.\" EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 1 2024 $ +.Dt MRINFO 8 +.Os +.Sh NAME +.Nm mrinfo +.Nd displays configuration info from a multicast router +.Sh SYNOPSIS +.Nm mrinfo +.Op Fl d Ns Op Ar debug_level +.Op Fl r Ar retry_count +.Op Fl t Ar timeout_count +.Ar multicast_router +.Sh DESCRIPTION +.Nm +attempts to display the configuration information from the specified +.Ar multicast_router . +.Pp +.Nm +uses the ASK_NEIGHBORS IGMP message to query the specified multicast +router. +If the router responds, the version number and a list of their +neighboring multicast router addresses is part of the response. +If the responding router has a recent multicast version number, then +.Nm +requests additional information such as metrics, thresholds, +and flags from the multicast router. +Once the specified multicast router responds, +the configuration is displayed to the standard output. +.Pp +The options are as follows: +.Bl -tag -width timeout_levelxyz +.It Fl d Ns Op Ar debug_level +sets the debug level. +When the debug level is greater than the default value of 0, +additional debugging messages are printed. +Regardless of the debug level, +an error condition will always write an error message and cause +.Nm +to terminate. +Non-zero debug levels have the following effects (printed to stderr): +.Pp +.Bl -tag -width 1n -compact -offset indent +.It 1 +packet warnings. +.It 2 +all level 1 messages plus notifications of down networks. +.It 3 +all level 2 messages plus notifications of all packet timeouts. +.El +.It Fl r Ar retry_count +sets the neighbor query retry limit. +The default is to do 3 retries. +.It Fl t Ar timeout_count +sets the number of seconds to wait for a neighbor query reply. +The default timeout is 4 seconds. +.El +.Sh EXAMPLES +.Bd -literal +# mrinfo mbone.phony.dom.net +127.148.176.10 (mbone.phony.dom.net) [version 3.3]: + 127.148.176.10 -> 0.0.0.0 (?) [1/1/querier] + 127.148.176.10 -> 127.0.8.4 (mbone2.phony.dom.net) [1/45/tunnel] + 127.148.176.10 -> 105.1.41.9 (momoney.com) [1/32/tunnel/down] + 127.148.176.10 -> 143.192.152.119 (mbone.dipu.edu) [1/32/tunnel] +.Ed +.Pp +For each neighbor of the queried multicast router, the IP of the queried router +is displayed, followed by the IP and name of the neighbor. +In square brackets the metric (cost of connection) +and threshold (multicast ttl) is displayed. +If the queried multicast router has a newer version number, the type (tunnel, +srcrt) and status (disabled, down) of the connection is displayed. +.Sh SEE ALSO +.Xr map-mbone 8 , +.Xr mrouted 8 , +.Xr mtrace 8 +.Sh AUTHORS +.An Van Jacobson diff --git a/static/openbsd/man8/mrouted.8 b/static/openbsd/man8/mrouted.8 new file mode 100644 index 00000000..8463f2e5 --- /dev/null +++ b/static/openbsd/man8/mrouted.8 @@ -0,0 +1,476 @@ +.\" $OpenBSD: mrouted.8,v 1.28 2024/12/01 09:58:15 kn Exp $ +.\" The mrouted program is covered by the license in the accompanying file +.\" named "LICENSE". Use of the mrouted program represents acceptance of +.\" the terms and conditions listed in that file. +.\" +.\" The mrouted program is COPYRIGHT 1989 by The Board of Trustees of +.\" Leland Stanford Junior University. +.Dd $Mdocdate: December 1 2024 $ +.Dt MROUTED 8 +.Os +.Sh NAME +.Nm mrouted +.Nd IP multicast routing daemon +.Sh SYNOPSIS +.Nm mrouted +.Op Fl p +.Op Fl c Ar config_file +.Op Fl d Ns Op Ar debug_level +.Sh DESCRIPTION +.Nm +is an implementation of the Distance-Vector Multicast Routing +Protocol (DVMRP), an earlier version of which is specified in RFC 1075. +It maintains topological knowledge via a distance-vector routing protocol +(like RIP, described in RFC 1058), upon which it implements a multicast +datagram forwarding algorithm called Reverse Path Multicasting. +.Pp +.Nm +forwards a multicast datagram along a shortest (reverse) path tree +rooted at the subnet on which the datagram originates. +The multicast delivery tree may be thought of as a broadcast delivery +tree that has been pruned back so that it does not extend beyond those +subnetworks that have members of the destination group. +Hence, datagrams are not forwarded along those branches which have no +listeners of the multicast group. +The IP time-to-live of a multicast datagram can be +used to limit the range of multicast datagrams. +.Pp +In order to support multicasting among subnets that are separated by (unicast) +routers that do not support IP multicasting, +.Nm +includes support for +"tunnels", which are virtual point-to-point links between pairs of +.Nm +daemons located anywhere in an internet. +IP multicast packets are encapsulated for transmission through tunnels, +so that they look like normal unicast datagrams to intervening routers +and subnets. +The encapsulation is added on entry to a tunnel, and stripped off on exit +from a tunnel. +By default, the packets are encapsulated using the IP-in-IP protocol +(IP protocol number 4). +Older versions of +.Nm +tunnel use IP source routing, which puts a heavy load on some +types of routers. +This version does not support IP source route tunnelling. +.Pp +The tunnelling mechanism allows +.Nm +to establish a virtual internet, for the purpose of multicasting only, +which is independent of the physical internet, and which may span +multiple Autonomous Systems. +This capability is intended for experimental support of internet +multicasting only, pending widespread support for multicast routing +by the regular (unicast) routers. +.Nm +suffers from the well-known scaling problems of any distance-vector +routing protocol, and does not (yet) support hierarchical multicast routing. +.Pp +.Nm +handles multicast routing only; there may or may not be unicast routing +software running on the same machine as +.Nm mrouted . +With the use of tunnels, it is not necessary for +.Nm +to have access to more than one physical subnet +in order to perform multicast forwarding. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c Ar config_file +Specify an alternative configuration file, +instead of the default +.Pa mrouted.conf . +.It Fl d Ns Op Ar debug_level +By default, +.Nm +detaches from the invoking terminal. +If this option is specified, +.Nm +remains attached to the invoking terminal and responsive +to signals from that terminal. +If +.Fl d +is given with no argument, the debug level defaults to 2. +Regardless of the debug level, +.Nm +always writes warning and error messages to the system log daemon. +Debug levels have the following effects: +.Pp +.Bl -hang -compact -offset indent +.It 0 +Detach from the invoking terminal. +.It 1 +All +.Xr syslog 3 +messages are also printed to stderr. +.It 2 +All level 1 messages plus notifications of "significant" +events are printed to stderr. +.It 3 +All level 2 messages plus notifications of all packet +arrivals and departures are printed to stderr. +.El +.It Fl p +Start +.Nm +in a non-pruning mode. +It is expected that a router would be configured in this manner for test +purposes only. +The default mode is pruning enabled. +.El +.Pp +.Nm +automatically configures itself to forward on all multicast-capable +interfaces, i.e. interfaces that have the IFF_MULTICAST flag set (excluding +the loopback "interface"), and it finds other +.Nm +directly reachable via those interfaces. +To override the default configuration, or to add tunnel links to other +.Nm mrouted , +configuration commands may be placed in +.Pa /etc/mrouted.conf . +There are five types of configuration commands: +.Bl -item -offset indent +.It +.Cm cache_lifetime +.Ar ct +.It +.Cm name +.Ar boundary-name | scoped-addr Ns / Ns Ar mask-len +.It +.Cm phyint +.Ar local-addr +.Oo +.Cm altnet +.Ar network Ns / Ns Ar mask-len +.Oc +.br +.Oo +.Cm boundary +.Ar boundary-name | scoped-addr Ns / Ns Ar mask-len +.Oc +.Op Cm disable +.br +.Op Cm metric Ar m +.Op Cm rate_limit Ar b +.Op Cm threshold Ar t +.It +.Cm pruning +.Op Cm off | on +.It +.Cm tunnel +.Ar local-addr +.Ar remote-addr +.br +.Oo +.Cm boundary +.Ar boundary-name | scoped-addr Ns / Ns Ar mask-len +.Oc +.Op Cm metric Ar m +.Op Cm rate_limit Ar b +.Op Cm threshold Ar t +.El +.Pp +The file format is free-form: whitespace (including newlines) is not +significant. +The +.Cm boundary +option +can accept either a name or a boundary; +the +.Cm boundary +and +.Cm altnet +options may be specified as many times as necessary. +.Pp +The +.Nm cache_lifetime +is a value that determines the amount of time that a +cached multicast route stays in kernel before timing out. +The value of this entry should lie between 300 (5 min) and 86400 (1 day). +It defaults to 300. +.Pp +The +.Nm name +option assigns names to boundaries to make configuration easier. +.Pp +The +.Nm phyint +command can be used to disable multicast routing on the physical +interface identified by local IP address +.Ar local-addr , +or to associate a non-default metric or threshold with the specified +physical interface. +The local IP address +.Ar local-addr +may be replaced by the interface name (e.g. le0). +If a phyint is attached to multiple IP subnets, describe each additional +subnet with the +.Cm altnet +keyword. +Phyint commands must precede tunnel commands. +.Pp +The +.Nm pruning +option is provided for +.Nm +to act as a non-pruning router. +.Pp +The +.Nm tunnel +command can be used to establish a tunnel link between local IP address +.Ar local-addr +and remote IP address +.Ar remote-addr , +and to associate a non-default metric or threshold with that tunnel. +The local IP address +.Ar local-addr +may be replaced by the interface name (e.g. le0). +The remote IP address +.Ar remote-addr +may be replaced by a host name, if and only if the host name has a single +IP address associated with it. +The tunnel must be set up in the mrouted.conf files of both routers before +it can be used. +.\"For backwards compatibility with older versions of +.\".Nm , +.\"the srcrt keyword specifies +.\"encapsulation using IP source routing. +.Pp +.Cm boundary +allows an interface to be configured as an administrative boundary +for the specified scoped address. +Packets belonging to this address will not be forwarded on a scoped interface. +The boundary option accepts either a name or a boundary spec. +.Pp +.Cm metric +is the "cost" associated with sending a datagram on the given +interface or tunnel; it may be used to influence the choice of routes. +The metric defaults to 1. +Metrics should be kept as small as possible, because +.Nm +cannot route along paths with a sum of metrics greater than 31. +.Pp +.Cm rate_limit +allows the network administrator to specify a +certain bandwidth in Kbits/second which would be allocated to multicast +traffic. +It defaults to 500Kbps on tunnels, and 0 (unlimited) on physical interfaces. +.Pp +.Cm threshold +is the minimum IP time-to-live required for a multicast datagram +to be forwarded to the given interface or tunnel. +It is used to control the scope of multicast datagrams. +(The TTL of forwarded packets is only compared to the threshold, +it is not decremented by the threshold. +Every multicast router decrements the TTL by 1.) +The default threshold is 1. +.Pp +In general, all +.Nm +connected to a particular subnet or tunnel should +use the same metric and threshold for that subnet or tunnel. +.Pp +.Nm +will not initiate execution +if it has fewer than two enabled virtual interfaces (vifs), +where a vif is either a physical multicast-capable +interface or a tunnel. +It will log a warning if all of its vifs are tunnels; such an +.Nm +configuration would be better replaced by more +direct tunnels (i.e. eliminate the middle man). +.Sh EXAMPLE CONFIGURATION +This is an example configuration for a mythical multicast router at a big +school. +.Bd -unfilled -offset left +# +# mrouted.conf example +# +# Name our boundaries to make it easier. +name LOCAL 239.255.0.0/16 +name EE 239.254.0.0/16 +# +# le1 is our gateway to compsci, don't forward our +# local groups to them. +phyint le1 boundary EE +# +# le2 is our interface on the classroom net, it has four +# different length subnets on it. +# Note that you can use either an ip address or an +# interface name +phyint 172.16.12.38 boundary EE altnet 172.16.15.0/26 + altnet 172.16.15.128/26 altnet 172.16.48.0/24 +# +# atm0 is our ATM interface, which doesn't properly +# support multicasting. +phyint atm0 disable +# +# This is an internal tunnel to another EE subnet. +# Remove the default tunnel rate limit, since this +# tunnel is over Ethernets. +tunnel 192.168.5.4 192.168.55.101 metric 1 threshold 1 + rate_limit 0 +# +# This is our tunnel to the outside world. +# Careful with those boundaries, Eugene. +tunnel 192.168.5.4 10.11.12.13 metric 1 threshold 32 + boundary LOCAL boundary EE +.Ed +.Sh SIGNALS +.Nm +responds to the following signals: +.Pp +.Bl -tag -width TERM -compact +.It HUP +Restarts +.Nm mrouted . +The configuration file is reread every time this signal is evoked. +.It INT +Terminates execution gracefully (i.e. by sending +good-bye messages to all neighboring routers). +.It TERM +The same as INT. +.It USR1 +Dumps the internal routing tables to +.Pa /var/tmp/mrouted.dump . +.It USR2 +Dumps the internal cache tables to +.Pa /var/tmp/mrouted.cache . +.It QUIT +Dumps the internal routing tables to stderr (only if +.Nm +was invoked with a non-zero debug level). +.El +.Sh FILES +.Bl -tag -width /etc/examples/mrouted.conf -compact +.It Pa /etc/mrouted.conf +.It Pa /etc/examples/mrouted.conf +.It Pa /var/tmp/mrouted.cache +.It Pa /var/tmp/mrouted.dump +.El +.Sh EXAMPLES +The routing tables look like this: +.Bd -unfilled -offset left +Virtual Interface Table + Vif Local-Address Metric Thresh Flags + 0 36.2.0.8 subnet: 36.2 1 1 querier + groups: 224.0.2.1 + 224.0.0.4 + pkts in: 3456 + pkts out: 2322323 + + 1 36.11.0.1 subnet: 36.11 1 1 querier + groups: 224.0.2.1 + 224.0.1.0 + 224.0.0.4 + pkts in: 345 + pkts out: 3456 + + 2 36.2.0.8 tunnel: 36.8.0.77 3 1 + peers: 36.8.0.77 (2.2) + boundaries: 239.0.1 + : 239.1.2 + pkts in: 34545433 + pkts out: 234342 + + 3 36.2.0.8 tunnel: 36.6.8.23 3 16 + +Multicast Routing Table (1136 entries) + Origin-Subnet From-Gateway Metric Tmr In-Vif Out-Vifs + 36.2 1 45 0 1* 2 3* + 36.8 36.8.0.77 4 15 2 0* 1* 3* + 36.11 1 20 1 0* 2 3* + . + . + . +.Ed +.Pp +In this example, there are four vifs connecting to two subnets and two +tunnels. +The vif 3 tunnel is not in use (no peer address). +The vif 0 and vif 1 subnets have some groups present; +tunnels never have any groups. +This instance of +.Nm +is the one responsible for sending periodic group membership queries on the +vif 0 and vif 1 subnets, as indicated by the "querier" flags. +The list of boundaries indicate the scoped addresses on that interface. +A count of the number of incoming and outgoing packets is also +shown at each interface. +.Pp +Associated with each subnet from which a multicast datagram can originate +is the address of the previous hop router (unless the subnet is directly- +connected), the metric of the path back to the origin, the amount of time +since we last received an update for this subnet, the incoming vif for +multicasts from that origin, and a list of outgoing vifs. +"*" means that the outgoing vif is connected to a leaf of the broadcast +tree rooted at the origin, and a multicast datagram from that origin will +be forwarded on that outgoing vif only if there are members of the +destination group on that leaf. +.Pp +.Nm +also maintains a copy of the kernel forwarding cache table. +Entries are created and deleted by +.Nm mrouted . +.Pp +The cache tables look like this: +.Bd -unfilled -offset left +Multicast Routing Cache Table (147 entries) + Origin Mcast-group CTmr Age Ptmr IVif Forwvifs + 13.2.116/22 224.2.127.255 3m 2m - 0 1 +\*(Gt13.2.116.19 +\*(Gt13.2.116.196 + 138.96.48/21 224.2.127.255 5m 2m - 0 1 +\*(Gt138.96.48.108 + 128.9.160/20 224.2.127.255 3m 2m - 0 1 +\*(Gt128.9.160.45 + 198.106.194/24 224.2.135.190 9m 28s 9m 0P +\*(Gt198.106.194.22 +.Ed +.Pp +Each entry is characterized by the origin subnet number and mask and the +destination multicast group. +The 'CTmr' field indicates the lifetime of the entry. +The entry is deleted from the cache table when the timer decrements to zero. +The 'Age' field is the time since this cache entry was originally created. +Since cache entries get refreshed if traffic is flowing, +routing entries can grow very old. +The 'Ptmr' field is simply a dash if no prune was sent upstream, or the +amount of time until the upstream prune will time out. +The 'Ivif' field indicates the incoming vif for multicast packets from +that origin. +Each router also maintains a record of the number of prunes received from +neighboring routers for a particular source and group. +If there are no members of a multicast group on any downward link of the +multicast tree for a subnet, a prune message is sent to the upstream router. +They are indicated by a "P" after the vif number. +The Forwvifs field shows the interfaces along which datagrams belonging to +the source-group are forwarded. +A "p" indicates that no datagrams are being forwarded along that interface. +An unlisted interface is a leaf subnet with no members of the particular +group on that subnet. +A "b" on an interface indicates that it is a boundary interface, i.e.\& +traffic will not be forwarded on the scoped address on that interface. +An additional line with a +.Sq \*(Gt +as the first character is printed for +each source on the subnet. +Note that there can be many sources in one subnet. +.Sh SEE ALSO +.Xr map-mbone 8 , +.Xr mrinfo 8 , +.Xr mtrace 8 +.Sh STANDARDS +.Rs +.%A S. Deering +.%O Proceedings of the ACM SIGCOMM '88 Conference +.%T Multicast Routing in Internetworks and Extended LANs +.Re +.Sh AUTHORS +.An -nosplit +.An Steve Deering , +.An Ajit Thyagarajan , +.An Bill Fenner diff --git a/static/openbsd/man8/mtrace.8 b/static/openbsd/man8/mtrace.8 new file mode 100644 index 00000000..9ba0b666 --- /dev/null +++ b/static/openbsd/man8/mtrace.8 @@ -0,0 +1,528 @@ +.\" $OpenBSD: mtrace.8,v 1.18 2014/09/08 01:27:55 schwarze Exp $ +.\" $NetBSD: mtrace.8,v 1.4 1995/12/10 10:57:11 mycroft Exp $ +.\" +.\" Copyright (c) 1993, 1998-2001. +.\" The University of Southern California/Information Sciences Institute. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" Other copyrights might apply to parts of this software and are so +.\" noted when applicable. +.\" +.\" This manual page (but not the software) was derived from the +.\" manual page for the traceroute program which bears the following +.\" copyright notice: +.\" +.\" Copyright (c) 1988 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Van Jacobson. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 8 2014 $ +.Dt MTRACE 8 +.Os +.Sh NAME +.Nm mtrace +.Nd print multicast path from a source to a receiver +.Sh SYNOPSIS +.Nm mtrace +.Op Fl lMnpsv +.Op Fl g Ar gateway +.Op Fl i Ar if_addr +.Op Fl m Ar max_hops +.Op Fl q Ar nqueries +.Op Fl r Ar host +.Op Fl S Ar stat_int +.Op Fl t Ar ttl +.Op Fl w Ar waittime +.Ar source +.Op Ar receiver +.Op Ar group +.Sh DESCRIPTION +Assessing problems in the distribution of IP multicast traffic +can be difficult. +.Nm +utilizes a tracing feature implemented in multicast routers +.Pf ( Nm mrouted +version 3.3 and later) that is +accessed via an extension to the IGMP protocol. +A trace query is passed hop-by-hop along the reverse path from the +.Ar receiver +to the +.Ar source , +collecting hop addresses, packet counts, and routing error conditions +along the path, and then the response is returned to the requestor. +.Pp +The only required parameter is the +.Ar source +host name or address. +The default +.Ar receiver +is the host running mtrace, and the default +.Ar group +is "MBone Audio" (224.2.0.1), which is sufficient if packet loss +statistics for a particular multicast group are not needed. +These two optional parameters may be specified to test the path to some other +receiver in a particular group, subject to some constraints as +detailed below. +The two parameters can be distinguished because the +.Ar receiver +is a unicast address and the +.Ar group +is a multicast address. +.Pp +The options are as follows: +.Bl -tag -width addr_xy +.It Fl g Ar gateway +Send the trace query via unicast directly to the multicast router +.Ar gateway +rather than multicasting the query. +This must be the last-hop router on the path from the intended +.Ar source +to the +.Ar receiver . +.Em NOTE: Read the BUGS section below. +.It Fl i Ar if_addr +Use +.Ar if_addr +as the local interface address (on a multi-homed host) for sending the +trace query and as the default for the +.Ar receiver +and the response destination. +.It Fl l +Loop indefinitely printing packet rate and loss statistics for the +multicast path every 10 seconds (see +.Fl S Ar stat_int ) . +.It Fl M +Always send the response using multicast rather than attempting +unicast first. +.It Fl m Ar max_hops +Set to +the maximum number of hops that will be traced from the +.Ar receiver +back toward the +.Ar source . +The default is 32 hops (infinity for the DVMRP routing protocol). +.It Fl n +Print hop addresses numerically rather than symbolically and numerically +(saves a nameserver address-to-name lookup for each router found on the +path). +.It Fl p +Listen passively for multicast responses from traces initiated by others. +This works best when run on a multicast router. +.It Fl q Ar nqueries +Set the maximum number of query attempts for any hop to +.Ar nqueries . +The default is 3. +.It Fl r Ar host +Send the trace response to +.Ar host +rather than to the host on which +.Nm +is being run, or to a multicast address other than the one registered +for this purpose (224.0.1.32). +.It Fl S Ar stat_int +Change the interval between statistics gathering traces to +.Ar stat_int +seconds (default 10 seconds). +.It Fl s +Print a short form output including only the multicast path and not +the packet rate and loss statistics. +.It Fl t Ar ttl +Set the +.Ar ttl +(time-to-live, or number of hops) for multicast trace queries and +responses. +The default is 64, except for local queries to the +"all routers" multicast group which use ttl 1. +.It Fl v +Verbose mode; show hop times on the initial trace and statistics display. +.It Fl w Ar waittime +Set the time to wait for a trace response to +.Ar waittime +seconds (default 3 seconds). +.El +.Ss How \&It Works +The technique used by the +.Nm traceroute +tool to trace unicast network paths will not work for IP multicast +because ICMP responses are specifically forbidden for multicast traffic. +Instead, a tracing feature has been built into the multicast routers. +This technique has the advantage that additional information about +packet rates and losses can be accumulated while the number of packets +sent is minimized. +.Pp +Since multicast uses +reverse path forwarding, the trace is run backwards from the +.Ar receiver +to the +.Ar source . +A trace query packet is sent to the last +hop multicast router (the leaf router for the desired +.Ar receiver +address). +The last hop router builds a trace response packet, fills in +a report for its hop, and forwards the trace packet using unicast to +the router it believes is the previous hop for packets originating +from the specified +.Ar source . +Each router along the path adds its report and forwards the packet. +When the trace response packet reaches the first hop router (the router +that is directly connected to the source's net), that router sends the +completed response to the response destination address specified in +the trace query. +.Pp +If some multicast router along the path does not implement the +multicast traceroute feature or if there is some outage, then no +response will be returned. +To solve this problem, the trace query includes a maximum hop count field +to limit the number of hops traced before the response is returned. +That allows a partial path to be traced. +.Pp +The reports inserted by each router contain not only the address of +the hop, but also the ttl required to forward and some flags to indicate +routing errors, plus counts of the total number of packets on the +incoming and outgoing interfaces and those forwarded for the specified +.Ar group . +Taking differences in these counts for two traces separated in time +and comparing the output packet counts from one hop with the input +packet counts of the next hop allows the calculation of packet rate +and packet loss statistics for each hop to isolate congestion +problems. +.Ss Finding the Last-Hop Router +The trace query must be sent to the multicast router which is the +last hop on the path from the +.Ar source +to the +.Ar receiver . +If the +.Ar receiver +is on the local subnet (as determined using the subnet +mask), then the default method is to multicast the trace query to +all-routers.mcast.net (224.0.0.2) with a ttl of 1. +Otherwise, the trace query is multicast to the +.Ar group +address since the last hop router will be a member of that group if +the +.Ar receiver +is. +Therefore it is necessary to specify a +.Ar group +that the intended +.Ar receiver +is joined. +This multicast is sent with a default ttl of 64, which may not be sufficient +for all cases (changed with the +.Fl t +option). +If the last hop router is known, it may also be addressed directly +using the +.Fl g +option). +Alternatively, if it is desired to trace a group that the +.Ar receiver +has not joined, but it is known that the last-hop router is a +member of another group, the +.Fl g +option may also be used to specify a different multicast address for the +trace query. +.Pp +When tracing from a multihomed host or router, the default +.Ar receiver +address may not be the desired interface for the path from the +.Ar source . +In that case, the desired interface should be specified explicitly as +the +.Ar receiver . +.Ss Directing the Response +By default, +.Nm +first attempts to trace the full reverse path, unless the number of +hops to trace is explicitly set with the +.Fl m +option. +If there is no response within a 3 second timeout interval +(changed with the +.Fl m +option), a "*" is printed and the probing switches to hop-by-hop mode. +Trace queries are issued starting with a maximum hop count of one and +increasing by one until the full path is traced or no response is +received. +At each hop, multiple probes are sent (default is three, changed with +.Fl q +option). +The first half of the attempts (default is one) are made with +the unicast address of the host running +.Nm +as the destination for the response. +Since the unicast route may be blocked, the remainder of attempts request +that the response be multicast to mtrace.mcast.net (224.0.1.32) with the +ttl set to 32 more than what's needed to pass the thresholds seen so far +along the path to the +.Ar receiver . +For the last quarter of the attempts (default is +one), the ttl is increased by another 32 each time up to a maximum of 192. +Alternatively, the ttl may be set explicitly with the +.Fl t +option and/or the initial unicast attempts can be forced to use +multicast instead with the +.Fl m +option. +For each attempt, if no response is received within the timeout, +a "*" is printed. +After the specified number of attempts have failed, +.Nm +will try to query the next hop router with a DVMRP_ASK_NEIGHBORS2 +request (as used by the +.Nm mrinfo +program) to see what kind of router it is. +.Sh EXAMPLES +The output of +.Nm +is in two sections. +The first section is a short listing of the hops in the order they are +queried, that is, in the reverse of the order from the +.Ar source +to the +.Ar receiver . +For each hop, a line is printed showing the hop number (counted +negatively to indicate that this is the reverse path); the multicast +routing protocol (DVMRP, MOSPF, PIM, etc.); the threshold required to +forward data (to the previous hop in the listing as indicated by the +up-arrow character); and the cumulative delay for the query to reach +that hop (valid only if the clocks are synchronized). +This first section ends with a line showing the round-trip time which measures +the interval from when the query is issued until the response is +received, both derived from the local system clock. +A sample use and output might be: +.Bd -literal +oak.isi.edu 80# mtrace -l caraway.lcs.mit.edu 224.2.0.3 +Mtrace from 18.26.0.170 to 128.9.160.100 via group 224.2.0.3 +Querying full reverse path... + 0 oak.isi.edu (128.9.160.100) + -1 cub.isi.edu (128.9.160.153) DVMRP thresh^ 1 3 ms + -2 la.dart.net (140.173.128.1) DVMRP thresh^ 1 14 ms + -3 dc.dart.net (140.173.64.1) DVMRP thresh^ 1 50 ms + -4 bbn.dart.net (140.173.32.1) DVMRP thresh^ 1 63 ms + -5 mit.dart.net (140.173.48.2) DVMRP thresh^ 1 71 ms + -6 caraway.lcs.mit.edu (18.26.0.170) +Round trip time 124 ms +.Ed +.Pp +The second section provides a pictorial view of the path in the +forward direction with data flow indicated by arrows pointing downward +and the query path indicated by arrows pointing upward. +For each hop, both the entry and exit addresses of the router are shown if +different, along with the initial ttl required on the packet in order +to be forwarded at this hop and the propagation delay across the hop +assuming that the routers at both ends have synchronized clocks. +The right half of this section is composed of several columns of +statistics in two groups. +Within each group, the columns are the number of packets lost, the number +of packets sent, the percentage lost, and the average packet rate at each hop. +These statistics are calculated from differences between traces and from +hop to hop as explained above. +The first group shows the statistics for all traffic flowing out the interface +at one hop and in the interface at the next hop. +The second group shows the statistics only for traffic forwarded +from the specified +.Ar source +to the specified +.Ar group . +.Pp +These statistics are shown on one or two lines for each hop. +Without any options, this second section of the output is printed only once, +approximately 10 seconds after the initial trace. +One line is shown for each hop showing the statistics over that 10-second +period. +If the +.Fl l +option is given, the second section is repeated every 10 seconds and +two lines are shown for each hop. +The first line shows the statistics for the last 10 seconds, and the second +line shows the cumulative statistics over the period since the initial trace, +which is 101 seconds in the example below. +The second section of the output is omitted if the +.Fl s . +option is set. +.Bd -literal +Waiting to accumulate statistics... Results after 101 seconds: + + Source Response Dest Packet Statistics For Only For Traffic +18.26.0.170 128.9.160.100 All Multicast Traffic From 18.26.0.170 + | __/ rtt 125 ms Lost/Sent = Pct Rate To 224.2.0.3 + v / hop 65 ms --------------------- ------------------ +18.26.0.144 +140.173.48.2 mit.dart.net + | ^ ttl 1 0/6 = --% 0 pps 0/2 = --% 0 pps + v | hop 8 ms 1/52 = 2% 0 pps 0/18 = 0% 0 pps +140.173.48.1 +140.173.32.1 bbn.dart.net + | ^ ttl 2 0/6 = --% 0 pps 0/2 = --% 0 pps + v | hop 12 ms 1/52 = 2% 0 pps 0/18 = 0% 0 pps +140.173.32.2 +140.173.64.1 dc.dart.net + | ^ ttl 3 0/271 = 0% 27 pps 0/2 = --% 0 pps + v | hop 34 ms -1/2652 = 0% 26 pps 0/18 = 0% 0 pps +140.173.64.2 +140.173.128.1 la.dart.net + | ^ ttl 4 -2/831 = 0% 83 pps 0/2 = --% 0 pps + v | hop 11 ms -3/8072 = 0% 79 pps 0/18 = 0% 0 pps +140.173.128.2 +128.9.160.153 cub.isi.edu + | \e__ ttl 5 833 83 pps 2 0 pps + v \e hop -8 ms 8075 79 pps 18 0 pps +128.9.160.100 128.9.160.100 + Receiver Query Source +.Ed +.Pp +Because the packet counts may be changing as the trace query is +propagating, there may be small errors (off by 1 or 2) in these +statistics. +However, those errors should not accumulate, so the cumulative statistics +line should increase in accuracy as a new trace is run every 10 seconds. +There are two sources of larger errors, +both of which show up as negative losses: +.Bl -bullet -offset abcd +.It +If the input to a node is from a multi-access network with more than +one other node attached, then the input count will be (close to) the +sum of the output counts from all the attached nodes, but the output +count from the previous hop on the traced path will be only part of +that. +Hence the output count minus the input count will be negative. +.It +In release 3.3 of the DVMRP multicast forwarding software for SunOS +and other systems, a multicast packet generated on a router will be +counted as having come in an interface even though it did not. +This creates the negative loss that can be seen in the example above. +.El +.Pp +Note that these negative losses may mask positive losses. +.Pp +In the example, there is also one negative hop time. +This simply indicates a lack of synchronization between the system clocks +across that hop. +This example also illustrates how the percentage loss is +shown as two dashes when the number of packets sent is less than 10 +because the percentage would not be statistically valid. +.Pp +A second example shows a trace to a +.Ar receiver +that is not local; the query is sent to the last-hop router with the +.Fl g +option. +In this example, the trace of the full reverse path resulted +in no response because there was a node running an old version of +.Nm mrouted +that did not implement the multicast traceroute function, so +.Nm +switched to hop-by-hop mode. +The "Route pruned" error code indicates that traffic for group 224.2.143.24 +would not be forwarded. +.Bd -literal +oak.isi.edu 108# mtrace -g 140.173.48.2 204.62.246.73 \e + butter.lcs.mit.edu 224.2.143.24 +Mtrace from 204.62.246.73 to 18.26.0.151 via group 224.2.143.24 +Querying full reverse path... * switching to hop-by-hop: + 0 butter.lcs.mit.edu (18.26.0.151) + -1 jam.lcs.mit.edu (18.26.0.144) DVMRP thresh^ 1 33 ms Route pruned + -2 bbn.dart.net (140.173.48.1) DVMRP thresh^ 1 36 ms + -3 dc.dart.net (140.173.32.2) DVMRP thresh^ 1 44 ms + -4 darpa.dart.net (140.173.240.2) DVMRP thresh^ 16 47 ms + -5 * * * noc.hpc.org (192.187.8.2) [mrouted 2.2] didn't respond +Round trip time 95 ms +.Ed +.Sh SEE ALSO +.Xr map-mbone 8 , +.Xr mrinfo 8 , +.Xr mrouted 8 , +.Xr traceroute 8 +.Sh AUTHORS +.An -nosplit +Implemented by +.An Steve Casner +based on an initial prototype written by +.An Ajit Thyagarajan . +The multicast traceroute mechanism was designed by +.An Van Jacobson +with help from +.An Steve Casner , +.An Steve Deering , +.An Dino Farinacci , +and +.An Deb Agrawal ; +it was implemented in +.Nm mrouted +by +.An Ajit Thyagarajan +and +.An Bill Fenner . +The option syntax and the output format of +.Nm +are modeled after the unicast +.Xr traceroute 8 +program written by +.An Van Jacobson . +.Sh BUGS +Versions 3.3 and 3.5 of +.Nm mrouted +will crash if a trace query is received via a +unicast packet and +.Nm mrouted +has no route for the +.Ar source +address. +Therefore, do not use the +.Fl g +option unless the target +.Nm mrouted +has been verified to be 3.4 or newer than 3.5. diff --git a/static/openbsd/man8/mtree.8 b/static/openbsd/man8/mtree.8 new file mode 100644 index 00000000..4968238d --- /dev/null +++ b/static/openbsd/man8/mtree.8 @@ -0,0 +1,352 @@ +.\" $OpenBSD: mtree.8,v 1.42 2022/02/18 23:17:16 jsg Exp $ +.\" $NetBSD: mtree.8,v 1.4 1995/03/07 21:26:25 cgd Exp $ +.\" +.\" Copyright (c) 1989, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)mtree.8 8.2 (Berkeley) 12/11/93 +.\" +.Dd $Mdocdate: February 18 2022 $ +.Dt MTREE 8 +.Os +.Sh NAME +.Nm mtree +.Nd map a directory hierarchy +.Sh SYNOPSIS +.Nm mtree +.Bk -words +.Op Fl cdeilnqrtUux +.Op Fl f Ar spec +.Op Fl K Ar keywords +.Op Fl k Ar keywords +.Op Fl p Ar path +.Op Fl s Ar seed +.Ek +.Sh DESCRIPTION +The utility +.Nm mtree +compares the file hierarchy rooted in the current directory against a +specification read from the standard input. +Messages are written to the standard output for any files whose +characteristics do not match the specification, or which are +missing from either the file hierarchy or the specification. +For an explanation of the directory hierarchy, +see +.Xr hier 7 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c +Print a specification for the file hierarchy to the standard output. +.It Fl d +Ignore everything except directory type files. +.It Fl e +Don't complain about files that are in the file hierarchy, but not in the +specification. +.It Fl f Ar spec +Read the specification from file +.Ar spec , +instead of from the standard input. +.It Fl i +Indents the output 4 spaces each time a directory level is descended when +creating a specification with the +.Fl c +option. +This does not affect either the /set statements or the comment before each +directory. +It does however affect the comment before the close of each directory. +.It Fl K Ar keywords +Add the specified (whitespace or comma separated) keywords to the current +set of keywords. +.It Fl k Ar keywords +Use the +.Dq type +keyword plus the specified (whitespace or comma separated) +keywords instead of the current set of keywords. +.It Fl l +Do +.Dq loose +permissions checks, in which more stringent permissions +will match less stringent ones. +For example, a file marked mode 0444 will pass a check for mode 0644. +.Dq Loose +checks apply only to read, write and execute permissions -- in +particular, if other bits like the sticky bit or suid/sgid bits are +set either in the specification or the file, exact checking will be +performed. +This flag may not be set at the same time as the +.Fl u +or +.Fl U +flags. +.It Fl n +Do not emit pathname comments when creating a specification. +Normally +a comment is emitted before each directory and before the close of that +directory when using the +.Fl c +option. +.It Fl p Ar path +Use the file hierarchy rooted in +.Ar path , +instead of the current directory. +.It Fl q +Quiet mode. +Do not complain when a +.Dq missing +directory cannot be created because it already exists. +This occurs when the directory is a symbolic link. +.It Fl r +Remove any files in the file hierarchy that are not described in the +specification. +.It Fl s Ar seed +Display a single checksum to the standard error output that represents all +of the files for which the keyword +.Cm cksum +was specified. +The checksum is seeded with the specified value. +.It Fl t +If a file's timestamp is different from the specification, +.Dq touch +it to match the specification (and list as modified). +.It Fl U +Modify the owner, group, and permissions of existing files to match +the specification and create any missing directories. +User, group, and permissions must all be specified for missing directories +to be created. +Exit with a status of 0 on success, 1 if any error occurred; +a mismatch is not considered an error if it was corrected. +.It Fl u +Same as the +.Fl U +option except a status of 2 is returned if the file hierarchy +did not match the specification. +.It Fl x +Don't descend below mount points in the file hierarchy. +.El +.Pp +Specifications are mostly composed of +.Dq keywords +(i.e., strings that specify values relating to files). +No keywords have default values, and if a keyword has no value set, no +checks based on it are performed. +.Pp +Currently supported keywords are as follows: +.Bl -tag -width sha256digest +.It Cm cksum +The checksum of the file using the default algorithm specified by +the +.Xr cksum 1 +utility. +.It Cm flags +The current file's flags (whitespace or comma separated) in symbolic form +as specified by +.Xr chflags 1 . +The string +.Dq none +may be used to indicate that no flags should be set on the file. +.It Cm gid +The file group as a numeric value. +.It Cm gname +The file group as a symbolic name. +.It Cm ignore +Ignore any file hierarchy below this file. +.It Cm link +The file the symbolic link is expected to reference. +.It Cm md5digest +The MD5 message digest of the file. +.It Cm mode +The current file's permissions as a numeric (octal) or symbolic +value. +.It Cm nlink +The number of hard links the file is expected to have. +.It Cm nochange +Do not change the attributes (owner, group, mode, etc) on a file or directory. +.It Cm optional +The file is optional; don't complain about the file if it's +not in the file hierarchy. +.It Cm rmd160digest +The RIPEMD-160 message digest of the file. +.It Cm sha1digest +The SHA-1 message digest of the file. +.It Cm sha256digest +The SHA-256 message digest of the file. +.It Cm size +The size, in bytes, of the file. +.It Cm time +The last modification time of the file. +.It Cm type +The type of the file; may be set to any one of the following: +.Pp +.Bl -tag -width Cm -compact +.It Cm block +block special device +.It Cm char +character special device +.It Cm dir +directory +.It Cm fifo +FIFO +.It Cm file +regular file +.It Cm link +symbolic link +.It Cm socket +socket +.El +.It Cm uid +The file owner as a numeric value. +.It Cm uname +The file owner as a symbolic name. +.El +.Pp +The default set of keywords are +.Cm gid , +.Cm mode , +.Cm nlink , +.Cm size , +.Cm link , +.Cm time , +and +.Cm uid . +.Pp +There are four types of lines in a specification. +.Pp +The first type of line sets a global value for a keyword, and consists of +the string +.Dq /set +followed by whitespace, followed by sets of keyword/value +pairs, separated by whitespace. +Keyword/value pairs consist of a keyword, followed by an equals sign +.Pq Sq = , +followed by a value, without whitespace characters. +Once a keyword has been set, its value remains unchanged until either +reset or unset. +.Pp +The second type of line unsets keywords and consists of the string +.Dq /unset , +followed by whitespace, followed by one or more keywords, +separated by whitespace. +.Pp +The third type of line is a file specification and consists of a file +name, followed by whitespace, followed by zero or more whitespace +separated keyword/value pairs. +The file name may be preceded by whitespace characters. +The file name may contain any of the standard file name matching +characters +.Po +.Dq \&[ , +.Dq \&] , +.Dq \&? , +or +.Dq \&* +.Pc , +in which case files in the hierarchy will be associated with the first +pattern that they match. +.Pp +Each of the keyword/value pairs consist of a keyword, followed by an +equals sign, followed by the keyword's value, without +whitespace characters. +These values override, without changing, the global value of the +corresponding keyword. +.Pp +All paths are relative. +Specifying a directory will cause subsequent files to be searched +for in that directory hierarchy. +Which brings us to the last type of line in a specification: a line +containing only the string +.Dq .. +causes the current directory +path to ascend one level. +.Pp +Empty lines and lines whose first non-whitespace character is a hash +mark +.Pq Sq # +are ignored. +.Sh FILES +.Bl -tag -width /etc/mtree -compact +.It Pa /etc/mtree +system specification directory +.El +.Sh EXIT STATUS +The +.Nm mtree +utility exits with a status of 0 on success, 1 if any error occurred, +and 2 if the file hierarchy did not match the specification. +A status of 2 is converted to a status of 0 if the +.Fl U +option is used. +.Sh EXAMPLES +To detect system binaries that have been +.Dq trojan horsed , +it is recommended +that +.Nm mtree +.Fl cK +.Cm sha256digest +be run on the file systems, and a copy of the results stored on a different +machine or, at least, in encrypted form. +The output file itself should be digested using the +.Xr sha256 1 +utility. +Then, periodically, +.Nm mtree +and +.Xr sha256 1 +should be run against the on-line specifications. +While it is possible for attackers to change the on-line specifications +to conform to their modified binaries, it is believed to be +impractical for them to create a modified specification which has +the same SHA-256 digest as the original. +.Pp +The +.Fl d +and +.Fl u +options can be used in combination to create directory hierarchies +for distributions and other such things; the files in +.Pa /etc/mtree +were used to create almost all directories in a normal binary +distribution. +.Sh SEE ALSO +.Xr chgrp 1 , +.Xr chmod 1 , +.Xr cksum 1 , +.Xr md5 1 , +.Xr stat 2 , +.Xr fts_open 3 , +.Xr MD5Init 3 , +.Xr RMD160Init 3 , +.Xr SHA1Init 3 , +.Xr SHA256Init 3 , +.Xr hier 7 , +.Xr chown 8 +.Sh HISTORY +The +.Nm mtree +utility appeared in +.Bx 4.3 Reno . diff --git a/static/openbsd/man8/ncheck_ffs.8 b/static/openbsd/man8/ncheck_ffs.8 new file mode 100644 index 00000000..061190d6 --- /dev/null +++ b/static/openbsd/man8/ncheck_ffs.8 @@ -0,0 +1,141 @@ +.\" $OpenBSD: ncheck_ffs.8,v 1.27 2020/02/08 17:25:25 schwarze Exp $ +.\" +.\" Copyright (c) 1995, 1996 SigmaSoft, Th. Lockert <tholo@sigmasoft.com> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 8 2020 $ +.Dt NCHECK_FFS 8 +.Os +.Sh NAME +.Nm ncheck_ffs , +.Nm ncheck +.Nd generate names from inode-numbers +.Sh SYNOPSIS +.Nm ncheck_ffs +.Op Fl ams +.Op Fl f Ar format +.Op Fl i Ar number ... +.Ar filesystem +.Sh DESCRIPTION +.Nm +generates a list of filenames and inode numbers for the given +file system. +Names of directories are followed by a +.Sq \&. . +.Nm +may be invoked more simply as +.Nm ncheck , +with no change in behaviour. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Print the file names +.Sq \&. +and +.Sq .. , +which are ordinarily skipped. +.It Fl f Ar format +Use a custom output format when printing inode information. +Characters from +.Ar format +are printed for each inode with the following escape sequences: +.Pp +.Bl -tag -width Ds -offset indent -compact +.It Cm \ea +Print a +.Aq bell +character. +.It Cm \eb +Print a +.Aq backspace +character. +.It Cm \ee +Print an +.Aq escape +character. +.It Cm \ef +Print a +.Aq form-feed +character. +.It Cm \eI +Print the inode number. +.It Cm \en +Print a +.Aq new-line +character. +.It Cm \eP +Print the pathname to the file using the current inode number. +.It Cm \er +Print a +.Aq carriage return +character. +.It Cm \et +Print a +.Aq tab +character. +.It Cm \ev +Print a +.Aq vertical tab +character. +.It Cm \e\(aq +Print a +.Aq single quote +character. +.It Cm \e\e +Print a backslash character. +.It Cm \e0 +Print a NUL character. +.El +.Pp +All other characters, when prefixed by a backslash, simply print +the character following the backslash. +The device name is not printed on the first line of output when the +.Fl f +option is specified. +.It Fl i Ar number ... +Report only those files whose inode numbers are as listed. +.It Fl m +Give more verbose information on inodes. +.It Fl s +Report only special files and files with set-user-ID or set-group-ID +set. +This is meant to find hidden violations of security policies. +.El +.Pp +The report is not sorted. +.Sh SEE ALSO +.Xr sort 1 , +.Xr fsck 8 , +.Xr fsdb 8 +.Sh HISTORY +An +.Nm ncheck +command appeared in +.At v6 . +The +.Nm +command was designed to be similar in functionality to the corresponding +command in SunOS 4.1.3. +.Sh AUTHORS +.An Thorsten Lockert Aq Mt tholo@sigmasoft.com diff --git a/static/openbsd/man8/ndp.8 b/static/openbsd/man8/ndp.8 new file mode 100644 index 00000000..62cdaa8a --- /dev/null +++ b/static/openbsd/man8/ndp.8 @@ -0,0 +1,165 @@ +.\" $OpenBSD: ndp.8,v 1.46 2019/08/23 15:41:59 kn Exp $ +.\" $KAME: ndp.8,v 1.28 2002/07/17 08:46:33 itojun Exp $ +.\" +.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 23 2019 $ +.Dt NDP 8 +.Os +.Sh NAME +.Nm ndp +.Nd control/diagnose IPv6 Neighbor Discovery Protocol (NDP) +.Sh SYNOPSIS +.Nm ndp +.Op Fl acnt +.Op Fl A Ar wait +.Op Fl d Ar hostname +.Op Fl f Ar filename +.Op Fl i Ar interface +.Op Fl s Ar nodename ether_addr Oo Cm temp Oc Op Cm proxy +.Op Fl V Ar rdomain +.Op Ar hostname +.Sh DESCRIPTION +The +.Nm +command manipulates the address mapping table +used by the Neighbor Discovery Protocol (NDP). +.Bl -tag -width Ds +.It Fl A Ar wait +Repeat +.Fl a +.Pq dump NDP entries +every +.Ar wait +seconds. +.It Fl a +Dump the currently existing NDP entries. +The following information will be printed: +.Bl -tag -width Ds -offset 3n +.It Neighbor +The IPv6 address of the neighbor. +.It Linklayer Address +The linklayer address of the neighbor. +If the address is not available, +it will be displayed as +.Dq (incomplete) . +.It Netif +The network interface associated with the neighbor cache entry. +.It Expire +The time until expiry of the entry. +If the entry is marked +.Dq permanent , +it will never expire. +.It S +The state of the neighbor cache entry, as a single letter: +.Pp +.Bl -tag -width Ds -offset 3n -compact +.It D +Delay +.It I +Incomplete +.It N +Nostate +.It P +Probe +.It R +Reachable +.It S +Stale +.It W +Waitdelete +.It \&? +Unknown state (should never happen). +.El +.It Flags +Flags on the neighbor cache entry, in a single letter. +They are: local +.Pq Sq l , +Router +.Pq Sq R +and proxy neighbor advertisement +.Pq Sq p . +This field may be followed by a decimal number, +representing the number of NS probes +the node has sent during the current state. +.El +.It Fl c +Erase all the NDP entries. +.It Fl d Ar hostname +Delete the specified NDP entry. +.It Fl f Ar filename +Parse entries from +.Ar file +to be inserted in the neighbor cache. +See the +.Fl s +option for a description of the file format. +.It Fl i Ar interface +View ND information for the specified interface. +.It Fl n +Do not perform domain name resolution. +If a name cannot be resolved without DNS, an error will be reported. +.It Xo +.Fl s Ar nodename ether_addr +.Op Cm temp +.Op Cm proxy +.Xc +Register an NDP entry for the node called nodename with the Ether +address ether_addr. +The Ethernet address is given as six hexadecimal bytes separated by +colons. +The entry will be permanent unless the word +.Cm temp +is given in the command. +If the word +.Cm proxy +is given, this system will act as an ND Proxy server, +responding to requests for +.Ar nodename +even though the node address is not its own. +.It Fl t +Print a timestamp on each entry, +making it possible to merge output with +.Xr tcpdump 8 . +Most useful when used with +.Fl A . +.It Fl V Ar rdomain +Select the routing domain. +.El +.Sh EXIT STATUS +.Ex -std ndp +.Sh SEE ALSO +.Xr ip6 4 , +.Xr sysctl.conf 5 , +.Xr arp 8 , +.Xr sysctl 8 , +.Xr tcpdump 8 +.Sh HISTORY +The +.Nm +command first appeared in the WIDE Hydrangea IPv6 protocol stack kit. diff --git a/static/openbsd/man8/netgroup_mkdb.8 b/static/openbsd/man8/netgroup_mkdb.8 new file mode 100644 index 00000000..37d20fb4 --- /dev/null +++ b/static/openbsd/man8/netgroup_mkdb.8 @@ -0,0 +1,81 @@ +.\" $OpenBSD: netgroup_mkdb.8,v 1.11 2023/01/04 13:00:11 jsg Exp $ +.\" +.\" Copyright (c) 1994 Christos Zoulas +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 4 2023 $ +.Dt NETGROUP_MKDB 8 +.Os +.Sh NAME +.Nm netgroup_mkdb +.Nd generate the netgroup databases +.Sh SYNOPSIS +.Nm netgroup_mkdb +.Op Fl o Ar database +.Op Ar file +.Sh DESCRIPTION +.Nm netgroup_mkdb +creates Berkeley databases for the specified +.Ar file . +If no file is specified, +.Pa /etc/netgroup +is used. +These databases are then installed into +.Pa /etc/netgroup.db . +The file must be in the correct format (see +.Xr netgroup 5 ) . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl o Ar database +Put the output databases in the named file. +.El +.Pp +The databases are used by the C library netgroup routines (see +.Xr getnetgrent 3 ) . +.Sh FILES +.Bl -tag -width 24n -compact +.It Pa /etc/netgroup.db +current netgroup database +.It Pa /etc/netgroup.db.tmp +a temporary file +.It Pa /etc/netgroup +current netgroup file +.El +.Sh EXIT STATUS +.Ex -std netgroup_mkdb +.Sh SEE ALSO +.Xr dbopen 3 , +.Xr getnetgrent 3 , +.Xr netgroup 5 +.Sh BUGS +Because +.Nm netgroup_mkdb +guarantees not to install a partial destination file, it must +build a temporary file in the same file system and if successful use +.Xr rename 2 +to install over the destination file. +.Pp +If +.Nm netgroup_mkdb +fails, it will leave the previous version of the destination file intact. diff --git a/static/openbsd/man8/newaliases.8 b/static/openbsd/man8/newaliases.8 new file mode 100644 index 00000000..b82e4515 --- /dev/null +++ b/static/openbsd/man8/newaliases.8 @@ -0,0 +1,86 @@ +.\" $OpenBSD: newaliases.8,v 1.12 2018/07/20 15:35:33 millert Exp $ +.\" +.\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@openbsd.org> +.\" Copyright (c) 2008-2009 Gilles Chehade <gilles@poolp.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 20 2018 $ +.Dt NEWALIASES 8 +.Os +.Sh NAME +.Nm newaliases +.Nd rebuild mail aliases +.Sh SYNOPSIS +.Nm newaliases +.Op Fl f Ar file +.Sh DESCRIPTION +The +.Nm +utility makes changes to the mail aliases file visible to +.Xr smtpd 8 . +It should be run every time the +.Xr aliases 5 +file is changed. +The location of the alias file is defined in +.Xr smtpd.conf 5 , +and defaults to +.Pa /etc/mail/aliases . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f Ar file +Use +.Ar file +as the configuration file, +instead of the default +.Pa /etc/mail/smtpd.conf . +.El +.Pp +If using database (db) files, +.Nm +is equivalent to running +.Xr makemap 8 +as follows: +.Bd -literal -offset indent +# makemap -t aliases /etc/mail/aliases +.Ed +.Pp +If using plain text files, +.Nm +is equivalent to running +.Xr smtpctl 8 +as follows: +.Bd -literal -offset indent +# smtpctl update table aliases +.Ed +.Sh FILES +.Bl -tag -width "/etc/mail/aliasesXXX" -compact +.It Pa /etc/mail/aliases +List of local user mail aliases. +.It Pa /etc/mail/virtual +List of virtual host aliases. +.El +.Sh EXIT STATUS +.Ex -std newaliases +.Sh SEE ALSO +.Xr smtpd.conf 5 , +.Xr makemap 8 , +.Xr smtpctl 8 , +.Xr smtpd 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 4.6 +as a replacement for the equivalent command shipped with sendmail. diff --git a/static/openbsd/man8/newfs.8 b/static/openbsd/man8/newfs.8 new file mode 100644 index 00000000..2c509f20 --- /dev/null +++ b/static/openbsd/man8/newfs.8 @@ -0,0 +1,345 @@ +.\" $OpenBSD: newfs.8,v 1.80 2024/01/09 03:16:00 guenther Exp $ +.\" $NetBSD: newfs.8,v 1.12 1995/03/18 14:58:41 cgd Exp $ +.\" +.\" Copyright (c) 1983, 1987, 1991, 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)newfs.8 8.3 (Berkeley) 3/27/94 +.\" +.Dd $Mdocdate: January 9 2024 $ +.Dt NEWFS 8 +.Os +.Sh NAME +.Nm newfs , mount_mfs +.Nd construct a new file system +.Sh SYNOPSIS +.Nm newfs +.Bk -words +.Op Fl Nq +.Op Fl b Ar block-size +.Op Fl c Ar fragments-per-cylinder-group +.Op Fl e Ar maxbpg +.Op Fl f Ar frag-size +.Op Fl g Ar avgfilesize +.Op Fl h Ar avgfpdir +.Op Fl i Ar bytes +.Op Fl m Ar free-space +.Op Fl O Ar filesystem-format +.Op Fl o Ar optimization +.Op Fl S Ar sector-size +.Op Fl s Ar size +.Op Fl T Ar disktype +.Op Fl t Ar fstype +.Ar special +.Ek +.Pp +.Nm mount_mfs +.Bk -words +.Op Fl b Ar block-size +.Op Fl c Ar fragments-per-cylinder-group +.Op Fl e Ar maxbpg +.Op Fl f Ar frag-size +.Op Fl i Ar bytes +.Op Fl m Ar free-space +.Op Fl O Ar filesystem-format +.Op Fl o Ar options +.Op Fl P Ar file +.Op Fl s Ar size +.Ar special node +.Ek +.Sh DESCRIPTION +Before running +.Nm , +the disk must be labeled using +.Xr disklabel 8 . +.Nm +builds a file system on the specified +.Ar special +device, +basing its defaults on the information in the disk label. +Typically the defaults are reasonable, although +.Nm +has numerous options to allow the defaults to be selectively overridden. +.Pp +The +.Ar special +file should be a raw device, +for example +.Pa /dev/rsd0a ; +if a relative path like +.Pa sd0a +is specified, +the corresponding raw device is used. +.Pp +.Nm mount_mfs +is used to build a file system in virtual memory and then mount it +on a specified node. +.Nm mount_mfs +exits and the contents of the file system are lost +when the file system is unmounted. +If +.Nm mount_mfs +is sent a signal while running, +for example during system shutdown, +it will attempt to unmount its +corresponding file system. +The parameters to +.Nm mount_mfs +are the same as those to +.Nm newfs . +The special file is only used to read the disk label which provides +a set of configuration parameters for the memory based file system. +The special file is typically that of the primary swap area, +since that is where the file system will be backed up when +free memory gets low and the memory supporting +the file system has to be paged. +If the keyword +.Dq swap +is used instead of a special file name, default configuration parameters +will be used. +(This option is useful when trying to use +.Nm mount_mfs +on a machine without any disks.) +.Pp +Both +.Nm +and +.Nm mount_mfs +now have the functionality of +.Xr fsirand 8 +built in, so it is not necessary to run +.Xr fsirand 8 +manually unless you wish to re-randomize the +file system (or list the inode generation numbers). +.Pp +The options to +.Nm +are as follows: +.Bl -tag -width Ds +.It Fl b Ar block-size +The block size of the file system, in bytes. +If a disklabel is available, the default is read from it. +Otherwise the default is 16 KB or eight times the fragment size, +whichever is smaller. +.It Fl c Ar fragments-per-cylinder-group +The number of fragments per cylinder group in a file system. +The default is to compute the maximum allowed by the other parameters. +This value is dependent on a number of other parameters, +in particular the block size and the number of bytes per inode. +.It Fl e Ar maxbpg +This indicates the maximum number of blocks any single file can +allocate out of a cylinder group before it is forced to begin +allocating blocks from another cylinder group. +The default is about one quarter of the total blocks in a cylinder group. +See +.Xr tunefs 8 +for more details on how to set this option. +.It Fl f Ar frag-size +The fragment size of the file system in bytes. +If a disklabel is available, the default is read from it. +Otherwise the default is 2048. +.It Fl g Ar avgfilesize +The expected average file size for the file system in bytes. +.It Fl h Ar avgfpdir +The expected average number of files per directory on the file system. +.It Fl i Ar bytes +This specifies the density of inodes in the file system. +The default is to create an inode for every 4 fragments, +for 4k disks one inode for every 2 fragments. +If fewer inodes are desired, a larger number should be used; +to create more inodes a smaller number should be given. +.It Fl m Ar free-space +The percentage of space reserved from normal users; the minimum free +space threshold. +The default value used is 5%. +See +.Xr tunefs 8 +for more details on how to set this option. +.It Fl N +Causes the file system parameters to be printed out +without really creating the file system. +.It Fl O Ar filesystem-format +Select the filesystem format: +.Pp +.Bl -tag -width 3n -offset indent -compact +.It 1 +Fast File System (FFS), the default for +.Nm mount_mfs . +.It 2 +Enhanced Fast File System (FFS2), the default for +.Nm . +.El +.It Fl o Ar optimization +.Ar space +or +.Ar time . +The file system can either be instructed to try to minimize the +time spent allocating blocks, or to try to minimize the space +fragmentation on the disk. +Unless an optimization has been specified, +if the value of minfree (see above) is less than 5%, the default +is to optimize for space; if the value of minfree is greater than +or equal to 5%, the default is to optimize for time. +See +.Xr tunefs 8 +for more details on how to set this option. +.It Fl q +Operate in quiet mode. +With this option, +.Nm +will not print extraneous information like superblock backups. +.It Fl S Ar sector-size +The size of a sector in bytes (almost always 512). +Alternatively +.Ar sector-size +may instead use a multiplier, as documented in +.Xr scan_scaled 3 . +.Ar sector-size +should be 512 or a multiple of it because the kernel operates +512\-byte blocks internally. +A sector is the smallest addressable unit on the physical device. +Changing this is useful only when using +.Nm +to build a file system whose raw image will eventually be used on +a different type of disk than the one on which it is initially +created (for example on a write-once disk). +Note that changing this +from its default will make it impossible for +.Xr fsck 8 +to find the alternate superblocks automatically if the standard +superblock is lost. +.It Fl s Ar size +The size of the file system in sectors (see +.Fl S ) . +Alternatively +.Ar size +may instead use a multiplier, as documented in +.Xr scan_scaled 3 , +to specify size in bytes; in this case +.Ar size +is rounded up to the next sector boundary. +The maximum size of an FFS file system is 2,147,483,647 (2^31 \- 1) of +512\-byte blocks, slightly less than 1 TB. +FFS2 file systems can be as large as 64 PB. +Note however that for +.Nm mount_mfs +the practical limit is based on +.Va datasize +in +.Xr login.conf 5 , +and ultimately depends on the per-arch +.Dv MAXDSIZ +limit. +.It Fl T Ar disktype +Uses information for the specified disk from +.Xr disktab 5 +instead of trying to get the information from the +.Xr disklabel 5 . +.It Fl t Ar fstype +Set the file system type of which file system you wish to create. +.Nm +will be smart enough to run the alternate newfs_XXX program instead. +.El +.Pp +The options to +.Nm mount_mfs +are as described for +.Nm , +except for the +.Fl o +and +.Fl P +options. +.Pp +Those options are as follows: +.Bl -tag -width indent +.It Fl o Ar options +Options are specified with a +.Fl o +flag followed by a comma separated string of options. +See the +.Xr mount 8 +man page for possible options and their meanings. +.It Fl P Ar file +If +.Ar file +is a directory, populate the created mfs file system with the +contents of the directory. +If +.Ar file +is a block device, populate the created mfs file system with the +contents of the FFS file system contained on the device. +.El +.Pp +If the +.Fl P Ar file +option is not used, the owner and mode of the created mfs file +system will be the same as the owner and mode of the mount point. +.Sh ENVIRONMENT +.Bl -tag -width COLUMNS +.It Ev COLUMNS +If set to a positive integer, +output is formatted to the given width in columns. +Otherwise, +.Nm +defaults to the terminal width, or 80 columns if the output is not a terminal. +.El +.Sh SEE ALSO +.Xr disktab 5 , +.Xr fs 5 , +.Xr disklabel 8 , +.Xr dumpfs 8 , +.Xr fsck 8 , +.Xr fsirand 8 , +.Xr growfs 8 , +.Xr mount 8 , +.Xr tunefs 8 +.Rs +.%A M. McKusick +.%A W. Joy +.%A S. Leffler +.%A R. Fabry +.%T A Fast File System for UNIX +.%J ACM Transactions on Computer Systems 2 +.%V 3 +.%P pp. 181\(en197 +.%D August 1984 +.%O (reprinted in the BSD System Manager's Manual) +.Re +.Rs +.%A M. McKusick +.%A M. Karels +.%A K. Bostic +.%T "A Pageable Memory Based Filesystem" +.%J "USENIX Summer Conference Proceedings" +.%D 1990 +.Re +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/newfs_ext2fs.8 b/static/openbsd/man8/newfs_ext2fs.8 new file mode 100644 index 00000000..8d9ebda2 --- /dev/null +++ b/static/openbsd/man8/newfs_ext2fs.8 @@ -0,0 +1,344 @@ +.\" $OpenBSD: newfs_ext2fs.8,v 1.11 2022/03/31 17:27:20 naddy Exp $ +.\" $NetBSD: newfs_ext2fs.8,v 1.7 2009/12/01 08:47:25 pooka Exp $ +.\" +.\" Copyright (c) 1983, 1987, 1991, 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)newfs.8 8.6 (Berkeley) 5/3/95 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt NEWFS_EXT2FS 8 +.Os +.Sh NAME +.Nm newfs_ext2fs +.Nd construct a new ext2 file system +.Sh SYNOPSIS +.Nm +.Bk -words +.Op Fl FINqZ +.Op Fl b Ar block-size +.Op Fl D Ar inodesize +.Op Fl f Ar frag-size +.Op Fl i Ar bytes-per-inode +.Op Fl m Ar free-space +.Op Fl n Ar inodes +.Op Fl O Ar filesystem-format +.Op Fl S Ar sector-size +.Op Fl s Ar size +.Op Fl V Ar verbose +.Op Fl v Ar volname +.Ar special +.Ek +.Sh DESCRIPTION +.Nm +is used to initialize and clear ext2 file systems before first use. +Before running +.Nm , +the disk must be labeled using +.Xr disklabel 8 . +.Nm +builds a file system on the specified +.Ar special +device, +basing its defaults on the information in the disk label. +Typically the defaults are reasonable, although +.Nm +has numerous options to allow the defaults to be selectively overridden. +.Pp +The +.Ar special +file should be a raw device, +for example +.Pa /dev/rsd0a ; +if a relative path like +.Pa sd0a +is specified, +the corresponding raw device is used. +.Pp +Options with numeric arguments may contain an optional (case-insensitive) +suffix: +.Pp +.Bl -tag -width 3n -offset indent -compact +.It b +Bytes; causes no modification. +(Default) +.It k +Kilo; multiply the argument by 1024. +.It m +Mega; multiply the argument by 1048576. +.It g +Giga; multiply the argument by 1073741824. +.El +.Pp +The following options define the general layout policies. +.Bl -tag -width Ds +.It Fl b Ar block-size +The block size of the file system, in bytes. +It must be a power of two. +The smallest allowable size is 1024 bytes. +The default size depends upon the size of the file system: +.Pp +.Bl -tag -width "file system size" -compact -offset indent +.It Sy "file system size" +.Ar block-size +.It \*(Lt= 512 MB +1 KB +.It \*(Gt 512 MB +4 KB +.El +.It Fl D Ar inodesize +Set the inode size. +Defaults to 128, and can also be set to 256 for +compatibility with ext4. +.It Fl F +Create a file system image in +.Ar special . +The file system size needs to be specified with +.Dq Fl s Ar size . +No attempts to use or update the disk label will be made. +.It Fl f Ar frag-size +The fragment size of the file system in bytes. +It must be the same as the blocksize, +because the current ext2fs +implementation doesn't support fragmentation. +.It Fl I +Do not require that the file system type listed in the disk label is +.Ql ext2fs . +.It Fl i Ar bytes-per-inode +This specifies the density of inodes in the file system. +If fewer inodes are desired, a larger number should be used; +to create more inodes a smaller number should be given. +.It Fl m Ar free-space +The percentage of space reserved from normal users; the minimum free +space threshold. +The default value used is 5%. +.It Fl N +Causes the file system parameters to be printed out +without really creating the file system. +.It Fl n Ar inodes +This specifies the number of inodes for the file system. +If both +.Fl i +and +.Fl n +are specified then +.Fl n +takes precedence. +The default number of inodes is calculated from a number of blocks in +the file system. +.It Fl O Ar filesystem-format +Select the filesystem-format. +.Pp +.Bl -tag -width 3n -offset indent -compact +.It 0 +.Ql GOOD_OLD_REV ; +this option is primarily used to build root file systems that can be +understood by old or dumb firmware for bootstrap. +(default) +.It 1 +.Ql DYNAMIC_REV ; +various extended (and sometimes incompatible) features are enabled +(though not all features are supported on +.Ox ) . +Currently only the following features are supported: +.Pp +.Bl -tag -width "SPARSESUPER" -offset indent -compact +.It RESIZE +Prepare some reserved structures which enable future file system resizing. +.It FTYPE +Store file types in directory entries to improve performance. +.It SPARSESUPER +Prepare superblock backups for the +.Xr fsck_ext2fs 8 +utility on not all but sparse block groups. +.It LARGEFILE +Enable files larger than 2G bytes. +.El +.El +.It Fl q +Operate in quiet mode. +Equivalent to +.Fl V Ar 1 . +.It Fl s Ar size +The size of the file system in sectors. +An +.Sq s +suffix will be interpreted as the number of sectors (the default). +All other suffixes are interpreted as per other numeric arguments, +except that the number is converted into sectors by dividing by the +sector size (as specified by +.Fl S Ar secsize ) +after suffix interpretation. +.Pp +If no +.Fl s Ar size +is specified then the filesystem size defaults to that of the partition or, +if +.Fl F +is specified, the existing file. +.Pp +If +.Ar size +is negative, the specified size is subtracted from the default size +(reserving space at the end of the partition). +.It Fl V Ar verbose +This controls the amount of information written to stdout: +.Pp +.Bl -tag -width 3n -offset indent -compact +.It 0 +No output. +.It 1 +Overall size and cylinder group details. +.It 2 +A progress bar (dots ending at right hand margin). +.It 3 +The first few super-block backup sector numbers are displayed before the +progress bar. +.It 4 +All the super-block backup sector numbers are displayed (no progress bar). +.El +.Pp +The default is 4. +If +.Fl N +is specified, +.Nm +stops before outputting the progress bar. +.It Fl v Ar volname +This specifies a volume name for the file system. +.It Fl Z +Pre-zeros the file system image created with +.Fl F . +This is necessary if the image is to be used by +.Xr vnd 4 +(which doesn't support file systems with +.Sq holes ) . +.El +.Pp +The following option overrides the standard sizes for the disk geometry. +The default value is taken from the disk label. +Changing this default is useful only when using +.Nm +to build a file system whose raw image will eventually be used on a +different type of disk than the one on which it is initially created +(for example on a write-once disk). +Note that changing this value from its default will make it impossible for +.Xr fsck_ext2fs 8 +to find the alternative superblocks if the standard superblock is lost. +.Bl -tag -width Ds +.It Fl S Ar sector-size +The size of a sector in bytes (almost never anything but 512). +Defaults to 512. +.El +.Sh NOTES +There is no option to specify the metadata byte order on the file system +to be created because the native ext2 file system is always little endian +even on big endian hosts. +.Pp +The file system is created with +.Sq random +inode generation numbers to improve NFS security. +.Pp +The owner and group IDs of the root node and reserved blocks of the new +file system are set to the effective UID and GID of the user initializing +the file system. +.Pp +For the +.Nm +command to succeed, +the disk label should first be updated such that the fstype field for the +partition is set to +.Ql ext2fs , +unless +.Fl F +or +.Fl I +is used. +.Pp +The partition size is found using +.Xr fstat 2 , +not by inspecting the disk label. +The block size and fragment size will be written back to the disk label +only if the last character of +.Ar special +references the same partition as the minor device number. +.Sh SEE ALSO +.Xr fstat 2 , +.Xr disklabel 5 , +.Xr disktab 5 , +.Xr fs 5 , +.Xr disklabel 8 , +.\" .Xr dumpfs 8 , +.Xr fsck_ext2fs 8 , +.Xr mount 8 , +.Xr mount_ext2fs 8 , +.Xr newfs 8 +.Rs +.%A Remy Card +.%A Theodore Ts'o +.%A Stephen Tweedie +.%T "Design and Implementation of the Second Extended Filesystem" +.%J "The Proceedings of the First Dutch International Symposium on Linux" +.%U http://e2fsprogs.sourceforge.net/ext2intro.html +.Re +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 4.7 . +.Sh AUTHORS +The +.Nm +command was written by +.An Izumi Tsutsui +.Aq Mt tsutsui@NetBSD.org . +.Sh BUGS +The +.Nm +command is still experimental and there are few sanity checks. +.Pp +The +.Nm +command doesn't have options to specify each REV1 file system feature +independently. +.Pp +The +.Nm +command doesn't support the bad block list accounted by the bad blocks inode. +.Pp +Many newer ext2 file system features (especially journaling) are +not supported yet. +.Pp +Some features in file systems created by the +.Nm +command might not be recognized properly by the +.Xr fsck_ext2fs 8 +utility. +.Pp +There is no native tool in the +.Ox +distribution for resizing ext2 file systems yet. diff --git a/static/openbsd/man8/newfs_msdos.8 b/static/openbsd/man8/newfs_msdos.8 new file mode 100644 index 00000000..8419e821 --- /dev/null +++ b/static/openbsd/man8/newfs_msdos.8 @@ -0,0 +1,194 @@ +.\" $OpenBSD: newfs_msdos.8,v 1.25 2014/07/10 19:31:07 tobias Exp $ +.\" +.\" Copyright (c) 1998 Robert Nordier +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +.\" IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +.\" IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD: src/sbin/newfs_msdos/newfs_msdos.8,v 1.6 1999/08/28 00:13:52 peter Exp $ +.\" +.Dd $Mdocdate: July 10 2014 $ +.Dt NEWFS_MSDOS 8 +.Os +.Sh NAME +.Nm newfs_msdos +.Nd construct a new MS-DOS (FAT) file system +.Sh SYNOPSIS +.Nm newfs_msdos +.Bk -words +.Op Fl N +.Op Fl a Ar FAT-size +.Op Fl B Ar boot +.Op Fl b Ar block-size +.Op Fl c Ar cluster-size +.Op Fl e Ar dirents +.Op Fl F Ar FAT-type +.Op Fl f Ar format +.Op Fl h Ar heads +.Op Fl I Ar volid +.Op Fl i Ar info +.Op Fl k Ar backup +.Op Fl L Ar label +.Op Fl m Ar media +.Op Fl n Ar FATs +.Op Fl O Ar OEM +.Op Fl o Ar hidden +.Op Fl r Ar reserved +.Op Fl S Ar sector-size +.Op Fl s Ar total +.Op Fl u Ar track-size +.Ar special +.Op Ar disktype +.Ek +.Sh DESCRIPTION +The +.Nm +utility creates a FAT12, FAT16, or FAT32 file system on device +.Ar special , +using +.Xr disktab 5 +entry +.Ar disktype +to determine geometry, if required. +.Pp +The +.Ar special +file should be a raw device, +for example +.Pa /dev/rsd0i ; +if a relative path like +.Pa sd0i +is specified, +the corresponding raw device is used. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a Ar FAT-size +Number of sectors per FAT. +.It Fl B Ar boot +Get bootstrap from file. +.It Fl b Ar block-size +File system block size (bytes per cluster). +This should resolve to an acceptable number of sectors per cluster (see below). +.It Fl c Ar cluster-size +Sectors per cluster. +Acceptable values are powers of 2 in the range 1 through 128. +.It Fl e Ar dirents +Number of root directory entries (FAT12 and FAT16 only). +.It Fl F Ar FAT-type +FAT type (one of 12, 16, or 32). +.It Fl f Ar format +Specify a standard (floppy disk) format. +The eight standard formats +are (capacities in kilobytes): 160, 180, 320, 360, 720, 1200, 1440, +2880. +.It Fl h Ar heads +Number of drive heads. +.It Fl I Ar volid +Volume ID. +.It Fl i Ar info +Location of the file system info sector (FAT32 only). +A value of 0xffff signifies no info sector. +.It Fl k Ar backup +Location of the backup boot sector (FAT32 only). +A value of 0xffff signifies no backup sector. +.It Fl L Ar label +Volume label (up to 11 characters). +The label should consist of +only those characters permitted in regular DOS (8+3) filenames. +.It Fl m Ar media +Media descriptor (acceptable range 0xf0 to 0xff). +.It Fl N +Don't create a file system: just print out parameters. +.It Fl n Ar FATs +Number of FATs. +Acceptable values are 1 to 16 inclusive. +The default is 2. +.It Fl O Ar OEM +OEM string (up to 8 characters). +The default is +"BSD 4.4". +.It Fl o Ar hidden +Number of hidden sectors. +.It Fl r Ar reserved +Number of reserved sectors. +.It Fl S Ar sector-size +Number of bytes per sector. +Acceptable values are powers of 2 in the range 512 through 32768. +.It Fl s Ar total +File system size. +.It Fl u Ar track-size +Number of sectors per track. +.El +.Sh NOTES +FAT file system parameters occupy a "Boot Sector BPB (BIOS Parameter +Block)" in the first of the "reserved" sectors which precede the actual +file system. +For reference purposes, this structure is presented below. +.Bd -literal +struct bsbpb { + u_int16_t bps; /* [-S] bytes per sector */ + u_int8_t spc; /* [-c] sectors per cluster */ + u_int16_t res; /* [-r] reserved sectors */ + u_int8_t nft; /* [-n] number of FATs */ + u_int16_t rde; /* [-e] root directory entries */ + u_int16_t sec; /* [-s] total sectors */ + u_int8_t mid; /* [-m] media descriptor */ + u_int16_t spf; /* [-a] sectors per FAT */ + u_int16_t spt; /* [-u] sectors per track */ + u_int16_t hds; /* [-h] drive heads */ + u_int32_t hid; /* [-o] hidden sectors */ + u_int32_t bsec; /* [-s] big total sectors */ +}; + +/* FAT32 extensions */ +struct bsxbpb { + u_int32_t bspf; /* [-a] big sectors per FAT */ + u_int16_t xflg; /* control flags */ + u_int16_t vers; /* file system version */ + u_int32_t rdcl; /* root directory start cluster */ + u_int16_t infs; /* [-i] file system info sector */ + u_int16_t bkbs; /* [-k] backup boot sector */ +}; +.Ed +.Sh EXAMPLES +Create a file system, using default parameters, on /dev/rwd0i. +.Dl newfs_msdos /dev/rwd0i +.Pp +Create a standard 1.44M file system, with volume label "foo", on +/dev/rfd0c. +.Dl newfs_msdos -f 1440 -L foo fd0c +.Sh DIAGNOSTICS +Exit status is 0 on success and 1 on error. +.Sh SEE ALSO +.Xr disktab 5 , +.Xr disklabel 8 , +.Xr fdisk 8 , +.Xr newfs 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 2.1 . +.Sh AUTHORS +.An Robert Nordier Aq Mt rnordier@FreeBSD.org . diff --git a/static/openbsd/man8/newsyslog.8 b/static/openbsd/man8/newsyslog.8 new file mode 100644 index 00000000..391c7c3d --- /dev/null +++ b/static/openbsd/man8/newsyslog.8 @@ -0,0 +1,451 @@ +.\" $OpenBSD: newsyslog.8,v 1.56 2024/10/30 09:16:24 jan Exp $ +.\" +.\" Copyright (c) 1997, Jason Downs. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" This file contains changes from the Open Software Foundation. +.\" +.\" from: @(#)newsyslog.8 +.\" +.\" Copyright 1988, 1989 by the Massachusetts Institute of Technology +.\" +.\" Permission to use, copy, modify, and distribute this software +.\" and its documentation for any purpose and without fee is +.\" hereby granted, provided that the above copyright notice +.\" appear in all copies and that both that copyright notice and +.\" this permission notice appear in supporting documentation, +.\" and that the names of M.I.T. and the M.I.T. S.I.P.B. not be +.\" used in advertising or publicity pertaining to distribution +.\" of the software without specific, written prior permission. +.\" M.I.T. and the M.I.T. S.I.P.B. make no representations about +.\" the suitability of this software for any purpose. It is +.\" provided "as is" without express or implied warranty. +.\" +.Dd $Mdocdate: October 30 2024 $ +.Dt NEWSYSLOG 8 +.Os +.Sh NAME +.Nm newsyslog , +.Nm newsyslog.conf +.Nd rotate log files +.Sh SYNOPSIS +.Nm newsyslog +.Op Fl Fmnrv +.Op Fl a Ar directory +.Op Fl f Ar config_file +.Op Ar log ... +.Sh DESCRIPTION +The +.Nm +utility rotates log files when they exceed a configurable size or age. +The +.Ar log +file is renamed to +.Pa log.0 +and an empty file is created in its place. +An archive of older logs may be kept: +in order of increasing age, these files are named +.Pa log.1 , +.Pa log.2 , +and so on. +When their number exceeds a given limit, the oldest is removed. +The archived logs may also be compressed. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a Ar directory +Specify a +.Ar directory +into which archived log files will be written. +If +.Ar directory +is a relative path, it is appended to the parent directory +of each log and the archived log is stored in the result. +If an absolute path is given, all archived logs are stored in the given +.Ar directory . +If +.Ar directory +does not exist for a specified log, it is ignored for that entry and +the log is rotated as if the +.Fl a +option was not specified. +.It Fl F +Force +.Nm +to trim logs regardless of the size and/or age requirements specified in +.Pa /etc/newsyslog.conf . +This option may be combined with the +.Fl n +or +.Fl v +flags to aid in debugging problems with +.Pa /etc/newsyslog.conf . +.It Fl f Ar config_file +Use +.Ar config_file +instead of +.Pa /etc/newsyslog.conf +for the configuration file. +.It Fl m +Monitoring mode; only entries marked with an +.Sq M +in flags are processed. +For each log file being monitored, any log output since the last time +.Nm +was run with the +.Fl m +flag is mailed to the user listed in the monitor notification section. +.It Fl n +Do not trim the logs, but instead print out what would be done if this option +were not specified. +.It Fl r +Removes the restriction that +.Nm +must be running as root. +Note that in this mode +.Nm +will not be able to send a +.Dv SIGHUP +signal to +.Xr syslogd 8 . +.It Fl v +Place +.Nm newsyslog +in verbose mode. +In this mode it will print out each log and its +reasons for either trimming that log or skipping it. +.El +.Pp +In the default system configuration, +.Nm +is run by +.Xr cron 8 , +but it may also be run manually. +If one or more +.Ar log +files are specified on the command line, only the specified files are +rotated. +Note that each +.Ar log +specified must have an entry in +.Pa /etc/newsyslog.conf . +.Pp +A log can be archived because of two reasons: +The log file can have +grown bigger than a preset size in kilobytes, or a preset number of +hours may have elapsed since the last log archive. +The granularity of +.Nm +is dependent on how often it is scheduled to run in +.Xr cron 8 . +Since the program is quite fast, it may be scheduled to run every hour +without any ill effects. +.Pp +When starting up, +.Nm +reads in a configuration file to determine which logs should be looked +at. +By default, this configuration file is +.Pa /etc/newsyslog.conf . +Each line of the file contains information about a particular log file +that should be handled by +.Nm newsyslog . +Each line has five mandatory fields and up to three optional fields, with +whitespace separating each field. +Blank lines or lines beginning with a hash mark +.Pq Ql # +are ignored. +The fields of the configuration file are as +follows: +.Bl -tag -width XXXXXXXXXXXXXXXX +.It Ar logfile_name +The full pathname of the system log file to be archived. +.It Ar owner:group +This optional field specifies the owner and group for the archive file. +The +.Ql \&: +is essential, even if the +.Ar owner +or +.Ar group +field is left blank. +The fields may be numeric, or a name which is looked up +in the system password and group databases. +For backwards compatibility, a +.Ql \&. +may be used instead of a +.Ql \&: . +If either +.Ar owner +or +.Ar group +is not specified, the owner and/or group of the existing log file is used. +.It Ar mode +File mode (in octal) to use for created log files and archives. +.It Ar count +The number of archives to be kept besides the log file itself. +.It Ar size +When the size of the log file (in kilobytes) reaches this point, the log +file is trimmed as described above. +If this field is replaced by an +.Ql * , +or set to +.Ql 0 , +then the size of +the log file is not taken into account when determining when to trim the +log file. +By default, files smaller than 256 bytes are not rotated unless the +.Sq B +(binary) flag is set or the +.Fl F +option is specified. +This prevents +.Nm +from rotating files consisting solely of a message indicating +that the log file has been turned over. +.It Ar when +The +.Ar when +field can consist of an interval, a specific time, or both. +If the +.Ar when +field consists of an asterisk +.Pq Ql \&* , +log rotation will depend only on the contents of the +.Ar size +field. +Otherwise, the +.Ar when +field consists of an optional interval in hours, possibly followed +by an +.So Li \&@ Sc Ns -sign +and a time in a restricted +.St -iso8601 +format or by a +.So Li \&$ Sc Ns -sign +and a time specification for logfile rotation at a fixed time once +per day, per week or per month. +.Pp +If a time is specified, the log file will only be trimmed if +.Nm +is run within one hour of the specified time. +If an interval is specified, the log file will be trimmed if that +many hours have passed since the last rotation. +When both a time and an interval are specified, both conditions +must be satisfied for the rotation to take place. +If the +.Ar size +field is set and not +.Ql * +or +.Ql 0 , +the file will be rotated either if the size is +exceeded or the specified time or interval is reached. +.Pp +There is no provision for the specification of a time zone. +There is little point in specifying an explicit minutes or seconds +component in the current implementation, since the only comparison is +.Sq within the hour . +.Pp +.Sy ISO 8601 restricted time format: +The lead-in character for a restricted +.St -iso8601 +time is an +.So Li \&@ Sc Ns -sign . +The particular format of the time in restricted +.St -iso8601 +is: +.Sm off +.Oo Oo Oo Oo Oo +.Va \&cc Oc +.Va \&yy Oc +.Va \&mm Oc +.Va \&dd Oc +.Oo Va \&T +.Oo Va \&HH +.Oo Va \&MM +.Oo Va \&SS +.Oc Oc Oc Oc Oc . +.Sm on +Optional date fields default to the appropriate component of the +current date; optional time fields default to midnight. +For example, if today is January 22, 1999, the following date specifications +are all equivalent: +.Pp +.Bl -item -compact -offset indent +.It +.Ql 19990122T000000 +.It +.Ql 990122T000000 +.It +.Ql 0122T000000 +.It +.Ql 22T000000 +.It +.Ql T000000 +.It +.Ql T0000 +.It +.Ql T00 +.It +.Ql 22T +.It +.Ql \&T +.It +.Ql \& +.El +.Pp +.Sy Day, week and month time format: +The lead-in character for day, week and month specification is a +dollar sign +.Pq $ . +The particular format of day, week and month specification is: +.Op Li D Ns Ar HH , +.Op Li W Ns Ar w Ns Op Li D Ns Ar HH , +and +.Op Li M Ns Ar dd Ns Op Li D Ns Ar HH , +respectively. +Optional time fields default to midnight. +The ranges for day and hour specifications are: +.Pp +.Bl -tag -width Ds -compact -offset indent +.It Ar HH +hours, range 0 ... 23 +.It Ar w +day of week, range 0 ... 6, 0 = Sunday +.It Ar dd +day of month, range 1 ... 31, or the letter +.Em L +or +.Em l +to specify the last day of the month. +.El +.Pp +.Sy Some examples: +.Bl -tag -width Ds -compact -offset indent +.It Li $D0 +rotate every night at midnight +(same as +.Li @T00 ) +.It Li $D23 +rotate every day at 23:00 hr +(same as +.Li @T23 ) +.It Li $W0D23 +rotate every week on Sunday at 23:00 hr +.It Li $W5D16 +rotate every week on Friday at 16:00 hr +.It Li $M1D0 +rotate on the first day of every month at midnight +(i.e., the start of the day; same as +.Li @01T00 ) +.It Li $M5D6 +rotate on every 5th day of the month at 6:00 hr +(same as +.Li @05T06 ) +.El +.It Ar flags +The optional +.Ar flags +field specifies if the archives should have any special processing +done to the archived log files. +The +.Sq Z +flag will make the archive +files compressed to save space using +.Xr gzip 1 +or +.Xr compress 1 , +depending on compilation options. +The +.Sq B +flag means that the file is a +binary file, and so the ASCII message which +.Nm +inserts to indicate the fact that the logs have been turned over +should not be included. +The +.Sq M +flag marks this entry as a monitored +log file. +The +.Sq F +flag specifies that symbolic links should be followed. +.It Ar monitor +Specify the username (or email address) that should receive notification +messages if this is a monitored log file. +Notification messages are sent as email; the operator +deserves what they get if they mark the mail +log file as monitored. +This field is only valid when the +.Sq M +flag is set. +.It Ar pid_file +This optional field specifies a file containing the PID of a process to send a +signal (usually +.Dv SIGHUP ) +to instead of +.Pa /var/run/syslog.pid . +.It Ar signal +This optional field specifies the signal to send to the process instead of +.Dv SIGHUP . +Signal names +must start with +.Dq SIG +and be the signal name, not the number, e.g., +.Dv SIGUSR1 . +.It Ar command +This optional field specifies a command to run instead of sending a signal +to the process. +The command must be enclosed in double quotes +.Pq Ql \&" . +The empty string, +.Ql \&"\&" , +can be used to prevent +.Nm +from sending a signal or running a command. +You cannot specify both a command and a PID file. +.Em NOTE: +If you specify a command to be run, +.Nm +will not send a +.Dv SIGHUP to +.Xr syslogd 8 . +.El +.Sh FILES +.Bl -tag -width /etc/newsyslog.conf +.It Pa /etc/newsyslog.conf +default configuration file +.El +.Sh EXIT STATUS +.Ex -std +.Sh SEE ALSO +.Xr compress 1 , +.Xr gzip 1 , +.Xr syslog 3 , +.Xr syslogd 8 +.Sh AUTHORS +.An Theodore Ts'o , +MIT Project Athena +.br +Copyright 1987, Massachusetts Institute of Technology diff --git a/static/openbsd/man8/nfsd.8 b/static/openbsd/man8/nfsd.8 new file mode 100644 index 00000000..a3cc95a9 --- /dev/null +++ b/static/openbsd/man8/nfsd.8 @@ -0,0 +1,95 @@ +.\" $OpenBSD: nfsd.8,v 1.20 2022/07/30 07:19:30 jsg Exp $ +.\" $NetBSD: nfsd.8,v 1.7 1996/02/18 11:58:24 fvdl Exp $ +.\" +.\" Copyright (c) 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)nfsd.8 8.4 (Berkeley) 3/29/95 +.\" +.Dd $Mdocdate: July 30 2022 $ +.Dt NFSD 8 +.Os +.Sh NAME +.Nm nfsd +.Nd remote NFS server +.Sh SYNOPSIS +.Nm nfsd +.Op Fl rtu +.Op Fl n Ar num_servers +.Sh DESCRIPTION +.Nm +runs on a server machine to service NFS +requests from client machines. +At least one +.Nm +must be running for a machine to operate as a server. +.Pp +Unless otherwise specified, four servers for UDP +transport are started. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl n Ar num_servers +Specifies how many servers to create (max 20). +.It Fl r +Register the NFS service with +.Xr portmap 8 +without creating any servers. +This option can be used along with the +.Fl u +or +.Fl t +options to re-register NFS if the portmap server is restarted. +.It Fl t +Serve TCP NFS clients. +.It Fl u +Serve UDP NFS clients. +.El +.Pp +For example, +.Dq Li "nfsd -u -t -n 6" +serves UDP and TCP transports using six daemons. +.Pp +A server should run enough daemons to handle +the maximum level of concurrency from its clients, +typically four to six. +.Pp +.Nm +listens for service requests at the port indicated in the NFS +server specification; see RFCs 1094 and 1813. +.Sh EXIT STATUS +.Ex -std nfsd +.Sh SEE ALSO +.Xr nfsstat 1 , +.Xr nfssvc 2 , +.Xr mountd 8 , +.Xr portmap 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.3 Reno . diff --git a/static/openbsd/man8/nologin.8 b/static/openbsd/man8/nologin.8 new file mode 100644 index 00000000..efd61531 --- /dev/null +++ b/static/openbsd/man8/nologin.8 @@ -0,0 +1,59 @@ +.\" $OpenBSD: nologin.8,v 1.10 2007/05/31 19:19:46 jmc Exp $ +.\" $NetBSD: nologin.8,v 1.3 1995/03/18 14:59:09 cgd Exp $ +.\" +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)nologin.8 8.1 (Berkeley) 6/19/93 +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt NOLOGIN 8 +.Os +.Sh NAME +.Nm nologin +.Nd politely refuse a login +.Sh SYNOPSIS +.Nm nologin +.Sh DESCRIPTION +.Nm +displays a message that an account is not available and +exits non-zero. +It is intended as a replacement shell field for accounts that +have been disabled. +.Pp +If the file +.Pa /etc/nologin.txt +exists, +.Nm +displays its contents to the user instead of the default message. +.Sh SEE ALSO +.Xr login 1 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.4 . diff --git a/static/openbsd/man8/npppctl.8 b/static/openbsd/man8/npppctl.8 new file mode 100644 index 00000000..a123e25b --- /dev/null +++ b/static/openbsd/man8/npppctl.8 @@ -0,0 +1,126 @@ +.\" $OpenBSD: npppctl.8,v 1.6 2014/04/04 02:49:46 schwarze Exp $ +.\" +.\" Copyright (c) 2012 Internet Initiative Japan Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 4 2014 $ +.Dt NPPPCTL 8 +.Os +.Sh NAME +.Nm npppctl +.Nd control npppd +.Sh SYNOPSIS +.Nm +.Op Fl n +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +utility controls +the +.Xr npppd 8 +daemon. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl n +Show IP addresses instead of their hostnames. +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/npppd.sock +to communicate with +.Xr npppd 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm clear all | Ar filter ... +Disconnect PPP sessions. +If +.Ar filter +is specified, only matching PPP sessions are disconnected. +If +.Cm all +is specified, all PPP sessions are disconnected. +See +.Cm session all +for the types of +.Ar filter . +.It Cm monitor all | Ar filter ... +Monitor start and stop of PPP sessions. +If +.Ar filter +is specified, only matching PPP sessions are monitored. +If +.Cm all +is specified, all PPP sessions are monitored. +See +.Cm session all +for the types of +.Ar filter . +.It Cm session all Op Ar filter ... +Show detailed information for PPP sessions. +If +.Ar filter +is specified, only matching PPP sessions are shown; +otherwise all PPP sessions are shown. +The following filters are available: +.Bl -tag -width Ds +.It Cm address Ar ip_address +Show or clear PPP sessions whose IP address match +.Ar ip_address . +.It Cm interface Ar interface_name +Show or clear PPP sessions that use the interface specified by +.Ar interface_name . +.It Cm ppp-id Ar id +Show or clear PPP sessions whose Ppp-Id match +.Ar id . +.It Cm protocol Ar protocol +Show or clear PPP sessions that use the tunneling protocol specified by +.Ar protocol . +.It Cm realm Ar realm_name +Show or clear PPP sessions whose realm match the specified +.Ar realm_name . +.It Cm username Ar username +Show or clear PPP sessions whose username match +.Ar username . +.El +.It Cm session brief +Show brief information for all PPP sessions. +.It Cm session packets +Show I/O statistics for all PPP sessions. +.El +.\" .Sh ENVIRONMENT +.\" .Sh FILES +.\" .Sh EXAMPLES +.\" .Sh DIAGNOSTICS +.\" .Sh SEE ALSO +.\" .Xr npppd 8 +.\" .Sh STANDARDS +.Sh HISTORY +The +.Nm +program first appeared in +.Ox +5.3. +.Sh AUTHORS +The +.Nm +program was written by Internet Initiative Japan Inc. +.\" .Sh CAVEATS +.\" .Sh BUGS diff --git a/static/openbsd/man8/npppd.8 b/static/openbsd/man8/npppd.8 new file mode 100644 index 00000000..ca4ccff0 --- /dev/null +++ b/static/openbsd/man8/npppd.8 @@ -0,0 +1,100 @@ +.\" $OpenBSD: npppd.8,v 1.8 2023/03/02 17:09:54 jmc Exp $ +.\" +.\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" The following requests are required for all man pages. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt NPPPD 8 +.Os +.Sh NAME +.Nm npppd +.Nd new Point-to-Point Protocol (PPP) daemon +.Sh SYNOPSIS +.Nm npppd +.Op Fl dn +.Op Fl f Ar config_file +.Sh DESCRIPTION +.Nm +is a Point-to-Point Protocol (PPP) and tunneling daemon +capable of L2TP, PPTP, and PPPoE. +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar config_file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.El +.Pp +Normally +.Nm +works with +.Xr pipex 4 +to accelerate IP packet forwarding, but +.Xr pipex 4 +is disabled by default. +To enable it, set +.Va net.pipex.enable +to +.Sq 1 +using +.Xr sysctl 8 . +.Pp +When +.Nm +uses PPTP, +the host system should allow GRE packets, but they are disabled by default. +To enable GRE, set +.Va net.inet.gre.allow +to +.Sq 1 +using +.Xr sysctl 8 . +.Sh FILES +.Bl -tag -width "/etc/npppd/npppd.confXXX" -compact +.It Pa /etc/npppd/npppd.conf +Default +.Nm +configuration file. +.El +.Sh SEE ALSO +.Xr gre 4 , +.Xr pipex 4 , +.Xr pppx 4 , +.Xr npppd.conf 5 , +.Xr npppctl 8 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox +5.3. +.Sh AUTHORS +The +.Nm +program was written by Internet Initiative Japan Inc. +.Sh BUGS +If +.Ic l2tp-require-ipsec +is set to +.Dq yes +with an L2TP tunnel, +all incoming L2TP/IPsec packets are dropped. diff --git a/static/openbsd/man8/ntpctl.8 b/static/openbsd/man8/ntpctl.8 new file mode 100644 index 00000000..ff1e4872 --- /dev/null +++ b/static/openbsd/man8/ntpctl.8 @@ -0,0 +1,79 @@ +.\" $OpenBSD: ntpctl.8,v 1.9 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2012 Mike Miller <mmiller@mgm51.com> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN +.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt NTPCTL 8 +.Os +.Sh NAME +.Nm ntpctl +.Nd control the NTP daemon +.Sh SYNOPSIS +.Nm ntpctl +.Fl s Cm all | peers | Sensors | status +.Sh DESCRIPTION +The +.Nm +program displays information about the running +.Xr ntpd 8 +daemon. +.Pp +The options are as follows: +.Bl -tag -width "-s modifierX" +.It Fl s Cm all | peers | Sensors | status +Used to display information about the running daemon. +Keywords may be abbreviated. +.Pp +.Cm all +shows all data available. +.Pp +.Cm peers +shows the following information about each peer: weight, trustlevel, +stratum, number of seconds until the next poll, polling interval +in seconds, and offset, network delay and network jitter in milliseconds. +When the system clock is synced to a peer, an asterisk +is displayed to the left of the weight column for that peer. +.Pp +.Cm Sensors +shows the following information about each sensor: weight, sensor "good" +status, stratum, and offset and the configured correction in +milliseconds. +When the system clock is synced to a sensor, an asterisk +is displayed to the left of the weight column for that sensor. +.Pp +.Cm status +shows the status of peers and sensors, and whether the system clock is synced. +When the system clock is synced, the stratum is displayed. +When the system clock is not synced, the offset of the system clock, +as reported by the +.Xr adjtime 2 +system call, is displayed. +When the median constraint is set, the offset to the local time is displayed. +.El +.Sh FILES +.Bl -tag -width "/var/run/ntpd.sockXXX" -compact +.It Pa /var/run/ntpd.sock +Socket file for communication with +.Xr ntpd 8 . +.El +.Sh SEE ALSO +.Xr adjtime 2 , +.Xr ntpd.conf 5 , +.Xr ntpd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 5.5 . diff --git a/static/openbsd/man8/ntpd.8 b/static/openbsd/man8/ntpd.8 new file mode 100644 index 00000000..6e7f515a --- /dev/null +++ b/static/openbsd/man8/ntpd.8 @@ -0,0 +1,159 @@ +.\" $OpenBSD: ntpd.8,v 1.49 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2003, 2004, 2006 Henning Brauer <henning@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN +.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt NTPD 8 +.Os +.Sh NAME +.Nm ntpd +.Nd Network Time Protocol (NTP) daemon +.Sh SYNOPSIS +.Nm ntpd +.Bk -words +.Op Fl dnv +.Op Fl f Ar file +.Ek +.Sh DESCRIPTION +The +.Nm +daemon synchronizes the local clock to one or more remote NTP servers +or local timedelta sensors. +.Nm +can also act as an NTP server itself, +redistributing the local time. +It implements the Simple Network Time Protocol version 4, +as described in RFC 5905, +and the Network Time Protocol version 3, +as described in RFC 1305. +Time can also be fetched from TLS HTTPS servers to reduce the +impact of unauthenticated NTP +man-in-the-middle attacks. +.Pp +The options are as follows: +.Bl -tag -width "-f fileXXX" +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Use +.Ar file +as the configuration file, +instead of the default +.Pa /etc/ntpd.conf . +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +This option allows +.Nm +to send DEBUG priority messages to syslog. +.El +.Pp +.Nm +uses the +.Xr adjtime 2 +system call to correct the local system time without causing time jumps. +Adjustments of 32ms and greater are logged using +.Xr syslog 3 . +The threshold value is chosen to avoid having local clock drift +thrash the log files. +Should +.Nm +be started with the +.Fl d +or +.Fl v +option, all calls to +.Xr adjtime 2 +will be logged. +.Pp +At boot, +.Nm +will stay for a maximum of 15 seconds in the foreground and make efforts to +verify and correct the time if constraints are configured and +satisfied or if trusted servers or sensors return results, +and if the clock is not being moved backwards. +.Pp +After the local clock is synchronized, +.Nm +adjusts the clock frequency using the +.Xr adjfreq 2 +system call to compensate for systematic drift. +.Pp +.Nm +is started at boot time by default via +.Va ntpd_flags +in +.Pa /etc/rc.conf . +See +.Xr rc 8 +and +.Xr rc.conf 8 +for more information on the boot process +and enabling daemons. +.Pp +When +.Nm +starts up, it reads settings from its configuration file, +typically +.Xr ntpd.conf 5 , +and its initial clock drift from +.Pa /var/db/ntpd.drift . +Clock drift is periodically written to the drift file thereafter. +.Sh FILES +.Bl -tag -width "/var/db/ntpd.driftXXX" -compact +.It Pa /etc/ntpd.conf +Default configuration file. +.It Pa /var/db/ntpd.drift +Drift file. +.It Pa /var/run/ntpd.sock +Socket file for communication with +.Xr ntpctl 8 . +.El +.Sh SEE ALSO +.Xr date 1 , +.Xr adjfreq 2 , +.Xr adjtime 2 , +.Xr ntpd.conf 5 , +.Xr ntpctl 8 , +.Xr rc 8 , +.Xr rc.conf 8 , +.Xr rdate 8 +.Sh STANDARDS +.Rs +.%A David L. Mills +.%D March 1992 +.%R RFC 1305 +.%T Network Time Protocol (Version 3): Specification, Implementation and Analysis +.Re +.Pp +.Rs +.%A David L. Mills +.%A Jim Martin +.%A Jack Burbank +.%A William Kasch +.%D June 2010 +.%R RFC 5905 +.%T Network Time Protocol Version 4: Protocol and Algorithms Specification +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.6 . diff --git a/static/openbsd/man8/ocspcheck.8 b/static/openbsd/man8/ocspcheck.8 new file mode 100644 index 00000000..19f55fb8 --- /dev/null +++ b/static/openbsd/man8/ocspcheck.8 @@ -0,0 +1,111 @@ +.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $ +.\" +.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 29 2017 $ +.Dt OCSPCHECK 8 +.Os +.Sh NAME +.Nm ocspcheck +.Nd check a certificate for validity against its OCSP responder +.Sh SYNOPSIS +.Nm +.Op Fl Nv +.Op Fl C Ar CAfile +.Op Fl i Ar staplefile +.Op Fl o Ar staplefile +.Ar file +.Sh DESCRIPTION +The +.Nm +utility validates a PEM format certificate against the OCSP responder +encoded in the certificate specified by the +.Ar file +argument. +Normally it should be used for checking server certificates +and maintaining saved OCSP responses to be used for OCSP stapling. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C Ar CAfile +Specify a PEM format root certificate bundle to use for the validation of +requests. +By default no certificates are used beyond those in the +certificate chain provided by the +.Ar file +argument. +.It Fl i Ar staplefile +Specify an input filename from which a DER-encoded OCSP response +will be read instead of fetching it from the OCSP server. +A filename +of +.Sq - +will read the response from standard input. +.It Fl N +Do not use a nonce value in the OCSP request, or validate that the +nonce was returned in the OCSP response. +By default a nonce is always used and validated when retrieving +a response from an OCSP server. +The use of this flag is a security risk as it will allow OCSP +responses to be replayed. +It should not be used unless the OCSP server does not support the +use of OCSP nonces. +.It Fl o Ar staplefile +Specify an output filename where the DER encoded response from the +OCSP server will be written, if the OCSP response validates. +A filename +of +.Sq - +will write the response to standard output. +By default the response is not saved. +.It Fl v +Increase verbosity. +This flag may be specified multiple times to get more verbose output. +The default behaviour is to be silent unless something goes wrong. +.El +.Sh EXIT STATUS +The +.Nm +utility exits 0 if the OCSP response validates for the certificate in +.Ar file +and all output is successfully written out. +.Nm +exits >0 if an error occurs or the OCSP response fails to validate. +.Sh SEE ALSO +.Xr nc 1 , +.Xr tls_config_set_ocsp_staple_file 3 , +.Xr tls_config_set_ocsp_staple_mem 3 , +.Xr httpd 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 6.1 . +.Sh AUTHORS +.Nm +was written by +.An Bob Beck . +.Sh CAVEATS +While +.Nm +could possibly be used in scripts to query responders for server +certificates seen on client connections, this is almost always a bad +idea. +God kills a kitten every time you make an OCSP query from the +client side of a TLS connection. +.Sh BUGS +.Nm +will create the output file if it does not exist. +On failure a newly created output file will not be removed. diff --git a/static/openbsd/man8/ospf6ctl.8 b/static/openbsd/man8/ospf6ctl.8 new file mode 100644 index 00000000..f07408f1 --- /dev/null +++ b/static/openbsd/man8/ospf6ctl.8 @@ -0,0 +1,149 @@ +.\" $OpenBSD: ospf6ctl.8,v 1.14 2023/06/21 09:47:03 sthen Exp $ +.\" +.\" Copyright (c) 2004, 2005, 2007 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: June 21 2023 $ +.Dt OSPF6CTL 8 +.Os +.Sh NAME +.Nm ospf6ctl +.Nd control the OSPF for IPv6 routing daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr ospf6d 8 +daemon. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/ospf6d.sock +to communicate with +.Xr ospfd 8 . +.El +.Pp +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm s s +for +.Cm show summary . +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm fib couple +Insert the learned routes into the Forwarding Information Base (FIB), +a.k.a. the kernel routing table. +.It Cm fib decouple +Remove the learned routes from the FIB. +Decoupling the FIB from an OSPF router may create routing loops and could cause +major routing issues in the complete OSPF cloud. +Only routers with just one link to the OSPF cloud can safely decouple the FIB. +.It Cm fib reload +Refetches and relearns the routes in the Forwarding Information Base +a.k.a. the kernel routing table. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm reload +Reload the configuration file. +This command currently has no effect. +.It Cm show database Op Ar filter +Show the link state database. +.Ar filter +can be any one of the following: +.Pp +.Bl -tag -width "self-originatedXX" -compact +.It Cm area Ar ID +Show only LSAs from the specified area +.Ar ID . +.It Cm asbr +Show only ASBR LSAs. +.It Cm external +Show only AS-External LSAs. +.It Cm intra +Show only Intra-Area-Prefix LSAs. +.It Cm link +Show only Link LSAs. +.It Cm network +Show only Network LSAs. +.It Cm router +Show only Router LSAs. +.It Cm self-originated +Show only self-originated LSAs. +.It Cm summary +Show only Summary LSAs. +.El +.It Cm show fib Op Ar destination | filter +Show the Forwarding Information Base. +.Ar destination +can be specified to show the route matching a destination IP address. +.Ar filter +can be any of the following: +.Pp +.Bl -tag -width "interfaceXXinterfaceXX" -compact +.It Cm connected +Show only connected routes. +.It Cm interface Op Ar interface +Show only interfaces or the specified +.Ar interface . +.It Cm ospf +Show only OSPF routes. +.It Cm static +Show only static routes. +.El +.Pp +.Cm connected , +.Cm ospf +and +.Cm static +may be specified together. +.It Cm show interfaces Op Ar interface +Show details for all interfaces or the specified +.Ar interface . +.It Cm show neighbor Op Cm detail +Show neighbors. +.Cm detail +can be specified for additional detail. +.It Cm show rib Op Cm detail +Show the Routing Information Base. +.Cm detail +can be specified for additional detail. +.It Cm show summary +Show summary information. +.El +.Sh FILES +.Bl -tag -width "/var/run/ospf6d.sockXX" -compact +.It Pa /var/run/ospf6d.sock +.Ux Ns -domain +socket used for communication with +.Xr ospf6d 8 . +.El +.Sh SEE ALSO +.Xr ospf6d.conf 5 , +.Xr ospf6d 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.2 . diff --git a/static/openbsd/man8/ospf6d.8 b/static/openbsd/man8/ospf6d.8 new file mode 100644 index 00000000..733872de --- /dev/null +++ b/static/openbsd/man8/ospf6d.8 @@ -0,0 +1,209 @@ +.\" $OpenBSD: ospf6d.8,v 1.21 2023/03/02 17:09:54 jmc Exp $ +.\" +.\" Copyright (c) 2004, 2005, 2007 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt OSPF6D 8 +.Os +.Sh NAME +.Nm ospf6d +.Nd Open Shortest Path First (OSPF) for IPv6 routing daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is an Open Shortest Path First +.Pq OSPF +daemon which manages routing tables. +This implementation supports OSPF version 3, thus it is only capable of +maintaining IPv6 routing tables. +.Pp +OSPF is an interior gateway protocol designed to supersede RIP. +It has several advantages over RIP. +For instance, every router has an understanding of the complete network +topology. +Response to changes in the network is faster. +Furthermore, failure detection is improved. +.Pp +The OSPF daemon maintains a Link State Database +.Pq LSDB +containing information about routers and networks within an Autonomous System +.Pq AS . +.Pp +Dijkstra's shortest path first algorithm is used to compute a Routing +Information Base +.Pq RIB +using the LSDB as input. +The Forwarding Information Base +.Pq FIB , +a.k.a. the kernel routing table, is updated with information from the RIB. +.Pp +OSPF routers discover one another automatically via OSPF hello packets. +OSPF routers communicate via two multicast groups: ff02::5 (all Shortest +Path First routers) and ff02::6 (all Designated Routers). +OSPF runs directly on top of IP and uses neither TCP nor UDP. +IP protocol number 89 is reserved for OSPF. +.Pp +All routers in an OSPF network spend most of their time keeping each others' +LSDBs in sync. +All routers must have the same information in the LSDB at all times. +Every time the LSDB is updated, the RIB is updated; if needed, the FIB is +also updated. +.Pp +In a multi-access network such as Ethernet, it is unfeasible for all routers +to synchronize their LSDB with all other routers in the network. +In such networks a Designated Router +.Pq DR +and a Backup Designated Router +.Pq BDR +are elected. +The DR's responsibility is to synchronize with all routers; the BDR will +not do much until the DR fails. +The first router in a network is automatically elected DR, the second +router BDR. +All routers have a FULL adjacency with the DR and the BDR. +Routers with FULL adjacency exchange information about their LSDBs. +A router not elected either DR or BDR will have 2-WAY adjacency with all +routers but the DR and BDR. +Routers with 2-WAY adjacency recognize that they know each other, +but do not exchange information about their LSDBs. +If a DR or BDR fails, another router is elected DR or BDR +and all routers form FULL adjacencies with the newly elected DR or BDR. +.Pp +When routers are connected via point-to-point links, DR and BDR +election is skipped since only two routers are connected to the link. +.Pp +To limit the impact changes in the network have on the LSDB it is possible +to segment an OSPF network into areas. +Area 0.0.0.0 (a.k.a. the backbone area) must always be present. +Routers can be configured as Area Border Router +.Pq ABR , +being part of multiple areas. +Every area must have direct access to the backbone area. +ABRs not directly connected to the backbone area need to establish a +virtual link to a router in the backbone area. +.Pp +AS Border Routers +.Pq ASBR +are connected to an OSPF network and other external networks via BGP, RIP, +or static routing, and provide connectivity to networks outside the AS. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable ospf6d , +which sets +.Pp +.Dl ospf6d_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +A running +.Nm +can be controlled with the +.Xr ospf6ctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/ospf6d.sockXX" -compact +.It Pa /etc/ospf6d.conf +Default +.Nm +configuration file. +.It Pa /var/run/ospf6d.sock +.Ux Ns -domain +socket used for communication with +.Xr ospf6ctl 8 . +.El +.Sh SEE ALSO +.Xr ipsec.conf 5 , +.Xr ospf6d.conf 5 , +.Xr ospf6ctl 8 +.Sh STANDARDS +.Rs +.%A M. Gupta +.%A N. Melam +.%D June 2006 +.%R RFC 4552 +.%T Authentication/Confidentiality for OSPFv3 +.Re +.Pp +.Rs +.%A R. Coltun +.%A D. Ferguson +.%A J. Moy +.%A A. Lindem +.%D July 2008 +.%R RFC 5340 +.%T OSPF for IPv6 +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.2 . +.Sh BUGS +Virtual links are currently not available in +.Nm . +.Pp +Support for multiple areas is currently not available in +.Nm . +.Pp +Unlike OSPF for IPv4, OSPF for IPv6 has no built-in support for +authentication of OSPF packets. +Instead, it relies on IPsec for packet authentication. +Because OSPF uses multicast, IKE cannot be used for configuring IPsec +flows securing OSPF traffic. +.Nm +is currently entirely unaware of IPsec and has no support for helping +users setting up IPsec flows between OSPF routers. +However, setting up IPsec flows between routers using manual keying is +strongly recommended to protect the OSPF network against spoofing attacks. +Note in particular that flows need to be configured for multicast groups +ff02::5 and ff02::6. +See +.Xr ipsec.conf 5 . diff --git a/static/openbsd/man8/ospfctl.8 b/static/openbsd/man8/ospfctl.8 new file mode 100644 index 00000000..ad57e529 --- /dev/null +++ b/static/openbsd/man8/ospfctl.8 @@ -0,0 +1,144 @@ +.\" $OpenBSD: ospfctl.8,v 1.28 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt OSPFCTL 8 +.Os +.Sh NAME +.Nm ospfctl +.Nd control the OSPF routing daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr ospfd 8 +daemon. +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm s s +for +.Cm show summary . +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/ospfd.sock +to communicate with +.Xr ospfd 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm fib couple +Insert the learned routes into the Forwarding Information Base +a.k.a. the kernel routing table. +.It Cm fib decouple +Remove the learned routes from the Forwarding Information Base +a.k.a. the kernel routing table. +Decoupling the FIB from an OSPF router may create routing loops and could cause +major routing issues in the complete OSPF cloud. +Only routers with just one link to the OSPF cloud can safely decouple the FIB. +.It Cm fib reload +Refetches and relearns the routes in the Forwarding Information Base +a.k.a. the kernel routing table. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm reload +Reload the configuration file. +.It Cm show database Op Ar filter +Show the link state database. +.Ar filter +can be any one of the following: +.Pp +.Bl -tag -width "self-originatedXX" -compact +.It Cm area Ar ID +Show only LSAs from the specified area +.Ar ID . +.It Cm asbr +Show only ASBR LSAs. +.It Cm external +Show only AS-External LSAs. +.It Cm network +Show only Network LSAs. +.It Cm router +Show only Router LSAs. +.It Cm self-originated +Show only self-originated LSAs. +.It Cm summary +Show only Summary LSAs. +.El +.It Cm show fib Op Ar destination | filter +Show the Forwarding Information Base. +.Ar destination +can be specified to show the route matching a destination IP address. +.Ar filter +can be any of the following: +.Pp +.Bl -tag -width "interfaceXXinterfaceXX" -compact +.It Cm connected +Show only connected routes. +.It Cm interface Op Ar interface +Show only interfaces or the specified +.Ar interface . +.It Cm ospf +Show only OSPF routes. +.It Cm static +Show only static routes. +.El +.Pp +.Cm connected , +.Cm ospf +and +.Cm static +may be specified together. +.It Cm show interfaces Op Ar interface +Show details for all interfaces or the specified +.Ar interface . +.It Cm show neighbor Op Cm detail +Show neighbors. +.Cm detail +can be specified for additional detail. +.It Cm show rib Op Cm detail +Show the Routing Information Base. +.Cm detail +can be specified for additional detail. +.It Cm show summary +Show summary information. +.El +.Sh FILES +.Bl -tag -width "/var/run/ospfd.sockXX" -compact +.It Pa /var/run/ospfd.sock +.Ux Ns -domain +socket used for communication with +.Xr ospfd 8 . +.El +.Sh SEE ALSO +.Xr ospfd.conf 5 , +.Xr ospfd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.7 . diff --git a/static/openbsd/man8/ospfd.8 b/static/openbsd/man8/ospfd.8 new file mode 100644 index 00000000..4391827e --- /dev/null +++ b/static/openbsd/man8/ospfd.8 @@ -0,0 +1,190 @@ +.\" $OpenBSD: ospfd.8,v 1.34 2023/03/02 17:09:54 jmc Exp $ +.\" +.\" Copyright (c) 2004, 2005, 2007 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt OSPFD 8 +.Os +.Sh NAME +.Nm ospfd +.Nd Open Shortest Path First (OSPF) routing daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is an Open Shortest Path First +.Pq OSPF +daemon which manages routing tables. +This implementation supports OSPF version 2, thus it is only capable of +maintaining IPv4 routing tables. +.Pp +OSPF is an interior gateway protocol designed to supersede RIP. +It has several advantages over RIP. +For instance, every router has an understanding of the complete network +topology. +Response to changes in the network is faster. +Furthermore, failure detection is improved. +.Pp +The OSPF daemon maintains a Link State Database +.Pq LSDB +containing information about routers and networks within an Autonomous System +.Pq AS . +.Pp +Dijkstra's shortest path first algorithm is used to compute a Routing +Information Base +.Pq RIB +using the LSDB as input. +The Forwarding Information Base +.Pq FIB , +a.k.a. the kernel routing table, is updated with information from the RIB. +.Pp +OSPF routers discover one another automatically via OSPF hello packets. +OSPF routers communicate via two multicast groups: 224.0.0.5 (all Shortest +Path First routers) and 224.0.0.6 (all Designated Routers). +OSPF runs directly on top of IP and uses neither TCP nor UDP. +IP protocol number 89 is reserved for OSPF. +.Pp +All routers in an OSPF network spend most of their time keeping each others' +LSDBs in sync. +All routers must have the same information in the LSDB at all times. +Every time the LSDB is updated, the RIB is updated; if needed, the FIB is +also updated. +.Pp +In a multi-access network such as Ethernet, it is unfeasible for all routers +to synchronize their LSDB with all other routers in the network. +In such networks a Designated Router +.Pq DR +and a Backup Designated Router +.Pq BDR +are elected. +The DR's responsibility is to synchronize with all routers; the BDR will +not do much until the DR fails. +The first router in a network is automatically elected DR, the second +router BDR. +All routers have a FULL adjacency with the DR and the BDR. +Routers with FULL adjacency exchange information about their LSDBs. +A router not elected either DR or BDR will have 2-WAY adjacency with all +routers but the DR and BDR. +Routers with 2-WAY adjacency recognize that they know each other, +but do not exchange information about their LSDBs. +If a DR or BDR fails, another router is elected DR or BDR +and all routers form FULL adjacencies with the newly elected DR or BDR. +.Pp +When routers are connected via point-to-point links, DR and BDR +election is skipped since only two routers are connected to the link. +.Pp +To limit the impact changes in the network have on the LSDB it is possible +to segment an OSPF network into areas. +Area 0.0.0.0 (a.k.a. the backbone area) must always be present. +Routers can be configured as Area Border Router +.Pq ABR , +being part of multiple areas. +Every area must have direct access to the backbone area. +ABRs not directly connected to the backbone area need to establish a +virtual link to a router in the backbone area. +.Pp +AS Border Routers +.Pq ASBR +are connected to an OSPF network and other external networks via BGP, RIP, +or static routing, and provide connectivity to networks outside the AS. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable ospfd , +which sets +.Pp +.Dl ospfd_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +A running +.Nm +can be controlled with the +.Xr ospfctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/ospfd.sockXX" -compact +.It Pa /etc/ospfd.conf +Default +.Nm +configuration file. +.It Pa /var/run/ospfd.sock +.Ux Ns -domain +socket used for communication with +.Xr ospfctl 8 . +.El +.Sh SEE ALSO +.Xr ospfd.conf 5 , +.Xr ospfctl 8 +.Sh STANDARDS +.Rs +.%A J. Moy +.%D April 1998 +.%R RFC 2328 +.%T OSPF Version 2 +.Re +.Pp +.Rs +.%A A. Retana +.%A L. Nguyen +.%A R. White +.%A A. Zinin +.%A D. McPherson +.%D June 2001 +.%R RFC 3137 +.%T OSPF Stub Router Advertisement +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.7 . +.Sh BUGS +Virtual links are currently not available in +.Nm . diff --git a/static/openbsd/man8/pcidump.8 b/static/openbsd/man8/pcidump.8 new file mode 100644 index 00000000..d8a42374 --- /dev/null +++ b/static/openbsd/man8/pcidump.8 @@ -0,0 +1,104 @@ +.\" $OpenBSD: pcidump.8,v 1.12 2013/07/16 11:13:34 schwarze Exp $ +.\" +.\" Copyright (c) 2007 Paul de Weerd <weerd@weirdnet.nl> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 16 2013 $ +.Dt PCIDUMP 8 +.Os +.Sh NAME +.Nm pcidump +.Nd show PCI device data +.Sh SYNOPSIS +.Nm pcidump +.Op Fl v +.Op Fl x | xx | xxx +.Op Fl d Ar pcidev +.Sm off +.Op Ar bus : dev : func +.Sm on +.Nm pcidump +.Fl r Ar file +.Op Fl d Ar pcidev +.Sm off +.Ar bus : dev : func +.Sm on +.Sh DESCRIPTION +The +.Nm +utility displays the device address, vendor, and product name +of PCI devices. +When no arguments are given, +information on all PCI devices in the system is shown; +otherwise a single PCI domain or device may be specified. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar pcidev +Specify a file to use for PCI lookups. +If specified without +.Sm off +.Ar bus : dev : func , +.Sm on +all PCI devices in the domain will be shown. +.It Fl r Ar file +Reads the PCI ROM from the device specified by +.Sm off +.Ar bus : dev : func , +.Sm on +and writes its contents to +.Ar file . +.It Fl v +Shows detailed information about PCI devices. +.It Fl x +Shows a hexadecimal dump of the first 64 bytes of PCI config space. +.It Fl xx +Shows a hexadecimal dump of the full PCI config space. +.It Fl xxx +Shows a hexadecimal dump of the PCIe extended config space. +.It Xo +.Sm off +.Ar bus : dev : func +.Sm on +.Xc +Show information about the PCI device specified by the tuple given on +the command line. +If the +.Fl d +option is not given, +.Pa /dev/pci +is used. +.El +.Sh FILES +.Bl -tag -width /dev/pci* -compact +.It Pa /dev/pci* +Device files for accessing PCI domains. +.El +.Sh SEE ALSO +.Xr pci 4 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 4.3 . +.Sh AUTHORS +.An -nosplit +The +.Nm +utility was written by +.An David Gwynne Aq Mt dlg@openbsd.org . +.Sh BUGS +The default behaviour of scanning all PCI domains is limited to those +domains that have an entry in +.Pa /dev . diff --git a/static/openbsd/man8/pdisk.8 b/static/openbsd/man8/pdisk.8 new file mode 100644 index 00000000..ae0c6efa --- /dev/null +++ b/static/openbsd/man8/pdisk.8 @@ -0,0 +1,168 @@ +.\" $OpenBSD: pdisk.8,v 1.31 2016/02/23 03:34:17 krw Exp $ +.\" +.\" Copyright 1996,1997,1998 by Apple Computer, Inc. +.\" All Rights Reserved +.\" +.\" Permission to use, copy, modify, and distribute this software and +.\" its documentation for any purpose and without fee is hereby granted, +.\" provided that the above copyright notice appears in all copies and +.\" that both the copyright notice and this permission notice appear in +.\" supporting documentation. +.\" +.\" APPLE COMPUTER DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE +.\" INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +.\" FOR A PARTICULAR PURPOSE. +.\" +.\" IN NO EVENT SHALL APPLE COMPUTER BE LIABLE FOR ANY SPECIAL, INDIRECT, OR +.\" CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN ACTION OF CONTRACT, +.\" NEGLIGENCE, OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 23 2016 $ +.Dt PDISK 8 +.Os +.Sh NAME +.Nm pdisk +.Nd HFS(DPME) partition maintenance program +.Sh SYNOPSIS +.Nm pdisk +.Op Fl lr +.Ar disk +.Sh DESCRIPTION +.Nm +is a menu driven program which partitions disks using the standard Apple +disk partitioning scheme described in +.Dq Inside Macintosh: Devices . +It does not support the Intel/DOS partitioning scheme supported by +.Xr fdisk 8 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl l +List the partition map for the specified +.Ar disk . +.It Fl r +Prevents +.Nm +from writing to the disk. +.It Ar disk +Specify the +.Ar disk +to operate on. +It can be specified either by its full pathname or an abbreviated disk form. +In its abbreviated form, the path to the device and the +.Sq r +denoting +.Dq raw device +are omitted, with the partition letter being optional. +For example, the first IDE disk can be specified as either +.Pa /dev/rwd0c , +.Pa wd0c , +or +.Pa wd0 . +.El +.Sh COMMAND MODE +The list of commands and their explanations are given below. +.Bl -tag -width "update" +.It Em ?\& +verbose command help +.It Em C +create a partition of a specified type +.It Em c +create an +.Ox +partition +.It Em d +delete a partition +.It Em f +full display of a partition +.It Em h +command help +.It Em i +(re)initialize the partition map +.It Em n +(re)name a partition +.It Em P +show the partition map's data structures +.It Em p +print the partition map +.It Em q +quit editing +.It Em r +reorder (swap) disk positions of two entries in the partition map +.It Em s +change the size of the partition map +.It Em t +change the type of a partition +.It Em w +write the partition map to disk +.El +.Pp +Commands which take arguments prompt for each argument not specified +in the original command. +You can type any number of the arguments separated by spaces. +.Pp +Partitions are always specified by their number, +which is the index of the partition entry in the partition map. +.Pp +The index numbers of partitions will change if partitions are created, +deleted or reordered. +.Pp +Creating more than fifteen partitions is not advised, for +compatibility reasons. +.Pp +The +.Em c +(create an +.Ox +partition) and +.Em C +(create a partition of a specified type) +commands are the only ones with complicated arguments. +.Pp +The first argument is the base address (in blocks) of the partition. +Besides a raw number, you can also specify a partition number followed +by the letter 'p' to indicate that the first block of the new partition should +be the same as the first block of that existing free space partition. +.Pp +The second argument is the length of the partition in blocks. +This can be a raw number or can be a partition number followed by the +letter 'p' to use the size of that partition or can be a number followed +by 'k', 'm', 'g', or 't' to indicate the size in kilobytes, megabytes, +gigabytes or terabytes respectively. +(These are powers of 1024, of course, not powers of 1000.) +.Pp +The third argument is the name of the partition. +This can be a single word without quotes, or a string surrounded by +single or double quotes. +.Pp +For the +.Em C +command only, the fourth argument is the partition type. +This can be a single word without quotes, or a string surrounded by +single or double quotes. +The +.Em c +command automatically uses the type +.Ox . +.Pp +The +.Em n +(name) command allows the name of a partition to be changed. +Note that the various "Apple_Driver" partitions depend +on the name field for proper functioning. +.Sh SEE ALSO +.Xr disklabel 8 , +.Xr fdisk 8 , +.Xr newfs 8 +.Sh HISTORY +The +.Nm +was originally developed for MkLinux. +.Pp +It was ported to +.Ox +2.9 by Dale Rahn. +.Sh AUTHORS +.An Eryk Vershen diff --git a/static/openbsd/man8/pfctl.8 b/static/openbsd/man8/pfctl.8 new file mode 100644 index 00000000..3ce0d00f --- /dev/null +++ b/static/openbsd/man8/pfctl.8 @@ -0,0 +1,761 @@ +.\" $OpenBSD: pfctl.8,v 1.187 2025/11/11 04:06:20 dlg Exp $ +.\" +.\" Copyright (c) 2001 Kjell Wooding. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 11 2025 $ +.Dt PFCTL 8 +.Os +.Sh NAME +.Nm pfctl +.Nd control the packet filter (PF) device +.Sh SYNOPSIS +.Nm pfctl +.Bk -words +.Op Fl deghNnPqrvz +.Op Fl a Ar anchor +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl F Ar modifier +.Op Fl f Ar file +.Op Fl i Ar interface +.Op Fl K Ar key +.Op Fl k Ar key +.Op Fl L Ar statefile +.Op Fl o Ar level +.Op Fl p Ar device +.Op Fl S Ar statefile +.Op Fl s Ar modifier Op Fl R Ar id +.Op Fl t Ar table Fl T Ar command Op Ar address ... +.Op Fl V Ar rdomain +.Op Fl x Ar level +.Ek +.Sh DESCRIPTION +The +.Nm +utility communicates with the packet filter device using the +ioctl interface described in +.Xr pf 4 . +It allows ruleset and parameter configuration, +and retrieval of status information from the packet filter. +Packet filtering restricts the types of packets that pass through +network interfaces entering or leaving the host based on filter +rules as described in +.Xr pf.conf 5 . +The packet filter can also replace addresses and ports of packets. +.Pp +The packet filter is enabled by default. +Should +.Nm +be unable to load a ruleset, +an error occurs and the original ruleset remains in place. +If this happens at system startup, +the ruleset defined by the +.Va RULES +variable in +.Xr rc 8 +remains in place. +.Pp +The packet filter does not itself forward packets between interfaces. +Forwarding can be enabled by setting the +.Xr sysctl 8 +variables +.Em net.inet.ip.forwarding +and/or +.Em net.inet6.ip6.forwarding +to 1. +Set them permanently in +.Xr sysctl.conf 5 . +.Pp +At least one option must be specified. +The options are as follows: +.Bl -tag -width Ds +.It Fl a Ar anchor +Apply flags +.Fl f , +.Fl F , +.Fl s , +.Fl T , +and +.Fl z +only to the rules in the specified +.Ar anchor . +In addition to the main ruleset, +.Nm +can load and manipulate additional rulesets by name, +called anchors. +The main ruleset is the default anchor. +.Pp +Anchors are referenced by name and may be nested, +with the various components of the anchor path separated by +.Sq / +characters, similar to how file system hierarchies are laid out. +The last component of the anchor path is where ruleset operations are +performed. +.Pp +Evaluation of +.Ar anchor +rules from the main ruleset is described in +.Xr pf.conf 5 . +.Pp +For example, the following will show all filter rules (see the +.Fl s +flag below) inside the anchor +.Dq authpf/smith(1234) , +which would have been created for user +.Dq smith +by +.Xr authpf 8 , +PID 1234: +.Bd -literal -offset indent +# pfctl -a "authpf/smith(1234)" -s rules +.Ed +.Pp +Private tables can also be put inside anchors, either by having table +statements in the +.Xr pf.conf 5 +file that is loaded in the anchor, or by using regular table commands, as in: +.Bd -literal -offset indent +# pfctl -a foo/bar -t mytable -T add 1.2.3.4 5.6.7.8 +.Ed +.Pp +When a rule referring to a table is loaded in an anchor, the rule will use the +private table if one is defined, and then fall back to the table defined in the +main ruleset, if there is one. +This is similar to C rules for variable scope. +It is possible to create distinct tables with the same name in the global +ruleset and in an anchor, but this is often bad design and a warning will be +issued in that case. +.Pp +By default, recursive inline printing of anchors applies only to unnamed +anchors specified inline in the ruleset. +If the anchor name is terminated with a +.Sq * +character, the +.Fl s +flag will recursively print all anchors in a brace delimited block. +For example the following will print the +.Dq authpf +ruleset recursively: +.Bd -literal -offset indent +# pfctl -a 'authpf/*' -sr +.Ed +.Pp +To print the main ruleset recursively, specify only +.Sq * +as the anchor name: +.Bd -literal -offset indent +# pfctl -a '*' -sr +.Ed +.Pp +To flush all rulesets and tables recursively, specify only +.Sq * +as the anchor name: +.Bd -literal -offset indent +# pfctl -a '*' -Fa +.Ed +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the ruleset. +.It Fl d +Disable the packet filter. +.It Fl e +Enable the packet filter. +.It Fl F Ar modifier +Flush the filter parameters specified by +.Ar modifier +(may be abbreviated): +.Pp +.Bl -tag -width xxxxxxxxx -compact +.It Cm rules +Flush the filter rules. +.It Cm states +Flush the state table (NAT and filter). +.It Cm Sources +Flush the source tracking table. +.It Cm info +Flush the filter information (statistics that are not bound to rules). +.It Cm Tables +Flush the tables. +.It Cm osfp +Flush the passive operating system fingerprints. +.It Cm Reset +Reset limits, timeouts and other options back to default settings. +See the OPTIONS section in +.Xr pf.conf 5 +for details. +.It Cm all +Flush all of the above. +.El +.Pp +If +.Fl a +is specified as well and +.Ar anchor +is terminated with a +.Sq * +character, +.Cm rules , +.Cm Tables +and +.Cm all +flush the given anchor recursively. +.It Fl f Ar file +Replace the current ruleset with +the rules contained in +.Ar file . +This +.Ar file +may contain macros, tables, options, and normalization, queueing, +translation, and filtering rules. +With the exception of macros and tables, the statements must appear in that +order. +.It Fl g +Include output helpful for debugging. +.It Fl h +Help. +.It Fl i Ar interface +Restrict the operation to the given +.Ar interface . +.It Fl K Ar key +Kill all of the source tracking entries originating from the +host or network specified by +.Ar key . +A second +.Fl K +option may be specified, which will kill all the source tracking entries +from the first host/network to the second. +.It Fl k Ar key +Kill all of the state entries originating from the +host or network specified by +.Ar key . +A second +.Fl k +option may be specified, which will kill all the state entries +from the first host/network to the second. +.Pp +A network prefix length of 0 can be used as a wildcard. +To kill all states with the target +.Dq host2 : +.Pp +.Dl # pfctl -k 0.0.0.0/0 -k host2 +.Pp +It is also possible to kill states by rule label, state key, or state ID. +In this mode the first +.Fl k +argument is used to specify the type; +a second +.Fl k +gives the actual target. +.Pp +To kill states by rule label, +use the +.Cm label +modifier. +To kill all states created from rules carrying the label +.Dq foobar : +.Pp +.Dl # pfctl -k label -k foobar +.Pp +To kill one specific state by its state key +(as shown by pfctl -s state), +use the +.Cm key +modifier. +To kill a state originating from 10.0.0.101:32123 to 10.0.0.1:80, +protocol TCP, use: +.Pp +.Dl # pfctl -k key -k 'tcp 10.0.0.1:80 <- 10.0.0.101:32123' +.Pp +To kill one specific state by its unique state ID +(as shown by pfctl -s state -vv), +use the +.Cm id +modifier. +To kill a state with ID 4823e84500000003 use: +.Pp +.Dl # pfctl -k id -k 4823e84500000003 +.Pp +To kill a state with ID 4823e84500000018 created from a backup +firewall with hostid 00000002 use: +.Pp +.Dl # pfctl -k id -k 4823e84500000018/2 +.It Fl L Ar statefile +Load pf states from the file specified by +.Ar statefile . +.It Fl N +Do not perform domain name resolution. +If a name cannot be resolved without DNS, an error will be reported. +.It Fl n +Do not actually load rules, just parse them. +.It Fl o Ar level +Control the ruleset optimizer, overriding any rule file settings. +.Pp +.Bl -tag -width xxxxxxxxx -compact +.It Cm none +Disable the ruleset optimizer. +.It Cm basic +Enable basic ruleset optimizations. +This is the default behaviour. +.It Cm profile +Enable basic ruleset optimizations with profiling. +.El +.Pp +For further information on the ruleset optimizer, see +.Xr pf.conf 5 . +.It Fl P +Print ports using their names in +.Pa /etc/services +if available. +.It Fl p Ar device +Use the device file +.Ar device +instead of the default +.Pa /dev/pf . +.It Fl q +Only print errors and warnings. +.It Fl r +Perform reverse DNS lookups on states and tables when displaying them. +.Fl N +and +.Fl r +are mutually exclusive. +.It Fl S Ar statefile +Store the pf state table in the file specified by +.Ar statefile . +.Tg R +.It Fl s Ar modifier Op Fl R Ar id +Show the filter parameters specified by +.Ar modifier +(may be abbreviated): +.Pp +.Bl -tag -width xxxxxxxxxxx -compact +.It Cm queue +Show the currently loaded queue definitions. +When used together with +.Fl v , +per-queue statistics are also shown. +When used together with +.Fl v v , +.Nm +will loop and show updated queue statistics every five seconds, including +measured bandwidth and packets per second. +.It Cm rules +Show the currently loaded filter rules. +If +.Fl R Ar id +is specified as well, +only the rule with the specified numeric ID is shown. +When used together with +.Fl v , +the per-rule statistics (number of evaluations, +packets and bytes) are also shown. +When used together with +.Fl g +or +.Fl vv , +expired rules +.Pq marked as Dq # expired +are also shown. +Note that the +.Dq skip step +optimization done automatically by the kernel +will skip evaluation of rules where possible. +Packets passed statefully are counted in the rule that created the state +(even though the rule isn't evaluated more than once for the entire +connection). +.It Cm Anchors +Show the currently loaded anchors directly attached to the main ruleset. +If +.Fl a Ar anchor +is specified as well, the anchors loaded directly below the given +.Ar anchor +are shown instead. +If +.Fl v +is specified, all anchors attached under the target anchor will be +displayed recursively. +.It Cm states +Show the contents of the state table. +If +.Fl R Ar id +is specified as well, +only states created by the rule with the specified numeric ID are shown. +.It Cm Sources +Show the contents of the source tracking table. +.It Cm info +Show filter information (statistics and counters). +When used together with +.Fl v , +source tracking statistics, the firewall's 32-bit hostid number and the +main ruleset's MD5 checksum for use with +.Xr pfsync 4 +are also shown. +.It Cm labels +Show per-rule statistics (label, evaluations, packets total, bytes total, +packets in, bytes in, packets out, bytes out, state creations) of +filter rules with labels, useful for accounting. +If +.Fl R Ar id +is specified as well, +only the statistics for the rule with the specified numeric ID are shown. +.It Cm timeouts +Show the current global timeouts. +.It Cm memory +Show the current pool memory hard limits. +.It Cm Tables +Show the list of tables. +.It Cm osfp +Show the list of operating system fingerprints. +.It Cm Interfaces +Show the list of interfaces and interface groups available to PF. +When used together with +.Fl v , +it additionally lists which interfaces have skip rules activated. +When used together with +.Fl vv , +interface statistics are also shown. +.Fl i +can be used to select an interface or a group of interfaces. +.It Cm Stlimiter +Show information about state limiters. +If +.Fl R Ar id +is specified as well, +only the state limiter identified by +.Ar id +is shown. +.It Cm Srclimiter +Show information about source limiters. +If +.Fl R Ar id +is specified as well, +only the state limiter identified by +.Ar id +is shown. +If +.Fl v +is specified, +the address entries for the source pools are shown too. +.It Cm all +Show all of the above, except for the lists of interfaces and operating +system fingerprints. +.El +.Pp +Counters shown with +.Fl s Cm info +are: +.Pp +.Bl -tag -width xxxxxxxxxxxxxx -compact +.It match +explicit rule match +.It bad-offset +currently unused +.It fragment +invalid fragments dropped +.It short +short packets dropped +.It normalize +dropped by normalizer: illegal packets +.It memory +memory could not be allocated +.It bad-timestamp +bad TCP timestamp; RFC 1323 +.It congestion +network interface queue congested +.It ip-option +bad IP/IPv6 options +.It proto-cksum +invalid protocol checksum +.It state-mismatch +packet was associated with a state entry, but sequence numbers did not match +.It state-insert +state insertion failure +.It state-limit +configured state limit was reached +.It src-limit +source node/connection limit +.It synproxy +dropped by synproxy +.It translate +no free ports in translation port range +.It no-route +dropped by no-route +.El +.Tg T +.It Fl t Ar table Fl T Ar command Op Ar address ... +Specify the +.Ar command +(may be abbreviated) to apply to +.Ar table . +Commands include: +.Pp +.Bl -tag -width "expire number" -compact +.It Cm add +Add one or more addresses to a table. +Automatically create a persistent table if it does not exist. +.It Cm delete +Delete one or more addresses from a table. +.It Cm expire Ar number +Delete addresses which had their statistics cleared more than +.Ar number +seconds ago. +For entries which have never had their statistics cleared, +.Ar number +refers to the time they were added to the table. +.It Cm flush +Flush all addresses in a table. +.It Cm kill +Kill a table. +.It Cm replace +Replace the addresses of the table. +Automatically create a persistent table if it does not exist. +.It Cm show +Show the content (addresses) of a table. +.It Cm test +Test if the given addresses match a table. +.It Cm zero +Clear all the statistics of a table, or only for specified addresses. +.El +.Pp +For the +.Cm add , +.Cm delete , +.Cm replace , +and +.Cm test +commands, the list of addresses can be specified either directly on the command +line and/or in an unformatted text file, using the +.Fl f +flag. +Comments starting with a +.Sq # +are allowed in the text file. +With these commands, the +.Fl v +flag can also be used once or twice, in which case +.Nm +will print the +detailed result of the operation for each individual address, prefixed by +one of the following letters: +.Pp +.Bl -tag -width XXX -compact +.It A +The address/network has been added. +.It C +The address/network has been changed (negated). +.It D +The address/network has been deleted. +.It M +The address matches +.Po +.Cm test +operation only +.Pc . +.It X +The address/network is duplicated and therefore ignored. +.It Y +The address/network cannot be added/deleted due to conflicting +.Sq \&! +attributes. +.It Z +The address/network has been cleared (statistics). +.El +.Pp +Each table can maintain a set of counters that can be retrieved using the +.Fl v +flag of +.Nm . +For example, the following commands define a wide open firewall which will keep +track of packets going to or coming from the +.Ox +FTP server. +The following commands configure the firewall and send 10 pings to the FTP +server: +.Bd -literal -offset indent +# printf "table <test> counters { ftp.openbsd.org }\en \e + pass out to <test>\en" | pfctl -f- +# ping -qc10 ftp.openbsd.org +.Ed +.Pp +We can now use the table +.Cm show +command to output, for each address and packet direction, the number of packets +and bytes that are being passed, matched or blocked by rules referencing the +table. +Note that the match counters are incremented for every match rule in which +they are referenced, meaning that a single packet may be counted multiple times. +The time at which the current accounting started is also shown with the +.Dq Cleared +line. +.Bd -literal -offset indent +# pfctl -t test -vTshow + 198.51.100.81 + Cleared: Fri Jun 28 11:17:37 2013 + In/Block: [ Packets: 0 Bytes: 0 ] + In/Match [ Packets: 54 Bytes: 10028 ] + In/Pass: [ Packets: 5 Bytes: 1949 ] + Out/Block: [ Packets: 0 Bytes: 0 ] + Out/Match [ Packets: 65 Bytes: 12684 ] + Out/Pass: [ Packets: 6 Bytes: 389 ] +.Ed +.Pp +Similarly, it is possible to view global information about the tables +by using the +.Fl v +modifier twice and the +.Fl s +.Cm Tables +command. +This will display the number of addresses on each table, +the number of rules which reference the table, and the global +packet statistics for the whole table: +.Bd -literal -offset indent +# pfctl -vvsTables +--a-r-C test + Addresses: 1 + Cleared: Fri Jun 28 11:17:37 2013 + References: [ Anchors: 0 Rules: 4 ] + Evaluations: [ NoMatch: 35 Match: 8 ] + In/Block: [ Packets: 0 Bytes: 0 ] + In/Match: [ Packets: 54 Bytes: 10028 ] + In/Pass: [ Packets: 5 Bytes: 1949 ] + In/XPass: [ Packets: 0 Bytes: 0 ] + Out/Block: [ Packets: 0 Bytes: 0 ] + Out/Match: [ Packets: 65 Bytes: 12684 ] + Out/Pass: [ Packets: 6 Bytes: 389 ] + Out/XPass: [ Packets: 0 Bytes: 0 ] +.Ed +.Pp +Only packets creating state are matched in the Evaluations line, +but all packets passing as a result of the state are correctly accounted for. +Reloading the table(s) or ruleset will not affect packet accounting in any way. +The two +.Dq XPass +counters are incremented instead of the +.Dq Pass +counters when a +.Dq stateful +packet is passed but doesn't match the table anymore. +This will happen in our example if someone flushes the table while the +.Xr ping 8 +command is running. +.Pp +When used with a single +.Fl v , +.Nm +will only display the first line containing the table flags and name. +The flags are defined as follows: +.Pp +.Bl -tag -width XXX -compact +.It c +For constant tables, which cannot be altered outside +.Xr pf.conf 5 . +.It p +For persistent tables, which don't get automatically killed when no rules +refer to them. +.It a +For tables which are part of the +.Em active +tableset. +Tables without this flag do not really exist, cannot contain addresses, and are +only listed if the +.Fl g +flag is given. +.It i +For tables which are part of the +.Em inactive +tableset. +This flag can only be witnessed briefly during the loading of +.Xr pf.conf 5 . +.It r +For tables which are referenced (used) by rules. +.It h +This flag is set when a table in the main ruleset is hidden by one or more +tables of the same name from anchors attached below it. +.It C +This flag is set when per-address counters are enabled on the table. +.El +.It Fl V Ar rdomain +Select the routing domain to be used to kill states by host or by label. +The rdomain of a state is displayed in parentheses before the host by +.Fl s Cm states . +.It Fl v +Produce more verbose output. +A second use of +.Fl v +will produce even more verbose output including ruleset warnings. +See the previous section for its effect on table commands. +.It Fl x Ar level +Set the debug +.Ar level , +which limits the severity of log messages printed by +.Xr pf 4 . +This should be a keyword from the following ordered list +(highest to lowest): +.Cm emerg , +.Cm alert , +.Cm crit , +.Cm err , +.Cm warning , +.Cm notice , +.Cm info , +and +.Cm debug . +These keywords correspond to the similar (LOG_) values specified to the +.Xr syslog 3 +library routine, +and may be abbreviated on the command line. +.It Fl z +Clear per-rule statistics. +.El +.Sh FILES +.Bl -tag -width "/etc/pf.conf" -compact +.It Pa /etc/pf.conf +Packet filter rules file. +.It Pa /etc/pf.os +Passive operating system fingerprint database. +.El +.Sh SEE ALSO +.Xr pf 4 , +.Xr pf.conf 5 , +.Xr pf.os 5 , +.Xr sysctl.conf 5 , +.Xr authpf 8 , +.Xr ftp-proxy 8 , +.Xr rc 8 , +.Xr rc.conf 8 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +program and the +.Xr pf 4 +filter mechanism first appeared in +.Ox 3.0 . diff --git a/static/openbsd/man8/pflogd.8 b/static/openbsd/man8/pflogd.8 new file mode 100644 index 00000000..f90f9ce5 --- /dev/null +++ b/static/openbsd/man8/pflogd.8 @@ -0,0 +1,218 @@ +.\" $OpenBSD: pflogd.8,v 1.52 2025/05/16 05:47:30 kn Exp $ +.\" +.\" Copyright (c) 2001 Can Erkin Acar. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 16 2025 $ +.Dt PFLOGD 8 +.Os +.Sh NAME +.Nm pflogd +.Nd packet filter logging daemon +.Sh SYNOPSIS +.Nm pflogd +.Bk -words +.Op Fl \&Dx +.Op Fl d Ar delay +.Op Fl f Ar filename +.Op Fl i Ar interface +.Op Fl s Ar snaplen +.Op Ar expression ... +.Ek +.Sh DESCRIPTION +.Nm +is a background daemon which reads packets logged by +.Xr pf 4 +to a +.Xr pflog 4 +interface, normally +.Pa pflog0 , +and writes the packets to a logfile (normally +.Pa /var/log/pflog ) +in +.Xr tcpdump 8 +binary format. +These logs can be reviewed later using the +.Fl r +option of +.Xr tcpdump 8 , +hopefully offline in case there are bugs in the packet parsing code of +.Xr tcpdump 8 . +.Pp +.Nm +closes and then re-opens the log file when it receives +.Dv SIGHUP , +permitting +.Xr newsyslog 8 +to rotate logfiles automatically. +.Dv SIGALRM +causes +.Nm +to flush the current logfile buffers to the disk, thus making the most +recent logs available. +The buffers are also flushed every +.Ar delay +seconds. +.Pp +If the log file contains data after a restart or a +.Dv SIGHUP , +new logs are appended to the existing file. +If the existing log file was created with a different snaplen, +.Nm +temporarily uses the old snaplen to keep the log file consistent. +.Pp +.Nm +tries to preserve the integrity of the log file against I/O errors. +Furthermore, integrity of an existing log file is verified before +appending. +If there is an invalid log file or an I/O error, logging is suspended +until a +.Dv SIGHUP +or a +.Dv SIGALRM +is received. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D +Debugging mode. +.Nm +does not disassociate from the controlling terminal. +.It Fl d Ar delay +Time in seconds to delay between automatic flushes of the file. +This may be specified with a value between 5 and 3600 seconds. +If not specified, the default is 60 seconds. +.It Fl f Ar filename +Log output filename. +Default is +.Pa /var/log/pflog . +.It Fl i Ar interface +Specifies the +.Xr pflog 4 +interface to use. +By default, +.Nm +will use +.Pa pflog0 . +.It Fl s Ar snaplen +Analyze at most the first +.Ar snaplen +bytes of data from each packet rather than the default of 160. +The default of 160 is adequate for IP, ICMP, TCP, and UDP headers but may +truncate protocol information for other protocols. +Other file parsers may desire a higher snaplen. +.It Fl x +Check the integrity of an existing log file, and return. +.It Ar expression +Selects which packets will be dumped, using the regular language of +.Xr tcpdump 8 . +Tcpdump has been extended to be able to filter on the pfloghdr +structure defined in +.In net/if_pflog.h . +It can restrict the output +to packets logged on a specified interface, a rule number, a reason, +a direction, an IP family or an action. +.Pp +.Bl -tag -width "ruleset authpfXXX" -offset 3n -compact +.It ip +Address family equals IPv4. +.It ip6 +Address family equals IPv6. +.It ifname kue0 +Interface name equals "kue0". +.It on kue0 +Interface name equals "kue0". +.It ruleset authpf +Ruleset name equals "authpf". +.It rulenum 10 +Rule number equals 10. +.It reason match +Reason equals match. +Also accepts "bad-offset", "fragment", "short", "normalize", +"memory", "bad-timestamp", "congestion", "ip-option", "proto-cksum", +"state-mismatch", "state-insert", "state-limit", "src-limit", +and "synproxy". +.It action pass +Action equals pass. +Also accepts "block" and "match". +.It inbound +The direction was inbound. +.It outbound +The direction was outbound. +.El +.El +.Sh FILES +.Bl -tag -width /var/run/pflogd.pid -compact +.It Pa /var/log/pflog +Default log file. +.El +.Sh EXAMPLES +Log specific TCP packets to a different log file with a large snaplen +(useful with a +.Qq log all +rule to dump complete sessions): +.Bd -literal -offset indent +# pflogd -s 1600 -f suspicious.log port 80 and host evilhost +.Ed +.Pp +Log from another +.Xr pflog 4 +interface, excluding specific packets: +.Bd -literal -offset indent +# pflogd -i pflog3 -f network3.log "not (tcp and port 23)" +.Ed +.Pp +Display binary logs: +.Bd -literal -offset indent +# tcpdump -n -e -ttt -r /var/log/pflog +.Ed +.Pp +Display the logs in real time (this does not interfere with the +operation of +.Nm ) : +.Bd -literal -offset indent +# tcpdump -n -e -ttt -i pflog0 +.Ed +.Pp +Display the logs in real time of inbound packets that were blocked on +the wi0 interface: +.Bd -literal -offset indent +# tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0 +.Ed +.Sh SEE ALSO +.Xr pcap_open_live 3 , +.Xr pf 4 , +.Xr pflog 4 , +.Xr pf.conf 5 , +.Xr newsyslog 8 , +.Xr tcpdump 8 +.Sh HISTORY +The +.Nm +command appeared in +.Ox 3.0 . +.Sh AUTHORS +.Nm +was written by +.An Can Erkin Acar Aq Mt canacar@openbsd.org . diff --git a/static/openbsd/man8/ping.8 b/static/openbsd/man8/ping.8 new file mode 100644 index 00000000..797a9e35 --- /dev/null +++ b/static/openbsd/man8/ping.8 @@ -0,0 +1,444 @@ +.\" $OpenBSD: ping.8,v 1.66 2022/12/23 07:16:55 jmc Exp $ +.\" $NetBSD: ping.8,v 1.10 1995/12/31 04:55:35 ghudson Exp $ +.\" +.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" Copyright (c) 1985, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)ping.8 8.2 (Berkeley) 12/11/93 +.\" +.Dd $Mdocdate: December 23 2022 $ +.Dt PING 8 +.Os +.Sh NAME +.Nm ping , +.Nm ping6 +.Nd send ICMP ECHO_REQUEST packets to network hosts +.Sh SYNOPSIS +.Nm ping +.Op Fl DdEefgHLnqRv +.Op Fl c Ar count +.Op Fl I Ar sourceaddr +.Op Fl i Ar interval +.Op Fl l Ar preload +.Op Fl p Ar pattern +.Op Fl s Ar packetsize +.Op Fl T Ar toskeyword +.Op Fl t Ar ttl +.Op Fl V Ar rtable +.Op Fl w Ar maxwait +.Ar host +.Nm ping6 +.Op Fl DdEefgHLmnqv +.Op Fl c Ar count +.Op Fl h Ar hoplimit +.Op Fl I Ar sourceaddr +.Op Fl i Ar interval +.Op Fl l Ar preload +.Op Fl p Ar pattern +.Op Fl s Ar packetsize +.Op Fl T Ar toskeyword +.Op Fl V Ar rtable +.Op Fl w Ar maxwait +.Ar host +.Sh DESCRIPTION +.Nm +uses the ICMP protocol's mandatory +.Dv ECHO_REQUEST +datagram to elicit an ICMP +.Dv ECHO_REPLY +from a host or gateway. +These datagrams +.Pq pings +have an IP and ICMP header, +followed by a +.Qq struct timeval +and then an arbitrary number of pad bytes used to fill out the packet. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c Ar count +Stop sending after +.Ar count +.Dv ECHO_REQUEST +packets have been sent. +If +.Ar count +is 0, send an unlimited number of packets. +.It Fl D +Don't fragment IP packets. +.It Fl d +Set the +.Dv SO_DEBUG +option on the socket being used. +This option has no effect on +.Ox . +.It Fl E +Emit an audible beep (by sending an ASCII BEL character to the +standard error output) when no packet is received before the next +packet is transmitted. +To cater for round-trip times that are longer than the interval between +transmissions, further missing packets cause a bell only if the maximum +number of unreceived packets has increased. +This option is disabled for flood pings. +.It Fl e +Emit an audible beep (by sending an ASCII BEL character to the +standard error output) after each non-duplicate response is received. +This option is disabled for flood pings. +.It Fl f +Flood ping. +Outputs packets as fast as they come back or one hundred times per second, +whichever is more. +For every +.Dv ECHO_REQUEST +sent, a period +.Sq \&. +is printed, while for every +.Dv ECHO_REPLY +received a backspace is printed. +This provides a rapid display of how many packets are being dropped. +Only the superuser may use this option. +.Bf -emphasis +This can be very hard on a network and should be used with caution. +.Ef +.It Fl g +Provides a visual display of packets received and lost. +For every +.Dv ECHO_REPLY +received, an exclamation mark +.Sq \&! +is printed, while for every missed packet a period +.Sq \&. +is printed. +Duplicate and truncated replies are indicated with +.Sq D +and +.Sq T +respectively. +.It Fl H +Try reverse lookups for addresses. +.It Fl h Ar hoplimit +.Pq IPv6 only +Set the hoplimit. +.It Fl I Ar sourceaddr +Set the source address to transmit from, which is useful on machines +with multiple interfaces. +For unicast and multicast pings. +.It Fl i Ar interval +Send one packet every +.Ar interval +seconds. +The default is one second. +The +.Ar interval +may contain a fractional portion. +Only the superuser may specify a value less than one second. +This option is incompatible with the +.Fl f +option. +.It Fl L +Disable the loopback, so the transmitting host doesn't see the ICMP +requests. +For multicast pings. +.It Fl l Ar preload +Send +.Ar preload +packets as fast as possible before reverting to normal behavior. +Only root may set a preload value. +.It Fl m +.Pq IPv6 only +Do not fragment unicast packets to fit the minimum IPv6 MTU. +If specified twice, +do this for multicast packets as well. +.It Fl n +Numeric output only. +No attempt will be made to look up symbolic names from addresses in the reply. +.It Fl p Ar pattern +Specify up to 16 pad bytes to fill out the packet sent. +This is useful for diagnosing data-dependent problems in a network. +For example, +.Qq -p ff +causes the sent packet to be filled with all ones. +.It Fl q +Quiet output. +Nothing is displayed except the summary lines at startup time and +when finished. +.It Fl R +.Pq IPv4 only +Record route. +Includes the +.Dv RECORD_ROUTE +option in the +.Dv ECHO_REQUEST +packet and displays +the route buffer on returned packets. +Note that the IP header is only large enough for nine such routes. +If more routes come back than should, such as due to an illegal spoofed +packet, +.Nm +will print the route list and then truncate it at the correct spot. +Many hosts ignore or discard this option. +.It Fl s Ar packetsize +Specify the number of data bytes to be sent. +The default is 56, +which translates into 64 ICMP data bytes +when combined with the 8 bytes of ICMP header data. +The maximum packet size is 65467 for IPv4 and 65527 for IPv6. +.It Fl T Ar toskeyword +Change the IPv4 TOS or IPv6 Traffic Class value. +.Ar toskeyword +may be one of +.Cm critical , +.Cm inetcontrol , +.Cm lowdelay , +.Cm netcontrol , +.Cm throughput , +.Cm reliability , +or one of the DiffServ Code Points: +.Cm ef , +.Cm af11 ... af43 , +.Cm cs0 ... cs7 ; +or a number in either hex or decimal. +.It Fl t Ar ttl +.Pq IPv4 only +Use the specified time-to-live. +.It Fl V Ar rtable +Set the routing table to be used for outgoing packets. +.It Fl v +Verbose output. +ICMP packets other than +.Dv ECHO_REPLY +that are received are listed. +.It Fl w Ar maxwait +Specify the maximum number of seconds to wait for responses +after the last request has been sent. +The default is 10. +.El +.Pp +When using +.Nm +for fault isolation, it should first be run on the local host to verify +that the local network interface is up and running. +Then, hosts and gateways further and further away should be +.Dq pinged . +.Pp +Round trip times and packet loss statistics are computed. +If duplicate packets are received, they are not included in the packet +loss calculation, although the round trip time of these packets is used +in calculating the minimum/average/maximum round trip time numbers and +the standard deviation. +.Pp +When the specified number of packets have been +sent (and received), or if the program is terminated with a +.Dv SIGINT , +a brief summary is displayed. +The summary information can also be displayed while +.Nm +is running by sending it a +.Dv SIGINFO +signal (see the +.Cm status +argument of +.Xr stty 1 +for more information). +.Pp +This program is intended for use in network testing, measurement and +management. +Because of the load it can impose on the network, it is unwise to use +.Nm +during normal operations or from automated scripts. +.Sh ICMP PACKET DETAILS +An IP header without options is 20 bytes. +An ICMP +.Dv ECHO_REQUEST +packet contains an additional 8 bytes worth of +ICMP header followed by an arbitrary amount of data. +When a +.Ar packetsize +is given, this indicates the size of this extra piece of data (the +default is 56). +Thus the amount of data received inside of an IP packet of type ICMP +.Dv ECHO_REPLY +will always be 8 bytes more than the requested data space +(the ICMP header). +.Pp +If the data space is at least 24 bytes, +.Nm +uses the first sixteen bytes of this space to include a timestamp which +it uses in the computation of round trip times. +The following 8 bytes store a message authentication code. +If less than 24 bytes of pad are specified, no round trip times are +given. +.Sh DUPLICATE AND DAMAGED PACKETS +.Nm +will report duplicate and damaged packets. +Duplicate packets should never occur, and seem to be caused by +inappropriate link-level retransmissions. +Duplicates may occur in many situations and are rarely (if ever) a +good sign, although the presence of low levels of duplicates may not +always be cause for alarm. +.Pp +Damaged packets are obviously serious cause for alarm and often +indicate broken hardware somewhere in the +.Nm +packet's path (in the network or in the hosts). +.Sh TRYING DIFFERENT DATA PATTERNS +The (inter)network layer should never treat packets differently depending +on the data contained in the data portion. +Unfortunately, data-dependent problems have been known to sneak into +networks and remain undetected for long periods of time. +In many cases the particular pattern that will have problems is something +that doesn't have sufficient +.Dq transitions , +such as all ones or all +zeros, or a pattern right at the edge, such as almost all zeros. +It isn't necessarily enough to specify a data pattern of all zeros (for +example) on the command line because the pattern that is of interest is +at the data link level, and the relationship between what you type and +what the controllers transmit can be complicated. +.Pp +This means that if you have a data-dependent problem you will probably +have to do a lot of testing to find it. +If you are lucky, you may manage to find a file that either can't be sent +across your network or that takes much longer to transfer than other +similar length files. +You can then examine this file for repeated patterns that you can test +using the +.Fl p +option of +.Nm ping . +.Sh TTL DETAILS +The TTL value of an IP packet represents the maximum number of IP routers +that the packet can go through before being thrown away. +In current practice you can expect each router in the Internet to decrement +the TTL field by exactly one. +.Pp +The TCP/IP specification states that the TTL field +for TCP packets should be set to 60, +but many systems use smaller values +.Po +.Bx 4.3 +uses 30, +.Bx 4.2 +used 15 +.Pc . +.Pp +The maximum possible value of this field is 255, and most +.Ux +systems set the TTL field of ICMP +.Dv ECHO_REQUEST +packets to 255. +This is why you will find you can +.Dq ping +some hosts, but not reach them +with +.Xr telnet 1 +or +.Xr ftp 1 . +.Pp +In normal operation, +.Nm +prints the TTL value from the packet it receives. +When a remote system receives a ping packet, it can do one of three things +with the TTL field in its response: +.Bl -bullet +.It +Not change it; this is what Berkeley +.Ux +systems did before the +.Bx 4.3 Tahoe +release. +In this case the TTL value in the received packet will be +255 minus the number of routers in the round trip path. +.It +Set it to 255; this is what current Berkeley +.Ux +systems do. +In this case the TTL value in the received packet will be +255 minus the number of routers in the path from the remote system +to the pinging host. +.It +Set it to some other value. +Some machines use the same value for ICMP packets +that they use for TCP packets, for example either 30 or 60. +Others may use completely wild values. +.El +.Sh EXIT STATUS +.Nm +exits 0 if at least one reply is received, +and >0 if no reply is received or an error occurred. +.Sh SEE ALSO +.Xr ifconfig 8 , +.Xr route 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 . +The +.Nm ping6 +command was originally a separate program +and first appeared in the WIDE Hydrangea IPv6 protocol stack kit. +.Sh BUGS +Many hosts and gateways ignore the +.Dv RECORD_ROUTE +option. +.Pp +The maximum IP header length is too small for options like +.Dv RECORD_ROUTE +to +be completely useful. +There's not much that can be done about this, however. +.Pp +Flood pinging is not recommended in general, and flood pinging the +broadcast address should only be done under very controlled conditions. diff --git a/static/openbsd/man8/pkg_check.8 b/static/openbsd/man8/pkg_check.8 new file mode 100644 index 00000000..043e4a42 --- /dev/null +++ b/static/openbsd/man8/pkg_check.8 @@ -0,0 +1,127 @@ +.\" $OpenBSD: pkg_check.8,v 1.12 2020/11/16 17:52:08 jmc Exp $ +.\" +.\" Copyright (c) 2010 Marc Espie <espie@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 16 2020 $ +.Dt PKG_CHECK 8 +.Os +.Sh NAME +.Nm pkg_check +.Nd check consistency of installed packages +.Sh SYNOPSIS +.Nm pkg_check +.Bk -words +.Op Fl FfIimnqvx +.Op Fl D Ar name Ns Op = Ns Ar value +.Ek +.Sh DESCRIPTION +.Nm +verifies as much information as it can about installed packages. +.Pp +.Nm +is not needed under normal circumstances, but it can be used to recover after +a catastrophic system failure in the middle of a +.Xr pkg_add 1 +or +.Xr pkg_delete 1 . +.Pp +.Nm +performs the following checks: +.Bl -tag -width small +.It Packing-list sanity +Checks that +.Pa /var/db/pkg +only contains directories, that each directory holds a packing-list, +and that said packing-list is an actual packing-list that matches the directory. +.It Direct dependencies +Checks that all direct dependencies are recorded correctly, +specifically, that +.Cm @depend , +.Cm @tag +and +.Cm @wantlib +match actual packages. +It currently does not verify that +.Cm @wantlib +or +.Cm @tag +are reachable from the base package. +.It Reverse dependencies +Checks that all direct dependencies have corresponding reverse dependencies. +.It Files from packages +Checks that each file, link or directory in those packing-lists actually exist, +and that their checksum matches what's recorded in the packing-list. +.It Other files Po option Fl F Pc +Checks that there are no other random objects under +.Pa /usr/local . +.El +.Pp +By default, +.Nm +will only perform very safe transformations, such as the removal of core-dumps. +.Nm +will ask the user for more permanent changes in interactive mode, +or perform them anyway with option +.Fl f . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Xo +.Fl D +.Ar name Ns Op = Ns Ar value +.Xc +Extra options. +Recognized keywords include: +.Bl -tag -width "nosigXXX" +.It Cm nosig +Do not check digital signatures. +.El +.It Fl F +Check the filesystem for random objects. +.It Fl f +Force the removal of bogus package information. +.It Fl I +Force non-interactive mode. +Default is to be interactive when run from a tty. +.It Fl i +Force interactive mode, even if not run from a tty. +.It Fl m +Causes +.Nm +to always display the progress meter in cases it would not do so by default. +.It Fl n +Don't actually modify packages, just perform checks. +.It Fl q +Don't verify checksums for files, just check for their existence. +Doubling +.Fl q +will bypass that check entirely. +.It Fl v +Turn on verbose output. +Several +.Fl v +may turn on more verbose output. +.It Fl x +Disable progress meter. +.El +.Sh SEE ALSO +.Xr fsck 8 +.Sh AUTHORS +This program was written by +.An Marc Espie . +.Sh BUGS +Work in progress. +The order of checks is not definitive, and more checks may be added. +Use with caution. diff --git a/static/openbsd/man8/portmap.8 b/static/openbsd/man8/portmap.8 new file mode 100644 index 00000000..301a6088 --- /dev/null +++ b/static/openbsd/man8/portmap.8 @@ -0,0 +1,90 @@ +.\" $OpenBSD: portmap.8,v 1.11 2019/03/03 18:28:33 jmc Exp $ +.\" +.\" Copyright (c) 1987 Sun Microsystems +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)portmap.8 5.3 (Berkeley) 3/16/91 +.\" +.Dd $Mdocdate: March 3 2019 $ +.Dt PORTMAP 8 +.Os +.Sh NAME +.Nm portmap +.Nd Internet protocol port to RPC program number mapper +.Sh SYNOPSIS +.Nm portmap +.Op Fl d +.Sh DESCRIPTION +.Nm portmap +is a server that converts RPC program numbers into Internet +protocol port numbers. +It must be running in order to make RPC calls. +.Pp +When an RPC server is started, it will tell +.Nm portmap +what port number it is listening to, and what RPC +program numbers it is prepared to serve. +When a client wishes to make an RPC +call to a given program number, +it will first contact +.Nm portmap +on the server machine to determine +the port number where RPC packets should be sent. +.Pp +.Nm portmap +must be started before any RPC servers are invoked. +.Pp +Normally +.Nm portmap +forks and dissociates itself from the terminal +like any other daemon. +.Nm portmap +then logs errors using +.Xr syslog 3 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +(debug) prevents +.Nm portmap +from running as a daemon, +and causes errors and debugging information +to be printed to the standard error output. +.El +.Sh SEE ALSO +.Xr inetd 8 , +.Xr rpcinfo 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 . +.Sh BUGS +If +.Nm portmap +crashes, all servers must be restarted. diff --git a/static/openbsd/man8/pppd.8 b/static/openbsd/man8/pppd.8 new file mode 100644 index 00000000..911253b8 --- /dev/null +++ b/static/openbsd/man8/pppd.8 @@ -0,0 +1,1515 @@ +.\" $OpenBSD: pppd.8,v 1.48 2022/03/31 17:27:31 naddy Exp $ +.\" Id: pppd.8,v 1.27 1998/03/31 04:31:08 paulus Exp $ +.\" +.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@samba.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt PPPD 8 +.Os +.Sh NAME +.Nm pppd +.Nd Point-to-Point Protocol daemon +.Sh SYNOPSIS +.Nm pppd +.Op Ar tty_name +.Op Ar speed +.Op Ar options +.Sh DESCRIPTION +PPP is the protocol used for establishing internet links over dial-up +modems, DSL connections, and many other types of point-to-point links. +The +.Nm +daemon works together with the kernel +.Xr ppp 4 +driver to establish and maintain a PPP link with another system +(called the +.Em peer ) +and to negotiate Internet Protocol (IP) addresses for each end of the link. +.Nm +can also authenticate the peer and/or supply authentication information +to the peer. +PPP can be used with other network protocols besides IP, but such use +is becoming increasingly rare. +.Sh FREQUENTLY USED OPTIONS +.Bl -tag -width Ds +.It Ar tty_name +Use the serial port called +.Ar ttyname +to communicate with the peer. +The string +.Dq /dev/ +is prepended to +.Ar ttyname +to form the name of the device to open. +If no device name is given, or if the name of the terminal +connected to the standard input is given, +.Nm +will use that terminal, and will not fork to put itself in the background. +This option is privileged if the +.Cm noauth +option is used. +.It Ar speed +An option that is a decimal number is taken as the desired baud rate +for the serial device. +On systems such as +.Bx 4.4 +and +.Ox , +any speed can be specified. +Other systems (e.g., Linux, SunOS) only support the commonly used +baud-rates. +.It Cm active-filter Ar filter-expression +Specifies a packet filter to be applied to data packets to determine +which packets are to be regarded as link activity, and therefore reset +the idle timer, or cause the link to be brought up in demand-dialling +mode. +This option is useful in conjunction with the +.Cm idle +option if there are packets being sent or received regularly over the link +(for example, routing information packets) +which would otherwise prevent the link from ever appearing to be idle. +The +.Ar filter-expression +syntax is as described for +.Xr tcpdump 8 , +except that qualifiers which are inappropriate for a PPP link, such as +.Ar ether +and +.Ar arp , +are not permitted. +Generally the filter expression should be enclosed in single quotes to +prevent whitespace in the expression from being interpreted by the shell. +.It Cm asyncmap Ar map +This option sets the Async-Control-Character-Map (ACCM) for this end +of the link. +The ACCM is a set of 32 bits, one for each of the ASCII control characters +with values from 0 to 31, where a 1 bit indicates that the corresponding +control character should not be used in PPP packets sent to this system. +The map is encoded as a hexadecimal number (without a leading 0x) where the +least significant bit (00000001) represents character 0 and the +most significant bit (80000000) represents character 31. +.Nm +will ask the peer to send these characters as a 2-byte escape sequence. +If multiple +.Cm asyncmap +options are given, the values are ORed together. +If no +.Cm asyncmap +option is given, no async character map will be negotiated for the receive +direction; the peer should then escape +.Em all +control characters. +To escape transmitted characters, use the +.Cm escape +option. +.It Cm auth +Require the peer to authenticate itself before allowing network +packets to be sent or received. +.It Cm call Ar name +Read options from the file +.Pa /etc/ppp/peers/name . +This file may contain privileged options, such as +.Cm noauth , +even if +.Nm +is not being run by root. +The +.Ar name +string may not begin with +.Qq / +or include +.Qq .. +as a pathname component. +The format of the options file is described below. +.It Cm connect Ar script +Usually there is something which needs to be done to prepare the link +before the PPP protocol can be started; for instance, with a dial-up +modem, commands need to be sent to the modem to dial the appropriate +phone number. +This option specifies a command for +.Nm +to execute (by passing it to a shell) before attempting to start PPP +negotiation. +The +.Xr chat 8 +program is often useful here, as it provides a way to send arbitrary strings +to a modem and respond to received characters. +This option is privileged if the +.Cm noauth +option is used. +.It Cm crtscts +Specifies that +.Nm +should set the serial port to use hardware flow control using the RTS and CTS +signals in the RS-232 interface. +If neither the +.Cm crtscts +nor the +.Cm nocrtscts +option is given, the hardware flow control setting for the serial port +is left unchanged. +.It Cm defaultroute +Add a default route to the system routing tables, using the peer as +the gateway, when IPCP negotiation is successfully completed. +This entry is removed when the PPP connection is broken. +This option is privileged if the +.Cm nodefaultroute +option has been specified. +.It Cm disconnect Ar script +Execute the command specified by +.Ar script , +by passing it to a shell, +after +.Nm +has terminated the link. +This command could, for example, issue commands to the modem to cause it +to hang up if hardware modem control signals were not available. +The disconnect script is not run if the modem has already hung up. +This option is privileged if the +.Cm noauth +option is used. +.It Cm escape Ar xx,yy,... +Specifies that certain characters should be escaped on transmission +(regardless of whether the peer requests them to be escaped with its +async control character map). +The characters to be escaped are specified as a list of hex numbers +separated by commas. +Note that almost any character can be specified for the +.Cm escape +option, unlike the +.Cm asyncmap +option which only allows control characters to be specified. +The characters which may not be escaped are those with hex values +0x20 \- 0x3f or 0x5e. +.It Cm file Ar name +Read options from file +.Ar name +(the format is described below). +The file must be readable by the user who has invoked +.Nm pppd . +.It Cm lock +Specifies that +.Nm +should create a UUCP-style lock file for the +serial device to ensure exclusive access to the device. +.It Cm mru Ar n +Set the MRU (Maximum Receive Unit) value to +.Ar n . +.Nm +will ask the peer to send packets of no more than +.Ar n +bytes. +The value of +.Ar n +must be between 128 and 16384; the default is 1500. +A value of 296 works well on very slow links +(40 bytes for TCP/IP header + 256 bytes of data). +Note that for the IPv6 protocol, the MRU must be at least 1280. +.It Cm mtu Ar n +Set the MTU (Maximum Transmit Unit) value to +.Ar n . +Unless the peer requests a smaller value via MRU negotiation, +.Nm +will request that the kernel networking code send data packets of no more than +.Ar n +bytes through the PPP network interface. +Note that for the IPv6 protocol, the MTU must be at least 1280. +.It Cm passive +Enables the +.Qq passive +option in the LCP. +With this option, +.Nm +will attempt to initiate a connection; if no reply is received from the peer, +.Nm +will then just wait passively for a valid LCP packet from the peer, +instead of exiting, as it would without this option. +.El +.Sh OPTIONS +.Bl -tag -width Ds +.It Xo +.Oo Ar local_IP_address Oc : Ns +.Op Ar remote_IP_address +.Xc +Set the local and/or remote interface IP addresses. +Either one may be omitted. +The IP addresses can be specified with a host name or in +decimal dot notation (e.g., 150.234.56.78). +The default local address is the (first) IP address of the system (unless the +.Cm noipdefault +option is given). +The remote address will be obtained from the peer +if not specified in any option. +Thus, in simple cases, this option is not required. +If a local and/or remote IP address is specified with this option, +.Nm +will not accept a different value from the peer in the IPCP negotiation, +unless the +.Cm ipcp-accept-local +and/or +.Cm ipcp-accept-remote +options are given, respectively. +.It Cm bsdcomp Ar nr,nt +Request that the peer compress packets that it sends, using the +BSD-Compress scheme, with a maximum code size of +.Ar nr +bits, and agree to compress packets sent to the peer with +a maximum code size of +.Ar nt +bits. +If +.Ar nt +is not specified, it defaults to the value given for +.Ar nr . +Values in the range 9 to 15 may be used for +.Ar nr +and +.Ar nt ; +larger values give better compression but +consume more kernel memory for compression dictionaries. +Alternatively, a value of 0 for +.Ar nr +or +.Ar nt +disables compression in the corresponding direction. +.Cm nobsdcomp +or +.Cm bsdcomp 0 +disables BSD-Compress compression entirely. +.It Cm chap-interval Ar n +If this option is given, +.Nm +will rechallenge the peer every +.Ar n +seconds. +.It Cm chap-max-challenge Ar n +Set the maximum number of CHAP challenge transmissions to +.Ar n +(default 10). +.It Cm chap-restart Ar n +Set the CHAP restart interval (retransmission timeout for challenges) to +.Ar n +seconds (default 3). +.It Cm debug +Enables connection debugging facilities. +If this option is given, +.Nm +will log the contents of all control packets sent or received in a +readable form. +The packets are logged through +.Xr syslogd 8 +with facility +.Ar daemon +and level +.Ar debug . +This information can be directed to a file by setting up +.Pa /etc/syslog.conf +appropriately (see +.Xr syslog.conf 5 ) . +.It Cm default-asyncmap +Disable asyncmap negotiation, forcing all control characters to be +escaped for both the transmit and the receive direction. +.It Cm default-mru +Disable MRU (Maximum Receive Unit) negotiation. +With this option, +.Nm +will use the default MRU value of 1500 bytes for both the +transmit and receive direction. +.It Cm deflate Ar nr,nt +Request that the peer compress packets that it sends, using the +Deflate scheme, with a maximum window size of +.Ar 2**nr +bytes, and agree to compress packets sent to the peer with +a maximum window size of +.Ar 2**nt +bytes. +If +.Ar nt +is not specified, it defaults to the value given for +.Ar nr . +Values in the range 8 to 15 may be used for +.Ar nr +and +.Ar nt ; +larger values give better compression but consume more kernel memory +for compression dictionaries. +Alternatively, a value of 0 for +.Ar nr +or +.Ar nt +disables compression in the corresponding direction. +Use +.Cm nodeflate +or +.Cm deflate 0 +to disable Deflate compression entirely. +(Note: +.Nm +requests Deflate compression in preference to BSD-Compress if the peer +can do either.) +.It Cm demand +Initiate the link only on demand, i.e., when data traffic is present. +With this option, the remote IP address must be specified by the user +on the command line or in an options file. +.Nm +will initially configure the interface and enable it for IP traffic without +connecting to the peer. +When traffic is available, +.Nm +will connect to the peer and perform negotiation, authentication, etc. +When this is completed, +.Nm +will commence passing data packets (i.e., IP packets) across the link. +.Pp +The +.Cm demand +option implies the +.Cm persist +option. +If this behaviour is not desired, use the +.Cm nopersist +option after the +.Cm demand +option. +The +.Cm idle +and +.Cm holdoff +options are also useful in conjunction with the +.Cm demand +option. +.It Cm domain Ar d +Append the domain name +.Ar d +to the local host name for authentication purposes. +For example, if +.Xr gethostname 3 +returns the name porsche, but the fully qualified domain name is +porsche.Quotron.COM, you could specify +.Cm domain Quotron.COM . +.Nm +would then use the name +.Ar porsche.Quotron.COM +for looking up secrets in the secrets file, and as the default name to +send to the peer when authenticating itself to the peer. +This option is privileged. +.It Cm holdoff Ar n +Specifies how many seconds to wait before re-initiating the link after +it terminates. +This option only has any effect if the +.Cm persist +or +.Cm demand +option is used. +The holdoff period is not applied if the link was terminated +because it was idle. +.It Cm idle Ar n +Specifies that +.Nm +should disconnect if the link is idle for +.Ar n +seconds. +The link is idle when no data packets (i.e., IP packets) are +being sent or received. +Note: it is not advisable to use this option with the +.Cm persist +option without the +.Cm demand +option. +If the +.Cm active-filter +option is given, data packets which are rejected by the specified +activity filter also count as the link being idle. +.It Cm ipcp-accept-local +With this option, +.Nm +will accept the peer's idea of our local IP address, +even if the local IP address was specified in an option. +.It Cm ipcp-accept-remote +With this option, +.Nm +will accept the peer's idea of its (remote) IP address, +even if the remote IP address was specified in an option. +.It Cm ipcp-max-configure Ar n +Set the maximum number of IPCP configure-request transmissions to +.Ar n +(default 10). +.It Cm ipcp-max-failure Ar n +Set the maximum number of IPCP configure-NAKs returned before starting +to send configure-Rejects to +.Ar n +(default 10). +.It Cm ipcp-max-terminate Ar n +Set the maximum number of IPCP terminate-request transmissions to +.Ar n +(default 3). +.It Cm ipcp-restart Ar n +Set the IPCP restart interval (retransmission timeout) to +.Ar n +seconds (default 3). +.It Cm ipparam Ar string +Provides an extra parameter to the ip-up and ip-down scripts. +If this option is given, the +.Ar string +supplied is given as the 6th parameter to those scripts. +.It Cm kdebug Ar n +Enable debugging code in the kernel-level PPP driver. +The argument +.Ar n +is a number which is the sum of the following values: +1 to enable general debug messages, +2 to request that the contents of received packets be printed, +and 4 to request that the contents of transmitted packets be printed. +On most systems, messages printed by the kernel are logged by +.Xr syslogd 8 +to a file as directed in the +.Pa /etc/syslog.conf +configuration file. +.It Cm lcp-echo-failure Ar n +If this option is given, +.Nm +will presume the peer to be dead if +.Ar n +LCP echo-requests are sent without receiving a valid LCP echo-reply. +If this happens, +.Nm +will terminate the connection. +Use of this option requires a non-zero value for the +.Cm lcp-echo-interval +parameter. +This option can be used to enable +.Nm +to terminate after the physical connection has been broken +(e.g., the modem has hung up) in situations where no hardware modem +control lines are available. +.It Cm lcp-echo-interval Ar n +If this option is given, +.Nm +will send an LCP echo-request frame to the peer every +.Ar n +seconds. +Normally the peer should respond to the echo-request by sending an echo-reply. +This option can be used with the +.Cm lcp-echo-failure +option to detect that the peer is no longer connected. +.It Cm lcp-max-configure Ar n +Set the maximum number of LCP configure-request transmissions to +.Ar n +(default 10). +.It Cm lcp-max-failure Ar n +Set the maximum number of LCP configure-NAKs returned before starting +to send configure-Rejects to +.Ar n +(default 10). +.It Cm lcp-max-terminate Ar n +Set the maximum number of LCP terminate-request transmissions to +.Ar n +(default 3). +.It Cm lcp-restart Ar n +Set the LCP restart interval (retransmission timeout) to +.Ar n +seconds (default 3). +.It Cm local +Don't use the modem control lines. +With this option, +.Nm +will ignore the state of the CD (Carrier Detect) signal from the modem +and will not change the state of the DTR (Data Terminal Ready) signal. +.It Cm login +Use the system password database for authenticating the peer using +PAP, and record the user in the system wtmp file. +Note that the peer must have an entry in the +.Pa /etc/ppp/pap-secrets +file as well as the system password database to be allowed access. +.It Cm maxconnect Ar n +Terminate the connection when it has been available for network +traffic for +.Ar n +seconds (i.e., +.Ar n +seconds after the first network control protocol comes up). +.It Cm modem +Use the modem control lines. +This option is the default. +With this option, +.Nm +will wait for the CD (Carrier Detect) signal from the +modem to be asserted when opening the serial device (unless a connect +script is specified), and it will drop the DTR (Data Terminal Ready) +signal briefly when the connection is terminated and before executing +the connect script. +On Ultrix, this option implies hardware flow control, as for the +.Cm crtscts +option. +.It Cm modem_chat +Use the modem control lines during the chat script. +The default is to ignore the state of the CD (Carrier Detect) signal +from the modem during the chat script. +If you are using a +.Xr cua 4 +device (as opposed to a +.Xr tty 4 +device), +you should set this option. +You should not use this option with a dialback setup as it will cause +the chat script to exit when carrier drops. +.It Cm ms-dns Op Ar addr +If +.Nm +is acting as a server for Microsoft Windows clients, this option allows +.Nm +to supply one or two DNS (Domain Name Server) addresses to the clients. +The first instance of this option specifies the primary DNS address; +the second instance (if given) specifies the secondary DNS address. +(This option was present in some older versions of +.Nm +under the name +.Cm dns-addr . ) +.It Cm ms-wins Op Ar addr +If +.Nm +is acting as a server for Microsoft Windows or +.Qq Samba +clients, +this option allows +.Nm +to supply one or two WINS (Windows Internet Name Services) server addresses +to the clients. +The first instance of this option specifies the primary WINS address; +the second instance (if given) specifies the secondary WINS address. +.It Cm name Ar name +Set the name of the local system for authentication purposes to +.Ar name . +This is a privileged option. +With this option, +.Nm +will use lines in the secrets files which have +.Ar name +as the second field when looking for a secret to use +in authenticating the peer. +In addition, unless overridden with the +.Cm user +option, +.Ar name +will be used as the name to send to the peer when authenticating the +local system to the peer. +(Note that +.Nm +does not append the domain name to +.Ar name . ) +.It Cm netmask Ar n +Set the interface netmask to +.Ar n , +a 32-bit netmask in +.Dq decimal dot +notation (e.g. 255.255.255.0). +If this option is given, the value specified is ORed with the default netmask. +The default netmask is chosen based on the negotiated remote IP address; +it is the appropriate network mask for the class of the remote IP address, +ORed with the netmasks for any non point-to-point network interfaces in the +system which are on the same network. +(Note: on some platforms, +.Nm +will always use 255.255.255.255 for the netmask, if that is the only +appropriate value for a point-to-point interface.) +.It Cm noaccomp +Disable Address/Control compression in both directions (send and receive). +.It Cm noauth +Do not require the peer to authenticate itself. +This option is privileged if the +.Cm auth +option is specified in +.Pa /etc/ppp/options . +.It Cm nobsdcomp +Disables BSD-Compress compression; +.Nm +will not request or agree to compress packets using the BSD-Compress scheme. +.It Cm noccp +Disable CCP (Compression Control Protocol) negotiation. +This option should only be required if the peer is buggy and gets confused by +requests from +.Nm +for CCP negotiation. +.It Cm nocrtscts +Disable hardware flow control (i.e., RTS/CTS) on the serial port. +If neither the +.Cm crtscts +nor the +.Cm nocrtscts +option is given, the hardware flow control setting for the serial port +is left unchanged. +.It Cm nodefaultroute +Disable the +.Cm defaultroute +option. +The system administrator who wishes to prevent users from creating +default routes with +.Nm +can do so by placing this option in the +.Pa /etc/ppp/options +file. +.It Cm nodeflate +Disables Deflate compression; +.Nm +will not request or agree to compress packets using the Deflate scheme. +.It Cm nodetach +Don't detach from the controlling terminal. +Without this option, if a serial device other than the terminal +on the standard input is specified, +.Nm +will fork to become a background process. +.It Cm noip +Disable IPCP negotiation and IP communication. +This option should only be required if the peer is buggy and gets confused +by requests from +.Nm +for IPCP negotiation. +.It Cm noipdefault +Disables the default behaviour when no local IP address is specified, +which is to determine (if possible) the local IP address from the hostname. +With this option, the peer will have to supply the local IP +address during IPCP negotiation (unless it was specified explicitly +on the command line or in an options file). +.It Cm nomagic +Disable magic number negotiation. +With this option, +.Nm +cannot detect a looped-back line. +This option should only be needed if the peer is buggy. +.It Cm nopcomp +Disable protocol field compression negotiation in both the receive and +the transmit direction. +.It Cm nopersist +Exit once a connection has been made and terminated. +This is the default unless the +.Cm persist +or +.Cm demand +option has been specified. +.It Cm nopredictor1 +Do not accept or agree to Predictor-1 compression. +.It Cm noproxyarp +Disable the +.Cm proxyarp +option. +The system administrator who wishes to prevent users from creating +proxy ARP entries with +.Nm +can do so by placing this option in the +.Pa /etc/ppp/options +file. +.It Cm novj +Disable Van Jacobson style TCP/IP header compression in both the +transmit and the receive direction. +.It Cm novjccomp +Disable the connection-ID compression option in Van Jacobson style +TCP/IP header compression. +With this option, +.Nm +will not omit the connection-ID byte from Van Jacobson compressed +TCP/IP headers, nor ask the peer to do so. +.It Cm papcrypt +Indicates that all secrets in the +.Pa /etc/ppp/pap-secrets +file which are used for checking the identity of the peer are encrypted, +and thus +.Nm +should not accept a password which, before encryption, +is identical to the secret from the +.Pa /etc/ppp/pap-secrets +file. +.It Cm pap-max-authreq Ar n +Set the maximum number of PAP authenticate-request transmissions to +.Ar n +(default 10). +.It Cm pap-restart Ar n +Set the PAP restart interval (retransmission timeout) to +.Ar n +seconds (default 3). +.It Cm pap-timeout Ar n +Set the maximum time that +.Nm +will wait for the peer to authenticate itself with PAP to +.Ar n +seconds (0 means no limit). +.It Cm pass-filter Ar filter-expression +Specifies a packet filter to apply to data packets being sent or +received to determine which packets should be allowed to pass. +Packets which are rejected by the filter are silently discarded. +This option can be used to prevent specific network protocols +using up link bandwidth, or to provide a basic firewall capability. +The +.Ar filter-expression +syntax is as described for +.Xr tcpdump 8 , +except that qualifiers which are inappropriate for a PPP link, such as +.Ar ether +and +.Ar arp , +are not permitted. +Generally the filter expression should be enclosed in single quotes to prevent +whitespace in the expression from being interpreted by the shell. +Note that it is possible to apply different constraints to incoming and +outgoing packets using the +.Cm inbound +and +.Cm outbound +qualifiers. +.It Cm persist +Do not exit after a connection is terminated; instead try to reopen +the connection. +.It Cm predictor1 +Request that the peer compress frames that it sends using Predictor-1 +compression, and agree to compress transmitted frames with Predictor-1 +if requested. +This option has no effect unless the kernel driver supports Predictor-1 +compression. +.It Cm proxyarp +Add an entry to this system's ARP (Address Resolution Protocol) table +with the IP address of the peer and the Ethernet address of this system. +This will have the effect of making the peer appear to other +systems to be on the local Ethernet. +.It Cm remotename Ar name +Set the assumed name of the remote system for authentication purposes to +.Ar name . +.It Cm refuse-chap +With this option, +.Nm +will not agree to authenticate itself to the peer using CHAP. +.It Cm refuse-pap +With this option, +.Nm +will not agree to authenticate itself to the peer using PAP. +.It Cm require-chap +Require the peer to authenticate itself using CHAP +(Challenge Handshake Authentication Protocol) authentication. +.It Cm require-pap +Require the peer to authenticate itself using PAP +(Password Authentication Protocol) authentication. +.It Cm silent +With this option, +.Nm +will not transmit LCP packets to initiate a connection until a valid LCP +packet is received from the peer (as for the `passive' option with ancient +versions of +.Nm pppd ) . +.It Cm usehostname +Enforce the use of the hostname (with domain name appended, if given) +as the name of the local system for authentication purposes (overrides the +.Cm name +option). +.It Cm user Ar name +Sets the name used for authenticating the local system to the peer to +.Ar name . +.It Cm vj-max-slots Ar n +Sets the number of connection slots to be used by the Van Jacobson +TCP/IP header compression and decompression code to +.Ar n , +which must be between 2 and 16, inclusive. +.It Cm welcome Ar script +Run the executable or shell command specified by +.Ar script +before initiating PPP negotiation, after the connect script (if any) has +completed. +This option is privileged if the +.Cm noauth +option is used. +.It Cm xonxoff +Use software flow control (i.e., XON/XOFF) to control the flow of data on +the serial port. +.El +.Sh OPTIONS FILES +Options can be taken from files as well as the command line. +.Nm +reads options from the files +.Pa /etc/ppp/options , ~/.ppprc +and +.Pf /etc/ppp/options. Ar ttyname +(in that order) before processing the options on the command line. +(In fact, the command-line options are scanned to find the terminal name +before the +.Pf options. Ar ttyname +file is read.) +In forming the name of the +.Pf options. Ar ttyname +file, +the initial /dev/ is removed from the terminal name, and any remaining +/ characters are replaced with dots. +.Pp +An options file is parsed into a series of words, delimited by whitespace. +Whitespace can be included in a word by enclosing the word in double-quotes ("). +A backslash (\e) quotes the following character. +A hash (#) starts a comment, which continues until the end of the line. +There is no restriction on using the +.Cm file +or +.Cm call +options within an options file. +.Sh SECURITY +Users must be in group +.Qq network +to be able to use +.Nm pppd . +.Pp +.Nm +provides system administrators with sufficient access control that PPP +access to a server machine can be provided to legitimate users without +fear of compromising the security of the server or the network it's on. +In part this is provided by the +.Pa /etc/ppp/options file , +where the administrator can place options to restrict the ways in which +.Nm +can be used, and in part by the PAP and CHAP secrets files, where the +administrator can restrict the set of IP addresses which individual +users may use. +.Pp +The normal way that +.Nm +should be set up is to have the +.Cm auth +option in the +.Pa /etc/ppp/options +file. +(This may become the default in later releases.) +If users wish to use +.Nm +to dial out to a peer which will refuse to authenticate itself +(such as an internet service provider), the system administrator should +create an options file under +.Pa /etc/ppp/peers +containing the +.Cm noauth +option, the name of the serial port to use, and the +.Cm connect +option (if required), plus any other appropriate options. +In this way, +.Nm +can be set up to allow non-privileged users to make unauthenticated +connections only to trusted peers. +.Pp +As indicated above, some security-sensitive options are privileged, +which means that they may not be used by an ordinary non-privileged +user running a setuid-root +.Nm pppd , +either on the command line, in the user's +.Pa ~/.ppprc +file, or in an options file read using the +.Cm file +option. +Privileged options may be used in the +.Pa /etc/ppp/options +file or in an options file read using the +.Cm call +option. +If +.Nm +is being run by the root user, privileged options can be used without +restriction. +.Sh AUTHENTICATION +Authentication is the process whereby one peer convinces the other of +its identity. +This involves the first peer sending its name to the other, +together with some kind of secret information which could only +come from the genuine authorized user of that name. +In such an exchange, we will call the first peer the +.Qq client +and the other the +.Qq server . +The client has a name by which it identifies itself to the server, +and the server also has a name by which it identifies itself to the client. +Generally the genuine client shares some secret (or password) with the server, +and authenticates itself by proving that it knows that secret. +Very often, the names used for authentication correspond to the internet +hostnames of the peers, but this is not essential. +.Pp +At present, +.Nm +supports two authentication protocols: +the Password Authentication Protocol (PAP) +and the Challenge Handshake Authentication Protocol (CHAP). +PAP involves the client sending its name and a cleartext password +to the server to authenticate itself. +In contrast, the server initiates the CHAP authentication exchange by +sending a challenge to the client (the challenge packet includes the +server's name). +The client must respond with a response which includes its name +plus a hash value derived from the shared secret and the challenge, +in order to prove that it knows the secret. +.Pp +The PPP protocol, being symmetrical, allows both peers to require the +other to authenticate itself. +In that case, two separate and independent authentication exchanges +will occur. +The two exchanges could use different authentication protocols, +and in principle, different names could be used in the two exchanges. +.Pp +The default behaviour of +.Nm +is to agree to authenticate if requested, and to not require authentication +from the peer. +However, +.Nm +will not agree to authenticate itself with a particular protocol +if it has no secrets which could be used to do so. +.Pp +.Nm +stores secrets for use in authentication in secrets files +.Pf ( Pa /etc/ppp/pap-secrets +for PAP, +.Pa /etc/ppp/chap-secrets +for CHAP). +Both secrets files have the same format. +The secrets files can contain secrets for +.Nm +to use in authenticating itself to other systems, as well as secrets for +.Nm +to use when authenticating other systems to itself. +.Pp +Each line in a secrets file contains one secret. +Any following words on the same line are taken to be a list +of acceptable IP addresses for that client. +If there are only 3 words on the line, or if the first word is +.Qq \- , +then all IP addresses are disallowed. +To allow any address, use +.Qq * . +A word starting with +.Qq \&! +indicates that the specified address is +.Em not +acceptable. +An address may be followed by +.Qq / +and a number +.Ar n , +to indicate a whole subnet, i.e., all addresses which have the same value +in the most significant +.Ar n +bits. +Case is significant in the client and server names and in the secret. +.Pp +If the secret starts with an `@', what follows is assumed to be the +name of a file from which to read the secret. +A +.Qq * +as the client or server name matches any name. +When selecting a secret, +.Nm +takes the best match, i.e., the match with the fewest wildcards. +.Pp +Thus a secrets file contains both secrets for use in authenticating +other hosts, plus secrets which we use for authenticating ourselves to +others. +When +.Nm +is authenticating the peer (checking the peer's identity), it chooses a +secret with the peer's name in the first field and the name of the local +system in the second field. +The name of the local system defaults to the hostname, with the domain +name appended if the +.Cm domain +option is used. +This default can be overridden with the +.Cm name +option, except when the +.Cm usehostname +option is used. +.Pp +When +.Nm +is choosing a secret to use in authenticating itself to the peer, +it first determines what name it is going to use to identify +itself to the peer. +This name can be specified by the user with the +.Cm user +option. +If this option is not used, the name defaults to the name of the local system, +determined as described in the previous paragraph. +Then +.Nm +looks for a secret with this name in the first field and the peer's name +in the second field. +.Nm +will know the name of the peer if CHAP authentication is being used, because +the peer will have sent it in the challenge packet. +However, if PAP is being used, +.Nm +will have to determine the peer's name from the options specified by the user. +The user can specify the peer's name directly with the +.Cm remotename +option. +Otherwise, if the remote IP address was specified by a name +(rather than in numeric form), that name will be used as the peer's name. +Failing that, +.Nm +will use the null string as the peer's name. +.Pp +When authenticating the peer with PAP, the supplied password is first +compared with the secret from the secrets file. +If the password doesn't match the secret, the password is encrypted using +.Xr crypt 3 +and checked against the secret again. +Thus secrets for authenticating the peer can be stored in encrypted form +if desired. +If the +.Cm papcrypt +option is given, the first (unencrypted) comparison is omitted, +for better security. +.Pp +Furthermore, if the +.Cm login +option was specified, the username and password are also checked against +the system password database. +Thus, the system administrator can set up the pap-secrets file to allow PPP +access only to certain users, and to restrict the set of IP addresses +that each user can use. +Typically, when using the +.Cm login +option, the secret in +.Pa /etc/ppp/pap-secrets +would be +.Pq , +which will match any password supplied by the peer. +This avoids the need to have the same secret in two places. +.Pp +Authentication must be satisfactorily completed before IPCP +(or any other Network Control Protocol) can be started. +If the peer is required to authenticate itself, and fails to do so, +.Nm +will terminate the link (by closing LCP). +If IPCP negotiates an unacceptable IP address for the remote host, +IPCP will be closed. +IP packets can only be sent or received when IPCP is open. +.Pp +In some cases it is desirable to allow some hosts which can't +authenticate themselves to connect and use one of a restricted set of +IP addresses, even when the local host generally requires authentication. +If the peer refuses to authenticate itself when requested, +.Nm +takes that as equivalent to authenticating with PAP +using the empty string for the username and password. +Thus, by adding a line to the pap-secrets file which specifies the empty +string for the client and password, it is possible to allow restricted +access to hosts which refuse to authenticate themselves. +.Sh ROUTING +When IPCP negotiation is completed successfully, +.Nm +will inform the kernel of the local and remote IP addresses for the PPP +interface. +This is sufficient to create a host route to the remote end of the +link, which will enable the peers to exchange IP packets. +Communication with other machines generally requires further +modification to routing tables and/or ARP +(Address Resolution Protocol) tables. +In most cases the +.Cm defaultroute +and/or +.Cm proxyarp +options are sufficient for this, but in some cases +further intervention is required. +The +.Pa /etc/ppp/ip-up +script can be used for this. +.Pp +Sometimes it is desirable to add a default route through the remote +host, as in the case of a machine whose only connection to the +Internet is through the PPP interface. +The +.Cm defaultroute +option causes +.Nm +to create such a default route when IPCP comes up, and +delete it when the link is terminated. +.Pp +In some cases it is desirable to use proxy ARP, for example on a +server machine connected to a LAN, in order to allow other hosts to +communicate with the remote host. +The +.Cm proxyarp +option causes +.Nm +to look for a network interface on the same subnet as the remote +host (an interface supporting broadcast and ARP, which is up and not a +point-to-point or loopback interface). +If found, +.Nm +creates a permanent, published ARP entry with the IP address of the remote host +and the hardware address of the network interface found. +.Pp +When the +.Cm demand +option is used, the interface IP addresses have +already been set at the point when IPCP comes up. +If +.Nm +has not been able to negotiate the same addresses that it used to configure +the interface (for example when the peer is an ISP that uses dynamic +IP address assignment), +.Nm +has to change the interface IP addresses to the negotiated addresses. +This may disrupt existing connections, and the use of demand dialling with +peers that do dynamic IP address assignment is not recommended. +.Sh SCRIPTS +.Nm +invokes scripts at various stages in its processing which can be +used to perform site-specific ancillary processing. +These scripts are usually shell scripts, but could be executable code files +instead. +.Nm +does not wait for the scripts to finish. +.\" The scripts are executed as root (with the real and effective user ID set to 0), +.\" so that they can do things such as update routing tables or run +.\" privileged daemons. +.\" Be careful that the contents of these scripts do not compromise your system's +.\" security. +.Nm +runs the scripts with standard input, output and error redirected to +.Pa /dev/null , +and with an environment that is empty except for some environment variables +that give information about the link. +The environment variables that +.Nm +sets are: +.Bl -tag -width "PEERNAME" +.It Ev DEVICE +The name of the serial tty device being used. +.It Ev IFNAME +The name of the network interface being used. +.It Ev IPLOCAL +The IP address for the local end of the link. +This is only set when IPCP has come up. +.It Ev IPREMOTE +The IP address for the remote end of the link. +This is only set when IPCP has come up. +.It Ev PEERNAME +The authenticated name of the peer. +This is only set if the peer authenticates itself. +.It Ev SPEED +The baud rate of the tty device. +.It Ev UID +The real user ID of the user who invoked +.Nm pppd . +.El +.Pp +.Nm +invokes the following scripts, if they exist. +It is not an error if they don't exist. +.Bl -tag -width Ds +.It Pa /etc/ppp/auth-up +A program or script which is executed after the remote system +successfully authenticates itself. +It is executed with the parameters +.Pp +.Ar interface-name peer-name user-name tty-device speed +.Pp +Note that this script is not executed if the peer doesn't authenticate +itself, for example when the +.Cm noauth +option is used. +.It Pa /etc/ppp/auth-down +A program or script which is executed when the link goes down, if +.Pa /etc/ppp/auth-up +was previously executed. +It is executed in the same manner with the same parameters as +.Pa /etc/ppp/auth-up . +.It Pa /etc/ppp/ip-up +A program or script which is executed when the link is available for +sending and receiving IP packets (that is, IPCP has come up). +It is executed with the parameters +.Pp +.Ar interface-name tty-device speed local-IP-address remote-IP-address ipparam +.It Pa /etc/ppp/ip-down +A program or script which is executed when the link is no longer +available for sending and receiving IP packets. +This script can be used for undoing the effects of the +.Pa /etc/ppp/ip-up +script. +It is invoked in the same manner and with the same parameters as the ip-up +script. +.El +.Sh FILES +.Bl -tag -width Ds +.It Pa /etc/ppp/pap-secrets +Usernames, passwords and IP addresses for PAP authentication. +This file should be owned by root and not readable or writable by any other +user. +.Nm +will log a warning if this is not the case. +.It Pa /etc/ppp/chap-secrets +Names, secrets and IP addresses for CHAP authentication. +As for +.Pa /etc/ppp/pap-secrets , +this file should be owned by root and not readable or writable +by any other user. +.Nm +will log a warning if this is not the case. +.It Pa /etc/ppp/options +System default options for +.Nm pppd , +read before user default options or command-line options. +.It Pa ~/.ppprc +User default options, read before +.Pf /etc/ppp/options. Ar ttyname . +.It Pa /etc/ppp/options. Ns Ar ttyname +System default options for the serial port being used, read after +.Pa ~/.ppprc . +In forming the +.Ar ttyname +part of this filename, an initial /dev/ is stripped from the port name (if +present), and any slashes in the remaining part are converted to dots. +.It Pa /etc/ppp/peers +A directory containing options files which may contain privileged +options, even if +.Nm +was invoked by a user other than root. +The system administrator can create options files in this directory to +permit non-privileged users to dial out without requiring the peer to +authenticate, but only to certain trusted peers. +.El +.Sh EXAMPLES +The following examples assume that the +.Pa /etc/ppp/options +file contains the +.Cm auth +option (as in the default +.Pa /etc/ppp/options +file in the PPP distribution). +.Pp +Probably the most common use of +.Nm +is to dial out to an ISP. +This can be done with a command such as +.Pp +.Dl pppd call isp +.Pp +where the +.Pa /etc/ppp/peers/isp +file is set up by the system administrator to contain something like this: +.Bd -literal -offset indent +ttyS0 19200 crtscts +connect '/usr/sbin/chat -v -f /etc/ppp/chat-isp' +noauth +.Ed +.Pp +In this example, we are using chat to dial the ISP's modem and go +through any logon sequence required. +The +.Pa /etc/ppp/chat-isp +file contains the script used by chat; it could for example contain +something like this: +.Bd -literal -offset indent +ABORT "NO CARRIER" +ABORT "NO DIALTONE" +ABORT "ERROR" +ABORT "NO ANSWER" +ABORT "BUSY" +ABORT "Username/Password Incorrect" +"" "at" +OK "at&d0&c1" +OK "atdt2468135" +"name:" "^Umyuserid" +"word:" "\eqmypassword" +"ispts" "\eq^Uppp" +"~-^Uppp-~" +.Ed +.Pp +See the +.Xr chat 8 +man page for details of chat scripts. +.Pp +.Nm +can also be used to provide a dial-in PPP service for users. +If the users already have login accounts, the simplest way to set up the +PPP service is to let the users log in to their accounts and run +.Nm +(installed setuid-root) with a command such as +.Pp +.Dl pppd proxyarp +.Pp +To allow a user to use the PPP facilities, you need to allocate an IP +address for that user's machine and create an entry in +.Pa /etc/ppp/pap-secrets +or +.Pa /etc/ppp/chap-secrets +(depending on which authentication method the PPP implementation on the +user's machine supports), so that the user's +machine can authenticate itself. +For example, if Joe has a machine called +.Qq joespc +which is to be allowed to dial in to the machine called +.Qq server +and use the IP address joespc.my.net, you would add an entry like this to +.Pa /etc/ppp/pap-secrets +or +.Pa /etc/ppp/chap-secrets : +.Pp +.Dl joespc server "joe's secret" joespc.my.net +.Pp +Alternatively, you can create a username called (for example) +.Qq ppp , +whose login shell is +.Nm +and whose home directory is +.Pa /etc/ppp . +Options to be used when +.Nm +is run this way can be put in +.Pa /etc/ppp/.ppprc . +.Pp +If your serial connection is any more complicated than a piece of +wire, you may need to arrange for some control characters to be escaped. +In particular, it is often useful to escape XON (^Q) and +XOFF (^S), using +.Cm asyncmap a0000 . +If the path includes a telnet, you probably should escape ^] as well +.Cm ( asyncmap 200a0000 ) . +If the path includes an rlogin, you will need to use the +.Cm escape ff +option on the end which is running the rlogin client, since many +rlogin implementations are not transparent; they will remove the +sequence (0xff, 0xff, 0x73, 0x73, followed by any 8 bytes) from the stream. +.Sh DIAGNOSTICS +Messages are sent to the +.Xr syslogd 8 +daemon using facility +.Dv LOG_DAEMON . +(This can be overridden by recompiling +.Nm +with the macro +.Dv LOG_PPP +defined as the desired facility.) +See the +.Xr syslogd 8 +documentation for details of where the syslog daemon will write the +messages. +On most systems, the syslog daemon uses the +.Pa /etc/syslog.conf +file to specify the destination(s) for syslog messages. +You may need to edit that file to suit. +.Pp +The +.Cm debug +option causes the contents of all control packets sent +or received to be logged, that is, all LCP, PAP, CHAP or IPCP packets. +This can be useful if the PPP negotiation does not succeed or if +authentication fails. +If debugging is enabled at compile time, the +.Cm debug +option also causes other debugging messages to be logged. +.Pp +Debugging can also be enabled or disabled by sending a SIGUSR1 signal +to the +.Nm +process. +This signal acts as a toggle. +.Sh SEE ALSO +.Xr cua 4 , +.Xr ppp 4 , +.Xr tty 4 , +.Xr chat 8 , +.Xr syslogd 8 , +.Xr tcpdump 8 +.Rs +.%A V. Jacobson +.%D February 1990 +.%R RFC 1144 +.%T Compressing TCP/IP Headers for Low-Speed Serial Links +.Re +.Rs +.%A R. Rivest +.%D April 1992 +.%R RFC 1321 +.%T The MD5 Message-Digest Algorithm +.Re +.Rs +.%A G. McGregor +.%D May 1992 +.%R RFC 1332 +.%T The PPP Internet Protocol Control Protocol (IPCP) +.Re +.Rs +.%A B. Lloyd +.%A W. Simpson +.%D October 1992 +.%R RFC 1334 +.%T PPP Authentication Protocols +.Re +.Rs +.%A W. Simpson +.%D July 1994 +.%R RFC 1661 +.%T The Point-to-Point Protocol (PPP) +.Re +.Rs +.%A W. Simpson +.%D July 1994 +.%R RFC 1662 +.%T PPP in HDLC-like Framing +.Re +.Rs +.%A W. Simpson +.%D August 1996 +.%R RFC 1994 +.%T PPP Challenge Handshake Authentication Protocol (CHAP) +.Re +.Sh NOTES +Some limited degree of control can be exercised over a running +.Nm +process by sending it a signal from the list below. +.Bl -tag -width Ds +.It SIGINT , SIGTERM +These signals cause +.Nm +to terminate the link (by closing LCP), restore the serial device settings, +and exit. +.It SIGHUP +This signal causes +.Nm +to terminate the link, restore the serial device settings, +and close the serial device. +If the +.Cm persist +or +.Cm demand +option has been specified, +.Nm +will try to reopen the serial device and start another connection +(after the holdoff period). +Otherwise +.Nm +will exit. +If this signal is received during the holdoff period, it causes +.Nm +to end the holdoff period immediately. +.It SIGUSR1 +This signal toggles the state of the +.Cm debug +option. +.It SIGUSR2 +This signal causes +.Nm +to renegotiate compression. +This can be useful to re-enable compression after it has been disabled +as a result of a fatal decompression error. +(Fatal decompression errors generally indicate a bug +in one or other implementation.) +.El +.Sh AUTHORS +.An Paul Mackerras Aq Mt Paul.Mackerras@samba.org , +based on earlier work by Drew Perkins, Brad Clements, Karl Fox, Greg Christy, +and Brad Parker. +.Sh BUGS +Scripts should be run as root, +but are not. diff --git a/static/openbsd/man8/pppstats.8 b/static/openbsd/man8/pppstats.8 new file mode 100644 index 00000000..c666ed6d --- /dev/null +++ b/static/openbsd/man8/pppstats.8 @@ -0,0 +1,235 @@ +.\" $OpenBSD: pppstats.8,v 1.12 2013/01/17 21:39:29 jmc Exp $ +.\" +.\" Contributed by Van Jacobson (van@ee.lbl.gov), Dec 31, 1989. +.\" +.\" Copyright (c) 1989, 1990, 1991, 1992 Regents of the University of +.\" California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 17 2013 $ +.Dt PPPSTATS 8 +.Os +.Sh NAME +.Nm pppstats +.Nd report statistics for the specified PPP interface +.Sh SYNOPSIS +.Nm pppstats +.Op Fl adrvz +.Op Fl c Ar count +.Op Fl w Ar wait +.Op Ar interface +.Sh DESCRIPTION +The +.Nm pppstats +utility reports PPP-related statistics at regular intervals for the +specified PPP +.Ar interface . +If the +.Ar interface +is unspecified, it will default to ppp0. +The display is split horizontally +into input and output sections containing columns of statistics +describing the properties and volume of packets received and +transmitted by the interface. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Display absolute values rather than deltas. +If this option is specified with the +.Fl c +and/or +.Fl w +options, the second and subsequent reports (as well as the first) will +show statistics for the time since the link was initiated. +.It Fl c Ar count +Repeat the display +.Ar count +times. +The first display is for the time since the link was initiated +(that is, since the corresponding +.Xr pppd 8 +was started), and each +subsequent report is for the time period since the last display +(unless the +.Fl a +option is specified). +If this option is not specified, the default repeat +.Ar count +is 1 if the +.Fl w +option is not specified, otherwise infinity. +.It Fl d +Display values in terms of data rate (KB/s) rather than in bytes. +.It Fl r +Display additional statistics summarizing the compression ratio +achieved by the packet compression algorithm in use. +.It Fl v +Display additional statistics demonstrating the efficiency of VJ header +compression and provide more explicit information on the operation +of the algorithm. +.It Fl w Ar wait +Pause +.Ar wait +seconds between each display. +.It Fl z +Instead of the standard display, show statistics indicating the +performance of the packet compression algorithm in use. +.El +.Pp +The following fields are printed on the input side when the +.Fl z +option is not used: +.Bl -tag -width search +.It Li IN +The total number of bytes received by this interface. +.It Li PACK +The total number of packets received by this interface. +.It Li VJCOMP +The number of compressed TCP packets received by this interface. +.It Li VJUNC +The number of uncompressed TCP packets received by this interface. +Not reported when the +.Fl r +option is specified. +.It Li VJERR +The number of corrupted or bogus TCP packets received by this interface. +Not reported when the +.Fl r +option is specified. +.It Li VJTOSS +The number of VJ header-compressed TCP packets dropped on reception by +this interface because of preceding errors. +Only reported when the +.Fl v +option is specified. +.It Li NON-VJ +The total number of non-VJ packets received by this interface. +Only reported when the +.Fl v +option is specified. +.It Li RATIO +The compression ratio achieved for received packets by the +packet compression scheme in use, defined as the uncompressed size +divided by the compressed size. +Only reported when the +.Fl r +option is specified. +.It Li UBYTE +The total number of bytes received, after decompression of compressed +packets. +Only reported when the +.Fl r +option is specified. +.El +.Pp +The following fields are printed on the output side: +.Bl -tag -width search +.It Li OUT +The total number of bytes transmitted from this interface. +.It Li PACK +The total number of packets transmitted from this interface. +.It Li VJCOMP +The number of TCP packets transmitted from this interface with +VJ-compressed TCP headers. +.It Li VJUNC +The number of TCP packets transmitted from this interface with +VJ-uncompressed TCP headers. +Not reported when the +.Fl r +option is specified. +.It Li NON-VJ +The total number of non-VJ packets transmitted from this interface. +Not reported when the +.Fl r +option is specified. +.It Li VJSRCH +The number of searches for the cached header entry for a VJ header +compressed TCP packet. +Only reported when the +.Fl v +option is specified. +.It Li VJMISS +The number of failed searches for the cached header entry for a +VJ header compressed TCP packet. +Only reported when the +.Fl v +option is specified. +.It Li RATIO +The compression ratio achieved for transmitted packets by the +packet compression scheme in use, defined as the size +before compression divided by the compressed size. +Only reported when the +.Fl r +option is specified. +.It Li UBYTE +The total number of bytes to be transmitted, before packet compression +is applied. +Only reported when the +.Fl r +option is specified. +.El +.Pp +When the +.Fl z +option is specified, +.Nm +instead displays the following fields, relating to the packet +compression algorithm currently in use. +If packet compression is not in use, these fields will all display zeroes. +The fields displayed on the input side are: +.Bl -tag -width search +.It Li COMPRESSED BYTE +The number of bytes of compressed packets received. +.It Li COMPRESSED PACK +The number of compressed packets received. +.It Li INCOMPRESSIBLE BYTE +The number of bytes of incompressible packets (that is, those which +were transmitted in uncompressed form) received. +.It Li INCOMPRESSIBLE PACK +The number of incompressible packets received. +.It Li COMP RATIO +The recent compression ratio for incoming packets, defined as the +uncompressed size divided by the compressed size (including both +compressible and incompressible packets). +.El +.Pp +The fields displayed on the output side are: +.Bl -tag -width search +.It Li COMPRESSED BYTE +The number of bytes of compressed packets transmitted. +.It Li COMPRESSED PACK +The number of compressed packets transmitted. +.It Li INCOMPRESSIBLE BYTE +The number of bytes of incompressible packets transmitted (that is, +those which were transmitted in uncompressed form). +.It Li INCOMPRESSIBLE PACK +The number of incompressible packets transmitted. +.It Li COMP RATIO +The recent compression ratio for outgoing packets. +.El +.Sh SEE ALSO +.Xr pppd 8 diff --git a/static/openbsd/man8/pstat.8 b/static/openbsd/man8/pstat.8 new file mode 100644 index 00000000..927dd0cd --- /dev/null +++ b/static/openbsd/man8/pstat.8 @@ -0,0 +1,388 @@ +.\" $OpenBSD: pstat.8,v 1.60 2021/10/20 06:35:40 semarie Exp $ +.\" $NetBSD: pstat.8,v 1.9.4.1 1996/06/02 09:08:17 mrg Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993, 1994 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)pstat.8 8.4 (Berkeley) 4/19/94 +.\" +.Dd $Mdocdate: October 20 2021 $ +.Dt PSTAT 8 +.Os +.Sh NAME +.Nm pstat +.Nd display system data structures +.Sh SYNOPSIS +.Nm pstat +.Op Fl fknsTtv +.Op Fl M Ar core +.Op Fl N Ar system +.Op Fl d Ar format symbol ... +.Sh DESCRIPTION +.Nm +displays open file entry, swap space utilization, +terminal state, and vnode data structure information. +If +.Ar core +is given, the information is sought there, otherwise +in the running kernel via +.Pa /dev/kmem . +The required namelist is taken from the running kernel unless +.Ar system +is specified. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar format symbol ... +Print the values of +.Ar symbol +using the specified format. +.Ar format +is a +.Xr printf 3 Ns -style +format, without the leading percent or precision specifiers, +such as +.Ar s , +.Ar p , +or +.Ar llx . +Symbol names are read from the remaining command line arguments. +Addresses may also be specified in hex. +.Pp +The +.Fl d +option requires the ability to open +.Pa /dev/kmem +which may be restricted based upon the value of the +.Ar kern.allowkmem +.Xr sysctl 8 . +.It Fl f +Print the open file table with these headings: +.Bl -tag -width indent +.It LOC +The core location of this table entry. +.It TYPE +The type of object the file table entry points to. +.It FLG +Miscellaneous state variables encoded thus: +.Pp +.Bl -tag -width indent -compact +.It R +open for reading +.It W +open for writing +.It A +open for appending +.It L +exclusive or shared lock present +.It I +signal pgrp when data ready +.El +.It CNT +Number of processes that know this open file. +.It MSG +Number of messages outstanding for this file. +.It DATA +The location of the vnode table entry or socket structure for this file. +.It OFFSET +The file offset (see +.Xr lseek 2 ) . +This information is only visible to the user or superuser. +.El +.It Fl k +Use 1K-byte blocks. +.It Fl M Ar core +Extract values associated with the name list from the specified core +instead of the running kernel. +.It Fl N Ar system +Extract the name list from the specified system +instead of the running kernel. +.It Fl n +Print devices by major/minor number rather than by name. +.It Fl s +Print information about swap space usage on all the +swap areas compiled into the kernel. +The first column is the device name of the partition. +The next column is the total space available in the partition. +The +.Ar Used +column indicates the total blocks used so far; +the +.Ar Available +column indicates how much space is remaining on each partition. +The +.Ar Capacity +reports the percentage of space used. +.Pp +If more than one partition is configured into the system, totals for all +of the statistics will be reported in the final line of the report. +.It Fl T +Prints the number of used and free slots for open files, used vnodes, and swap +space. +It is useful for checking to see how large system tables become +if the system is under heavy load. +.It Fl t +Print table for terminals +with these headings: +.Bl -tag -width indent +.It LINE +Physical device name. +.It RAW +Number of characters in raw input queue. +.It CAN +Number of characters in canonicalized input queue. +.It OUT +Number of characters in output queue. +.It HWT +High water mark for output. +.It LWT +Low water mark for output. +.It COL +Calculated column position of terminal. +.It STATE +Miscellaneous state variables encoded thus: +.Pp +.Bl -tag -width indent -compact +.It W +waiting for open to complete +.It O +open +.It C +carrier is on +.It T +delay timeout in progress +.It F +outq has been flushed during DMA +.It B +busy doing output +.It A +process is awaiting output +.It X +open for exclusive use +.It S +output stopped +.It K +further input blocked +.It Y +tty in async I/O mode +.It D +next character is escaped lowercase special +.It E +printing erase sequence +.It L +next character is literal +.It P +retyping suspended input +.It N +counting tab width, ignoring output flush +.El +.It SESS +Enclosing session. +.It PGID +Process group for which this is controlling terminal. +.It DISC +Line discipline: +.Ql term +for +TTYDISC (see +.Xr termios 4 ) , +.Ql ppp +for PPPDISC (see +.Xr ppp 4 ) +and +.Ql nmea +for NMEADISC (see +.Xr nmea 4 ) . +.El +.It Fl v +Print the active vnodes. +Each group of vnodes corresponding +to a particular filesystem is preceded by a two line header. +The first line consists of the following: +.Pp +.No *** MOUNT Em fstype from +on +.Em on fsflags +.Pp +where +.Em fstype +is one of the file systems supported by the kernel; +.Em from +is the partition the filesystem is mounted from; +.Em on +is the directory +the filesystem is mounted on; and +.Em fsflags +is a list +of optional flags applied to the mount (see +.Xr mount 8 ) . +The second line is a header for the individual fields, +the first part of which are fixed, and the second part are filesystem +type specific. +The headers common to all vnodes are: +.Bl -tag -width indent +.It ADDR +Location of this vnode. +.It TYP +File type. +.It VFLAG +A list of letters representing vnode flags: +.Pp +.Bl -tag -width indent -compact +.It R +VROOT root of its file system. +.It T +VTEXT pure text prototype. +.It S +VSYSTEM vnode being used by kernel. +.It I +VISTTY vnode represents a tty. +.It L +VXLOCK locked to change underlying type. +.It W +VXWANT process is waiting for vnode. +.It B +VBWAIT waiting for output to complete. +.It A +VALIASED vnode has an alias. +.It F +VONFREELIST vnode is on a free list. +.It l +VLOCKSWORK FS supports locking discipline. +.It s +VONSYNCLIST vnode is on syncer worklist. +.El +.It USE +The number of references to this vnode. +.It HOLD +The number of I/O buffers held by this vnode. +.It FILEID +The vnode fileid. +In the case of +.Em ffs +this is the inode number. +.It IFLAG +Miscellaneous filesystem specific state variables encoded thus: +.Bl -tag -width indent +.It "For ffs:" +.Bl -tag -width indent -compact +.It A +access time must be corrected +.It C +changed time must be corrected +.It U +modification time must be corrected +.It R +has a rename in progress +.It M +contains modifications +.It m +contains lazy modifications +.It S +shared lock applied +.It E +exclusive lock applied +.El +.It "For nfs:" +.Bl -tag -width indent -compact +.It W +waiting for I/O buffer flush to complete +.It P +I/O buffers being flushed +.It M +locally modified data exists +.It E +an earlier write failed +.It X +non-cacheable lease (nqnfs) +.It O +write lease (nqnfs) +.It G +lease was evicted (nqnfs) +.It A +special file accessed +.It U +special file updated +.It C +special file times changed +.El +.El +.It SIZ/RDEV +Number of bytes in an ordinary file, or +major and minor device of special file. +.El +.Pp +The +.Fl v +option requires the ability to open +.Pa /dev/kmem +which may be restricted based upon the value of the +.Ar kern.allowkmem +.Xr sysctl 8 . +.El +.Sh ENVIRONMENT +.Bl -tag -width BLOCKSIZE +.It Ev BLOCKSIZE +If the environment variable +.Ev BLOCKSIZE +is set, and the +.Fl k +option is not specified, the block counts will be displayed in units of that +size block. +.El +.Sh SEE ALSO +.Xr fstat 1 , +.Xr netstat 1 , +.Xr procmap 1 , +.Xr ps 1 , +.Xr systat 1 , +.Xr tcpbench 1 , +.Xr top 1 , +.Xr stat 2 , +.Xr printf 3 , +.Xr fs 5 , +.Xr iostat 8 , +.Xr vmstat 8 +.Rs +.%T UNIX Implementation +.%A Ken Thompson +.%J Bell System Technical Journal +.%V Volume 57 +.%N Number 6 +.%D 1978 +.%P pp. 1931\(en1946 +.Re +.Sh HISTORY +The +.Nm +command appeared in +.At v7 . +.Sh BUGS +Swap statistics are reported for all swap partitions compiled into the kernel, +regardless of whether those partitions are being used. +.Pp +Does not understand NFS swap servers. diff --git a/static/openbsd/man8/pwd_mkdb.8 b/static/openbsd/man8/pwd_mkdb.8 new file mode 100644 index 00000000..b65c64e3 --- /dev/null +++ b/static/openbsd/man8/pwd_mkdb.8 @@ -0,0 +1,164 @@ +.\" $OpenBSD: pwd_mkdb.8,v 1.29 2022/03/31 17:27:31 naddy Exp $ +.\" +.\" Copyright (c) 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)pwd_mkdb.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt PWD_MKDB 8 +.Os +.Sh NAME +.Nm pwd_mkdb +.Nd generate the password databases +.Sh SYNOPSIS +.Nm pwd_mkdb +.Op Fl c +.Op Fl p | s +.Op Fl d Ar directory +.Op Fl u Ar username +.Ar file +.Sh DESCRIPTION +.Nm +creates a pair of Berkeley databases from +.Ar file +and installs them into +.Pa /etc/spwd.db +and +.Pa /etc/pwd.db . +The +.Ar file +argument is renamed to +.Pa /etc/master.passwd . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c +Check whether +.Ar file +is in the correct format. +Do not change, add, or remove any files. +.It Fl d Ar directory +Operate in a base directory other than the default of +.Pa /etc . +All absolute paths (including +.Ar file ) +will be made relative to +.Ar directory . +Any directories specified as a part of +.Ar file +will be stripped off. +This option is used to create password databases in directories +other than +.Pa /etc ; +for instance in a +.Xr chroot 8 +jail. +.It Fl p +Also create a legacy password file and install it into +.Pa /etc/passwd . +.It Fl s +Only update the secure version of the database. +This is most commonly used in conjunction with the +.Fl u +flag during a password change. +Because the insecure database doesn't contain the password, there +is no reason to update it if the only change is in the password field. +Cannot be used in conjunction with the +.Fl p +flag. +.It Fl u Ar username +Only update the record for the specified user. +Utilities that operate on a single user can use this option to avoid the +overhead of rebuilding the entire database. +This option must never be used if the line number of the user's record in +.Pa /etc/master.passwd +has changed. +.It Ar file +The absolute path to a file in +.Xr master.passwd 5 +format. +.El +.Pp +The two databases differ in that the secure version contains the user's +encrypted password and the insecure version has an asterisk +.Pq Sq \&* . +.Pp +The databases are used by the C library password routines (see +.Xr getpwent 3 ) . +.Sh FILES +.Bl -tag -width /etc/master.passwd -compact +.It Pa /etc/master.passwd +current password file +.It Pa /etc/passwd +legacy password file +.It Pa /etc/pwd.db +insecure password database file +.It Pa /etc/pwd.db.tmp +temporary file +.It Pa /etc/spwd.db +secure password database file +.It Pa /etc/spwd.db.tmp +temporary file +.El +.Sh EXIT STATUS +.Ex -std +.Sh SEE ALSO +.Xr chpass 1 , +.Xr passwd 1 , +.Xr dbopen 3 , +.Xr getpwent 3 , +.Xr passwd 5 , +.Xr vipw 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.3 Net/2 . +.Sh AUTHORS +.An Keith Bostic +.Sh BUGS +Because of the necessity for atomic update of the password files, +.Nm +uses +.Xr rename 2 +to install them. +This, however, requires that the file specified on the command line live +on the same file system as the +.Pa /etc +directory. +.Pp +There are the obvious races with multiple people running +.Nm +on different password files at the same time. +The front-ends to +.Nm pwd_mkdb , +.Xr chpass 1 , +.Xr passwd 1 , +and +.Xr vipw 8 +handle the locking necessary to avoid this problem. diff --git a/static/openbsd/man8/pxeboot.8 b/static/openbsd/man8/pxeboot.8 new file mode 100644 index 00000000..fb88de72 --- /dev/null +++ b/static/openbsd/man8/pxeboot.8 @@ -0,0 +1,182 @@ +.\" $OpenBSD: pxeboot.8,v 1.15 2025/06/14 10:06:11 kn Exp $ +.\" Copyright (c) 2004 Tom Cosgrove +.\" Copyright (c) 2003 Matthias Drochner +.\" Copyright (c) 1999 Doug White +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 14 2025 $ +.Dt PXEBOOT 8 amd64 +.Os +.Sh NAME +.Nm pxeboot +.Nd amd64-specific second-stage PXE bootstrap +.Sh DESCRIPTION +.Nm +is a modified version of the amd64 second-stage bootstrap program, +.Xr boot 8 , +configured to run under Intel's Preboot Execution Environment (PXE). +PXE is a form of smart boot ROM, built into many Ethernet cards from Intel, +3Com, and other manufacturers. +.Pp +The computer's PXE boot ROM contacts a DHCP server by broadcasting a request +on the network. +It gets an IP address from the DHCP server, +then it is told the name of the boot program to download \(em +in this case, the boot program is +.Nm . +The ROM downloads the boot program using TFTP, then executes it. +.Pp +The +.Nm +boot program will look for an +.Pa /etc/boot.conf +configuration +file on the TFTP server. +If it finds one, it processes the commands within it. +.Pa boot.conf +processing can be skipped by holding down either Control key as +.Nm +starts. +.Pp +.Nm +then sits in a loop, +processing commands given by the user. +It accepts all the commands accepted by +.Xr boot 8 . +.Pp +If no commands are given for a short time, +.Nm +will then attempt to load the +.Ox +kernel +.Pa bsd +via TFTP. +It may be told to boot an alternative kernel, +either by commands in the +.Pa boot.conf +file, +or by commands typed by the user at the +.Ic boot\*(Gt +prompt. +.Nm +can be used for +.Xr diskless 8 +setups or to load the +.Pa bsd.rd +install kernel +for network installs. +.Pp +To prepare a server to support network booting, +the +.Xr dhcpd 8 +and +.Xr tftpd 8 +services should be enabled and configured. +.Pp +.Nm +and the kernel should be copied into the TFTP server's root directory +(typically +.Pa /tftpboot ) . +A +.Pa boot.conf +file may be created if required +(e.g.\& +.Pa /tftpboot/etc/boot.conf ) . +.Pp +A sample configuration file for +.Xr dhcpd 8 +might be as follows: +.Bd -literal -offset indent +option domain-name "example.com"; +option routers 10.0.0.1; +option subnet-mask 255.255.255.0; +option broadcast-address 10.0.0.255; +option domain-name-servers 10.0.0.1; +server-name "DHCPserver"; +server-identifier 10.0.0.1; +next-server 10.0.0.1; + +default-lease-time 120; +max-lease-time 120; + +subnet 10.0.0.0 netmask 255.255.255.0 { + filename "pxeboot"; + range 10.0.0.10 10.0.0.254; +} +.Ed +.Pp +Since amd64 systems boot up as i386 systems, +their PXE ROMs typically set the PXE client system architecture +to be the same as for i386. +This means that the DHCP option +.Ic vendor-class-identifier +cannot, therefore, be used to distinguish between i386 and amd64 systems. +.Pp +Instead, the client machine identifier (UUID) or +hardware Ethernet address (MAC) should be used. +See +.Xr dhcpd 8 +and +.Xr dhcpd.conf 5 +for more information. +.Sh FILES +.Bl -tag -width /usr/mdec/pxebootxx -compact +.It Pa /usr/mdec/pxeboot +PXE-specific second-stage bootstrap +.It Pa /etc/boot.conf +.Nm +configuration file (read from TFTP server) +.It Pa /etc/dhcpd.conf +DHCPD configuration file +.It Pa /tftpboot +Typical root directory for +.Xr tftpd 8 +.El +.Sh EXAMPLES +Boot the install kernel: +.Pp +.Dl boot\*(Gt bsd.rd +.Pp +The same thing: +.Pp +.Dl boot\*(Gt boot tftp:bsd.rd +.Sh SEE ALSO +.Xr dhcpd.conf 5 , +.Xr boot 8 , +.Xr boot_amd64 8 , +.Xr dhcpd 8 , +.Xr diskless 8 , +.Xr tftpd 8 +.Sh STANDARDS +.Rs +.%T Preboot Execution Environment (PXE) Specification +.%N Version 2.1 +.%D September 20, 1999 +.%A Intel Corporation +.Re +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 3.5 . diff --git a/static/openbsd/man8/quot.8 b/static/openbsd/man8/quot.8 new file mode 100644 index 00000000..f03b45ba --- /dev/null +++ b/static/openbsd/man8/quot.8 @@ -0,0 +1,106 @@ +.\" $OpenBSD: quot.8,v 1.14 2017/09/05 15:09:06 schwarze Exp $ +.\" +.\" Copyright (C) 1994 Wolfgang Solfrank. +.\" Copyright (C) 1994 TooLs GmbH. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by TooLs GmbH. +.\" 4. The name of TooLs GmbH may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 5 2017 $ +.Dt QUOT 8 +.Os +.Sh NAME +.Nm quot +.Nd display disk space occupied by each user +.Sh SYNOPSIS +.Nm quot +.Op Fl acfhknv +.Op Ar filesystem ... +.Sh DESCRIPTION +.Nm +is used to gather statistics about the disk usage for each local user. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Include statistics for all mounted filesystems. +.It Fl c +Display three columns containing number of blocks per file, +number of files in this category, and aggregate total of +blocks in files with this or lower size. +.It Fl f +For each user, display count of files and space occupied. +.It Fl h +Estimate the number of blocks in each file based on its size. +Despite that this doesn't give the correct results (it doesn't +account for the holes in files), this option isn't any faster +and thus is discouraged. +.It Fl k +By default, all sizes are reported in 512-byte block counts. +The +.Fl k +options causes the numbers to be reported in kilobyte counts. +.It Fl n +Given a list of inodes (plus some optional data on each line) +in the standard input, for each file print out the owner (plus +the remainder of the input line). +This is traditionally used in the pipe: +.Bd -literal -offset indent +# ncheck filesystem | sort -n | quot -n filesystem +.Ed +.Pp +to get a report of files and their owners. +.It Fl v +In addition to the default output, display the number of files +not accessed within 30, 60 and 90 days. +.El +.Sh ENVIRONMENT +.Bl -tag -width BLOCKSIZE +.It Ev BLOCKSIZE +If the environment variable +.Ev BLOCKSIZE +is set, and the +.Fl k +option is not specified, the block counts will be displayed in units of that +size block. +.El +.\".Sh BUGS +.Sh SEE ALSO +.Xr df 1 , +.Xr quota 1 , +.Xr getmntinfo 3 , +.Xr fstab 5 , +.Xr mount 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.At v7 . +.Sh AUTHORS +The current version was written by +.An Wolfgang Solfrank Aq Mt ws@netbsd.org +for +.Nx 1.0 . diff --git a/static/openbsd/man8/quotacheck.8 b/static/openbsd/man8/quotacheck.8 new file mode 100644 index 00000000..e192653e --- /dev/null +++ b/static/openbsd/man8/quotacheck.8 @@ -0,0 +1,158 @@ +.\" $OpenBSD: quotacheck.8,v 1.15 2009/08/15 18:46:12 sobrado Exp $ +.\" $NetBSD: quotacheck.8,v 1.4 1995/03/18 14:59:20 cgd Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Robert Elz at The University of Melbourne. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)quotacheck.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd $Mdocdate: August 15 2009 $ +.Dt QUOTACHECK 8 +.Os +.Sh NAME +.Nm quotacheck +.Nd filesystem quota consistency checker +.Sh SYNOPSIS +.Nm quotacheck +.Op Fl adguv +.Op Fl l Ar maxparallel +.Ar filesystem ... +.Sh DESCRIPTION +.Nm +examines each filesystem, +builds a table of current disk usage, +and compares this table against that recorded +in the disk quota file for the filesystem. +If any inconsistencies are detected, both the +quota file and the current system copy of the +incorrect quotas are updated (the latter only +occurs if an active filesystem is checked). +By default, both user and group quotas are checked. +.Pp +Available options: +.Bl -tag -width Ds +.It Fl a +If the +.Fl a +flag is supplied in place of any filesystem names, +.Nm +will check all the filesystems indicated in +.Pa /etc/fstab +to be read-write with disk quotas. +By default, only the types of quotas listed in +.Pa /etc/fstab +are checked. +.It Fl d +Enable debugging mode. +No actual data will be written on disk(s). +.It Fl g +Only group quotas listed in +.Pa /etc/fstab +are to be checked. +.It Fl l Ar maxparallel +Limit the number of parallel checks to the number +.Ar maxparallel +specified in the argument (see +.Xr fsck 8 ) . +.It Fl u +Only user quotas listed in +.Pa /etc/fstab +are to be checked. +.It Fl v +.Nm +reports discrepancies between the +calculated and recorded disk quotas. +.El +.Pp +Specifying both +.Fl g +and +.Fl u +is equivalent to the default. +Parallel passes are run on the filesystems required, +using the pass numbers in +.Pa /etc/fstab +in an identical fashion to +.Xr fsck 8 . +.Pp +Normally +.Nm +operates silently. +.Pp +.Nm +expects each filesystem to be checked to have +quota files named +.Pa quota.user +and +.Pa quota.group +located at the root of the associated file system. +These defaults may be overridden in +.Pa /etc/fstab . +If a file is not present, +.Nm +will create it. +.Pp +.Nm +is normally run at boot time from the +.Pa /etc/rc +file +.Pq see Xr rc 8 +before enabling disk quotas with +.Xr quotaon 8 . +.Pp +.Nm +accesses the raw device in calculating the actual +disk usage for each user. +Thus, the filesystems +checked should be quiescent while +.Nm +is running. +.Sh FILES +.Bl -tag -width quota.group -compact +.It Pa quota.user +at the filesystem root with user quotas +.It Pa quota.group +at the filesystem root with group quotas +.It Pa /etc/fstab +default filesystems +.El +.Sh SEE ALSO +.Xr quota 1 , +.Xr quotactl 2 , +.Xr fstab 5 , +.Xr edquota 8 , +.Xr fsck 8 , +.Xr quotaon 8 , +.Xr repquota 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/quotaon.8 b/static/openbsd/man8/quotaon.8 new file mode 100644 index 00000000..7133d654 --- /dev/null +++ b/static/openbsd/man8/quotaon.8 @@ -0,0 +1,126 @@ +.\" $OpenBSD: quotaon.8,v 1.8 2007/05/31 19:20:28 jmc Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Robert Elz at The University of Melbourne. +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)quotaon.8 8.2 (Berkeley) 12/11/93 +.\" $Id: quotaon.8,v 1.8 2007/05/31 19:20:28 jmc Exp $ +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt QUOTAON 8 +.Os +.Sh NAME +.Nm quotaon , +.Nm quotaoff +.Nd turn filesystem quotas on and off +.Sh SYNOPSIS +.Nm quotaon +.Op Fl aguv +.Ar filesystem ... +.Nm quotaoff +.Op Fl aguv +.Ar filesystem ... +.Sh DESCRIPTION +.Nm quotaon +announces to the system that disk quotas should be enabled on one or more +filesystems. +.Nm quotaoff +announces to the system that the specified +filesystems should have any disk quotas +turned off. +The filesystems specified must have entries in +.Pa /etc/fstab +and be mounted. +.Nm quotaon +expects each filesystem to have quota files named +.Pa quota.user +and +.Pa quota.group +which are located at the root of the associated file system. +These defaults may be overridden in +.Pa /etc/fstab . +By default both user and group quotas are enabled. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +If the +.Fl a +flag is supplied in place of any filesystem names, +.Nm quotaon Ns / Ns Nm quotaoff +will enable/disable all the filesystems indicated in +.Pa /etc/fstab +to be read-write with disk quotas. +By default only the types of quotas listed in +.Pa /etc/fstab +are enabled. +.It Fl g +Only group quotas listed in +.Pa /etc/fstab +should be enabled/disabled. +.It Fl u +Only user quotas listed in +.Pa /etc/fstab +should be enabled/disabled. +.It Fl v +Causes +.Nm quotaon +and +.Nm quotaoff +to print a message for each filesystem where quotas are turned on or off. +.El +.Pp +Specifying both +.Fl g +and +.Fl u +is equivalent to the default. +.Sh FILES +.Bl -tag -width quota.group -compact +.It Pa quota.user +at the filesystem root with user quotas +.It Pa quota.group +at the filesystem root with group quotas +.It Pa /etc/fstab +filesystem table +.El +.Sh SEE ALSO +.Xr quota 1 , +.Xr quotactl 2 , +.Xr fstab 5 , +.Xr edquota 8 , +.Xr quotacheck 8 , +.Xr repquota 8 +.Sh HISTORY +The +.Nm quotaon +and +.Nm quotaoff +commands appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/ractl.8 b/static/openbsd/man8/ractl.8 new file mode 100644 index 00000000..0d080747 --- /dev/null +++ b/static/openbsd/man8/ractl.8 @@ -0,0 +1,69 @@ +.\" $OpenBSD: ractl.8,v 1.1 2018/07/10 22:12:43 florian Exp $ +.\" +.\" Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 10 2018 $ +.Dt RACTL 8 +.Os +.Sh NAME +.Nm ractl +.Nd control the rad daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr rad 8 +daemon. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/rad.sock +to communicate with +.Xr rad 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm reload +Reload the configuration file. +.El +.Sh FILES +.Bl -tag -width "/var/run/rad.sockXX" -compact +.It Pa /var/run/rad.sock +.Ux Ns -domain +socket used for communication with +.Xr rad 8 . +.El +.Sh SEE ALSO +.Xr rad.conf 5 , +.Xr rad 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.4 . diff --git a/static/openbsd/man8/rad.8 b/static/openbsd/man8/rad.8 new file mode 100644 index 00000000..bc728317 --- /dev/null +++ b/static/openbsd/man8/rad.8 @@ -0,0 +1,153 @@ +.\" $OpenBSD: rad.8,v 1.7 2022/10/15 13:26:15 florian Exp $ +.\" +.\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> +.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 15 2022 $ +.Dt RAD 8 +.Os +.Sh NAME +.Nm rad +.Nd router advertisement daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is an IPv6 router advertisement daemon. +It periodically sends IPv6 router advertisement messages with prefix +and default router information. +Clients like +.Xr slaacd 8 +use these to configure IPv6 addresses on network interfaces and set default +routes. +Additionally it listens for IPv6 router solicitation messages and responds +with router advertisements. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable rad , +which sets +.Pp +.Dl rad_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +A running +.Nm +can be controlled with the +.Xr ractl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/rad.sockXX" -compact +.It Pa /etc/rad.conf +Default +.Nm +configuration file. +.It Pa /var/run/rad.sock +.Ux Ns -domain +socket used for communication with +.Xr ractl 8 . +.El +.Sh SEE ALSO +.Xr rad.conf 5 , +.Xr ractl 8 , +.Xr slaacd 8 +.Sh STANDARDS +.Rs +.%A R. Draves +.%A D. Thaler +.%D November 2005 +.%R RFC 4191 +.%T Default Router Preferences and More-Specific Routes +.Re +.Pp +.Rs +.%A R. Hinden +.%A S. Deering +.%D February 2006 +.%R RFC 4291 +.%T IP Version 6 Addressing Architecture +.Re +.Pp +.Rs +.%A T. Narten +.%A E. Nordmark +.%A W. Simpson +.%A H. Soliman +.%D September 2007 +.%R RFC 4861 +.%T Neighbor Discovery for IP version 6 (IPv6) +.Re +.Pp +.Rs +.%A A. Yourtchenko +.%A L. Colitti +.%D February 2016 +.%R RFC 7772 +.%T Reducing Energy Consumption of Router Advertisements +.Re +.Pp +.Rs +.%A J. Jeong +.%A S. Park +.%A L. Beloeil +.%A S. Madanapalli +.%D March 2017 +.%R RFC 8106 +.%T IPv6 Router Advertisement Options for DNS Configuration +.Re +.Pp +.Rs +.%A L. Colitti +.%A J. Linkova +.%D April 2020 +.%R RFC 8781 +.%T Discovering PREF64 in Router Advertisements +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.4 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Florian Obser Aq Mt florian@openbsd.org . diff --git a/static/openbsd/man8/radiusctl.8 b/static/openbsd/man8/radiusctl.8 new file mode 100644 index 00000000..43bb8763 --- /dev/null +++ b/static/openbsd/man8/radiusctl.8 @@ -0,0 +1,138 @@ +.\" $OpenBSD: radiusctl.8,v 1.10 2024/09/15 05:26:05 yasuoka Exp $ +.\" +.\" Copyright (c) YASUOKA Masahiko <yasuoka@yasuoka.net> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" +.Dd $Mdocdate: September 15 2024 $ +.Dt RADIUSCTL 8 +.Os +.Sh NAME +.Nm radiusctl +.Nd control the RADIUS protocol daemon +.Sh SYNOPSIS +.Nm +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +utility controls the +.Xr radiusd 8 +daemon. +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Xo +.Cm test +.Ar hostname +.Ar radius_secret +.Ar user_name +.Op options +.Xc +Sends a RADIUS authentication request packet and shows the result. +The request is for the user specified by +.Ar user_name +and sent to the RADIUS server specified by +.Ar hostname . +.Ar radius_secret +is the shared secret with the server. +The options are as follows: +.Bl -tag -width Ds +.It Cm interval Ar seconds +Specifies how many seconds to wait before resending a packet. +The default is 2. +.It Cm maxwait Ar seconds +Specifies the maximum amount of time to wait for a valid reply packet. +The default is 8. +.It Cm method Ar method +Use +.Ar method +for authentication. +It can be either +.Cm pap , +.Cm chap , +or +.Cm mschapv2 . +If this option is omitted, +.Cm pap +is used. +.It Cm nas-port Ar nas-port +Specify an integer value for the NAS-Port attribute in the packet. +If this option is omitted, 0 is used. +.It Cm password Ar password +Use +.Ar password +for +.Ar user_name . +.It Cm port Ar port +Use +.Ar port +when sending a packet to +.Ar hostname . +If the port is omitted, +the default port number 1812 is used. +.It Cm tries Ar number +Specifies the number of packets to try sending. +The default is 3. +.It Cm msgauth Ar yes | no +Specifies if Message-Authenticator is given for the access request packet. +The default is yes. +.El +.It Cm ipcp show +Show all ipcp sessions in the database of +.Xr radiusd_ipcp 8 +briefly. +.It Cm ipcp dump Op Cm -json +Dump all ipcp sessions in the database of +.Xr radiusd_ipcp 8 . +When +.Cm -json +is specified, +.Nm +shows the sessions in JSON format. +.It Cm ipcp monitor Op Cm -json +Monitor the database of +.Xr radiusd_ipcp 8 , +show newly created sessions and deleted sessions. +When +.Cm -json +is specified, +.Nm +shows the sessions in JSON format. +.It Cm ipcp disconnect Ar sequence +Request to disconnect the session specified by the +.Ar sequence . +.It Cm ipcp delete Ar sequence +Request to delete the session specified by the +.Ar sequence +without requesting disconnection. +.El +.Sh EXAMPLES +.Bd -literal -offset indent +(show all sessions) +$ doas radiusctl ipcp show +Seq Assigned Username Start Tunnel From +--- --------------- ---------------------- -------- ------------------------- + 21 192.168.1.99 mifune@example.jp 11:35AM 203.0.113.32:34859 + 22 192.168.1.103 nakadai@example.jp 11:56AM 192.0.2.4:61794 +$ + +(disconnect Nakadai's session) +$ doas radiusctl ipcp disconnect 22 +$ +.Ed +.Sh SEE ALSO +.Xr radiusd 8 , +.Xr radiusd_ipcp 8 diff --git a/static/openbsd/man8/radiusd.8 b/static/openbsd/man8/radiusd.8 new file mode 100644 index 00000000..31751c80 --- /dev/null +++ b/static/openbsd/man8/radiusd.8 @@ -0,0 +1,78 @@ +.\" $OpenBSD: radiusd.8,v 1.9 2019/11/10 20:51:53 landry Exp $ +.\" +.\" Copyright (c) 2013 Internet Initiative Japan Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 10 2019 $ +.Dt RADIUSD 8 +.Os +.Sh NAME +.Nm radiusd +.Nd Remote Authentication Dial In User Service (RADIUS) daemon +.Sh SYNOPSIS +.Nm radiusd +.Op Fl dn +.Op Fl f Ar file +.Sh DESCRIPTION +The +.Nm +daemon implements the RADIUS protocol. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable radiusd , +which sets +.Pp +.Dl radiusd_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize, log to +.Dv stderr +instead of +.Xr syslog 3 , +and produce some additional debugging output. +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.El +.Sh FILES +.Bl -tag -width "/etc/radiusd.confXX" -compact +.It Pa /etc/radiusd.conf +Default configuration file. +.El +.Sh SEE ALSO +.Xr radiusd.conf 5 , +.Xr radiusctl 8 , +.Xr rc.conf 8 +.Sh STANDARDS +.Rs +.%R RFC 2865 +.%T "Remote Authentication Dial In User Service (RADIUS)" +.%D June 2000 +.Re +.Sh HISTORY +The +.Nm +daemon first appeared in +.Ox 5.8 . +.Sh AUTHORS +.An YASUOKA Masahiko Aq Mt yasuoka@openbsd.org diff --git a/static/openbsd/man8/radiusd_bsdauth.8 b/static/openbsd/man8/radiusd_bsdauth.8 new file mode 100644 index 00000000..d7238845 --- /dev/null +++ b/static/openbsd/man8/radiusd_bsdauth.8 @@ -0,0 +1,61 @@ +.\" $OpenBSD: radiusd_bsdauth.8,v 1.3 2024/08/04 03:56:57 yasuoka Exp $ +.\" +.\" Copyright (c) 2014 Esdenera Networks GmbH +.\" Copyright (c) 2014, 2024 Internet Initiative Japan Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The following requests are required for all man pages. +.\" +.Dd $Mdocdate: August 4 2024 $ +.Dt RADIUSD_BSDAUTH 8 +.Os +.Sh NAME +.Nm radiusd_bsdauth +.Nd provide authentication by BSD authentication system +.Sh SYNOPSIS +.Nm radiusd_bsdauth +.Sh DESCRIPTION +The +.Nm +utility is executed by +.Xr radiusd 8 +as a module to provide authentication from the local system's +.Xr authenticate 3 +interface, +known as +.Dq bsd auth . +It only supports PAP, password based authentication. +.Sh CONFIGURATIONS +The +.Nm +supports the following configuration key and value: +.Bl -tag -width Ds +.It Ic restrict-group Ar group ... +Restrict login only if the user is a member of the specified groups. +.El +.Sh FILES +.Bl -tag -width "/usr/libexec/radiusd/radiusd_bsdauth" -compact +.It Pa /usr/libexec/radiusd/radiusd_bsdauth +.Dq bsdauth +module executable. +.El +.Sh SEE ALSO +.Xr authenticate 3 , +.Xr radiusd.conf 5 , +.Xr radiusd 8 +.Sh HISTORY +The +.Nm +module first appeared in +.Ox 5.8 . diff --git a/static/openbsd/man8/radiusd_eap2mschap.8 b/static/openbsd/man8/radiusd_eap2mschap.8 new file mode 100644 index 00000000..3bd9f3cd --- /dev/null +++ b/static/openbsd/man8/radiusd_eap2mschap.8 @@ -0,0 +1,87 @@ +.\" $OpenBSD: radiusd_eap2mschap.8,v 1.4 2024/08/04 05:18:28 jmc Exp $ +.\" +.\" Copyright (c) 2024 Internet Initiative Japan Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The following requests are required for all man pages. +.\" +.Dd $Mdocdate: August 4 2024 $ +.Dt RADIUSD_EAP2MSCHAP 8 +.Os +.Sh NAME +.Nm radiusd_eap2mschap +.Nd provides conversion from EAP-MSCHAPv2 to MSCHAPv2 +.Sh SYNOPSIS +.Nm radiusd_eap2mschap +.Sh DESCRIPTION +The +.Nm +module is executed by +.Xr radiusd 8 +as an +.Dq authentication-filter +module to provide conversion from EAP-MSCHAPv2 authentication messages to +MS-CHAPv2 authentication messages. +.Sh CONFIGURATIONS +The +.Nm +module supports the following configuration key and value: +.Bl -tag -width Ds +.It Ic chap-name Ar name +Specify the name in CHAP. +The default is +.Dq radiusd . +.El +.Sh FILES +.Bl -tag -width "/usr/libexec/radiusd/radiusd_eap2mschap" -compact +.It Pa /usr/libexec/radiusd/radiusd_eap2mschap +.Dq eap2mschap +module executable. +.El +.Sh EXAMPLES +An example showing the +.Nm +module providing an authentication server that supports EAP-MSCHAPv2. +Although the +.Xr radiusd_file 8 +module itself doesn't support any EAP methods, +when used with the +.Nm +module it becomes possible to support EAP-MSCHAPv2. +.Pp +.Pa /etc/radiusd.conf : +.Bd -literal -offset indent +listen on 192.168.0.1 +client 192.168.0.0/24 { + secret SECRET +} + +module file { + set path "/etc/npppd/npppd-users" +} +module eap2mschap + +authentication-filter * by eap2mschap +authenticate * by file +.Ed +.Sh SEE ALSO +.Xr authenticate 3 , +.Xr radiusd.conf 5 , +.Xr radiusd 8 , +.Xr radiusd_file 8 +.Sh HISTORY +The +.Nm +module first appeared in +.Ox 7.6 . diff --git a/static/openbsd/man8/radiusd_file.8 b/static/openbsd/man8/radiusd_file.8 new file mode 100644 index 00000000..7e7cb726 --- /dev/null +++ b/static/openbsd/man8/radiusd_file.8 @@ -0,0 +1,62 @@ +.\" $OpenBSD: radiusd_file.8,v 1.3 2024/08/04 03:56:57 yasuoka Exp $ +.\" +.\" Copyright (c) 2024 YASUOKA Masahiko <yasuoka@yasuoka.net> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The following requests are required for all man pages. +.\" +.\" Remove `\&' from the line below. +.Dd $Mdocdate: August 4 2024 $ +.Dt RADIUSD_FILE 8 +.Os +.Sh NAME +.Nm radiusd_file +.Nd provide authentication by a local file +.Sh SYNOPSIS +.\" For a program: program [-abc] file ... +.Nm radiusd_file +.Sh DESCRIPTION +The +.Nm +module is executed by +.Xr radiusd 8 +as a module to provide authentication from a file written in the syntax +described in +.Xr npppd-users 5 . +It supports the PAP, CHAP, and MSCHAPv2 authentication methods. +.Sh CONFIGURATIONS +The +.Nm module +supports the following configuration key and value: +.Bl -tag -width Ds +.It Cm path Ar path +The path for the +.Ar file +written in the syntax described in +.Xr npppd-users 5 . +.El +.Sh FILES +.Bl -tag -width "/usr/libexec/radiusd/radiusd_file" -compact +.It Pa /usr/libexec/radiusd/radiusd_file +.Dq file +module executable. +.El +.Sh SEE ALSO +.Xr npppd-users 5 , +.Xr radiusd 8 +.Sh HISTORY +The +.Nm +module first appeared in +.Ox 7.6 . diff --git a/static/openbsd/man8/radiusd_ipcp.8 b/static/openbsd/man8/radiusd_ipcp.8 new file mode 100644 index 00000000..da0805d9 --- /dev/null +++ b/static/openbsd/man8/radiusd_ipcp.8 @@ -0,0 +1,199 @@ +.\" $OpenBSD: radiusd_ipcp.8,v 1.7 2025/06/23 23:57:48 yasuoka Exp $ +.\" +.\" Copyright (c) 2024 Internet Initiative Japan Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The following requests are required for all man pages. +.\" +.Dd $Mdocdate: June 23 2025 $ +.Dt RADIUSD_IPCP 8 +.Os +.Sh NAME +.Nm radiusd_ipcp +.Nd provides IP configuration and manages IP address pool +.Sh SYNOPSIS +.Nm radiusd_ipcp +.Sh DESCRIPTION +The +.Nm +module is executed by +.Xr radiusd 8 +as a module to provide IP configuration through RADIUS Access-Accept messages +and manages the IP address pool through RADIUS accounting messages. +The internal sessions can be shown or monitored by +.Xr radiusctl 8 . +.Nm +also provides session timeouts and disconnects requested by +.Xr radiusctl 8 +through the Dynamic Authorization Extension +.Pq DAE, RFC 5176 . +.Sh CONFIGURATIONS +To use the +.Nm +module, +it should be configured as a decoration module of the authentication +and as an accounting module. +.Bd -literal -offset indent +authenticate * by (any auth module) decorate-by ipcp +account * to ipcp +.Ed +.Pp +The +.Nm +module supports the following configuration keys and values: +.Bl -tag -width Ds +.It Ic address pool Ar address-space ... +Specify the IP address spaces that is pooled. +The +.Ar address-space +can be specified by an address range +.Pq e.g. 192.168.1.1-192.168.1.199 +or an address mask +.Pq e.g. 192.168.1.0/24 . +The pooled addresses are used for dynamic assignment. +.It Ic address static Ar address-space ... +Specify the IP address spaces that is pooled for static assignment. +The +.Ar address-space +is the same syntax as +.Ic address pool , +above. +.It Ic name-server Ar primary-address Op Ar secondary-address +Specify the DNS servers' IP addresses. +.It Ic netbios-server Ar primary-address Op Ar secondary-address +Specify the NetBIOS name servers' IP addresses. +.It Ic session-timeout Ar seconds | Do radius Dc +Specify the session-timeout in seconds, +or +.Dq radius . +.Nm +disconnects the session through DAE at the specified time after starting. +When +.Dq radius +is specified, +the value of the Session-Timeout attribute in Access-Accept is used for +the timeout. +When the value is specified in seconds and the Session-Timeout attribute is +specified for a session, +the Session-Timeout attribute value is used to disconnect the session in +preference. +Configure +.Ic dae server +to use this option. +.It Ic dae server Ar address Ns Oo Ar :port Oc Ar secret Op Ar nas-id +Configure a DAE server which +.Nm +requests disconnection for sessions. +Specify the +.Ar address , +optionally the +.Ar port +number, +and the +.Ar secret . +If the optional +.Ar nas-id +is specified, +the server is selected only for the session which NAS-Identifier is +matched the specified value. +The default port number is 3799. +.It Ic max-sessions Ar number +Specify the maximum number of sessions. +.Sq 0 +means no limit. +The default value is 0. +.It Ic user-max-sessions Ar number +Specify the maximum number of sessions per a user. +.Sq 0 +means no limit. +The default value is 0. +.It Ic start-wait Ar seconds +Specify the seconds waiting for the RADIUS Accounting Start for the +session after Access-Accept. +.Nm +preserves the assigned IP address for that period. +The default value is 60 seconds. +.El +.Sh FILES +.Bl -tag -width "/usr/libexec/radiusd/radiusd_ipcp" -compact +.It Pa /usr/libexec/radiusd/radiusd_ipcp +.Dq ipcp +module executable. +.El +.Sh EXAMPLES +An example with +.Nm +working with +.Xr npppd 8 : +.Pp +.Pa /etc/radiusd.conf : +.Bd -literal -offset indent +listen on 127.0.0.1 +listen on 127.0.0.1 accounting + +client 127.0.0.1/32 { + secret "SECRET" +} + +module radius { + set secret "SECRET2" + set server 192.168.0.4:1812 +} + +module ipcp { + set address pool 192.168.1.0/24 + set name-server 192.168.0.4 + set max-sessions 128 + set user-max-sessions 2 + set dae server 127.0.0.1 "SECRET3" + set session-timeout radius +} + +authenticate * by radius decorate-by ipcp +account * to ipcp +.Ed +.Pp +.Pa /etc/npppd/npppd.conf : +.Bd -literal -offset indent +tunnel L2TP protocol l2tp { + listen on 192.0.2.51 +} +ipcp IPCP { + pool-address 192.168.1.2-192.168.1.255 for dynamic +} +interface pppac0 address 192.168.1.1 ipcp IPCP +authentication RADIUS type radius { + authentication-server { + address 127.0.0.1 secret "SECRET" + } + accounting-server { + address 127.0.0.1 secret "SECRET" + } +} +bind tunnel from L2TP authenticated by RADIUS to pppac0 + +radius dae listen on 127.0.0.1 +radius dae client 127.0.0.1 secret "SECRET3" +.Ed +.Sh SEE ALSO +.Xr authenticate 3 , +.Xr radiusd.conf 5 , +.Xr npppd 8 , +.Xr radiusctl 8 , +.Xr radiusd 8 +.Sh HISTORY +The +.Nm +module first appeared in +.Ox 7.6 . diff --git a/static/openbsd/man8/radiusd_radius.8 b/static/openbsd/man8/radiusd_radius.8 new file mode 100644 index 00000000..53a6105b --- /dev/null +++ b/static/openbsd/man8/radiusd_radius.8 @@ -0,0 +1,84 @@ +.\" $OpenBSD: radiusd_radius.8,v 1.2 2024/08/04 03:56:57 yasuoka Exp $ +.\" +.\" Copyright (c) 2014 Esdenera Networks GmbH +.\" Copyright (c) 2014, 2024 Internet Initiative Japan Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The following requests are required for all man pages. +.\" +.Dd $Mdocdate: August 4 2024 $ +.Dt RADIUSD_RADIUS 8 +.Os +.Sh NAME +.Nm radiusd_radius +.Nd provide authentication from upstream RADIUS servers +.Sh SYNOPSIS +.Nm radiusd_radius +.Sh DESCRIPTION +The +.Nm +utility is executed by +.Xr radiusd 8 +as a module to provide authentication from upstream RADIUS servers. +.Sh CONFIGURATIONS +The +.Nm +supports the following configuration key and value: +.Bl -tag -width Ds +.It Ic server Ar address Ns Op : Ns Ar port +Specify the upstream server's address and port. +If +.Ar port +is omitted, 1812 is used. +This configuration can be specified multiple times. +.It Ic secret Ar secret +Specify the shared secret with the servers. +This configuration cannot be omitted. +.It Ic max-tries Ar number +Specify the maximum number of retransmissions for a server. +.Xr radiusd 8 +will retransmit 2, 6, 14, 22, and 30 seconds after the first transmission +and subsequent retransmissions will occur every 8 seconds. +If the number of retransmissions per server reaches this value, +the current server is marked as +.Dq fail , +and the next server is used for subsequent requests. +The default value is 3. +.It Ic max-failovers Ar number +If a positive number is specified, +.Xr radiusd 8 +will failover to the next server +when the current server is marked +.Dq fail . +This key and value specifies the maximum number of failovers. +The default value is 0. +.It Ic request-timeout Ar sec +Specify the request timeout in seconds. +If this value is specified, +.Ar max-tries +and +.Ar max-failover +will not be used. +.El +.Sh FILES +.Bl -tag -width "/usr/libexec/radiusd/radiusd_radius" -compact +.It Pa /usr/libexec/radiusd/radiusd_radius +.Dq radius +module executable. +.El +.Sh HISTORY +The +.Nm +module first appeared in +.Ox 5.8 . diff --git a/static/openbsd/man8/radiusd_standard.8 b/static/openbsd/man8/radiusd_standard.8 new file mode 100644 index 00000000..c62f63f7 --- /dev/null +++ b/static/openbsd/man8/radiusd_standard.8 @@ -0,0 +1,77 @@ +.\" $OpenBSD: radiusd_standard.8,v 1.4 2024/08/04 03:56:57 yasuoka Exp $ +.\" +.\" Copyright (c) 2014 Esdenera Networks GmbH +.\" Copyright (c) 2014, 2024 Internet Initiative Japan Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The following requests are required for all man pages. +.\" +.Dd $Mdocdate: August 4 2024 $ +.Dt RADIUSD_STANDARD 8 +.Os +.Sh NAME +.Nm radiusd_standard +.Nd provide standard decorations for RADIUS messages +.Sh SYNOPSIS +.Nm radiusd_standard +.Sh DESCRIPTION +The +.Nm +utility is executed by +.Xr radiusd 8 +as a module to provide various standard functionalities. +It can be configured as a module for decoration which modifies request and +response RADIUS messages. +Also it can be configured as an accounting module that logs accounting +information through +.Xr syslog 3 . +.Sh CONFIGURATIONS +The +.Nm +module supports the following configuration key and value: +.Pp +.Bl -tag -width Ds -compact +.It Ic strip-atmark-realm Ar true | false +Remove the realm part which starts with @ +.Pq atmark +from the User-Name attribute of the Access-Request. +.Pp +.It Ic strip-nt-domain Ar true | false +Remove NT domain which ends with \\ +.Pq backslash +from the User-Name attribute of the Access-Request. +.Pp +.It Cm remove-request-attribute Oo Ar vendor Oc Ar type +.It Cm remove-response-attribute Oo Ar vendor Oc Ar type +Remove all the specified attributes from request or response +messages of Access-Request. +Specify +.Ar type +of the attribute in a decimal number. +To specify a vendor attribute, +specify the Vendor-Id +in a decimal number for +.Ar vendor . +.El +.Sh FILES +.Bl -tag -width "/usr/libexec/radiusd/radiusd_standard" -compact +.It Pa /usr/libexec/radiusd/radiusd_standard +.Dq standard +module executable. +.El +.Sh HISTORY +The +.Nm +module first appeared in +.Ox 5.8 . diff --git a/static/openbsd/man8/rarpd.8 b/static/openbsd/man8/rarpd.8 new file mode 100644 index 00000000..7ff12e7e --- /dev/null +++ b/static/openbsd/man8/rarpd.8 @@ -0,0 +1,110 @@ +.\" $OpenBSD: rarpd.8,v 1.21 2015/10/28 10:02:59 jmc Exp $ +.\" $NetBSD: rarpd.8,v 1.7 1998/04/15 15:06:06 mrg Exp $ +.\" +.\" Copyright (c) 1988-1990 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" @(#) $Id: rarpd.8,v 1.21 2015/10/28 10:02:59 jmc Exp $ +.\" +.Dd $Mdocdate: October 28 2015 $ +.Dt RARPD 8 +.Os +.Sh NAME +.Nm rarpd +.Nd reverse ARP daemon +.Sh SYNOPSIS +.Nm rarpd +.Op Fl adflt +.Ar if0 Op Ar ... ifN +.Sh DESCRIPTION +.Nm +services Reverse ARP requests on the Ethernet connected to +the specified interfaces. +Upon receiving a request, +.Nm +maps the target hardware address to an IP address via its name, which +must be present in both the +.Xr ethers 5 +and +.Xr hosts 5 +databases. +If a host does not exist in both databases, the translation cannot +proceed and a reply will not be sent. +.Pp +In normal operation, +.Nm +forks a copy of itself and runs in the background. +Anomalies and errors are reported via +.Xr syslog 3 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Listen on all the Ethernets attached to the system. +If +.Fl a +is omitted, a list of interfaces must be specified. +.It Fl d +Run in debug mode, with all the output to stderr. +This option implies the +.Fl f +option. +.It Fl f +Run in the foreground. +.It Fl l +Log all requests to +.Xr syslog 3 . +.It Fl t +Only honour a request if the server +(the host that +.Nm +is running on) +can "boot" the target; that is, if a file or directory called +.Pa /tftpboot/ipaddr +exists, where +.Pa ipaddr +is the target IP address expressed in uppercase hexadecimal +(only the first 8 characters of filenames are checked). +.El +.Sh FILES +.Bl -tag -width /etc/ethers -compact +.It Pa /etc/ethers +Ethernet host name database. +.It Pa /etc/hosts +Host name database. +.\" .It Pa /tftpboot +.El +.Sh SEE ALSO +.Xr bpf 4 , +.Xr diskless 8 +.Sh STANDARDS +.Rs +.%A R. Finlayson +.%A T. Mann +.%A J. Mogul +.%A M. Theimer +.%D June 1984 +.%R RFC 903 +.%T A Reverse Address Resolution Protocol +.Re +.Sh AUTHORS +.An -nosplit +.An Craig Leres Aq Mt leres@ee.lbl.gov +and +.An Steven McCanne Aq Mt mccanne@ee.lbl.gov , +Lawrence Berkeley Laboratory, University of California, Berkeley, CA. diff --git a/static/openbsd/man8/rbootd.8 b/static/openbsd/man8/rbootd.8 new file mode 100644 index 00000000..05aeb83b --- /dev/null +++ b/static/openbsd/man8/rbootd.8 @@ -0,0 +1,156 @@ +.\" $OpenBSD: rbootd.8,v 1.19 2020/05/16 16:58:12 jmc Exp $ +.\" $NetBSD: rbootd.8,v 1.3 1995/08/21 17:05:16 thorpej Exp $ +.\" +.\" Copyright (c) 1988, 1992 The University of Utah and the Center +.\" for Software Science (CSS). +.\" Copyright (c) 1992, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" the Center for Software Science of the University of Utah Computer +.\" Science Department. CSS requests users of this software to return +.\" to css-dist@cs.utah.edu any improvements that they make and grant +.\" CSS redistribution rights. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)rbootd.8 8.2 (Berkeley) 12/11/93 +.\" +.\" Utah Hdr: rbootd.man 3.1 92/07/06 +.\" Author: Jeff Forys, University of Utah CSS +.\" +.Dd $Mdocdate: May 16 2020 $ +.Dt RBOOTD 8 +.Os +.Sh NAME +.Nm rbootd +.Nd HP remote boot server +.Sh SYNOPSIS +.Nm rbootd +.Op Fl ad +.Op Fl i Ar interface +.Op Ar config_file +.Sh DESCRIPTION +The +.Nm +utility services boot requests from Hewlett-Packard workstations over a +local area network. +All boot files must reside in the boot file directory; further, if a +client supplies path information in its boot request, it will be silently +stripped away before processing. +By default, +.Nm +only responds to requests from machines listed in its configuration file. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Respond to boot requests from any machine. +The configuration file is ignored if this option is specified. +.It Fl d +Run +.Nm +in debug mode. +Packets sent and received are displayed to the terminal. +.It Fl i Ar interface +Service boot requests on specified +.Ar interface . +If unspecified, +.Nm +searches the system interface list for the lowest numbered, configured +.Dq up +interface (excluding loopback). +Ties are broken by choosing the earliest match. +.El +.Pp +Specifying +.Ar config_file +on the command line causes +.Nm +to use a different configuration file from the default. +.Pp +The configuration file is a text file where each line describes a particular +machine. +A line must start with a machine's Ethernet address followed by an optional +list of boot file names. +An Ethernet address is specified in hexadecimal with each of its six octets +separated by a colon. +The boot file names come from the boot file directory. +The Ethernet address and boot file(s) must be separated by whitespace +and/or comma characters. +A pound sign causes the remainder of a line to be ignored. +.Pp +Here is a sample configuration file: +.Bd -literal -offset indent +# +# Ethernet addr boot file(s) comments +# +08:00:09:0:66:ad SYSHPBSD # snake (4.3BSD) +08:00:09:0:59:5b # vandy (anything) +8::9:1:C6:75 SYSHPBSD,SYSHPUX # jaguar (either) +.Ed +.Pp +.Nm +logs status and error messages via +.Xr syslog 3 . +A startup message is always logged, and in the case of fatal errors (or +deadly signals) a message is logged announcing the server's termination. +In general, a non-fatal error is handled by ignoring the event that caused +it (e.g., an invalid Ethernet address in the config file causes that line +to be invalidated). +.Pp +The following signals have the specified effect when sent to the server +process using the +.Xr kill 1 +command: +.Bl -tag -width SIGUSR1 -offset indent -compact +.It SIGHUP +Drop all active connections and reconfigure. +.It SIGUSR1 +Turn on debugging, do nothing if already on. +.It SIGUSR2 +Turn off debugging, do nothing if already off. +.El +.Sh FILES +.Bl -tag -width /etc/examples/rbootd.conf -compact +.It Pa /dev/bpf +Packet-filter device. +.It Pa /etc/rbootd.conf +Configuration file. +.It Pa /etc/examples/rbootd.conf +Example configuration file. +.It Pa /tmp/rbootd.dbg +Debug output. +.It Pa /usr/mdec/rbootd +Directory containing boot files. +.El +.Sh SEE ALSO +.Xr kill 1 , +.Xr socket 2 , +.Xr signal 3 , +.Xr syslog 3 +.Sh BUGS +If multiple servers are started on the same interface, each will receive +and respond to the same boot packets. diff --git a/static/openbsd/man8/rcctl.8 b/static/openbsd/man8/rcctl.8 new file mode 100644 index 00000000..f46b3a37 --- /dev/null +++ b/static/openbsd/man8/rcctl.8 @@ -0,0 +1,238 @@ +.\" $OpenBSD: rcctl.8,v 1.47 2025/08/10 09:30:55 ajacoutot Exp $ +.\" +.\" Copyright (c) 2014 Antoine Jacoutot <ajacoutot@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 10 2025 $ +.Dt RCCTL 8 +.Os +.Sh NAME +.Nm rcctl +.Nd configure and control daemons and services +.Sh SYNOPSIS +.Nm rcctl +.Cm get Ns | Ns Cm getdef Ns | Ns Cm set +.Ar daemon Ns | Ns Ar service Op Ar variable Op Ar argument ... +.Nm rcctl +.Op Fl d | q +.Op Fl f +.Sm off +.Cm check | configtest | reload | restart | start | stop +.Sm on +.Ar daemon ... +.Nm rcctl +.Cm disable Ns | Ns Cm enable Ns | Ns Cm order +.Op Ar daemon ... +.Nm rcctl +.Cm ls +.Sm off +.Cm all | failed | off | on | rogue | started | stopped +.Sm on +.Sh DESCRIPTION +The +.Nm +utility can enable or disable a base system +.Ar service +or a base system or package +.Ar daemon +in +.Xr rc.conf.local 8 +or display its configuration and status. +For a +.Ar daemon , +it can also change the command line arguments, the user to run as, the +.Xr rc.d 8 +action timeout or call its +.Xr rc.d 8 +.Ar daemon +control script. +.Pp +The following commands are available +.Po +.Ar variable +can be one of +.Cm class , +.Cm execdir , +.Cm flags , +.Cm logger , +.Cm rtable , +.Cm status , +.Cm timeout +or +.Cm user +.Pc : +.Bl -tag -width Ds +.It Oo Fl d | q Oc Oo Fl f Oc Ar action daemon ... +Run the +.Xr rc.d 8 +.Ar daemon +scripts with the +.Ar action +argument, passing through the specified options, if any. +.It Cm disable Ar service ... | daemon ... +Alias for +.Cm set Ar service Ns | Ns Ar daemon Cm status off . +.It Cm enable Ar service ... | daemon ... +Alias for +.Cm set Ar service Ns | Ns Ar daemon Cm status on . +.It Cm get Ar service | daemon Op Ar variable +Display the value of +.Ar service +or +.Ar daemon Ns _ Ns Ar variable . +If +.Ar variable +is empty, display all +.Ar service +or +.Ar daemon +variables and values in a format +compatible with +.Xr rc.conf 8 . +When +.Ar daemon +is set to +.Qq all , +.Ar variable +must not be set and +.Nm +will display all services and daemons variables. +.It Cm getdef Ar service | daemon Op Ar variable +Like +.Cm get +but returns the default values. +.It Cm ls Ar lsarg +Display a list of services and daemons matching +.Ar lsarg , +which can be one of: +.Pp +.Bl -tag -width stopped -offset indent -compact +.It Cm all +all services and daemons +.It Cm failed +enabled but stopped daemons +.It Cm off +disabled services and daemons +.It Cm on +enabled services and daemons +.It Cm rogue +daemons which are disabled but currently running +.It Cm started +running daemons +.It Cm stopped +stopped daemons +.El +.It Cm order Op Ar daemon ... +Move the specified package daemons to the beginning of +.Va pkg_scripts . +They need to be already enabled. +If no +.Ar daemon +is specified, display the current order. +.Pp +The +.Cm order +command is only needed after enabling a new daemon +that needs to run before one or more already enabled daemons. +Specify the new daemon preceded by all that need to run before it, +but not the ones depending on it. +.It Cm set Ar service | daemon variable Op Ar argument ... +For a daemon, set the variable +.Ar daemon Ns _ Ns Ar variable +to the specified arguments. +If +.Ar variable +is already set, +.Ar daemon Ns _ Ns Ar variable +is reset to the optionally provided arguments or to its default value. +.Pp +The +.Cm status +.Ar variable +must be provided with the +.Cm on +or +.Cm off +arguments. +It is used to enable or disable +.Ar service +or +.Ar daemon +in +.Xr rc.conf.local 8 . +When a disabled package daemon is enabled, it is appended to the end of +.Va pkg_scripts . +When a package daemon is disabled, it is removed from +.Va pkg_scripts +and its variables are removed if any. +.El +.Sh EXIT STATUS +.Nm Ar action +returns with the exit status of the +.Xr rc.d 8 +.Ar daemon +script. +.Nm Cm get Ar daemon | service Op Cm status +exits with 0 if the daemon or service is enabled and 1 if it is not. +.Nm Cm getdef Ar daemon | service Op Cm status +exits with 0 if the daemon or service is enabled by default +and 1 if it is not. +.Nm Cm ls failed | rogue +exits with 1 if an enabled daemon is not running or vice versa. +Otherwise, the +.Nm +utility exits with 0 on success, and >0 if an error occurs +.Po 2 indicates a non-existent +.Ar daemon | service +.Pc . +.Sh EXAMPLES +Enable and set +.Xr apmd 8 +flags: +.Bd -literal -offset indent +# rcctl set apmd status on +# rcctl set apmd flags -A +# rcctl get apmd +apmd_class=daemon +apmd_execdir= +apmd_flags=-A +apmd_logger= +apmd_rtable=0 +apmd_timeout=30 +apmd_user=root +# echo $? +0 +.Ed +.Pp +The recommended way to run a second copy of a given daemon for a +different purpose is to create a symbolic link to its +.Xr rc.d 8 +control script: +.Bd -literal -offset indent +# ln -s /etc/rc.d/snmpd /etc/rc.d/snmpd6 +# rcctl set snmpd6 status on +# rcctl set snmpd6 flags -D addr=2001:db8::1234 +# rcctl start snmpd6 +.Ed +.Sh SEE ALSO +.Xr rc.conf.local 8 , +.Xr rc.d 8 +.Sh HISTORY +.Nm +first appeared in +.Ox 5.7 . +.Sh AUTHORS +.Nm +was written by +.An Antoine Jacoutot Aq Mt ajacoutot@openbsd.org . diff --git a/static/openbsd/man8/rdate.8 b/static/openbsd/man8/rdate.8 new file mode 100644 index 00000000..08d3c645 --- /dev/null +++ b/static/openbsd/man8/rdate.8 @@ -0,0 +1,84 @@ +.\" $OpenBSD: rdate.8,v 1.41 2026/03/27 14:33:58 deraadt Exp $ +.\" $NetBSD: rdate.8,v 1.4 1996/04/08 20:55:17 jtc Exp $ +.\" +.\" Copyright (c) 1994 Christos Zoulas +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2026 $ +.Dt RDATE 8 +.Os +.Sh NAME +.Nm rdate +.Nd set the system's date from a remote host +.Sh SYNOPSIS +.Nm rdate +.Op Fl 46acnpsv +.Ar host +.Sh DESCRIPTION +.Nm +displays and sets the local date and time from the +host name or address given as the argument. +The time source is an RFC 5905 protocol SNTP/NTP server. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl a +Use the +.Xr adjtime 2 +call to gradually skew the local time to the +remote time rather than just hopping. +.It Fl c +Correct leap seconds. +This should be used only when synchronizing to a server +which does not correctly account for leap seconds. +.It Fl n +Use SNTP (RFC 5905). +This is the default. +This protocol counts 32 bits of seconds from January 1, 1900 +and will handle rollover to a new NTP era in February 2036. +.It Fl p +Do not set, just print the remote time. +.It Fl s +Do not print the time. +.It Fl v +Verbose output. +Always show the adjustment. +.El +.Sh FILES +.Bl -tag -width /var/log/wtmp -compact +.It Pa /var/log/wtmp +record of date resets and time changes +.El +.Sh SEE ALSO +.Xr date 1 , +.Xr adjtime 2 , +.Xr inetd 8 , +.Xr ntpd 8 diff --git a/static/openbsd/man8/rdsetroot.8 b/static/openbsd/man8/rdsetroot.8 new file mode 100644 index 00000000..0457b1b4 --- /dev/null +++ b/static/openbsd/man8/rdsetroot.8 @@ -0,0 +1,66 @@ +.\" $OpenBSD: rdsetroot.8,v 1.4 2023/04/24 14:06:01 krw Exp $ +.\" +.\" Copyright (c) 2019 Theo de Raadt +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 24 2023 $ +.Dt RDSETROOT 8 +.Os +.Sh NAME +.Nm rdsetroot +.Nd insert disk image into RAMDISK kernel +.Sh SYNOPSIS +.Nm rdsetroot +.Fl s +.Ar kernel +.Nm rdsetroot +.Op Fl dx +.Ar kernel +.Op Ar disk.fs +.Sh DESCRIPTION +The +.Nm +utility inserts the file +.Ar disk.fs +into the reserved space inside a RAMDISK kernel. +If +.Ar disk.fs +is not specified, +.Nm +reads from standard input. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Debug. +.It Fl s +Print the size in bytes of the reserved space in the RAMDISK kernel. +No insertion or extraction is attempted. +.It Fl x +Rather than inserting, extract the +.Ar disk.fs +image. +If +.Ar disk.fs +is not specified, +.Nm +writes to standard output. +The disk can be made accessible using +.Xr vnconfig 8 , +filesystems can be manipulated, and finally re-inserted into the RAMDISK kernel. +.El +.Sh SEE ALSO +.Xr config 8 , +.Xr disklabel 8 , +.Xr vnconfig 8 diff --git a/static/openbsd/man8/reboot.8 b/static/openbsd/man8/reboot.8 new file mode 100644 index 00000000..ffcd21a3 --- /dev/null +++ b/static/openbsd/man8/reboot.8 @@ -0,0 +1,110 @@ +.\" $OpenBSD: reboot.8,v 1.51 2024/12/21 05:01:25 jsg Exp $ +.\" $NetBSD: reboot.8,v 1.3 1995/10/05 05:36:21 mycroft Exp $ +.\" +.\" Copyright (c) 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)reboot.8 8.1 (Berkeley) 6/9/93 +.\" +.Dd $Mdocdate: December 21 2024 $ +.Dt REBOOT 8 +.Os +.Sh NAME +.Nm reboot , +.Nm halt +.Nd stopping and restarting the system +.Sh SYNOPSIS +.Nm halt +.Op Fl dnpq +.Nm reboot +.Op Fl dnq +.Sh DESCRIPTION +The +.Nm halt +and +.Nm reboot +utilities flush the file system cache to disk, execute the +.Xr rc.d 8 +scripts specified by the +.Va pkg_scripts +variable defined in +.Xr rc.conf 8 +in a reverse order, +run the system shutdown script, send all running processes a +.Dv SIGTERM +.Pq and subsequently a Dv SIGKILL , +and, respectively, halt or restart the system. +The action is logged, including entering a shutdown record into the login +accounting file. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Causes system to create a dump before rebooting. +This option is useful for debugging system dump procedures or +capturing the state of a corrupted or misbehaving system. +See +.Xr savecore 8 +for information on how to recover this dump. +.It Fl n +Prevent file system cache from being flushed. +This option should probably not be used. +.It Fl p +Causes the system to power down, if it is being halted, and the +hardware supports automatic power down. +.It Fl q +Quick. +The system is halted or restarted quickly and ungracefully, and only +the flushing of the file system cache is performed. +This option should probably not be used. +.El +.Pp +Normally, the +.Xr shutdown 8 +utility is used when the system needs to be halted or restarted, giving +users advance warning of their impending doom. +.Sh SEE ALSO +.Xr reboot 2 , +.Xr utmp 5 , +.\" .Xr boot 8 , +.Xr boot_alpha 8 , +.Xr boot_amd64 8 , +.Xr boot_hppa 8 , +.Xr boot_i386 8 , +.Xr boot_luna88k 8 , +.Xr boot_macppc 8 , +.Xr boot_sparc64 8 , +.Xr rc.d 8 , +.Xr rc.shutdown 8 , +.Xr savecore 8 , +.Xr shutdown 8 , +.Xr sync 8 +.Sh HISTORY +A +.Nm reboot +command appeared in +.Bx 4.0 . diff --git a/static/openbsd/man8/relayctl.8 b/static/openbsd/man8/relayctl.8 new file mode 100644 index 00000000..c329136c --- /dev/null +++ b/static/openbsd/man8/relayctl.8 @@ -0,0 +1,228 @@ +.\" $OpenBSD: relayctl.8,v 1.33 2017/11/29 15:24:50 benno Exp $ +.\" +.\" Copyright (c) 2007 - 2013 Reyk Floeter <reyk@openbsd.org> +.\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 29 2017 $ +.Dt RELAYCTL 8 +.Os +.Sh NAME +.Nm relayctl +.Nd control the relay daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr relayd 8 +daemon. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/relayd.sock +to communicate with +.Xr relayd 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm host disable Op Ar name | id +Disable a host. +Treat it as though it were always down. +.It Cm host enable Op Ar name | id +Enable the host. +Start checking its health again. +.It Cm load Ar filename +Reload the configuration from the specified file. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm monitor +Continuously report any changes in the host checking engine and the +.Xr pf 4 +engine. +.It Cm poll +Schedule an immediate check of all hosts. +.It Cm redirect disable Op Ar name | id +Disable a redirection. +If it has +.Xr pf 4 +redirection rules installed, remove them. +Mark the redirection's main table and \(en +if applicable \(en disable the backup table as well. +.It Cm redirect enable Op Ar name | id +Enable a redirection. +Mark the redirection's main table and \(en if applicable \(en enable +the backup table as well. +.It Cm reload +Reload the configuration file. +.It Cm show hosts +Show detailed status of hosts and tables. +It will also print the last error for failed host checks; +see the +.Sx DIAGNOSTICS +section below. +.It Cm show redirects +Show detailed status of redirections including the current and average +access statistics. +The statistics will be updated every minute. +Redirections using the +.Ic sticky-address +option will count the number of sticky states, +not the total number of redirected connections. +.It Cm show relays +Show detailed status of relays including the current and average +access statistics. +The statistics will be updated every minute. +.It Cm show routers +Show detailed status of routers including the configured network +routes. +.It Cm show sessions +Dump the complete list of running relay sessions. +.It Cm show summary +Display a list of all relays, redirections, routers, tables, and hosts. +.It Cm table disable Op Ar name | id +Disable a table. +Consider all hosts disabled. +If it is a main table of a redirection which has a non-empty backup table, +swap the contents of the +.Xr pf 4 +table with those of the backup table. +.It Cm table enable Op Ar name | id +Enable a table. +Start doing checks for all hosts that aren't individually disabled +again. +.El +.Sh FILES +.Bl -tag -width "/var/run/relayd.sockXX" -compact +.It Pa /var/run/relayd.sock +.Ux Ns -domain +socket used for communication with +.Xr relayd 8 . +.El +.Sh DIAGNOSTICS +If a host is down and a previous check failed, +.Nm +will display the last error in the output of the +.Cm show hosts +command. +This is especially useful for debugging server or configuration failures. +The following errors will be reported: +.Pp +.Bl -tag -width Ds -compact +.It Em none +No specific error was reported by the check engine. +.Pp +.It Em aborted +All checks were aborted by an external event, like a configuration reload. +.Pp +.It Em interval timeout +The check did not finish in the configured time of an interval. +This can happen if there are too many hosts that have to be checked by +.Xr relayd 8 +and can be avoided by increasing the global +.Ic interval +option in +.Xr relayd.conf 5 . +.Pp +.It Em icmp read timeout +.It Em tls read timeout +.It Em tcp read timeout +The check failed because the remote host did not send a reply within +the configured timeout. +.Pp +.It Em icmp write timeout +.It Em tls write timeout +.It Em tcp write timeout +.It Em tls connect timeout +.It Em tcp connect timeout +The check failed because +.Xr relayd 8 +was not ready to send the request within the configured timeout. +.Pp +.It Em tls connect error +.It Em tls read error +.It Em tls write error +.It Em tcp connect error +.It Em tcp read failed +.It Em tcp write failed +An I/O error occurred. +This indicates that +.Xr relayd 8 +was running low on resources, +file descriptors, or was too busy to run the request. +It can also indicate that a TLS or TCP protocol error occurred or +that the connection was unexpectedly aborted. +.Pp +.It Em tls connect failed +.It Em tcp connect failed +The check failed because the protocol handshake did not succeed in +opening a stateful connection with the remote host. +.Pp +.It Em script failed +The external script executed by the check did not return a valid return code. +.Pp +.It Em send/expect failed +The payload data returned by the remote host did not match the +expected pattern. +.Pp +.It Em http code malformed +.It Em http digest malformed +The remote host did not return a valid HTTP header or body. +.Pp +.It Em http code mismatch +The remote host did not return a matching HTTP error code. +This may indicate a real server problem (a server error, the page was +not found, permission was denied) or a configuration error. +For example, it is a very common mistake that +.Xr relayd 8 +was configured to expect a +HTTP 200 OK +status but the host is returning a +HTTP 302 Found +redirection. +See +.Xr relayd.conf 5 +for more information on validating the HTTP return code. +.Pp +.It Em http digest mismatch +The remote host did not return the expected content and the computed +digest was different to the configured value. +See +.Xr relayd.conf 5 +for more information on validating the digest. +.El +.Sh SEE ALSO +.Xr relayd 8 +.Sh HISTORY +The +.Nm +program, formerly known as +.Ic hoststatectl , +first appeared in +.Ox 4.1 . +It was renamed to +.Nm +in +.Ox 4.3 . diff --git a/static/openbsd/man8/relayd.8 b/static/openbsd/man8/relayd.8 new file mode 100644 index 00000000..6db19bfc --- /dev/null +++ b/static/openbsd/man8/relayd.8 @@ -0,0 +1,154 @@ +.\" $OpenBSD: relayd.8,v 1.25 2015/07/27 14:50:58 sobrado Exp $ +.\" +.\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 27 2015 $ +.Dt RELAYD 8 +.Os +.Sh NAME +.Nm relayd +.Nd relay daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Sh DESCRIPTION +.Nm +is a daemon to relay and dynamically redirect incoming connections to +a target host. +Its main purposes are to run as a load-balancer, application layer +gateway, or transparent proxy. +The daemon is able to monitor groups of hosts for availability, which +is determined by checking for a specific service common to a host +group. +When availability is confirmed, +layer 3 and/or layer 7 forwarding services are set up by +.Nm . +.Pp +Layer 3 redirection happens at the packet level; to configure +it, +.Nm +communicates with +.Xr pf 4 . +To allow +.Nm +to properly set up +.Xr pf 4 +rules, the following line is required in the filter section of +.Xr pf.conf 5 : +.Bd -literal -offset indent +anchor "relayd/*" +.Ed +.Pp +Layer 7 relaying happens at the application level and is +handled by +.Nm +itself. +Various application level filtering and protocol-specific +load-balancing options are available for relays. +.Pp +.Nm +works in terms of the following +.Em entities : +relays, protocols, redirections, and tables. +A +.Em relay +represents a layer 7 load-balancing instance. +Each instance translates to a listening TCP or UDP port. +A +.Em protocol +defines which actions, if any, are taken on the +packet payload as data crosses a relay. +A +.Em redirection +represents a layer 3 load-balancing instance. +Each instance translates to a +.Xr pf 4 +rdr-to rule being added. +A +.Em table +represents a group of hosts which can be checked for +availability using the same method. +Each table contains at least one host. +If a table is used in a layer 3 load-balancing instance, it +will be mapped to a +.Xr pf 4 +table containing only those hosts which are up. +.Pp +All these entities can be configured in +.Xr relayd.conf 5 , +and +.Xr relayctl 8 +can be used to alter or report on the status of each entity. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +The default is +.Pa /etc/relayd.conf . +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/relayd.sockXX" -compact +.It Pa /etc/relayd.conf +Default configuration file. +.It Pa /var/run/relayd.sock +.Ux Ns -domain +socket used for communication with +.Xr relayctl 8 . +.El +.Sh SEE ALSO +.Xr relayd.conf 5 , +.Xr relayctl 8 +.Sh HISTORY +The +.Nm +program, formerly known as +.Ic hoststated , +first appeared in +.Ox 4.1 . +It was renamed to +.Nm +in +.Ox 4.3 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Pierre-Yves Ritschard Aq Mt pyr@openbsd.org +and +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/static/openbsd/man8/renice.8 b/static/openbsd/man8/renice.8 new file mode 100644 index 00000000..20e1238a --- /dev/null +++ b/static/openbsd/man8/renice.8 @@ -0,0 +1,144 @@ +.\" $OpenBSD: renice.8,v 1.26 2024/07/25 13:40:55 jmc Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)renice.8 8.1 (Berkeley) 6/9/93 +.\" +.Dd $Mdocdate: July 25 2024 $ +.Dt RENICE 8 +.Os +.Sh NAME +.Nm renice +.Nd alter priority of running processes +.Sh SYNOPSIS +.Nm renice +.Oo Fl n Oc Ar increment +.Op Fl gpu +.Ar id +.Sh DESCRIPTION +.Nm +alters the scheduling priority of one or more running processes with ID +.Ar id . +Processes may be selected by +process ID, +process group ID, +and +user name or ID. +If none of the +.Fl gpu +options are specified, +the default is to select by process ID. +Multiple processes can be specified in a space separated list. +.Pp +Users other than the superuser may only alter the priority of +processes they own, +and can only monotonically increase their +.Dq nice value +within the range 0 to +.Dv PRIO_MAX +(20), +which prevents overriding administrative fiats. +The superuser +may alter the priority of any process +and set the priority to any value in the range +.Dv PRIO_MIN +(\-20) +to +.Dv PRIO_MAX . +.Pp +Useful priorities are: +20 (the affected processes will run only when nothing else +in the system wants to), +0 (the +.Dq base +scheduling priority), +anything negative (to make things go very fast). +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl g +Alter the scheduling priority of all processes in process group +.Ar id . +.It Fl n Ar increment +A positive or negative decimal integer used to modify the +scheduling priority. +For compatibility with historic versions of this utility, +if +.Fl n +is omitted and +.Ar increment +is the first argument to +.Nm , +then +.Ar increment +is taken as an absolute priority rather than an increment. +.It Fl p +Alter the scheduling priority of process +.Ar id . +.It Fl u +Alter the scheduling priority of all processes belonging to user +.Ar id , +which may be a user name or ID. +.El +.Sh FILES +.Bl -tag -width /etc/passwd -compact +.It Pa /etc/passwd +for mapping user names to user IDs +.El +.Sh EXIT STATUS +.Ex -std renice +.Sh EXAMPLES +The following example +changes the priority of process IDs 987 and 32, +and all processes owned by users daemon and root: +.Bd -literal -offset indent +# renice -n +1 987 -u daemon root -p 32 +.Ed +.Sh SEE ALSO +.Xr nice 1 , +.Xr getpriority 2 , +.Xr setpriority 2 +.Sh STANDARDS +The +.Nm +utility is compliant with the +.St -p1003.1-2008 +specification, +except the way in which processes are specified differs. +.Pp +The historical behavior of passing +.Ar increment +as an absolute priority is supported for backwards compatibility. +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.0 . +.Sh BUGS +Non-superusers cannot increase scheduling priorities of their own processes, +even if they were the ones that decreased the priorities in the first place. diff --git a/static/openbsd/man8/repquota.8 b/static/openbsd/man8/repquota.8 new file mode 100644 index 00000000..add8b714 --- /dev/null +++ b/static/openbsd/man8/repquota.8 @@ -0,0 +1,96 @@ +.\" $OpenBSD: repquota.8,v 1.12 2016/03/17 18:50:48 mmcc Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Robert Elz at The University of Melbourne. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)repquota.8 8.1 (Berkeley) 6/6/93 +.\" $Id: repquota.8,v 1.12 2016/03/17 18:50:48 mmcc Exp $ +.\" +.Dd $Mdocdate: March 17 2016 $ +.Dt REPQUOTA 8 +.Os +.Sh NAME +.Nm repquota +.Nd summarize quotas for a file system +.Sh SYNOPSIS +.Nm +.Op Fl guv +.Fl a +.Nm +.Op Fl guv +.Ar filesystem ... +.Sh DESCRIPTION +.Nm +prints a summary of the disk usage and quotas for the +specified filesystem(s). +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Print the quotas of all filesystems listed in +.Pa /etc/fstab . +.It Fl g +Print only group quotas (the default is to print both +group and user quotas if they exist). +.It Fl u +Print only user quotas (the default is to print both +group and user quotas if they exist). +.It Fl v +Print a header line before printing each filesystem's quota. +.El +.Pp +For each user or group, the current +number of files and amount of space (in kilobytes) is +printed, along with any quotas created with +.Xr edquota 8 . +.Pp +Only members of the operator group or the superuser may +use this command. +.Sh FILES +.Bl -tag -width quota.group -compact +.It Pa quota.user +at the filesystem root with user quotas +.It Pa quota.group +at the filesystem root with group quotas +.It Pa /etc/fstab +for file system names and locations +.El +.Sh SEE ALSO +.Xr quota 1 , +.Xr quotactl 2 , +.Xr fstab 5 , +.Xr edquota 8 , +.Xr quotacheck 8 , +.Xr quotaon 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . diff --git a/static/openbsd/man8/resolvd.8 b/static/openbsd/man8/resolvd.8 new file mode 100644 index 00000000..6c704be5 --- /dev/null +++ b/static/openbsd/man8/resolvd.8 @@ -0,0 +1,96 @@ +.\" $OpenBSD: resolvd.8,v 1.12 2023/02/21 07:47:24 jmc Exp $ +.\" +.\" Copyright (c) 2021 Florian Obser <florian@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 21 2023 $ +.Dt RESOLVD 8 +.Os +.Sh NAME +.Nm resolvd +.Nd a daemon to handle nameserver configuration +.Sh SYNOPSIS +.Nm +.Op Fl dv +.Sh DESCRIPTION +.Nm +handles the contents of +.Pa /etc/resolv.conf , +which contains details of the system's DNS nameservers, and is +read by the resolver routines in the C library. +Nameservers are learned from various sources, incorporated in a priority +order, then user-edited information found in the pre-existing file is +re-appended. +.Pp +.Nm +checks whether +.Xr unwind 8 +is running and, if so, places a nameserver line at the top +to cause local resolution: +.Pp +.Dl nameserver 127.0.0.1 +.Pp +.Nm +also monitors the routing socket for proposals learned by +.Xr dhcpleased 8 , +.Xr iked 8 , +.Xr slaacd 8 , +or network devices which natively learn DNS information such as +.Xr sppp 4 +or +.Xr umb 4 . +Proposals can be sent manually using the +.Xr route 8 +.Cm nameserver +command. +The proposals are added in priority order, +but commented out if +.Xr unwind 8 +is running. +.Pp +After that, +.Nm +appends all user-edited lines found in the file. +.Pp +.Nm +also notices if the +.Pa /etc/resolv.conf +file is edited, and will rewrite the file, re-blending the various +pieces of information. +It will also create +.Pa /etc/resolv.conf +if it does not exist or if it is empty. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl v +Produce more verbose output. +.El +.Sh SEE ALSO +.Xr resolv.conf 5 , +.Xr dhcpleased 8 , +.Xr route 8 , +.Xr slaacd 8 , +.Xr unwind 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.9 . diff --git a/static/openbsd/man8/restore.8 b/static/openbsd/man8/restore.8 new file mode 100644 index 00000000..7465254a --- /dev/null +++ b/static/openbsd/man8/restore.8 @@ -0,0 +1,455 @@ +.\" $OpenBSD: restore.8,v 1.41 2022/03/31 17:27:20 naddy Exp $ +.\" $NetBSD: restore.8,v 1.15 1997/07/01 05:37:53 lukem Exp $ +.\" +.\" Copyright (c) 1985, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)restore.8 8.3 (Berkeley) 6/1/94 +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt RESTORE 8 +.Os +.Sh NAME +.Nm restore , +.Nm rrestore +.Nd restore files or file systems from backups made with dump +.Sh SYNOPSIS +.Nm restore +.Op Fl chimRrtvxy +.Op Fl b Ar blocksize +.Op Fl f Ar file +.Op Fl s Ar fileno +.Op Ar +.Sh DESCRIPTION +The +.Nm +command performs the inverse function of +.Xr dump 8 . +A full backup of a file system may be restored and +subsequent incremental backups layered on top of it. +Single files and +directory subtrees may be restored from full or partial +backups. +Other arguments to the command are file or directory +names specifying the files that are to be restored. +Unless the +.Fl h +flag is specified (see below), +the appearance of a directory name refers to +the files and (recursively) subdirectories of that directory. +.Pp +.Nm +works across networks, +replacing the functionality of the old +.Nm rrestore +program +(though +.Nm +may still be invoked as +.Nm rrestore ) . +See the +.Fl f +option for more on reading backups from remote hosts. +.Pp +Exactly one of the following flags is required: +.Bl -tag -width Ds +.It Fl i +This mode allows interactive restoration of files from a dump. +After reading in the directory information from the dump, +.Nm +provides a shell like interface that allows the user to move +around the directory tree selecting files to be extracted. +The available commands are given below; +for those commands that require an argument, +the default is the current directory. +.Bl -tag -width Fl +.It Ic add Op Ar arg +The current directory or specified argument is added to the list of +files to be extracted. +If a directory is specified, then it and all its descendants are +added to the extraction list +(unless the +.Fl h +flag is specified on the command line). +Files that are on the extraction list are prepended with a +.Dq \&* +when they are listed by +.Ic ls . +.It Ic \&cd Ar arg +Change the current working directory to the specified argument. +.It Ic delete Op Ar arg +The current directory or specified argument is deleted from the list of +files to be extracted. +If a directory is specified, then it and all its descendants are +deleted from the extraction list +(unless the +.Fl h +flag is specified on the command line). +The most expedient way to extract most of the files from a directory +is to add the directory to the extraction list and then delete +those files that are not needed. +.It Ic extract +All files on the extraction list are extracted +from the dump. +.Nm +will ask which volume the user wishes to mount. +The fastest way to extract a few files is to +start with the last volume and work towards the first volume. +.It Ic help +List a summary of the available commands. +.It Ic \&ls Op Ar arg +List the current or specified directory. +Entries that are directories are appended with a +.Dq / . +Entries that have been marked for extraction are prepended with a +.Dq \&* . +If the verbose +flag is set, the inode number of each entry is also listed. +.It Ic pwd +Print the full pathname of the current working directory. +.It Ic quit +Restore immediately exits, +even if the extraction list is not empty. +.It Ic setmodes +All directories that have been added to the extraction list +have their owner, modes, and times set; +nothing is extracted from the dump. +This is useful for cleaning up after a restore has been prematurely aborted. +.It Ic verbose +The sense of the +.Fl v +flag is toggled. +When set, the verbose flag causes the +.Ic ls +command to list the inode numbers of all entries. +It also causes +.Nm +to print out information about each file as it is extracted. +.It Ic what +List dump header information. +.El +.It Fl R +.Nm +requests a particular tape of a multi-volume set on which to restart +a full restore +(see the +.Fl r +flag below). +This is useful if the restore has been interrupted. +.It Fl r +Restore (rebuild) a file system. +The target file system should be made pristine with +.Xr newfs 8 , +mounted, and the user +changed working directory +into the pristine file system +before starting the restoration of the initial level 0 backup. +If the level 0 restores successfully, the +.Fl r +flag may be used to restore +any necessary incremental backups on top of the level 0. +The +.Fl r +flag precludes an interactive file extraction and can be +detrimental to one's health (not to mention the disk) if not used carefully. +An example of correct usage: +.Bd -literal -offset indent +# newfs /dev/rsd0g +# mount /dev/sd0g /mnt +# cd /mnt +# restore rf /dev/rst0 +.Ed +.Pp +Note that +.Nm +leaves a file +.Pa restoresymtable +in the root directory to pass information between incremental +restore passes. +This file should be removed when the last incremental has been +restored. +.Pp +.Nm restore , +in conjunction with +.Xr newfs 8 +and +.Xr dump 8 , +may be used to modify file system parameters +such as size or block size. +.It Fl t +The names of the specified files are listed if they occur +on the backup. +If no file argument is given, +the root directory is listed, +which results in the entire content of the +backup being listed, +unless the +.Fl h +flag has been specified. +Note that the +.Fl t +flag replaces the function of the old +.Sy dumpdir +program. +.It Fl x +The named files are read from the given media. +If a named file matches a directory whose contents +are on the backup +and the +.Fl h +flag is not specified, +the directory is recursively extracted. +The owner, modification time, +and mode are restored (if possible). +If no file argument is given, +the root directory is extracted, +which results in the entire content of the +backup being extracted, +unless the +.Fl h +flag has been specified. +.El +.Pp +The following additional options may be specified: +.Bl -tag -width Ds +.It Fl b Ar blocksize +The number of kilobytes per dump record. +If the +.Fl b +option is not specified, +.Nm +tries to determine the block size dynamically. +.It Fl c +Normally, +.Nm +will try to determine dynamically whether the dump was made from an +old (pre-4.4) or new format file system. +The +.Fl c +flag disables this check, and only allows reading a dump in the old +format. +.It Fl f Ar file +Read the backup from +.Ar file ; +.Ar file +may be a special device file +like +.Pa /dev/rst0 +(a tape drive), +.Pa /dev/rsd1c +(a disk drive), +an ordinary file, +or +.Dq Fl +(the standard input). +If the name of the file is of the form +.Dq host:file +or +.Dq user@host:file , +.Nm +reads from the named file on the remote host using +.Xr rmt 8 . +.It Fl h +Extract the actual directory, +rather than the files that it references. +This prevents hierarchical restoration of complete subtrees +from the dump. +.It Fl m +Extract by inode numbers rather than by file name. +This is useful if only a few files are being extracted, +and one wants to avoid regenerating the complete pathname +to the file. +.It Fl s Ar fileno +Read from the specified +.Ar fileno +on a multi-file tape. +File numbering starts at 1. +.It Fl v +Normally +.Nm +does its work silently. +The +.Fl v +(verbose) +flag causes it to type the name of each file it treats +preceded by its file type. +.It Fl y +Do not ask the user whether to abort the restore in the event of an error. +Always try to skip over the bad block(s) and continue. +.El +.Sh ENVIRONMENT +If the following environment variable exists, it will be utilized by +.Nm restore : +.Bl -tag -width "TMPDIR" +.It Ev TMPDIR +The directory given in +.Ev TMPDIR +will be used +instead of +.Pa /tmp +to store temporary files. +Refer to +.Xr environ 7 +for more information. +.It Ev TAPE +Default tape device to use instead of +.Pa /dev/rst0 . +.El +.Sh FILES +.Bl -tag -width "./restoresymtable" -compact +.It Pa /dev/rst0 +the default tape drive +.It Pa /dev/rst* +raw SCSI tape interface +.It Pa /tmp/rstdir* +file containing directories on the tape +.It Pa /tmp/rstmode* +owner, mode, and time stamps for directories +.It Pa \&./restoresymtable +information passed between incremental restores +.El +.Sh DIAGNOSTICS +Complains if it gets a read error. +If +.Fl y +has been specified, or the user responds +.Dq y , +.Nm +will attempt to continue the restore. +.Pp +If a backup was made using more than one tape volume, +.Nm +will notify the user when it is time to mount the next volume. +If the +.Fl x +or +.Fl i +flag has been specified, +.Nm +will also ask which volume the user wishes to mount. +The fastest way to extract a few files is to +start with the last volume, and work towards the first volume. +.Pp +There are numerous consistency checks that can be listed by +.Nm restore . +Most checks are self-explanatory or can +.Dq never happen . +Common errors are given below. +.Pp +.Bl -tag -width Ds -compact +.It Converting to new file system format +A dump tape created from the old file system has been loaded. +It is automatically converted to the new file system format. +.Pp +.It <filename>: not found on tape +The specified file name was listed in the tape directory, +but was not found on the tape. +This is caused by tape read errors while looking for the file, +and from using a dump tape created on an active file system. +.Pp +.It expected next file <inumber>, got <inumber> +A file that was not listed in the directory showed up. +This can occur when using a dump created on an active file system. +.Pp +.It Incremental dump too low +When doing an incremental restore, +a dump that was written before the previous incremental dump, +or that has too low an incremental level has been loaded. +.Pp +.It Incremental dump too high +When doing an incremental restore, +a dump that does not begin its coverage where the previous incremental +dump left off, +or that has too high an incremental level has been loaded. +.Pp +.It Tape read error while restoring <filename> +.It Tape read error while skipping over inode <inumber> +.It Tape read error while trying to resynchronize +A tape (or other media) read error has occurred. +If a file name is specified, +its contents are probably partially wrong. +If an inode is being skipped or the tape is trying to resynchronize, +no extracted files have been corrupted, +though files may not be found on the tape. +.Pp +.It resync restore, skipped <num> blocks +After a dump read error, +.Nm +may have to resynchronize itself. +This message lists the number of blocks that were skipped over. +.El +.Sh SEE ALSO +.Xr environ 7 , +.Xr dump 8 , +.Xr mount 8 , +.Xr newfs 8 , +.Xr rmt 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Pp +The +.Bx 4.3 +option syntax is implemented for backward compatibility but +is not documented here. +.Sh BUGS +.Nm +can get confused when doing incremental restores from +dumps that were made on active file systems. +.Pp +A level 0 dump must be done after a full restore. +Because +.Nm +runs in user mode, +it has no control over inode allocation; +thus a full dump must be done to get a new set of directories +reflecting the new inode numbering, +even though the content of the files is unchanged. +.Pp +The temporary files +.Pa /tmp/rstdir* +and +.Pa /tmp/rstmode* +are generated with a unique name based on the date of the dump +and the process ID (see +.Xr mktemp 3 ) , +except when +.Fl r +or +.Fl R +is used. +Because +.Fl R +allows you to restart a +.Fl r +operation that may have been interrupted, the temporary files should +be the same across different processes. +In all other cases, the files are unique because it is possible to +have two different dumps started at the same time, and separate +operations shouldn't conflict with each other. diff --git a/static/openbsd/man8/revnetgroup.8 b/static/openbsd/man8/revnetgroup.8 new file mode 100644 index 00000000..fa5ac272 --- /dev/null +++ b/static/openbsd/man8/revnetgroup.8 @@ -0,0 +1,139 @@ +.\" $OpenBSD: revnetgroup.8,v 1.14 2019/03/20 04:52:28 schwarze Exp $ +.\" +.\" Copyright (c) 1995 +.\" Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Bill Paul. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: revnetgroup.8,v 1.4 1997/02/22 14:22:03 peter Exp $ +.\" +.Dd $Mdocdate: March 20 2019 $ +.Dt REVNETGROUP 8 +.Os +.Sh NAME +.Nm revnetgroup +.Nd generate reverse netgroup data +.Sh SYNOPSIS +.Nm revnetgroup +.Fl h | u +.Op Fl f Ar netgroup_file +.Sh DESCRIPTION +.Nm +processes the contents of a file in +.Xr netgroup 5 +format into what is called +.Pa reverse netgroup +form. +That is, where the original file shows +netgroup memberships in terms of which members reside in a particular +group, the reverse netgroup format specifies what groups are associated +with a particular member. +This information is used to generate the +.Pa netgroup.byuser +and +.Pa netgroup.byhosts +YP maps. +These reverse netgroup maps are used to help speed up +netgroup lookups, particularly for the +.Fn innetgr +library function. +.Pp +For example, the standard +.Pa /etc/netgroup +file may list a netgroup and a list of its members. +Here, the netgroup is considered the +.Pa key +and the member names are the +.Pa data . +By contrast, the reverse +.Pa netgroup.byusers +database lists each unique +member as the key and the netgroups to which the members belong become +the data. +Separate databases are created to hold information pertaining +to users and hosts; this allows netgroup username lookups +and netgroup hostname lookups to be performed using independent keyspaces. +.Pp +By constructing these reverse netgroup databases (and the corresponding +YP maps) in advance, the +.Xr getnetgrent 3 +library functions are spared from having to work out the dependencies +themselves on the fly. +This is important on networks with large numbers +of users and hosts, since it can take a considerable amount of time +to process very large netgroup databases. +.Pp +The +.Nm +command prints its results on the standard output. +It is usually called only by +.Pa /var/yp/<domain>/Makefile +when rebuilding the YP netgroup maps. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f Ar netgroup_file +The +.Nm +command uses +.Pa /etc/netgroup +as its default input file. +The +.Fl f +flag allows the user to specify an alternate input file. +Specifying +.Dq - +as the input file causes +.Nm +to read from the standard input. +.It Fl h +Generate netgroup.byhost output; only hostname information in the +original netgroup file is processed. +.It Fl u +Generate netgroup.byuser output; only username information in the +original netgroup file is processed. +.El +.Sh FILES +.Bl -tag -width xxxxxxxxxxxxxxxxxxxxxxxx -compact +.It Pa /var/yp/<domain>/Makefile +The Makefile that calls +.Xr makedbm 8 +and +.Nm +to build the YP databases. +.It Pa /etc/netgroup +The default netgroup database file. +This file is most often found only on the YP master server. +.El +.Sh SEE ALSO +.Xr getnetgrent 3 , +.Xr netgroup 5 , +.Xr makedbm 8 , +.Xr yp 8 +.Sh AUTHORS +.An Bill Paul Aq Mt wpaul@ctr.columbia.edu diff --git a/static/openbsd/man8/ripctl.8 b/static/openbsd/man8/ripctl.8 new file mode 100644 index 00000000..d6ab20bc --- /dev/null +++ b/static/openbsd/man8/ripctl.8 @@ -0,0 +1,109 @@ +.\" $OpenBSD: ripctl.8,v 1.13 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2006 Michele Marchetto <mydecay@openbeer.it> +.\" Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt RIPCTL 8 +.Os +.Sh NAME +.Nm ripctl +.Nd control the RIP routing daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr ripd 8 +daemon. +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm s n +for +.Cm show neighbor . +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /var/run/ripd.sock +to communicate with +.Xr ripd 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm fib couple +Insert the learned routes into the Forward Information Base a.k.a. the kernel +routing table. +.It Cm fib decouple +Remove the learned routes from the Forward Information Base a.k.a. the kernel +routing table. +Decoupling the FIB from an RIP router may create routing loops and could cause +major routing issues. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm show fib Op Ar destination | filter +Show the Forwarding Information Base. +.Ar destination +can be specified to show the route matching a destination IP address. +.Ar filter +can be any of the following: +.Pp +.Bl -tag -width "interfaceXXinterfaceXX" -compact +.It Cm connected +Show only connected routes. +.It Cm interface +Show only interfaces. +.It Cm rip +Show only RIP routes. +.It Cm static +Show only static routes. +.El +.Pp +.Cm connected , +.Cm rip , +and +.Cm static +may be specified together. +.It Cm show interfaces +Show details for all interfaces. +.It Cm show neighbor +Show neighbors. +.It Cm show rib +Show the Routing Information Base. +.El +.Sh FILES +.Bl -tag -width "/var/run/ripd.sockXX" -compact +.It Pa /var/run/ripd.sock +.Ux Ns -domain +socket used for communication with +.Xr ripd 8 . +.El +.Sh SEE ALSO +.Xr ripd.conf 5 , +.Xr ripd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.1 . diff --git a/static/openbsd/man8/ripd.8 b/static/openbsd/man8/ripd.8 new file mode 100644 index 00000000..c089a1da --- /dev/null +++ b/static/openbsd/man8/ripd.8 @@ -0,0 +1,103 @@ +.\" $OpenBSD: ripd.8,v 1.14 2023/03/02 17:09:54 jmc Exp $ +.\" +.\" Copyright (c) 2006 Michele Marchetto <mydecay@openbeer.it> +.\" Copyright (c) 2004, 2005, 2006 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt RIPD 8 +.Os +.Sh NAME +.Nm ripd +.Nd Routing Information Protocol (RIP) daemon +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is the Routing Information Protocol +.Pq RIP +daemon which manages routers' routing tables. +.Pp +A running +.Nm +can be controlled with the +.Xr ripctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/var/run/ripd.sockXX" -compact +.It Pa /etc/ripd.conf +Default +.Nm +configuration file. +.It Pa /var/run/ripd.sock +.Ux Ns -domain +socket used for communication with +.Xr ripctl 8 . +.El +.Sh SEE ALSO +.Xr ripd.conf 5 , +.Xr rc.conf 8 , +.Xr ripctl 8 +.Sh STANDARDS +.Rs +.%A F. Baker +.%A R. Atkinson +.%D January 1997 +.%R RFC 2082 +.%T RIP-2 MD5 Authentication +.Re +.Pp +.Rs +.%A G. Malkin +.%D November 1998 +.%R RFC 2453 +.%T RIP Version 2 +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.1 . diff --git a/static/openbsd/man8/rmgroup.8 b/static/openbsd/man8/rmgroup.8 new file mode 100644 index 00000000..c12d0219 --- /dev/null +++ b/static/openbsd/man8/rmgroup.8 @@ -0,0 +1,61 @@ +.\" $OpenBSD: rmgroup.8,v 1.13 2009/10/22 12:35:53 sobrado Exp $ +.\" +.\" Copyright (c) 1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $From: rmgroup.8,v 1.1 1996/11/04 17:21:11 wosch Exp $ +.Dd $Mdocdate: October 22 2009 $ +.Dt RMGROUP 8 +.Os +.Sh NAME +.Nm rmgroup +.Nd delete a UNIX group +.Sh SYNOPSIS +.Nm rmgroup +.Ar group +.Sh DESCRIPTION +.Nm +deletes the specified +.Ux +.Ar group +from group database. +.Nm +will not delete the system groups wheel, daemon, kmem, sys, tty, +operator, bin, nogroup, nobody, +or groups with gid 0. +Do not delete these groups. +.Sh FILES +.Bl -tag -width /etc/groupX -compact +.It Pa /etc/group +group database +.El +.Sh SEE ALSO +.Xr group 5 , +.Xr adduser 8 , +.Xr rmuser 8 +.Sh HISTORY +The +.Nm +command appeared in +.Fx 2.2 . diff --git a/static/openbsd/man8/rmt.8 b/static/openbsd/man8/rmt.8 new file mode 100644 index 00000000..daf62613 --- /dev/null +++ b/static/openbsd/man8/rmt.8 @@ -0,0 +1,219 @@ +.\" $OpenBSD: rmt.8,v 1.13 2015/09/20 10:05:48 halex Exp $ +.\" +.\" Copyright (c) 1983, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)rmt.8 6.5 (Berkeley) 3/16/91 +.\" +.Dd $Mdocdate: September 20 2015 $ +.Dt RMT 8 +.Os +.Sh NAME +.Nm rmt +.Nd remote magtape protocol module +.Sh SYNOPSIS +.Nm +.Op Fl r | w +.Op Fl d Ar directory +.Sh DESCRIPTION +.Nm +is a program used by the remote dump and restore programs +through an interprocess communication connection. +Traditionally it is used for manipulating a magnetic tape drive but it may +be used for regular file access as well. +.Nm +is normally started up with an +.Xr rcmd 3 +or +.Xr rcmdsh 3 +call. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar directory +Confine file access to +.Ar directory . +Forward slashes in filenames are disallowed and symlinks are not followed. +.It Fl r +Read-only mode, suitable for use with +.Xr rrestore 8 . +.It Fl w +File write mode, suitable for use with +.Xr rdump 8 +for dumping to regular files. +Creates missing files and refuses to open existing ones. +The file permission bits are set to readonly. +.El +.Pp +The +.Nm +program accepts requests specific to the manipulation of +magnetic tapes, performs the commands, then responds with +a status indication. +All responses are in ASCII and in one of two forms. +Successful commands have responses of: +.Pp +.D1 Sy A Ns Ar number Ns \en +.Pp +.Ar number +is an ASCII representation of a decimal number. +Unsuccessful commands are responded to with: +.Bd -filled -offset indent +.Sm off +.Sy E Ar error-number No \en Ar error-message No \en +.Sm on +.Ed +.Pp +.Ar error-number +is one of the possible error +numbers described in +.Xr intro 2 +and +.Ar error-message +is the corresponding error string as printed +from a call to +.Xr perror 3 . +The protocol is comprised of the +following commands, which are sent as indicated - no spaces are supplied +between the command and its arguments, or between its arguments, and +.Ql \en +indicates that a newline should be supplied: +.Bl -tag -width Ds +.Sm off +.It Xo Ic \&O Ar device +.No \en Ar mode No \en +.Xc +.Sm on +Open the specified +.Ar device +using the indicated +.Ar mode . +.Ar device +is a full pathname and +.Ar mode +is an ASCII representation of a decimal +number suitable for passing to +.Xr open 2 . +If a device had already been opened, it is +closed before a new open is performed. +.It Ic C Ns Ar device Ns \en +Close the currently open device. +The +.Ar device +specified is ignored. +.Sm off +.It Xo Ic L +.Ar offset No \en +.Ar whence No \en +.Xc +.Sm on +Perform an +.Xr lseek 2 +operation using the specified parameters. +The response value is that returned from the +.Xr lseek 2 +call. +.It Ic W Ns Ar count Ns \en +Write data onto the open device. +.Nm +reads +.Ar count +bytes from the connection, aborting if +a premature end-of-file is encountered. +The response value is that returned from +the +.Xr write 2 +call. +.It Ic R Ns Ar count Ns \en +Read +.Ar count +bytes of data from the open device. +If +.Ar count +exceeds the size of the data buffer (10 kilobytes), it is +truncated to the data buffer size. +.Nm +then performs the requested +.Xr read 2 +and responds with +.Sy A Ns Ar count-read Ns \en +if the read was +successful; otherwise an error in the +standard format is returned. +If the read was successful, the data read is then sent. +.Sm off +.It Xo Ic I Ar operation +.No \en Ar count No \en +.Xc +.Sm on +Perform an +.Dv MTIOCOP +.Xr ioctl 2 +command using the specified parameters. +The parameters are interpreted as the +ASCII representations of the decimal values +to place in the +.Ar mt_op +and +.Ar mt_count +fields of the structure used in the +.Xr ioctl 2 +call. +The return value is the +.Ar count +parameter when the operation is successful. +.It Ic S +Return the status of the open device, as +obtained with a +.Dv MTIOCGET +.Xr ioctl 2 +call. +If the operation was successful, an +.Dq ack +is sent with the size of the status buffer, then the status buffer is +sent (in binary). +.El +.Pp +Any other command causes +.Nm +to exit. +.Sh DIAGNOSTICS +All responses are of the form described above. +.Sh SEE ALSO +.Xr rcmd 3 , +.Xr rcmdsh 3 , +.Xr mtio 4 , +.Xr rdump 8 , +.Xr rrestore 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Sh BUGS +People tempted to use this for a remote file access protocol +are discouraged. diff --git a/static/openbsd/man8/route.8 b/static/openbsd/man8/route.8 new file mode 100644 index 00000000..0e467a21 --- /dev/null +++ b/static/openbsd/man8/route.8 @@ -0,0 +1,651 @@ +.\" $OpenBSD: route.8,v 1.119 2023/08/02 23:34:13 aisha Exp $ +.\" $NetBSD: route.8,v 1.6 1995/03/18 15:00:13 cgd Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)route.8 8.3 (Berkeley) 3/19/94 +.\" +.Dd $Mdocdate: August 2 2023 $ +.Dt ROUTE 8 +.Os +.Sh NAME +.Nm route +.Nd manually manipulate the routing tables +.Sh SYNOPSIS +.Nm route +.Op Fl dnqtv +.Op Fl T Ar rtable +.Ar command +.Oo +.Op Ar modifier ... +.Ar arg ... +.Oc +.Sh DESCRIPTION +At system start, +routing tables are initialised and configured by +.Xr netstart 8 . +The +.Nm +utility can be used to view or manually manipulate the network routing tables. +Only the superuser may modify the routing tables. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Run in debug-only mode, i.e. don't actually modify the routing table. +.It Fl n +Bypass attempts to print host and network names symbolically +when reporting actions. +The process of translating between symbolic +names and numerical equivalents can be quite time consuming, and +may require correct operation of the network; thus it may be expedient +to forgo this, especially when attempting to repair networking operations. +.It Fl q +Suppress all output. +.It Fl T Ar rtable +Select an alternate routing table to modify or query. +The default is to use the current routing table. +The current routing table can be displayed with +.Xr id 1 . +.It Fl t +Write routing messages to a fake device +.Pa ( /dev/null ) +instead of a real routing socket to test route manipulation. +.It Fl v +Print additional details. +.El +.Pp +The commands are as follows: +.Pp +.Bl -tag -width "XXXX" -compact +.It Xo +.Nm route +.Op Fl dnqtv +.Op Fl T Ar rtable +.Tg +.Cm add +.Op Ar modifier +.Ar destination +.Ar gateway +.Xc +.It Xo +.Nm route +.Op Fl dnqtv +.Op Fl T Ar rtable +.Tg +.Cm change +.Op Ar modifier +.Ar destination +.Ar gateway +.Xc +Add a new route, or modify an existing route, to the host or network at +.Ar destination . +.Ar gateway +is the next-hop intermediary by which packets should be routed. +See +.Sx Address notation and interpretation +for more information. +.Pp +A number of modifiers can be used with +.Cm add +and +.Cm change , +and as documented with the other commands: +.Pp +.Bl -tag -width Ds -compact +.It Ar flags +Various flags can be set on routes +(viewable using +.Cm show ) : +.Pp +.Bl -tag -width -blackhole -compact +.It Fl blackhole +silently discard packets +.It Fl cloning +generates a new route on use +.It Fl iface +destination is directly reachable +.It Fl llinfo +validly translates address to link address +.It Fl mpath +multiple gateways for a destination exist +.It Fl nostatic +pretend route added by kernel or daemon +.It Fl proto1 +sets protocol specific routing flag #1 +.It Fl proto2 +sets protocol specific routing flag #2 +.It Fl reject +emits an ICMP unreachable when matched +.It Fl static +manually added route (default) +.El +.Pp +The +.Fl blackhole +and +.Fl reject +flags require a +.Ar gateway +to the loopback interface, +either 127.0.0.1 or ::1. +.Pp +.It Oo Fl lock | Fl lockrest Oc Fl expire Ar n +.It Oo Fl lock | Fl lockrest Oc Fl mtu Ar n +Specify the lifetime for the route (e.g. if generated by a redirect) +or the Maximum Transmission Unit (MTU) size for this path, respectively. +The value +.Ar n +is locked if preceded by +.Fl lock ; +if preceded by +.Fl lockrest +all following +.Fl expire +and +.Fl mtu +metrics are locked. +.Pp +.It Fl host | net +Interpret +.Ar destination +as a host or network, respectively. +.Pp +.It Fl ifa Ar address +.It Fl ifp Ar ifname +Where the destination and gateway are not sufficient to specify +the route, +these modifiers may be used to determine the interface address +.Pq Fl ifa +or name +.Pq Fl ifp . +.Pp +.It Fl label Ar label +Associate the route with a +.Ar label . +Route labels can be used to attach arbitrary information to a route. +.Pp +.It Fl mpath +Used to enter multiple gateways for the same destination address (multipath). +When multiple routes exist for a destination, one route is selected based +on the source address of the packet. +The +.Xr sysctl 8 +variables +.Va net.inet.ip.multipath +and +.Va net.inet6.ip6.multipath +are used to control multipath routing. +If set to 1, +multiple routes with the same priority are used equally; +if set to 0, +the first route selected will be used for subsequent packets to that +destination regardless of source. +.Pp +.It Xo +.Fl mplslabel in Ar label +.Fl push Ns | Ns Fl pop Ns | Ns Fl swap +.Op Fl out Ar label +.Xc +For MPLS routes, +specify an ingress LSR to associate a particular label to an IPv4/IPv6 route. +The MPLS traffic +.Fl in +and +.Fl out +modifiers are intended to identify the ingress label and, optionally, +the outgoing one. +Additionally, one of the following operations must be used: +.Fl push , +.Fl pop +or +.Fl swap . +The route's gateway can be specified using the +.Fl inet +or +.Fl inet6 +modifier before the address. +.Pp +.It Fl netmask Ar mask +.It Fl prefixlen Ar len +Used to add subnet routes with the specified netmask. +The netmask should be specified after the +.Ar destination +parameter. +If no netmask is specified, +an implicit one is used for the +.Dv AF_INET +family. +The network mask can also be specified as a prefix length, +but in that case one of either +.Fl inet +or +.Fl inet6 +must also be specified. +.Pp +.It Fl priority Ar n +Specifies a routing priority. +If no priority is specified, the kernel will set a priority depending on the +.Dv RTF_STATIC +flag to either +.Dv RTP_STATIC +or +.Dv RTP_DEFAULT . +Note that priority 1 is reserved for kernel use. +.El +.Pp +.It Xo +.Nm route +.Op Fl dnqtv +.Op Fl T Ar rtable +.Tg delete +.Tg +.Cm del Ns Op Cm ete +.Ar destination +.Op Fl priority Ar n +.Op Ar gateway +.Xc +Delete the route to +.Ar destination . +If multiple routes to the destination exist, +a specific route must be selected by specifying the priority +and/or a gateway. +.Pp +.It Xo +.Nm route +.Op Fl T Ar rtable +.Tg +.Cm exec +.Ar command +.Op Ar arg ... +.Xc +Execute a command, forcing the process and its children to use the +routing table and appropriate routing domain as specified with the +.Fl T Ar rtable +option. +.Pp +.It Xo +.Nm route +.Op Fl nqv +.Op Fl T Ar rtable +.Tg +.Cm flush +.Op Ar family +.Op Fl iface Ar ifname +.Op Fl priority Ar n +.Xc +Delete all gateway entries from the routing table, +optionally limited to a specific address family. +Routes matching a specific interface or priority can be flushed +by using the +.Fl iface +or +.Fl priority +modifiers. +.Pp +.It Xo +.Bk -words +.Nm route +.Op Fl nv +.Op Fl T Ar rtable +.Tg +.Cm get +.Ar destination +.Op Fl priority Ar n +.Op Ar gateway +.Ek +.Xc +Display the route to +.Ar destination . +If multiple routes to the destination exist, +a specific route may be selected by specifying the priority +and/or a gateway. +.Pp +.It Xo +.Nm +.Op Fl n +.Op Fl T Ar rtable +.Tg +.Cm monitor +.Op Ar family +.Op Fl iface +.Xc +Continuously report any changes to the routing information base. +The information reported can be limited to a specific address family, +a specific routing table +using the +.Fl T +option, +or interface specific messages (link state changes) using the +.Fl iface +modifier. +.Pp +.It Xo +.Ic route +.Op Fl dtv +.Op Fl T Ar rtable +.Tg +.Cm nameserver +.Ar interface +.Op Ar address ... +.Xc +Broadcast a list of up to five nameserver address proposals to +.Xr resolvd 8 , +which is used to update the list of nameservers for the given interface in +.Xr resolv.conf 5 . +If no address is given, +a request to remove the nameservers for the given interface is sent. +.Pp +.It Xo +.Nm route +.Op Fl nv +.Op Fl T Ar rtable +.Tg +.Cm show +.Op Ar family +.Op Fl gateway +.Op Fl label Ar label +.Op Fl priority Ar n +.Xc +Display the routing table. +.Pp +If +.Fl gateway +is specified, only routes whose gateway are in the +same address family as the destination are shown. +.Pp +If +.Fl label +is specified, only routes with the specified label are shown. +.Pp +If +.Fl priority +is specified, only routes with the specified priority are shown. +It may be specified by number or one of +.Cm local , +.Cm connected , +.Cm static , +.Cm ospf , +.Cm rip , +or +.Cm bgp . +If the priority is negative, then routes that do not match the numeric +priority are shown. +.Pp +Within the output of +.Cm show , +the "Flags" column indicates what flags are set on the route. +The mapping between letters and flags is: +.Bl -column "1" "RTF_BLACKHOLE" "Protocol specific routing flag #1." +.It Dv 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1." +.It Dv 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2." +.It Dv 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3." +.It Dv B Ta Dv RTF_BLACKHOLE Ta "Just discard packets." +.It Dv b Ta Dv RTF_BROADCAST Ta "Correspond to a local broadcast address." +.It Dv C Ta Dv RTF_CLONING Ta "Generate new routes on use." +.It Dv c Ta Dv RTF_CLONED Ta "Cloned routes (generated from RTF_CLONING)." +.It Dv D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)." +.It Dv G Ta Dv RTF_GATEWAY Ta "Dest requires forwarding by intermediary." +.It Dv H Ta Dv RTF_HOST Ta "Host entry (net otherwise)." +.It Dv h Ta Dv RTF_CACHED Ta "Referenced by gateway route." +.It Dv L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation." +.It Dv l Ta Dv RTF_LOCAL Ta "Correspond to a local address." +.It Dv M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)." +.It Dv m Ta Dv RTF_MULTICAST Ta "Correspond to a multicast address." +.It Dv n Ta Dv RTF_CONNECTED Ta "Interface route." +.It Dv P Ta Dv RTF_MPATH Ta "Multipath route." +.It Dv R Ta Dv RTF_REJECT Ta "Host or net unreachable." +.It Dv S Ta Dv RTF_STATIC Ta "Manually added." +.It Dv T Ta Dv RTF_MPLS Ta "MPLS route." +.It Dv U Ta Dv RTF_UP Ta "Route usable." +.El +.Pp +.It Xo +.Ic route +.Op Fl T Ar rtable +.Tg +.Cm sourceaddr +.Op Fl ifp Ar ifname | Ar address +.Xc +Set the preferred source address to +.Ar address . +The source address can be set to the address assigned to interface +.Ar ifname +if +.Fl ifp +is specified, +or reset by setting the address to zero. +If no arguments are given, +the preferred source addresses are printed. +The preferred source address is not used if the destination is on-link +or the source address is assigned to a disabled interface. +.El +.Ss Address notation and interpretation +Addresses are assumed to be IPv4 unless they contain a colon, +in which case they are treated as IPv6. +Alternatively they may be specified as belonging to a particular address family +using one of the following modifiers: +.Pp +.Bl -tag -width "-inet6XXX" -offset indent -compact +.It Fl inet +IPv4 addresses; +see +.Xr ip 4 +.It Fl inet6 +IPv6 addresses; +see +.Xr ip6 4 +.It Fl link +hardware (link-level) addresses +.It Fl mpls +MPLS addresses +.It Fl sa +actual +.Vt sockaddr +data, in hexadecimal format +.El +.Pp +.Ar destination +is assumed to be a route to a network +if any of the following apply: +.Pp +.Bl -bullet -compact +.It +the +.Fl net +modifier is used +.It +it is the word "default", equivalent to 0/0 or ::/0 +.It +it is an address with a +.Dq / Ns Em XX +suffix, where +.Em XX +is the number of bits in the network portion of the address +.It +it specifies the network portion either with +.Fl netmask +or +.Fl prefixlen +.El +.Pp +If +.Ar destination +is a valid IP address or host name, +or the +.Fl host +modifier is used, +it is assumed to be a route to a host. +.Pp +All symbolic names specified for a +.Ar destination +or +.Ar gateway +are looked up using +.Xr gethostbyname 3 . +.Sh FILES +.Bl -tag -width "/etc/mygate" -compact +.It Pa /etc/hosts +host and network name database +.It Pa /etc/mygate +default gateway address +.El +.Sh EXIT STATUS +For commands other than +.Cm exec , +the +.Nm +utility exits 0 on success, and >0 if an error occurs. +.Pp +For the +.Cm exec +command the +.Nm +utility exits with the exit status of +.Ar command +if it could be invoked. +Otherwise the +.Nm +utility exits with one of the following values: +.Bl -tag -width Ds +.It 1 +An invalid command line option was passed to +.Nm +or setting the routing table failed. +.It 126 +.Ar command +was found but could not be invoked. +.It 127 +.Ar command +could not be found. +.El +.Sh EXAMPLES +Show the current IPv4 routing tables, +without attempting to print hostnames symbolically: +.Pp +.Dl $ route -n show -inet +.Pp +Add a static +.Xr inet 4 +route to the 192.168.5.0/24 network via the 192.168.0.1 gateway: +.Pp +.Dl # route add -inet 192.168.5.0/24 192.168.0.1 +.Pp +Amend the +.Xr inet 4 +route to the 192.168.5.0/24 network to use the 192.168.0.2 gateway: +.Pp +.Dl # route change -inet 192.168.5.0/24 192.168.0.2 +.Pp +Delete the +.Xr inet 4 +route to the 192.168.5.0/24 network: +.Pp +.Dl # route delete -inet 192.168.5.0/24 +.Pp +Add a static +.Xr inet6 4 +route to a host which is on the vio0 interface that is outside your prefix, +and use that host as a default gateway, as used by some hosting providers: +.Pp +.Dl # route add -inet6 2001:db8:efef::1 -cloning -link -iface vio0 +.Dl # route add -inet6 default 2001:db8:efef::1 +.Sh DIAGNOSTICS +.Bl -diag +.It "%s: gateway %s flags %x" +The specified route is being added to or deleted from the tables. +If the gateway address used was not the primary address of the gateway +(the first one returned by +.Xr gethostbyname 3 ) , +the gateway address is printed numerically as well as symbolically. +.It "%s %s done" +When the +.Cm flush +command is specified, each routing table entry deleted +is indicated with a message of this form. +.It "Network is unreachable" +An attempt to add a route failed because the gateway listed was not +on a directly connected network. +The next-hop gateway must be given. +.It "not in table" +A +.Cm delete +operation was attempted for an entry which +wasn't present in the tables. +.It "routing table overflow" +An +.Cm add +operation was attempted, but the system was +low on resources and was unable to allocate memory +to create the new entry. +.El +.Sh SEE ALSO +.Xr gethostbyname 3 , +.Xr inet_net_pton 3 , +.Xr inet_pton 3 , +.Xr route 4 , +.Xr rtable 4 , +.Xr hosts 5 , +.Xr mygate 5 , +.Xr netstart 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +IPv6 support was added by WIDE/KAME project. +.Pp +The +.Fl recvpipe , +.Fl hopcount , +.Fl sendpipe , +.Fl ssthresh , +.Fl rtt , +and +.Fl rttvar +modifiers used to be used to initialize various quantities in routing +table entries. +The routing system no longer uses these values and the modifiers +exist now only for compatibility with other operating systems. +.Sh BUGS +Some uses of the +.Fl ifa +or +.Fl ifp +modifiers with the +.Cm add +command will incorrectly fail with a +.Dq Network is unreachable +message if there is no default route. +See case +.Dv RTM_ADD +in +.Fn route_output +from +.Pa sys/net/rtsock.c +for details. diff --git a/static/openbsd/man8/route6d.8 b/static/openbsd/man8/route6d.8 new file mode 100644 index 00000000..c9f2113e --- /dev/null +++ b/static/openbsd/man8/route6d.8 @@ -0,0 +1,245 @@ +.\" $OpenBSD: route6d.8,v 1.28 2023/03/04 12:02:07 jmc Exp $ +.\" $KAME: route6d.8,v 1.11 2002/06/02 15:00:30 itojun Exp $ +.\" +.\" Copyright (c) 1996 WIDE Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modifications, are permitted provided that the above copyright notice +.\" and this paragraph are duplicated in all such forms and that any +.\" documentation, advertising materials, and other materials related to +.\" such distribution and use acknowledge that the software was developed +.\" by the WIDE Project, Japan. The name of the Project may not be used to +.\" endorse or promote products derived from this software without +.\" specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' +.\" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT +.\" LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +.\" A PARTICULAR PURPOSE. +.\" +.Dd $Mdocdate: March 4 2023 $ +.Dt ROUTE6D 8 +.Os +.Sh NAME +.Nm route6d +.Nd Routing Information Protocol (RIP) for IPv6 daemon +.Sh SYNOPSIS +.Nm route6d +.Op Fl aDdhlnqSsu +.Sm off +.Op Fl A No \~ Ar prefix No / Ar preflen , Ar if1 Op , Ar if2 , ... +.Sm on +.Sm off +.Op Fl L No \~ Ar prefix No / Ar preflen , Ar if1 Op , Ar if2 , ... +.Sm on +.Sm off +.Op Fl N No \~ Ar if1 Op , Ar if2 , ... +.Sm on +.Sm off +.Op Fl O No \~ Ar prefix No / Ar preflen , Ar if1 Op , Ar if2 , ... +.Sm on +.Sm off +.Op Fl T No \~ Ar if1 Op , Ar if2 , ... +.Sm on +.Op Fl t Ar tag +.Sh DESCRIPTION +The +.Nm +utility is a routing daemon which supports RIP over IPv6. +.Pp +The options are as follows: +.Bl -tag -width indent +.It Xo Fl A +.Sm off +.Ar prefix No / Ar preflen , +.Ar if1 +.Op , Ar if2 , ... +.Sm on +.Xc +This option is used for aggregating routes. +.Ar prefix Ns / Ns Ar preflen +specifies the prefix and the prefix length of the +aggregated route. +When advertising routes, +.Nm +filters specific routes covered by the aggregate +and advertises the aggregated route +.Ar prefix Ns / Ns Ar preflen +to the interfaces specified in the comma-separated interface list +.Sm off +.Ar if1 Op , Ar if2 , ... . +.Sm on +.Nm +creates a static route to +.Ar prefix Ns / Ns Ar preflen , +with the +.Dv RTF_REJECT +flag set, into the kernel routing table. +.It Fl a +Enables aging of the statically defined routes. +With this option, any +statically defined routes will be removed unless corresponding updates +arrive as if the routes are received at the startup of +.Nm . +.It Fl D +Enables extensive output of debugging messages. +This option also instructs +.Nm +to run in foreground mode +.Pq i.e. it does not become a daemon process . +.It Fl d +Enables output of debugging messages. +This option also instructs +.Nm +to run in foreground mode +.Pq i.e. it does not become a daemon process . +.It Fl h +Disables split horizon processing. +.It Xo Fl L +.Sm off +.Ar prefix No / Ar preflen , +.Ar if1 +.Op , Ar if2 , ... +.Sm on +.Xc +Filter incoming routes from interfaces +.Sm off +.Ar if1 Op , Ar if2 , ... . +.Sm on +.Nm +will accept incoming routes that are in +.Ar prefix Ns / Ns Ar preflen . +If multiple +.Fl L +options are specified, all routes that match any of the options are accepted. +.Li ::/0 +is treated specially as the default route, not +.Do +any route that has longer prefix length than, or equal to, 0 +.Dc . +For example, with +.Dq -L 2001:db8::/32,if1 -L ::/0,if1 , +.Nm +will accept the default route and routes in the 2001:db8::/32 address range, +but no others. +To accept any route, simply do not specify the +.Fl L +option. +.It Fl l +By default, +.Nm +will not exchange site local routes for safety reasons. +This is because the semantics of site local address space are rather vague, +as the specification is still being worked on, +and there is no good way to define the site local boundary. +With +.Fl l , +.Nm +will exchange site local routes as well. +It must not be used on site boundary routers, +since +.Fl l +assumes that all interfaces are in the same site. +.It Xo +.Fl N +.Sm off +.Ar if1 +.Op , Ar if2 , ... +.Sm on +.Xc +Do not listen to, or advertise, route from/to interfaces specified by +.Sm off +.Ar if1 Op , Ar if2 , ... . +.Sm on +.It Fl n +Do not update the kernel routing table. +.It Xo Fl O +.Sm off +.Ar prefix No / Ar preflen , +.Ar if1 +.Op , Ar if2 , ... +.Sm on +.Xc +Restrict route advertisement toward interfaces specified by +.Sm off +.Ar if1 Op , Ar if2 , ... . +.Sm on +With this option +.Nm +will only advertise routes that match +.Ar prefix Ns / Ns Ar preflen . +.It Fl q +Makes +.Nm +use listen-only mode. +No advertisement is sent. +.It Fl S +This option is the same as +.Fl s , +except that the split horizon rule does apply. +.It Fl s +Makes +.Nm +advertise the statically defined routes which exist in the kernel routing +table when +.Nm +is invoked. +Announcements obey the regular split horizon rule. +.It Xo +.Fl T +.Sm off +.Ar if1 +.Op , Ar if2 , ... +.Sm on +.Xc +Advertise only the default route toward +.Sm off +.Ar if1 Op , Ar if2 , ... . +.Sm on +.It Fl t Ar tag +Attach the route tag +.Ar tag +to originated route entries. +.Ar tag +can be decimal, octal prefixed by +.Li 0 , +or hexadecimal prefixed by +.Li 0x . +.It Fl u +Always log route updates (insertions and deletions). +Route updates are always prefixed with +.Dq RTADD +or +.Dq RTDEL . +.El +.Pp +Upon receipt of signal +.Dv SIGINT +or +.Dv SIGUSR1 , +.Nm +will log a dump of the current internal state. +.Sh SEE ALSO +.Xr ripd 8 +.Sh STANDARDS +.Rs +.%A G. Malkin +.%A R. Minnear +.%D January 1997 +.%R RFC 2080 +.%T RIPng for IPv6 +.Re +.Sh NOTES +.Nm +uses the advanced IPv6 API, +defined in RFC 3542, +for communicating with peers using link-local addresses. +.Pp +Routing table manipulation differs from IPv6 implementation to implementation. +Currently +.Nm +obeys the WIDE Hydrangea/KAME IPv6 kernel, +and will not be able to run on other platforms. +.Pp +Currently, +.Nm +does not reduce the rate of the triggered updates when consecutive updates +arrive. diff --git a/static/openbsd/man8/rpc.bootparamd.8 b/static/openbsd/man8/rpc.bootparamd.8 new file mode 100644 index 00000000..3f3382a6 --- /dev/null +++ b/static/openbsd/man8/rpc.bootparamd.8 @@ -0,0 +1,83 @@ +.\" $OpenBSD: rpc.bootparamd.8,v 1.21 2022/09/27 13:30:36 kn Exp $ +.\" @(#)bootparamd.8 +.\" +.\" This code is not copyright, and is placed in the public domain. +.\" Feel free to use and modify. Please send modifications and/or +.\" suggestions + bug fixes to Klas Heggemann <klas@nada.kth.se> +.\" +.\" Various small changes by Theo de Raadt <deraadt@fsa.ca> +.\" Parser rewritten (adding YP support) by Roland McGrath <roland@frob.com> +.\" +.Dd $Mdocdate: September 27 2022 $ +.Dt RPC.BOOTPARAMD 8 +.Os +.Sh NAME +.Nm rpc.bootparamd +.Nd boot parameter server +.Sh SYNOPSIS +.Nm rpc.bootparamd +.Op Fl ds +.Op Fl f Ar file +.Op Fl r Ar router +.Sh DESCRIPTION +.Nm +is a server process that provides information to diskless clients +necessary for booting. +It consults the file +.Pa /etc/bootparams . +It should normally be started from +.Pa /etc/rc . +.Pp +This version will allow the use of aliases on the hostname in the +.Pa /etc/bootparams +file. +The hostname returned in response to the booting client's whoami request +will be the name that appears in the config file, not the canonical name. +In this way you can keep the answer short enough +so that machines that cannot handle long hostnames won't fail during boot. +.Pp +While parsing, if a line containing just +.Dq \&+ +is found, and the YP subsystem is active, the YP map +.Pa bootparams +will be searched immediately. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Display the debugging information. +The daemon does not fork in this case. +.It Fl f Ar file +Specify the +.Ar file +to read boot parameters from. +Defaults to +.Pa /etc/bootparams . +.It Fl r Ar router +Set the default +.Ar router +(a hostname or IP address). +This defaults to the machine running the server. +.It Fl s +Log the debugging information with syslog. +.El +.Sh FILES +.Bl -tag -width /etc/bootparams -compact +.It Pa /etc/bootparams +default configuration file +.El +.Sh SEE ALSO +.Xr bootparams 5 , +.Xr diskless 8 +.Sh AUTHORS +Originally written by +.An Klas Heggemann Aq Mt klas@nada.kth.se . +.Sh BUGS +You may find the syslog loggings too verbose. +.Pp +It's not clear if the non-canonical hack mentioned above is a good idea. +.Sh WARNING +If +.Nm rpc.bootparamd +is run on a system which is also running YP, your YP +domainname will be made public information. diff --git a/static/openbsd/man8/rpc.lockd.8 b/static/openbsd/man8/rpc.lockd.8 new file mode 100644 index 00000000..82b6fef7 --- /dev/null +++ b/static/openbsd/man8/rpc.lockd.8 @@ -0,0 +1,108 @@ +.\" $OpenBSD: rpc.lockd.8,v 1.13 2008/06/13 23:56:28 jmc Exp $ +.\" +.\" Copyright (c) 1995 A.R.Gordon, andrew.gordon@net-tel.co.uk +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: June 13 2008 $ +.Dt RPC.LOCKD 8 +.Os +.Sh NAME +.Nm rpc.lockd +.Nd NFS file locking daemon +.Sh SYNOPSIS +.Nm rpc.lockd +.Op Fl d Op Ar debug_level +.Op Fl g Ar grace_period +.Sh DESCRIPTION +.Nm rpc.lockd +is a daemon which provides file- and record-locking services in an NFS +environment. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Op Ar debug_level +Write debugging information to syslog, recording +all RPC transactions to the daemon. +These messages are logged with level +.Dv LOG_DEBUG +and facility +.Dv LOG_DAEMON . +If +.Ar debug_level +is not specified, +level 1 is assumed, giving one log line per protocol operation. +Higher debug levels can be specified, causing display of operation arguments +and internal operations of the daemon. +.It Fl g Ar grace_period +Specify the grace period, in seconds. +During the grace period +.Nm +only accepts requests from hosts which are reinitialising locks which +existed before the server restart. +The default is 30 seconds. +.El +.Pp +Error conditions are logged to syslog, irrespective of the debug level, +using log level +.Dv LOG_ERR +and facility +.Dv LOG_DAEMON . +.Pp +The +.Nm rpc.lockd +daemon must NOT be invoked by +.Xr inetd 8 +because the protocol assumes that the daemon will run from system start time. +Instead, it should be run from +.Xr rc 8 +after the network has been started. +.Sh FILES +.Bl -tag -width /usr/include/rpcsvc/nlm_prot.x -compact +.It Pa /usr/include/rpcsvc/nlm_prot.x +RPC protocol specification for the network lock manager protocol. +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr rc 8 +.Sh STANDARDS +The implementation is based on the specification in X/Open CAE Specification +C218, "Protocols for X/Open PC Interworking: XNFS, Issue 4", ISBN 1 872630 66 9 +.Sh BUGS +The current implementation provides only the server side of the protocol +(i.e., clients running other OS types can establish locks on an +.Ox +fileserver, +but there is currently no means for an +.Ox +client to establish locks). +.Pp +The current implementation serialises lock requests that could be shared. diff --git a/static/openbsd/man8/rpc.rquotad.8 b/static/openbsd/man8/rpc.rquotad.8 new file mode 100644 index 00000000..9081d343 --- /dev/null +++ b/static/openbsd/man8/rpc.rquotad.8 @@ -0,0 +1,58 @@ +.\" $OpenBSD: rpc.rquotad.8,v 1.8 2007/05/31 19:19:40 jmc Exp $ +.\" +.\" Copyright (c) 1994 Theo de Raadt +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $Id: rpc.rquotad.8,v 1.8 2007/05/31 19:19:40 jmc Exp $ +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt RPC.RQUOTAD 8 +.Os +.Sh NAME +.Nm rquotad , +.Nm rpc.rquotad +.Nd remote quota server +.Sh SYNOPSIS +.Nm rpc.rquotad +.Sh DESCRIPTION +.Nm rpc.rquotad +is an +.Xr rpc 3 +server which returns quotas for a user of a local filesystem +which is NFS-mounted onto a remote machine. +.Xr quota 1 +uses the results to display user quotas for remote filesystems. +.Nm rpc.rquotad +is normally invoked by +.Xr inetd 8 . +.Pp +.Nm rpc.rquotad +uses an RPC protocol defined in +.Pa /usr/include/rpcsvc/rquota.x . +.Sh SEE ALSO +.Xr quota 1 +.Sh BUGS +.Bx 4.4 +and +.Ox +support group quotas but the rquota protocol does not. diff --git a/static/openbsd/man8/rpc.rstatd.8 b/static/openbsd/man8/rpc.rstatd.8 new file mode 100644 index 00000000..e4eecdeb --- /dev/null +++ b/static/openbsd/man8/rpc.rstatd.8 @@ -0,0 +1,70 @@ +.\" $OpenBSD: rpc.rstatd.8,v 1.12 2015/12/01 22:35:13 jmc Exp $ +.\" +.\" Copyright (c) 1985, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 1 2015 $ +.Dt RPC.RSTATD 8 +.Os +.Sh NAME +.Nm rpc.rstatd +.Nd kernel statistics server +.Sh SYNOPSIS +.Nm rpc.rstatd +.Op Ar closedown +.Sh DESCRIPTION +.Nm rpc.rstatd +is a server which returns performance statistics obtained from the kernel. +Some of these statistics may be read using the +.Xr rup 1 +command. +The +.Nm rpc.rstatd +daemon is normally invoked by +.Xr inetd 8 . +At startup, +.Nm +performs a +.Xr chroot 2 +to +.Pa /var/empty +and switches to user +.Va _rstatd . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Ar closedown +Number of seconds before going dormant. +Defaults to 20 seconds. +.El +.Pp +.Nm rpc.rstatd +uses an RPC protocol defined in +.Pa /usr/include/rpcsvc/rstat.x . +.Sh SEE ALSO +.Xr rup 1 , +.Xr inetd 8 diff --git a/static/openbsd/man8/rpc.rusersd.8 b/static/openbsd/man8/rpc.rusersd.8 new file mode 100644 index 00000000..4f1e6b12 --- /dev/null +++ b/static/openbsd/man8/rpc.rusersd.8 @@ -0,0 +1,60 @@ +.\" $OpenBSD: rpc.rusersd.8,v 1.9 2022/02/21 19:49:46 mestre Exp $ +.\" +.\" Copyright (c) 1985, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: rpc.rusersd.8,v 1.9 2022/02/21 19:49:46 mestre Exp $ +.\" +.Dd $Mdocdate: February 21 2022 $ +.Dt RPC.RUSERSD 8 +.Os +.Sh NAME +.Nm rpc.rusersd +.Nd logged in users server +.Sh SYNOPSIS +.Nm rpc.rusersd +.Sh DESCRIPTION +.Nm rpc.rusersd +is a server which returns information about users +currently logged in to the system. +.Pp +The currently logged in users are queried using the +.Xr rusers 1 +command. +The +.Nm rpc.rusersd +daemon is normally invoked by +.Xr inetd 8 . +.Pp +.Nm rpc.rusersd +uses an RPC protocol defined in +.Pa /usr/include/rpcsvc/rnusers.x . +.Sh SEE ALSO +.Xr rusers 1 , +.Xr w 1 , +.Xr who 1 , +.Xr inetd 8 diff --git a/static/openbsd/man8/rpc.rwalld.8 b/static/openbsd/man8/rpc.rwalld.8 new file mode 100644 index 00000000..24b63662 --- /dev/null +++ b/static/openbsd/man8/rpc.rwalld.8 @@ -0,0 +1,63 @@ +.\" $OpenBSD: rpc.rwalld.8,v 1.7 2007/05/31 19:19:40 jmc Exp $ +.\" +.\" Copyright (c) 1985, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: rpc.rwalld.8,v 1.7 2007/05/31 19:19:40 jmc Exp $ +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt RPC.RWALLD 8 +.Os +.Sh NAME +.Nm rwalld , +.Nm rpc.rwalld +.Nd write messages to users currently logged in server +.Sh SYNOPSIS +.Nm rpc.rwalld +.Sh DESCRIPTION +.Nm rpc.rwalld +is a server which will send a message to users +currently logged in to the system. +This server invokes the +.Xr wall 1 +command to actually write the messages to the system. +.Pp +Messages are sent to this server by the +.Xr rwall 1 +command. +The +.Nm rpc.rwalld +daemon is normally invoked by +.Xr inetd 8 . +.Pp +.Nm rpc.rwalld +uses an RPC protocol defined in +.Pa /usr/include/rpcsvc/rwall.x . +.Sh SEE ALSO +.Xr rwall 1 , +.Xr wall 1 , +.Xr inetd 8 diff --git a/static/openbsd/man8/rpc.statd.8 b/static/openbsd/man8/rpc.statd.8 new file mode 100644 index 00000000..33bc69f7 --- /dev/null +++ b/static/openbsd/man8/rpc.statd.8 @@ -0,0 +1,123 @@ +.\" $OpenBSD: rpc.statd.8,v 1.3 2017/10/17 22:47:58 schwarze Exp $ +.\" +.\" Copyright (c) 1995 A.R.Gordon, andrew.gordon@net-tel.co.uk +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: October 17 2017 $ +.Dt RPC.STATD 8 +.Os +.Sh NAME +.Nm rpc.statd +.Nd host status monitoring daemon +.Sh SYNOPSIS +.Nm +.Op Fl d +.Sh DESCRIPTION +.Nm +is a daemon which co-operates with rpc.statd daemons on other hosts to provide +a status monitoring service. +The daemon accepts requests from +programs running on the local host (typically, +.Xr rpc.lockd 8 , +the NFS file locking daemon) to monitor the status of specified hosts. +If a monitored host crashes and restarts, the remote daemon will +notify the local daemon, which in turn will notify the local program(s) +which requested the monitoring service. +Conversely if this host crashes and restarts when +.Nm +restarts, it will notify all of the hosts which were being monitored +at the time of the crash. +.Pp +The options available are: +.Bl -tag -width Ds +.It Fl d +Causes debugging information to be written to +.Xr syslog 3 , +recording all RPC transactions to the daemon. +These messages are logged with level +.Dv LOG_DEBUG +and facility +.Dv LOG_DAEMON . +Error conditions are logged irrespective of this option, using level +.Dv LOG_ERR . +.El +.Pp +The +.Nm +daemon must NOT be invoked by +.Xr inetd 8 +because the protocol assumes that the daemon will run from system start time. +Instead, it should be configured in +.Xr rc.conf 8 +to run at system startup. +.Sh FILES +.Bl -tag -width /usr/include/rpcsvc/sm_inter.x -compact +.It Pa /usr/include/rpcsvc/sm_inter.x +RPC protocol specification used by local applications +to register monitoring requests. +.It Pa /var/db/statd.status +Non-volatile record of currently monitored hosts. +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr rc.conf 8 , +.Xr rpc.lockd 8 +.Sh STANDARDS +This implementation is based on the specification in +the X/Open CAE Specification C218, +"Protocols for X/Open PC Interworking: XNFS, Issue 4", +ISBN 1 872630 66 9. +.Sh HISTORY +A version of +.Nm +appeared in SunOS 4. +The current implementation was ported from +.Nx +to +.Ox 4.4 . +.Sh BUGS +There is no means for the daemon to tell when a monitored host has +disappeared permanently (e.g. catastrophic hardware failure), as opposed +to transient failure of the host or an intermediate router. +At present, +it will retry notification attempts at frequent intervals for 10 minutes, +then hourly, and finally gives up after 24 hours. +.Pp +The protocol requires that symmetric monitor requests are made to both +the local and remote daemon in order to establish a monitored relationship. +This is convenient for the NFS locking protocol, but probably reduces the +usefulness of the monitoring system for other applications. +.Pp +The current implementation uses more than 1Kbyte per monitored host in +the status file (and also in VM). +This may be inefficient for NFS servers +with large numbers of clients. diff --git a/static/openbsd/man8/rpcinfo.8 b/static/openbsd/man8/rpcinfo.8 new file mode 100644 index 00000000..4cbbfacb --- /dev/null +++ b/static/openbsd/man8/rpcinfo.8 @@ -0,0 +1,197 @@ +.\" $OpenBSD: rpcinfo.8,v 1.15 2017/07/21 02:58:51 deraadt Exp $ +.\" from: @(#)rpcinfo.8c 2.2 88/08/03 4.0 RPCSRC; from 1.24 88/02/25 SMI +.\" +.\" Copyright (c) 2010, Oracle America, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions are +.\" met: +.\" +.\" * Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" * Redistributions in binary form must reproduce the above +.\" copyright notice, this list of conditions and the following +.\" disclaimer in the documentation and/or other materials +.\" provided with the distribution. +.\" * Neither the name of the "Oracle America, Inc." nor the names of its +.\" contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +.\" COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 21 2017 $ +.Dt RPCINFO 8 +.Os +.Sh NAME +.Nm rpcinfo +.Nd report RPC information +.Sh SYNOPSIS +.Nm rpcinfo +.Fl b Ar program version +.Nm rpcinfo +.Fl d Ar program version +.Nm rpcinfo +.Fl p Op Ar host +.Nm rpcinfo +.Fl s Ar program version port +.Nm rpcinfo +.Op Fl n Ar portnum +.Fl t Ar host program +.Op Ar version +.Nm rpcinfo +.Op Fl n Ar portnum +.Fl u Ar host program +.Op Ar version +.Sh DESCRIPTION +.Nm +makes an +.Tn RPC +call to an +.Tn RPC +server and reports what it finds. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b +Make an +.Tn RPC +broadcast to procedure 0 of the specified +.Ar program +and +.Ar version +using +.Tn UDP +and report all hosts that respond. +.It Fl d +Delete registration for the +.Tn RPC +service of the specified +.Ar program +and +.Ar version . +Registrations which point at ports numbered below 1024 can only be +deleted by the superuser. +.It Fl n Ar portnum +Use +.Ar portnum +as the port number for the +.Fl t +and +.Fl u +options instead of the port number given by the portmapper. +.It Fl p +Probe the portmapper on +.Ar host , +and print a list of all registered +.Tn RPC +programs. +If +.Ar host +is not specified, it defaults to the value returned by +.Xr hostname 1 . +.It Fl s +Create a registration for the +.Tn RPC +service of the specified +.Ar program +and +.Ar version , +located at port +.Ar port . +Registrations which point at ports numbered below 1024 can only be +created (or changed) by the superuser. +.It Fl t +Make an +.Tn RPC +call to procedure 0 of +.Ar program +on the specified +.Ar host +using +.Tn TCP , +and report whether a response was received. +.It Fl u +Make an +.Tn RPC +call to procedure 0 of +.Ar program +on the specified +.Ar host +using +.Tn UDP , +and report whether a response was received. +.El +.Pp +The +.Ar program +argument can be either a name or a number. +.Pp +If a +.Ar version +is specified, +.Nm +attempts to call that version of the specified +.Ar program . +Otherwise, +.Nm +attempts to find all the registered version +numbers for the specified +.Ar program +by calling version 0 (which is presumed not +to exist; if it does exist, +.Nm +attempts to obtain this information by calling +an extremely high version +number instead) and attempts to call each registered version. +Note: the version number is required for +.Fl b +and +.Fl d +options. +.Sh EXAMPLES +To show all of the +.Tn RPC +services registered on the local machine use: +.Pp +.Dl $ rpcinfo -p +.Pp +To show all of the +.Tn RPC +services registered on the machine named +.Ar klaxon +use: +.Pp +.Dl $ rpcinfo -p klaxon +.Pp +To show all machines on the local net that are running the Yellow Pages +service use: +.Pp +.Dl $ rpcinfo -b ypserv 'version' | uniq +.Pp +where 'version' is the current Yellow Pages version obtained from the +results of the +.Fl p +switch above. +.Pp +To delete the registration for version 1 of the +.Nm walld +service use: +.Pp +.Dl $ rpcinfo -d walld 1 +.Sh SEE ALSO +.Xr rpc 5 , +.Xr portmap 8 +.Rs +.%T "RPC Programming Guide" +.Re diff --git a/static/openbsd/man8/rpki-client.8 b/static/openbsd/man8/rpki-client.8 new file mode 100644 index 00000000..88bc55d5 --- /dev/null +++ b/static/openbsd/man8/rpki-client.8 @@ -0,0 +1,487 @@ +.\" $OpenBSD: rpki-client.8,v 1.139 2026/02/17 13:54:42 job Exp $ +.\" +.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 17 2026 $ +.Dt RPKI-CLIENT 8 +.Os +.Sh NAME +.Nm rpki-client +.Nd RPKI validator to support BGP routing security +.Sh SYNOPSIS +.Nm +.Op Fl 0ABcjmnoRVvx +.Op Fl b Ar sourceaddr +.Op Fl d Ar cachedir +.Op Fl e Ar rsync_prog +.Op Fl H Ar fqdn +.Op Fl P Ar posix-seconds +.Op Fl p Ar threads +.Op Fl S Ar skiplist +.Op Fl s Ar timeout +.Op Fl t Ar tal +.Op Ar outputdir +.Nm +.Op Fl Vv +.Op Fl d Ar cachedir +.Op Fl j +.Op Fl t Ar tal +.Fl f +.Ar +.Sh DESCRIPTION +The +.Nm +utility queries the +.Em Resource Public Key Infrastructure Pq RPKI +repository system with a built-in HTTPS client and +.Xr openrsync 1 +to fetch all X.509 certificates, manifests, and revocation lists under a given +.Em Trust Anchor . +.Nm +subsequently validates each +.Em Signed Object +by constructing and verifying a certification path for the certificate +associated with the Object (including checking relevant CRLs). +.Nm +produces lists of the +.Em Validated ROA Payloads Pq VRPs , +.Em BGPsec Router Keys Pq BRKs , +and +.Em Validated ASPA Payloads Pq VAPs +in various formats. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 0 +Include hazardous AS0 TALs in the output files. +AS0 TALs are not recommended for automatic filtering of BGP routes. +The default is not to include them. +.It Fl A +Exclude the ASPA-set from the output files that support it (BIRD, JSON, and +OpenBGPD). +.It Fl B +Create output in the file +.Pa bird +in the output directory suitable for BIRD internet routing daemon version +2.16 and up. +For compatibility with earlier versions, use +.Fl A . +The validated payload table names are +.Em ROAS4 , +.Em ROAS6 , +and +.Em ASPAS . +.It Fl b Ar sourceaddr +Tell the HTTP and rsync clients to use +.Ar sourceaddr +as the source address for connections, which is useful on machines +with multiple interfaces. +.It Fl c +Create output in the file +.Pa csv +in the output directory as comma-separated values of the +.Em Autonomous System , +the prefix in slash notation, the maximum prefix length, an abbreviation for +the +.Em Trust Anchor +the entry is derived from, and the moment the VRP will expire derived from +the chain of X.509 certificates and CRLs in seconds since the Epoch, UTC. +.It Fl d Ar cachedir +The directory where +.Nm +will store the cached repository data. +Defaults to +.Pa /var/cache/rpki-client . +.It Fl e Ar rsync_prog +Use +.Ar rsync_prog +instead of +.Xr openrsync 1 +to fetch repositories. +It must accept the +.Fl rt +and +.Fl -address +flags and connect with rsync-protocol locations. +.It Fl f Ar +Attempt to decode and validate the signed RPKI object or CCR in +.Ar file +using the cache stored in +.Ar cachedir +and print human-readable information about the object. +Gzip compressed files are inflated on the fly. +If +.Ar file +is an rsync:// URI, the corresponding file from the cache will be used. +This option implies +.Fl n , +and can be combined with +.Fl j +to emit a stream of +.Em Concatenated JSON . +This option is intended for debugging. +.It Fl H Ar fqdn +Create a shortlist and add +.Ar fqdn +to the shortlist. +.Nm +only connects to shortlisted hosts. +The shortlist filter is enforced during processing of the +.Em Subject Information Access Pq SIA +extension in CA certificates, thus applies to both RSYNC and RRDP connections. +This option can be used multiple times. +.It Fl j +Create output in the file +.Pa json +in the output directory as JSON object. +See +.Fl c +for a description of the fields. +.It Fl m +Create output in the file +.Pa metrics +in the output directory in OpenMetrics format. +.It Fl n +Offline mode. +Validate the contents of +.Ar cachedir +and write to +.Ar outputdir +without synchronizing via RRDP or RSYNC. +.It Fl o +Create output in the file +.Pa openbgpd +in the output directory as +.Xr bgpd 8 +compatible input. +If the +.Fl B , +.Fl c , +and +.Fl j +options are not specified this is the default. +.It Fl P Ar posix-seconds +Specify the time for the evaluation in +.Ar posix-seconds +seconds from the unix epoch. +This overrides the default of using the current system time. +.It Fl p Ar threads +Validate using the specified number of threads. +The default is two. +Has no effect in combination with +.Fl f . +.It Fl R +Disable RRDP, synchronize only via RSYNC. +.It Fl S Ar skiplist +Do not connect to hosts listed in the +.Ar skiplist +file. +Entries in the +.Ar skiplist +are newline separated +.Em Fully Qualified Domain Names Pq FQDNs . +A +.Ql # +indicates the beginning of a comment; characters up to the end of the line are +not interpreted. +The skip filter is enforced during processing of the +.Em Subject Information Access Pq SIA +extension in CA certificates, thus applies to both RSYNC and RRDP connections. +By default load entries from +.Pa /etc/rpki/skiplist . +.It Fl s Ar timeout +Terminate after +.Ar timeout +seconds of runtime, because normal practice will restart from +.Xr cron 8 . +Disable by specifying 0. +Defaults to 1 hour. +Individual RSYNC/RRDP repositories are timed out after one fourth of +.Em timeout . +All network synchronisation tasks are aborted after seven eights of +.Em timeout . +.It Fl t Ar tal +Specify a +.Em Trust Anchor Locator Pq TAL +file to be used. +This option can be used multiple times to load multiple TALs. +By default +.Nm +will load all TAL files in +.Pa /etc/rpki . +TAL are small files containing a public key and URL endpoint address. +.It Fl V +Show the version and exit. +.It Fl v +Increase verbosity. +Specify once for synchronisation status, twice to print the name of each file +as it's processed. +If +.Fl f +is given, specify once to print more information about the encapsulated X.509 +certificate, twice to print the certificate in PEM format. +.It Fl x +Enable processing of experimental file formats. +This option is implied by +.Fl f . +.It Ar outputdir +The directory where +.Nm +will write the output files. +Defaults to +.Pa /var/db/rpki-client/ . +.El +.Pp +By default +.Nm +outputs validated payloads in +.Fl o +(OpenBGPD compatible) format +and in canonical cache representation format. +.Pp +.Nm +should be run hourly by +.Xr cron 8 : +use +.Xr crontab 1 +to uncomment the entry in root's crontab. +.Sh TRUST ANCHOR CONSTRAINTS +.Nm +can impose locally configured +.Em constraints +on cryptographic products subordinate to publicly-trusted +.Em Trust Anchors . +.Pp +Constraining a Trust Anchor's effective signing authority to a limited set of +.Em Internet Number Resources +allows Relying Parties to take advantage of the potential benefits of +assuming trust, while deriving trust within a bounded scope. +.Pp +Each +.Em .constraints +file imposes constraints on the Trust Anchor reachable via the same-named +.Em .tal +file. +One entry per line. +Entries can be IP prefixes, IP address ranges, +AS identifiers, or AS identifier ranges. +Ranges are a minimum and maximum separated by a hyphen +.Pq Sq - . +Comments can be put anywhere in the file using a hash mark +.Pq Sq # , +and extend to the end of the current line. +.Em deny +entries may not overlap with other +.Em deny +entries. +.Em allow +entries may not overlap with other +.Em allow +entries. +.Pp +A given EE certificate's resources may not overlap with any +.Em deny +entry, and must be fully contained within the +.Em allow +entries. +.Sh ENVIRONMENT +.Nm +utilizes the following environment variables: +.Bl -tag -width "http_proxy" +.It Ev http_proxy +URL of HTTP proxy to use. +.El +.Sh FILES +.Bl -tag -width "/var/db/rpki-client/openbgpd" -compact +.It Pa /etc/rpki/*.tal +default TAL files used unless +.Fl t Ar tal +is specified. +The TAL files of the five Regional Internet Registries are included. +.It Pa /etc/rpki/*.constraints +files containing registry-specific constraints to restrict what IP addresses +and AS identifiers may or may not appear in EE certificates subordinate to the +same-named Trust Anchor. +.It Pa /etc/rpki/skiplist +default skiplist file, unless +.Fl S Ar skiplist +is specified. +.It Pa /var/cache/rpki-client +cached repository data. +.It Pa /var/db/rpki-client/openbgpd +default roa-set output file. +.It Pa /var/db/rpki-client/rpki.ccr +DER-encoded canonical cache representation file. +This facility is experimental and is still subject to change. +.El +.Sh EXIT STATUS +.Ex -std +.Sh SEE ALSO +.Xr openrsync 1 , +.Xr bgpd.conf 5 +.Sh STANDARDS +.Rs +.%T X.509 Extensions for IP Addresses and AS Identifiers +.%R RFC 3779 +.Re +.Pp +.Rs +.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile +.%R RFC 5280 +.Re +.Pp +.Rs +.%T Cryptographic Message Syntax (CMS) +.%R RFC 5652 +.Re +.Pp +.Rs +.%T The rsync URI Scheme +.%R RFC 5781 +.Re +.Pp +.Rs +.%T \&An Infrastructure to Support Secure Internet Routing +.%R RFC 6480 +.Re +.Pp +.Rs +.%T A Profile for Resource Certificate Repository Structure +.%R RFC 6481 +.Re +.Pp +.Rs +.%T A Profile for X.509 PKIX Resource Certificates +.%R RFC 6487 +.Re +.Pp +.Rs +.%T Signed Object Template for the RPKI +.%R RFC 6488 +.Re +.Pp +.Rs +.%T Policy Qualifiers in RPKI Certificates +.%R RFC 7318 +.Re +.Pp +.Rs +.%T The Profile for Algorithms and Key Sizes for Use in the RPKI +.%R RFC 7935 +.Re +.Pp +.Rs +.%T The RPKI Repository Delta Protocol (RRDP) +.%R RFC 8182 +.Re +.Pp +.Rs +.%T A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests +.%R RFC 8209 +.Re +.Pp +.Rs +.%T RPKI Trust Anchor Locator +.%R RFC 8630 +.Re +.Pp +.Rs +.%T Manifests for the RPKI +.%R RFC 9286 +.Re +.Pp +.Rs +.%T A Profile for RPKI Signed Checklists (RSCs) +.%R RFC 9323 +.Re +.Pp +.Rs +.%T A Profile for Route Origin Authorizations (ROAs) +.%R RFC 9582 +.Re +.Pp +.Rs +.%T On the use of the CMS Signing-Time Attribute in RPKI Signed Objects +.%R RFC 9589 +.Re +.Pp +.Rs +.%T Same-Origin Policy for the RRDP +.%R RFC 9674 +.Re +.Pp +.Rs +.%T A Profile for RPKI Trust Anchor Keys +.%R RFC 9691 +.Re +.Pp +.Rs +.%T Detecting RRDP Session Desynchronization +.%R RFC 9697 +.Re +.Pp +.Rs +.%T Handling of RPKI CRL Number Extensions +.%R RFC 9829 +.Re +.Pp +.Rs +.%T A Profile for Autonomous System Provider Authorization (ASPA) +.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-profile +.%D February, 2026 +.Re +.Pp +.Rs +.%T Constraining RPKI Trust Anchors +.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-constraining-rpki-trust-anchors +.%D February, 2026 +.Re +.Pp +.Rs +.%T A profile for Signed Prefix Lists for Use in the RPKI +.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist +.%D March, 2025 +.Re +.Pp +.Rs +.%T RPKI Manifest Number Handling +.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-manifest-numbers +.%D August, 2025 +.Re +.Pp +.Rs +.%T Tiebreaking RPKI Trust Anchors +.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-ta-tiebreaker +.%D February, 2025 +.Re +.Pp +.Rs +.%T A Profile for RPKI Canonical Cache Representation +.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-ccr +.%D December, 2025 +.Re +.Sh HISTORY +.Nm +first appeared in +.Ox 6.7 . +.Sh AUTHORS +.An -nosplit +.An Kristaps Dzonsons Aq Mt kristaps@bsd.lv , +.An Claudio Jeker Aq Mt claudio@openbsd.org , +.An Theo Buehler Aq Mt tb@openbsd.org , +and +.An Job Snijders Aq Mt job@openbsd.org . +.\" .Sh CAVEATS +.\" .Sh BUGS diff --git a/static/openbsd/man8/sa.8 b/static/openbsd/man8/sa.8 new file mode 100644 index 00000000..edc38ecc --- /dev/null +++ b/static/openbsd/man8/sa.8 @@ -0,0 +1,246 @@ +.\" $OpenBSD: sa.8,v 1.22 2020/02/08 01:38:48 jsg Exp $ +.\" +.\" Copyright (c) 1994 Christopher G. Demetriou +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Christopher G. Demetriou. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 8 2020 $ +.Dt SA 8 +.Os +.Sh NAME +.Nm sa +.Nd print system accounting statistics +.Sh SYNOPSIS +.Nm sa +.Op Fl abcDdfijKklmnqrstu +.Op Fl v Ar cutoff +.Op Ar +.Sh DESCRIPTION +The +.Nm +utility reports on, cleans up, +and generally maintains system +accounting files. +See +.Xr accton 8 +for details on enabling system accounting. +.Pp +.Nm +is able to condense the information in +.Pa /var/account/acct +into the summary files +.Pa /var/account/savacct +and +.Pa /var/account/usracct , +which contain system statistics according +to command name and login ID, respectively. +This condensation is desirable because on a +large system, +.Pa /var/account/acct +can grow by hundreds of blocks per day. +The summary files are normally read before +the accounting file, so that reports include +all available information. +.Pp +If file names are supplied, they are read instead of +.Pa /var/account/acct . +After each file is read, if the summary +files are being updated, an updated summary will +be saved to disk. +Only one report is printed, after the last file is processed. +.Pp +The labels used in the output indicate the following, except +where otherwise specified by individual options: +.Pp +.Bl -tag -width k*sec -compact -offset indent +.It Dv avio +Average number of I/O operations per execution. +.It Dv cp +Sum of user and system time, in minutes. +.It Dv cpu +Same as +.Dv cp . +.It Dv k +CPU time averaged core usage, in 1k units. +.It Dv k*sec +CPU storage integral, in 1k-core seconds. +.It Dv re +Real time, in minutes. +.It Dv s +System time, in minutes. +.It Dv tio +Total number of I/O operations. +.It Dv u +User time, in minutes. +.El +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +List all command names, including those containing unprintable +characters and those used only once. +By default, +.Nm +places all names containing unprintable characters and +those used only once under the name +.Dq ***other . +.It Fl b +If printing command statistics, sort output by the sum of user and system +time divided by number of calls. +.It Fl c +In addition to the number of calls and the user, system and real times +for each command, print their percentage of the total over all commands. +.It Fl D +If printing command statistics, sort and print by the total number +of disk I/O operations. +.It Fl d +If printing command statistics, sort by the average number of disk +I/O operations. +If printing user statistics, print the average number of +disk I/O operations per user. +.It Fl f +Force no interactive threshold comparison with the +.Fl v +option. +.It Fl i +Do not read in the summary files. +.It Fl j +Instead of the total minutes per category, give seconds per call. +.It Fl K +If printing command statistics, print and sort by the CPU-storage integral. +.It Fl k +If printing command statistics, sort by the CPU time average memory +usage. +If printing user statistics, print the CPU time average memory usage. +.It Fl l +Separate system and user time; normally they are combined. +.It Fl m +Print per-user statistics rather than per-command statistics, including +the user name, the number of commands invoked, total CPU time used +(in minutes), total number of I/O operations, and CPU storage integral +for each user. +If this option is specified, only the +.Fl b , +.Fl d , +.Fl i , +.Fl k , +.Fl q , +and +.Fl s +flags are honored. +.It Fl n +Sort by number of calls. +.It Fl q +Create no output other than error messages. +.It Fl r +Reverse order of sort. +.It Fl s +Truncate the accounting files when done and merge their data +into the summary files. +.It Fl t +For each command, report the ratio of real time to the sum +of user and system CPU times. +If the CPU time is too small to report, +.Dq *ignore* +appears in this field. +.It Fl u +Superseding all other flags (except +.Fl q ) , +for each entry in the accounting file print the user ID, +total seconds of CPU usage, +total memory usage, number of I/O operations performed, +and command name. +.It Fl v Ar cutoff +For each command used +.Ar cutoff +times or fewer, print the command name and await a reply +from the terminal. +If the reply begins with +.Dq y , +add the command to the category +.Dq **junk** . +This flag is used to strip garbage from the report. +.El +.Pp +By default, per-command statistics are printed and show +the number of calls, the total elapsed time in minutes, +total CPU and user time in minutes, average number of I/O operations, +and CPU time averaged core usage. +Children which have not yet called +.Xr execve 2 +have +.Sq * +appended to their command names. +.Sh FILES +.Bl -tag -width /var/account/usracct -compact +.It Pa /var/account/acct +raw accounting data file +.It Pa /var/account/savacct +per-command accounting summary database +.It Pa /var/account/usracct +per-user accounting summary database +.El +.Sh EXIT STATUS +.Ex -std sa +.Sh SEE ALSO +.Xr lastcomm 1 , +.Xr acct 5 , +.Xr ac 8 , +.Xr accton 8 +.Sh HISTORY +.Nm +first appeared in +.At v5 . +.Nm +was rewritten for +.Nx 0.9a +from the specification provided by various systems' manual pages. +.Sh AUTHORS +.An Chris G. Demetriou Aq Mt cgd@postgres.berkeley.edu +.Sh CAVEATS +While the behavior of the options in this version of +.Nm +was modeled after the original version, there are some intentional +differences and undoubtedly some unintentional ones as well. +In particular, the +.Fl q +option has been added, and the +.Fl m +option now understands more options than it used to. +.Pp +The formats of the summary files created by this version of +.Nm +are very different than those used by the original version. +This is not considered a problem, however, because the accounting record +format has changed as well (since user IDs are now 32 bits). +.Sh BUGS +The number of options to this program is absurd, especially considering +that there's not much logic behind their lettering. +.Pp +The field labels should be more consistent. +.Pp +OpenBSD's VM system does not record the CPU storage integral. diff --git a/static/openbsd/man8/sasyncd.8 b/static/openbsd/man8/sasyncd.8 new file mode 100644 index 00000000..77728470 --- /dev/null +++ b/static/openbsd/man8/sasyncd.8 @@ -0,0 +1,156 @@ +.\" $OpenBSD: sasyncd.8,v 1.12 2017/04/04 22:37:01 jsg Exp $ +.\" +.\" Copyright (c) 2005 Håkan Olsson. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" This code was written under funding by Multicom Security AB. +.\" +.\" Manual page for sasyncd +.\" +.Dd $Mdocdate: April 4 2017 $ +.Dt SASYNCD 8 +.Os +.Sh NAME +.Nm sasyncd +.Nd IPsec SA synchronization daemon for failover gateways +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl c Ar config-file +.Sh DESCRIPTION +The +.Nm +daemon synchronizes IPsec SA and SPD information between a number of +failover IPsec gateways. +The most typical scenario is to run +.Nm +on hosts also running +.Xr isakmpd 8 +or +.Xr iked 8 +and sharing a common IP address using +.Xr carp 4 . +.Pp +The daemon runs either in master or slave mode, in which the master +tracks all local IPsec SA changes and sends this information along to +all slaves so they will have the same data. +.Pp +When a slave connects, or reconnects, the master will transmit a +snapshot of all its current IPsec SA and SPD information. +.Ss Failover +.Nm +does not itself do any failover processing; the normal mode of +operation is to track state changes on a specified +.Xr carp 4 +interface. +Whenever it changes, +.Nm +will follow suit. +For debugging purposes, it is possible to +.Qq lock +the daemon to a particular state; see +.Xr sasyncd.conf 5 . +.Ss sasyncd to sasyncd communication +As +.Nm +will transmit IPsec SA key and policy information over a network not +guaranteed to be private, +.Nm +messages are protected using AES and SHA. +The shared key used for the encryption must be specified in +.Pa /etc/sasyncd.conf . +See +.Xr sasyncd.conf 5 +for more information. +.Ss SA replay counters +For SAs with replay protection enabled, such as those created by +.Xr isakmpd 8 , +the +.Nm +hosts must have +.Xr pfsync 4 +enabled to synchronize the in-kernel SA replay counters. +Without this replay counter synchronization the IPsec packets a host +sends after failover will not be accepted by the remote VPN endpoint. +.Pp +In most redundancy setups +.Xr pfsync 4 +is likely already activated to synchronize +.Xr pf 4 +states. +See +.Xr pfsync 4 +for more information. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c Ar config-file +If given, the +.Fl c +option specifies an alternate configuration file instead of +.Pa /etc/sasyncd.conf . +.It Fl d +The +.Fl d +option causes the daemon to run in the foreground, logging to stderr. +Without this option, +.Nm +sends log messages to +.Xr syslog 3 . +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +The +.Fl v +option increases the verbosity level of the daemon, used primarily for +debugging. +This option may be specified several times. +.El +.Sh FILES +.Bl -tag -width /etc/ssl/private/sasyncd.key -compact +.It Pa /etc/sasyncd.conf +The default +.Nm +configuration file. +.El +.Sh SEE ALSO +.Xr crypto 3 , +.Xr syslog 3 , +.Xr carp 4 , +.Xr ipsec 4 , +.Xr pfsync 4 , +.Xr sasyncd.conf 5 , +.Xr iked 8 , +.Xr isakmpd 8 +.Sh HISTORY +The +.Nm +daemon first appeared in +.Ox 3.8 . +It was written in 2004-2005 by Hakan Olsson, in part sponsored by +Multicom Security AB, Sweden. +.Sh BUGS +Due to the absence of a proper on the wire SA transfer protocol, +.Nm +only works if the peers share the same hardware architecture. diff --git a/static/openbsd/man8/savecore.8 b/static/openbsd/man8/savecore.8 new file mode 100644 index 00000000..69ca90e8 --- /dev/null +++ b/static/openbsd/man8/savecore.8 @@ -0,0 +1,131 @@ +.\" $OpenBSD: savecore.8,v 1.18 2013/08/14 06:32:35 jmc Exp $ +.\" $NetBSD: savecore.8,v 1.11 1995/06/27 22:40:46 briggs Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)savecore.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd $Mdocdate: August 14 2013 $ +.Dt SAVECORE 8 +.Os +.Sh NAME +.Nm savecore +.Nd save a core dump of the operating system +.Sh SYNOPSIS +.Nm savecore +.Op Fl cfvz +.Op Fl N Ar system +.Ar directory +.Sh DESCRIPTION +.Nm +copies the currently running kernel and its associated core dump into +.Fa directory , +and enters a reboot message and information about the core dump into +the system log. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c +Clears the dump, so that future invocations of +.Nm +will ignore it. +.It Fl f +Forces a dump to be taken even if the dump doesn't appear correct or there +is insufficient disk space. +.It Fl N Ar system +Use +.Ar system +as the kernel instead of the default +.Pa /bsd . +.It Fl v +Prints out some additional debugging information. +.It Fl z +Compresses the core dump and kernel (see +.Xr compress 1 ) . +.El +.Pp +.Nm +checks the core dump in various ways to make sure that it is current and +that it corresponds to the currently running system. +If it passes these checks, it saves the core image in +.Ar directory Ns Pa /bsd.#.core +and the system in +.Ar directory Ns Pa /bsd.# +(or in +.Ar directory Ns Pa /bsd.#.core.Z +and +.Ar directory Ns Pa /bsd.#.Z , +respectively, if the +.Fl z +option is used). +The +.Dq # +is the number from the first line of the file +.Ar directory Ns Pa /bounds , +and it is incremented and stored back into the file each time +.Nm +successfully runs. +.Pp +.Nm +also checks the available disk space before attempting to make the copies. +If there is insufficient disk space in the filesystem containing +.Ar directory , +or if the file +.Ar directory Ns Pa /minfree +exists and the number of free kilobytes (for non-superusers) in the +filesystem after the copies were made would be less than the number +in the first line of this file, the copies are not attempted. +.Pp +If +.Nm +successfully copies the kernel and the core dump, the core dump is cleared +so that future invocations of +.Nm +will ignore it. +.Pp +.Nm +is meant to be called near the end of the initialization file +.Pa /etc/rc +(see +.Xr rc 8 ) . +.Sh FILES +.Bl -tag -width /bsdxx -compact +.It Pa /bsd +current kernel +.El +.Sh SEE ALSO +.Xr compress 1 , +.Xr crash 8 , +.Xr syslogd 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.1 . +.Sh BUGS +The minfree code does not consider the effect of compression. diff --git a/static/openbsd/man8/scan_ffs.8 b/static/openbsd/man8/scan_ffs.8 new file mode 100644 index 00000000..52d77e87 --- /dev/null +++ b/static/openbsd/man8/scan_ffs.8 @@ -0,0 +1,140 @@ +.\" $OpenBSD: scan_ffs.8,v 1.19 2019/02/10 18:30:11 jca Exp $ +.\" +.\" Copyright (c) 1997 Niklas Hallqvist, Tobias Weingartner +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 10 2019 $ +.Dt SCAN_FFS 8 +.Os +.Sh NAME +.Nm scan_ffs +.Nd find UFS/FFS partitions on a disk +.Sh SYNOPSIS +.Nm scan_ffs +.Op Fl lsv +.Op Fl b Ar begin +.Op Fl e Ar end +.Ar device +.Sh DESCRIPTION +This is the life-saver of typos. +If you have ever been working too long, +and just happened to type 'disklabel -w sd0 floppy', instead of 'disklabel +-w fd0 floppy', you know what I am talking about. +.Pp +This little program will take a raw disk device (which you might have to +create) that covers the whole disk, and finds all probable UFS/FFS partitions +on the disk. +It has various options to make it go faster, and to print out +information to help in the reconstruction of the disklabel. +.Pp +.Nm +works only on FFS file systems, +not FFS2 file systems. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b Ar begin +Tell +.Nm +where to begin searching for filesystems. +This makes it easier to skip swap +partitions, or other large non-UFS/FFS partitions. +.It Fl e Ar end +Ditto for telling +.Nm +where to stop. +.It Fl l +This will make +.Nm +print out a string looking much like the input to disklabel. +With a little massaging, this output can usually be used in the disklabel edit. +.It Fl s +This tells +.Nm +to be smart about skipping partitions (when it thinks it found a valid one). +By not scanning partitions for superblocks, the program completes a couple of +orders of magnitude faster. +However, sometimes being smart is too good for +its own good, +especially if your disk has had a different layout previously, or contains +other non-UFS/FFS filesystems. +.It Fl v +Tell +.Nm +to be verbose about what it is doing, and what it has found. +.It Ar device +This specifies which device +.Nm +should use to scan for filesystems. +Usually this device should cover the whole disk in question. +.El +.Pp +The basic operation of this program is as follows: +.Bl -enum -width "1111" +.It +Panic. +You usually do so anyways, so you might as well get it over with. +Just don't do anything stupid. +Panic away from your machine. +Then relax, and see if the steps below won't help you out. +.It +Try to find your old disklabel by any other means possible. +This includes +printouts, backups +(look in +.Pa /var/backups/ ) , +screendumps, and whatever other method you can think of. +The more information you have, the better your chances are in recovering the +disklabel of the disk. +.It +Create a disklabel on the affected disk, which covers the whole disk, and has +at least one partition which covers the whole disk. +As the +.Dq c +partition +usually covers the whole disk anyways, this sounds like a good place to start. +.It +Run +.Nm +over this partition. +If you have any information about the disklabel +which used to exist on the disk, keep that in mind while +.Nm +spews out its things. +.It +Use +.Xr disklabel 8 +to reconstruct the disklabel on the affected disk, using +all the information you gathered from +.Nm +and other sources. +.El +.Pp +Last but certainly not least, we wish you good luck. +The UFS/FFS filesystems are pretty sturdy. +I've seen them reconstructed after some pretty weird and +awesome fumbles. +If you can't have backups, at least have funky tools to help +you out of a jam when they happen. +.Sh SEE ALSO +.Xr disklabel 8 diff --git a/static/openbsd/man8/scsi.8 b/static/openbsd/man8/scsi.8 new file mode 100644 index 00000000..b87512fd --- /dev/null +++ b/static/openbsd/man8/scsi.8 @@ -0,0 +1,346 @@ +.\" $OpenBSD: scsi.8,v 1.36 2024/12/21 13:15:36 jsg Exp $ +.\" $FreeBSD: scsi.8,v 1.5 1995/05/05 20:41:58 dufault Exp $ +.\" +.\" Written By Julian ELischer +.\" Copyright julian Elischer 1993. +.\" Permission is granted to use or redistribute this file in any way as long +.\" as this notice remains. Julian Elischer does not guarantee that this file +.\" is totally correct for any given task and users of this file must +.\" accept responsibility for any damage that occurs from the application of +.\" this file. +.\" +.\" (julian@tfs.com julian@dialix.oz.au) +.\" User SCSI hooks added by Peter Dufault: +.\" +.\" Copyright (c) 1994 HD Associates +.\" (contact: dufault@hda.com) +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of HD Associates +.\" may not be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY HD ASSOCIATES ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL HD ASSOCIATES BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 21 2024 $ +.Dt SCSI 8 +.Os +.Sh NAME +.Nm scsi +.Nd program to assist with SCSI devices +.Sh SYNOPSIS +.Nm scsi +.Fl f Ar device +.Fl d Ar debug_level +.Nm scsi +.Fl f Ar device +.Fl m Ar page +.Op Fl e +.Op Fl P Ar pc +.Nm scsi +.Fl f Ar device +.Op Fl v +.Op Fl s Ar seconds +.Fl c Ar cmd_fmt +.Op Ar arg ... +.Fl o Ar count out_fmt +.Op Ar arg ... +.Fl i Ar count in_fmt +.Op Ar arg ... +.Sh DESCRIPTION +The +.Nm +program is used to send commands to a SCSI device. +It is also a sample usage of the user-level SCSI commands. +.Ar out_fmt +can be +.Ql - +to read output data from stdin; +.Ar in_fmt +can be +.Ql - +to write input data to stdout. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Xo +.Fl c Ar cmd_fmt Op Ar arg ... +.Xc +Send a user-level SCSI command to a device. +The command format is described below and the command is sent using the +.Dv SCIOCCOMMAND +.Xr ioctl 2 , +so the device being accessed must permit this ioctl. +See +.Xr scsi 4 +for full details of which minor devices permit the ioctl. +.It Fl d Ar debug_level +Sets the SCSI kernel debug level. +The kernel must have been compiled with the +.Ic SCSIDEBUG +option. +See +.Pa /sys/scsi/scsi_debug.h +to figure out what to set the kernel debug level to. +.It Fl e +Permits edit of the fields. +It will use the editor specified by the +.Ev EDITOR +environment variable. +To store changes permanently, edit page control 3 using the +.Fl P +flag. +.It Fl f Ar device +Specifies the +.Ar device +that should be opened, e.g., +.Pa /dev/rsd0c . +.It Xo +.Fl i Ar count in_fmt Op Ar arg ... +.Xc +Indicates that this is an input command (i.e., data will be read from +the device into the system) with +.Ar count +bytes of data read in. +The information is extracted according to +.Ar in_fmt +and is displayed on standard output. +.Ar in_fmt +can be specified as a hyphen +.Pq Ql - +to indicate that +.Ar count +bytes of data input should be written to standard output. +.It Fl m Ar page +Read a device mode page. +The file +.Pa /usr/share/misc/scsi_modes +is read to discover how to interpret the mode data. +The environment variable +.Ev SCSI_MODES +can specify a different file to use. +.It Xo +.Fl o Ar count out_fmt Op Ar arg ... +.Xc +Indicates that this is an output command (i.e., data will be sent from +the system to the device) with +.Ar count +bytes of data. +The data is built up +using the provided arguments to fill in any integer variables. +.Ar out_fmt +can be specified as a hyphen +.Pq Ql - +to indicate that +.Ar count +bytes of data should be read from standard input. +.It Fl P Ar pc +Specify a page control field. +The page control fields are +.Bd -literal -offset indent +0 Current Values +1 Changeable Values +2 Default Values +3 Saved Values +.Ed +.It Fl s Ar seconds +Sets the command timeout to +.Ar seconds . +The default is two seconds. +.It Fl v +Turns on more verbose information. +.El +.Ss SCSI commands +The command arguments to the +.Fl cio +options specify the command data buffer used to both send and receive +information to and from the +.Xr scsi 4 +subsystem. +Their format is: +.Pp +.Dl Fl c Ar command Op Ar argument ... +.Pp +The commands are composed of a list of field specifiers. +The specifiers denote the field name, the field value, and the length of +the field. +Examples are given below. +.Pp +Whitespace and text following a +.Sq # +character in the command string are ignored. +.Pp +The first part of a field specifier is the field name and is surrounded +by curly braces +.Pq Sq {} . +This part is optional and may be left out. +.Pp +The second part is the value of the field. +The value may be given directly or may arrange that the next argument to +the +.Nm +command be used as the value of the field. +Direct hexadecimal +.Pq Li 0\-FF +or decimal +.Pq 0\-255 +values may be specified. +The special value +.Ic v +can be used to arrange that the next integer argument be taken from the +.Ar argument +list. +For retrieving output (with +.Fl i ) , +this part of the field cannot be used. +.Pp +The third part specifies the length of the field. +This is optional and defaults to one byte if not specified. +The length may be specified in bits by prefixing it with +.Ic b +or +.Ic t , +or in bytes by prefixing it with +.Ic i . +Additionally, character arrays can be specified by prefixing with +.Ic c +or, with zeroed trailing spaces, with +.Ic z . +Bits are packed together tightly and begin with the high bit. +New bytes are started when a byte fills or an +.Ic i +field is next. +.Ic i +fields indicate a 1\-4 byte integral value that must already be given in +SCSI byte order (most significant byte first). +Otherwise, the field value specified will be swapped into SCSI byte order. +.Pp +Retrieving data (with +.Fl i ) +follows similarly but without field values. +Besides field specifiers, the command can also include control operations, +which currently includes seeking operations used to ignore returned data. +Seek operations are composed of the +.Ic s +character followed by the absolute position to skip to. +If the position is prefixed with a +.Ic + , +the position is interpreted relative to the current position. +.\" The position can also be read from the +.\" .Ar arg +.\" list if +.\" .Ic v +.\" is specified as the seek value. +.Pp +Entire fields can be suppressed from being returned with the +.Ic * +modifier prepended to the field width. +.Pp +Here are some examples: +.Bl -tag -width 17n +.It Ic s8 z8 z16 z4 +Seek to position 8 and specify three fields of lengths 8 bytes, 16 +bytes, and 4 bytes. +.It Ic 1A 2 +Specify a one-byte field with the hexadecimal value +.Li 0x1A +followed by another one-byte field with the decimal value 2. +.It Ic v:i1 +Specify a one-byte field whose value will be determined from the +next argument in the +.Ar argument +list. +.It Ic 0:7 +Specify a 7-bit field with a value of zero. +.It Ic *b3 b5 +Specify a three-bit field that will be suppressed from being returned +and a five-bit field that will be returned. +.El +.Sh ENVIRONMENT +.Bl -tag -width SU_DEBUG_TRUNCATE +.It Ev SU_DEBUG_OUTPUT +This +variable can be set to a file to send debugging +output to that file. +.It Dv SU_DEBUG_LEVEL +This +variable can be set to a non-zero integer to increase +the level of debugging. +Currently this is an on or off thing; it should +perhaps use the ioctl to set the debug level in the kernel and then set +it back to zero at program exit. +.It Ev SU_DEBUG_TRUNCATE +This +variable can be set to an integer to limit the +amount of data phase output sent to the debugging file. +.It Ev EDITOR +This +variable determines the editor to use for the mode editor. +.El +.Sh FILES +.Bl -tag -width /usr/share/misc/scsi_modes +.It Pa /usr/share/misc/scsi_modes +.El +.Sh EXIT STATUS +.Ex -std scsi +.Sh EXAMPLES +To verify that the device type for the disk +.Pa /dev/rsd0c +is 0 +(direct access device): +.Bd -literal -offset indent +# scsi -f /dev/rsd0c -c "12 0 0 0 64 0" -i 0x64 "*b3 b5" +0 +.Ed +.Pp +To do an inquiry to +.Pa /dev/rsd2c : +.Bd -literal -offset indent +# scsi -f /dev/rsd2c -c "12 0 0 0 64 0" -i 0x64 "s8 z8 z16 z4" +FUJITSU M2654S-512 010P +.Ed +.Pp +To spin down +.Pa /dev/rsd2c : +.Bd -literal -offset indent +# scsi -f /dev/rsd2c -c "1b 0 0 0 0 0" +.Ed +.Pp +To edit mode page 1 on +.Pa /dev/rsd2c +and store it permanently on the +drive (set AWRE and ARRE to 1 to enable bad block remapping): +.Pp +.Dl # scsi -f /dev/rsd2c -m 1 -e -P 3 +.Sh SEE ALSO +.Xr ioctl 2 , +.Xr scsi 4 +.Sh HISTORY +The +.Nm +command appeared in +.Fx +to support the new reprobe and user SCSI commands. +.Sh BUGS +.Ic scsi\ -f /dev/rsd0c -c \(dq4 0 0 0 0 0\(dq +permits anyone who can write to +.Pa /dev/rsd0c +to format the disk drive. diff --git a/static/openbsd/man8/sendmail.8 b/static/openbsd/man8/sendmail.8 new file mode 100644 index 00000000..1696a861 --- /dev/null +++ b/static/openbsd/man8/sendmail.8 @@ -0,0 +1,86 @@ +.\" $OpenBSD: sendmail.8,v 1.4 2015/10/23 15:48:16 jung Exp $ +.\" +.\" Copyright (C) 2013 Ryan Kavanagh <rak@debian.org> +.\" All rights reserved. +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.Dd $Mdocdate: October 23 2015 $ +.Dt SENDMAIL 8 +.Os +.Sh NAME +.Nm sendmail +.Nd a mail enqueuer for +.Xr smtpd 8 +.Sh SYNOPSIS +.Nm +.Op Fl tv +.Op Fl F Ar name +.Op Fl f Ar from +.Ar to ... +.Sh DESCRIPTION +The +.Nm +utility is a local enqueuer for the +.Xr smtpd 8 +daemon, +compatible with +.Xr mailwrapper 8 . +The message is read on standard input (stdin) until +.Nm +encounters an end-of-file. +The +.Nm +enqueuer is not intended to be used directly to send mail, +but rather via a frontend known as a mail user agent. +.Pp +Unless the optional +.Fl t +flag is specified, +one or more recipients must be specified on the command line. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl F Ar name +Set the sender's full name. +.It Fl f Ar from +Set the sender's address. +.It Fl t +Read the message's To:, Cc:, and Bcc: fields for recipients. +The Bcc: field will be deleted before sending. +.It Fl v +Enable verbose output. +.El +.Pp +To maintain compatibility with Sendmail, Inc.'s implementation of +.Nm , +various other flags are accepted, +but have no effect. +.Sh EXIT STATUS +.Ex -std +.Sh SEE ALSO +.Xr smtpctl 8 , +.Xr smtpd 8 +.Sh AUTHORS +.Sy OpenSMTPD +is primarily developed by Gilles Chehade, +Eric Faurot, +and Charles Longeau, +with contributions from various +.Ox +hackers. +It is distributed under the ISC license. +.Pp +This manpage was written by +.An Ryan Kavanagh +.Aq Mt rak@debian.org +for the Debian project and is distributed under the ISC license. diff --git a/static/openbsd/man8/sensorsd.8 b/static/openbsd/man8/sensorsd.8 new file mode 100644 index 00000000..775f57aa --- /dev/null +++ b/static/openbsd/man8/sensorsd.8 @@ -0,0 +1,111 @@ +.\" $OpenBSD: sensorsd.8,v 1.25 2018/01/12 04:36:45 deraadt Exp $ +.\" +.\" Copyright (c) 2003 Henning Brauer <henning@openbsd.org> +.\" Copyright (c) 2005 Matthew Gream <matthew.gream@pobox.com> +.\" Copyright (c) 2007 Constantine A. Murenin <cnst@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 12 2018 $ +.Dt SENSORSD 8 +.Os +.Sh NAME +.Nm sensorsd +.Nd hardware sensors monitor +.Sh SYNOPSIS +.Nm sensorsd +.Op Fl d +.Op Fl c Ar check +.Op Fl f Ar file +.Sh DESCRIPTION +The +.Nm +utility retrieves sensor monitoring data like fan speed, +temperature, voltage and RAID logical disk status from the +.Xr sysctl 2 +.Va hw.sensors +subtree. +When the state of any monitored sensor changes, an alert is triggered. +Every alert logs a message to +.Xr syslog 3 +using the +.Cm daemon +facility. +Optionally, an alert can be configured to execute a command. +.Pp +By default, +.Nm +monitors status changes on all sensors that keep their state, +thus sensors that automatically provide status do not require +any additional configuration. +In addition, for every sensor, +no matter whether it automatically provides its state or not, +custom low and high limits may be set, +so that a local notion of sensor status can be computed by +.Nm , +indicating whether the sensor is within or is exceeding its limits. +.Pp +Limit and command values for a particular sensor may be specified in the +.Xr sensorsd.conf 5 +configuration file. +This file is reloaded upon receiving +.Dv SIGHUP . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c Ar check +Check sensors every +.Ar check +seconds. +The default is 20. +The state of a sensor is not yet regarded as changed when a check +returns a new state for the first time, but only when the two +subsequent checks both confirm the new state. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground. +.It Fl f Ar file +Read configuration from +.Ar file +instead of the default configuration file +.Pa /etc/sensorsd.conf . +.El +.Sh FILES +.Bl -tag -width "/etc/sensorsd.conf" +.It Pa /etc/sensorsd.conf +Configuration file for +.Nm . +.El +.Sh SEE ALSO +.Xr sysctl 2 , +.Xr sensorsd.conf 5 , +.Xr syslog.conf 5 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.5 . +.Sh CAVEATS +Certain sensors may erratically flip status from time to time. +To guard against false reports, +.Nm +requires two confirmations before reporting a state change. +However, this inevitably introduces +an additional delay in status reporting and command execution, +e.g. one may notice that +.Nm +makes its initial report about the state of monitored sensors +not immediately, but by default about 60 seconds after it is started. diff --git a/static/openbsd/man8/setnetbootinfo.8 b/static/openbsd/man8/setnetbootinfo.8 new file mode 100644 index 00000000..e04b0f5c --- /dev/null +++ b/static/openbsd/man8/setnetbootinfo.8 @@ -0,0 +1,129 @@ +.\" $OpenBSD: setnetbootinfo.8,v 1.9 2020/04/23 21:28:10 jmc Exp $ +.\" $NetBSD: setnetbootinfo.8,v 1.2 1997/04/06 08:41:36 cgd Exp $ +.\" +.\" Copyright (c) 1997 Christopher G. Demetriou. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Christopher G. Demetriou +.\" for the NetBSD Project. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt SETNETBOOTINFO 8 alpha +.Os +.Sh NAME +.Nm setnetbootinfo +.Nd configure network bootstrap program +.Sh SYNOPSIS +.Nm setnetbootinfo +.Op Fl vf +.Op Fl o Ar infile +.Oo +.Fl a Ar ether-address | Fl h Ar ether-host +.Oc +.Ar netboot +.Nm setnetbootinfo +.Op Fl v +.Fl u o Ar outfile infile +.Sh DESCRIPTION +The +.Nm setnetbootinfo +utility configures the OpenBSD/alpha network bootstrap program so +that it can be used to bootstrap systems with old firmware revisions. +.Pp +The OpenBSD/alpha network bootstrap program needs to have the Ethernet +address of the interface being used to boot the system available when +querying other hosts on the network for bootstrapping information. +Alpha systems with old firmware revisions provide no way for +network bootstrap programs to determine the Ethernet address of +the interface that they are booting from, and so the OpenBSD/alpha +network bootstrap program must find that information in another way. +(Newer firmware revisions include the Ethernet address in the name of +the device that is being booted from.) +The +.Nm +utility encodes an Ethernet address (and other information) directly +into the network bootstrap program. +.Pp +The options recognized by +.Nm +are as follows: +.Bl -tag -width flag +.It Fl a Ar ether-address +Encode the given Ethernet address into the network bootstrap program. +(This option and the +.Fl h +option are mutually exclusive.) +.It Fl f +Force the address information being encoded in the bootstrap +program to be used regardless of whether or not the bootstrap +program can get address information from the booting system's +firmware. +.It Fl h Ar ether-host +Encode the Ethernet address of the specified host into the network +bootstrap program. +The host's name is translated to an Ethernet address using the +.Xr ether_hostton 3 +function. +(This option and the +.Fl a +option are mutually exclusive.) +.It Fl o Ar outfile +Output the resulting bootstrap program into the file named by +.Ar outfile , +replacing it if it already exists. +If the +.Fl o +flag is not specified, the output file name will be +the name of the input bootstrap program concatenated with a +period and the digits of the Ethernet address being encoded. +For instance, if the input file is named +.Pa /usr/mdec/netboot +and is being configured to encode the Ethernet address +.Li 08:00:2b:bd:5d:fd , +then the default output file name would be +.Pa /usr/mdec/netboot.08002bbd5dfd . +It is safe to set the output file name to be the same as the +input file name; the input file is read in its entirety before +the output file is modified. +.It Fl u +Remove configuration information from the specified network +bootstrap program. +If this option is used, an output file name must be specified with the +.Fl o +option, and neither the +.Fl a +or the +.Fl h +options may be specified. +.It Fl v +Verbose mode. +.El +.Sh SEE ALSO +.Xr dhcpd 8 +.Sh HISTORY +The alpha +.Nm +command first appeared in +.Nx 1.2b . diff --git a/static/openbsd/man8/sftp-server.8 b/static/openbsd/man8/sftp-server.8 new file mode 100644 index 00000000..5311bf92 --- /dev/null +++ b/static/openbsd/man8/sftp-server.8 @@ -0,0 +1,170 @@ +.\" $OpenBSD: sftp-server.8,v 1.31 2021/07/27 14:14:25 jmc Exp $ +.\" +.\" Copyright (c) 2000 Markus Friedl. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 27 2021 $ +.Dt SFTP-SERVER 8 +.Os +.Sh NAME +.Nm sftp-server +.Nd OpenSSH SFTP server subsystem +.Sh SYNOPSIS +.Nm sftp-server +.Bk -words +.Op Fl ehR +.Op Fl d Ar start_directory +.Op Fl f Ar log_facility +.Op Fl l Ar log_level +.Op Fl P Ar denied_requests +.Op Fl p Ar allowed_requests +.Op Fl u Ar umask +.Ek +.Nm +.Fl Q Ar protocol_feature +.Sh DESCRIPTION +.Nm +is a program that speaks the server side of SFTP protocol +to stdout and expects client requests from stdin. +.Nm +is not intended to be called directly, but from +.Xr sshd 8 +using the +.Cm Subsystem +option. +.Pp +Command-line flags to +.Nm +should be specified in the +.Cm Subsystem +declaration. +See +.Xr sshd_config 5 +for more information. +.Pp +Valid options are: +.Bl -tag -width Ds +.It Fl d Ar start_directory +Specifies an alternate starting directory for users. +The pathname may contain the following tokens that are expanded at runtime: +%% is replaced by a literal '%', +%d is replaced by the home directory of the user being authenticated, +and %u is replaced by the username of that user. +The default is to use the user's home directory. +This option is useful in conjunction with the +.Xr sshd_config 5 +.Cm ChrootDirectory +option. +.It Fl e +Causes +.Nm +to print logging information to stderr instead of syslog for debugging. +.It Fl f Ar log_facility +Specifies the facility code that is used when logging messages from +.Nm . +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. +The default is AUTH. +.It Fl h +Displays +.Nm +usage information. +.It Fl l Ar log_level +Specifies which messages will be logged by +.Nm . +The possible values are: +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. +INFO and VERBOSE log transactions that +.Nm +performs on behalf of the client. +DEBUG and DEBUG1 are equivalent. +DEBUG2 and DEBUG3 each specify higher levels of debugging output. +The default is ERROR. +.It Fl P Ar denied_requests +Specifies a comma-separated list of SFTP protocol requests that are banned by +the server. +.Nm +will reply to any denied request with a failure. +The +.Fl Q +flag can be used to determine the supported request types. +If both denied and allowed lists are specified, then the denied list is +applied before the allowed list. +.It Fl p Ar allowed_requests +Specifies a comma-separated list of SFTP protocol requests that are permitted +by the server. +All request types that are not on the allowed list will be logged and replied +to with a failure message. +.Pp +Care must be taken when using this feature to ensure that requests made +implicitly by SFTP clients are permitted. +.It Fl Q Ar protocol_feature +Queries protocol features supported by +.Nm . +At present the only feature that may be queried is +.Dq requests , +which may be used to deny or allow specific requests (flags +.Fl P +and +.Fl p +respectively). +.It Fl R +Places this instance of +.Nm +into a read-only mode. +Attempts to open files for writing, as well as other operations that change +the state of the filesystem, will be denied. +.It Fl u Ar umask +Sets an explicit +.Xr umask 2 +to be applied to newly-created files and directories, instead of the +user's default mask. +.El +.Pp +On some systems, +.Nm +must be able to access +.Pa /dev/log +for logging to work, and use of +.Nm +in a chroot configuration therefore requires that +.Xr syslogd 8 +establish a logging socket inside the chroot directory. +.Sh SEE ALSO +.Xr sftp 1 , +.Xr ssh 1 , +.Xr sshd_config 5 , +.Xr sshd 8 +.Rs +.%A T. Ylonen +.%A S. Lehtinen +.%T "SSH File Transfer Protocol" +.%N draft-ietf-secsh-filexfer-02.txt +.%D October 2001 +.%O work in progress material +.Re +.Sh HISTORY +.Nm +first appeared in +.Ox 2.8 . +.Sh AUTHORS +.An Markus Friedl Aq Mt markus@openbsd.org diff --git a/static/openbsd/man8/showmount.8 b/static/openbsd/man8/showmount.8 new file mode 100644 index 00000000..ce1568d9 --- /dev/null +++ b/static/openbsd/man8/showmount.8 @@ -0,0 +1,92 @@ +.\" $OpenBSD: showmount.8,v 1.14 2022/07/30 07:19:31 jsg Exp $ +.\" $NetBSD: showmount.8,v 1.5 1995/08/31 22:26:07 jtc Exp $ +.\" +.\" Copyright (c) 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Rick Macklem at The University of Guelph. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)showmount.8 8.3 (Berkeley) 3/29/95 +.\" +.Dd $Mdocdate: July 30 2022 $ +.Dt SHOWMOUNT 8 +.Os +.Sh NAME +.Nm showmount +.Nd show remote NFS mounts on host +.Sh SYNOPSIS +.Nm showmount +.Op Fl 3ade +.Op Ar host +.Sh DESCRIPTION +.Nm +shows status information about the +.Tn NFS +server on +.Ar host . +By default it prints the names of all hosts that have +.Tn NFS +file systems mounted +on the host. +See +.%T "NFS: Network File System Protocol Specification" , +RFC 1094, +Appendix A, +and +.%T "NFS: Network File System Version 3 Protocol Specification" , +Appendix I, +for a detailed description of the protocol. +.Bl -tag -width Ds +.It Fl 3 +Use mount protocol Version 3, compatible with NFS Version 3. +.It Fl a +List all mount points in the form: +.Ar host : Ns Ar dirpath . +.It Fl d +List directory paths of mount points instead of hosts. +.It Fl e +Show the +.Ar host Ns 's +exports list. +.El +.Sh SEE ALSO +.Xr mount 8 , +.Xr mountd 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Bx 4.3 Reno . +.Sh BUGS +The mount daemon running on the server only has an idea of the actual mounts, +since the +.Tn NFS +server is stateless. +.Nm +will only display the information +as accurately as the mount daemon reports it. diff --git a/static/openbsd/man8/shutdown.8 b/static/openbsd/man8/shutdown.8 new file mode 100644 index 00000000..275c5563 --- /dev/null +++ b/static/openbsd/man8/shutdown.8 @@ -0,0 +1,219 @@ +.\" $OpenBSD: shutdown.8,v 1.44 2023/06/19 13:05:25 deraadt Exp $ +.\" $NetBSD: shutdown.8,v 1.6 1995/03/18 15:01:07 cgd Exp $ +.\" +.\" Copyright (c) 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)shutdown.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd $Mdocdate: June 19 2023 $ +.Dt SHUTDOWN 8 +.Os +.Sh NAME +.Nm shutdown +.Nd close down the system at a given time +.Sh SYNOPSIS +.Nm shutdown +.Op Fl +.Op Fl dfhknpr +.Ar time +.Op Ar warning-message ... +.Sh DESCRIPTION +.Nm +provides an automated shutdown procedure for superusers +to nicely notify users when the system is shutting down, +saving them from system administrators, hackers, and gurus, who +would otherwise not bother with such niceties. +When the +.Nm +command is issued without options, the system is placed in single +user mode at the indicated time after shutting down all system +services. +.Pp +Users in the +.Va _shutdown +group can also run the +.Nm +command. +Historically this permission was tied to the +.Va operator +group. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +When used with +.Fl h , +.Fl p , +or +.Fl r +causes system to perform a dump. +This option is useful for debugging system dump procedures or capturing the +state of a corrupted or misbehaving system. +See +.Xr savecore 8 +for information on how to recover this dump. +.It Fl f +Create the file +.Pa /fastboot +so that the file systems will +.Em not +be checked by +.Xr fsck 8 +during the next boot. +(See +.Xr rc 8 ) . +.It Fl h +The system is halted at the specified +.Ar time +when +.Nm +execs +.Xr halt 8 . +.It Fl k +Kick everybody off. +The +.Fl k +option +does not actually halt the system, but leaves the +system multi-user with logins disabled (for all but superuser). +.It Fl n +When used with +.Fl h , +.Fl p , +or +.Fl r +prevents the normal +.Xr sync 2 +before stopping the system. +.It Fl p +The system is powered down at the specified +.Ar time . +The +.Fl p +flag is passed on to +.Xr halt 8 , +causing machines which support automatic power down to do so after halting. +.It Fl r +.Nm +execs +.Xr reboot 8 +at the specified +.Ar time . +.It Ar time +.Ar time +is the time at which +.Nm +will bring the system down and +may be the word +.Ar now +(indicating an immediate shutdown) or +specify a future time in one of two formats: +.Ar +number , +or +.Ar yymmddhhmm , +where the year, month, and day may be defaulted +to the current system values. +The first form brings the system down in +.Ar number +minutes and the second at the absolute time specified. +.It Ar warning-message +Any other arguments comprise the warning message that is broadcast +to users currently logged into the system. +.It Fl +If +.Sq Fl +is supplied as an option, the warning message is read from the standard +input. +.El +.Pp +At intervals, becoming more frequent as apocalypse approaches +and starting at ten hours before shutdown, warning messages are displayed +on the terminals of all users logged in. +Five minutes before +shutdown, or immediately if shutdown is in less than 5 minutes, +logins are disabled by creating +.Pa /etc/nologin +and copying the +warning message there. +If this file exists when a user attempts to log in, +.Xr login 1 +prints its contents and exits. +The file is removed just before +.Nm +exits. +.Pp +At shutdown time a message is written in the system log, containing the +time of shutdown, who initiated the shutdown and the reason. +A terminate +signal is then sent to +.Em init +to bring the system down to single-user state (depending on above +options). +The time of the shutdown and the warning message +are placed in +.Pa /etc/nologin +and should be used to +inform the users about when the system will be back up +and why it is going down (or anything else). +.Pp +You can cancel a scheduled shutdown with the +.Xr kill 1 +command by killing the shutdown process. +.Sh FILES +.Bl -tag -width /etc/rc.shutdown -compact +.It Pa /etc/nologin +tells login not to let anyone log in +.It Pa /etc/rc.shutdown +run by +.Xr rc 8 +before the system is shutdown +.It Pa /fastboot +tells +.Xr rc 8 +not to run +.Xr fsck 8 +during the next boot +.El +.Sh SEE ALSO +.Xr kill 1 , +.Xr login 1 , +.Xr wall 1 , +.Xr halt 8 , +.Xr rc.shutdown 8 , +.Xr reboot 8 +.Sh STANDARDS +The hours and minutes in the second time format may be separated by +a colon +.Pq Sq \&: +for backward compatibility. +.Sh HISTORY +A +.Nm +command first appeared outside of Bell Labs in PWB/UNIX 1.0 +and has been available since +.Bx 4.1 . diff --git a/static/openbsd/man8/skeyprune.8 b/static/openbsd/man8/skeyprune.8 new file mode 100644 index 00000000..befcb5c1 --- /dev/null +++ b/static/openbsd/man8/skeyprune.8 @@ -0,0 +1,72 @@ +.\" $OpenBSD: skeyprune.8,v 1.13 2019/01/25 00:19:26 millert Exp $ +.\" +.\" Copyright (c) 1996, 2001, 2002 Todd C. Miller <millert@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt SKEYPRUNE 8 +.Os +.Sh NAME +.Nm skeyprune +.Nd prune zeroed and old entries from S/Key database +.Sh SYNOPSIS +.Nm skeyprune +.Op Ar days +.Sh DESCRIPTION +.Nm skeyprune +searches through the S/Key database, +.Pa /etc/skey , +and prunes out entries that have been zeroed out via +.Xr skeyinit 1 +as well as entries that have not been modified in +.Ar days +days. +If +.Ar days +is not specified, only invalid entries are pruned. +.Pp +If a malformed entry is encountered, or if the file mode/type is incorrect, +an error is printed to the standard error. +.Sh FILES +.Bl -tag -width /etc/skey +.It Pa /etc/skey +directory containing S/Key user entries +.El +.Sh DIAGNOSTICS +The following errors are cause for concern. +.Bl -tag -width Ds +.It Can't cd to /etc/skey +The S/Key database directory, +.Pa /etc/skey , +does not exist. +The superuser may create it by running +.Dq skeyinit -E . +.It Can't open user +The user's entry was found in +.Pa /etc/skey +but it could not be opened. +.It user is not a regular file +The user's entry is not a regular file. +.It Bad mode for user +The user's entry had a bad file mode (should be 0600). +.It Bad link count for user. +The user's entry had a bad link count (should be 1). +.It Invalid entry for user +The user's entry was not of the correct format, as specified by +.Xr skey 5 . +.El +.Sh SEE ALSO +.Xr skey 1 , +.Xr skeyinit 1 , +.Xr skey 5 diff --git a/static/openbsd/man8/slaacctl.8 b/static/openbsd/man8/slaacctl.8 new file mode 100644 index 00000000..15a19bf4 --- /dev/null +++ b/static/openbsd/man8/slaacctl.8 @@ -0,0 +1,79 @@ +.\" $OpenBSD: slaacctl.8,v 1.7 2023/11/27 09:29:48 kn Exp $ +.\" +.\" Copyright (c) 2017 Florian Obser <florian@openbsd.org> +.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> +.\" Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 27 2023 $ +.Dt SLAACCTL 8 +.Os +.Sh NAME +.Nm slaacctl +.Nd control the SLAAC daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr slaacd 8 +daemon. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /dev/slaacd.sock +to communicate with +.Xr slaacd 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm send solicitation Ar interface +Send a router solicitation on interface +.Ar interface . +.It Cm show interface Op Ar interface +Display status about network interfaces. +If +.Ar interface +is specified, only information relative to +.Ar interface +is shown. +Otherwise information on all interfaces is shown. +.El +.Sh FILES +.Bl -tag -width "/dev/slaacd.sockXX" -compact +.It Pa /dev/slaacd.sock +.Ux Ns -domain +socket used for communication with +.Xr slaacd 8 . +.El +.Sh SEE ALSO +.Xr slaacd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.2 . diff --git a/static/openbsd/man8/slaacd.8 b/static/openbsd/man8/slaacd.8 new file mode 100644 index 00000000..e51ff5ee --- /dev/null +++ b/static/openbsd/man8/slaacd.8 @@ -0,0 +1,166 @@ +.\" $OpenBSD: slaacd.8,v 1.13 2024/08/11 06:07:37 jmc Exp $ +.\" +.\" Copyright (c) 2017 Florian Obser <florian@openbsd.org> +.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 11 2024 $ +.Dt SLAACD 8 +.Os +.Sh NAME +.Nm slaacd +.Nd Stateless Address Autoconfiguration (SLAAC) daemon +.Sh SYNOPSIS +.Nm +.Op Fl dv +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is a stateless address autoconfiguration (SLAAC) daemon for clients. +If an interface has the +.Sy AUTOCONF6 +flag set +(auto configuration is enabled), +.Nm +regularly sends out requests for IPv6 router advertisement messages, +such as those sent by +.Xr rad 8 , +and uses those messages to configure the relevant interface. +.Pp +See +.Xr hostname.if 5 +and +.Xr ifconfig 8 +on how to enable auto configuration on an interface. +.Pp +.Nm +monitors network interface states +(interface going up or down, auto configuration enabled or disabled, etc.)\& +and sends router solicitations when necessary. +A running +.Nm +can be controlled with the +.Xr slaacctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +Multiple +.Fl v +options increase the verbosity. +.El +.Sh FILES +.Bl -tag -width "/dev/slaacd.sockXX" -compact +.It Pa /dev/slaacd.sock +.Ux Ns -domain +socket used for communication with +.Xr slaacctl 8 . +.El +.Sh SEE ALSO +.Xr hostname.if 5 , +.Xr ifconfig 8 , +.Xr rad 8 , +.Xr slaacctl 8 +.Sh STANDARDS +.Rs +.%A R. Draves +.%A D. Thaler +.%D November 2005 +.%R RFC 4191 +.%T Default Router Preferences and More-Specific Routes +.Re +.Pp +.Rs +.%A R. Hinden +.%A S. Deering +.%D February 2006 +.%R RFC 4291 +.%T IP Version 6 Addressing Architecture +.Re +.Pp +.Rs +.%A T. Narten +.%A E. Nordmark +.%A W. Simpson +.%A H. Soliman +.%D September 2007 +.%R RFC 4861 +.%T Neighbor Discovery for IP version 6 (IPv6) +.Re +.Pp +.Rs +.%A F. Gont +.%D April 2014 +.%R RFC 7217 +.%T A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC) +.Re +.Pp +.Rs +.%A A. Yourtchenko +.%A L. Colitti +.%D February 2016 +.%R RFC 7772 +.%T Reducing Energy Consumption of Router Advertisements +.Re +.Pp +.Rs +.%A F. Gont +.%A A. Cooper +.%A D. Thaler +.%A W. Liu +.%D February 2017 +.%R RFC 8064 +.%T Recommendation on Stable IPv6 Interface Identifiers +.Re +.Pp +.Rs +.%A J. Jeong +.%A S. Park +.%A L. Beloeil +.%A S. Madanapalli +.%D March 2017 +.%R RFC 8106 +.%T IPv6 Router Advertisement Options for DNS Configuration +.Re +.Pp +.Rs +.%A F. Gont +.%A S. Krishnan +.%A T. Narten +.%A R. Draves +.%D February 2021 +.%R RFC 8981 +.%T Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6 +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.2 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Florian Obser Aq Mt florian@openbsd.org . diff --git a/static/openbsd/man8/slowcgi.8 b/static/openbsd/man8/slowcgi.8 new file mode 100644 index 00000000..e1f0afbd --- /dev/null +++ b/static/openbsd/man8/slowcgi.8 @@ -0,0 +1,129 @@ +.\" $OpenBSD: slowcgi.8,v 1.17 2022/08/06 17:11:36 op Exp $ +.\" +.\" Copyright (c) 2013 Florian Obser <florian@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 6 2022 $ +.Dt SLOWCGI 8 +.Os +.Sh NAME +.Nm slowcgi +.Nd a FastCGI to CGI wrapper server +.Sh SYNOPSIS +.Nm +.Op Fl dv +.Op Fl p Ar path +.Op Fl s Ar socket +.Op Fl t Ar timeout +.Op Fl U Ar user +.Op Fl u Ar user +.Sh DESCRIPTION +.Nm +is a server which implements the FastCGI Protocol to execute CGI scripts. +FastCGI was designed to overcome the CGI protocol's scalability +and resource sharing limitations. +While CGI scripts need to be forked for every request, FastCGI scripts +can be kept running and handle many HTTP requests. +.Pp +.Nm +is a simple server that translates FastCGI requests to the CGI protocol. +It executes the requested CGI script and translates its output back to the +FastCGI protocol. +.Pp +Modern web frameworks and web applications usually come with the +capability to run as FastCGI servers. +.Nm +is not intended for these applications. +.Pp +.Nm +opens a socket at +.Pa /var/www/run/slowcgi.sock , +owned by www:www, +with permissions 0660. +It will then +.Xr chroot 8 +to +.Pa /var/www +and drop privileges to user +.Qq www . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to stderr. +.It Fl p Ar path +.Xr chroot 2 +to +.Ar path . +A +.Ar path +of +.Pa / +effectively disables the chroot. +.It Fl s Ar socket +Create and bind to alternative local socket at +.Ar socket . +.It Fl t Ar timeout +Terminate the request after +.Ar timeout +seconds instead of the default 120 seconds. +The CGI script is left to run but its standard input, output and error +will be closed. +.It Fl U Ar user +Change the owner of +.Pa /var/www/run/slowcgi.sock +to +.Ar user +and its primary group instead of the default www:www. +.It Fl u Ar user +Drop privileges to +.Ar user +instead of default user www and +.Xr chroot 8 +to +the home directory of +.Ar user . +.It Fl v +Enable more verbose (debug) logging. +.El +.Sh SEE ALSO +.Xr httpd 8 +.Sh STANDARDS +.Rs +.%A Mark R. Brown +.%D April 1996 +.%T FastCGI Specification +.Re +.Pp +.Rs +.%A D. Robinson, K. Coar +.%D October 2004 +.%R RFC 3875 +.%T The Common Gateway Interface (CGI) Version 1.1 +.Re +.Sh HISTORY +The +.Nm +server first appeared in +.Ox 5.4 . +.Sh AUTHORS +.An Florian Obser Aq Mt florian@openbsd.org +.Sh BUGS +.Nm +only implements the parts of the FastCGI standard needed to execute +CGI scripts. +This is intentional. diff --git a/static/openbsd/man8/smtpctl.8 b/static/openbsd/man8/smtpctl.8 new file mode 100644 index 00000000..e12ff9aa --- /dev/null +++ b/static/openbsd/man8/smtpctl.8 @@ -0,0 +1,341 @@ +.\" $OpenBSD: smtpctl.8,v 1.66 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> +.\" Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt SMTPCTL 8 +.Os +.Sh NAME +.Nm smtpctl , +.Nm mailq +.Nd control the SMTP daemon +.Sh SYNOPSIS +.Nm +.Ar command +.Op Ar argument ... +.Nm mailq +.Sh DESCRIPTION +The +.Nm +program controls +.Xr smtpd 8 . +Commands may be abbreviated to the minimum unambiguous prefix; for example, +.Cm sh ro +for +.Cm show routes . +.Pp +The +.Nm mailq +command is provided for compatibility with other MTAs +and is simply a shortcut for +.Cm show queue . +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm discover Ar envelope-id | message-id +Schedule a single envelope, or all envelopes with the same message ID +that were manually moved to the queue. +.It Cm encrypt Op Ar string +Encrypt the password +.Ar string +to a representation suitable for user credentials and print it to the +standard output. +If +.Ar string +is not provided, cleartext passwords are read from standard input. +.Pp +It is advised to avoid providing the password as a parameter as it will be +visible from +.Xr top 1 +and +.Xr ps 1 +output. +.It Cm log brief +Disable verbose debug logging. +.It Cm log verbose +Enable verbose debug logging. +.It Cm monitor +Display updates of some +.Xr smtpd 8 +internal counters in one second intervals. +Each line reports the increment of all counters since the last update, +except for some counters which are always absolute values. +The first line reports the current value of each counter. +The fields are: +.Pp +.Bl -bullet -compact +.It +Current number of active SMTP clients (absolute value). +.It +New SMTP clients. +.It +Disconnected clients. +.It +Current number of envelopes in the queue (absolute value). +.It +Newly enqueued envelopes. +.It +Dequeued envelopes. +.It +Successful deliveries. +.It +Temporary failures. +.It +Permanent failures. +.It +Message loops. +.It +Expired envelopes. +.It +Envelopes removed by the administrator. +.It +Generated bounces. +.El +.It Cm pause envelope Ar envelope-id | message-id | Cm all +Temporarily suspend scheduling for the envelope with the given ID, +envelopes with the given message ID, +or all envelopes. +.It Cm pause mda +Temporarily stop deliveries to local users. +.It Cm pause mta +Temporarily stop relaying and deliveries to +remote users. +.It Cm pause smtp +Temporarily stop accepting incoming sessions. +.It Cm profile Ar subsystem +Enables real-time profiling of +.Ar subsystem . +Supported subsystems are: +.Pp +.Bl -bullet -compact +.It +queue, to profile cost of queue IO +.It +imsg, to profile cost of event handlers +.El +.It Cm remove Ar envelope-id | message-id | Cm all +Remove a single envelope, +envelopes with the given message ID, +or all envelopes. +.It Cm resume envelope Ar envelope-id | message-id | Cm all +Resume scheduling for the envelope with the given ID, +envelopes with the given message ID, +or all envelopes. +.It Cm resume mda +Resume deliveries to local users. +.It Cm resume mta +Resume relaying and deliveries to remote users. +.It Cm resume route Ar route-id +Resume routing on disabled route +.Ar route-id . +.It Cm resume smtp +Resume accepting incoming sessions. +.It Cm schedule Ar envelope-id | message-id | Cm all +Mark as ready for immediate delivery +a single envelope, +envelopes with the given message ID, +or all envelopes. +.It Cm show envelope Ar envelope-id +Display envelope content for the given ID. +.It Cm show hosts +Display the list of known remote MX hosts. +For each of them, it shows the IP address, the canonical hostname, +a reference count, the number of active connections to this host, +and the elapsed time since the last connection. +.It Cm show hoststats +Display status of last delivery for domains that have been active in the +last 4 hours. +It consists of the following fields, separated by a "|": +.Pp +.Bl -bullet -compact +.It +Domain. +.It +.Ux +timestamp of last delivery. +.It +Status of last delivery. +.El +.It Cm show message Ar envelope-id +Display message content for the given ID. +.It Cm show queue +Display information concerning envelopes that are currently in the queue. +Each line of output describes a single envelope. +It consists of the following fields, separated by a "|": +.Pp +.Bl -bullet -compact +.It +Envelope ID. +.It +Address family of the client which enqueued the mail. +.It +Type of delivery: one of "mta", "mda" or "bounce". +.It +Various flags on the envelope. +.It +Sender address (return path). +.It +The original recipient address. +.It +The destination address. +.It +Time of creation. +.It +Time of expiration. +.It +Time of last delivery or relaying attempt. +.It +Number of delivery or relaying attempts. +.It +Current runstate: either "pending" or "inflight" if +.Xr smtpd 8 +is running, or "offline" otherwise. +.It +Delay in seconds before the next attempt if pending, or time elapsed +if currently running. +This field is blank if +.Xr smtpd 8 +is not running. +.It +Error string for the last failed delivery or relay attempt. +.El +.It Cm show relays +Display the list of currently active relays and associated connectors. +For each relay, it shows a number of counters and information on its +internal state on a single line. +Then comes the list of connectors +(source addresses to connect from for this relay). +.It Cm show routes +Display status of routes currently known by +.Xr smtpd 8 . +Each line consists of a route number, a source address, a destination +address, a set of flags, the number of connections on this +route, the current penalty level which determines the amount of time +the route is disabled if an error occurs, and the delay before it +gets reactivated. +The following flags are defined: +.Pp +.Bl -tag -width xx -compact +.It D +The route is currently disabled. +.It N +The route is new. +No SMTP session has been established yet. +.It Q +The route has a timeout registered to lower its penalty level and possibly +reactivate or discard it. +.El +.It Cm show stats +Displays runtime statistics concerning +.Xr smtpd 8 . +.It Cm show status +Shows if MTA, MDA and SMTP systems are currently running or paused. +.It Cm spf walk +Recursively look up SPF records for the domains read from stdin. +For example: +.Bd -literal -offset indent +$ smtpctl spf walk < domains.txt +.Ed +.Pp +SPF records may contain macros which cannot be included in a static list and +must be resolved dynamically at connection time. +.Cm spf walk +cannot provide full results in these cases. +.It Cm trace Ar subsystem +Enables real-time tracing of +.Ar subsystem . +Supported subsystems are: +.Pp +.Bl -bullet -compact +.It +imsg +.It +io +.It +smtp (incoming sessions) +.It +filters +.It +mta (outgoing sessions) +.It +bounce +.It +scheduler +.It +expand (aliases/virtual/forward expansion) +.It +lookup (user/credentials lookups) +.It +stat +.It +rules (matched by incoming sessions) +.It +mproc +.It +all +.El +.It Cm unprofile Ar subsystem +Disables real-time profiling of +.Ar subsystem . +.It Cm untrace Ar subsystem +Disables real-time tracing of +.Ar subsystem . +.It Cm update table Ar name +Updates the contents of table +.Ar name , +for tables using the +.Dq file +backend. +.El +.Pp +When +.Nm smtpd +receives a message, it generates a +.Ar message-id +for the message, and one +.Ar envelope-id +per recipient. +The +.Ar message-id +is a 32-bit random identifier that is guaranteed to be +unique on the host system. +The +.Ar envelope-id +is a 64-bit unique identifier that encodes the +.Ar message-id +in the 32 upper bits and a random envelope identifier +in the 32 lower bits. +.Pp +A command which specifies a +.Ar message-id +applies to all recipients of a message; +a command which specifies an +.Ar envelope-id +applies to a specific recipient of a message. +.Sh FILES +.Bl -tag -width "/var/run/smtpd.sockXXX" -compact +.It Pa /var/run/smtpd.sock +.Ux Ns -domain +socket used for communication with +.Xr smtpd 8 . +.El +.Sh SEE ALSO +.Xr smtpd 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.6 . diff --git a/static/openbsd/man8/smtpd.8 b/static/openbsd/man8/smtpd.8 new file mode 100644 index 00000000..29e44468 --- /dev/null +++ b/static/openbsd/man8/smtpd.8 @@ -0,0 +1,167 @@ +.\" $OpenBSD: smtpd.8,v 1.33 2023/03/02 17:09:53 jmc Exp $ +.\" +.\" Copyright (c) 2012, Eric Faurot <eric@openbsd.org> +.\" Copyright (c) 2008, Gilles Chehade <gilles@poolp.org> +.\" Copyright (c) 2008, Pierre-Yves Ritschard <pyr@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt SMTPD 8 +.Os +.Sh NAME +.Nm smtpd +.Nd Simple Mail Transfer Protocol (SMTP) daemon +.Sh SYNOPSIS +.Nm +.Op Fl dFhnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Op Fl P Ar system +.Op Fl T Ar trace +.Sh DESCRIPTION +.Nm +is a Simple Mail Transfer Protocol +.Pq SMTP +daemon which can be used as a machine's primary mail system. +.Nm +can listen on a network interface and handle SMTP +transactions; it can also be fed messages through the standard +.Xr sendmail 8 +interface. +It can relay messages through remote mail transfer agents or store them +locally using either the mbox or maildir format. +This implementation supports SMTP as defined by RFC 5321 as well as several +extensions. +A running +.Nm +can be controlled through +.Xr smtpctl 8 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl F +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Xr syslogd 8 . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl h +Display version and usage. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl P Ar system +Pause a specific subsystem at startup. +Normal operation can be resumed using +.Xr smtpctl 8 . +This option can be used multiple times. +The accepted values are: +.Pp +.Bl -tag -width "smtpXXX" -compact +.It mda +Do not schedule local deliveries. +.It mta +Do not schedule remote transfers. +.It smtp +Do not listen on SMTP sockets. +.El +.It Fl T Ar trace +Enables real-time tracing at startup. +Normal operation can be resumed using +.Xr smtpctl 8 . +This option can be used multiple times. +The accepted values are: +.Pp +.Bl -bullet -compact +.It +imsg +.It +io +.It +smtp (incoming sessions) +.It +filters +.It +transfer (outgoing sessions) +.It +bounce +.It +scheduler +.It +expand (aliases/virtual/forward expansion) +.It +lookup (user/credentials lookups) +.It +stat +.It +rules (matched by incoming sessions) +.It +mproc +.It +all +.El +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/etc/mail/smtpd.confXXX" -compact +.It Pa /etc/mail/mailname +Alternate server name to use. +.It Pa /etc/mail/smtpd.conf +Default +.Nm +configuration file. +.It Pa /var/run/smtpd.sock +.Ux Ns -domain +socket used for communication with +.Xr smtpctl 8 . +.It Pa /var/spool/smtpd/ +Spool directories for mail during processing. +.It Pa ~/.forward +User email forwarding information. +.El +.Sh SEE ALSO +.Xr forward 5 , +.Xr smtpd.conf 5 , +.Xr mailwrapper 8 , +.Xr smtpctl 8 +.Sh STANDARDS +.Rs +.%A J. Klensin +.%D October 2008 +.%R RFC 5321 +.%T Simple Mail Transfer Protocol +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.6 . diff --git a/static/openbsd/man8/sndiod.8 b/static/openbsd/man8/sndiod.8 new file mode 100644 index 00000000..32f6cedd --- /dev/null +++ b/static/openbsd/man8/sndiod.8 @@ -0,0 +1,587 @@ +.\" $OpenBSD: sndiod.8,v 1.20 2026/03/15 14:24:43 ratchov Exp $ +.\" +.\" Copyright (c) 2006-2012 Alexandre Ratchov <alex@caoua.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 15 2026 $ +.Dt SNDIOD 8 +.Os +.Sh NAME +.Nm sndiod +.Nd audio/MIDI server +.Sh SYNOPSIS +.Nm sndiod +.Bk -words +.Op Fl d +.Op Fl a Ar flag +.Op Fl b Ar nframes +.Op Fl C Ar min : Ns Ar max +.Op Fl c Ar min : Ns Ar max +.Op Fl e Ar enc +.Op Fl F Ar device +.Op Fl f Ar device +.Op Fl j Ar flag +.Op Fl L Ar addr +.Op Fl m Ar mode +.Op Fl Q Ar port +.Op Fl q Ar port +.Op Fl r Ar rate +.Op Fl s Ar name +.Op Fl t Ar mode +.Op Fl U Ar unit +.Op Fl v Ar volume +.Op Fl w Ar flag +.Op Fl z Ar nframes +.Ek +.Sh DESCRIPTION +The +.Nm +daemon is an intermediate layer between +audio or MIDI programs and the hardware. +It performs the necessary audio processing to +allow any program to work on any supported hardware. +By default, +.Nm +accepts connections from programs +running on the same system only; +it initializes only when programs are using its services, +allowing +.Nm +to consume a negligible amount of system resources the rest of the time. +Systems with no audio hardware can use +.Nm +to keep hot-pluggable devices usable by default at +virtually no cost. +.Pp +.Nm +operates as follows: it exposes at least one +.Em sub-device +that any number of audio programs can connect to and use as if it was +audio hardware. +During playback, +.Nm +receives audio data concurrently from all programs, mixes it and sends +the result to the hardware device. +Similarly, during recording it duplicates audio data recorded +from the device and sends it to all programs. +Since audio data flows through the +.Nm +process, it has the opportunity to process audio data on the fly: +.Pp +.Bl -bullet -offset indent -compact +.It +Change the sound encoding to overcome incompatibilities between +software and hardware. +.It +Route the sound from one channel to another, +join stereo or split mono. +.It +Control the per-application playback volume as well as the +master volume. +.It +Monitor the sound being played, allowing one program to record +what other programs play. +.El +.Pp +Processing is configured on a per sub-device basis, meaning that +the sound of all programs connected to the same sub-device will be +processed according to the same configuration. +Multiple sub-devices can be defined, allowing multiple configurations +to coexist. +The user selects the configuration a given program will use +by selecting the sub-device the program uses. +.Pp +.Nm +exposes MIDI thru boxes (hubs), +allowing programs to send MIDI messages to each other +or to hardware MIDI ports in a uniform way. +.Pp +Finally, +.Nm +exposes a control MIDI port usable for: +.Pp +.Bl -bullet -offset indent -compact +.It +Volume control. +.It +Common clock source for audio and MIDI programs. +.It +Start, stop and relocate groups of audio programs. +.El +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a Ar flag +Control whether +.Nm +opens the audio device or the MIDI port only when needed or keeps +it open all the time. +If the flag is +.Va on +then the audio device or MIDI port is kept open all the time, ensuring +no other program can steal it. +If the flag is +.Va off , +then it's automatically closed, allowing other programs to have direct +access to the audio device, or the device to be disconnected. +The default is +.Va off . +.It Fl b Ar nframes +The buffer size of the audio device in frames. +A frame consists of one sample for each channel in the stream. +This is the number of frames that will be buffered before being played +and thus controls the playback latency. +The default is 7680 or twice the block size +.Pq Fl z , +if the block size is set. +.It Xo +.Fl C Ar min : Ns Ar max , +.Fl c Ar min : Ns Ar max +.Xc +The range of channel numbers for recording and playback directions, +respectively any client is allowed to use. +This is a subset of the audio device channels. +The default is 0:1, i.e. stereo. +.It Fl d +Enable debugging to standard error, and do not disassociate from the +controlling terminal. +Can be specified multiple times to further increase log verbosity. +.It Fl e Ar enc +Attempt to configure the device to use this encoding. +The default is +.Va s16 . +Encoding names use the following scheme: signedness +.Po +.Va s +or +.Va u +.Pc +followed +by the precision in bits, the byte-order +.Po +.Va le +or +.Va be +.Pc , +the number of +bytes per sample, and the alignment +.Po +.Va msb +or +.Va lsb +.Pc . +Only the signedness and the precision are mandatory. +Examples: +.Va u8 , s16le , s24le3 , s24le4lsb . +.It Fl F Ar device +Same as +.Fl f +except that if the device is disconnected, +the one given with the previous +.Fl f +or +.Fl F +option will be used. +.It Fl f Ar device +Add this +.Xr sndio 7 +audio device to devices used for playing and/or recording. +Preceding per-device options +.Pq Fl aberwz +apply to this device. +Sub-devices +.Pq Fl s +that are applied after will be attached to this device. +Device mode and parameters are determined from sub-devices +attached to it. +If no +.Fl f +option is used, +.Nm +will use +.Pa rsnd/0 , rsnd/1 , +.No ... , +.Pa rsnd/3 . +.It Fl j Ar flag +Control whether program channels are joined or expanded if +the number of channels requested by a program is not equal +to the device number of channels. +If the flag is +.Va off +then client channels are routed to the corresponding +device channel, possibly discarding channels not present in the device. +If the flag is +.Va on , +then a single client channel may be sent on multiple device channels, +or multiple client channels may be sent to a single device channel. +For instance, this feature could be used for mono to stereo conversions. +The default is +.Ar on . +.It Fl L Ar addr +Specify a local network address +.Nm +should listen on; +.Nm +will listen on TCP port 11025+n, where n is the unit number +specified with +.Fl U . +Without this option, +.Nm +listens on the +.Ux Ns -domain +socket only, and is not reachable from any network. +If the option argument is +.Sq - +then +.Nm +will accept connections from any address. +As the communication is not secure, this +option is only suitable for local networks where all hosts +and users are trusted. +.It Fl m Ar mode +Set the sub-device mode. +Valid modes are +.Ar play , +.Ar rec , +and +.Ar mon , +corresponding to playback, recording and monitoring. +A monitoring stream is a fake recording stream corresponding to +the mix of all playback streams. +Multiple modes can be specified, separated by commas. +The default is +.Ar play , Ns Ar rec +(i.e. full-duplex). +.It Fl Q Ar port +Specify an alternate MIDI port to use. +If it doesn't work, the one given with the last +.Fl Q +or +.Fl q +options will be used. +For instance, this allows a USB MIDI controller to be replaced without +the need to restart programs using it. +.It Fl q Ar port +Expose the given MIDI port. +This allows multiple programs to share the port. +If no +.Fl q +option is used, +.Nm +will use +.Pa rmidi/0 , rmidi/1 , +.No ... , +.Pa rmidi/7 . +.It Fl r Ar rate +Attempt to force the device to use this sample rate in Hertz. +The default is 48000. +.It Fl s Ar name +Add +.Ar name +to the list of sub-devices to expose. +This allows clients to use +.Nm +instead of the physical audio device for audio input and output +in order to share the physical device with other clients. +Defining multiple sub-devices allows splitting a physical audio device +into sub-devices having different properties (e.g. channel ranges). +The given +.Ar name +corresponds to the +.Dq option +part of the +.Xr sndio 7 +device name string. +.It Fl t Ar mode +Select the way clients are controlled by MIDI Machine Control (MMC) +messages received by +.Nm . +If the mode is +.Va off +(the default), then programs are not affected by MMC messages. +If the mode is +.Va slave , +then programs are started synchronously by MMC start messages; +additionally, the server clock is exposed as MIDI Time Code (MTC) +messages allowing MTC-capable software or hardware to be synchronized +to audio programs. +.It Fl U Ar unit +Unit number. +Each +.Nm +server instance has a unique unit number, +used in +.Xr sndio 7 +device names. +The default is 0. +.It Fl v Ar volume +Software volume attenuation of playback. +The value must be between 1 and 127, +corresponding to \-42dB and \-0dB attenuation in 1/3dB steps. +Clients inherit this parameter. +Reducing the volume in advance allows a client's volume to stay independent +from the number of clients as long as their number is small enough. +18 volume units (i.e. \-6dB attenuation) allows the number +of playback programs to be doubled. +The default is 127. +.It Fl w Ar flag +Control +.Nm +behaviour when the maximum volume of the hardware is reached +and a new program starts playing. +This happens only when volumes are not properly set using the +.Fl v +option. +If the flag is +.Va on , +then the master volume is automatically adjusted to avoid clipping. +The default is +.Va off . +.It Fl z Ar nframes +The audio device block size in frames. +This is the number of frames between audio clock ticks, +i.e. the clock resolution. +If a sub-device is created with the +.Fl t +option, and MTC is used for synchronization, the clock +resolution must be 96, 100 or 120 ticks per second for maximum +accuracy. +For instance, 100 ticks per second at 48000Hz corresponds +to a 480 frame block size. +The default is 480 or half of the buffer size +.Pq Fl b , +if the buffer size is set. +.El +.Pp +On the command line, +per-device parameters +.Pq Fl aberwz +must precede the device definition +.Pq Fl f , +and per-sub-device parameters +.Pq Fl Ccjmtvx +must precede the sub-device definition +.Pq Fl s . +Sub-device definitions +.Pq Fl s +must follow the definition of the device +.Pq Fl f +to which they are attached. +.Pp +If no audio devices +.Pq Fl f +are specified, +settings are applied as if +the default device is specified. +If no sub-devices +.Pq Fl s +are specified for a device, a default sub-device is +created attached to it. +If a device +.Pq Fl f +is defined twice, both definitions are merged: +parameters of the first one are used but sub-devices +.Pq Fl s +of both definitions are created. +The default +.Xr sndio 7 +device used by +.Nm +is +.Pa rsnd/0 , +and the default sub-device exposed by +.Nm +is +.Pa snd/default . +.Pp +If +.Nm +is sent +.Dv SIGINT +or +.Dv SIGTERM , +it terminates. +If +.Nm +is sent +.Dv SIGHUP , +it reopens all audio devices and MIDI ports. +.Pp +By default, when the program cannot accept +recorded data fast enough or cannot provide data to play fast enough, +the program is paused, i.e. samples that cannot be written are discarded +and samples that cannot be read are replaced by silence. +If a sub-device is created with the +.Fl t +option, then recorded samples are discarded, +but the same amount of silence will be written +once the program is unblocked, in order to reach the right position in time. +Similarly silence is played, but the same amount of samples will be discarded +once the program is unblocked. +This ensures proper synchronization between programs. +.Sh MIDI CONTROL +.Nm +creates a MIDI port with the same name as the exposed audio +sub-device to which MIDI programs can connect. +.Nm +exposes the audio device clock +and allows audio device properties to be controlled +through MIDI. +.Pp +A MIDI channel is assigned to each program, and the volume +is changed using the standard volume controller (number 7). +Similarly, when the audio client changes its volume, +the same MIDI controller message is sent out; it can be used +for instance for monitoring or as feedback for motorized +faders. +Multiple instances of the same program will share the same setting. +.Pp +The master volume can be changed using the standard master volume +system exclusive message. +.Pp +Streams created with the +.Fl t +option are controlled by the following MMC messages: +.Bl -tag -width relocateXXX -offset indent +.It relocate +This message is ignored by audio +.Nm +clients, but the given time position is sent to MIDI ports as an MTC +.Dq "full frame" +message forcing all MTC-slaves to relocate to the given +position (see below). +.It start +Put all streams in starting mode. +In this mode, +.Nm +waits for all streams to become ready +to start, and then starts them synchronously. +Once started, new streams can be created +.Pq Nm sndiod +but they will be blocked +until the next stop-to-start transition. +.It stop +Put all streams in stopped mode (the default). +In this mode, any stream attempting to start playback or recording +is paused. +Client streams that are already +started are not affected until they stop and try to start again. +.El +.Pp +Streams created with the +.Fl t +option export the +.Nm +device clock using MTC, allowing non-audio +software or hardware to be synchronized to the audio stream. +Maximum accuracy is achieved when the number of blocks per +second is equal to one of the standard MTC clock rates (96, 100 and 120Hz). +The following sample rates +.Pq Fl r +and block sizes +.Pq Fl z +are recommended: +.Pp +.Bl -bullet -offset indent -compact +.It +44100Hz, 441 frames (MTC rate is 100Hz) +.It +48000Hz, 400 frames (MTC rate is 120Hz) +.It +48000Hz, 480 frames (MTC rate is 100Hz) +.It +48000Hz, 500 frames (MTC rate is 96Hz) +.El +.Pp +For instance, the following command will create two devices: +the default +.Va snd/default +and a MIDI-controlled +.Va snd/mmc : +.Bd -literal -offset indent +$ sndiod -r 48000 -z 400 -s default -t slave -s mmc +.Ed +.Pp +Streams connected to +.Va snd/default +behave normally, while streams connected to +.Va snd/mmc +wait for the MMC start signal and start synchronously. +Regardless of which device a stream is connected to, +its playback volume knob is exposed. +.Sh HOT PLUGGING +If the current device is unavailable when needed or unplugged at runtime, +.Nm +will attempt to seamlessly fall back to the last working device. +.Pp +.Nm +will not automatically switch to specified device that is plugged at runtime. +Instead, +.Xr sndioctl 1 +must be used to change the +.Va server.device +control. +.Pp +For instance, switching from a PCI device to a USB device allows +.Nm +to use the USB one preferably when it's connected +and to fall back to the PCI one when it's disconnected. +.Sh EXAMPLES +Start server using default parameters, creating an +additional sub-device for output to channels 2:3 only (rear speakers +on most cards), exposing the +.Pa snd/default +and +.Pa snd/rear +devices: +.Bd -literal -offset indent +$ sndiod -s default -c 2:3 -s rear +.Ed +.Pp +Start server creating the default sub-device with low volume and +an additional sub-device for high volume output, exposing the +.Pa snd/default +and +.Pa snd/max +devices: +.Bd -literal -offset indent +$ sndiod -v 65 -s default -v 127 -s max +.Ed +.Pp +Start server configuring the audio device to use +a 48kHz sample frequency, 240-frame block size, +and 2-block buffers. +The corresponding latency is 10ms, which is +the time it takes the sound to propagate 3.5 meters. +.Bd -literal -offset indent +$ sndiod -r 48000 -b 480 -z 240 +.Ed +.Sh SEE ALSO +.Xr sndio 7 +.Sh BUGS +Resampling is low quality; down-sampling especially should be avoided +when recording. +.Pp +If +.Fl a Ar off +is used, +.Nm +creates sub-devices to expose first +and then opens the audio hardware on demand. +Technically, this allows +.Nm +to attempt to use one of the sub-devices it exposes as an audio device, +creating a deadlock. +There's nothing to prevent the user +from shooting themselves in the foot by creating such a deadlock. diff --git a/static/openbsd/man8/snmpd.8 b/static/openbsd/man8/snmpd.8 new file mode 100644 index 00000000..8518a72e --- /dev/null +++ b/static/openbsd/man8/snmpd.8 @@ -0,0 +1,117 @@ +.\" $OpenBSD: snmpd.8,v 1.24 2023/03/02 17:09:54 jmc Exp $ +.\" +.\" Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2023 $ +.Dt SNMPD 8 +.Os +.Sh NAME +.Nm snmpd +.Nd Simple Network Management Protocol (SNMP) daemon +.Sh SYNOPSIS +.Nm snmpd +.Op Fl dNnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Sh DESCRIPTION +.Nm +is a daemon which implements the SNMP protocol. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize and log to +.Em stderr . +.It Fl f Ar file +Use +.Ar file +as the configuration file, instead of the default +.Pa /etc/snmpd.conf . +.It Fl N +Show numeric OID values instead of their symbolic names. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/usr/share/snmp/mibs/XXXX" -compact +.It Pa /etc/snmpd.conf +default +.Nm +configuration file +.It Pa /usr/share/snmp/mibs/* +.Nm +Management Information Base definitions +.El +.Sh SEE ALSO +.Xr snmp 1 , +.Xr snmpd.conf 5 +.Sh STANDARDS +.Rs +.%A U. Blumenthal +.%A B. Wijnen +.%D December 2002 +.%R RFC 3414 +.%T User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) +.Re +.Pp +.Rs +.%A R. Presuhn +.%D December 2002 +.%R RFC 3416 +.%T Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) +.Re +.Pp +.Rs +.%A R. Presuhn +.%D December 2002 +.%R RFC 3417 +.%T Transport Mappings for the Simple Network Management Protocol (SNMP) +.Re +.Pp +.Rs +.%A R. Presuhn +.%D December 2002 +.%R RFC 3418 +.%T Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) +.Re +.Pp +.Rs +.%A U. Blumenthal +.%D June 2004 +.%R RFC 3826 +.%T The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.3 . +.Sh AUTHORS +The +.Nm +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/static/openbsd/man8/snmpd_metrics.8 b/static/openbsd/man8/snmpd_metrics.8 new file mode 100644 index 00000000..80e14583 --- /dev/null +++ b/static/openbsd/man8/snmpd_metrics.8 @@ -0,0 +1,112 @@ +.\" $OpenBSD: snmpd_metrics.8,v 1.4 2022/10/23 06:12:06 jmc Exp $ +.\" +.\" Copyright (c) 2022 Martijn van Duren <martijn@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 23 2022 $ +.Dt SNMPD_METRICS 8 +.Os +.Sh NAME +.Nm snmpd_metrics +.Nd export snmpd MIB data +.Sh SYNOPSIS +.Nm +.Op Fl dv +.Op Fl C Ar option +.Op Fl c Ar context +.Op Fl s Ar path +.Sh DESCRIPTION +.Nm +exports the following +.Pq partial +MIBs via an AgentX compatible +.Pq snmp +daemon: +HOST-RESOURCES-MIB, IF-MIB, OPENBSD-PF-MIB, OPENBSD-SENSORS-MIB, +OPENBSD-CARP-MIB, OPENBSD-MEM-MIB, IP-MIB, IP-FORWARD-MIB, +UCD-DISKIO-MIB, and BRIDGE-MIB. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C Ar option +Enable MIB-specific options. +Currently only +.Ic filter-routes +is supported. +If set ask the kernel to filter route update messages on the routing socket. +Routing table information will not be available, but CPU use will be +reduced during bulk updates. +.It Fl c Ar context +The SNMPv3 context and can usually be omitted. +.It Fl d +Do not daemonize and log to +.Em stderr . +.It Fl s Ar path +Connect to the AgentX master via +.Ar path . +It defaults to +.Pa /var/agentx/master . +.It Fl v +Produce more verbose output. +.El +.Sh SEE ALSO +.Xr snmp 1 , +.Xr snmpd 8 +.Sh STANDARDS +.Rs +.%A P. Grillo +.%A WeSync.com +.%D March 2000 +.%R RFC 2790 +.%T Host Resources MIB +.Re +.Pp +.Rs +.%A K. McCloghrie +.%A Cisco Systems +.%A F. Kastenholz +.%A Argon Networks +.%D June 2000 +.%R RFC 2863 +.%T The Interfaces Group MIB +.Re +.Pp +.Rs +.%A S. Routhier, Ed. +.%D April 2006 +.%R RFC 4293 +.%T Management Information Base for the Internet Protocol (IP) +.Re +.Pp +.Rs +.%A B. Haberman +.%A Johns Hopkins University +.%D April 2006 +.%R RFC 4292 +.%T IP Forwarding Table MIB +.Re +.Pp +.Rs +.%A K. Norseth, Ed. +.%A L-3 Communications +.%A E. Bell, Ed. +.%A 3Com Europe Limited +.%D September 2005 +.%R RFC 4188 +.%T Definitions of Managed Objects for Bridges +.Re +.Sh AUTHORS +.An Martijn van Duren Aq Mt martijn@openbsd.org +.An Joel Knight Aq Mt joel@openbsd.org +.An Reyk Floeter Aq Mt reyk@openbsd.org diff --git a/static/openbsd/man8/spamd-setup.8 b/static/openbsd/man8/spamd-setup.8 new file mode 100644 index 00000000..4d9ec339 --- /dev/null +++ b/static/openbsd/man8/spamd-setup.8 @@ -0,0 +1,123 @@ +.\" $OpenBSD: spamd-setup.8,v 1.21 2016/03/31 15:54:17 schwarze Exp $ +.\" +.\" Copyright (c) 2003 Jason L. Wright (jason@thought.net) +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 31 2016 $ +.Dt SPAMD-SETUP 8 +.Os +.Sh NAME +.Nm spamd-setup +.Nd parse and load file of spammer addresses +.Sh SYNOPSIS +.Nm spamd-setup +.Op Fl bDdn +.Sh DESCRIPTION +The +.Nm +utility sends blacklist data to +.Xr spamd 8 , +as well as configuring mail rejection messages for +blacklist entries. +.Pp +When +.Nm +is run in blacklist only mode, +it also sends blacklist data to the +.Xr pf 4 +table +.Pf < Ar spamd Ns > . +The +.Pf < Ar spamd Ns > +table must then be used in conjunction with a +.Xr pf 4 +redirection rule to selectively redirect mail connections +to +.Xr spamd 8 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b +Blacklisting only mode. +Blacklist data is normally stored only in +.Xr spamd 8 . +With this flag, data is stored in both +.Xr spamd 8 +and +.Xr pf 4 . +Use this flag if +.Xr spamd 8 +is running with the +.Fl b +flag too. +.It Fl D +Daemonize; +run +.Nm +in the background. +.It Fl d +Debug mode reports a few pieces of information. +.It Fl n +Dry-run mode. +No data is shipped. +.El +.Pp +Lists are specified in the configuration file +.Pa /etc/mail/spamd.conf +and are processed in the order specified in the +.Ar all +tag. +Output is concatenated and sent to a running +.Xr spamd 8 . +Addresses are sent +along with the message spamd will give on mail rejection when a +matching client connects. +The configuration port for +.Xr spamd 8 +is found from +.Xr services 5 , +by looking for the named service +.Em spamd-cfg . +.Pp +.Nm +reads all configuration information from the +.Xr spamd.conf 5 +file. +.Sh FILES +.Pa /etc/mail/spamd.conf +.Sh SEE ALSO +.Xr pf.conf 5 , +.Xr services 5 , +.Xr spamd.conf 5 , +.Xr spamd 8 +.Sh BUGS +Blacklists removed from +.Pa /etc/mail/spamd.conf +are not automatically removed from the running +.Xr spamd 8 . +If an entry is removed from +.Pa /etc/mail/spamd.conf +that is currently in use, it is necessary to restart +.Xr spamd 8 . +This applies only to blacklists that are removed entirely, not those +that are simply modified. diff --git a/static/openbsd/man8/spamd.8 b/static/openbsd/man8/spamd.8 new file mode 100644 index 00000000..c7c75985 --- /dev/null +++ b/static/openbsd/man8/spamd.8 @@ -0,0 +1,609 @@ +.\" $OpenBSD: spamd.8,v 1.135 2019/07/24 18:41:05 mestre Exp $ +.\" +.\" Copyright (c) 2002 Theo de Raadt. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 24 2019 $ +.Dt SPAMD 8 +.Os +.Sh NAME +.Nm spamd +.Nd spam deferral daemon +.Sh SYNOPSIS +.Nm spamd +.Op Fl 45bdv +.Op Fl B Ar maxblack +.Op Fl C Ar file +.Op Fl c Ar maxcon +.Op Fl G Ar passtime : Ns Ar greyexp : Ns Ar whiteexp +.Op Fl h Ar hostname +.Op Fl K Ar file +.Op Fl l Ar address +.Op Fl M Ar address +.Op Fl n Ar name +.Op Fl p Ar port +.Op Fl S Ar secs +.Op Fl s Ar secs +.Op Fl w Ar window +.Op Fl Y Ar synctarget +.Op Fl y Ar synclisten +.Sh DESCRIPTION +.Nm +is a fake mail daemon which rejects false mail. +It is designed to be very efficient so that it does not slow down the +receiving machine. +.Pp +.Nm +considers sending hosts to be of three types: +.Pp +.Em blacklisted +hosts are diverted to +.Nm +and +.Em tarpitted +i.e. they are communicated with very slowly +to consume the sender's resources. +Mail is rejected with either a 450 or 550 error message. +A blacklisted host will not be allowed to talk to a real mail server. +.Pp +.Em whitelisted +hosts do not talk to +.Nm . +Their connections are instead sent to a real mail server, +such as +.Xr smtpd 8 . +.Pp +.Em greylisted +hosts are diverted to +.Nm , +but +.Nm +has not yet decided if they are likely spammers. +They are given a temporary failure message by +.Nm +when they try to deliver mail. +.Pp +When +.Nm +is run in default mode, +it will greylist connections from new hosts. +Depending on its configuration, +it may choose to blacklist the host or, +if the checks described below are met, +eventually whitelist it. +When +.Nm +is run in blacklist-only mode, +using the +.Fl b +flag, +it will consult a pre-defined set of blacklist addresses +to decide whether to tarpit the host or not. +.Pp +When a sending host talks to +.Nm , +the reply will be +.Em stuttered . +That is, +the response will be sent back a character at a time, slowly. +For blacklisted hosts, +the entire dialogue is stuttered. +For greylisted hosts, +the default is to stutter for the first 10 seconds +of dialogue only. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +For blacklisted entries, return error code 450 to the spammer (default). +.It Fl 5 +For blacklisted entries, return error code 550 to the spammer. +.It Fl B Ar maxblack +The maximum number of concurrent blacklisted connections to stutter at. +This value may not be greater than maxcon (see below). +The default is +.Ar maxcon +\- 100. +When this value is exceeded, new blacklisted connections will not be +stuttered at. +.It Fl b +Run in blacklist-only mode. +.It Fl C Ar file +Load the certificate for TLS from the given +.Ar file . +.It Fl c Ar maxcon +The maximum number of concurrent connections to allow. +.Ar maxcon +may not exceed +.Va kern.maxfiles +\- 200, and defaults to 800. +.It Fl d +Debug mode. +.Nm +does not +.Xr fork 2 +into the background. +.It Xo +.Fl G +.Ar passtime : Ns Ar greyexp : Ns Ar whiteexp +.Xc +Adjust the three time parameters for greylisting. +.Ar passtime +defaults to 25 (minutes), +.Ar greyexp +to 4 (hours), +and +.Ar whiteexp +to 864 (hours, approximately 36 days). +.It Fl h Ar hostname +The hostname that is reported in the SMTP banner. +.It Fl K Ar file +Load the private key for TLS from the given +.Ar file . +.It Fl l Ar address +Specify the local address to which +.Nm +is to +.Xr bind 2 . +By default +.Nm +listens on the localhost address 127.0.0.1. +.It Fl M Ar address +Specify a local IP address which is listed as a low priority MX record, +used to identify and trap hosts that connect to MX hosts out of order. +See +.Sx GREYTRAPPING +below for details. +.It Fl n Ar name +The SMTP version banner that is reported upon initial connection. +.It Fl p Ar port +Specify a different port number from the default port that +.Nm +should listen for diverted SMTP connections on. +The default port is found by looking for the named service +.Dq spamd +using +.Xr getservbyname 3 . +.It Fl S Ar secs +Stutter at greylisted connections for the specified amount +of seconds, after which the connection is not stuttered at. +The default is 10; maximum is 90. +.It Fl s Ar secs +Delay each character sent to the client by the specified +amount of seconds. +The default is 1; maximum is 10. +.It Fl v +Enable verbose logging. +By default +.Nm +logs connections, disconnections and blacklist matches to +.Xr syslogd 8 +at +.Dv LOG_INFO +level. +With verbose logging enabled, message detail +including subject and recipient information is logged at +.Dv LOG_INFO , +along with the message body and SMTP dialogue being logged at +.Dv LOG_DEBUG +level. +.It Fl w Ar window +Set the socket receive buffer to this many bytes, adjusting the window size. +.It Fl Y Ar synctarget +Add target +.Ar synctarget +to receive synchronisation messages. +.Ar synctarget +can be either an IPv4 address for unicast messages +or a network interface and optional TTL value for multicast messages +to the group 224.0.1.240. +If the multicast TTL is not specified, a default value of 1 is used. +This option can be specified multiple times. +See also +.Sx SYNCHRONISATION +below. +.It Fl y Ar synclisten +Listen on +.Ar synclisten +network interface for incoming synchronisation messages. +This option can be specified only once. +See also +.Sx SYNCHRONISATION +below. +.El +.Pp +When run in default mode, +connections receive the pleasantly innocuous temporary failure of: +.Bd -literal -offset 4n +451 Temporary failure, please try again later. +.Ed +.Pp +This happens in the SMTP dialogue +immediately after the DATA command is received from the client. +.Nm +will use the db file in +.Pa /var/db/spamd +to track these connections to +.Nm +by connecting IP address, HELO/EHLO, envelope-from, and envelope-to, or +.Em tuple +for short. +Hosts which connect but do not attempt to deliver mail +will not generate a tuple and always be ignored. +.Pp +A previously unseen tuple is added to the +.Pa /var/db/spamd +database, recording the time an initial connection attempt was seen. +After +.Em passtime +minutes if +.Nm +sees a retried attempt to deliver mail for the same tuple, +.Nm +will whitelist the connecting address by adding it as a +whitelist entry to +.Pa /var/db/spamd . +.Pp +.Nm +regularly scans the +.Pa /var/db/spamd +database and configures all whitelist addresses as the +.Xr pf 4 +<spamd-white> +table, +allowing connections to pass to the real MTA. +Any addresses not found in +<spamd-white> +are diverted to +.Nm . +.Pp +An example +.Xr pf.conf 5 +fragment is given below. +In the example, the file +.Pa /etc/mail/nospamd +contains addresses of hosts who should be passed directly +to the SMTP agent (thus bypassing +.Nm ) . +.Bd -literal -offset 4n +table <spamd-white> persist +table <nospamd> persist file "/etc/mail/nospamd" +pass in on egress proto tcp to any port smtp \e + divert-to 127.0.0.1 port spamd +pass in on egress proto tcp from <nospamd> to any port smtp +pass in log on egress proto tcp from <spamd-white> to any port smtp +pass out log on egress proto tcp to any port smtp +.Ed +.Pp +.Nm +removes tuple entries from the +.Pa /var/db/spamd +database if delivery has not been retried within +.Em greyexp +hours from the initial time a connection is seen. +The default is 4 hours as this is the most common setting after which +MTAs will give up attempting to retry delivery of a message. +.Pp +.Nm +removes whitelist entries from the +.Pa /var/db/spamd +database if no mail delivery activity has been seen from the +whitelisted address by +.Xr spamlogd 8 +within +.Em whiteexp +hours from the initial time an address +is whitelisted. +The default is 36 days to allow for the delivery of +monthly mailing list digests without greylist delays every time. +.Pp +.Xr spamd-setup 8 +should be run periodically by +.Xr cron 8 +to update the blacklists configured in +.Xr spamd.conf 5 . +Use +.Xr crontab 1 +to uncomment the entry in root's crontab. +When run in blacklist-only mode, +the +.Fl b +flag should be specified. +.Pp +.Xr spamlogd 8 +should be used to update the whitelist entries in +.Pa /var/db/spamd +when connections are seen to pass to the real MTA on the +.Em smtp +port. +.Pp +.Xr spamdb 8 +can be used to examine and alter the contents of +.Pa /var/db/spamd . +See +.Xr spamdb 8 +for further information. +.Pp +.Nm +sends log messages to +.Xr syslogd 8 +using +.Em facility +daemon and, with increasing verbosity, +.Em level +err, warn, info, and debug. +The following +.Xr syslog.conf 5 +section can be used to log connection details to a dedicated file: +.Bd -literal -offset indent +!spamd +daemon.info /var/log/spamd +.Ed +.Pp +A typical entry shows the time of the connection and +the IP address of the connecting host. +When a host connects, +the total number of active connections and +the number of connections from blacklisted hosts is shown +.Pq connected (xx/xx) . +When a host disconnects, +the amount of time spent talking to +.Nm +is shown. +.Sh GREYTRAPPING +When running +.Nm +in default mode, +it may be useful to define +.Em spamtrap +destination addresses to catch spammers as they send mail from greylisted +hosts. +Such spamtrap addresses affect only greylisted connections to +.Nm +and are used to temporarily blacklist a host that is obviously sending spam. +Unused email addresses or email addresses on spammers' lists are very +useful for this. +When a host that is currently greylisted attempts to send mail to a +spamtrap address, +it is blacklisted for 24 hours by adding the host to the +.Nm +blacklist +<spamd-greytrap>. +Spamtrap addresses are added to the +.Pa /var/db/spamd +database with the following +.Xr spamdb 8 +command: +.Pp +.Dl # spamdb -T -a 'spamtrap@mydomain.org' +.Pp +See +.Xr spamdb 8 +for further details. +.Pp +The file +.Pa /etc/mail/spamd.alloweddomains +can be used to specify a list of domainname suffixes, one per line, one of +which must match each destination email address in the greylist. +Any destination address which does not match one of the suffixes listed in +.Pa spamd.alloweddomains +will be trapped, exactly as if it were sent to a spamtrap address. +Comment lines beginning with +.Sq # +and empty lines are ignored. +.Pp +For example, if +.Pa spamd.alloweddomains +contains: +.Bd -literal -offset indent +@humpingforjesus.com +obtuse.com +.Ed +.Pp +The following destination addresses +.Em would not +cause the sending host to be trapped: +.Bd -literal -offset indent +beardedclams@humpingforjesus.com +beck@obtuse.com +beck@snouts.obtuse.com +.Ed +.Pp +However the following addresses +.Em would +cause the sending host to be trapped: +.Bd -literal -offset indent +peter@apostles.humpingforjesus.com +bigbutts@bofh.ucs.ualberta.ca +.Ed +.Pp +A low priority MX IP address may be specified with the +.Fl M +option. +When +.Nm +has such an address specified, no host may enter new greylist +tuples when connecting to this address; only existing entries +may be updated. +Any host attempting to make new deliveries to +the low priority MX for which a tuple has not previously +been seen will be trapped. +.Pp +Note that it is important to ensure that a host running +.Nm +with the low priority MX address active must see all the greylist +changes for a higher priority MX host for the same domains. +This is best done by the host itself receiving the connections to +the higher priority MX on another IP address (which may be an IP alias). +This will ensure that hosts are not trapped erroneously if the higher +priority MX is unavailable. +For example, on a host which is an existing MX record for a domain of +value 10, a second IP address with MX of value 99 (a higher number, and +therefore lower priority) would ensure that any RFC conformant client +would attempt delivery to the IP address with the MX value of 10 +first, and should not attempt to deliver to the address with MX value 99. +.Sh BLACKLIST-ONLY MODE +When running in default mode, the +.Xr pf.conf 5 +rules described above are sufficient. +However when running in blacklist-only mode, +a slightly modified +.Xr pf.conf 5 +ruleset is required, +diverting any addresses found in the <spamd> table to +.Nm . +Any other addresses +are passed to the real MTA. +.Bd -literal -offset 4n +table <spamd> persist +pass in on egress inet proto tcp from <spamd> to any port smtp \e + divert-to 127.0.0.1 port spamd +.Ed +.Pp +Addresses can be loaded into the +.Em table , +like: +.Bd -literal -offset 4n +# pfctl -q -t spamd -T replace -f /usr/local/share/spammers +.Ed +.Pp +.Xr spamd-setup 8 +can also be used to load addresses into the <spamd> table. +It has the added benefit of being able to remove addresses from +blacklists, and will connect to +.Nm +over a localhost socket, giving +.Nm +information about each source of blacklist addresses, as well as custom +rejection messages for each blacklist source +that can be used to let any real person whose mail +is deferred by +.Nm +know why their address has been listed +from sending mail. +This is important as it allows legitimate mail +senders to pressure spam sources into behaving properly so that they +may be removed from the relevant blacklists. +.Sh CONFIGURATION CONNECTIONS +.Nm +listens for configuration connections on the port identified by the +named service +.Dq spamd-cfg +(see +.Xr services 5 ) . +The configuration socket listens only on the INADDR_LOOPBACK +address. +Configuration of spamd is done by connecting to the configuration +socket, and sending blacklist information, one blacklist per line. +Each blacklist consists of a name, a message to reject mail +with, and addresses in CIDR format, all separated by semicolons (;): +.Bd -literal -offset indent +tag;"rejection message";aaa.bbb.ccc.ddd/mm;aaa.bbb.ccc.ddd/mm +.Ed +.Pp +The rejection message must be inside double quotes. +A \e" will produce a double quote in the output. +\en will produce a newline. +%A will expand to the connecting IP address in dotted quad format. +%% may be used to produce a single % in the output. +\e\e will produce a single \e. +.Nm +will reject mail by displaying all the messages from all blacklists in which +a connecting address is matched. +.Xr spamd-setup 8 +is normally used to configure this information. +.Sh SYNCHRONISATION +.Nm +supports realtime synchronisation of spamd databases between +a number of spamd +daemons running on multiple machines, +using the +.Fl Y +and +.Fl y +options. +The databases are synchronised for greylisted and trapped entries; +whitelisted entries and entries made manually using +.Xr spamdb 8 +are not updated. +.Pp +The following example will accept incoming multicast and unicast +synchronisation messages, and send outgoing multicast messages through +the network interface +.Ar em0 : +.Bd -literal -offset indent +# /usr/libexec/spamd -y em0 -Y em0 +.Ed +.Pp +The second example will increase the multicast TTL to a value of 2, +add the unicast targets +.Ar foo.somewhere.org +and +.Ar bar.somewhere.org , +and accept incoming unicast messages received on +.Ar bge0 +only. +.Bd -literal -offset indent +# /usr/libexec/spamd -y bge0 -Y em0:2 \e + -Y foo.somewhere.org -Y bar.somewhere.org +.Ed +.Pp +If the file +.Pa /etc/mail/spamd.key +exists, +.Nm +will calculate the message-digest fingerprint (checksum) for the file +and use it as a shared key to authenticate the synchronisation messages. +The file itself can contain any data. +For example, to create a secure random key: +.Bd -literal -offset indent +# dd if=/dev/random of=/etc/mail/spamd.key bs=2048 count=1 +.Ed +.Pp +The file needs to be copied to all hosts +sending or receiving synchronisation messages. +.Sh FILES +.Bl -tag -width "/etc/mail/spamd.alloweddomainsXX" -compact +.It Pa /etc/mail/spamd.alloweddomains +Required suffixes for greytrapping. +.It Pa /etc/mail/spamd.conf +Default configuration file. +.It Pa /etc/mail/spamd.key +Authentication key for synchronisation messages. +.It Pa /var/db/spamd +Greylisting database. +.El +.Sh SEE ALSO +.Xr pf.conf 5 , +.Xr services 5 , +.Xr spamd.conf 5 , +.Xr syslog.conf 5 , +.Xr pfctl 8 , +.Xr spamd-setup 8 , +.Xr spamdb 8 , +.Xr spamlogd 8 , +.Xr syslogd 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 3.3 . diff --git a/static/openbsd/man8/spamdb.8 b/static/openbsd/man8/spamdb.8 new file mode 100644 index 00000000..3d622cd3 --- /dev/null +++ b/static/openbsd/man8/spamdb.8 @@ -0,0 +1,190 @@ +.\" $OpenBSD: spamdb.8,v 1.20 2017/10/29 19:11:34 millert Exp $ +.\" +.\" Copyright (c) 2004 Bob Beck. All rights reserved. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 29 2017 $ +.Dt SPAMDB 8 +.Os +.Sh NAME +.Nm spamdb +.Nd spamd database tool +.Sh SYNOPSIS +.Nm spamdb +.Op Fl adGTt +.Op Ar keys ... +.Sh DESCRIPTION +.Nm +manipulates the spamd database in +.Pa /var/db/spamd +used for +.Xr spamd 8 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Add or update the entries for +.Ar keys . +This can be used to whitelist one or more IP addresses +(i.e. circumvent the greylisting process altogether) +by adding all IP addresses as keys to the spamd database for WHITE entries. +If any +.Ar keys +specified match entries already in the spamd database, +.Nm +updates the entry's time last seen to now. +.It Fl d +Delete entries for +.Ar keys . +.It Fl G +Delete the keys as GREY entries. +See the GREYTRAPPING section of +.Xr spamd 8 +for more information. +Must be used in conjunction with the +.Fl d +option. +.It Fl T +Add or delete the keys as SPAMTRAP entries. +See the GREYTRAPPING section of +.Xr spamd 8 +for more information. +Must be used in conjunction with the +.Fl a +or +.Fl d +option. +.It Fl t +Add or delete the keys as TRAPPED entries. +See the GREYTRAPPING section of +.Xr spamd 8 +for more information. +Must be used in conjunction with the +.Fl a +or +.Fl d +option. +.El +.Pp +If adding or deleting a SPAMTRAP address +.Pq Fl T , +.Ar keys +should be specified as email addresses: +.Pp +.Dl spamtrap@mydomain.org +.Pp +Otherwise +.Ar keys +must be numerical IP addresses. +.Ss DATABASE OUTPUT FORMAT +If invoked without any options, +.Nm +lists the contents of the database in a text format. +If one or more +.Ar keys +are specified, only matching entries will be printed. +.Pp +For SPAMTRAP entries the format is: +.Pp +.Dl type|mailaddress +.Pp +where +.Em type +will be SPAMTRAP and +.Em mailaddress +will be the email address for which any connections received by +.Xr spamd 8 +will be blacklisted if mail is sent to this address. +.Pp +For TRAPPED entries the format is: +.Pp +.Dl type|ip|expire +.Pp +where +.Em type +will be TRAPPED, +.Em IP +will be the IP address blacklisted due to hitting a spamtrap, and +.Em expire +will be when the IP is due to be removed from the blacklist. +.Pp +For GREY entries, the format is: +.Pp +.Dl type|source IP|helo|from|to|first|pass|expire|block|pass +.Pp +For WHITE entries, the format is: +.Pp +.Dl type|source IP|||first|pass|expire|block|pass +.Pp +The fields are as follows: +.Pp +.Bl -tag -width "source IP" -offset indent -compact +.It type +.Em WHITE +if whitelisted or +.Em GREY +if greylisted +.It source IP +IP address the connection originated from +.It helo +what the connecting host sent as identification in the HELO/EHLO command in the +SMTP dialogue +.It from +envelope-from address for +.Em GREY +(empty for +.Em WHITE +entries) +.It to +envelope-to address for +.Em GREY +(empty for +.Em WHITE +entries) +.It first +time the entry was first seen +.It pass +time the entry passed from being +.Em GREY +to being +.Em WHITE +.It expire +time the entry will expire and be removed from the database +.It block +number of times a corresponding connection received a temporary +failure from +.Xr spamd 8 +.It pass +number of times a corresponding connection has been seen to pass +to the real MTA by +.Xr spamlogd 8 +.El +.Pp +Note that times are in seconds since the Epoch, in the manner returned by +.Xr time 3 . +Times may be converted to human readable format using: +.Pp +.Dl $ date -r <value> +.Sh FILES +.Pa /var/db/spamd +.Sh SEE ALSO +.Xr spamd.conf 5 , +.Xr spamd 8 , +.Xr spamd-setup 8 +.Sh HISTORY +The +.Nm +command +appeared in +.Ox 3.5 . diff --git a/static/openbsd/man8/spamlogd.8 b/static/openbsd/man8/spamlogd.8 new file mode 100644 index 00000000..236945e1 --- /dev/null +++ b/static/openbsd/man8/spamlogd.8 @@ -0,0 +1,140 @@ +.\" $OpenBSD: spamlogd.8,v 1.18 2013/09/15 20:02:34 schwarze Exp $ +.\" +.\" Copyright (c) 2004 Bob Beck. All rights reserved. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 15 2013 $ +.Dt SPAMLOGD 8 +.Os +.Sh NAME +.Nm spamlogd +.Nd spamd whitelist updating daemon +.Sh SYNOPSIS +.Nm spamlogd +.Op Fl DI +.Op Fl i Ar interface +.Op Fl l Ar pflog_interface +.Op Fl W Ar whiteexp +.Op Fl Y Ar synctarget +.Sh DESCRIPTION +.Nm +manipulates the +.Xr spamd 8 +database in +.Pa /var/db/spamd +used for greylisting. +.Nm +updates the +.Pa /var/db/spamd +whitelist entries whenever a connection +to port 25 is logged to the +.Xr pflog 4 +interface. +The source addresses of inbound connections are whitelisted +when seen by +.Nm +to ensure that their entries in +.Pa /var/db/spamd +do not expire if the connecting host continues to send legitimate mail. +The destination addresses of outbound connections are whitelisted +when seen by +.Nm +so that replies to outbound mail may be received without initial +greylisting delays. +Greylisting is explained more fully in +.Xr spamd 8 . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D +Debugging mode. +.Nm +does not disassociate from the controlling terminal. +.It Fl I +Specify that +.Nm +is only to whitelist inbound SMTP connections. +By default +.Nm +will whitelist the source of inbound SMTP connections, and the +target of outbound SMTP connections. +.It Fl i Ar interface +Specify a network interface on which packets must arrive. +The default is to watch for connections logged from all interfaces. +.It Fl l Ar pflog_interface +Specify a +.Xr pflog 4 +interface to listen for connection notifications. +The default is to watch for connections logged on +.Dq pflog0 . +.It Fl W Ar whiteexp +Adjust the time for +.Ar whiteexp +in hours. +The default is 864 hours (approximately 36 days); maximum is 2160 hours +(approximately 90 days). +.It Fl Y Ar synctarget +Add a target to receive synchronisation messages; see +.Sx SYNCHRONISATION +below. +This option can be specified multiple times. +.El +.Pp +It is important to log any connections to and from the real +MTA in order for +.Nm +to update the whitelist entries. +See +.Xr spamd 8 +for an example ruleset for logging such connections. +.Pp +.Nm +sends log messages to +.Xr syslogd 8 +using facility +.Em daemon . +.Nm +will log each connection it sees at level +.Dv LOG_DEBUG . +.Sh SYNCHRONISATION +.Nm +supports realtime synchronisation of whitelist states by sending +the information it updates to +a number of +.Xr spamd 8 +daemons running on multiple machines. +To enable synchronisation, use the command line option +.Fl Y +to specify the machines to which +.Nm +will send messages when it updates the state information. +For more information, see +.Xr spamd 8 . +.Sh FILES +.Pa /var/db/spamd +.Sh SEE ALSO +.Xr syslog 3 , +.Xr pflog 4 , +.Xr spamd.conf 5 , +.Xr pflogd 8 , +.Xr spamd 8 , +.Xr spamd-setup 8 , +.Xr spamdb 8 , +.Xr syslogd 8 , +.Xr tcpdump 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 3.5 . diff --git a/static/openbsd/man8/ssh-keysign.8 b/static/openbsd/man8/ssh-keysign.8 new file mode 100644 index 00000000..3b4d35b0 --- /dev/null +++ b/static/openbsd/man8/ssh-keysign.8 @@ -0,0 +1,91 @@ +.\" $OpenBSD: ssh-keysign.8,v 1.18 2024/06/17 08:30:29 djm Exp $ +.\" +.\" Copyright (c) 2002 Markus Friedl. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 17 2024 $ +.Dt SSH-KEYSIGN 8 +.Os +.Sh NAME +.Nm ssh-keysign +.Nd OpenSSH helper for host-based authentication +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +.Nm +is used by +.Xr ssh 1 +to access the local host keys and generate the digital signature +required during host-based authentication. +.Pp +.Nm +is disabled by default and can only be enabled in the +global client configuration file +.Pa /etc/ssh/ssh_config +by setting +.Cm EnableSSHKeysign +to +.Dq yes . +.Pp +.Nm +is not intended to be invoked by the user, but from +.Xr ssh 1 . +See +.Xr ssh 1 +and +.Xr sshd 8 +for more information about host-based authentication. +.Sh FILES +.Bl -tag -width Ds -compact +.It Pa /etc/ssh/ssh_config +Controls whether +.Nm +is enabled. +.Pp +.It Pa /etc/ssh/ssh_host_ecdsa_key +.It Pa /etc/ssh/ssh_host_ed25519_key +.It Pa /etc/ssh/ssh_host_rsa_key +These files contain the private parts of the host keys used to +generate the digital signature. +They should be owned by root, readable only by root, and not +accessible to others. +Since they are readable only by root, +.Nm +must be set-uid root if host-based authentication is used. +.Pp +.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub +.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub +.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub +If these files exist, they are assumed to contain public certificate +information corresponding with the private keys above. +.El +.Sh SEE ALSO +.Xr ssh 1 , +.Xr ssh-keygen 1 , +.Xr ssh_config 5 , +.Xr sshd 8 +.Sh HISTORY +.Nm +first appeared in +.Ox 3.2 . +.Sh AUTHORS +.An Markus Friedl Aq Mt markus@openbsd.org diff --git a/static/openbsd/man8/ssh-pkcs11-helper.8 b/static/openbsd/man8/ssh-pkcs11-helper.8 new file mode 100644 index 00000000..5edc9850 --- /dev/null +++ b/static/openbsd/man8/ssh-pkcs11-helper.8 @@ -0,0 +1,71 @@ +.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.7 2022/04/29 03:24:30 djm Exp $ +.\" +.\" Copyright (c) 2010 Markus Friedl. All rights reserved. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 29 2022 $ +.Dt SSH-PKCS11-HELPER 8 +.Os +.Sh NAME +.Nm ssh-pkcs11-helper +.Nd OpenSSH helper for PKCS#11 support +.Sh SYNOPSIS +.Nm +.Op Fl v +.Sh DESCRIPTION +.Nm +is used by +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 +to access keys provided by a PKCS#11 token. +.Pp +.Nm +is not intended to be invoked directly by the user. +.Pp +A single option is supported: +.Bl -tag -width Ds +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +This is helpful in debugging problems. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. +.Pp +Note that +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 +will automatically pass the +.Fl v +flag to +.Nm +when they have themselves been placed in debug mode. +.El +.Sh SEE ALSO +.Xr ssh 1 , +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 +.Sh HISTORY +.Nm +first appeared in +.Ox 4.7 . +.Sh AUTHORS +.An Markus Friedl Aq Mt markus@openbsd.org diff --git a/static/openbsd/man8/ssh-sk-helper.8 b/static/openbsd/man8/ssh-sk-helper.8 new file mode 100644 index 00000000..e9b2ae12 --- /dev/null +++ b/static/openbsd/man8/ssh-sk-helper.8 @@ -0,0 +1,71 @@ +.\" $OpenBSD: ssh-sk-helper.8,v 1.4 2022/04/29 03:24:30 djm Exp $ +.\" +.\" Copyright (c) 2010 Markus Friedl. All rights reserved. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 29 2022 $ +.Dt SSH-SK-HELPER 8 +.Os +.Sh NAME +.Nm ssh-sk-helper +.Nd OpenSSH helper for FIDO authenticator support +.Sh SYNOPSIS +.Nm +.Op Fl v +.Sh DESCRIPTION +.Nm +is used by +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 +to access keys provided by a FIDO authenticator. +.Pp +.Nm +is not intended to be invoked directly by the user. +.Pp +A single option is supported: +.Bl -tag -width Ds +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +This is helpful in debugging problems. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. +.Pp +Note that +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 +will automatically pass the +.Fl v +flag to +.Nm +when they have themselves been placed in debug mode. +.El +.Sh SEE ALSO +.Xr ssh 1 , +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 +.Sh HISTORY +.Nm +first appeared in +.Ox 6.7 . +.Sh AUTHORS +.An Damien Miller Aq Mt djm@openbsd.org diff --git a/static/openbsd/man8/sshd.8 b/static/openbsd/man8/sshd.8 new file mode 100644 index 00000000..e2245c96 --- /dev/null +++ b/static/openbsd/man8/sshd.8 @@ -0,0 +1,1018 @@ +.\" +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +.\" All rights reserved +.\" +.\" As far as I am concerned, the code I have written for this software +.\" can be used freely for any purpose. Any derived versions of this +.\" software must be clearly marked as such, and if the derived work is +.\" incompatible with the protocol description in the RFC file, it must be +.\" called by a name other than "ssh" or "Secure Shell". +.\" +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $OpenBSD: sshd.8,v 1.328 2025/10/04 21:41:35 naddy Exp $ +.Dd $Mdocdate: October 4 2025 $ +.Dt SSHD 8 +.Os +.Sh NAME +.Nm sshd +.Nd OpenSSH daemon +.Sh SYNOPSIS +.Nm sshd +.Bk -words +.Op Fl 46DdeGiqTtV +.Op Fl C Ar connection_spec +.Op Fl c Ar host_certificate_file +.Op Fl E Ar log_file +.Op Fl f Ar config_file +.Op Fl g Ar login_grace_time +.Op Fl h Ar host_key_file +.Op Fl o Ar option +.Op Fl p Ar port +.Op Fl u Ar len +.Ek +.Sh DESCRIPTION +.Nm +(OpenSSH Daemon) is the daemon program for +.Xr ssh 1 . +It provides secure encrypted communications between two untrusted hosts +over an insecure network. +.Pp +.Nm +listens for connections from clients. +It is normally started at boot from +.Pa /etc/rc . +It forks a new +daemon for each incoming connection. +The forked daemons handle +key exchange, encryption, authentication, command execution, +and data exchange. +.Pp +.Nm +can be configured using command-line options or a configuration file +(by default +.Xr sshd_config 5 ) ; +command-line options override values specified in the +configuration file. +.Nm +rereads its configuration file when it receives a hangup signal, +.Dv SIGHUP , +by executing itself with the name and options it was started with, e.g.\& +.Pa /usr/sbin/sshd . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl C Ar connection_spec +Specify the connection parameters to use for the +.Fl T +extended test mode. +If provided, any +.Cm Match +directives in the configuration file that would apply are applied before the +configuration is written to standard output. +The connection parameters are supplied as keyword=value pairs and may be +supplied in any order, either with multiple +.Fl C +options or as a comma-separated list. +The keywords are +.Dq addr , +.Dq user , +.Dq host , +.Dq laddr , +.Dq lport , +and +.Dq rdomain +and correspond to source address, user, resolved source host name, +local address, local port number and routing domain respectively. +Additionally the +.Dq invalid-user +flag (which does not take a value argument) may be specified to simulate +a connection from an unrecognised username. +.It Fl c Ar host_certificate_file +Specifies a path to a certificate file to identify +.Nm +during key exchange. +The certificate file must match a host key file specified using the +.Fl h +option or the +.Cm HostKey +configuration directive. +.It Fl D +When this option is specified, +.Nm +will not detach and does not become a daemon. +This allows easy monitoring of +.Nm sshd . +.It Fl d +Debug mode. +The server sends verbose debug output to standard error, +and does not put itself in the background. +The server also will not +.Xr fork 2 +and will only process one connection. +This option is only intended for debugging for the server. +Multiple +.Fl d +options increase the debugging level. +Maximum is 3. +.It Fl E Ar log_file +Append debug logs to +.Ar log_file +instead of the system log. +.It Fl e +Write debug logs to standard error instead of the system log. +.It Fl f Ar config_file +Specifies the name of the configuration file. +The default is +.Pa /etc/ssh/sshd_config . +.Nm +refuses to start if there is no configuration file. +.It Fl G +Parse and print configuration file. +Check the validity of the configuration file, output the effective configuration +to stdout and then exit. +Optionally, +.Cm Match +rules may be applied by specifying the connection parameters using one or more +.Fl C +options. +.It Fl g Ar login_grace_time +Gives the grace time for clients to authenticate themselves (default +120 seconds). +If the client fails to authenticate the user within +this many seconds, the server disconnects and exits. +A value of zero indicates no limit. +.It Fl h Ar host_key_file +Specifies a file from which a host key is read. +This option must be given if +.Nm +is not run as root (as the normal +host key files are normally not readable by anyone but root). +The default is +.Pa /etc/ssh/ssh_host_ecdsa_key , +.Pa /etc/ssh/ssh_host_ed25519_key +and +.Pa /etc/ssh/ssh_host_rsa_key . +It is possible to have multiple host key files for +the different host key algorithms. +.It Fl i +Specifies that +.Nm +is being run from +.Xr inetd 8 . +.It Fl o Ar option +Can be used to give options in the format used in the configuration file. +This is useful for specifying options for which there is no separate +command-line flag. +For full details of the options, and their values, see +.Xr sshd_config 5 . +.It Fl p Ar port +Specifies the port on which the server listens for connections +(default 22). +Multiple port options are permitted. +Ports specified in the configuration file with the +.Cm Port +option are ignored when a command-line port is specified. +Ports specified using the +.Cm ListenAddress +option override command-line ports. +.It Fl q +Quiet mode. +Nothing is sent to the system log. +Normally the beginning, +authentication, and termination of each connection is logged. +.It Fl T +Extended test mode. +Check the validity of the configuration file, output the effective configuration +to stdout and then exit. +Optionally, +.Cm Match +rules may be applied by specifying the connection parameters using one or more +.Fl C +options. +This is similar to the +.Fl G +flag, but it includes the additional testing performed by the +.Fl t +flag. +.It Fl t +Test mode. +Only check the validity of the configuration file and sanity of the keys. +This is useful for updating +.Nm +reliably as configuration options may change. +.It Fl u Ar len +This option is used to specify the size of the field +in the +.Vt utmp +structure that holds the remote host name. +If the resolved host name is longer than +.Ar len , +the dotted decimal value will be used instead. +This allows hosts with very long host names that +overflow this field to still be uniquely identified. +Specifying +.Fl u0 +indicates that only dotted decimal addresses +should be put into the +.Pa utmp +file. +.Fl u0 +may also be used to prevent +.Nm +from making DNS requests unless the authentication +mechanism or configuration requires it. +Authentication mechanisms that may require DNS include +.Cm HostbasedAuthentication +and using a +.Cm from="pattern-list" +option in a key file. +Configuration options that require DNS include using a +USER@HOST pattern in +.Cm AllowUsers +or +.Cm DenyUsers . +.It Fl V +Display the version number and exit. +.El +.Sh AUTHENTICATION +The OpenSSH SSH daemon supports SSH protocol 2 only. +Each host has a host-specific key, +used to identify the host. +Whenever a client connects, the daemon responds with its public +host key. +The client compares the +host key against its own database to verify that it has not changed. +Forward secrecy is provided through a Diffie-Hellman key agreement. +This key agreement results in a shared session key. +The rest of the session is encrypted using a symmetric cipher. +The client selects the encryption algorithm +to use from those offered by the server. +Additionally, session integrity is provided +through a cryptographic message authentication code (MAC). +.Pp +Finally, the server and the client enter an authentication dialog. +The client tries to authenticate itself using +host-based authentication, +public key authentication, +challenge-response authentication, +or password authentication. +.Pp +If the client successfully authenticates itself, a dialog for +preparing the session is entered. +At this time the client may request +things like allocating a pseudo-tty, forwarding X11 connections, +forwarding TCP connections, or forwarding the authentication agent +connection over the secure channel. +.Pp +After this, the client either requests an interactive shell or execution +of a non-interactive command, which +.Nm +will execute via the user's shell using its +.Fl c +option. +The sides then enter session mode. +In this mode, either side may send +data at any time, and such data is forwarded to/from the shell or +command on the server side, and the user terminal in the client side. +.Pp +When the user program terminates and all forwarded X11 and other +connections have been closed, the server sends command exit status to +the client, and both sides exit. +.Sh LOGIN PROCESS +When a user successfully logs in, +.Nm +does the following: +.Bl -enum -offset indent +.It +If the login is on a tty, and no command has been specified, +prints last login time and +.Pa /etc/motd +(unless prevented in the configuration file or by +.Pa ~/.hushlogin ; +see the +.Sx FILES +section). +.It +If the login is on a tty, records login time. +.It +Checks +.Pa /etc/nologin ; +if it exists, prints contents and quits +(unless root). +.It +Changes to run with normal user privileges. +.It +Sets up basic environment. +.It +Reads the file +.Pa ~/.ssh/environment , +if it exists, and users are allowed to change their environment. +See the +.Cm PermitUserEnvironment +option in +.Xr sshd_config 5 . +.It +Changes to user's home directory. +.It +If +.Pa ~/.ssh/rc +exists and the +.Xr sshd_config 5 +.Cm PermitUserRC +option is set, runs it; else if +.Pa /etc/ssh/sshrc +exists, runs +it; otherwise runs +.Xr xauth 1 . +The +.Dq rc +files are given the X11 +authentication protocol and cookie in standard input. +See +.Sx SSHRC , +below. +.It +Runs user's shell or command. +All commands are run under the user's login shell as specified in the +system password database. +.El +.Sh SSHRC +If the file +.Pa ~/.ssh/rc +exists, +.Xr sh 1 +runs it after reading the +environment files but before starting the user's shell or command. +It must not produce any output on stdout; stderr must be used +instead. +If X11 forwarding is in use, it will receive the "proto cookie" pair in +its standard input (and +.Ev DISPLAY +in its environment). +The script must call +.Xr xauth 1 +because +.Nm +will not run xauth automatically to add X11 cookies. +.Pp +The primary purpose of this file is to run any initialization routines +which may be needed before the user's home directory becomes +accessible; AFS is a particular example of such an environment. +.Pp +This file will probably contain some initialization code followed by +something similar to: +.Bd -literal -offset 3n +if read proto cookie && [ -n "$DISPLAY" ]; then + if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then + # X11UseLocalhost=yes + echo add unix:`echo $DISPLAY | + cut -c11-` $proto $cookie + else + # X11UseLocalhost=no + echo add $DISPLAY $proto $cookie + fi | xauth -q - +fi +.Ed +.Pp +If this file does not exist, +.Pa /etc/ssh/sshrc +is run, and if that +does not exist either, xauth is used to add the cookie. +.Sh AUTHORIZED_KEYS FILE FORMAT +.Cm AuthorizedKeysFile +specifies the files containing public keys for +public key authentication; +if this option is not specified, the default is +.Pa ~/.ssh/authorized_keys +and +.Pa ~/.ssh/authorized_keys2 . +Each line of the file contains one +key (empty lines and lines starting with a +.Ql # +are ignored as +comments). +Public keys consist of the following space-separated fields: +options, keytype, base64-encoded key, comment. +The options field is optional. +The supported key types are: +.Pp +.Bl -item -compact -offset indent +.It +sk-ecdsa-sha2-nistp256@openssh.com +.It +ecdsa-sha2-nistp256 +.It +ecdsa-sha2-nistp384 +.It +ecdsa-sha2-nistp521 +.It +sk-ssh-ed25519@openssh.com +.It +ssh-ed25519 +.It +ssh-rsa +.El +.Pp +The comment field is not used for anything (but may be convenient for the +user to identify the key). +.Pp +Note that lines in this file can be several hundred bytes long +(because of the size of the public key encoding) up to a limit of +8 kilobytes, which permits RSA keys up to 16 kilobits. +You don't want to type them in; instead, copy the +.Pa id_ecdsa.pub , +.Pa id_ecdsa_sk.pub , +.Pa id_ed25519.pub , +.Pa id_ed25519_sk.pub , +or the +.Pa id_rsa.pub +file and edit it. +.Pp +.Nm +enforces a minimum RSA key modulus size of 1024 bits. +.Pp +The options (if present) consist of comma-separated option +specifications. +No spaces are permitted, except within double quotes. +The following option specifications are supported (note +that option keywords are case-insensitive): +.Bl -tag -width Ds +.It Cm agent-forwarding +Enable authentication agent forwarding previously disabled by the +.Cm restrict +option. +.It Cm cert-authority +Specifies that the listed key is a certification authority (CA) that is +trusted to validate signed certificates for user authentication. +.Pp +Certificates may encode access restrictions similar to these key options. +If both certificate restrictions and key options are present, the most +restrictive union of the two is applied. +.It Cm command="command" +Specifies that the command is executed whenever this key is used for +authentication. +The command supplied by the user (if any) is ignored. +The command is run on a pty if the client requests a pty; +otherwise it is run without a tty. +If an 8-bit clean channel is required, +one must not request a pty or should specify +.Cm no-pty . +A quote may be included in the command by quoting it with a backslash. +.Pp +This option might be useful +to restrict certain public keys to perform just a specific operation. +An example might be a key that permits remote backups but nothing else. +Note that the client may specify TCP and/or X11 +forwarding unless they are explicitly prohibited, e.g. using the +.Cm restrict +key option. +.Pp +The command originally supplied by the client is available in the +.Ev SSH_ORIGINAL_COMMAND +environment variable. +Note that this option applies to shell, command or subsystem execution. +Also note that this command may be superseded by an +.Xr sshd_config 5 +.Cm ForceCommand +directive. +.Pp +If a command is specified and a forced-command is embedded in a certificate +used for authentication, then the certificate will be accepted only if the +two commands are identical. +.It Cm environment="NAME=value" +Specifies that the string is to be added to the environment when +logging in using this key. +Environment variables set this way +override other default environment values. +Multiple options of this type are permitted. +Environment processing is disabled by default and is +controlled via the +.Cm PermitUserEnvironment +option. +.It Cm expiry-time="timespec" +Specifies a time after which the key will not be accepted. +The time may be specified as a YYYYMMDD[Z] date or a YYYYMMDDHHMM[SS][Z] time. +Dates and times will be interpreted in the system time zone unless suffixed +by a Z character, in which case they will be interpreted in the UTC time zone. +.It Cm from="pattern-list" +Specifies that in addition to public key authentication, either the canonical +name of the remote host or its IP address must be present in the +comma-separated list of patterns. +See PATTERNS in +.Xr ssh_config 5 +for more information on patterns. +.Pp +In addition to the wildcard matching that may be applied to hostnames or +addresses, a +.Cm from +stanza may match IP addresses using CIDR address/masklen notation. +.Pp +The purpose of this option is to optionally increase security: public key +authentication by itself does not trust the network or name servers or +anything (but the key); however, if somebody somehow steals the key, the key +permits an intruder to log in from anywhere in the world. +This additional option makes using a stolen key more difficult (name +servers and/or routers would have to be compromised in addition to +just the key). +.It Cm no-agent-forwarding +Forbids authentication agent forwarding when this key is used for +authentication. +.It Cm no-port-forwarding +Forbids TCP forwarding when this key is used for authentication. +Any port forward requests by the client will return an error. +This might be used, e.g. in connection with the +.Cm command +option. +.It Cm no-pty +Prevents tty allocation (a request to allocate a pty will fail). +.It Cm no-user-rc +Disables execution of +.Pa ~/.ssh/rc . +.It Cm no-X11-forwarding +Forbids X11 forwarding when this key is used for authentication. +Any X11 forward requests by the client will return an error. +.It Cm permitlisten="[host:]port" +Limit remote port forwarding with the +.Xr ssh 1 +.Fl R +option such that it may only listen on the specified host (optional) and port. +IPv6 addresses can be specified by enclosing the address in square brackets. +Multiple +.Cm permitlisten +options may be applied separated by commas. +Hostnames may include wildcards as described in the PATTERNS section in +.Xr ssh_config 5 . +A port specification of +.Cm * +matches any port. +Note that the setting of +.Cm GatewayPorts +may further restrict listen addresses. +Note that +.Xr ssh 1 +will send a hostname of +.Dq localhost +if a listen host was not specified when the forwarding was requested, and +that this name is treated differently to the explicit localhost addresses +.Dq 127.0.0.1 +and +.Dq ::1 . +.It Cm permitopen="host:port" +Limit local port forwarding with the +.Xr ssh 1 +.Fl L +option such that it may only connect to the specified host and port. +IPv6 addresses can be specified by enclosing the address in square brackets. +Multiple +.Cm permitopen +options may be applied separated by commas. +No pattern matching or name lookup is performed on the +specified hostnames, they must be literal host names and/or addresses. +A port specification of +.Cm * +matches any port. +.It Cm port-forwarding +Enable port forwarding previously disabled by the +.Cm restrict +option. +.It Cm principals="principals" +On a +.Cm cert-authority +line, specifies allowed principals for certificate authentication as a +comma-separated list. +At least one name from the list must appear in the certificate's +list of principals for the certificate to be accepted. +This option is ignored for keys that are not marked as trusted certificate +signers using the +.Cm cert-authority +option. +.It Cm pty +Permits tty allocation previously disabled by the +.Cm restrict +option. +.It Cm no-touch-required +Do not require demonstration of user presence +for signatures made using this key. +This option only makes sense for the FIDO authenticator algorithms +.Cm ecdsa-sk +and +.Cm ed25519-sk . +.It Cm verify-required +Require that signatures made using this key attest that they verified +the user, e.g. via a PIN. +This option only makes sense for the FIDO authenticator algorithms +.Cm ecdsa-sk +and +.Cm ed25519-sk . +.It Cm restrict +Enable all restrictions, i.e. disable port, agent and X11 forwarding, +as well as disabling PTY allocation +and execution of +.Pa ~/.ssh/rc . +If any future restriction capabilities are added to authorized_keys files, +they will be included in this set. +.It Cm tunnel="n" +Force a +.Xr tun 4 +device on the server. +Without this option, the next available device will be used if +the client requests a tunnel. +.It Cm user-rc +Enables execution of +.Pa ~/.ssh/rc +previously disabled by the +.Cm restrict +option. +.It Cm X11-forwarding +Permits X11 forwarding previously disabled by the +.Cm restrict +option. +.El +.Pp +An example authorized_keys file: +.Bd -literal -offset 3n +# Comments are allowed at start of line. Blank lines are allowed. +# Plain key, no restrictions +ssh-rsa ... +# Forced command, disable PTY and all forwarding +restrict,command="dump /home" ssh-rsa ... +# Restriction of ssh -L forwarding destinations +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ... +# Restriction of ssh -R forwarding listeners +permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ... +# Configuration for tunnel forwarding +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ... +# Override of restriction to allow PTY allocation +restrict,pty,command="nethack" ssh-rsa ... +# Allow FIDO key without requiring touch +no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ... +# Require user-verification (e.g. PIN or biometric) for FIDO key +verify-required sk-ecdsa-sha2-nistp256@openssh.com ... +# Trust CA key, allow touch-less FIDO if requested in certificate +cert-authority,no-touch-required,principals="user_a" ssh-rsa ... +.Ed +.Sh SSH_KNOWN_HOSTS FILE FORMAT +The +.Pa /etc/ssh/ssh_known_hosts +and +.Pa ~/.ssh/known_hosts +files contain host public keys for all known hosts. +The global file should +be prepared by the administrator (optional), and the per-user file is +maintained automatically: whenever the user connects to an unknown host, +its key is added to the per-user file. +.Pp +Each line in these files contains the following fields: marker (optional), +hostnames, keytype, base64-encoded key, comment. +The fields are separated by spaces. +.Pp +The marker is optional, but if it is present then it must be one of +.Dq @cert-authority , +to indicate that the line contains a certification authority (CA) key, +or +.Dq @revoked , +to indicate that the key contained on the line is revoked and must not ever +be accepted. +Only one marker should be used on a key line. +.Pp +Hostnames is a comma-separated list of patterns +.Pf ( Ql * +and +.Ql \&? +act as +wildcards); each pattern in turn is matched against the host name. +When +.Nm sshd +is authenticating a client, such as when using +.Cm HostbasedAuthentication , +this will be the canonical client host name. +When +.Xr ssh 1 +is authenticating a server, this will be the host name +given by the user, the value of the +.Xr ssh 1 +.Cm HostkeyAlias +if it was specified, or the canonical server hostname if the +.Xr ssh 1 +.Cm CanonicalizeHostname +option was used. +.Pp +A pattern may also be preceded by +.Ql \&! +to indicate negation: if the host name matches a negated +pattern, it is not accepted (by that line) even if it matched another +pattern on the line. +A hostname or address may optionally be enclosed within +.Ql \&[ +and +.Ql \&] +brackets then followed by +.Ql \&: +and a non-standard port number. +.Pp +Alternately, hostnames may be stored in a hashed form which hides host names +and addresses should the file's contents be disclosed. +Hashed hostnames start with a +.Ql | +character. +Only one hashed hostname may appear on a single line and none of the above +negation or wildcard operators may be applied. +.Pp +The keytype and base64-encoded key are taken directly from the host key; they +can be obtained, for example, from +.Pa /etc/ssh/ssh_host_rsa_key.pub . +The optional comment field continues to the end of the line, and is not used. +.Pp +Lines starting with +.Ql # +and empty lines are ignored as comments. +.Pp +When performing host authentication, authentication is accepted if any +matching line has the proper key; either one that matches exactly or, +if the server has presented a certificate for authentication, the key +of the certification authority that signed the certificate. +For a key to be trusted as a certification authority, it must use the +.Dq @cert-authority +marker described above. +.Pp +The known hosts file also provides a facility to mark keys as revoked, +for example when it is known that the associated private key has been +stolen. +Revoked keys are specified by including the +.Dq @revoked +marker at the beginning of the key line, and are never accepted for +authentication or as certification authorities, but instead will +produce a warning from +.Xr ssh 1 +when they are encountered. +.Pp +It is permissible (but not +recommended) to have several lines or different host keys for the same +names. +This will inevitably happen when short forms of host names +from different domains are put in the file. +It is possible +that the files contain conflicting information; authentication is +accepted if valid information can be found from either file. +.Pp +Note that the lines in these files are typically hundreds of characters +long, and you definitely don't want to type in the host keys by hand. +Rather, generate them by a script, +.Xr ssh-keyscan 1 +or by taking, for example, +.Pa /etc/ssh/ssh_host_rsa_key.pub +and adding the host names at the front. +.Xr ssh-keygen 1 +also offers some basic automated editing for +.Pa ~/.ssh/known_hosts +including removing hosts matching a host name and converting all host +names to their hashed representations. +.Pp +An example ssh_known_hosts file: +.Bd -literal -offset 3n +# Comments allowed at start of line +cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= +# A hashed hostname +|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa +AAAA1234.....= +# A revoked key +@revoked * ssh-rsa AAAAB5W... +# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org +@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... +.Ed +.Sh FILES +.Bl -tag -width Ds -compact +.It Pa ~/.hushlogin +This file is used to suppress printing the last login time and +.Pa /etc/motd , +if +.Cm PrintLastLog +and +.Cm PrintMotd , +respectively, +are enabled. +It does not suppress printing of the banner specified by +.Cm Banner . +.Pp +.It Pa ~/.rhosts +This file is used for host-based authentication (see +.Xr ssh 1 +for more information). +On some machines this file may need to be +world-readable if the user's home directory is on an NFS partition, +because +.Nm +reads it as root. +Additionally, this file must be owned by the user, +and must not have write permissions for anyone else. +The recommended +permission for most machines is read/write for the user, and not +accessible by others. +.Pp +.It Pa ~/.shosts +This file is used in exactly the same way as +.Pa .rhosts , +but allows host-based authentication without permitting login with +rlogin/rsh. +.Pp +.It Pa ~/.ssh/ +This directory is the default location for all user-specific configuration +and authentication information. +There is no general requirement to keep the entire contents of this directory +secret, but the recommended permissions are read/write/execute for the user, +and not accessible by others. +.Pp +.It Pa ~/.ssh/authorized_keys +Lists the public keys (ECDSA, Ed25519, RSA) +that can be used for logging in as this user. +The format of this file is described above. +The content of the file is not highly sensitive, but the recommended +permissions are read/write for the user, and not accessible by others. +.Pp +If this file, the +.Pa ~/.ssh +directory, or the user's home directory are writable +by other users, then the file could be modified or replaced by unauthorized +users. +In this case, +.Nm +will not allow it to be used unless the +.Cm StrictModes +option has been set to +.Dq no . +.Pp +.It Pa ~/.ssh/environment +This file is read into the environment at login (if it exists). +It can only contain empty lines, comment lines (that start with +.Ql # ) , +and assignment lines of the form name=value. +The file should be writable +only by the user; it need not be readable by anyone else. +Environment processing is disabled by default and is +controlled via the +.Cm PermitUserEnvironment +option. +.Pp +.It Pa ~/.ssh/known_hosts +Contains a list of host keys for all hosts the user has logged into +that are not already in the systemwide list of known host keys. +The format of this file is described above. +This file should be writable only by root/the owner and +can, but need not be, world-readable. +.Pp +.It Pa ~/.ssh/rc +Contains initialization routines to be run before +the user's home directory becomes accessible. +This file should be writable only by the user, and need not be +readable by anyone else. +.Pp +.It Pa /etc/hosts.equiv +This file is for host-based authentication (see +.Xr ssh 1 ) . +It should only be writable by root. +.Pp +.It Pa /etc/moduli +Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" +key exchange method. +The file format is described in +.Xr moduli 5 . +If no usable groups are found in this file then fixed internal groups will +be used. +.Pp +.It Pa /etc/motd +See +.Xr motd 5 . +.Pp +.It Pa /etc/nologin +If this file exists, +.Nm +refuses to let anyone except root log in. +The contents of the file +are displayed to anyone trying to log in, and non-root connections are +refused. +The file should be world-readable. +.Pp +.It Pa /etc/shosts.equiv +This file is used in exactly the same way as +.Pa hosts.equiv , +but allows host-based authentication without permitting login with +rlogin/rsh. +.Pp +.It Pa /etc/ssh/ssh_host_ecdsa_key +.It Pa /etc/ssh/ssh_host_ed25519_key +.It Pa /etc/ssh/ssh_host_rsa_key +These files contain the private parts of the host keys. +These files should only be owned by root, readable only by root, and not +accessible to others. +Note that +.Nm +does not start if these files are group/world-accessible. +.Pp +.It Pa /etc/ssh/ssh_host_ecdsa_key.pub +.It Pa /etc/ssh/ssh_host_ed25519_key.pub +.It Pa /etc/ssh/ssh_host_rsa_key.pub +These files contain the public parts of the host keys. +These files should be world-readable but writable only by +root. +Their contents should match the respective private parts. +These files are not +really used for anything; they are provided for the convenience of +the user so their contents can be copied to known hosts files. +These files are created using +.Xr ssh-keygen 1 . +.Pp +.It Pa /etc/ssh/ssh_known_hosts +Systemwide list of known host keys. +This file should be prepared by the +system administrator to contain the public host keys of all machines in the +organization. +The format of this file is described above. +This file should be writable only by root/the owner and +should be world-readable. +.Pp +.It Pa /etc/ssh/sshd_config +Contains configuration data for +.Nm sshd . +The file format and configuration options are described in +.Xr sshd_config 5 . +.Pp +.It Pa /etc/ssh/sshrc +Similar to +.Pa ~/.ssh/rc , +it can be used to specify +machine-specific login-time initializations globally. +This file should be writable only by root, and should be world-readable. +.Pp +.It Pa /var/empty +.Xr chroot 2 +directory used by +.Nm +during privilege separation in the pre-authentication phase. +The directory should not contain any files and must be owned by root +and not group or world-writable. +.Pp +.It Pa /var/run/sshd.pid +Contains the process ID of the +.Nm +listening for connections (if there are several daemons running +concurrently for different ports, this contains the process ID of the one +started last). +The content of this file is not sensitive; it can be world-readable. +.El +.Sh SEE ALSO +.Xr scp 1 , +.Xr sftp 1 , +.Xr ssh 1 , +.Xr ssh-add 1 , +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 , +.Xr ssh-keyscan 1 , +.Xr chroot 2 , +.Xr login.conf 5 , +.Xr moduli 5 , +.Xr sshd_config 5 , +.Xr inetd 8 , +.Xr sftp-server 8 +.Sh AUTHORS +OpenSSH is a derivative of the original and free +ssh 1.2.12 release by Tatu Ylonen. +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Theo de Raadt and Dug Song +removed many bugs, re-added newer features and +created OpenSSH. +Markus Friedl contributed the support for SSH +protocol versions 1.5 and 2.0. +Niels Provos and Markus Friedl contributed support +for privilege separation. diff --git a/static/openbsd/man8/strfile.8 b/static/openbsd/man8/strfile.8 new file mode 100644 index 00000000..b87e7955 --- /dev/null +++ b/static/openbsd/man8/strfile.8 @@ -0,0 +1,149 @@ +.\" $OpenBSD: strfile.8,v 1.18 2024/08/31 13:41:13 jmc Exp $ +.\" $NetBSD: strfile.8,v 1.3 1995/03/23 08:28:45 cgd Exp $ +.\" +.\" Copyright (c) 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Ken Arnold. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)strfile.8 8.1 (Berkeley) 6/9/93 +.\" +.Dd $Mdocdate: August 31 2024 $ +.Dt STRFILE 8 +.Os +.Sh NAME +.Nm strfile , +.Nm unstr +.Nd create a random access file for storing strings +.Sh SYNOPSIS +.Nm strfile +.Op Fl iorsx +.Op Fl c Ar char +.Ar source_file +.Op Ar output_file +.Nm unstr +.Ar source_file +.Sh DESCRIPTION +.Nm +reads a file containing groups of lines separated by a line containing +a single percent +.Ql \&% +sign and creates a data file which contains +a header structure and a table of file offsets for each group of lines. +This allows random access of the strings. +.Pp +The output file, if not specified on the command line, is named +.Ar source_file Ns Sy .dat . +.Pp +The options are as follows: +.Bl -tag -width "-c char" +.It Fl c Ar char +Change the delimiting character from the percent sign to +.Ar char . +.It Fl i +Ignore case when ordering the strings. +.It Fl o +Order the strings in alphabetical order. +The offset table will be sorted in the alphabetical order of the +groups of lines referenced. +Any initial non-alphanumeric characters are ignored. +This option causes the +.Dv STR_ORDERED +bit in the header +.Ar str_flags +field to be set. +.It Fl r +Randomize access to the strings. +Entries in the offset table will be randomly ordered. +This option causes the +.Dv STR_RANDOM +bit in the header +.Ar str_flags +field to be set. +.It Fl s +Run silently; don't give a summary message when finished. +.It Fl x +Note that each alphabetic character in the groups of lines is rotated +13 positions in a simple caesar cypher. +This option causes the +.Dv STR_ROTATED +bit in the header +.Ar str_flags +field to be set. +.El +.Pp +The format of the header is: +.Bd -literal -offset indent +#define VERSION 2 + u_int32_t str_version; /* version number */ + u_int32_t str_numstr; /* # of strings in the file */ + u_int32_t str_longlen; /* length of longest string */ + u_int32_t str_shortlen; /* length of shortest string */ +#define STR_RANDOM 0x1 /* randomized pointers */ +#define STR_ORDERED 0x2 /* ordered pointers */ +#define STR_ROTATED 0x4 /* rot-13'd text */ + u_int32_t str_flags; /* bit field for flags */ + u_int8_t stuff[4]; /* long aligned space */ +#define str_delim stuff[0] /* delimiting character */ +.Ed +.Pp +All fields are written in network byte order. +Each field is also written independently so as to avoid structure padding +problems on some architectures. +.Pp +The purpose of +.Nm unstr +is to undo the work of +.Nm strfile . +It prints out the strings contained in the file +.Ar source_file +in the order that they are listed in +the header file +.Ar source_file Ns Sy .dat +to standard output. +It is possible to create sorted versions of input files by using +.Fl o +when +.Nm strfile +is run and then using +.Nm unstr +to dump them out in the table order. +.Sh FILES +.Bl -tag -width source_file.dat -compact +.It Ar source_file Ns Sy .dat +default output file. +.El +.Sh SEE ALSO +.Xr ntohl 3 , +.Xr fortune 6 +.Sh HISTORY +The +.Nm strfile +utility first appeared in +.Bx 4.0 . diff --git a/static/openbsd/man8/swapctl.8 b/static/openbsd/man8/swapctl.8 new file mode 100644 index 00000000..4f2d20e2 --- /dev/null +++ b/static/openbsd/man8/swapctl.8 @@ -0,0 +1,230 @@ +.\" $OpenBSD: swapctl.8,v 1.38 2025/08/08 22:24:15 kirill Exp $ +.\" $NetBSD: swapctl.8,v 1.14 1998/05/22 18:27:52 msaitoh Exp $ +.\" +.\" Copyright (c) 1997 Matthew R. Green +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 8 2025 $ +.Dt SWAPCTL 8 +.Os +.Sh NAME +.Nm swapctl , +.Nm swapon +.Nd system swap management tool +.Sh SYNOPSIS +.Nm swapctl +.Fl A +.Op Fl p Ar priority +.Op Fl t Cm blk | noblk +.Nm swapctl +.Fl a +.Op Fl p Ar priority +.Ar path +.Nm swapctl +.Fl c +.Fl p Ar priority +.Ar path +.Nm swapctl +.Fl d +.Ar path +.Nm swapctl +.Op Oo Fl l Oc | Fl s +.Op Fl k +.Nm swapon +.Fl a | Ar path +.Sh DESCRIPTION +The +.Nm +program adds, removes, +lists and prioritizes swap devices and files for the system. +The +.Nm swapon +program acts the same as +.Ic swapctl -a , +except if +.Nm swapon +itself is called with +.Fl a , +in which case +it acts as +.Ic swapctl -A . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +This option causes +.Nm +to read the +.Pa /etc/fstab +file for devices and files with an +.Dq sw +type, and adds all these entries +as swap devices. +If no swap devices are configured, +.Nm +will exit with an error code. +.It Fl a +The +.Fl a +option requires that a +.Ar path +also be in the argument list. +The +.Ar path +is added to the kernel's list of swap devices using the +.Xr swapctl 2 +system call. +When using the +.Nm swapon +form of this command, the +.Fl a +option is treated the same as the +.Fl A +option, for backwards compatibility. +.It Fl c +The +.Fl c +option changes the priority of the listed swap device or file. +.It Fl d Ar path +The +.Fl d +option removes the listed +.Ar path +from the kernel's list of swap devices or files. +.It Fl k +The +.Fl k +option uses 1024 byte blocks instead of the default 512 byte. +.It Fl l +The +.Fl l +option lists the current swap devices and files, and their usage statistics. +.It Fl p Ar priority +The +.Fl p +option sets the priority of swap devices or files to the +.Ar priority +argument. +.It Fl s +The +.Fl s +option displays a single line summary of current swap statistics. +.It Fl t Cm blk | noblk +This flag modifies the function of the +.Fl A +option. +The +.Fl t +option allows the type of device to add to be specified. +An argument of +.Cm blk +causes all block devices in +.Pa /etc/fstab +to be added. +An argument of +.Cm noblk +causes all non-block devices in +.Pa /etc/fstab +to be added. +This option is useful in early system startup, where swapping +may be needed before all file systems are available, such as during +disk checks of large file systems. +.El +.Sh SWAP OPTIONS +Lines such as the following +specify swap devices in +.Pa /etc/fstab : +.Bd -literal -offset indent +/dev/sd1b none swap sw +d48d0e3fc1c39531.k none swap sw +.Ed +.Pp +The initial swap device (root disk, partition b) need not appear in +.Pa /etc/fstab , +though it is not an error for it to do so. +.Pp +Additional flags include: +.Pp +.Bl -tag -width nfsmntpt=/path -compact +.It priority=N +Swap devices and files may be assigned different priorities, +to allow faster resources to be used first. +Swap devices at the same priority are used in a round-robin fashion until +there is no more space available at this priority, when the next priority +level will be used. +The default priority is 0, the highest. +This value can be any valid integer, +with higher values receiving less priority. +.It nfsmntpt=/path +This option is useful for swapping to NFS files. +It specifies an existing directory +.Pf / Ar path +to be used as the local mount point for an NFS file system. +Typically, once +this mount has succeeded, the file to be used for swapping on will +be available under this mount point. +For example: +.Bd -literal +server:/export/swap/client none swap sw,nfsmntpt=/swap +.Ed +.El +.Sh EXIT STATUS +.Ex -std swapctl +.Sh SEE ALSO +.Xr swapctl 2 , +.Xr vnd 4 , +.Xr fstab 5 , +.Xr mount_nfs 8 , +.Xr mount_vnd 8 +.Sh HISTORY +The +.Nm +program was originally developed in +.Nx 1.3 . +It was ported to +.Ox 2.6 +by Tobias Weingartner. +The original +.Nm swapon +program, provided for backwards compatibility, appeared in +.Bx 4.0 . +.Sh AUTHORS +The +.Nm +program was written by +.An Matthew R. Green Aq Mt mrg@eterna.com.au . +.Sh BUGS +Local and remote swap files cannot be configured until the file +systems they reside on are mounted read/write. +The system startup scripts need to +.Xr fsck 8 +all local file systems before this can happen. +This process requires substantial amounts of memory on some systems. +If one configures no +local block swap devices on a machine that has local file systems to +check and rely only on swap files, the machine will have no swap space +at all during system +.Xr fsck 8 +and may run out of real memory, causing fsck to abnormally exit and +startup scripts to fail. diff --git a/static/openbsd/man8/swapon.8 b/static/openbsd/man8/swapon.8 new file mode 100644 index 00000000..b141e408 --- /dev/null +++ b/static/openbsd/man8/swapon.8 @@ -0,0 +1,95 @@ +.\" $OpenBSD: swapon.8,v 1.10 1999/06/04 02:45:24 aaron Exp $ +.\" $NetBSD: swapon.8,v 1.8 1995/08/18 14:51:35 pk Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS `AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)swapon.8 8.1 (Berkeley) 6/5/93 +.\" +.Dd June 5, 1993 +.Dt SWAPON 8 +.Os +.Sh NAME +.Nm swapon +.Nd "specify additional device for paging and swapping" +.Sh SYNOPSIS +.Nm swapon +.Fl a +.Nm swapon +.Ar special_file ... +.Sh DESCRIPTION +.Nm +is used to specify additional devices on which paging and swapping +are to take place. +The system begins by swapping and paging on only a single device +so that only one disk is required at bootstrap time. +Calls to +.Nm +normally occur in the system multi-user initialization file +.Pa /etc/rc +making all swap devices available, so that the paging and swapping +activity is interleaved across several devices. +.Pp +Normally, the first form is used: +.Bl -tag -width Ds +.It Fl a +All devices marked as +.Dq sw +swap devices in +.Pa /etc/fstab +are made available. +.El +.Pp +The second form gives individual block devices as given +in the system swap configuration table. The call makes only this space +available to the system for swap allocation. +.Sh FILES +.Bl -tag -width /dev/[ru][pk]?b -compact +.It Pa /dev/[ru][pk]?b +standard paging devices +.It Pa /etc/fstab +ASCII filesystem description table +.El +.Sh SEE ALSO +.Xr swapon 2 , +.Xr fstab 5 , +.Xr init 8 , +.Xr rc 8 , +.Xr vnconfig 8 +.Sh BUGS +There is no way to stop paging and swapping on a device. +It is therefore not possible to make use of devices which may be +dismounted during system operation. +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.0 . diff --git a/static/openbsd/man8/sync.8 b/static/openbsd/man8/sync.8 new file mode 100644 index 00000000..9d344373 --- /dev/null +++ b/static/openbsd/man8/sync.8 @@ -0,0 +1,72 @@ +.\" $OpenBSD: sync.8,v 1.14 2016/08/16 18:51:25 schwarze Exp $ +.\" $NetBSD: sync.8,v 1.6 1995/03/21 09:11:35 cgd Exp $ +.\" +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)sync.8 8.1 (Berkeley) 5/31/93 +.\" +.Dd $Mdocdate: August 16 2016 $ +.Dt SYNC 8 +.Os +.Sh NAME +.Nm sync +.Nd force completion of pending disk writes (flush cache) +.Sh SYNOPSIS +.Nm sync +.Sh DESCRIPTION +The +.Nm +utility can be called to ensure that all disk writes have been completed before +the processor is halted in a way not suitably done by +.Xr reboot 8 +or +.Xr halt 8 . +Generally, it is preferable to use +.Xr reboot 8 +or +.Xr halt 8 +to shut down the system, +as they may perform additional actions +such as resynchronizing the hardware clock +and flushing internal caches before performing a final +.Nm sync . +.Pp +.Nm +utilizes the +.Xr sync 2 +function. +.Sh SEE ALSO +.Xr fsync 2 , +.Xr sync 2 , +.Xr halt 8 , +.Xr reboot 8 +.Sh HISTORY +A +.Nm +command appeared in +.At v4 . diff --git a/static/openbsd/man8/sysctl.8 b/static/openbsd/man8/sysctl.8 new file mode 100644 index 00000000..71d5f04c --- /dev/null +++ b/static/openbsd/man8/sysctl.8 @@ -0,0 +1,189 @@ +.\" $OpenBSD: sysctl.8,v 1.218 2025/04/29 17:44:00 jmc Exp $ +.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ +.\" +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 +.\" +.Dd $Mdocdate: April 29 2025 $ +.Dt SYSCTL 8 +.Os +.Sh NAME +.Nm sysctl +.Nd get or set kernel state +.Sh SYNOPSIS +.Nm sysctl +.Op Fl Aanq +.Op Fl f Ar file +.Op Ar name Ns Oo = Ns Ar value Oc Ar ... +.Sh DESCRIPTION +The +.Nm +utility retrieves kernel state and allows processes with +appropriate privilege to set kernel state. +The state to be retrieved or set is described using a +.Dq Management Information Base +.Pq MIB +style name, using a dotted set of components. +.Pp +When retrieving a variable, +a subset of the MIB name may be specified to retrieve a list of +variables in that subset. +For example, to list all the machdep variables: +.Pp +.Dl $ sysctl machdep +.Pp +The options are as follows: +.Bl -tag -width xxx +.It Fl A +List all the known MIB names including tables. +Those with string or integer values will be printed as with the +.Fl a +flag; for the table values, the name of the utility to retrieve them is given. +.It Fl a +List all the currently available string or integer values. +This is the default, if no parameters are given to +.Nm . +.It Fl f Ar file +Process +.Ar name Ns Op = Ns Ar value +arguments from +.Ar file +in +.Xr sysctl.conf 5 +format. +.It Fl n +Suppress printing of the field name, only output the field value. +Useful for setting shell variables. +For example, to set the psize shell variable to the pagesize of the hardware: +.Pp +.Dl # set psize=`sysctl -n hw.pagesize` +.It Fl q +Suppress all output when setting a variable. +This option overrides the behaviour of +.Fl n . +.It Ar name Ns Op = Ns Ar value +Retrieve the specified variable +.Ar name , +or attempt to set it to +.Ar value . +Multiple +.Ar name Ns Op = Ns Ar value +arguments may be given. +If given, +.Fl f Ar file +is processed first. +.El +.Pp +The information available from +.Nm +consists of integers, strings, and tables. +For a detailed description of the variables, see +.Xr sysctl 2 . +Tables can only be retrieved by special purpose programs such as +.Xr ps 1 , +.Xr systat 1 , +and +.Xr netstat 1 . +.Pp +.Nm +can extract information about the filesystems that have been compiled +into the running system. +This information can be obtained by using the command: +.Pp +.Dl $ sysctl vfs.mounts +.Pp +By default, only filesystems that are actively being used are listed. +Use of the +.Fl A +flag lists all the filesystems compiled into the running kernel. +.Sh FILES +.Bl -tag -width "/etc/sysctl.confXX" -compact +.It Pa /etc/sysctl.conf +sysctl variables to set at system startup +.El +.Sh EXAMPLES +To retrieve the maximum number of processes allowed +in the system: +.Pp +.Dl $ sysctl kern.maxproc +.Pp +To set the maximum number of processes allowed +in the system to 1000: +.Pp +.Dl # sysctl kern.maxproc=1000 +.Pp +To retrieve information about the system clock rate: +.Pp +.Dl $ sysctl kern.clockrate +.Pp +To retrieve information about the load average history: +.Pp +.Dl $ sysctl vm.loadavg +.Pp +To set the list of reserved TCP ports that should not be allocated +by the kernel dynamically: +.Pp +.Dl # sysctl net.inet.tcp.baddynamic=749,750,751,760,761,871 +.Dl # sysctl net.inet.udp.baddynamic=749,750,751,760,761,871,1024-2048 +.Pp +This can be used to keep daemons +from stealing a specific port that another program needs to function. +List elements may be separated by commas and/or whitespace; +a hyphen may be used to specify a range of ports. +.Pp +It is also possible to add or remove ports from the current list: +.Bd -literal -offset indent +# sysctl net.inet.tcp.baddynamic=+748,+6000-6999 +# sysctl net.inet.tcp.baddynamic=-871 +.Ed +.Pp +To set the amount of shared memory available in the system and +the maximum number of shared memory segments: +.Bd -literal -offset indent +# sysctl kern.shminfo.shmmax=33554432 +# sysctl kern.shminfo.shmseg=32 +.Ed +.Pp +To place core dumps from +.Xr issetugid 2 +programs (in this example +.Xr bgpd 8 ) +into a safe place for debugging purposes: +.Bd -literal -offset indent +# mkdir -m 700 /var/crash/bgpd +# sysctl kern.nosuidcoredump=3 +.Ed +.Sh SEE ALSO +.Xr sysctl 2 , +.Xr options 4 , +.Xr sysctl.conf 5 +.Sh HISTORY +.Nm +first appeared in +.Bx 4.4 . diff --git a/static/openbsd/man8/syslogc.8 b/static/openbsd/man8/syslogc.8 new file mode 100644 index 00000000..11a01358 --- /dev/null +++ b/static/openbsd/man8/syslogc.8 @@ -0,0 +1,94 @@ +.\" $OpenBSD: syslogc.8,v 1.11 2022/03/31 17:27:32 naddy Exp $ +.\" +.\" Copyright (c) 2004 Damien Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.Dd $Mdocdate: March 31 2022 $ +.Dt SYSLOGC 8 +.Os +.Sh NAME +.Nm syslogc +.Nd collect messages from syslog memory buffer +.Sh SYNOPSIS +.Nm syslogc +.Op Fl Ccfo +.Op Fl n Ar lines +.Op Fl s Ar reporting_socket +.Ar logname +.Nm syslogc +.Fl q +.Sh DESCRIPTION +.Nm +collects messages from the +.Xr syslogd 8 +memory buffer specified by the +.Ar logname +argument. +.Pp +For +.Nm +to work, +.Xr syslogd 8 +must be configured with one or more memory buffer logs (see +.Xr syslog.conf 5 +for details) and have a reporting socket location specified on the +command line (using the +.Fl s +option to +.Xr syslogd 8 ) . +.Pp +By default, +.Nm +will query the specified log and return all entries to standard output. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C +Request that the log buffer be cleared without reading it. +.It Fl c +Request that the log buffer be cleared once it has been read. +.It Fl f +Print out the last 10 lines and read from the buffer continuously. +Like the +.Fl f +option in +.Xr tail 1 . +.It Fl n Ar lines +Print the specified number of lines from the end of the buffer. +.It Fl o +Check whether the specified log has overflowed. +If the log has overflowed, then a message will be printed to +.Xr stdout 4 +and the exit status will be set to 1. +.It Fl q +Request a list of available logs. +If a log has overflowed, an asterisk +.Pq Ql * +will be appended to its name. +.It Fl s Ar reporting_socket +Specify alternate reporting socket location (the default is +.Pa /var/run/syslogd.sock ) . +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr syslogd 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 3.5 . +.Sh CAVEATS +The buffer space used for writing logs through the socket is limited. +Thus it is possible to lose logs when running in continuous mode. +Losses are reported on standard error. diff --git a/static/openbsd/man8/syslogd.8 b/static/openbsd/man8/syslogd.8 new file mode 100644 index 00000000..038be057 --- /dev/null +++ b/static/openbsd/man8/syslogd.8 @@ -0,0 +1,305 @@ +.\" $OpenBSD: syslogd.8,v 1.61 2022/06/16 18:44:43 bluhm Exp $ +.\" +.\" Copyright (c) 1983, 1986, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 +.\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ +.\" +.Dd $Mdocdate: June 16 2022 $ +.Dt SYSLOGD 8 +.Os +.Sh NAME +.Nm syslogd +.Nd log system messages +.Sh SYNOPSIS +.Nm syslogd +.Bk -words +.Op Fl 46dFhnruVZ +.Op Fl a Ar path +.Op Fl C Ar CAfile +.Op Fl c Ar cert_file +.Op Fl f Ar config_file +.Op Fl K Ar CAfile +.Op Fl k Ar key_file +.Op Fl m Ar mark_interval +.Op Fl p Ar log_socket +.Op Fl S Ar listen_address +.Op Fl s Ar reporting_socket +.Op Fl T Ar listen_address +.Op Fl U Ar bind_address +.Ek +.Sh DESCRIPTION +.Nm +writes system messages to log files or a user's terminal. +Output can be sent to other programs +for further processing. +It can also securely send and receive log messages +to and from remote hosts. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use only IPv4 addresses for UDP. +.It Fl 6 +Forces +.Nm +to use only IPv6 addresses for UDP. +.It Fl a Ar path +Specify a location where +.Nm +should place an additional log socket. +The primary use for this is to place additional log sockets in +.Pa /dev/log +of various chroot filespaces, though the need for these is +less urgent after the introduction of +.Xr sendsyslog 2 . +.It Fl C Ar CAfile +PEM encoded file containing CA certificates used for certificate +validation of a remote loghost; +the default is +.Pa /etc/ssl/cert.pem . +.It Fl c Ar cert_file +PEM encoded file containing the client certificate for TLS connections +to a remote loghost. +The default is not to use a client certificate for the outgoing connection +to a syslog server. +This option has to be used together with +.Fl k Ar key_file . +.It Fl d +Enable debugging to the standard output, +and do not disassociate from the controlling terminal. +.It Fl F +Run in the foreground instead of disassociating from the controlling +terminal and running as a background daemon. +.It Fl f Ar config_file +Specify the pathname of an alternate configuration file; +the default is +.Pa /etc/syslog.conf . +.It Fl h +Include the hostname when sending messages to a remote loghost. +.It Fl K Ar CAfile +PEM encoded file containing CA certificates used for client certificate +validation on the local listen socket. +By default incoming connections from any TLS client are allowed. +.It Fl k Ar key_file +PEM encoded file containing the client private key for TLS connections +to a remote loghost. +This option has to be used together with +.Fl c Ar cert_file . +.It Fl m Ar mark_interval +Select the number of minutes between +.Dq mark +messages; the default is 20 minutes. +.It Fl n +Print source addresses numerically rather than symbolically. +This saves an address-to-name lookup for each incoming message, +which can be useful when combined with the +.Fl u +option on a loghost with no DNS cache. +Messages from the local host will still be logged with +the symbolic local host name. +.It Fl p Ar log_socket +Specify the pathname of an alternate log socket to be used instead; +the default is +.Pa /dev/log . +.It Fl r +Print duplicate lines immediately and suppress the "last message +repeated" summary when piping to another program or forwarding to +a remote loghost. +If given twice, this is done for all log actions. +.It Fl S Ar listen_address +Create a TLS listen socket for receiving encrypted messages and +bind it to the specified address. +A port number may be specified using the +.Ar host : Ns Ar port +syntax. +The first +.Ar listen_address +is also used to find a suitable server key and certificate in +.Pa /etc/ssl/ . +.It Fl s Ar reporting_socket +Specify path to a UNIX-domain +socket for use in reporting logs stored in memory buffers using +.Xr syslogc 8 . +.It Fl T Ar listen_address +Create a TCP listen socket for receiving messages and bind it to +the specified address. +There is no well-known port for syslog over TCP, so a port number +must be specified using the +.Ar host : Ns Ar port +syntax. +.It Fl U Ar bind_address +Create a UDP socket for receiving messages and bind it to the +specified address. +This can be used, for example, with a pf divert-to rule to receive +packets when +.Nm +is bound to localhost. +A port number may be specified using the +.Ar host : Ns Ar port +syntax. +.It Fl u +Select the historical +.Dq insecure +mode, in which +.Nm +will accept input from the UDP port. +Some software wants this, but you can be subjected to a variety of +attacks over the network, including attackers remotely filling logs. +.It Fl V +Do not perform remote server certificate and hostname validation +when sending messages. +.It Fl Z +Generate timestamps in ISO format. +This includes the year and the timezone, and all logging is done +in UTC. +.El +.Pp +The options +.Fl a , S , T , +and +.Fl U +can be given more than once to specify multiple input sources. +.Pp +When starting up, +.Nm +reads its configuration file, +.Xr syslog.conf 5 , +and opens the configured logfiles and TCP and TLS connections. +The logfiles already have to exist with the correct permissions. +When receiving a +.Dv SIGHUP +signal, it closes all open logfiles and outgoing TCP and TLS +connections and re-runs this initialization sequence. +Sending this signal is required both after editing the configuration +file and after log rotation. +.Pp +.Nm +opens a UDP socket, as specified +in +.Pa /etc/services , +for sending forwarded messages. +By default all incoming data on this socket is discarded. +If insecure mode is switched on with +.Fl u , +it will also read messages from the socket. +.Nm +also opens and reads messages from the +.Ux Ns -domain +socket +.Pa /dev/log , +and from the special device +.Pa /dev/klog +(to read kernel messages), +and from +.Xr sendsyslog 2 +(to read messages from userland processes). +.Pp +The message sent to +.Nm +should consist of a single line. +Embedded new line characters are converted to spaces; +binary data is encoded by +.Xr vis 3 , +but no backslash is inserted. +The message can contain a priority code, which should be a preceding +decimal number in angle braces, for example, +.Dq <5> . +This priority code should map into the priorities defined in the +include file +.In sys/syslog.h . +.Pp +When sending syslog messages to a remote loghost via TLS, the +server's certificate and hostname are validated to prevent malicious +servers from reading messages. +If the server has a certificate with a matching hostname signed by +a CA in +.Pa /etc/ssl/cert.pem , +it is verified with that by default. +If the server has a certificate with a matching hostname signed by +a private CA, use the +.Fl C +option and put that CA into +.Ar CAfile . +Validation can be explicitly turned off using the +.Fl V +option. +If the server is accepting messages only from clients with a trusted +client certificate, use the +.Fl k +and +.Fl c +options to authenticate +.Nm +with this certificate. +.Pp +When receiving syslog messages from a TLS client, there must be +a server key and certificate in +.Pa /etc/ssl/private/host Ns Oo : Ns Ar port Oc Ns Ar .key +and +.Pa /etc/ssl/host Ns Oo : Ns Ar port Oc Ns Ar .crt . +If the client uses certificates to authenticate, the CA of the +client's certificate may be added to +.Ar CAfile +using the +.Fl K +option to protect from messages being spoofed by malicious senders. +.Sh FILES +.Bl -tag -width /var/run/syslog.pid -compact +.It Pa /dev/log +Name of the +.Ux Ns -domain +datagram log socket. +.It Pa /dev/klog +Kernel log device. +.It Pa /etc/ssl/ +Private keys and public certificates. +.It Pa /etc/syslog.conf +Configuration file. +.It Pa /var/run/syslog.pid +Process ID of current +.Nm . +.El +.Sh SEE ALSO +.Xr logger 1 , +.Xr syslog 3 , +.Xr services 5 , +.Xr syslog.conf 5 , +.Xr newsyslog 8 , +.Xr syslogc 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 . +.Sh CAVEATS +.Nm +does not create files, +it only logs to existing ones. diff --git a/static/openbsd/man8/sysmerge.8 b/static/openbsd/man8/sysmerge.8 new file mode 100644 index 00000000..4892ec8c --- /dev/null +++ b/static/openbsd/man8/sysmerge.8 @@ -0,0 +1,174 @@ +.\" $OpenBSD: sysmerge.8,v 1.80 2024/09/05 06:39:53 jmc Exp $ +.\" +.\" Copyright (c) 2008 Antoine Jacoutot <ajacoutot@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 5 2024 $ +.Dt SYSMERGE 8 +.Os +.Sh NAME +.Nm sysmerge +.Nd update system configuration files +.Sh SYNOPSIS +.Nm +.Bk -words +.Op Fl bdp +.Ek +.Sh DESCRIPTION +.Nm +is a utility designed to help the administrator update configuration files +after upgrading to a new release or snapshot. +.Pp +.Nm +works by comparing a reference root directory against currently installed files. +.Pp +.Nm +will work through the fileset, +offering the chance to merge any differences using +.Xr sdiff 1 . +Merged files may be edited using the default editor or be left to deal +with at a later date. +Should any problems occur, +such as a failure to upgrade a file, +the user will be notified and will have to deal with the issue by hand. +.Pp +By default (if +.Fl d +is not used) +.Nm +only compares files whose reference sources have changed since the last run +and attempts to automatically upgrade them to the newest version, +provided that they have no local changes. +It automatically installs missing files and binaries, +and updates files differing only by CVS Id. +Files whose reference sources have matching CVS Id are skipped from comparison. +.Pa /etc/fbtab +and +.Pa /etc/ttys +are created using helper scripts and are +.Sy always +compared. +Users and groups that are missing from the current installation but +present in the new +.Xr master.passwd 5 +and +.Xr group 5 +files will +.Sy always +be automatically (re)created. +.Pp +.Nm +will finish by running +.Xr mtree 8 +to make sure the directory structure has correct permissions. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b +Batch mode. +.Nm +runs non-interactively, +saving differing files for later manual processing. +.It Fl d +Diff mode. +.Nm +does not take any automatic action, allowing for a full diff comparison. +.It Fl p +Package mode. +.Nm +only compares the default configuration files of installed +.Xr packages 7 +against their target on the system (@sample). +.El +.Pp +Files can be excluded from comparison by listing them in +.Pa /etc/sysmerge.ignore . +Checksum files stored under +.Pa /var/sysmerge +as well as the following files will always be skipped from direct comparison: +.Pa /etc/group , +.Pa /etc/localtime , +.Pa /etc/master.passwd , +.Pa /etc/motd , +.Pa /etc/passwd , +.Pa /etc/pwd.db , +.Pa /etc/spwd.db , +.Pa /var/db/locate.database , +.Pa /var/mail/root . +.Sh ENVIRONMENT +.Bl -tag -width "EDITORXXVISUAL" +.It Ev EDITOR , VISUAL +Specifies an editor to use. +If both +.Ev EDITOR +and +.Ev VISUAL +are set, +.Ev VISUAL +takes precedence. +If neither +.Ev EDITOR +nor +.Ev VISUAL +are set, +the default is +.Xr vi 1 . +.It Ev PAGER +Specifies the pagination program to use. +If +.Ev PAGER +is empty or not set, +.Xr more 1 +will be used. +.El +.Sh FILES +.Bl -tag -width "/var/sysmerge/xetc.tgz" -compact +.It Pa /etc/sysmerge.ignore +Files and directories to ignore from comparison. +.It Pa /var/sysmerge/backups +Directory containing backup of +.Nm +last run modified files. +Rotated automatically in order of increasing age from +.Pa backups.0 +to +.Pa backups.3 . +.It Pa /var/sysmerge/etc.tgz +Base system set containing the reference files +corresponding to the currently installed release. +.It Pa /var/sysmerge/xetc.tgz +.Xr X 7 +set containing the reference files +corresponding to the currently installed release. +.El +.Sh SEE ALSO +.Xr more 1 , +.Xr sdiff 1 , +.Xr sysupgrade 8 +.Pp +.Lk https://www.openbsd.org/faq/current.html +.Lk https://www.openbsd.org/faq/upgradeXX.html +.Sh HISTORY +The +.Nm +script first appeared in +.Ox 4.4 . +.Sh AUTHORS +.An -nosplit +.Nm +was written by +.An Antoine Jacoutot Aq Mt ajacoutot@openbsd.org . +It was originally started as a friendly fork from +mergemaster by +.An Douglas Barton Aq Mt DougB@FreeBSD.org . diff --git a/static/openbsd/man8/syspatch.8 b/static/openbsd/man8/syspatch.8 new file mode 100644 index 00000000..cb67e500 --- /dev/null +++ b/static/openbsd/man8/syspatch.8 @@ -0,0 +1,85 @@ +.\" $OpenBSD: syspatch.8,v 1.22 2020/12/07 21:19:28 ajacoutot Exp $ +.\" +.\" Copyright (c) 2016 Antoine Jacoutot <ajacoutot@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 7 2020 $ +.Dt SYSPATCH 8 +.Os +.Sh NAME +.Nm syspatch +.Nd manage base system binary patches +.Sh SYNOPSIS +.Nm syspatch +.Op Fl c | l | R | r +.Sh DESCRIPTION +.Nm +is a utility to fetch, verify, install and revert +.Ox +binary patches. +.Pp +When run without any options, +.Nm syspatch +will apply +.Em all +missing patches, creating a rollback tarball containing the files it is about +to replace, then extracting and installing all files contained in the syspatch +tarball. +If any sets are missing, patches are skipped accordingly. +Patches are cumulative and as such it is not possible to install only a subset +of them. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c +List available patches; suitable for +.Xr cron 8 . +.It Fl l +List installed patches. +.It Fl R +Revert all patches. +.It Fl r +Revert the most recently installed patch. +.El +.Sh FILES +.Bl -tag -width "/etc/installurl" -compact +.It Pa /etc/installurl +.Ox +mirror top-level URL for fetching patches. +.It Pa /var/syspatch/* +Directories containing the rollback tarball and original signed +.Xr diff 1 +of installed patches. +.El +.Sh EXIT STATUS +.Ex -std syspatch +In particular, 2 indicates that applying patches was requested but no +additional patch was installed. +.Sh SEE ALSO +.Xr signify 1 , +.Xr installurl 5 , +.Xr release 8 +.Sh HISTORY +.Nm +first appeared in +.Ox 6.1 . +.Sh AUTHORS +.Nm +was written by +.An Antoine Jacoutot Aq Mt ajacoutot@openbsd.org . +.Sh CAVEATS +.Nm +is designed to work solely on official +.Ox +releases. diff --git a/static/openbsd/man8/sysupgrade.8 b/static/openbsd/man8/sysupgrade.8 new file mode 100644 index 00000000..41438ad9 --- /dev/null +++ b/static/openbsd/man8/sysupgrade.8 @@ -0,0 +1,136 @@ +.\" $OpenBSD: sysupgrade.8,v 1.23 2025/11/11 15:18:30 deraadt Exp $ +.\" +.\" Copyright (c) 2019 Florian Obser <florian@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 11 2025 $ +.Dt SYSUPGRADE 8 +.Os +.Sh NAME +.Nm sysupgrade +.Nd upgrade system to the next release or a new snapshot +.Sh SYNOPSIS +.Nm +.Op Fl fkns +.Op Fl b Ar base-directory +.Op Fl R Ar version +.Op Ar installurl | path +.Sh DESCRIPTION +.Nm +is a utility to upgrade +.Ox +to a new release or snapshot if available. +.Pp +.Nm +downloads the necessary files to +.Pa /home/_sysupgrade , +verifies them with +.Xr signify 1 , +and copies bsd.rd to +.Pa /bsd.upgrade . +.Pp +.Nm +by default then reboots the system. +The bootloader will automatically choose +.Pa /bsd.upgrade , +triggering a one-shot upgrade using the files in +.Pa /home/_sysupgrade . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b Ar base-directory +Download files to +.Ar base-directory Ns / Ns Pa _sysupgrade +instead of +.Pa /home/_sysupgrade . +.It Fl f +For snapshots, force an already applied upgrade. +This option has no effect on releases. +.It Fl k +Keep the files in +.Pa /home/_sysupgrade . +By default they will be deleted after the upgrade. +.It Fl n +Fetch and verify the files and create +.Pa /bsd.upgrade +but do not reboot. +.It Fl R Ar version +Upgrade to a specific release version. +Only upgrades from one version to the next are tested. +Skipping versions may work. +Downgrading is unlikely to work. +.It Fl s +Upgrade to a snapshot. +The default is to upgrade to the next release. +.El +.Pp +When updating to a release or snapshot which lacks the required signify +keys in +.Pa /etc/signify , +the missing keys will be downloaded in a secure way. +In the usual case, the keys will already be present because +.Ox +releases ship with the current key, the next key, and a collection of +older keys. +.Pp +See +.Xr upgrade.site 5 +for how to customize the upgrade process. +.Sh PRUNING +Upgrading between releases and snapshots will over time collect much detritus +in the +.Pa /usr +sub-directory (which may or may not be an independent filesystem, based on +original install-time decisions). +.Nm sysupgrade +will complain if +.Xr df 1 +indicates insufficient space, and prevent the upgrade. +.Nm sysupgrade +does not know what historical files can be deleted, and the problem becomes +worse if the +.Pa /usr/local +directory is in the same filesystem as +.Pa /usr . +.Pp +When the described problem happens, manual cleaning of the +.Pa /usr +partition is required, and in the worst cases a reinstall will be required. +.\" Note for above: This may not mention or encourage use of the +.\" exceedingly dangerous sysclean package, which in any case does not do +.\" a good job of handling the biggest problem -- leftover lib*.so files +.\" which may or may not be used by some programs anywhere on the system. +.Sh FILES +.Bl -tag -width "/auto_upgrade.conf" -compact +.It Pa /auto_upgrade.conf +Response file for the ramdisk kernel. +.It Pa /bsd.upgrade +The ramdisk kernel to trigger an unattended upgrade. +.It Pa /etc/installurl +.Ox +mirror top-level URL for fetching an upgrade. +.It Pa /home/_sysupgrade +Directory the upgrade is downloaded to. +.El +.Sh SEE ALSO +.Xr signify 1 , +.Xr installurl 5 , +.Xr upgrade.site 5 , +.Xr autoinstall 8 , +.Xr release 8 , +.Xr sysmerge 8 +.Sh HISTORY +.Nm +first appeared in +.Ox 6.6 . diff --git a/static/openbsd/man8/talkd.8 b/static/openbsd/man8/talkd.8 new file mode 100644 index 00000000..c92360f1 --- /dev/null +++ b/static/openbsd/man8/talkd.8 @@ -0,0 +1,75 @@ +.\" $OpenBSD: talkd.8,v 1.10 2017/05/25 20:27:55 tedu Exp $ +.\" +.\" Copyright (c) 1983, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)talkd.8 6.5 (Berkeley) 3/16/91 +.\" $Id: talkd.8,v 1.10 2017/05/25 20:27:55 tedu Exp $ +.\" +.Dd $Mdocdate: May 25 2017 $ +.Dt NTALKD 8 +.Os +.Sh NAME +.Nm ntalkd +.Nd remote user communication server +.Sh SYNOPSIS +.Nm ntalkd +.Sh DESCRIPTION +.Nm +is the server that notifies a user that someone else wants to +initiate a conversation. +It acts as a repository of invitations, responding to requests +by clients wishing to rendezvous to hold a conversation. +In normal operation, a client, the caller, +initiates a rendezvous by sending a CTL_MSG to the server +of type +.Dv LOOK_UP +(see +.In protocols/talkd.h ) . +This causes the server to search its invitation +tables to check if an invitation currently exists for the caller +(to speak to the callee specified in the message). +If the lookup fails, +the caller then sends an +.Dv ANNOUNCE +message causing the server to +broadcast an announcement on the callee's login ports requesting contact. +When the callee responds, the local server uses the +recorded invitation to respond with the appropriate rendezvous +address and the caller and callee client programs establish a +stream connection through which the conversation takes place. +.Sh SEE ALSO +.Xr talk 1 , +.Xr write 1 , +.Xr inetd 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 , +as +.Nm talkd . diff --git a/static/openbsd/man8/tcpdrop.8 b/static/openbsd/man8/tcpdrop.8 new file mode 100644 index 00000000..54efa706 --- /dev/null +++ b/static/openbsd/man8/tcpdrop.8 @@ -0,0 +1,85 @@ +.\" $OpenBSD: tcpdrop.8,v 1.14 2023/02/06 18:14:10 millert Exp $ +.\" +.\" Copyright (c) 2004 Markus Friedl <markus@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 6 2023 $ +.Dt TCPDROP 8 +.Os +.Sh NAME +.Nm tcpdrop +.Nd drop a TCP connection +.Sh SYNOPSIS +.Nm tcpdrop +.Ar local-addr +.Ar local-port +.Ar remote-addr +.Ar remote-port +.Sh DESCRIPTION +The +.Nm +command drops the TCP connection specified by the local address +.Ar local-addr , +port +.Ar local-port +and the foreign address +.Ar remote-addr , +port +.Ar remote-port . +Addresses and ports can be specified by name or numeric value. +.Pp +To simplify dropping TCP connections using the output of +.Xr fstat 1 +and +.Xr netstat 1 , +.Nm +also supports a two-argument form where the address and port are +separated by a colon +.Pq Sq \&: +or dot +.Pq Sq \&. +character. +.Sh EXAMPLES +If a connection to +.Xr httpd 8 +is causing congestion on a network link, one can drop the TCP session +in charge: +.Bd -literal -offset indent +$ fstat | grep 'httpd.*internet.*<--' +www httpd 21307 3* internet stream tcp \e + 0xd1007ca8 192.168.5.41:80 <-- 192.168.5.1:26747 +.Ed +.Pp +Either of the following commands will drop the connection: +.Bd -literal -offset indent +# tcpdrop 192.168.5.41 80 192.168.5.1 26747 + +# tcpdrop 192.168.5.41:80 192.168.5.1:26747 + +# tcpdrop 192.168.5.41.80 192.168.5.1.26747 +.Ed +.Sh SEE ALSO +.Xr fstat 1 , +.Xr netstat 1 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 3.6 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Markus Friedl Aq Mt markus@openbsd.org . diff --git a/static/openbsd/man8/tcpdump.8 b/static/openbsd/man8/tcpdump.8 new file mode 100644 index 00000000..32981d40 --- /dev/null +++ b/static/openbsd/man8/tcpdump.8 @@ -0,0 +1,2065 @@ +.\" $OpenBSD: tcpdump.8,v 1.118 2025/05/16 05:47:30 kn Exp $ +.\" +.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.Dd $Mdocdate: May 16 2025 $ +.Dt TCPDUMP 8 +.Os +.Sh NAME +.Nm tcpdump +.Nd dump traffic on a network +.Sh SYNOPSIS +.Nm tcpdump +.Op Fl AadefILlNnOopqStvXx +.Op Fl B Ar fildrop +.Op Fl c Ar count +.Op Fl D Ar direction +.Op Fl E Oo Ar espalg : Oc Ns Ar espkey +.Op Fl F Ar file +.Op Fl i Ar interface +.Op Fl r Ar file +.Op Fl s Ar snaplen +.Op Fl T Ar type +.Op Fl w Ar file +.Op Fl y Ar datalinktype +.Op Ar expression ... +.Sh DESCRIPTION +.Nm +prints out the headers of packets on a network interface that match the boolean +.Ar expression . +You must have read access to +.Pa /dev/bpf . +.Pp +The options are as follows: +.Bl -tag -width "-c count" +.It Fl A +Print each packet in ASCII. +If the +.Fl e +option is also specified, the link-level header will be included. +The smaller of the entire packet or +.Ar snaplen +bytes will be printed. +.It Fl a +Attempt to convert network and broadcast addresses to names. +.It Fl B Ar fildrop +Configure the drop action specified by +.Ar fildrop +to be used when the filter expression matches a packet. +The actions are: +.Pp +.Bl -tag -width "capture" -offset indent -compact +.It Cm pass +Matching packets are accepted and captured. +.It Cm capture +Matching packets are dropped and captured. +.It Cm drop +Matching packets are dropped but not captured. +.El +.Pp +The default action is +.Cm pass . +.It Fl c Ar count +Exit after receiving +.Ar count +packets. +.It Fl D Ar direction +Select packets flowing in the specified +.Ar direction . +Valid directions are: +.Cm in +and +.Cm out . +The default is to accept packets flowing in any direction. +.It Fl d +Dump the compiled packet-matching code in a human readable form to +standard output and stop. +.It Fl dd +Dump packet-matching code as a C program fragment. +.It Fl ddd +Dump packet-matching code as decimal numbers +preceded with a count. +.It Fl E Oo Ar espalg : Oc Ns Ar espkey +Try to decrypt RFC 4835 ESP +.Pq Encapsulating Security Payload +traffic using the specified hex key +.Ar espkey . +Supported algorithms for +.Ar espalg +are: +.Cm aes128 , +.Cm aes128-hmac96 , +.Cm blowfish , +.Cm blowfish-hmac96 , +.Cm cast , +.Cm cast-hmac96 , +.Cm des3 , +.Cm des3-hmac96 , +.Cm des +and +.Cm des-hmac96 . +The algorithm defaults to +.Cm aes128-hmac96 . +This option should be used for debugging only, since the key will show up in +.Xr ps 1 +output. +.It Fl e +Print the link-level header on each dump line. +.It Fl F Ar file +Use +.Ar file +as input for the filter expression. +Any additional expressions given on the command line are ignored. +.It Fl f +Print +.Dq foreign +internet addresses numerically rather than symbolically. +This option is intended to get around serious brain damage in +Sun's yp server \(em usually it hangs forever translating non-local +internet numbers. +.It Fl I +Print the interface on each dump line. +.It Fl i Ar interface +Listen on +.Ar interface . +If unspecified, +.Nm +searches the system interface list for the lowest numbered, configured +.Dq up +interface +.Pq excluding loopback . +Ties are broken by choosing the earliest match. +.Ar interface +may be either a network interface or a USB interface, for example +.Ar usb0 . +.It Fl L +List the supported data link types for the interface and exit. +.It Fl l +Make stdout line buffered. +Useful if you want to see the data while capturing it. +For example: +.Pp +.Dl # tcpdump -l | tee dat +or +.Dl # tcpdump -l > dat & tail -f dat +.It Fl N +Do not print domain name qualification of host names. +For example, if you specify this flag then +.Nm +will print +.Dq nic +instead of +.Dq nic.ddn.mil . +.It Fl n +Do not convert addresses +.Pq host addresses, port numbers, etc. +to names. +.It Fl O +Do not run the packet-matching code optimizer. +This is useful only if you suspect a bug in the optimizer. +.It Fl o +Print a guess of the possible operating system(s) of hosts that sent +TCP SYN packets. +See +.Xr pf.os 5 +for a description of the passive operating system fingerprints. +.It Fl p +Do not put the interface into promiscuous mode. +The interface might be in promiscuous mode for some other reason; hence, +.Fl p +cannot be used as an abbreviation for +.Dq ether host \&"{local-hw-addr}\&" +or +.Dq ether broadcast . +.It Fl q +Quick +.Pq quiet? +output. +Print less protocol information so output lines are shorter. +.It Fl r Ar file +Read packets from a +.Ar file +which was created with the +.Fl w +option. +Standard input is used if +.Ar file +is +.Ql - . +.It Fl S +Print absolute, rather than relative, TCP sequence numbers. +.It Fl s Ar snaplen +Analyze at most the first +.Ar snaplen +bytes of data from each packet rather than the default of 116. +116 bytes is adequate for IPv6, ICMP, TCP, and UDP, +but may truncate protocol information from name server and NFS packets +.Pq see below . +Packets truncated because of a limited +.Ar snaplen +are indicated in the output with +.Dq Op | Ns Em proto , +where +.Em proto +is the name of the protocol level at which the truncation has occurred. +Taking larger snapshots both increases the amount of time it takes +to process packets and, effectively, decreases the amount of packet buffering. +This may cause packets to be lost. +You should limit +.Ar snaplen +to the smallest number that will capture the protocol information +you're interested in. +.It Fl T Ar type +Force packets selected by +.Ar expression +to be interpreted as the specified +.Ar type . +Currently known types are: +.Pp +.Bl -tag -width "erspan" -offset indent -compact +.It Cm cnfp +Cisco NetFlow protocol +.It Cm erspan +Cisco Encapsulated Remote Switch Port Analyzer (ERSPAN) over GRE +.It Cm geneve +Generic Network Virtualization Encapsulation +.It Cm gre +Generic Routing Encapsulation over UDP +.It Cm mpls +Multiprotocol Label Switching over UDP +.It Cm rpc +Remote Procedure Call +.It Cm rtcp +Real-Time Applications control protocol +.It Cm rtp +Real-Time Applications protocol +.It Cm sack +RFC 2018 TCP Selective Acknowledgements Options +.It Cm tcp +Transmission Control Protocol +.It Cm tftp +Trivial File Transfer Protocol +.It Cm vat +Visual Audio Tool +.It Cm vrrp +Virtual Router Redundancy protocol +.It Cm vxlan +Virtual eXtensible Local Area Network +.It Cm wb +distributed White Board +.It Cm wg +WireGuard tunnel +.El +.It Fl t +Do not print a timestamp on each dump line. +.It Fl tt +Print an unformatted timestamp on each dump line. +.It Fl ttt +Print day and month in timestamp. +.It Fl tttt +Print timestamp difference between packets. +.It Fl ttttt +Print timestamp difference since the first packet. +.It Fl v +.Pq Slightly more +verbose output. +For example, the time to live +.Pq TTL +and type of service +.Pq ToS +information in an IP packet are printed. +.It Fl vv +Even more verbose output. +For example, additional fields are printed from NFS reply packets. +.It Fl w Ar file +Write the raw packets to +.Ar file +rather than parsing and printing them out. +They can be analyzed later with the +.Fl r +option. +Standard output is used if +.Ar file +is +.Ql - . +.It Fl X +Print each packet in hex and ASCII. +If the +.Fl e +option is also specified, the link-level header will be included. +The smaller of the entire packet or +.Ar snaplen +bytes will be printed. +.It Fl x +Print each packet in hex. +If the +.Fl e +option is also specified, the link-level header will be included. +The smaller of the entire packet or +.Ar snaplen +bytes will be printed. +.It Fl y Ar datalinktype +Set the data link type to use while capturing to +.Ar datalinktype . +Commonly used types include +.Cm EN10MB , +.Cm IEEE802_11 , +and +.Cm IEEE802_11_RADIO . +The choices applicable to a particular device can be listed using +.Fl L . +.El +.Pp +.Ar expression +selects which packets will be dumped. +If no +.Ar expression +is given, all packets on the net will be dumped. +Otherwise, only packets satisfying +.Ar expression +will be dumped. +.Pp +The filter expression consists of one or more +.Em primitives . +Primitives usually consist of an +.Ar id +.Pq name or number +preceded by one or more qualifiers. +There are three different kinds of qualifier: +.Bl -tag -width "proto" +.It Ar type +Specify which kind of address component the +.Ar id +name or number refers to. +Possible types are +.Cm host , +.Cm net +and +.Cm port . +E.g., +.Dq host foo , +.Dq net 128.3 , +.Dq port 20 . +If there is no type qualifier, +.Cm host +is assumed. +.It Ar dir +Specify a particular transfer direction to and/or from +.Ar id . +Possible directions are +.Cm src , +.Cm dst , +.Cm src or dst , +.Cm src and dst , +.Cm ra , +.Cm ta , +.Cm addr1 , +.Cm addr2 , +.Cm addr3 , +and +.Cm addr4 . +E.g., +.Dq src foo , +.Dq dst net 128.3 , +.Dq src or dst port ftp-data . +If there is no +.Ar dir +qualifier, +.Cm src or dst +is assumed. +The +.Cm ra , +.Cm ta , +.Cm addr1 , +.Cm addr2 , +.Cm addr3 , +and +.Cm addr4 +qualifiers are only valid for IEEE 802.11 Wireless LAN link layers. +For null link layers (i.e., point-to-point protocols such as SLIP +.Pq Serial Line Internet Protocol +or the +.Xr pflog 4 +header), the +.Cm inbound +and +.Cm outbound +qualifiers can be used to specify a desired direction. +.It Ar proto +Restrict the match to a particular protocol. +Possible protocols are: +.Cm ah , +.Cm arp , +.Cm atalk , +.Cm decnet , +.Cm esp , +.Cm ether , +.Cm fddi , +.Cm icmp , +.Cm icmp6 , +.Cm igmp , +.Cm igrp , +.Cm ip , +.Cm ip6 , +.Cm lat , +.Cm mopdl , +.Cm moprc , +.Cm pim , +.Cm rarp , +.Cm sca , +.Cm stp , +.Cm tcp , +.Cm udp , +and +.Cm wlan . +E.g., +.Dq ether src foo , +.Dq arp net 128.3 , +.Dq tcp port 21 , +and +.Dq wlan addr2 0:2:3:4:5:6 . +If there is no protocol qualifier, +all protocols consistent with the type are assumed. +E.g., +.Dq src foo +means +.Do +.Pq ip or arp or rarp +src foo +.Dc +.Pq except the latter is not legal syntax ; +.Dq net bar +means +.Do +.Pq ip or arp or rarp +net bar +.Dc ; +and +.Dq port 53 +means +.Do +.Pq TCP or UDP +port 53 +.Dc . +.Pp +.Cm fddi +is actually an alias for +.Cm ether ; +the parser treats them identically as meaning +.Qo +the data link level used on the specified network interface +.Qc . +FDDI +.Pq Fiber Distributed Data Interface +headers contain Ethernet-like source and destination addresses, +and often contain Ethernet-like packet types, +so it's possible to filter these FDDI fields just as with the analogous +Ethernet fields. +FDDI headers also contain other fields, +but they cannot be named explicitly in a filter expression. +.Pp +Similarly, +.Cm tr +and +.Cm wlan +are aliases for +.Cm ether ; +the previous paragraph's statements about FDDI headers also apply to Token Ring +and 802.11 wireless LAN headers. +For 802.11 headers, the destination address is the DA field +and the source address is the SA field; +the BSSID, RA, and TA fields aren't tested. +.El +.Pp +In addition to the above, there are some special primitive +keywords that don't follow the pattern: +.Cm gateway , +.Cm broadcast , +.Cm less , +.Cm greater , +and arithmetic expressions. +All of these are described below. +.Pp +More complex filter expressions are built up by using the words +.Cm and , +.Cm or , +and +.Cm not +to combine primitives +e.g., +.Do +host foo and not port ftp and not port ftp-data +.Dc . +To save typing, identical qualifier lists can be omitted +e.g., +.Dq tcp dst port ftp or ftp-data or domain +is exactly the same as +.Do +tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain +.Dc . +.Pp +Allowable primitives are: +.Bl -tag -width "ether proto proto" +.It Cm dst host Ar host +True if the IPv4/v6 destination field of the packet is +.Ar host , +which may be either an address or a name. +.It Cm src host Ar host +True if the IPv4/v6 source field of the packet is +.Ar host . +.It Cm host Ar host +True if either the IPv4/v6 source or destination of the packet is +.Ar host . +.Pp +Any of the above +.Ar host +expressions can be prepended with the keywords, +.Cm ip , arp , rarp , +or +.Cm ip6 , +as in: +.Pp +.D1 Cm ip host Ar host +.Pp +which is equivalent to: +.Bd -ragged -offset indent +.Cm ether proto +.Ar ip +.Cm and host +.Ar host +.Ed +.Pp +If +.Ar host +is a name with multiple IP addresses, each address will be checked for a match. +.It Cm ether dst Ar ehost +True if the Ethernet destination address is +.Ar ehost . +.Ar ehost +may be either a name from +.Pa /etc/ethers +or a number (see +.Xr ether_aton 3 +for a numeric format). +.It Cm ether src Ar ehost +True if the Ethernet source address is +.Ar ehost . +.It Cm ether host Ar ehost +True if either the Ethernet source or destination address is +.Ar ehost . +.It Cm gateway Ar host +True if the packet used +.Ar host +as a gateway; i.e., the Ethernet source or destination address was +.Ar host +but neither the IP source nor the IP destination was +.Ar host . +.Ar host +must be a name and must be found both by the machine's +host-name-to-IP-address resolution mechanisms (host name file, DNS, NIS, +etc.) and by the machine's host-name-to-Ethernet-address resolution mechanism +(such as +.Pa /etc/ethers ) . +An equivalent expression is: +.Bd -ragged -offset indent +.Cm ether host +.Ar ehost +.Cm and not host +.Ar host +.Ed +.Pp +which can be used with either names or numbers for host/ehost. +This syntax does not work in an IPv6-enabled configuration at this moment. +.It Cm dst net Ar net +True if the IPv4/v6 destination address of the packet has a network +number of +.Ar net , +which may be either a name from the networks database +(such as +.Pa /etc/networks ) +or a network number. +An IPv4 network number can be written as a dotted quad (e.g. 192.168.1.0), +dotted triple (e.g. 192.168.1), dotted pair (e.g 172.16), +or single number (e.g. 10); +the netmask is 255.255.255.255 for a dotted quad +(which means that it's really a host match), +255.255.255.0 for a dotted triple, 255.255.0.0 for a dotted pair, +or 255.0.0.0 for a single number. +An IPv6 network number must be written out fully; +the netmask is ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, +so IPv6 "network" matches are really always host matches, +and a network match requires a netmask length. +.It Cm src net Ar net +True if the IPv4/v6 source address of the packet has a network number of +.Ar net . +.It Cm net Ar net +True if either the IPv4/v6 source or destination address of the packet +has a network number of +.Ar net . +.It Cm net Ar net Cm mask Ar netmask +True if the IPv4 address matches +.Ar net +with the specific +.Ar netmask . +May be qualified with +.Cm src +or +.Cm dst . +Note that this syntax is not valid for IPv6 networks. +.It Cm net Ar net Ns / Ns Ar len +True if the IPv4/v6 address matches +.Ar net +with a netmask +.Ar len +bits wide. +May be qualified with +.Cm src +or +.Cm dst . +.It Cm dst port Ar port +True if the packet is IP/TCP, IP/UDP, IP6/TCP or IP6/UDP +and has a destination port value of +.Ar port . +The +.Ar port +can be a number or a name used in +.Pa /etc/services +(see +.Xr tcp 4 +and +.Xr udp 4 ) . +If a name is used, both the port number and protocol are checked. +If a number or ambiguous name is used, +only the port number is checked (e.g.\& +.Dq dst port 513 +will print both +TCP/login traffic and UDP/who traffic, and +.Dq port domain +will print both TCP/domain and UDP/domain traffic). +.It Cm src port Ar port +True if the packet has a source port value of +.Ar port . +.It Cm port Ar port +True if either the source or destination port of the packet is +.Ar port . +.Pp +Any of the above port expressions can be prepended with the keywords +.Cm tcp +or +.Cm udp , +as in: +.Pp +.D1 Cm tcp src port Ar port +.Pp +which matches only TCP packets whose source port is +.Ar port . +.It Cm less Ar length +True if the packet has a length less than or equal to +.Ar length . +This is equivalent to: +.Pp +.D1 Cm len <= Ar length +.It Cm greater Ar length +True if the packet has a length greater than or equal to +.Ar length . +This is equivalent to: +.Pp +.D1 Cm len >= Ar length +.It Cm sample Ar samplerate +True if the packet has been randomly selected or sampled at a rate of 1 per +.Ar samplerate . +.It Cm ip proto Ar protocol +True if the packet is an IPv4 packet (see +.Xr ip 4 ) +of protocol type +.Ar protocol . +.Ar protocol +can be a number, or one of the names from +.Xr protocols 5 , +such as +.Cm icmp , +.Cm icmp6 , +.Cm igmp , +.Cm igrp , +.Cm pim , +.Cm ah , +.Cm esp , +.Cm vrrp , +.Cm udp , +or +.Cm tcp . +Note that the identifiers +.Cm tcp , +.Cm udp , +and +.Cm icmp +are also keywords and must be escaped using a backslash character +.Pq \e . +Note that this primitive does not chase the protocol header chain. +.It Cm ip6 proto Ar protocol +True if the packet is an IPv6 packet of protocol type +.Ar protocol . +Note that this primitive does not chase the protocol header chain. +.It Cm ether broadcast +True if the packet is an Ethernet broadcast packet. +The +.Cm ether +keyword is optional. +.It Cm ip broadcast +True if the packet is an IPv4 broadcast packet. +It checks for both the all-zeroes and all-ones broadcast conventions, +and looks up the subnet mask on the interface on which the capture is +being done. +.Pp +If the subnet mask of the interface on which the capture is being done +is not known, a value of PCAP_NETMASK_UNKNOWN can be supplied; +tests for IPv4 broadcast addresses will fail to compile, +but all other tests in the filter program will be OK. +.It Cm ether multicast +True if the packet is an Ethernet multicast packet. +The +.Cm ether +keyword is optional. +This is shorthand for +.Dq ether[0] & 1 != 0 . +.It Cm ip multicast +True if the packet is an IPv4 multicast packet. +.It Cm ip6 multicast +True if the packet is an IPv6 multicast packet. +.It Cm ether proto Ar protocol +True if the packet is of ether type +.Ar protocol . +.Ar protocol +can be a number, or one of the names +.Cm ip , +.Cm ip6 , +.Cm arp , +.Cm rarp , +.Cm atalk , +.Cm atalkarp , +.Cm decnet , +.Cm decdts , +.Cm decdns , +.Cm lanbridge , +.Cm lat , +.Cm mopdl , +.Cm moprc , +.Cm pup , +.Cm sca , +.Cm sprite , +.Cm stp , +.Cm vexp , +.Cm vprod , +or +.Cm xns . +These identifiers are also keywords and must be escaped +using a backslash character +.Pq Sq \e . +.Pp +In the case of FDDI (e.g., +.Dq fddi protocol arp ) , +and IEEE 802.11 wireless LANs (such as +.Dq wlan protocol arp ) , +for most of those protocols +the protocol identification comes from the 802.2 Logical Link Control +.Pq LLC +header, which is usually layered on top of the FDDI or 802.11 header. +.Pp +When filtering for most protocol identifiers on FDDI or 802.11, +the filter checks only the protocol ID field of an LLC header +in so-called SNAP format with an Organizational Unit Identifier (OUI) of +0x000000, for encapsulated Ethernet; it doesn't check whether the packet +is in SNAP format with an OUI of 0x000000. +The exceptions are: +.Bl -tag -width "atalk" +.It iso +The filter checks the DSAP (Destination Service Access Point) and +SSAP (Source Service Access Point) fields of the LLC header. +.It stp +The filter checks the DSAP of the LLC header. +.It atalk +The filter checks for a SNAP-format packet with an OUI of 0x080007 +and the AppleTalk etype. +.El +.Pp +In the case of Ethernet, the filter checks the Ethernet type field +for most of those protocols. +The exceptions are: +.Bl -tag -width "iso and stp" +.It iso and stp +The filter checks for an 802.3 frame and then checks the LLC header as +it does for FDDI and 802.11. +.It atalk +The filter checks both for the AppleTalk etype in an Ethernet frame and +for a SNAP-format packet as it does for FDDI, Token Ring, and 802.11. +.El +.It Cm decnet src Ar host +True if the DECNET source address is +.Ar host , +which may be an address of the form +.Dq 10.123 , +or a DECNET host name. +DECNET host name support is only available on systems that are +configured to run DECNET. +.It Cm decnet dst Ar host +True if the DECNET destination address is +.Ar host . +.It Cm decnet host Ar host +True if either the DECNET source or destination address is +.Ar host . +.It Cm ifname Ar interface +True if the packet was logged as coming from the specified interface +(applies only to packets logged by +.Xr pf 4 ) . +.It Cm on Ar interface +Synonymous with the +.Cm ifname +modifier. +.It Cm rnr Ar num +True if the packet was logged as matching the specified PF rule number +in the main ruleset (applies only to packets logged by +.Xr pf 4 ) . +.It Cm rulenum Ar num +Synonymous with the +.Cm rnr +modifier. +.It Cm reason Ar code +True if the packet was logged with the specified PF reason code. +Known codes are: +.Cm match , +.Cm bad-offset , +.Cm fragment , +.Cm short , +.Cm normalize , +.Cm memory , +.Cm bad-timestamp , +.Cm congestion , +.Cm ip-option , +.Cm proto-cksum , +.Cm state-mismatch , +.Cm state-insert , +.Cm state-limit , +.Cm src-limit , +and +.Cm synproxy +(applies only to packets logged by +.Xr pf 4 ) . +.It Cm rset Ar name +True if the packet was logged as matching the specified PF ruleset +name of an anchored ruleset (applies only to packets logged by +.Xr pf 4 ) . +.It Cm ruleset Ar name +Synonymous with the +.Cm rset +modifier. +.It Cm srnr Ar num +True if the packet was logged as matching the specified PF rule number +of an anchored ruleset (applies only to packets logged by +.Xr pf 4 ) . +.It Cm subrulenum Ar num +Synonymous with the +.Cm srnr +modifier. +.It Cm action Ar act +True if PF took the specified action when the packet was logged. +Known actions are: +.Cm pass +and +.Cm block , +.Cm nat , +.Cm rdr , +.Cm binat , +.Cm match +and +.Cm scrub +(applies only to packets logged by +.Xr pf 4 ) . +.It Cm ip , ip6 , arp , rarp , atalk , decnet , iso , stp +Abbreviations for +.Cm ether proto Ar p , +where +.Ar p +is one of the above protocols. +.It Cm lat , moprc , mopdl +Abbreviations for +.Cm ether proto Ar p , +where +.Ar p +is one of the above protocols. +.Cm tcpdump +does not currently know how to parse these. +.It Xo +.Cm ah , +.Cm esp , +.Cm icmp , +.Cm icmp6 , +.Cm igmp , +.Cm igrp , +.Cm pim , +.Cm tcp , +.Cm udp +.Xc +Abbreviations for +.Cm ip proto Ar p +or +.Cm ip6 proto Ar p , +where +.Ar p +is one of the above protocols. +.It Cm wlan addr1 Ar ehost +True if the first IEEE 802.11 address is +.Ar ehost . +.It Cm wlan addr2 Ar ehost +True if the second IEEE 802.11 address is +.Ar ehost . +.It Cm wlan addr3 Ar ehost +True if the third IEEE 802.11 address is +.Ar ehost . +.It Cm wlan addr4 Ar ehost +True if the fourth IEEE 802.11 address is +.Ar ehost . +The fourth address field is only used for +WDS (Wireless Distribution System) frames. +.It Cm wlan host Ar ehost +True if either the first, second, third, or fourth +IEEE 802.11 address is +.Ar ehost . +.It Cm type Ar wlan_type +True if the IEEE 802.11 frame type matches the specified +.Ar wlan_type . +Valid types are: +.Cm mgt , +.Cm ctl , +.Cm data , +or a numeric value. +.It Cm type Ar wlan_type Cm subtype Ar wlan_subtype +True if the IEEE 802.11 frame type matches the specified +.Ar wlan_type +and frame subtype matches the specified +.Ar wlan_subtype . +.Pp +If the specified +.Ar wlan_type +is +.Cm mgt , +then valid values for +.Ar wlan_subtype +are +.Cm assoc-req , +.Cm assoc-resp , +.Cm reassoc-req , +.Cm reassoc-resp , +.Cm probe-req , +.Cm probe-resp , +.Cm beacon , +.Cm atim , +.Cm disassoc , +.Cm auth , +and +.Cm deauth . +.Pp +If the specified +.Ar wlan_type +is +.Cm ctl , +then valid values for +.Ar wlan_subtype +are +.Cm ps-poll , +.Cm rts , +.Cm cts , +.Cm ack , +.Cm cf-end , +and +.Cm cf-end-ack . +.Pp +If the specified +.Ar wlan_type +is +.Cm data , +then valid values for +.Ar wlan_subtype +are +.Cm data , +.Cm data-cf-ack , +.Cm data-cf-poll , +.Cm data-cf-ack-poll , +.Cm null , +.Cm cf-ack , +.Cm cf-poll , +.Cm cf-ack-poll , +.Cm qos-data , +.Cm qos-data-cf-ack , +.Cm qos-data-cf-poll , +.Cm qos-data-cf-ack-poll , +.Cm qos , +.Cm qos-cf-poll , +and +.Cm qos-cf-ack-poll . +.It Cm subtype Ar wlan_subtype +True if the IEEE 802.11 frame subtype matches the specified +.Ar wlan_subtype +and frame has the type to which the specified +.Ar wlan_subtype +belongs. +.It Cm dir Ar dir +True if the IEEE 802.11 frame direction matches the specified +.Cm dir . +Valid directions are: +.Cm nods , +.Cm tods , +.Cm fromds , +.Cm dstods , +or a numeric value. +.It Cm vlan Op Ar vlan_id +True if the packet is an IEEE 802.1Q VLAN packet. +If +.Ar vlan_id +is specified, only true if the packet has the specified ID. +Note that the first +.Cm vlan +keyword encountered in +.Ar expression +changes the decoding offsets for the remainder of +.Ar expression +on the assumption that the packet is a VLAN packet. +This expression may be used more than once, to filter on VLAN hierarchies. +Each use of that expression increments the filter offsets by 4. +.Pp +For example, +to filter on VLAN 200 encapsulated within VLAN 100: +.Pp +.Dl vlan 100 && vlan 200 +.Pp +To filter IPv4 protocols encapsulated in VLAN 300 encapsulated within any +higher order VLAN: +.Pp +.Dl vlan && vlan 300 && ip +.It Cm mpls Op Ar label +True if the packet is an MPLS (Multi-Protocol Label Switching) packet. +If +.Ar label +is specified, only true if the packet has the specified label. +Note that the first +.Cm mpls +keyword encountered in +.Ar expression +changes the decoding offsets for the remainder of +.Ar expression +on the assumption that the packet is an MPLS packet. +This expression may be used more than once, to filter on MPLS labels. +Each use of that expression increments the filter offsets by 4. +.Pp +For example, +to filter on MPLS label 42 first and requires the next label to be 12: +.Pp +.Dl mpls 42 && mpls 12 +.Pp +To filter on network 192.0.2.0/24 transported inside packets with label 42: +.Pp +.Dl mpls 42 && net 192.0.2.0/24 +.It Ar expr relop expr +True if the relation holds, where +.Ar relop +is one of +.Sq > , +.Sq < , +.Sq >= , +.Sq <= , +.Sq = , +.Sq != , +and +.Ar expr +is an arithmetic expression composed of integer constants +(expressed in standard C syntax), the normal binary operators +.Pf ( Sq + , +.Sq - , +.Sq * , +.Sq / , +.Sq & , +.Sq | , +.Sq << , +.Sq >> ) , +a length operator, a random operator, and special packet data accessors. +Note that all comparisons are unsigned, so that, for example, +0x80000000 and 0xffffffff are > 0. +To access data inside the packet, use the following syntax: +.Pp +.D1 Ar proto Ns Op Ar expr : Ns Ar size +.Pp +.Ar proto +is one of +.Cm ether , +.Cm fddi , +.Cm tr , +.Cm wlan , +.Cm ppp , +.Cm slip , +.Cm link , +.Cm ip , +.Cm arp , +.Cm rarp , +.Cm tcp , +.Cm udp , +.Cm icmp , +.Cm ip6 , +or +.Cm radio , +and indicates the protocol layer for the index operation +.Pf ( Cm ether , +.Cm fddi , +.Cm wlan , +.Cm tr , +.Cm ppp , +.Cm slip , +and +.Cm link +all refer to the link layer; +.Cm radio +refers to the "radio header" added to some 802.11 captures). +Note that +.Cm tcp , +.Cm udp , +and other upper-layer protocol types only apply to IPv4, not IPv6 +(this will be fixed in the future). +The byte offset, relative to the indicated protocol layer, is given by +.Ar expr . +.Ar size +is optional and indicates the number of bytes in the field of interest; +it can be either one, two, or four, and defaults to one. +The length operator, indicated by the keyword +.Cm len , +gives the length of the packet. +The random operator, indicated by the keyword +.Cm random , +generates a random number. +.Pp +For example, +.Dq ether[0] & 1 != 0 +catches all multicast traffic. +The expression +.Dq ip[0] & 0xf != 5 +catches all IPv4 packets with options. +The expression +.Dq ip[6:2] & 0x1fff = 0 +catches only unfragmented IPv4 datagrams and frag zero of fragmented +IPv4 datagrams. +This check is implicitly applied to the +.Cm tcp +and +.Cm udp +index operations. +For instance, +.Dq tcp[0] +always means the first byte of the TCP header, +and never means the first byte of an intervening fragment. +.Pp +Some offsets and field values may be expressed as names rather than +as numeric values. +The following protocol header field offsets are available: +.Cm icmptype +(ICMP type field), +.Cm icmpcode +(ICMP code field), and +.Cm tcpflags +(TCP flags field). +.Pp +The following ICMP type field values are available: +.Cm icmp-echoreply , +.Cm icmp-unreach , +.Cm icmp-sourcequench , +.Cm icmp-redirect , +.Cm icmp-echo , +.Cm icmp-routeradvert , +.Cm icmp-routersolicit , +.Cm icmp-timxceed , +.Cm icmp-paramprob , +.Cm icmp-tstamp , +.Cm icmp-tstampreply , +.Cm icmp-ireq , +.Cm icmp-ireqreply , +.Cm icmp-maskreq , +.Cm and +.Cm icmp-maskreply . +.Pp +The following TCP flags field values are available: +.Cm tcp-fin , +.Cm tcp-syn , +.Cm tcp-rst , +.Cm tcp-push , +.Cm tcp-ack , +.Cm tcp-urg . +.El +.Pp +Primitives may be combined using +a parenthesized group of primitives and operators. +Parentheses are special to the shell and must be escaped. +Allowable primitives and operators are: +.Bd -ragged -offset indent +Negation +.Po +.Dq Cm \&! +or +.Dq Cm not +.Pc +.Pp +Concatenation +.Po +.Dq Cm && +or +.Dq Cm and +.Pc +.Pp +Alternation +.Po +.Dq Cm || +or +.Dq Cm or +.Pc +.Ed +.Pp +Negation has highest precedence. +Alternation and concatenation have equal precedence and associate +left to right. +Explicit +.Cm and +tokens, not juxtaposition, +are now required for concatenation. +.Pp +If an identifier is given without a keyword, the most recent keyword +is assumed. +For example, +.Bd -ragged -offset indent +.Cm not host +vs +.Cm and +ace +.Ed +.Pp +is short for +.Bd -ragged -offset indent +.Cm not host +vs +.Cm and host +ace +.Ed +.Pp +which should not be confused with +.Bd -ragged -offset indent +.Cm not +.Pq Cm host No vs Cm or No ace +.Ed +.Sh EXAMPLES +To print all packets arriving at or departing from sundown: +.Pp +.Dl # tcpdump host sundown +.Pp +To print traffic between helios and either hot or ace +(the expression is quoted to prevent the shell from misinterpreting +the parentheses): +.Pp +.Dl # tcpdump 'host helios and (hot or ace)' +.Pp +To print all IP packets between ace and any host except helios: +.Pp +.Dl # tcpdump ip host ace and not helios +.Pp +To print all traffic between local hosts and hosts at Berkeley: +.Pp +.Dl # tcpdump net ucb-ether +.Pp +To print all FTP traffic through internet gateway snup: +.Pp +.Dl # tcpdump 'gateway snup and (port ftp or ftp-data)' +.Pp +To print traffic neither sourced from nor destined for local network +192.168.7.0/24 (if you gateway to one other net, this stuff should +never make it onto your local network): +.Pp +.Dl # tcpdump ip and not net 192.168.7.0/24 +.Pp +To print the start and end packets +.Pq the SYN and FIN packets +of each TCP connection that involves a host that is not in local +network 192.168.7.0/24: +.Bd -literal -offset indent +# tcpdump 'tcp[13] & 3 != 0 and not src and dst net 192.168.7.0/24' +.Ed +.Pp +To print only the SYN packets of HTTP connections: +.Pp +.Dl # tcpdump 'tcp[tcpflags] = tcp-syn and port http' +.Pp +To print IP packets longer than 576 bytes sent through gateway snup: +.Pp +.Dl # tcpdump 'gateway snup and ip[2:2] > 576' +.Pp +To print IP broadcast or multicast packets that were +.Em not +sent via Ethernet broadcast or multicast: +.Bd -literal -offset indent +# tcpdump 'ether[0] & 1 = 0 and ip[16] >= 224' +.Ed +.Pp +To print all ICMP packets that are not echo requests/replies +.Pq i.e., not ping packets : +.Pp +.Dl # tcpdump 'icmp[0] != 8 and icmp[0] != 0' +.Pp +To print only echo request ICMP packets: +.Pp +.Dl # tcpdump 'icmp[icmptype] = icmp-echo' +.Pp +To print and decrypt all ESP packets with SPI 0x00001234: +.Pp +.Dl # tcpdump -E des3-hmac96:ab...def 'ip[20:4] = 0x00001234' +.Pp +To print raw wireless frames passing the iwn0 interface: +.Dl # tcpdump -i iwn0 -y IEEE802_11_RADIO -v +.Sh OUTPUT FORMAT +The output of +.Nm +is protocol dependent. +The following gives a brief description and examples of most of the formats. +.Ss Link Level Headers +If the +.Fl e +option is given, the link level header is printed out. +On Ethernets, the source and destination addresses, protocol, +and packet length are printed. +.Pp +On the packet filter logging interface +.Xr pflog 4 , +logging reason +.Pq rule match, bad-offset, fragment, bad-timestamp, short, normalize, memory , +action taken +.Pq pass/block , +direction +.Pq in/out +and interface information are printed out for each packet. +.Pp +On FDDI networks, the +.Fl e +option causes +.Nm +to print the frame control field, the source and destination addresses, +and the packet length. +The frame control field governs the interpretation of the rest of the packet. +Normal packets +.Pq such as those containing IP datagrams +are +.Dq async +packets, with a priority value between 0 and 7; for example, +.Sy async4 . +Such packets are assumed to contain an 802.2 Logical Link Control +.Pq LLC +packet; the LLC header is printed if it is +.Em not +an ISO datagram or a so-called SNAP packet. +.Pp +The following description assumes familiarity with the +SLIP compression algorithm described in RFC 1144. +.Pp +On SLIP links, a direction indicator +.Po +.Ql I +for inbound, +.Ql O +for outbound +.Pc , +packet type, and compression information are printed out. +The packet type is printed first. +The three types are +.Cm ip , +.Cm utcp , +and +.Cm ctcp . +No further link information is printed for IP packets. +For TCP packets, the connection identifier is printed following the type. +If the packet is compressed, its encoded header is printed out. +The special cases are printed out as +.Cm *S+ Ns Ar n +and +.Cm *SA+ Ns Ar n , +where +.Ar n +is the amount by which the sequence number +.Pq or sequence number and ack +has changed. +If it is not a special case, zero or more changes are printed. +A change is indicated by +.Sq U +.Pq urgent pointer , +.Sq W +.Pq window , +.Sq A +.Pq ack , +.Sq S +.Pq sequence number , +and +.Sq I +.Pq packet ID , +followed by a delta +.Pq +n or -n , +or a new value +.Pq =n . +Finally, the amount of data in the packet and compressed header length +are printed. +.Pp +For example, the following line shows an outbound compressed TCP packet, +with an implicit connection identifier; the ack has changed by 6, +the sequence number by 49, and the packet ID by 6; +there are 3 bytes of data and 6 bytes of compressed header: +.Bd -ragged -offset indent +O +.Cm ctcp No * +.Cm A No +6 +.Cm S No +49 +.Cm I No +6 3 +.Pq 6 +.Ed +.Ss ARP/RARP Packets +arp/rarp output shows the type of request and its arguments. +The format is intended to be self-explanatory. +Here is a short sample taken from the start of an rlogin +from host rtsg to host csam: +.Bd -literal -offset indent +arp who-has csam tell rtsg +arp reply csam is-at CSAM +.Ed +.Pp +In this example, Ethernet addresses are in caps and internet addresses +in lower case. +The first line says that rtsg sent an arp packet asking for +the Ethernet address of internet host csam. +csam replies with its Ethernet address CSAM. +.Pp +This would look less redundant if we had done +.Nm +.Fl n : +.Bd -literal -offset indent +arp who-has 128.3.254.6 tell 128.3.254.68 +arp reply 128.3.254.6 is-at 02:07:01:00:01:c4 +.Ed +.Pp +If we had done +.Nm +.Fl e , +the fact that the first packet is +broadcast and the second is point-to-point would be visible: +.Bd -literal -offset indent +RTSG Broadcast 0806 64: arp who-has csam tell rtsg +CSAM RTSG 0806 64: arp reply csam is-at CSAM +.Ed +.Pp +For the first packet this says the Ethernet source address is RTSG, +the destination is the Ethernet broadcast address, +the type field contained hex 0806 (type +.Dv ETHER_ARP ) +and the total length was 64 bytes. +.Ss TCP Packets +The following description assumes familiarity with the TCP protocol +described in RFC 793. +If you are not familiar with the protocol, neither this description nor +.Nm +will be of much use to you. +.Pp +The general format of a TCP protocol line is: +.Bd -ragged -offset indent +.Ar src No > Ar dst : +.Ar flags src-os data-seqno ack window urgent options +.Ed +.Pp +.Ar src +and +.Ar dst +are the source and destination IP addresses and ports. +.Ar flags +is some combination of +.Sq S +.Pq SYN , +.Sq F +.Pq FIN , +.Sq P +.Pq PUSH , +or +.Sq R +.Pq RST , +.Sq W +.Pq congestion Window reduced , +.Sq E +.Pq ecn ECHO +or a single +.Ql \&. +.Pq no flags . +.Ar src-os +will list a guess of the source host's operating system if the +.Fl o +command line flag was passed to +.Nm tcpdump . +.Ar data-seqno +describes the portion of sequence space covered +by the data in this packet +.Pq see example below . +.Ar ack +is the sequence number of the next data expected by the other +end of this connection. +.Ar window +is the number of bytes of receive buffer space available +at the other end of this connection. +.Ar urgent +indicates there is urgent data in the packet. +.Ar options +are TCP options enclosed in angle brackets e.g., +<mss 1024>. +.Pp +.Ar src , dst +and +.Ar flags +are always present. +The other fields depend on the contents of the packet's TCP protocol header and +are output only if appropriate. +.Pp +Here is the opening portion of an rlogin from host rtsg to host csam. +.Bd -unfilled -offset 2n +rtsg.1023 > csam.login: S 768512:768512(0) win 4096 <mss 1024> +csam.login > rtsg.1023: S 947648:947648(0) ack 768513 win 4096 <mss 1024> +rtsg.1023 > csam.login: . ack 1 win 4096 +rtsg.1023 > csam.login: P 1:2(1) ack 1 win 4096 +csam.login > rtsg.1023: . ack 2 win 4096 +rtsg.1023 > csam.login: P 2:21(19) ack 1 win 4096 +csam.login > rtsg.1023: P 1:2(1) ack 21 win 4077 +csam.login > rtsg.1023: P 2:3(1) ack 21 win 4077 urg 1 +csam.login > rtsg.1023: P 3:4(1) ack 21 win 4077 urg 1 +.Ed +.Pp +The first line says that TCP port 1023 on rtsg sent a packet +to port login on host csam. +The +.Ql S +indicates that the SYN flag was set. +The packet sequence number was 768512 and it contained no data. +The notation is +.Sm off +.So +.Ar first : last +.Po Ar nbytes +.Pc +.Sc +.Sm on +which means sequence numbers +.Ar first +up to but not including +.Ar last +which is +.Ar nbytes +bytes of user data. +There was no piggy-backed ack, the available receive window was 4096 +bytes and there was a max-segment-size option requesting an mss of 1024 bytes. +.Pp +Csam replies with a similar packet except it includes a piggy-backed +ack for rtsg's SYN. +Rtsg then acks csam's SYN. +The +.Ql \&. +means no flags were set. +The packet contained no data so there is no data sequence number. +The ack sequence number is a 32-bit integer. +The first time +.Nm +sees a TCP connection, it prints the sequence number from the packet. +On subsequent packets of the connection, the difference between +the current packet's sequence number and this initial sequence number +is printed. +This means that sequence numbers after the first can be interpreted +as relative byte positions in the connection's data stream +.Po +with the first data byte each direction being 1 +.Pc . +.Fl S +will override this +feature, causing the original sequence numbers to be output. +.Pp +On the 6th line, rtsg sends csam 19 bytes of data +.Po +bytes 2 through 20 +in the rtsg -> csam side of the connection +.Pc . +The PUSH flag is set in the packet. +On the 7th line, csam says it's received data sent by rtsg up to +but not including byte 21. +Most of this data is apparently sitting in the socket buffer +since csam's receive window has gotten 19 bytes smaller. +Csam also sends one byte of data to rtsg in this packet. +On the 8th and 9th lines, +csam sends two bytes of urgent, pushed data to rtsg. +.Ss UDP Packets +UDP format is illustrated by this rwho packet: +.Pp +.D1 actinide.who > broadcast.who: udp 84 +.Pp +This says that port who on host actinide sent a UDP datagram to port +who on host broadcast, the Internet broadcast address. +The packet contained 84 bytes of user data. +.Pp +Some UDP services are recognized +.Pq from the source or destination port number +and the higher level protocol information printed. +In particular, Domain Name service requests +.Pq RFC 1034/1035 +and Sun RPC calls +.Pq RFC 1050 +to NFS. +.Ss UDP Name Server Requests +The following description assumes familiarity with +the Domain Service protocol described in RFC 1035. +If you are not familiar with the protocol, +the following description will appear to be written in Greek. +.Pp +Name server requests are formatted as +.Bd -ragged -offset indent +.Ar src +> +.Ar dst : +.Ar id op Ns ?\& +.Ar flags qtype qclass name +.Pq Ar len +.Ed +.Pp +For example: +.Pp +.D1 h2opolo.1538 > helios.domain: 3+ A? ucbvax.berkeley.edu. (37) +.Pp +Host h2opolo asked the domain server on helios for an address record +.Pq Ar qtype Ns =A +associated with the name +ucbvax.berkeley.edu. +The query +.Ar id +was 3. +The +.Ql + +indicates the recursion desired flag was set. +The query length was 37 bytes, not including the UDP and IP protocol headers. +The query operation was the normal one +.Pq Query +so the +.Ar op +field was omitted. +If +.Ar op +had been anything else, it would have been printed between the 3 and the +.Ql + . +Similarly, the +.Ar qclass +was the normal one +.Pq C_IN +and was omitted. +Any other +.Ar qclass +would have been printed immediately after the A. +.Pp +A few anomalies are checked and may result in extra fields enclosed in +square brackets: if a query contains an answer, name server or +authority section, +.Ar ancount , +.Ar nscount , +or +.Ar arcount +are printed as +.Dq Bq Ar n Ns a , +.Dq Bq Ar n Ns n , +or +.Dq Bq Ar n Ns au +where +.Ar n +is the appropriate count. +If any of the response bits are set +.Po +AA, RA or rcode +.Pc +or any of the +.Dq must be zero +bits are set in bytes two and three, +.Dq Bq b2&3= Ns Ar x +is printed, where +.Ar x +is the hex value of header bytes two and three. +.Ss UDP Name Server Responses +Name server responses are formatted as +.Bd -ragged -offset indent +.Ar src No > Ar dst : +.Ar id op rcode flags +.Ar a +/ +.Ar n +/ +.Ar au +.Ar type class data +.Pq Ar len +.Ed +.Pp +For example: +.Bd -unfilled -offset indent +helios.domain > h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273) +helios.domain > h2opolo.1537: 2 NXDomain* 0/1/0 (97) +.Ed +.Pp +In the first example, helios responds to query +.Ar id +3 from h2opolo +with 3 answer records, 3 name server records and 7 authority records. +The first answer record is type A +.Pq address and its data is internet +address 128.32.137.3. +The total size of the response was 273 bytes, excluding UDP and IP headers. +The +.Ar op +.Pq Query +and +.Ar rcode +.Pq NoError +were omitted, as was the +.Ar class +.Pq C_IN +of the A record. +.Pp +In the second example, helios responds to query +.Ar op +2 with an +.Ar rcode +of non-existent domain +.Pq NXDomain +with no answers, +one name server and no authority records. +The +.Ql * +indicates that the authoritative answer bit was set. +Since there were no answers, no +.Ar type , +.Ar class +or +.Ar data +were printed. +.Pp +Other flag characters that might appear are +.Sq - +(recursion available, RA, +.Em not +set) +and +.Sq | +.Pq truncated message, TC, set . +If the question section doesn't contain exactly one entry, +.Dq Bq Ar n Ns q +is printed. +.Pp +Name server requests and responses tend to be large and the default +.Ar snaplen +of 96 bytes may not capture enough of the packet to print. +Use the +.Fl s +flag to increase the +.Ar snaplen +if you need to seriously investigate name server traffic. +.Dq Fl s No 128 +has worked well for me. +.Ss NFS Requests and Replies +Sun NFS +.Pq Network File System +requests and replies are printed as: +.Bd -ragged -offset indent +.Ar src . Ns Ar xid +> +.Ar dst . Ns nfs : +.Ar len op args +.Pp +.Ar src . Ns nfs +> +.Ar dst . Ns Ar xid : +reply +.Ar stat len op results +.Ed +.Bd -unfilled -offset indent +sushi.6709 > wrl.nfs: 112 readlink fh 21,24/10.73165 +wrl.nfs > sushi.6709: reply ok 40 readlink "../var" +sushi.201b > wrl.nfs: + 144 lookup fh 9,74/4096.6878 "xcolors" +wrl.nfs > sushi.201b: + reply ok 128 lookup fh 9,74/4134.3150 +.Ed +.Pp +In the first line, host sushi sends a transaction with ID 6709 to wrl. +The number following the src host is a transaction ID, +.Em not +the source port. +The request was 112 bytes, excluding the UDP and IP headers. +The +.Ar op +was a readlink +.Pq read symbolic link +on fh +.Pq Dq file handle +21,24/10.731657119. +If one is lucky, as in this case, the file handle can be interpreted +as a major,minor device number pair, followed by the inode number and +generation number. +Wrl replies with a +.Ar stat +of ok and the contents of the link. +.Pp +In the third line, sushi asks wrl to look up the name +.Dq xcolors +in directory file 9,74/4096.6878. +The data printed depends on the operation type. +The format is intended to be self-explanatory +if read in conjunction with an NFS protocol spec. +.Pp +If the +.Fl v +.Pq verbose +flag is given, additional information is printed. +For example: +.Bd -unfilled -offset indent +sushi.1372a > wrl.nfs: + 148 read fh 21,11/12.195 8192 bytes @ 24576 +wrl.nfs > sushi.1372a: + reply ok 1472 read REG 100664 ids 417/0 sz 29388 +.Ed +.Pp +.Fl v +also prints the IP header TTL, ID, and fragmentation fields, +which have been omitted from this example. +In the first line, sushi asks wrl to read 8192 bytes from file 21,11/12.195, +at byte offset 24576. +Wrl replies with a +.Ar stat of +ok; +the packet shown on the second line is the first fragment of the reply, +and hence is only 1472 bytes long. +The other bytes will follow in subsequent fragments, +but these fragments do not have NFS or even UDP headers and so might not be +printed, depending on the filter expression used. +Because the +.Fl v +flag is given, some of the file attributes +.Po +which are returned in addition to the file data +.Pc +are printed: the file type +.Pq So REG Sc , No for regular file , +the file mode +.Pq in octal , +the UID and GID, and the file size. +.Pp +If the +.Fl v +flag is given more than once, even more details are printed. +.Pp +NFS requests are very large and much of the detail won't be printed unless +.Ar snaplen +is increased. +Try using +.Dq Fl s No 192 +to watch NFS traffic. +.Pp +NFS reply packets do not explicitly identify the RPC operation. +Instead, +.Nm +keeps track of +.Dq recent +requests, and matches them to the replies using the +.Ar xid +.Pq transaction ID . +If a reply does not closely follow the corresponding request, +it might not be parsable. +.Ss IP Fragmentation +Fragmented Internet datagrams are printed as +.Bd -ragged -offset indent +.Po +.Cm frag Ar id +: +.Ar size +@ +.Ar offset +.Op + +.Pc +.Ed +.Pp +A +.Ql + +indicates there are more fragments. +The last fragment will have no +.Ql + . +.Pp +.Ar id +is the fragment ID. +.Ar size +is the fragment size +.Pq in bytes +excluding the IP header. +.Ar offset +is this fragment's offset +.Pq in bytes +in the original datagram. +.Pp +The fragment information is output for each fragment. +The first fragment contains the higher level protocol header and the fragment +info is printed after the protocol info. +Fragments after the first contain no higher level protocol header and the +fragment info is printed after the source and destination addresses. +For example, here is part of an FTP from arizona.edu to lbl-rtsg.arpa +over a CSNET connection that doesn't appear to handle 576 byte datagrams: +.Bd -unfilled -offset indent +arizona.ftp-data > rtsg.1170: . 1024:1332(308) ack 1 win 4096 (frag 595a:328@0+) +arizona > rtsg: (frag 595a:204@328) +rtsg.1170 > arizona.ftp-data: . ack 1536 win 2560 +.Ed +.Pp +There are a couple of things to note here: first, addresses in the +2nd line don't include port numbers. +This is because the TCP protocol information is all in the first fragment +and we have no idea what the port or sequence numbers are when we print +the later fragments. +Second, the TCP sequence information in the first line is printed as if there +were 308 bytes of user data when, in fact, there are 512 bytes +.Po +308 in the first frag and 204 in the second +.Pc . +If you are looking for holes in the sequence space or trying to match up acks +with packets, this can fool you. +.Pp +A packet with the IP +.Sy don't fragment +flag is marked with a trailing +.Dq Pq DF . +.Ss Timestamps +By default, all output lines are preceded by a timestamp. +The timestamp is the current clock time in the form +.Sm off +.Ar hh : mm : ss . frac +.Sm on +and is as accurate as the kernel's clock. +The timestamp reflects the time the kernel first saw the packet. +No attempt is made to account for the time lag between when the +Ethernet interface removed the packet from the wire and when the kernel +serviced the +.Dq new packet +interrupt. +.Ss IP and Protocol Checksum Offload +Some network cards support IP and/or protocol checksum offload. +Packet headers for such interfaces erroneously indicate a bad checksum, +since the checksum is not calculated until after +.Nm +sees the packet. +.Sh SEE ALSO +.\" traffic(1C), nit(4P), +.Xr ether_aton 3 , +.Xr pcap_open_live 3 , +.Xr bpf 4 , +.Xr ip 4 , +.Xr pf 4 , +.Xr pflog 4 , +.Xr tcp 4 , +.Xr udp 4 , +.Xr hosts 5 , +.Xr pcap-filter 5 , +.Xr pf.os 5 , +.Xr protocols 5 , +.Xr services 5 , +.Xr bpflogd 8 +.Sh STANDARDS +.Rs +.%D September 1981 +.%R RFC 793 +.%T Transmission Control Protocol +.Re +.Pp +.Rs +.%A P. Mockapetris +.%D November 1987 +.%R RFC 1034 +.%T Domain Names \(en Concepts and Facilities +.Re +.Pp +.Rs +.%A P. Mockapetris +.%D November 1987 +.%R RFC 1035 +.%T Domain Names \(en Implementation and Specification +.Re +.Pp +.Rs +.%D April 1988 +.%R RFC 1050 +.%T RPC: Remote Procedure Call Protocol Specification +.Re +.Pp +.Rs +.%A V. Jacobson +.%D February 1990 +.%R RFC 1144 +.%T Compressing TCP/IP Headers for Low-Speed Serial Links +.Re +.Pp +.Rs +.%A M. Mathis +.%A J. Mahdavi +.%A S. Floyd +.%A A. Romanow +.%D October 1996 +.%R RFC 2018 +.%T TCP Selective Acknowledgement Options +.Re +.Pp +.Rs +.%A V. Manral +.%D April 2007 +.%R RFC 4835 +.%T Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) +.Re +.Sh AUTHORS +.An -nosplit +.An Van Jacobson Aq Mt van@ee.lbl.gov , +.An Craig Leres Aq Mt leres@ee.lbl.gov , +and +.An Steven McCanne Aq Mt mccanne@ee.lbl.gov , +all of the Lawrence Berkeley Laboratory, University of California, Berkeley, CA. +.Sh BUGS +Some attempt should be made to reassemble IP fragments, +or at least to compute the right length for the higher level protocol. +.Pp +Name server inverse queries are not dumped correctly: The +.Pq empty +question section is printed rather than the real query in the answer section. +Some believe that inverse queries are themselves a bug and +prefer to fix the program generating them rather than +.Nm tcpdump . +.Pp +A packet trace that crosses a daylight saving time change will give +skewed time stamps +.Pq the time change is ignored . +.Pp +Filter expressions that manipulate FDDI headers assume that all FDDI packets +are encapsulated Ethernet packets. +This is true for IP, ARP, and DECNET Phase IV, +but is not true for protocols such as ISO CLNS. +Therefore, the filter may inadvertently accept certain packets that +do not properly match the filter expression. diff --git a/static/openbsd/man8/tftp-proxy.8 b/static/openbsd/man8/tftp-proxy.8 new file mode 100644 index 00000000..0083cc25 --- /dev/null +++ b/static/openbsd/man8/tftp-proxy.8 @@ -0,0 +1,143 @@ +.\" $OpenBSD: tftp-proxy.8,v 1.10 2022/03/31 17:27:32 naddy Exp $ +.\" +.\" Copyright (c) 2005 joshua stein <jcs@openbsd.org> +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt TFTP-PROXY 8 +.Os +.Sh NAME +.Nm tftp-proxy +.Nd Internet Trivial File Transfer Protocol proxy +.Sh SYNOPSIS +.Nm tftp-proxy +.Op Fl 46dv +.Op Fl a Ar address +.Op Fl l Ar address +.Op Fl p Ar port +.Op Fl w Ar transwait +.Sh DESCRIPTION +.Nm +is a proxy for the Internet Trivial File Transfer Protocol. +TFTP connections should be redirected to the proxy using a +.Xr pf 4 +rule using the +.Ar divert-to +option, after which the proxy connects to the server on behalf of +the client. +The connection from the proxy to the server needs to be passed by +a rule with divert-reply set. +.Pp +The proxy inserts +.Xr pf 4 +pass and/or rdr rules using the +.Ar anchor +facility to allow payload packets between the client and the server. +Once the rules are inserted, +.Nm +forwards the initial request from the client to the server to begin the +transfer. +After +.Ar transwait +seconds, the states are assumed to have been established and the +.Xr pf 4 +rules are deleted and the program exits. +Once the transfer between the client and the server is completed, the +states will naturally expire. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl a Ar address +The proxy will use +.Ar address +as the source address for the initial request from the client to the server for +NAT traversal. +Instead of a +.Dq pass in +rule an +.Dq rdr +rule will be generated. +It is possible to have two +.Fl a +options to specify both an IPv4 and an IPv6 address. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log +the client IP, type of request, and filename to stderr. +.It Fl l Ar address +Listen on the specified address. +By default +.Nm +listens on localhost addresses. +.It Fl p Ar port +Listen on the specified port. +By default +.Nm +listens on port 6969. +.It Fl v +Log the connection and request information to +.Xr syslogd 8 . +.It Fl w Ar transwait +Number of seconds to wait for the data transmission to begin before +removing the +.Xr pf 4 +rule. +The default is 2 seconds. +.El +.Sh CONFIGURATION +To make use of the proxy, +.Xr pf.conf 5 +needs the following rules. +The anchor is mandatory. +Adjust the rule as needed for your configuration. +.Bd -literal -offset indent +anchor "tftp-proxy/*" +pass in quick on $int_if inet proto udp from $lan to port tftp \e + divert-to 127.0.0.1 port 6969 +pass out quick on $ext_if inet proto udp from $lan to port tftp \e + group _tftp_proxy divert-reply +.Ed +.Sh SEE ALSO +.Xr tftp 1 , +.Xr pf 4 , +.Xr pf.conf 5 , +.Xr ftp-proxy 8 , +.Xr syslogd 8 , +.Xr tftpd 8 +.Sh HISTORY +The current stand-alone implementation first appeared in +.Ox 5.3 . +.Sh AUTHORS +.An David Gwynne Aq Mt dlg@openbsd.org diff --git a/static/openbsd/man8/tftpd.8 b/static/openbsd/man8/tftpd.8 new file mode 100644 index 00000000..cf7b2e4c --- /dev/null +++ b/static/openbsd/man8/tftpd.8 @@ -0,0 +1,236 @@ +.\" $OpenBSD: tftpd.8,v 1.13 2025/05/22 05:58:36 kn Exp $ +.\" +.\" Copyright (c) 1983, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)tftpd.8 6.7 (Berkeley) 5/13/91 +.\" +.Dd $Mdocdate: May 22 2025 $ +.Dt TFTPD 8 +.Os +.Sh NAME +.Nm tftpd +.Nd Trivial File Transfer Protocol daemon +.Sh SYNOPSIS +.Nm tftpd +.Op Fl 46cdivw +.Op Fl l Ar address +.Op Fl p Ar port +.Op Fl r Ar socket +.Ar directory +.Sh DESCRIPTION +.Nm +serves +.Ar directory +contents via the Trivial File Transfer Protocol. +.Pp +The use of +.Xr tftp 1 +does not require an account or password on the remote system. +Due to the lack of authentication information, +.Nm +will allow only publicly readable files to be accessed. +By default files may only be read, unless the +.Fl w +option is specified. +Files may be written only if they already exist and are publicly writable, +unless the +.Fl c +flag is specified. +Note that this extends the concept of +.Dq public +to include +all users on all hosts that can be reached through the network; +this may not be appropriate on all systems, and its implications +should be considered before enabling TFTP service. +.Nm tftpd +always provides random data at the path +.Pa /etc/random.seed , +and therefore this path will be ignored inside the +.Ar directory . +.Ox +network bootloaders access this path to harvest entropy during +kernel load. +.Pp +.Nm +needs to start as root, then calls +.Xr chroot 2 +into +.Ar directory , +and drops privileges to the +.Dq _tftpd +user. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl c +Allow new files to be created; +otherwise uploaded files must already exist. +Files are created with default permissions +allowing anyone to read or write to them. +.Pp +This option implies +.Fl w . +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to stderr instead of +.Xr syslog 3 . +This implies +.Fl v . +.It Fl i +Look up the requested path in the subdirectory named after the +client's IP address. +For read requests, if the file is not found, +.Nm +falls back on the requested path. +Note that no attempt is made to limit the client to its subdirectory. +This option cannot be combined with +.Fl r . +.It Fl l Ar address +Listen on the specified address. +By default +.Nm +listens on wildcard addresses. +.It Fl p Ar port +Listen on the specified port. +By default +.Nm +listens on the port indicated in the +.Ql tftp +service description; see +.Xr services 5 . +.It Fl r Ar socket +Issue filename rewrite requests to the specified UNIX domain socket. +.Nm +will write lines in the format "IP OP filename", terminated by a newline, +where IP is the client's IP address, and OP is one of "read" or "write". +.Nm +expects replies in the format "filename" terminated by a newline. +All rewrite requests from the daemon must be answered +(even if it is with the original filename) +before the TFTP request will continue. +By default +.Nm +does not use filename rewriting. +This option cannot be combined with +.Fl i . +.It Fl v +Log the client IP, type of request, and filename. +.It Fl w +Allow files to be written to. +.El +.Sh SEE ALSO +.Xr tftp 1 , +.Xr chroot 2 , +.Xr pxeboot 8 , +.Xr syslogd 8 , +.Xr tftp-proxy 8 +.Sh STANDARDS +.\" .Rs +.\" .%A K. R. Sollins +.\" .%D June 1981 +.\" .%R RFC 783 +.\" .%T The TFTP Protocol (Revision 2) +.\" .Re +.\" .Pp +.Rs +.%A K. Sollins +.%D July 1992 +.%R RFC 1350 +.%T The TFTP Protocol (Revision 2) +.Re +.Pp +.\" .Rs +.\" .%A G. Malkin +.\" .%A A. Harkin +.\" .%D March 1995 +.\" .%R RFC 1782 +.\" .%T TFTP Option Extension +.\" .Re +.\" .Pp +.\" .Rs +.\" .%A G. Malkin +.\" .%A A. Harkin +.\" .%D March 1995 +.\" .%R RFC 1783 +.\" .%T TFTP Blocksize Option +.\" .Re +.\" .Pp +.\" .Rs +.\" .%A G. Malkin +.\" .%A A. Harkin +.\" .%D March 1995 +.\" .%R RFC 1784 +.\" .%T TFTP Timeout Interval and Transfer Size Options +.\" .Re +.\" .Pp +.Rs +.%A G. Malkin +.%A A. Harkin +.%D May 1998 +.%R RFC 2347 +.%T TFTP Option Extension +.Re +.Pp +.Rs +.%A G. Malkin +.%A A. Harkin +.%D May 1998 +.%R RFC 2348 +.%T TFTP Blocksize Option +.Re +.Pp +.Rs +.%A G. Malkin +.%A A. Harkin +.%D March 1998 +.%R RFC 2349 +.%T TFTP Timeout Interval and Transfer Size Options +.Re +.Sh HISTORY +The +.Nm +command was originally a process run via +.Xr inetd 8 +and appeared in +.Bx 4.2 . +It was rewritten for +.Ox 5.2 +as a persistent non-blocking daemon. +.Sh BUGS +Many TFTP clients will not transfer files over 16744448 octets +.Pq 32767 blocks . diff --git a/static/openbsd/man8/tokenadm.8 b/static/openbsd/man8/tokenadm.8 new file mode 100644 index 00000000..4fb7a2e1 --- /dev/null +++ b/static/openbsd/man8/tokenadm.8 @@ -0,0 +1,130 @@ +.\" $OpenBSD: tokenadm.8,v 1.7 2022/03/31 17:27:32 naddy Exp $ +.\" +.\" Copyright (c) 1996 Berkeley Software Design, Inc. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI $From: tokenadm.8,v 1.3 1996/09/06 00:44:07 prb Exp $ +.\" +.Dd $Mdocdate: March 31 2022 $ +.Dt TOKENADM 8 +.Os +.Sh NAME +.Nm activadm , +.Nm cryptoadm , +.Nm snkadm +.Nd manage the ActivCard, CRYPTOCard and SNK-004 token databases +.Sh SYNOPSIS +.Nm tokenadm +.Op Fl 1BDdEeRrT +.Op Fl m Oo - Oc Ns Ar mode +.Op Ar user ... +.Sh DESCRIPTION +The +.Nm tokenadm +utility displays and edits user entries in the various token databases. +It may also be invoked as one the following: +.Nm activadm , cryptoadm , +or +.Nm snkadm . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 1 +Display users, one per line. +.It Fl B +Display users with no banner. +.It Fl D +Display disabled users. +.It Fl d +Disable users without removing them from the database. +This prevents the users from authenticating, but does not lose their +shared secret. +The +.Fl m +flag may also be used with the +.Fl d +flag. +.It Fl E +Display enabled users. +.It Fl e +Enable users. +This should be used to re-enable users who were disabled by the +.Fl d +flag. +The +.Fl m +flag may also be used with the +.Fl e +flag. +.It Xo Fl m +.Oo - Oc Ns Ar mode +.Xc +Add +[or remove] +the specified mode of authentication for the user. +Modes available are decimal (dec), hexadecimal (hex), phonebook (phone), +and reduced-input (rim). +Not all modes are available for all types of cards. +The +.Fl m +flag may be used alone or in conjunction with either the +.Fl d +or +.Fl e +flags. +Whenever reduced-input mode is set, the reduced-input state is reset. +This should be done if a paper copy of challenge/responses had been +produced and then misplaced. +.It Fl R +Display users in reverse order. +.It Fl r +Remove users from the database. +.It Fl T +Display users in terse format (only the user names). +Unless +.Fl 1 +is also specified, four users will be displayed per line. +.El +.Pp +Use of any of the +.Fl 1BDERT +flags precludes the use of any of the +.Fl demr +flags. +The +.Fl demr +flags all require at least one +.Ar user +argument. +.Sh SEE ALSO +.Xr x99token 1 , +.Xr login.conf 5 , +.Xr login_token 8 , +.Xr tokeninit 8 diff --git a/static/openbsd/man8/tokeninit.8 b/static/openbsd/man8/tokeninit.8 new file mode 100644 index 00000000..b2d860ee --- /dev/null +++ b/static/openbsd/man8/tokeninit.8 @@ -0,0 +1,171 @@ +.\" $OpenBSD: tokeninit.8,v 1.14 2022/02/19 10:17:39 jsg Exp $ +.\" +.\" Copyright (c) 1995 Migration Associates Corporation. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI $From: tokeninit.8,v 1.3 1997/01/16 03:23:11 bostic Exp $ +.\" +.Dd $Mdocdate: February 19 2022 $ +.Dt TOKENINIT 8 +.Os +.Sh NAME +.Nm activinit , +.Nm cryptoinit , +.Nm snkinit +.Nd modify or add user in ActivCard, CRYPTOCard, or SNK-004 authentication system +.Sh SYNOPSIS +.Nm tokeninit +.Op Fl fhsv +.Op Fl m Ar mode +.Ar user ... +.Sh DESCRIPTION +The +.Nm tokeninit +utility may also be invoked by one of the following names: +.Nm activinit , +.Nm cryptoinit , +or +.Nm snkinit . +Depending on the name it was invoked as, it will +initialize the system information to allow one to use the +ActivCard, CRYPTOCard, or SNK-004 digital encryption token to login. +The +.Nm tokeninit +utility is intended for use by the system administrator. +.Pp +Token card systems provide strong user authentication by combining a user's +unique knowledge (a Personal Identification Number) and a physical object +(the token) which the user must have in their possession to login. +The system administrator programs the token with a secret encryption key +which is also stored in the database. +The user programs the token with a PIN. +To discourage exhaustive attempts to guess the PIN, +configuration options permit the token to be programmed +to erase knowledge of the shared secret should the user enter +an excessive number of incorrect PIN entries. +.Pp +The user activates the token by entering their PIN into the token. +After activating the token, the user enters a random number challenge +presented by the host computer into the token. +The challenge is encrypted by the token and a response is displayed. +The user then enters the response at the host computer's prompt, +where it is compared with the anticipated response. +.Pp +Token cards typically support multiple unique encryption keys. +This facility allows a single token to be used for multiple computer +systems, or multiple user instances on the same system. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl f +Force reinitialization of an existing account. +The current shared secret stored in the database will be replaced with +a new shared secret. +The new shared secret must be entered into the token, +replacing the current one. +.It Fl h +Read the shared secret as a 16 digit hexadecimal integer rather than +a sequence of 8 octets. +This is not supported when invoked as +.Nm snkinit . +.It Fl m Ar mode +Specify the input modes allowed for this user. +Possible modes are decimal (dec), hexadecimal (hex), phonebook (phone), +and reduced-input (rim). +Not all modes are available for all types of cards. +Multiple +.Fl m +options may be specified to enable multiple modes. +By default only the hexadecimal mode is enabled, except for the SNK-004 +token, which by default only enables the decimal mode. +If an attempt is made to initialize a card with only reduced-input, the +default mode for the card is silently included. +.It Fl s +By default, +.Nm tokeninit +prompts for a shared secret to enter into the authentication database. +The +.Fl s +option generates a 64-bit cryptographically strong key for use in the token. +This shared secret will be saved in the database for the user ID +specified on the command line. +After entering the shared secret into the token, determine that the +checksum computed by the token matches the one displayed by +.Nm tokeninit . +.It Fl v +Enable verbose mode. +.Nm tokeninit +will emit messages on the status of each user ID processed. +.El +.Sh REDUCED-INPUT MODE +Reduced-input mode allows the token to predict the next challenge, +given the current challenge. +This may be used to eliminate the need to enter the challenge to the +token or may also be used with a paper list. +Using a program such as +.Xr x99token 1 +many challenges could be precomputed and printed. +This list should be kept secret. +This list can then take the place of an actual token until +the system has issued all the challenges printed. +Challenges are predicted by the following algorithm: +.Bd -unfilled -offset indent +* Encrypt the last challenge with the shared secret key + +* AND each byte of the response with 0x0f + +* Modulo each byte by 10 (0x0a) + +* ADD 0x30 (ASCII value of '0') to each byte +.Ed +.Pp +The resulting 8 bytes are all ASCII decimal digits and are the next challenge. +.Sh FILES +.Bl -tag -width xetcxcrypto.db -compact +.It Pa /etc/activ.db +database of information for ActivCard system +.It Pa /etc/crypto.db +database of information for CRYPTOCard system +.It Pa /etc/snk.db +database of information for SNK-004 system +.El +.Sh DIAGNOSTICS +Diagnostic messages are logged via +.Xr syslog 3 +with the LOG_AUTH facility. +.Sh SEE ALSO +.Xr x99token 1 , +.Xr syslog 3 , +.Xr login_token 8 , +.Xr tokenadm 8 +.Sh AUTHORS +.An Jack Flory Aq Mt jpf@mig.com +.Sh BUGS +Not all modes of all cards are supported. diff --git a/static/openbsd/man8/traceroute.8 b/static/openbsd/man8/traceroute.8 new file mode 100644 index 00000000..1e011714 --- /dev/null +++ b/static/openbsd/man8/traceroute.8 @@ -0,0 +1,424 @@ +.\" $OpenBSD: traceroute.8,v 1.76 2024/03/24 00:33:41 sthen Exp $ +.\" $NetBSD: traceroute.8,v 1.6 1995/10/12 03:05:50 mycroft Exp $ +.\" +.\" Copyright (c) 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Van Jacobson. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)traceroute.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: March 24 2024 $ +.Dt TRACEROUTE 8 +.Os +.Sh NAME +.Nm traceroute , +.Nm traceroute6 +.Nd print the route packets take to network host +.Sh SYNOPSIS +.Nm traceroute\ \& +.Op Fl ADdIlnSvx +.Op Fl f Ar first_ttl +.Op Fl g Ar gateway_addr +.Op Fl m Ar max_ttl +.Op Fl P Ar proto +.Op Fl p Ar port +.Op Fl q Ar nqueries +.Op Fl s Ar sourceaddr +.Op Fl t Ar toskeyword +.Op Fl V Ar rtable +.Op Fl w Ar waittime +.Ar host +.Op Ar datalen +.Nm traceroute6 +.Op Fl ADdIlnSv +.Op Fl f Ar first_hop +.Op Fl m Ar max_hop +.Op Fl p Ar port +.Op Fl q Ar nqueries +.Op Fl s Ar sourceaddr +.Op Fl t Ar toskeyword +.Op Fl V Ar rtable +.Op Fl w Ar waittime +.Ar host +.Op Ar datalen +.Sh DESCRIPTION +The Internet is a large and complex aggregation of +network hardware, connected together by gateways. +Tracking the route packets follow (or finding the miscreant +gateway that's discarding packets) can be difficult. +.Nm +and +.Nm traceroute6 +attempt to elicit +.Dv TIME_EXCEEDED +responses from each gateway along the path to +.Ar host , +in order to determine their route. +.Nm +is used for IPv4 networks and +.Nm traceroute6 +for IPv6. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +Look up the AS number for each hop address. +Uses the DNS service described at +.Lk https://www.team-cymru.com/ip-asn-mapping +.It Fl D +Dump the packet data to standard error before transmitting it. +.It Fl d +Turn on socket-level debugging. +.It Fl f Ar first_ttl +Set the first TTL or hop limit used in outgoing probe packets. +The effect is that the first first_ttl \- 1 hosts will be skipped +in the output of +.Nm traceroute . +The default is 1 (skip no hosts). +.It Fl g Ar gateway_addr +Add +.Ar gateway_addr +to the list of addresses in the IP Loose Source Record Route (LSRR) +option. +If no gateways are specified, the LSRR option is omitted. +This option is not available for IPv6. +.It Fl I +Use ICMP or ICMP6 ECHO instead of UDP datagrams. +.It Fl l +Display the TTL or hop limit value of the returned packet. +This is useful for checking for asymmetric routing. +.It Fl m Ar max_ttl +Set the maximum TTL or hop limit. +The default is the value of the system's +.Va net.inet.ip.ttl +or +.Va net.inet6.ip6.hlim +.Xr sysctl 8 +variable, which defaults to 64. +.It Fl n +Print hop addresses numerically rather than symbolically and numerically +(saves a nameserver address-to-name lookup for each gateway found on the +path). +.It Fl P Ar proto +Change the protocol being used from UDP +to a numeric protocol or a name as specified in +.Pa /etc/protocols . +This will not work reliably for most protocols. +If set to 1 (ICMP), then +ICMP Echo Request messages will be used (same as +.Xr ping 8 ) . +This option is not available for IPv6. +.It Fl p Ar port +Set the base UDP +.Ar port +number used in probes. +The default is 33434. +.Nm +hopes that nothing is listening on UDP ports +.Ar base +to +.Ar base Ns + Ns Ar nhops Ns * Ns Ar nqueries Ns -1 +at the destination host (so an ICMP +.Dv PORT_UNREACHABLE +message will +be returned to terminate the route tracing). +If something is +listening on a port in the default range, this option can be used +to pick an unused port range. +.It Fl q Ar nqueries +Set the number of probes per TTL to +.Ar nqueries . +The default is three probes. +.It Fl S +Print how many probes were not answered for each hop. +.It Fl s Ar sourceaddr +Set the source address to transmit from, which is useful on machines +with multiple interfaces. +.It Fl t Ar toskeyword +Set the type-of-service (TOS) in probe packets. +The value may be one of +.Cm critical , +.Cm inetcontrol , +.Cm lowdelay , +.Cm netcontrol , +.Cm throughput , +.Cm reliability , +or one of the DiffServ Code Points: +.Cm ef , +.Cm af11 ... af43 , +.Cm cs0 ... cs7 ; +or a number in either hex or decimal. +The default is zero. +This option can be used to +see if different types-of-service result in different paths. +If this option is used, changes to the type-of-service in the +returned packets are displayed. +Not all values of TOS are legal or meaningful \- +see the IP spec for definitions. +Useful values are probably +.Cm lowdelay +and +.Cm throughput . +.It Fl V Ar rtable +Set the routing table to be used. +.It Fl v +Verbose output. +Received ICMP packets other than +.Dv TIME_EXCEEDED +and +.Dv UNREACHABLE Ns s +are listed. +.It Fl w Ar waittime +Set the time, in seconds, to wait for a response to a probe. +The default is 3. +.It Fl x +Print the ICMP extended headers if available. +This option is not available for IPv6. +.It Ar host +The destination host, +specified as a host name or numeric IP address. +.It Ar datalen +The probe datagram length. +The default is 40 bytes for IPv4 UDP +and 60 bytes for ICMP, IPv6 UDP and ICMP6. +.El +.Pp +The program attempts to trace the route an IP packet would follow to a +host by launching UDP probe packets with a small TTL or hop limit, +then listening for an ICMP "time exceeded" reply from a gateway. +It starts using probes with a TTL/hop limit of one +and increases by one until it gets an ICMP "port unreachable" +(which means it reached the host) or hits a maximum limit +(which defaults to 64, but can be changed using the +.Fl m +option). +Three probes (the exact number can be changed using the +.Fl q +option) are sent and a line is printed +showing the TTL or hop limit, address of the gateway, +and round trip time of each probe. +If the probe answers come from different gateways, +the address of each responding system will be printed. +If there is no response within a 3 second timeout +interval (which can be changed using the +.Fl w +option), a "*" is printed for that +probe. +If the host cannot be reached, +.Nm +skips printing lines consisting only of * until the maximum TTL/hop limit is +reached. +.Pp +We don't want the destination +host to process the UDP +probe packets so the destination port is set to an +unlikely value (if some clod on the destination is using that +value, it can be changed using the +.Fl p +option). +.Pp +A sample use and output might be: +.Bd -literal -offset indent +$ traceroute nis.nsf.net. +traceroute to nis.nsf.net (35.1.1.48), 64 hops max, 56 byte packet +1 helios.ee.lbl.gov (128.3.112.1) 19 ms 19 ms 0 ms +2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms +3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms +4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 39 ms +5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 39 ms 39 ms 39 ms +6 128.32.197.4 (128.32.197.4) 40 ms 59 ms 59 ms +7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 59 ms +8 129.140.70.13 (129.140.70.13) 99 ms 99 ms 80 ms +9 129.140.71.6 (129.140.71.6) 139 ms 239 ms 319 ms +10 129.140.81.7 (129.140.81.7) 220 ms 199 ms 199 ms +11 nic.merit.edu (35.1.1.48) 239 ms 239 ms 239 ms +.Ed +.Pp +Note that lines 2 & 3 are the same. +This is due to a buggy +kernel on the 2nd hop system \- lbl-csam.arpa \- that forwards +packets with a zero TTL (a bug in the distributed version of +.Bx 4.3 ) . +Note that you have to guess what path +the packets are taking cross-country since the NSFNET (129.140) +doesn't supply address-to-name translations for its NSSes. +.Pp +A more interesting example is: +.Bd -literal -offset indent +$ traceroute allspice.lcs.mit.edu. +traceroute to allspice.lcs.mit.edu (18.26.0.115), 64 hops max +1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms +2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms +3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms +4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms +5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms +6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms +7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms +8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms +9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms +10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms +11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms +12 * * * +13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms +14 * * * +15 * * * +16 * * * +17 * * * +18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms +.Ed +.Pp +Note that the gateways 12, 14, 15, 16 & 17 hops away +either don't send ICMP "time exceeded" messages or send them +with a TTL too small to reach us. +14 \- 17 are running the MIT +C Gateway code that doesn't send "time exceeded"s. +God only knows what's going on with 12. +.Pp +The silent gateway 12 in the above may be the result of a bug in +the 4.[23] +.Bx +network code (and its derivatives): 4.x (x <= 3) +sends an unreachable message using whatever TTL remains in the +original datagram. +Since, for gateways, the remaining TTL is zero, the ICMP +"time exceeded" is guaranteed to not make it back to us. +The behavior of this bug is slightly more interesting +when it appears on the destination system: +.Bd -literal -offset indent +1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms +2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 39 ms +3 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 39 ms 19 ms +4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 19 ms +5 ccn-nerif35.Berkeley.EDU (128.32.168.35) 39 ms 39 ms 39 ms +6 csgw.Berkeley.EDU (128.32.133.254) 39 ms 59 ms 39 ms +7 * * * +8 * * * +9 * * * +10 * * * +11 * * * +12 * * * +13 rip.Berkeley.EDU (128.32.131.22) 59 ms ! 39 ms ! 39 ms ! +.Ed +.Pp +Notice that there are 12 "gateways" (13 is the final +destination) and exactly the last half of them are "missing". +What's really happening is that rip (a Sun-3 running Sun OS3.5) +is using the TTL from our arriving datagram as the TTL in its +ICMP reply. +So, the reply will time out on the return path +(with no notice sent to anyone since ICMPs aren't sent for ICMPs) +until we probe with a TTL that's at least twice the path +length. +That is, rip is really only 7 hops away. +A reply that returns with a TTL of 1 is a clue this problem exists. +.Nm +prints a "!" after the time if the TTL is <= 1. +Since vendors ship a lot of obsolete (DEC's Ultrix, Sun 3.x) or +non-standard (HP-UX) software, expect to see this problem +frequently and/or take care picking the target host of your +probes. +.Pp +Other possible annotations after the time are +.Sy !H , +.Sy !N , +.Sy !P +(got a host, network or protocol unreachable, respectively), +.Sy !A , +.Sy !C +(access to the network or host, respectively, is prohibited), +.Sy !X +(communication administratively prohibited by filtering), +.Sy !S +or +.Sy !F +(source route failed or fragmentation needed \- neither of these should +ever occur and the associated gateway is busted if you see one), +.Sy !U +(destination network or host unknown), +.Sy !T +(destination network or host unreachable for TOS), +.Sy !<code> +(other ICMP unreachable code). +.Sy TOS=xxx! +(TOS bit in returned packet differs from last hop). +If almost all the probes result in some kind of unreachable, +.Nm +will give up and exit. +.Pp +.Dl $ traceroute -g 10.3.0.5 128.182.0.0 +.Pp +will show the path from the Cambridge Mailbridge to PSC, while +.Pp +.Dl $ traceroute -g 192.5.146.4 -g 10.3.0.5 35.0.0.0 +.Pp +will show the path from the Cambridge Mailbridge to Merit, using PSC to +reach the Mailbridge. +.Pp +This program is intended for use in network testing, measurement +and management. +It should be used primarily for manual fault isolation. +Because of the load it could impose on the network, it is unwise to use +.Nm +during normal operations or from automated scripts. +.Sh SEE ALSO +.Xr ping 8 , +.Xr route 8 +.Sh HISTORY +The very first +.Nm +(never released) used ICMP ECHO_REQUEST +datagrams as probe packets. +During the first night of testing it was +discovered that more than half the router vendors of the time would +not return an ICMP TIME_EXCEEDED for an ECHO_REQUEST. +.Nm +was then changed to use UDP probe packets. +Most modern TCP/IP implementations will now generate an ICMP error +message to ICMP query messages, and the option to use ECHO_REQUEST probes +was re-implemented. +.Pp +The +.Nm +command first appeared in +.Bx 4.3 Reno . +The +.Nm traceroute6 +command first appeared in the WIDE Hydrangea IPv6 protocol stack kit. +.Sh AUTHORS +.An -nosplit +Implemented by +.An Van Jacobson +from a suggestion by +.An Steve Deering . +Debugged +by a cast of thousands with particularly cogent suggestions or fixes from +.An C. Philip Wood , +.An Tim Seaver , +and +.An Ken Adelman . diff --git a/static/openbsd/man8/trpt.8 b/static/openbsd/man8/trpt.8 new file mode 100644 index 00000000..e90ad384 --- /dev/null +++ b/static/openbsd/man8/trpt.8 @@ -0,0 +1,149 @@ +.\" $OpenBSD: trpt.8,v 1.17 2016/09/25 23:31:50 deraadt Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)trpt.8 8.2 (Berkeley) 12/11/93 +.\" +.Dd $Mdocdate: September 25 2016 $ +.Dt TRPT 8 +.Os +.Sh NAME +.Nm trpt +.Nd transliterate protocol trace +.Sh SYNOPSIS +.Nm trpt +.Op Fl afjst +.Op Fl M Ar core +.Op Fl N Ar system +.Op Fl p Ar hex-address +.Sh DESCRIPTION +.Nm +interrogates the buffer of +.Tn TCP +trace records created +when a socket is marked for +.Dq debugging +(see +.Xr setsockopt 2 ) , +and prints a readable description of these records. +When no options are supplied, +.Nm +prints all the trace records found in the system +grouped according to +.Tn TCP +connection protocol control +block +.Pq Tn PCB . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +In addition to the normal output, +print the values of the source and destination +addresses for each packet recorded. +.It Fl f +Follow the trace as it occurs, waiting a short time for additional records +each time the end of the log is reached. +.It Fl j +Just give a list of the protocol control block +addresses for which there are trace records. +.It Fl M Ar core +Extract values associated with the name list from +.Pa core +instead of the running kernel. +.It Fl N Ar system +Extract the name list from +.Pa system +instead of the running kernel. +.It Fl p Ar hex-address +Show only trace records associated with the protocol +control block at the given address +.Ar hex-address . +.It Fl s +In addition to the normal output, +print a detailed description of the packet +sequencing information. +.It Fl t +In addition to the normal output, +print the values for all timers at each +point in the trace. +.El +.Pp +The recommended use of +.Nm +is as follows. +Isolate the problem and enable debugging on the +socket(s) involved in the connection. +Find the address of the protocol control blocks +associated with the sockets using the +.Fl A +option to +.Xr netstat 1 . +Then run +.Nm +with the +.Fl p +option, supplying the associated +protocol control block addresses. +The +.Fl f +option can be used to follow the trace log once the trace is located. +If there are +many sockets using the debugging option, the +.Fl j +option may be useful in checking to see if +any trace records are present for the socket in +question. +.Pp +.Nm +requires the ability to open +.Pa /dev/kmem +which may be restricted based upon the value of the +.Ar kern.allowkmem +.Xr sysctl 8 . +.Sh DIAGNOSTICS +.Bl -tag -width Ds +.It Sy no namelist +When the system image doesn't +contain the proper symbols to find the trace buffer; +others which should be self explanatory. +.El +.Sh SEE ALSO +.Xr netstat 1 , +.Xr setsockopt 2 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Sh BUGS +Should also print the data for each input or output, +but this is not saved in the trace record. +.Pp +The output format is inscrutable and should be described +here. diff --git a/static/openbsd/man8/ttyflags.8 b/static/openbsd/man8/ttyflags.8 new file mode 100644 index 00000000..4b4e7c2c --- /dev/null +++ b/static/openbsd/man8/ttyflags.8 @@ -0,0 +1,86 @@ +.\" $OpenBSD: ttyflags.8,v 1.11 2007/05/31 19:19:48 jmc Exp $ +.\" $NetBSD: ttyflags.8,v 1.2 1995/03/18 15:01:22 cgd Exp $ +.\" +.\" Copyright (c) 1994 Christopher G. Demetriou +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Christopher G. Demetriou. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 31 2007 $ +.Dt TTYFLAGS 8 +.Os +.Sh NAME +.Nm ttyflags +.Nd set device-specific flags for terminals +.Sh SYNOPSIS +.Nm ttyflags +.Op Fl pv +.Op Fl a | Ar tty ... +.Sh DESCRIPTION +.Nm +sets the device-specific flags for terminals, based on the flags +found on the terminal's line in +.Pa /etc/ttys . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Set the flags for all terminals in +.Pa /etc/ttys . +.It Fl p +Print out flag information about each terminal, instead of setting +anything. +.It Fl v +Be verbose about what the terminal's flags will be set to. +.El +.Pp +The +.Ar tty +arguments are optional, but must not be specified if the +.Fl a +flag is used. +If specified, the +.Ar tty +arguments should be the base names of +the ttys, as found in +.Pa /etc/ttys . +.Sh FILES +.Bl -tag -width /etc/ttys -compact +.It Pa /etc/ttys +.El +.Sh SEE ALSO +.Xr getttyent 3 , +.Xr ttys 5 +.Sh HISTORY +The +.Nm +utility appeared in +.Nx 0.9a . +.Sh BUGS +The conditions on which to report an error are ill-defined. +.Nm +tries to report all significant errors, perhaps going over-board +at times. diff --git a/static/openbsd/man8/tunefs.8 b/static/openbsd/man8/tunefs.8 new file mode 100644 index 00000000..317108db --- /dev/null +++ b/static/openbsd/man8/tunefs.8 @@ -0,0 +1,164 @@ +.\" $OpenBSD: tunefs.8,v 1.27 2019/04/23 18:13:11 schwarze Exp $ +.\" $NetBSD: tunefs.8,v 1.36 2004/12/20 10:28:47 hubertf Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)tunefs.8 8.3 (Berkeley) 5/3/95 +.\" +.Dd $Mdocdate: April 23 2019 $ +.Dt TUNEFS 8 +.Os +.Sh NAME +.Nm tunefs +.Nd tune up an existing file system +.Sh SYNOPSIS +.Nm +.Bk -words +.Op Fl AFN +.Op Fl e Ar maxbpg +.Op Fl g Ar avgfilesize +.Op Fl h Ar avgfpdir +.Op Fl m Ar minfree +.\" .Op Fl n Ar soft_dependency_enabling +.Op Fl o Ar optimize_preference +.Ar special | filesys +.Ek +.Sh DESCRIPTION +.Nm +is designed to change the dynamic parameters of a file system +which affect the layout policies. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +Cause the values to be updated in all the alternate +superblocks instead of just the standard superblock. +If this option is not used, +then use of a backup superblock by +.Xr fsck 8 +will lose anything changed by +.Nm . +.Fl A +is ignored when +.Fl N +is specified. +.It Fl e Ar maxbpg +This indicates the maximum number of blocks any single file can +allocate out of a cylinder group before it is forced to begin +allocating blocks from another cylinder group. +Typically this value is set to about one quarter of the total blocks +in a cylinder group. +The intent is to prevent any single file from using up all the +blocks in a single cylinder group, +thus degrading access times for all files subsequently allocated +in that cylinder group. +The effect of this limit is to cause big files to do long seeks +more frequently than if they were allowed to allocate all the blocks +in a cylinder group before seeking elsewhere. +For file systems with exclusively large files, +this parameter should be set higher. +.It Fl F +Indicates that +.Ar special +is a file system image, rather than a device name or file system mount point. +.Ar special +will be accessed +.Sq as-is . +.It Fl g Ar avgfilesize +This specifies the expected average file size. +.It Fl h Ar avgfpdir +This specifies the expected number of files per directory. +.It Fl m Ar minfree +This value specifies the percentage of space held back +from normal users; the minimum free space threshold. +The default value is set during creation of the filesystem; see +.Xr newfs 8 . +This value can be set to zero, however up to a factor of three +in throughput will be lost over the performance obtained at a 5% +threshold. +Note that if the value is raised above the current usage level, +users will be unable to allocate files until enough files have +been deleted to get under the higher threshold. +.It Fl N +Display all the settable options +(after any changes from the tuning options) +but do not cause any of them to be changed. +.It Fl o Ar optimize_preference +The file system can either try to minimize the time spent +allocating blocks, or it can attempt to minimize the space +fragmentation on the disk. +If the value of +.Ar minfree +(see above) is less than 5%, +then the file system should optimize for space to avoid +running out of full sized blocks. +For values of +.Ar minfree +greater than or equal to 5%, +fragmentation is unlikely to be problematical, and +the file system can be optimized for time. +.Pp +.Ar optimize_preference +can be specified as either +.Li space +or +.Li time . +.El +.Sh SEE ALSO +.Xr fs 5 , +.Xr dumpfs 8 , +.Xr fsck_ffs 8 , +.Xr growfs 8 , +.Xr newfs 8 +.Rs +.%A M. McKusick +.%A W. Joy +.%A S. Leffler +.%A R. Fabry +.%T "A Fast File System for UNIX" +.%J "ACM Transactions on Computer Systems 2" +.%N 3 +.%P pp. 181\(en197 +.%D August 1984 +.Re +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Sh BUGS +This program should work on mounted and active file systems. +Because the super-block is not kept in the buffer cache, +the changes will only take effect if the program +is run on unmounted file systems. +To change the root file system, the system must be rebooted +after the file system is tuned. +.Pp +.\" Take this out and a Unix Demon will dog your steps from now until +.\" the time_t's wrap around. +You can tune a file system, but you can't tune a fish. diff --git a/static/openbsd/man8/umount.8 b/static/openbsd/man8/umount.8 new file mode 100644 index 00000000..7bbadc6c --- /dev/null +++ b/static/openbsd/man8/umount.8 @@ -0,0 +1,114 @@ +.\" $OpenBSD: umount.8,v 1.17 2019/09/06 19:25:08 schwarze Exp $ +.\" $NetBSD: umount.8,v 1.2 1995/03/18 15:01:35 cgd Exp $ +.\" +.\" Copyright (c) 1980, 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)umount.8 8.1 (Berkeley) 2/20/94 +.\" +.Dd $Mdocdate: September 6 2019 $ +.Dt UMOUNT 8 +.Os +.Sh NAME +.Nm umount +.Nd unmount file systems +.Sh SYNOPSIS +.Nm umount +.Op Fl fv +.Ar special | node +.Nm umount +.Fl a +.Op Fl fv +.Op Fl h Ar host +.Op Fl t Ar type +.Sh DESCRIPTION +The +.Nm +command +calls the +.Xr unmount 2 +system call to remove a +.Ar special +device or +.Ar node +.Pf ( Bo Ar rhost : +.Bc Ar path ) +from the file system tree. +Multiple devices and nodes may be specified on the command line. +If neither +.Ar special +nor +.Ar node +are provided, the appropriate information is taken from the kernel. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +All of the file systems except root returned by +.Xr getmntinfo 3 +are unmounted. +.It Fl f +The file system is forcibly unmounted. +Active special devices continue to work, +but all other files return errors if further accesses are attempted. +The root file system cannot be forcibly unmounted. +.It Fl h Ar host +Only filesystems mounted from the specified host will be +unmounted. +This option implies the +.Fl a +option and, unless otherwise specified with the +.Fl t +option, will only unmount NFS filesystems. +.It Fl t Ar type +Indicates that actions should only be taken on +filesystems of the specified type. +More than one type may be specified in a comma separated list. +The list of filesystem types can be prefixed with +.Dq no +to specify the filesystem types for which action should +.Em not +be taken. +For example, the following command +unmounts all filesystems of type +NFS and MFS: +.Bd -literal -offset indent +# umount -a -t nfs,mfs +.Ed +.It Fl v +Verbose, additional information is printed out as each file system +is unmounted. +.El +.Sh SEE ALSO +.Xr unmount 2 , +.Xr getmntinfo 3 , +.Xr mount 8 +.Sh HISTORY +A +.Nm +command appeared in +.At v1 . diff --git a/static/openbsd/man8/unwind.8 b/static/openbsd/man8/unwind.8 new file mode 100644 index 00000000..2e8eeb41 --- /dev/null +++ b/static/openbsd/man8/unwind.8 @@ -0,0 +1,133 @@ +.\" $OpenBSD: unwind.8,v 1.13 2023/02/21 07:47:24 jmc Exp $ +.\" +.\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> +.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 21 2023 $ +.Dt UNWIND 8 +.Os +.Sh NAME +.Nm unwind +.Nd validating DNS resolver +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl f Ar file +.Op Fl s Ar socket +.Sh DESCRIPTION +.Nm +is a validating DNS resolver. +It is intended to run on client machines like workstations or laptops and only +listens on localhost. +.Pp +.Nm +sends DNS queries to nameservers to answer queries. +If it detects that DNS queries are blocked by the local network, +it can switch to resolvers learned through autoconfiguration. +It periodically probes if DNS is no longer blocked and switches back to +querying nameservers itself. +A list of sources for proposals learned through autoconfiguration +is documented in +.Xr resolvd 8 . +.Pp +.Nm +keeps the DNS answers in a cache shared by the different DNS name +server types. +.Nm +manages the cache size by deleting oldest entries when needed. +The cache is non-configurable and is lost upon process restart. +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable unwind , +which sets +.Pp +.Dl unwind_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +A running +.Nm +can be controlled with the +.Xr unwindctl 8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl s Ar socket +Use an alternate location for the default control socket. +.It Fl v +Produce more verbose output. +Multiple +.Fl v +options increase the verbosity. +Debug output from libunbound is only available when logging to +.Em stderr . +.El +.Sh FILES +.Bl -tag -width "/var/db/unwind.keyXXX" -compact +.It Pa /etc/unwind.conf +Default +.Nm +configuration file. +.It Pa /var/db/unwind.key +Trust anchor for DNSSEC validation. +.It Pa /dev/unwind.sock +.Ux Ns -domain +socket used for communication with +.Xr unwindctl 8 . +.El +.Sh SEE ALSO +.Xr unwind.conf 5 , +.Xr unbound 8 , +.Xr unwindctl 8 +.Sh STANDARDS +.Rs +.%A P. Mockapetris +.%D November 1987 +.%R RFC 1034 +.%T DOMAIN NAMES - CONCEPTS AND FACILITIES +.Re +.Pp +.Rs +.%A P. Mockapetris +.%D November 1987 +.%R RFC 1035 +.%T DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION +.Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.5 . +.Sh AUTHORS +.An -nosplit +The +.Nm +program was written by +.An Florian Obser Aq Mt florian@openbsd.org . diff --git a/static/openbsd/man8/unwindctl.8 b/static/openbsd/man8/unwindctl.8 new file mode 100644 index 00000000..f9d70b34 --- /dev/null +++ b/static/openbsd/man8/unwindctl.8 @@ -0,0 +1,80 @@ +.\" $OpenBSD: unwindctl.8,v 1.14 2025/08/03 13:20:36 florian Exp $ +.\" +.\" Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 3 2025 $ +.Dt UNWINDCTL 8 +.Os +.Sh NAME +.Nm unwindctl +.Nd control the unwind daemon +.Sh SYNOPSIS +.Nm +.Op Fl s Ar socket +.Ar command +.Op Ar argument ... +.Sh DESCRIPTION +The +.Nm +program controls the +.Xr unwind 8 +daemon. +.Pp +The following options are available: +.Bl -tag -width Ds +.It Fl s Ar socket +Use +.Ar socket +instead of the default +.Pa /dev/unwind.sock +to communicate with +.Xr unwind 8 . +.El +.Pp +The following commands are available: +.Bl -tag -width Ds +.It Cm log brief +Disable verbose logging. +.It Cm log verbose +Enable verbose logging. +.It Cm log debug +Enable very noisy debug logging. +.It Cm reload +Reload the configuration file. +.It Cm status +Show a status summary. +.It Cm status autoconf +Show nameservers learned from +.Xr dhcpleased 8 +or +.Xr slaacd 8 . +.\" .It Cm status memory +.\" Show memory consumption. +.El +.Sh FILES +.Bl -tag -width "/dev/unwind.sockXX" -compact +.It Pa /dev/unwind.sock +.Ux Ns -domain +socket used for communication with +.Xr unwind 8 . +.El +.Sh SEE ALSO +.Xr unwind.conf 5 , +.Xr unwind 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.5 . diff --git a/static/openbsd/man8/usbdevs.8 b/static/openbsd/man8/usbdevs.8 new file mode 100644 index 00000000..f17787fc --- /dev/null +++ b/static/openbsd/man8/usbdevs.8 @@ -0,0 +1,70 @@ +.\" $OpenBSD: usbdevs.8,v 1.12 2018/07/12 07:58:23 mpi Exp $ +.\" $NetBSD: usbdevs.8,v 1.5 2000/10/15 12:44:11 bjh21 Exp $ +.\" +.\" Copyright (c) 1999 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Lennart Augustsson. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 12 2018 $ +.Dt USBDEVS 8 +.Os +.Sh NAME +.Nm usbdevs +.Nd show USB devices connected to the system +.Sh SYNOPSIS +.Nm +.Op Fl v +.Op Fl a Ar addr +.Op Fl d Ar usbdev +.Sh DESCRIPTION +.Nm +prints a listing of all USB devices connected to the system +with some information about each device. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl a Ar addr +Only print information about the device at the given address. +.It Fl d Ar usbdev +Only print information for the given USB controller. +.It Fl v +Be verbose. +Multiple +.Fl v +options increase the verbosity. +.El +.Sh FILES +.Bl -tag -width Pa +.It Pa /dev/usb[0-9] +Default USB controllers. +.El +.Sh SEE ALSO +.Xr usb 4 +.Sh HISTORY +The +.Nm +command appeared in +.Ox 2.7 . diff --git a/static/openbsd/man8/user.8 b/static/openbsd/man8/user.8 new file mode 100644 index 00000000..960c664d --- /dev/null +++ b/static/openbsd/man8/user.8 @@ -0,0 +1,148 @@ +.\" $OpenBSD: user.8,v 1.24 2022/02/06 00:29:03 jsg Exp $ +.\" $NetBSD: user.8,v 1.9 2001/06/05 11:31:21 wiz Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: February 6 2022 $ +.Dt USER 8 +.Os +.Sh NAME +.Nm user +.Nd manage user login information on the system +.Sh SYNOPSIS +.Nm user +.Cm add +.Fl D +.Op Fl b Ar base-directory +.Op Fl e Ar expiry-time +.Op Fl f Ar inactive-time +.Op Fl g Ar gid | name | Cm =uid +.Op Fl k Ar skel-directory +.Op Fl L Ar login-class +.Op Fl r Ar low Ns .. Ns Ar high +.Op Fl s Ar shell +.Nm user +.Cm add +.Op Fl mov +.Op Fl b Ar base-directory +.Op Fl c Ar comment +.Op Fl d Ar home-directory +.Op Fl e Ar expiry-time +.Op Fl f Ar inactive-time +.Op Fl G Ar secondary-group Ns Op , Ns Ar group , Ns ... +.Op Fl g Ar gid | name | Cm =uid +.Op Fl k Ar skel-directory +.Op Fl L Ar login-class +.Op Fl p Ar password +.Op Fl r Ar low Ns .. Ns Ar high +.Op Fl s Ar shell +.Op Fl u Ar uid +.Ar user +.Nm user +.Cm del +.Fl D +.Op Fl p Ar preserve-value +.Nm user +.Cm del +.Op Fl prv +.Ar user +.Nm user +.Cm info +.Op Fl e +.Ar user +.Nm user +.Cm mod +.Op Fl mov +.Op Fl c Ar comment +.Op Fl d Ar home-directory +.Op Fl e Ar expiry-time +.Op Fl f Ar inactive-time +.Op Fl G Ar secondary-group Ns Op , Ns Ar group , Ns ... +.Op Fl g Ar gid | name | Cm =uid +.Op Fl L Ar login-class +.Op Fl l Ar new-login +.Op Fl p Ar password +.Op Fl s Ar shell +.Op Fl u Ar uid +.Ar user +.Sh DESCRIPTION +The +.Nm +utility acts as a frontend to the +.Xr useradd 8 , +.Xr usermod 8 , +.Xr userinfo 8 , +and +.Xr userdel 8 +commands. +.Pp +For a full explanation of the options, see the relevant manual page. +.Sh FILES +.Bl -tag -width /etc/usermgmt.conf -compact +.It Pa /etc/skel/.[A-z]* +Skeleton files for new user +.It Pa /etc/usermgmt.conf +Configuration file for +.Nm user , +.Xr group 8 +and those backend commands +.El +.Sh EXIT STATUS +.Ex -std user +.Sh SEE ALSO +.Xr chpass 1 , +.Xr group 5 , +.Xr passwd 5 , +.Xr usermgmt.conf 5 , +.Xr useradd 8 , +.Xr userdel 8 , +.Xr userinfo 8 , +.Xr usermod 8 +.Sh STANDARDS +Other implementations of the +.Nm user +utilities use the +.Ar inactive-time +parameter to refer to the maximum number of days allowed between logins (this +is used to lock "stale" accounts that have not been used for a period of time). +However, on +.Ox +systems this parameter refers instead to the password change time. +This is due to differences in the +.Xr passwd 5 +database compared to other operating systems. +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/useradd.8 b/static/openbsd/man8/useradd.8 new file mode 100644 index 00000000..9b8f39b2 --- /dev/null +++ b/static/openbsd/man8/useradd.8 @@ -0,0 +1,282 @@ +.\" $OpenBSD: useradd.8,v 1.35 2016/11/29 03:59:31 jsg Exp $ +.\" $NetBSD: useradd.8,v 1.26 2003/02/25 10:36:21 wiz Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 29 2016 $ +.Dt USERADD 8 +.Os +.Sh NAME +.Nm useradd +.Nd add a user to the system +.Sh SYNOPSIS +.Nm useradd +.Fl D +.Op Fl b Ar base-directory +.Op Fl e Ar expiry-time +.Op Fl f Ar inactive-time +.Op Fl g Ar gid | name | Cm =uid +.Op Fl k Ar skel-directory +.Op Fl L Ar login-class +.Op Fl r Ar low Ns .. Ns Ar high +.Op Fl s Ar shell +.Nm useradd +.Op Fl mov +.Op Fl b Ar base-directory +.Op Fl c Ar comment +.Op Fl d Ar home-directory +.Op Fl e Ar expiry-time +.Op Fl f Ar inactive-time +.Op Fl G Ar secondary-group Ns Op , Ns Ar group , Ns ... +.Op Fl g Ar gid | name | Cm =uid +.Op Fl k Ar skel-directory +.Op Fl L Ar login-class +.Op Fl p Ar password +.Op Fl r Ar low Ns .. Ns Ar high +.Op Fl s Ar shell +.Op Fl u Ar uid +.Ar user +.Sh DESCRIPTION +The +.Nm useradd +utility adds a user to the system, creating and +populating a home directory if necessary. +Any skeleton files will be provided +for the new user if they exist in the +.Ar skel-directory +directory (see the +.Fl k +option). +Default values for +the base directory, +the time of password expiry, +the time of account expiry, +primary group, +the skeleton directory, +the range from which the UID will be allocated, +and default login shell +can be provided in the +.Pa /etc/usermgmt.conf +file, which, if running as root, is created using the built-in defaults if +it does not exist. +.Pp +The first form of the command shown above (using the +.Fl D +option) +sets and displays the defaults for the +.Nm +utility. +.Bl -tag -width Ds +.It Fl b Ar base-directory +Sets the base directory. +This is the directory to which the user directory is added, +which will be created if the +.Fl m +option is specified and no +.Fl d +option is specified. +.It Fl D +Without any further options, +.Fl D +will show the current defaults which +will be used by the +.Nm +utility. +Together with one of the options shown for the first version +of the command, +.Fl D +will set the default to be the new value. +See +.Xr usermgmt.conf 5 +for more information. +.It Fl e Ar expiry-time +Sets the default time at which new accounts will expire. +It should be entered in the form +.Dq month day year , +where month is the month name (the first three characters are +sufficient), day is the day of the month, and year is the year. +Time in seconds since the Epoch (UTC) is also valid. +A value of 0 can be used to disable this feature. +.It Fl f Ar inactive-time +Sets the time at which passwords of new accounts will expire. +Also see the +.Fl e +option above. +.It Fl g Ar gid | name | Cm =uid +Sets the default group for new users. +.It Fl k Ar skel-directory +Sets the skeleton directory in which to find files with +which to populate new users' home directories. +.It Fl L Ar login-class +Sets the default login class for new users. +See +.Xr login.conf 5 +for more information on user login classes. +.It Xo +.Fl r Ar low Ns .. Ns Ar high +.Xc +Sets the low and high bounds of UID ranges for new users. +A new user can only be created if there are UIDs which can be assigned +from one of the free ranges. +.It Fl s Ar shell +Sets the default login shell for new users. +.El +.Pp +In the second form of the command, +after setting any defaults, and then reading values from +.Pa /etc/usermgmt.conf , +the following command line options are processed: +.Bl -tag -width Ds +.It Fl b Ar base-directory +Sets the base directory name, in which the user's new home +directory will be created, should the +.Fl m +option be specified. +.It Fl c Ar comment +Sets the comment field (also, for historical reasons known as the +GECOS field) which will be added for the user, and typically will include +the user's full name and, perhaps, contact information for the user. +.It Fl d Ar home-directory +Sets the home directory which will be created and populated for the user, +should the +.Fl m +option be specified. +.It Fl e Ar expiry-time +Sets the time at which the user account will expire. +It should be entered in the form +.Dq month day year , +where month is the month name (the first three characters are +sufficient), day is the day of the month, and year is the year. +Time in seconds since the Epoch (UTC) is also valid. +A value of 0 can be used to disable this feature. +See +.Xr passwd 5 +for more details. +.It Fl f Ar inactive-time +Sets the time at which the current password will expire. +Also see the +.Fl e +option above. +.It Fl G Ar secondary-group Ns Op , Ns Ar group , Ns ... +Sets the secondary groups to which the user will be added in the +.Pa /etc/group +file. +.It Fl g Ar gid | name | Cm =uid +Gives the group name or identifier to be used for the new user's primary group. +If this is the special string +.Cm =uid , +then a UID and GID will be picked which are both unique +and the same, and a line added to +.Pa /etc/group +to describe the new group. +.It Fl k Ar skel-directory +Gives the skeleton directory in which to find files +with which to populate the new user's home directory. +.It Fl L Ar login-class +This option sets the login class for the user being created. +See +.Xr login.conf 5 +for more information on user login classes. +.It Fl m +Create a new home directory for the new user. +.It Fl o +Allow the new user to have a UID which is already in use for another user. +.It Fl p Ar password +Specifies a password encrypted with +.Xr encrypt 1 +for the new user. +This password can then be changed by using the +.Xr chpass 1 +utility. +If this option is not specified, and no default exists in +.Pa /etc/usermgmt.conf , +the account will be disabled by default. +.It Fl s Ar shell +Specifies the login shell for the new user. +.It Fl u Ar uid +Specifies a UID for the new user. +Boundaries for this value can be preset for all users +by using the +.Ar range +field in the +.Pa /etc/usermgmt.conf +file. +.It Fl v +Enables verbose mode - explain the commands as they are executed. +.El +.Pp +Once the information has been verified, +.Nm +uses +.Xr pwd_mkdb 8 +to update the user database. +This is run in the background and, +at very large sites, could take several minutes. +Until this update is completed, the password file is unavailable for other +updates and the new information is not available to programs. +.Sh FILES +.Bl -tag -width /etc/usermgmt.conf -compact +.It Pa /etc/usermgmt.conf +.It Pa /etc/skel/* +.It Pa /etc/login.conf +.El +.Sh EXIT STATUS +.Ex -std useradd +.Sh SEE ALSO +.Xr chpass 1 , +.Xr group 5 , +.Xr login.conf 5 , +.Xr passwd 5 , +.Xr usermgmt.conf 5 , +.Xr pwd_mkdb 8 , +.Xr user 8 , +.Xr userdel 8 , +.Xr usermod 8 +.Sh STANDARDS +Other implementations of the +.Nm useradd +utility use the +.Ar inactive-time +parameter to refer to the maximum number of days allowed between logins (this +is used to lock "stale" accounts that have not been used for a period of time). +However, on +.Ox +systems this parameter refers instead to the password change time. +This is due to differences in the +.Xr passwd 5 +database compared to other operating systems. +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/userdel.8 b/static/openbsd/man8/userdel.8 new file mode 100644 index 00000000..2b5ca839 --- /dev/null +++ b/static/openbsd/man8/userdel.8 @@ -0,0 +1,142 @@ +.\" $OpenBSD: userdel.8,v 1.18 2016/11/29 03:59:31 jsg Exp $ +.\" $NetBSD: userdel.8,v 1.24 2003/02/25 10:36:21 wiz Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 29 2016 $ +.Dt USERDEL 8 +.Os +.Sh NAME +.Nm userdel +.Nd remove a user from the system +.Sh SYNOPSIS +.Nm userdel +.Fl D +.Op Fl p Ar preserve-value +.Nm userdel +.Op Fl rv +.Op Fl p Ar preserve-value +.Ar user +.Sh DESCRIPTION +The +.Nm +utility removes a user from the system, optionally +removing that user's home directory and any subdirectories. +.Pp +Default values are taken from the information provided in the +.Pa /etc/usermgmt.conf +file, which, if running as root, is created using the built-in defaults if +it does not exist. +.Pp +The first form of the command shown above (using the +.Fl D +option) sets and displays the defaults for the +.Nm +utility. +.Bl -tag -width Ds +.It Fl D +Without any further options, +.Fl D +will show the current defaults which will be used by the +.Nm +utility. +Together with one of the options shown for the first version +of the command, +.Fl D +will set the default to be the new value. +.It Fl p Ar preserve-value +Sets the preservation value. +If this value is one of +.Ql true , +.Ql yes , +or a non-zero number, then the user login information will be preserved. +.El +.Pp +In the second form of the command, +after setting any defaults, and then reading values from +.Pa /etc/usermgmt.conf , +the following command line options are processed: +.Bl -tag -width Ds +.It Fl p Ar preserve-value +Preserve the user information in the password file, +but do not allow the user to login, by switching the +password to an +.Dq impossible +one, and by setting the +user's shell to the +.Xr nologin 8 +program. +This option can be helpful in preserving a user's +files for later use by members of that person's +group after the user has moved on. +This value can also be set in the +.Pa /etc/usermgmt.conf +file, using the +.Ql preserve +field. +If the field has any of the values +.Ql true , +.Ql yes , +or a non-zero number, then user information preservation will take place. +.It Fl r +Remove the user's home directory, any subdirectories, +and any files and other entries in them. +.It Fl v +Perform any actions in a verbose manner. +.El +.Pp +Once the information has been verified, +.Nm +uses +.Xr pwd_mkdb 8 +to update the user database. +This is run in the background and, +at very large sites, could take several minutes. +Until this update is completed, the password file is unavailable for other +updates and the new information is not available to programs. +.Sh FILES +.Bl -tag -width /etc/usermgmt.conf -compact +.It Pa /etc/usermgmt.conf +.El +.Sh EXIT STATUS +.Ex -std userdel +.Sh SEE ALSO +.Xr passwd 5 , +.Xr usermgmt.conf 5 , +.Xr nologin 8 , +.Xr pwd_mkdb 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/userinfo.8 b/static/openbsd/man8/userinfo.8 new file mode 100644 index 00000000..306951db --- /dev/null +++ b/static/openbsd/man8/userinfo.8 @@ -0,0 +1,83 @@ +.\" $OpenBSD: userinfo.8,v 1.15 2016/11/29 03:59:31 jsg Exp $ +.\" $NetBSD: userinfo.8,v 1.8 2003/02/14 16:11:37 grant Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 29 2016 $ +.Dt USERINFO 8 +.Os +.Sh NAME +.Nm userinfo +.Nd display user information +.Sh SYNOPSIS +.Nm userinfo +.Op Fl e +.Ar user +.Sh DESCRIPTION +The +.Nm +utility displays information about the specified +.Ar user . +The fields shown are defined in +.Xr master.passwd 5 . +The encrypted password is only displayed if the calling user is the +superuser. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl e +Do not display anything (quiet mode). +This form of the command is useful for +scripts which need to check whether a particular user +name or UID is already in use on the system. +.El +.Pp +The +.Ar user +argument may be either a user name or a user ID (UID). +.Sh EXIT STATUS +The +.Nm +utility exits 0 if +.Ar user +exists, and non-zero if it does not. +.Sh SEE ALSO +.Xr id 1 , +.Xr passwd 5 , +.Xr groupinfo 8 , +.Xr user 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/usermod.8 b/static/openbsd/man8/usermod.8 new file mode 100644 index 00000000..553a03f6 --- /dev/null +++ b/static/openbsd/man8/usermod.8 @@ -0,0 +1,276 @@ +.\" $OpenBSD: usermod.8,v 1.35 2016/11/30 20:26:37 jmc Exp $ +.\" $NetBSD: usermod.8,v 1.17 2003/02/14 16:11:37 grant Exp $ +.\" +.\" Copyright (c) 1999 Alistair G. Crooks. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 30 2016 $ +.Dt USERMOD 8 +.Os +.Sh NAME +.Nm usermod +.Nd modify user login information +.Sh SYNOPSIS +.Nm usermod +.Op Fl moUvZ +.Op Fl c Ar comment +.Op Fl d Ar home-directory +.Op Fl e Ar expiry-time +.Op Fl f Ar inactive-time +.Op Fl G Ar secondary-group Ns Op , Ns Ar group , Ns ... +.Op Fl g Ar gid | name | Cm =uid +.Op Fl L Ar login-class +.Op Fl l Ar new-login +.Op Fl p Ar password +.Op Fl S Ar secondary-group Ns Op , Ns Ar group , Ns ... +.Op Fl s Ar shell +.Op Fl u Ar uid +.Ar user +.Sh DESCRIPTION +The +.Nm +utility modifies user login information on the system. +.Pp +Default values are taken from the information provided in the +.Pa /etc/usermgmt.conf +file, which, if running as root, is created using the built-in defaults if +it does not exist. +.Pp +After setting any defaults, and then reading values from +.Pa /etc/usermgmt.conf , +the following command line options are processed: +.Bl -tag -width Ds +.It Fl c Ar comment +Sets the comment field (also, for historical reasons known as the +GECOS field) which will be added for the user, and typically will include +the user's full name and, perhaps, contact information for the user. +.It Fl d Ar home-directory +Sets the home directory to +.Ar home-directory +without populating it; if the +.Fl m +option is specified, tries to move the old home directory to +.Ar home-directory . +.It Fl e Ar expiry-time +Sets the time at which the account expires. +It should be entered in the form +.Dq month day year , +where month is the month name (the first three characters are +sufficient), day is the day of the month, and year is the year. +Time in seconds since the Epoch (UTC) is also valid. +A value of 0 can be used to disable this feature. +This value can be preset for new users using the +.Ar expire +field in the +.Pa /etc/usermgmt.conf +file. +See +.Xr usermgmt.conf 5 +for more details. +.It Fl f Ar inactive-time +Sets the time at which the password expires. +See the +.Fl e +option. +.It Fl G Ar secondary-group Ns Op , Ns Ar group , Ns ... +Appends the user to the given groups in the +.Pa /etc/group +file. +.Fl G +and +.Fl S +are mutually exclusive. +.It Fl g Ar gid | name | Cm =uid +Gives the group name or identifier to be used for the user's primary group. +If this is the special string +.Cm =uid , +.Nm +creates a group with the same ID as the UID; +if such a group already exists a warning is given +and no group is created. +Groups can be preset for all users by using the +.Ar group +field in the +.Pa /etc/usermgmt.conf +file. +See +.Xr usermgmt.conf 5 +for more details. +.It Fl L Ar login-class +This option sets the login class for the user being created. +See +.Xr login.conf 5 +for more information on user login classes. +This value can be preset for all users by using the +.Ar class +field in the +.Pa /etc/usermgmt.conf +file. +See +.Xr usermgmt.conf 5 +for more details. +.It Fl l Ar new-login +Gives the new user name. +It must consist of alphanumeric characters, or the characters +.Ql \&. , +.Ql \&- +or +.Ql \&_ . +.It Fl m +Moves the home directory from its old position to the new one. +If +.Fl d +is not specified, the +.Ar new-user +argument of the +.Fl l +option is used; one of +.Fl d +and +.Fl l +is needed. +.It Fl o +Allows duplicate UIDs to be given. +.It Fl p Ar password +Specifies a password encrypted with +.Xr encrypt 1 +for the user. +This password can then be changed by using the +.Xr chpass 1 +utility. +This value can be preset for all users +by using the +.Ar password +field in the +.Pa /etc/usermgmt.conf +file. +See +.Xr usermgmt.conf 5 +for more details. +.It Fl S Ar secondary-group Ns Op , Ns Ar group , Ns ... +Sets the secondary groups the user will be a member of in the +.Pa /etc/group +file. +Setting +.Ar secondary-group +to an empty value (e.g. '') removes the user +from all secondary groups. +.Fl S +and +.Fl G +are mutually exclusive. +.It Fl s Ar shell +Specifies the login shell for the user. +This value can be preset for all users +by using the +.Ar shell +field in the +.Pa /etc/usermgmt.conf +file. +See +.Xr usermgmt.conf 5 +for more details. +.It Fl U +Unlock the account by removing the trailing +.Ql \&- +from the user's shell and the +.Ql \&* +prefix from the password. +.Fl U +and +.Fl Z +are mutually exclusive and cannot be used with +.Fl p . +.It Fl u Ar uid +Specifies a new UID for the user. +Boundaries for this value can be preset for all users +by using the +.Ar range +field in the +.Pa /etc/usermgmt.conf +file. +See +.Xr usermgmt.conf 5 +for more details. +.It Fl v +Enables verbose mode - explain the commands as they are executed. +.It Fl Z +Lock the account by appending a +.Ql \&- +to the user's shell and prefixing the password with +.Ql \&* . +.Fl Z +and +.Fl U +are mutually exclusive and cannot be used with +.Fl p . +.El +.Pp +Once the information has been verified, +.Nm +uses +.Xr pwd_mkdb 8 +to update the user database. +This is run in the background and, +at very large sites, could take several minutes. +Until this update is completed, the password file is unavailable for other +updates and the new information is not available to programs. +.Sh FILES +.Bl -tag -width /etc/usermgmt.conf -compact +.It Pa /etc/usermgmt.conf +.El +.Sh EXIT STATUS +.Ex -std usermod +.Sh SEE ALSO +.Xr chpass 1 , +.Xr group 5 , +.Xr passwd 5 , +.Xr usermgmt.conf 5 , +.Xr pwd_mkdb 8 +.Sh STANDARDS +Other implementations of the +.Nm usermod +utility use the +.Ar inactive-time +parameter to refer to the maximum number of days allowed between logins (this +is used to lock "stale" accounts that have not been used for a period of time). +However, on +.Ox +systems this parameter refers instead to the password change time. +This is due to differences in the +.Xr passwd 5 +database compared to other operating systems. +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 2.7 . +.Sh AUTHORS +The +.Nm +utility was written by +.An Alistair G. Crooks Aq Mt agc@NetBSD.org . diff --git a/static/openbsd/man8/vipw.8 b/static/openbsd/man8/vipw.8 new file mode 100644 index 00000000..a2a83ce5 --- /dev/null +++ b/static/openbsd/man8/vipw.8 @@ -0,0 +1,113 @@ +.\" $OpenBSD: vipw.8,v 1.14 2020/11/01 21:32:04 jmc Exp $ +.\" $NetBSD: vipw.8,v 1.4 1995/01/20 19:19:56 mycroft Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)vipw.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: November 1 2020 $ +.Dt VIPW 8 +.Os +.Sh NAME +.Nm vipw +.Nd edit the password file +.Sh SYNOPSIS +.Nm vipw +.Sh DESCRIPTION +.Nm +edits the password file after setting the appropriate locks, +and does any necessary processing after the password file is unlocked. +If the password file is already locked for editing by another user, +.Nm +will ask you +to try again later. +The default editor for +.Nm +is +.Xr vi 1 . +.Pp +.Nm +performs a number of consistency checks on the password entries, +and will not allow a password file with a +.Dq mangled +entry to be +installed. +If +.Nm +rejects the new password file, the user is prompted to re-enter +the edit session. +.Pp +Once the information has been verified, +.Nm +uses +.Xr pwd_mkdb 8 +to update the user database. +This is run in the background and, +at very large sites, could take several minutes. +Until this update +is completed, the password file is unavailable for other updates +and the new information is not available to programs. +.Pp +Which type of cipher is used to encrypt the password information +depends on the configuration in +.Xr login.conf 5 . +.Sh ENVIRONMENT +If the following environment variable exists, it will be utilized by +.Nm vipw : +.Bl -tag -width EDITOR +.It Ev EDITOR +The editor specified by the string +.Ev EDITOR +will be invoked instead of the default editor +.Xr vi 1 . +.El +.Sh FILES +.Bl -tag -width "/etc/master.passwdXXX" -compact +.It Pa /etc/master.passwd +Current password file. +.It Pa /etc/passwd +Legacy password file. +.It Pa /etc/ptmp +Password lock file. +.It Pa /etc/pwd.db +Insecure password database file. +.It Pa /etc/spwd.db +Secure password database file. +.El +.Sh SEE ALSO +.Xr chpass 1 , +.Xr passwd 1 , +.Xr login.conf 5 , +.Xr passwd 5 , +.Xr adduser 8 , +.Xr pwd_mkdb 8 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.0 . diff --git a/static/openbsd/man8/vmctl.8 b/static/openbsd/man8/vmctl.8 new file mode 100644 index 00000000..00f40285 --- /dev/null +++ b/static/openbsd/man8/vmctl.8 @@ -0,0 +1,440 @@ +.\" $OpenBSD: vmctl.8,v 1.79 2025/06/09 18:43:01 dv Exp $ +.\" +.\" Copyright (c) 2015-2024 Mike Larkin <mlarkin@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: June 9 2025 $ +.Dt VMCTL 8 +.Os +.Sh NAME +.Nm vmctl +.Nd control the virtual machine daemon +.Sh SYNOPSIS +.Nm +.Op Fl v +.Ar command +.Op Ar arg ... +.Sh DESCRIPTION +The +.Nm +utility is used to control the virtual machine monitor (VMM) subsystem. +A VMM manages virtual machines (VMs) on a host. +The VMM subsystem is responsible for creating, destroying, and executing +VMs. +.Pp +The +.Fl v +option enables verbose mode. +Within the commands, +the +.Ar size +argument can be specified with a human-readable scale, +using the format described in +.Xr scan_scaled 3 . +The +.Ar id +argument can be either a numeric, non-zero identifier or alternatively +the name of a virtual machine. +.Pp +The +.Ar name +argument can only consist of alphanumeric characters, as well as '.', '-', +and '_', +and must start with a letter. +.Pp +The +.Ar disk +argument is used by commands that take a path to a disk image file. +It may be prefixed with a format prefix +.Pf ( raw : Ns Ar disk +or +.Pf qcow2 : Ns Ar disk ) +.Sm on +in order to specify the disk image format. +If left unspecified, the format defaults to +.Sq raw +if it cannot be derived automatically. +.Pp +The commands are as follows: +.Bl -tag -width Ds +.It Cm console Ar id +Using +.Xr cu 1 +connect to the console of the VM with the specified +.Ar id . +.It Cm create Oo Fl b Ar base | Fl i Ar disk Oc Oo Fl s Ar size Oc Ar disk +Create a VM disk image file with the specified +.Ar disk +path. +.Bl -tag -width "-i input" +.It Fl b Ar base +For +.Sq qcow2 , +a +.Ar base +image may be specified. +The base image is not modified and the derived image contains only the +changes written by the VM. +.It Fl i Ar disk +Copy and convert the input +.Ar disk +to the newly created disk. +This option conflicts with +.Fl b Ar base . +.It Fl s Ar size +Specify the +.Ar size +of the new disk image, rounded to megabytes. +If the +.Fl b +option is specified, the size must match the size of the +.Ar base +image. +For the +.Fl i +option, the size cannot be smaller than the input disk size. +The size can be omitted with the +.Fl b +and +.Fl i +options and will be obtained from the base or input image respectively. +.El +.It Cm load Ar filename +Load additional configuration from the specified file. +.It Cm log brief | verbose +Disable or enable verbose debug logging. +.It Cm pause Ar id +Pause a VM with the specified +.Ar id . +.It Cm reload +Remove all stopped VMs and reload the configuration from the default +configuration file. +VMs that are currently running will not have their configuration reloaded. +To reload configurations for currently running VMs, stop those VMs before +issuing the reload command. +.It Cm reset Op Cm all | switches | vms +Reset the running state, +reset +.Cm switches , +or reset and terminate all +.Cm vms . +.It Cm show Oo Fl r Oc Op Ar id +An alias for the +.Cm status +command. +.It Xo Cm start +.Op Fl cL +.Bk -words +.Op Fl B Ar device +.Op Fl b Ar path +.Op Fl d Ar disk +.Op Fl i Ar count +.Op Fl m Ar size +.Op Fl n Ar switch +.Op Fl r Ar path +.Op Fl t Ar name +.Ar id | name +.Ek +.Xc +Start a new VM +.Ar name +with the specified parameters. +An existing VM may be started by referencing its +.Ar id . +.Bl -tag -width "-I parent" +.It Fl B Ar device +Force system to boot from the specified device for this boot. +.Ar device +can be set to: +.Pp +.Bl -tag -width "cdrom" -compact +.It Ar cdrom +Boot the CD-ROM image. +.It Ar disk +Boot from disk. +.It Ar net +Perform a PXE boot using the first network interface. +.El +.Pp +Currently +.Ar net +is only supported when booting a kernel using the +.Fl b +flag while +.Ar disk +and +.Ar cdrom +only work with VMs booted using BIOS. +.It Fl b Ar path +Boot the VM with the specified +.Ox +kernel or custom BIOS image. +If not specified, the default is to boot using the BIOS image in +.Pa /etc/firmware/vmm-bios . +If the VM is an existing VM, use the provided image for only the next boot. +.It Fl c +Automatically connect to the VM console. +.It Fl d Ar disk +Use a disk image at the specified +.Ar disk +path (may be specified multiple times to add multiple disk images). +.It Fl i Ar count +Number of network interfaces to add to the VM. +.It Fl L +Add a local network interface. +.Xr vmd 8 +will auto-generate an IPv4 subnet for the interface, +configure a gateway address on the VM host side, +and run a simple DHCP/BOOTP server for the VM. +See +.Sx LOCAL INTERFACES +below for more information on how addresses are calculated and assigned when +using the +.Fl L +option. +.It Fl m Ar size +Memory +.Ar size +of the VM, rounded to megabytes. +The default is 512M. +The maximum amount of memory assignable to a VM is governed by the datasize +parameter for the vmd user in +.Pa /etc/login.conf . +.It Fl n Ar switch +Add a network interface that is attached to the specified virtual +.Ar switch . +See the SWITCH CONFIGURATION section in +.Xr vm.conf 5 +for more information. +.It Fl r Ar path +ISO image file for virtual CD-ROM. +This image file will be available in the +selected VM as a SCSI CD-ROM device attached to a virtio SCSI adapter +(e.g.\& +.Xr vioscsi 4 ) . +.It Fl t Ar name +Use an existing VM with the specified +.Ar name +as a template to create a new VM instance. +The instance will inherit settings from the parent VM, +except for exclusive options such as disk, interface lladdr, and +interface names. +.El +.It Cm status Oo Fl r Oc Op Ar id +List VMs running on the host, optionally listing just the selected VM +.Ar id . +If the +.Fl r +flag is present, the output will only contain running VMs. +.It Cm stop Oo Fl fw Oc Oo Fl a | Ar id Oc +Stop (terminate) a VM defined by the specified VM +.Ar id +or all running VMs +.Pq Fl a . +By default, +a graceful shutdown will be attempted if the VM supports the +.Xr vmmci 4 +device. +.Pp +The following options can be specified when stopping a VM: +.Bl -tag -width "-w" +.It Fl f +Forcefully stop the VM without attempting a graceful shutdown. +.It Fl w +Wait until the VM has been terminated. +.El +.It Cm unpause Ar id +Unpause (resume from a paused state) a VM with the specified +.Ar id . +.It Cm wait Ar id +Wait until the specified VM has stopped. +.El +.Pp +If the +.Fl i , +.Fl L , +or +.Fl n +options are specified during VM startup, a corresponding number +of host-side +.Xr tap 4 +interfaces will be allocated and mapped to the +.Xr vio 4 +interfaces inside the guest VM. +This tap/vio interface mapping +allows guest network traffic to be manipulated by the host. +Any valid host-side interface configuration may be performed on these +tap interfaces, such as bridging (via +.Xr veb 4 ) , +or using +.Xr pf 4 +nat-to rules to create private or host-side NATed networks, as desired. +For each +.Xr tap 4 +network interface on the host, +.Xr vmd 8 +will set the interface's description to allow easy identification of +the corresponding VM by ID, interface number, and name: +.Bd -literal -offset indent +# ifconfig tap0 +tap0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 + lladdr fe:e1:ba:d8:50:d1 + description: vm1-if0-myvm + index 15 priority 0 llprio 3 + groups: tap + status: active +.Ed +.Sh LOCAL INTERFACES +Local interfaces can be used to easily configure VM networking without +needing to manually assign network addresses. +A local interface is added +to a VM using the -L option to the 'vmctl start' command and results in the +addition of a +.Xr vio 4 +interface inside the VM and a corresponding +.Xr tap 4 +interface on the host. +When using local interfaces, +.Xr vmd 8 +will provide DHCP services to the guest VM and offer addresses selected +from the 100.64.0.0/10 IPv4 range. +From within the 100.64.0.0/10 +range, +.Xr vmd 8 +allocates a pair of addresses for the guest-side +.Xr vio 4 +and host-side +.Xr tap 4 +interfaces as follows: +.Pp +For the first local interface: +.Bl -bullet -compact +.It +The host (tapX) address is assigned 100.64.n.2, +where 'n' is the numeric VM ID visible in the 'vmctl status' command +.It +The guest (vio0) address is assigned 100.64.n.3 +.El +.Pp +For the second and subsequent local interface(s): +.Bl -bullet -compact +.It +The second local interface uses 100.64.n.4 and 100.64.n.5 for the +host (tapX) and guest (vio1) interfaces, respectively. +.It +Subsequent local interfaces are numbered similarly, continuing with 100.64.n.6 +and 100.64.n.7, etc +.El +.Pp +Multiple -L options can be provided to the 'vmctl start' command, if more than +one interface is desired. +Local interfaces are assigned to the VM before +any other interfaces specified with the -i option (thus, local interfaces, +if requested, are numbered starting at vio0 inside the guest VM). +.Pp +If NAT is desired, the +.Va net.inet.ip.forwarding +.Xr sysctl 8 +must also be set to 1. +.Pp +When using local interfaces, the DHCP configuration offered to the guest VM +specifies the address of the corresponding host +.Xr tap 4 +interface as both the default route and the (sole) nameserver. +Guest VM traffic can optionally be NATed through the host +with an entry in the host machine's +.Pa /etc/pf.conf +similar to the following: +.Bd -literal -offset indent +pass out on egress from 100.64.0.0/10 to any nat-to (egress) +.Ed +.Pp +If desired, DNS queries originating from guest VMs can be redirected to a +different DNS server with an entry in the host machine's +.Pa /etc/pf.conf +similar to the following: +.Bd -literal -offset indent +pass in proto { udp tcp } from 100.64.0.0/10 to any port domain \e + rdr-to $dns_server port domain +.Ed +.Sh FILES +.Bl -tag -width "/etc/var/run/vmd.sockXX" -compact +.It Pa /etc/vm.conf +Default configuration file. +.It Pa /var/run/vmd.sock +.Ux Ns -domain +socket used for communication with +.Xr vmd 8 . +.El +.Sh EXIT STATUS +.Ex -std vmctl +.Nm +may fail due to one of the following reasons: +.Pp +.Bl -bullet -compact +.It +The VMM subsystem could not be enabled or disabled as requested. +.It +A requested VM-based operation could not be completed. +.El +.Sh EXAMPLES +Create a 4.5 Gigabyte disk image, disk.img: +.Bd -literal -offset indent +$ vmctl create -s 4.5G disk.img +.Ed +.Pp +Convert a disk image from the +.Sq raw +format to +.Sq qcow2 : +.Bd -literal -offset indent +$ vmctl create -i disk.img disk.qcow2 +.Ed +.Pp +Create a new VM with 1GB memory, one network interface, one disk image +('disk.img') and boot from kernel '/bsd': +.Bd -literal -offset indent +# vmctl start -m 1G -i 1 -b /bsd -d disk.img "myvm" +.Ed +.Pp +Start a new VM instance with the name 'myvm' from a pre-configured +VM 'openbsd.4G': +.Bd -literal -offset indent +# vmctl start -t "openbsd.4G" -d mydisk.img "myvm" +.Ed +.Pp +Terminate VM number 1: +.Bd -literal -offset indent +# vmctl stop 1 +.Ed +.Sh SEE ALSO +.Xr pf 4 , +.Xr tap 4 , +.Xr veb 4 , +.Xr vio 4 , +.Xr vmm 4 , +.Xr vm.conf 5 , +.Xr rc.conf 8 , +.Xr sysctl 8 , +.Xr vmd 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 5.9 . +.Sh AUTHORS +.An -nosplit +.An Mike Larkin Aq Mt mlarkin@openbsd.org +and +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/static/openbsd/man8/vmd.8 b/static/openbsd/man8/vmd.8 new file mode 100644 index 00000000..30402ec9 --- /dev/null +++ b/static/openbsd/man8/vmd.8 @@ -0,0 +1,140 @@ +.\" $OpenBSD: vmd.8,v 1.12 2024/09/24 20:02:39 jmc Exp $ +.\" +.\" Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 24 2024 $ +.Dt VMD 8 +.Os +.Sh NAME +.Nm vmd +.Nd virtual machine daemon +.Sh SYNOPSIS +.Nm vmd +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Sh DESCRIPTION +.Nm +is a daemon responsible for the execution of virtual machines (VMs) on a +host. +.Nm +is typically started at boot time and is controlled via +.Xr vmctl 8 . +.Pp +To have +.Nm +enabled at boot time, use +.Dq rcctl enable vmd , +which sets +.Pp +.Dl vmd_flags=\(dq\(dq +.Pp +in +.Xr rc.conf.local 8 . +.Pp +.Nm +interfaces with the virtual machine monitor (VMM) built into the kernel. +One instance of +.Nm +will be spawned for each VM running on the host, plus extra instances +for control operations. +Each child +.Nm +will in turn create one or more VCPU (virtual CPU) threads responsible for +driving the VM's operations using +.Xr vmm 4 . +.Pp +.Nm +is also responsible for proxying various other commands/requests from +.Xr vmctl 8 , +such as stopping VMs, and retrieving information from +.Xr vmm 4 +about running VMs. +.Pp +When the host machine is shut down, +.Nm +sends each running VM a shutdown request via the +.Xr vmmci 4 +device. +If the VMs are vmmci-aware, +this provides each VM the chance to shut down cleanly in anticipation +of host shutdown. +During shutdown, +.Nm +waits 30 seconds for the VMs to terminate cleanly before forcibly +stopping them. +This 30 second default can be changed by +.Dq rcctl set vmd timeout n , +where 'n' is the desired timeout in seconds. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +The default is +.Pa /etc/vm.conf . +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +Verbose mode. +Multiple +.Fl v +options increase the verbosity. +.El +.Sh FILES +.Bl -tag -width "/etc/firmware/vmm-biosXX" -compact +.It Pa /etc/firmware/vmm-bios +Default BIOS boot image. +The BIOS is an external firmware file that is distributed separately +due to an incompatible license. +A prepackaged version of the firmware can be installed using +.Xr fw_update 8 . +.It Pa /etc/vm.conf +Default configuration file. +This is optional. +.It Pa /var/run/vmd.sock +.Ux Ns -domain +socket used for communication with +.Xr vmctl 8 . +.El +.Sh SEE ALSO +.Xr vmm 4 , +.Xr vmmci 4 , +.Xr vm.conf 5 , +.Xr rc.conf 8 , +.Xr vmctl 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 5.9 . +.Sh AUTHORS +.An -nosplit +.An Mike Larkin Aq Mt mlarkin@openbsd.org +and +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/static/openbsd/man8/vmstat.8 b/static/openbsd/man8/vmstat.8 new file mode 100644 index 00000000..a4a7d4e1 --- /dev/null +++ b/static/openbsd/man8/vmstat.8 @@ -0,0 +1,221 @@ +.\" $OpenBSD: vmstat.8,v 1.40 2019/12/06 19:15:16 jmc Exp $ +.\" $NetBSD: vmstat.8,v 1.12 1996/05/10 23:19:30 thorpej Exp $ +.\" +.\" Copyright (c) 1986, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)vmstat.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd $Mdocdate: December 6 2019 $ +.Dt VMSTAT 8 +.Os +.Sh NAME +.Nm vmstat +.Nd report statistics about kernel activities +.Sh SYNOPSIS +.Nm vmstat +.Op Fl fimstvz +.Nm vmstat +.Op Fl c Ar count +.Op Fl M Ar core +.Op Fl N Ar system +.Op Fl w Ar wait +.Op Ar disk ... +.Sh DESCRIPTION +.Nm +reports certain kernel statistics kept about process, virtual memory, +disk, trap, and CPU activity. +The default behavior is to print a one-line summary of these statistics. +The +.Fl c +and +.Fl w +flags may be used to continually report summaries. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl c Ar count +Repeat the display +.Ar count +times. +The first display is for the time since a reboot and each subsequent report +is for the time period since the last display. +If no +.Ar wait +interval is specified, the default is 1 second. +.It Fl f +Report on the number of +.Xr fork 2 , +.Xr __tfork 3 , +and +.Xr vfork 2 +system calls as well as kernel thread creations since system startup, +and the number of pages of virtual memory involved in each. +.It Fl i +Report on the number of interrupts taken by each device since system +startup. +.It Fl M Ar core +Extract values associated with the name list from the specified core +instead of the running kernel. +.It Fl m +Report on the usage of kernel dynamic memory listed first by size of +allocation and then by type of usage. +.It Fl N Ar system +Extract the name list from the specified system instead of the running kernel. +.It Fl s +Display the contents of the +.Va uvmexp +structure (see +.Xr uvm_init 9 ) , +giving the total number of several kinds of paging related +events which have occurred since system startup. +.It Fl t +Report on the number of page in and page reclaims since system startup, +and the amount of time required by each. +.It Fl v +Print more verbose information. +.It Fl w Ar wait +Pause +.Ar wait +seconds between each display. +If no repeat +.Ar count +is specified, the default is infinity. +.It Fl z +When used with +.Fl i , +also list devices which have not yet generated an interrupt. +.El +.Pp +By default, +.Nm +displays the following information just once: +.Bl -tag -width Ds +.It Li procs +Information about the numbers of processes in various states. +.Pp +.Bl -tag -width 4n -compact +.It Li r +in run queue +.It Li s +sleeping +.El +.It Li memory +Information about the usage of virtual and real memory. +.Pp +.Bl -tag -width 4n -compact +.It Li avm +active virtual pages +.It Li fre +size of the free list +.El +.It Li page +Information about page faults and paging activity. +These are averaged each five seconds, and given in units per second. +.Pp +.Bl -tag -width 4n -compact +.It Li flt +page faults +.It Li re +page reclaims (simulating reference bits) +.It Li pi +pages paged in +.It Li po +pages paged out +.It Li fr +pages freed +.It Li sr +pages scanned by clock algorithm +.El +.It Li disks +Disk transfers per second. +Typically paging will be split across the available drives. +The header of the field is the first character of the disk name and +the unit number. +If more than two disk drives are configured in the system, +.Nm +displays only the first two drives. +To force +.Nm +to display specific drives, their names may be supplied on the command line. +.It Li traps +Trap/interrupt rate averages per second over last 5 seconds. +.Pp +.Bl -tag -width 4n -compact +.It Li int +device interrupts per interval (including clock interrupts) +.It Li sys +system calls per interval +.It Li cs +CPU context switch rate (switches/interval) +.El +.It Li cpu +Breakdown of percentage usage of CPU time. +.Pp +.Bl -tag -width 4n -compact +.It Li us +user time for normal and low priority processes +.It Li sy +system time +.It Li id +CPU idle +.El +.El +.Sh FILES +.Bl -tag -width Pa -compact +.It Pa /bsd +default kernel image +.It Pa /dev/kmem +default memory file +.El +.Sh EXAMPLES +The command +.Ic vmstat -w 5 +will print what the system is doing every five +seconds; this is a good choice of printing interval since this is how often +some of the statistics are sampled in the system. +Others vary every second and running the output for a while will make it +apparent which are recomputed every second. +.Sh SEE ALSO +.Xr fstat 1 , +.Xr netstat 1 , +.Xr nfsstat 1 , +.Xr procmap 1 , +.Xr ps 1 , +.Xr systat 1 , +.Xr top 1 , +.Xr iostat 8 , +.Xr pstat 8 , +.Xr uvm_init 9 +.Sh BUGS +The +.Fl c +and +.Fl w +options are only available with the default output. +.Pp +This manual page lacks an incredible amount of detail. diff --git a/static/openbsd/man8/vnconfig.8 b/static/openbsd/man8/vnconfig.8 new file mode 100644 index 00000000..a1cf4835 --- /dev/null +++ b/static/openbsd/man8/vnconfig.8 @@ -0,0 +1,176 @@ +.\" $OpenBSD: vnconfig.8,v 1.7 2022/08/16 13:59:51 kn Exp $ +.\" +.\" Copyright (c) 1993 University of Utah. +.\" Copyright (c) 1980, 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" the Systems Programming Group of the University of Utah Computer +.\" Science Department. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)vnconfig.8 8.1 (Berkeley) 6/5/93 +.\" +.\" +.\" Copyright (c) 2007 Alexander von Gernler <grunk@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 16 2022 $ +.Dt VNCONFIG 8 +.Os +.Sh NAME +.Nm vnconfig +.Nd configure vnode disks +.Sh SYNOPSIS +.Nm vnconfig +.Op Fl v +.Oo +.Fl k | K Ar rounds +.Op Fl S Ar saltfile +.Oc +.Op Fl t Ar disktype +.Op Ar vnd_dev +.Ar image +.Nm vnconfig +.Fl l +.Op Ar vnd_dev +.Nm vnconfig +.Fl u +.Op Fl v +.Ar vnd_dev +.Sh DESCRIPTION +The +.Nm vnconfig +command configures vnode pseudo disk devices. +It will associate (or disassociate) the special file +.Ar vnd_dev +with the regular file +.Ar image , +allowing the latter to be accessed as though it were a disk. +If +.Ar vnd_dev +is not specified, an unused one will be allocated and the name printed +to +.Va stdout . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl K Ar rounds +Associate an encryption key with the device. +All data will be encrypted using the Blowfish cipher before it is +written to the disk. +The user is asked for both a passphrase and the name of a salt file. +The salt file can also be specified on the command line using the +.Fl S +option. +The passphrase and salt are combined according to PKCS #5 PBKDF2 for the +specified number of +rounds to generate the actual key used. +.Ar rounds +is a number between 1000 and +.Dv INT_MAX . +DO NOT LOSE THE SALT FILE. +.It Fl k +Associate an encryption key with the device. +The user is asked for the encryption key. +All data will be encrypted using the Blowfish cipher before it is +written to the disk. +.It Fl l +List the vnd devices and indicate which ones are in use. +If a specific +.Ar vnd_dev +is given, then only that one will be described. +.It Fl S Ar saltfile +When +.Fl K +is used, specify the +.Pa saltfile . +.It Fl t Ar disktype +Specify a +.Ar disktype +entry from the +.Xr disktab 5 +database. +The +.Ar vnd_dev +will have the sector size, sectors per track, and tracks per cylinder values +of the specified +.Ar disktype . +The defaults are 512-byte sectors, 100 sectors per track and 1 track per +cylinder. +.It Fl u +Unconfigure a +.Ar vnd_dev . +.It Fl v +Print messages to stderr describing actions taken. +.El +.Sh FILES +.Bl -tag -width /etc/rvnd?? -compact +.It Pa /dev/{,r}vnd* +.El +.Sh EXAMPLES +Configure a CD-ROM or DVD image file as vnode disk vnd0 +and mount the ISO 9660 file system contained in it: +.Bd -literal -offset indent +# vnconfig vnd0 /tmp/diskimage +# mount -t cd9660 /dev/vnd0c /mnt +.Ed +.Pp +Configure an encrypted image file as vnode disk vnd0 and mount the FFS +file system contained in the +.Sq a +partition of the disklabel. +Same as above, but now configure the vnode using PKCS #5 PBKDF2 and +a salt file with 20000 rounds: +.Bd -literal -offset indent +# vnconfig -K 20000 vnd0 /tmp/cryptimg +Encryption key: +Salt file: /tmp/cryptsalt +# mount /dev/vnd0a /mnt +.Ed +.Sh SEE ALSO +.Xr vnd 4 , +.Xr disktab 5 , +.Xr fstab 5 , +.Xr mount 8 , +.Xr swapon 8 , +.Xr umount 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 4.2 . diff --git a/static/openbsd/man8/watchdogd.8 b/static/openbsd/man8/watchdogd.8 new file mode 100644 index 00000000..ef9ecdec --- /dev/null +++ b/static/openbsd/man8/watchdogd.8 @@ -0,0 +1,95 @@ +.\" $OpenBSD: watchdogd.8,v 1.14 2013/07/16 11:13:34 schwarze Exp $ +.\" +.\" Copyright (c) 2005 Marc Balmer <mbalmer@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 16 2013 $ +.Dt WATCHDOGD 8 +.Os +.Sh NAME +.Nm watchdogd +.Nd watchdog timer retrigger daemon +.Sh SYNOPSIS +.Nm watchdogd +.Op Fl dnq +.Op Fl i Ar interval +.Op Fl p Ar period +.Sh DESCRIPTION +.Nm +is a daemon to activate and periodically retrigger the +.Xr watchdog 4 +timer device from userland. +.Nm +is designed to work in high load environments, +where other methods +(such as a shell script invoking +.Xr sysctl 8 ) +would involve too much overhead. +.Pp +The basic premise is that +after every +.Ar interval +seconds, +.Nm +resets the hardware timer to +.Ar period . +See also +.Xr watchdog 4 +for more information on how watchdog timers work. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground. +.It Fl i Ar interval +Specify how often, in seconds, +.Nm +should retrigger the hardware timer. +If no interval is specified, +the value of +.Ar period +(see below) +divided by three is used. +.It Fl n +Do not restore the watchdog to its original values once it has been activated. +With this set, the system will be rebooted by the watchdog even after a +.Xr halt 8 . +.It Fl p Ar period +Set the hardware timer to expire in +.Ar period +seconds. +The default is 30 seconds. +.It Fl q +Be quiet. +With this option specified, +.Nm +will not output a warning message if the underlying hardware adjusted the +timeout period. +.El +.Sh SEE ALSO +.Xr watchdog 4 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +program +first appeared in +.Ox 3.8 . +.Sh AUTHORS +.Nm +was written by +.An Marc Balmer Aq Mt mbalmer@openbsd.org . diff --git a/static/openbsd/man8/wsconscfg.8 b/static/openbsd/man8/wsconscfg.8 new file mode 100644 index 00000000..f6d08dc5 --- /dev/null +++ b/static/openbsd/man8/wsconscfg.8 @@ -0,0 +1,162 @@ +.\" $OpenBSD: wsconscfg.8,v 1.21 2024/11/06 17:14:03 miod Exp $ +.\" $NetBSD: wsconscfg.8,v 1.5 1999/05/15 14:45:06 drochner Exp $ +.\" +.\" Copyright (c) 1999 +.\" Matthias Drochner. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 6 2024 $ +.Dt WSCONSCFG 8 +.Os +.Sh NAME +.Nm wsconscfg +.Nd configure virtual terminals on a wscons display +.Sh SYNOPSIS +.Nm wsconscfg +.Op Fl dFgkm +.Op Fl e Ar emul +.Op Fl f Ar ctldev +.Op Fl t Ar type +.Ar index +.Sh DESCRIPTION +The +.Nm +tool allows for the viewing, creation and removal of virtual terminals +on display devices controlled by the wscons terminal framework, +as long as the underlying display hardware driver supports multiple screens. +Furthermore, it controls the assignment of keyboards to displays. +.Pp +The +.Ar index +argument specifies which virtual terminal is to be configured. +Valid numbers range from 0 to an implementation-specified value +(currently 11, allowing for 12 virtual terminals on a display). +In keyboard configuration mode +(see +.Fl k , +below), +it specifies the +.Xr wskbd 4 +device to attach or detach. +Without further option arguments, a virtual terminal is created with +implementation specific properties and a default terminal emulation variant +selected at kernel compile time. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d +Delete the specified terminal. +Any specified terminal that is currently open by a program will not be deleted +unless the +.Fl F +option is also given. +Terminals used by the operating system console or a graphics program (X server) +cannot be deleted. +With the +.Fl k +flag, the keyboard specified by +.Ar index +will be detached from the wscons display. +With the +.Fl m +flag, the multiplexor specified by +.Ar index +will be detached from the wscons display. +.It Fl e Ar emul +Specify the terminal emulation to use for the virtual terminal. +The set of available terminal emulations is determined at kernel compile time. +See +.Xr wscons 4 +for details. +.It Fl F +Force deletion of a terminal, keyboard, or multiplexor, +even if it is in use by a userspace program. +.It Fl f Ar ctldev +Specify the control device of the wscons display to operate on. +The default is +.Pa /dev/ttyCcfg . +.It Fl g +Print the index of the virtual terminal specified by +.Ar index . +If the +.Ar index +argument is omitted, the index of the current virtual terminal is printed. +.It Fl k +Do keyboard related operations instead of virtual screen configuration. +Without other flags, a keyboard will be attached to the display device. +The +.Ar index +argument can be omitted: in that case the first free keyboard will be used. +.It Fl m +Do multiplexor related operations instead of virtual screen configuration. +Without other flags, a multiplexor will be attached to the display device. +.It Fl t Ar type +Specify a screen type to use. +Screen types refer to display format, color depth, and other low-level +display properties. +Valid +.Ar type +arguments are defined by the underlying display device driver. +.El +.\" .Pp +.\" Typically, the +.\" .Nm +.\" utility will be invoked in system startup by the +.\" .Pa /etc/rc.wscons +.\" script, controlled by the +.\" .Pa /etc/wscons.conf +.\" configuration file. +.Sh EXAMPLES +Configure screen 1 (i.e., the second) for type +.Dq 80x50 +and VT100 terminal emulation. +(Note: +.Dq 80x50 +is a screen type offered by the +.Xr vga 4 +display driver. +In this particular case, an 8x8-font must be loaded beforehand to make the +screen useful. +See +.Xr wsfontload 8 . ) +.Pp +.D1 # wsconscfg -t 80x50 -e vt100 1 +.Pp +Connect the first unconnected keyboard to the display: +.Pp +.Dl # wsconscfg -k +.\" .Sh FILES +.\" .Bl -tag -width /etc/wscons.conf -compact +.\" .It Pa /etc/wscons.conf +.\" wscons configuration file +.\" .El +.Sh SEE ALSO +.Xr wscons 4 , +.Xr wskbd 4 , +.Xr wsconsctl 8 , +.Xr wsfontload 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 2.8 . diff --git a/static/openbsd/man8/wsconsctl.8 b/static/openbsd/man8/wsconsctl.8 new file mode 100644 index 00000000..afad7dac --- /dev/null +++ b/static/openbsd/man8/wsconsctl.8 @@ -0,0 +1,242 @@ +.\" $OpenBSD: wsconsctl.8,v 1.29 2025/12/19 23:53:47 jsg Exp $ +.\" $NetBSD: wsconsctl.8,v 1.5 1999/09/12 18:47:11 kleink Exp $ +.\" +.\" Copyright (c) 1998 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Juergen Hannken-Illjes. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\"/ +.Dd $Mdocdate: December 19 2025 $ +.Dt WSCONSCTL 8 +.Os +.Sh NAME +.Nm wsconsctl +.Nd get or set wscons state +.Sh SYNOPSIS +.Nm wsconsctl +.Op Fl an +.Nm wsconsctl +.Op Fl n +.Op Fl f Ar file +.Ar name ... +.Nm wsconsctl +.Op Fl n +.Op Fl f Ar file +.Ar name Ns = Ns Ar value ... +.Sh DESCRIPTION +The +.Nm +command displays or sets various wscons system driver variables. +If a list of variables is present on the command line, +.Nm +prints the current value of those variables for the specified device. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +Print all device variables and their current values. +This is the default, if no parameters are given to +.Nm . +.It Fl f Ar file +Specify an alternative control device. +.It Fl n +Suppress printing of the variable name in the output. +.It Ar name Ns = Ns Ar value +Attempt to set the specified variable +.Ar name +to +.Ar value . +The value can be specified as either an absolute, by using the +.Ql = +symbol, +or as a relative value, by using the +.Ql += +or +.Ql -= +symbols. +See the +.Sx EXAMPLES +section for more details. +.El +.Pp +The +.Nm +utility can be used to view and modify aspects of the keyboard, +display, and mouse using the standard, machine-independent +workstation console device driver +.Xr wscons 4 . +.Pp +The keyboard type can be modified, the keyboard bell's pitch, period, +and duration can be modified, +the +.Ar typematic +value can be changed, and the keyboard encoding can be modified +to switch keys, should the user find a keyboard's default layout +difficult to use. +.Pp +Alternatively, the mapping can be modified or an entirely new mapping +created for an unsupported keyboard layout. +The current mapping can be +printed with +.Nm +.Ar keyboard.map . +The value for each keycode specifies the keysym that is output when +each of +.Ar Key , +.Ar Shift ++ +.Ar Key , +.Ar AltGr ++ +.Ar Key , +or +.Ar Shift ++ +.Ar AltGr ++ +.Ar Key +is pressed. +.Pp +There are also definitions relating to video +control and cursor control, which are not applicable to +all display types, and to text emulation and graphics +(mapped) modes. +.Pp +Use the +.Xr kbd 8 +utility to determine which keyboard encodings are available for your +country. +.Pp +A keyboard encoding can also be specified in +.Pa /etc/kbdtype . +.Sh FILES +.Bl -tag -width /usr/include/dev/wscons/wsconsio.h -compact +.It Pa /dev/ttyC0 +display control device +.It Pa /dev/wskbd0 +keyboard control device +.It Pa /dev/wsmouse0 +mouse control device +.It Pa /etc/kbdtype +default keyboard mapping +.It Pa /etc/wsconsctl.conf +a list of parameters that get set at system startup time from +.Xr rc 8 +.It Pa /usr/include/dev/wscons/wsconsio.h +keyboard/mouse/display definitions +.El +.Sh EXAMPLES +Set a UK keyboard encoding: +.Pp +.Dl # wsconsctl keyboard.encoding=uk +.Pp +Modify the current keyboard encoding so that, when the +.Ar Caps Lock +key is pressed, the same encoding sequence as +.Ar Left Control +is sent. +For a full list of keysyms, and keycodes, refer +to the +.Ar /usr/include/dev/wscons/wsksymdef.h +file. +.Pp +.Dl # wsconsctl keyboard.map+="keysym Caps_Lock = Control_L" +.Pp +Assign the +.Ar Right Alt +key to be the group modifier (layout is changed while the key is pressed): +.Pp +.Dl # wsconsctl keyboard.map+="keycode 184=Mode_switch" +.Pp +Assign the +.Ar Right Control +key to be the lock for the group modifier. +The effect of +.Ar Mode_Lock +and +.Ar Mode_switch +is not mutually exclusive, to be consistent with +.Ar Caps Lock +and +.Ar Shift +behaviour. +.Pp +.Dl # wsconsctl keyboard.map+="keycode 157=Mode_Lock" +.Pp +Set a US keyboard encoding, with the +.Ar Caps Lock +and +.Ar Left Control +keys swapped. +The +.Ar .swapctrlcaps +encoding does not work for all national keyboard encodings. +For most purposes, the ability to set the value returned +by the +.Ar Caps Lock +key is enough \- see the previous example for details. +.Pp +.Dl # wsconsctl keyboard.encoding=us.swapctrlcaps +.Pp +Update the keyboard mapping so that the @ symbol is output when the +key combination +.Ar AltGr ++ +.Ar L +is pressed as well as a few other tweaks for a German Apple keyboard. +Note that the 7 key defines behaviour for all key combinations. +.Pp +.Dl # wsconsctl keyboard.map+="keycode 15 = l L at" +.Dl # wsconsctl keyboard.map+="keycode 34 = 5 percent bracketleft" +.Dl # wsconsctl keyboard.map+="keycode 35 = 6 ampersand bracketright" +.Dl # wsconsctl keyboard.map+="keycode 36 = 7 slash bar backslash" +.Dl # wsconsctl keyboard.map+="keycode 37 = 8 parenleft braceleft" +.Dl # wsconsctl keyboard.map+="keycode 38 = 9 parenright braceright" +.Pp +Set the bell pitch to be 1200: +.Pp +.Dl # wsconsctl keyboard.bell.pitch=1200 +.Pp +Add 200 to the current pitch of the bell: +.Pp +.Dl # wsconsctl keyboard.bell.pitch+=200 +.Pp +Set the display font to Gallant: +.Pp +.Dl # wsconsctl display.font=Gallant +.Sh SEE ALSO +.Xr pckbd 4 , +.Xr wscons 4 , +.Xr wsconsctl.conf 5 , +.Xr kbd 8 , +.Xr wsconscfg 8 , +.Xr wsfontload 8 +.Sh HISTORY +The +.Nm +command first appeared in +.Nx 1.4 +and +.Ox 2.8 . diff --git a/static/openbsd/man8/wsfontload.8 b/static/openbsd/man8/wsfontload.8 new file mode 100644 index 00000000..bead6632 --- /dev/null +++ b/static/openbsd/man8/wsfontload.8 @@ -0,0 +1,146 @@ +.\" $OpenBSD: wsfontload.8,v 1.22 2020/09/14 09:34:08 fcambus Exp $ +.\" $NetBSD: wsfontload.8,v 1.5 1999/04/06 04:54:22 cgd Exp $ +.\" +.\" Copyright (c) 1999, 2001 +.\" Matthias Drochner. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 14 2020 $ +.Dt WSFONTLOAD 8 +.Os +.Sh NAME +.Nm wsfontload +.Nd load a font bitmap into a wscons display device +.Sh SYNOPSIS +.Nm wsfontload +.Bk -words +.Op Fl Bbl +.Op Fl e Ar encoding +.Op Fl f Ar file +.Op Fl h Ar height +.Op Fl N Ar name +.Op Fl w Ar width +.Op Ar fontfile +.Ek +.Sh DESCRIPTION +The +.Nm +utility loads a font bitmap to a wscons device if the device driver +supports it. +The font gets assigned a name in this process which it can be referred to +by later for use on a display screen. +The font is loaded from the specified +.Ar fontfile , +or from +.Pa stdin +if +.Ar fontfile +is not provided. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl B +Specifies that the font data is ordered right-to-left byte wise. +The default is left-to-right. +.It Fl b +Specifies that the font data is ordered right-to-left bit wise. +The default is left-to-right. +.It Fl e Ar encoding +Sets the encoding of the font. +This can be either a symbolic abbreviation or a numeric value. +Currently recognized abbreviations are +.Dq iso +for ISO 8859-1 or ISO-10646 +.Pq Unicode +encoding +and +.Dq ibm +for IBM encoded fonts. +Per default, +.Dq iso +is assumed. +.It Fl f Ar file +Specify the control device of the wscons display to operate on. +Default is +.Pa /dev/ttyCcfg . +.It Fl h Ar height +Sets the height of a font character in pixels. +Default is to match the currently loaded font height for raster displays, +and 16 for text-mode VGA compatible displays. +.It Fl l +Specifies to print out a list of loaded fonts, no other +arguments should be specified. +.It Fl N Ar name +Specifies a name which can be used later to refer to the font. +If none is given, the +.Ar fontfile +name is used to create one. +.It Fl w Ar width +Sets the width of a font character in pixels. +Default is to match the currently loaded font width for raster displays, +and 8 for text-mode VGA compatible displays. +.El +.Pp +.\" Typically, the +.\" .Nm +.\" utility will be executed in system startup by the +.\" .Pa /etc/rc.wscons +.\" script, controlled by the +.\" .Pa /etc/wscons.conf +.\" configuration file. +.\" .Pp +No font files are provided with the wscons framework. +The fonts installed by PCVT can be used instead, as can raw font files from +other operating system distributions. +.Pp +A maximum of 8 fonts can be loaded. +The maximum size of a font is currently 512 KiB. +.Sh FILES +.Bl -tag -width "/usr/share/misc/pcvtfonts/XX" -compact +.\" .It Pa /etc/wscons.conf +.\" wscons configuration file +.It Pa /usr/share/misc/pcvtfonts/ +fonts directory. +.El +.Sh EXAMPLES +Load the IBM-encoded 8x8-font from the PCVT distribution. +This (or another 8x8-font) is necessary to use the 50-line screen type on +.Xr vga 4 +displays. +.Bd -literal -offset indent +# wsfontload -N myname -h 8 -e ibm \e + /usr/share/misc/pcvtfonts/vt220l.808 +.Ed +.Sh SEE ALSO +.Xr wscons 4 , +.Xr wsconscfg 8 , +.Xr wsconsctl 8 +.Sh HISTORY +The +.Nm +program appeared in +.Ox 2.8 . +.Sh BUGS +Many features are missing. +.Pp +There is no way to remove a loaded font. diff --git a/static/openbsd/man8/wsmoused.8 b/static/openbsd/man8/wsmoused.8 new file mode 100644 index 00000000..fb619850 --- /dev/null +++ b/static/openbsd/man8/wsmoused.8 @@ -0,0 +1,196 @@ +.\" $OpenBSD: wsmoused.8,v 1.22 2018/04/25 06:29:28 jmc Exp $ +.\" +.\" Copyright (c) 2001 Jean-Baptiste Marchand +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt WSMOUSED 8 +.Os +.Sh NAME +.Nm wsmoused +.Nd wsmouse daemon +.Sh SYNOPSIS +.Nm wsmoused +.Op Fl 2dfi +.Op Fl C Ar thresh +.Op Fl D Ar device +.Oo +.Fl M +.Ar N Ns = Ns Ar M +.Oc +.Op Fl p Ar device +.Op Fl t Ar type +.Sh DESCRIPTION +.Nm +listens for mouse events on the specified +.Ar device +and communicates them to the +.Xr wscons 4 +driver. +Its purpose is to provide copy/paste functionality on the console. +It does not happily coexist with the X Window System though, +so it has to be killed before starting the X Window System. +.Pp +By default, the left mouse button is used to select text +(in the familiar click-and-drag fashion); +the right button is used to extend the selection; +and the middle button pastes. +This behavior can be modified through the use of +.Fl M , +e.g.\& +.Li -M 2=3 +maps the right mouse button to paste. +.Pp +The options are as follows: +.Bl -tag -width "-p device" +.It Fl 2 +Indicate that the mouse has two buttons. +In that case, the right button pastes. +.It Fl C Ar thresh +Set double click speed as the maximum interval in msec between button clicks. +If omitted, the default value of 500 msec will be assumed. +This option will have effect only on the cut and paste operations +in the text mode console. +.It Fl D Ar device +Use +.Ar device +as the display control device. +If omitted, +.Nm +will use the default value of +.Pa /dev/ttyCcfg , +which controls the +.Nm wsdisplay0 +display terminals. +.It Fl d +Enable debugging messages. +.It Fl f +Do not become a daemon and instead run as a foreground process. +Useful for testing and debugging. +.It Fl i +Print the type and the protocol of the mouse and exit. +.It Fl M Ar N Ns = Ns Ar M +Assign the physical button +.Ar M +to the logical button +.Ar N . +You may specify as many instances of this option as you like. +More than one +physical button may be assigned to a logical button at the same time. +In this case the logical button will be down, if either of the assigned +physical buttons is held down. +Do not put space around +.Ql = . +Button numbers start from one, assigned to the leftmost button. +.It Fl p Ar device +Use +.Ar device +to communicate with the mouse. +If this option is not present, the device opened is +.Pa /dev/wsmouse +(the multiplexer device that receives all mouse events from all wsmouse +compatible mice on the system). +For a serial mouse, you have to explicitly specify the serial port, i.e.\& +.Ar device +must be one of +.Pa /dev/cua0[0-3] . +.It Fl t Ar type +This option only applies to serial mice. +It specifies the protocol used by the serial mice. +You may explicitly specify a type listed below or use +.Em auto +to let +.Nm +automatically select an appropriate protocol for the given mouse, if the +serial mouse respects the PnP COM specification. +.Pp +If this option is not specified, +.Em auto +is assumed. +Under normal circumstances, you need to use this option only if +the mouse is not PnP compatible. +.Pp +Valid protocol types for this option are the following: +.Bl -tag -width thinkingmouse +.It Ar microsoft +Microsoft serial mouse protocol. +Most 2-button serial mice use this protocol. +.It Ar intellimouse +Microsoft IntelliMouse protocol. +Genius NetMouse, ASCII Mie Mouse, Logitech MouseMan+, and FirstMouse+ +use this protocol as well. +Other mice with a roller/wheel may be compatible with this protocol. +.It Ar mousesystems +MouseSystems 5-byte protocol. +3-button mice may use this protocol. +.It Ar mmseries +MM Series mouse protocol. +.It Ar logitech +Logitech mouse protocol. +Note that this is for old Logitech models. +.Ar mouseman +or +.Ar intellimouse +should be specified for newer models. +.It Ar mouseman +Logitech MouseMan and TrackMan protocol. +Some 3-button mice may be compatible with this protocol. +Note that MouseMan+ and FirstMouse+ use +.Ar intellimouse +protocol rather than this one. +.It Ar glidepoint +ALPS GlidePoint protocol. +.It Ar thinkingmouse +Kensington ThinkingMouse protocol. +.It Ar mmhitab +Hitachi tablet protocol. +.El +.El +.Sh EXAMPLES +To start wsmoused on the +.Nm wsdisplay1 +display terminals, using a two-button serial mouse connected to +.Pa /dev/cua0 : +.Pp +.Dl # wsmoused -2 -D /dev/ttyDcfg -p /dev/cua0 +.Pp +To start wsmoused on the +.Nm wsdisplay0 +display terminals, using +.Pa /dev/wsmouse +with the left and right buttons swapped +.Pq assuming a three button mouse : +.Pp +.Dl # wsmoused -M 1=3 -M 3=1 +.Sh SEE ALSO +.Xr wscons 4 , +.Xr wsmouse 4 +.Sh HISTORY +The +.Nm +daemon is a slightly modified version of the moused daemon from the +.Fx +project, written by +.An Michael Smith Aq Mt msmith@FreeBSD.org . +Both inherit code from the XFree Project. diff --git a/static/openbsd/man8/xxboot.8 b/static/openbsd/man8/xxboot.8 new file mode 100644 index 00000000..767fe6f3 --- /dev/null +++ b/static/openbsd/man8/xxboot.8 @@ -0,0 +1,65 @@ +.\" $OpenBSD: xxboot.8,v 1.7 2022/08/17 13:49:57 miod Exp $ +.\" +.\" Copyright (c) 2006 Michael Shalayeff +.\" All rights reserved. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN +.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 17 2022 $ +.Dt XXBOOT 8 landisk +.Os +.Sh NAME +.Nm xxboot +.Nd LANDISK-specific primary boot loader +.Sh DESCRIPTION +This small program, residing in the reserved sectors at the beginning +of the root file system of the system, is responsible for loading +the second-stage +.Xr boot 8 +program (typically /boot), which in turn will load the kernel. +.Pp +When +.Nm +receives control from the master boot record (MBR), it will print a banner: +.Pp +.Dl OpenBSD MBR +.Pp +followed by a little twiddler while reading the second-stage boot. +.Pp +.Nm +must be installed by +.Xr installboot 8 . +.Sh FILES +.Bl -tag -width /usr/mdec/xxboot -compact +.It Pa /usr/mdec/mbr +Master Boot Record block +.It Pa /usr/mdec/xxboot +primary bootstrap +.It Pa /boot +secondary bootstrap +.It Pa /bsd +.Ox +kernel +.It Pa /bsd.rd +.Ox +kernel for installation/recovery +.El +.Sh DIAGNOSTICS +.Nm +will print messages indicating errors as returned from the firmware. +.Sh SEE ALSO +.Xr boot 8 , +.Xr disklabel 8 , +.Xr fdisk 8 , +.Xr installboot 8 , +.Xr mbr 8 diff --git a/static/openbsd/man8/ypbind.8 b/static/openbsd/man8/ypbind.8 new file mode 100644 index 00000000..4e5c7713 --- /dev/null +++ b/static/openbsd/man8/ypbind.8 @@ -0,0 +1,135 @@ +.\" $OpenBSD: ypbind.8,v 1.26 2018/04/26 12:53:09 schwarze Exp $ +.\" $NetBSD: ypbind.8,v 1.2 1996/02/28 01:21:00 thorpej Exp $ +.\" +.\" Copyright (c) 1996 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Jason R. Thorpe. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 26 2018 $ +.Dt YPBIND 8 +.Os +.Sh NAME +.Nm ypbind +.Nd create and maintain a binding to a YP server +.Sh SYNOPSIS +.Nm ypbind +.Op Fl insecure +.Op Fl ypset +.Op Fl ypsetme +.Sh DESCRIPTION +.Nm +finds the server for a particular YP domain and stores information about it +in a +.Dq binding file . +This binding information includes the IP address of the server associated with +that particular domain and which port the server is using. +This information is stored in the directory +.Pa /var/yp/binding +in a file named with the convention +.Pa DOMAINNAME.version . +(The YP system only supplies information on version 2.) +.Pp +When +.Nm +starts the primary domain (or gets the first request for a new domain), +it checks if a file for the domain in question exists in the directory +.Pa /etc/yp/ +(i.e., +.Pa /etc/yp/DOMAINNAME ) . +If such a file exists, it will list the hosts which +.Nm +should restrict its server search to. +Otherwise, +.Nm +assumes it will need to use broadcasts to find a valid server. +Using either of these techniques, +.Nm +will search for a server willing to serve maps for the +client's domain. +Once a binding is established, +.Nm +maintains this binding by periodically communicating with the server to which +it is bound. +If the binding is somehow lost, e.g by server reboot, +.Nm +marks the domain as unbound and attempts to re-establish the binding. +When the binding is once again successful, +.Nm +marks the domain as bound and resumes its periodic check. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl insecure +Permit binding to a +.Xr ypserv 8 +on a non-reserved port. +This is needed if receiving maps from SunOS 3.x or Ultrix. +.It Fl ypset +.Xr ypset 8 +may be used to change the server to which a domain is bound. +.It Fl ypsetme +.Xr ypset 8 +may be used only from this machine to change the server +to which a domain is bound. +.El +.Pp +The +.Fl ypset +and +.Fl ypsetme +options are dangerous and should be avoided. +For greatest security, the use of a server list in +.Pa /etc/yp/DOMAINNAME +is recommended. +The file should contain a list of valid YP server hostnames, +with one hostname per line. +The comment character is #. +.Sh FILES +.Pa /var/yp/binding/DOMAINNAME.version +- binding file for domainname +.Pa /etc/yp/DOMAINNAME +- server list for this particular domain +.Sh SEE ALSO +.Xr domainname 1 , +.Xr ypcat 1 , +.Xr ypmatch 1 , +.Xr ypwhich 1 , +.Xr yp 8 , +.Xr yppoll 8 , +.Xr ypserv 8 , +.Xr ypset 8 +.Pp +Once +.Nm ypbind +is running, the following pages should be reviewed in order to see how to +enable YP support for each of the following maps: +.Xr ethers 5 , +.Xr group 5 , +.Xr hosts 5 , +.Xr passwd 5 , +.Xr resolv.conf 5 +.Sh AUTHORS +.An Theo de Raadt diff --git a/static/openbsd/man8/ypinit.8 b/static/openbsd/man8/ypinit.8 new file mode 100644 index 00000000..ac9696d5 --- /dev/null +++ b/static/openbsd/man8/ypinit.8 @@ -0,0 +1,65 @@ +.\" $OpenBSD: ypinit.8,v 1.16 2013/07/16 11:13:34 schwarze Exp $ +.\" +.\" Copyright (c) 1997 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 16 2013 $ +.Dt YPINIT 8 +.Os +.Sh NAME +.Nm ypinit +.Nd create a YP server (master or slave) +.Sh SYNOPSIS +.Nm ypinit +.Fl m Op Ar domainname +.Nm ypinit +.Fl s Ar master_server Op Ar domainname +.Nm ypinit +.Fl u Op Ar domainname +.Sh DESCRIPTION +.Nm +may be used to set up a YP server, or to change the ypserver map. +If +.Ar domainname +is not given, the default domainname will be used. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl m Op Ar domainname +Set up a master YP server. +.It Fl s Ar master_server Op Ar domainname +Set up a slave YP server. +.Ar master_server +must be a running YP master server. +.It Fl u Op Ar domainname +Update the ypserver map on a YP master server, +or create a new one if the old one has been deleted. +.El +.Sh SEE ALSO +.Xr domainname 1 , +.Xr Makefile.yp 8 , +.Xr yp 8 , +.Xr ypserv 8 +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se diff --git a/static/openbsd/man8/ypldap.8 b/static/openbsd/man8/ypldap.8 new file mode 100644 index 00000000..55c427ec --- /dev/null +++ b/static/openbsd/man8/ypldap.8 @@ -0,0 +1,81 @@ +.\" $OpenBSD: ypldap.8,v 1.11 2017/08/29 20:16:22 jmc Exp $ +.\" +.\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 29 2017 $ +.Dt YPLDAP 8 +.Os +.Sh NAME +.Nm ypldap +.Nd YP map server using LDAP backend +.Sh SYNOPSIS +.Nm +.Op Fl dnv +.Op Fl D Ar macro Ns = Ns Ar value +.Op Fl f Ar file +.Sh DESCRIPTION +.Nm +is a daemon providing YP maps using LDAP as a backend. +RFC 2307 or similar LDAP schemas can be tied to the different YP maps. +.Nm +has the same role as +.Xr ypserv 8 +and the two daemons are mutually exclusive. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the configuration file. +.It Fl d +Do not daemonize. +If this option is specified, +.Nm +will run in the foreground and log to +.Em stderr . +.It Fl f Ar file +Specify an alternative configuration file. +.It Fl n +Configtest mode. +Only check the configuration file for validity. +.It Fl v +Produce more verbose output. +.El +.Sh FILES +.Bl -tag -width "/etc/ypldap.confXX" -compact +.It Pa /etc/ypldap.conf +Default +.Nm +configuration file. +.El +.Sh SEE ALSO +.Xr ypldap.conf 5 , +.Xr ypbind 8 +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 4.4 . +.Sh AUTHORS +The +.Nm +program was written by +.An Pierre-Yves Ritschard . diff --git a/static/openbsd/man8/yppoll.8 b/static/openbsd/man8/yppoll.8 new file mode 100644 index 00000000..fa7eeed6 --- /dev/null +++ b/static/openbsd/man8/yppoll.8 @@ -0,0 +1,77 @@ +.\" $OpenBSD: yppoll.8,v 1.10 2014/09/08 01:27:56 schwarze Exp $ +.\" $NetBSD: yppoll.8,v 1.3 1996/02/28 01:23:12 thorpej Exp $ +.\" +.\" Copyright (c) 1996 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Jason R. Thorpe. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 8 2014 $ +.Dt YPPOLL 8 +.Os +.Sh NAME +.Nm yppoll +.Nd ask version of YP map from YP server +.Sh SYNOPSIS +.Nm yppoll +.Op Fl d Ar domain +.Op Fl h Ar host +.Ar mapname +.Sh DESCRIPTION +.Nm +asks a YP server process for the order number and which host is the master +server for +.Ar mapname . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar domain +Use the YP domain +.Ar domain +instead of the default domain as returned by +.Xr domainname 1 . +.It Fl h Ar host +Ask the YP server process running on +.Ar host +for information about +.Ar mapname . +If +.Ar host +is not specified, the server polled is the default server returned by +.Xr ypwhich 1 . +.El +.Sh SEE ALSO +.Xr domainname 1 , +.Xr ypcat 1 , +.Xr ypmatch 1 , +.Xr ypwhich 1 , +.Xr yp 8 , +.Xr ypbind 8 , +.Xr ypset 8 +.Sh AUTHORS +.An -nosplit +.An Theo de Raadt +and +.An John Brezak diff --git a/static/openbsd/man8/yppush.8 b/static/openbsd/man8/yppush.8 new file mode 100644 index 00000000..4e2e53d6 --- /dev/null +++ b/static/openbsd/man8/yppush.8 @@ -0,0 +1,76 @@ +.\" $OpenBSD: yppush.8,v 1.18 2015/11/30 17:03:06 jmc Exp $ +.\" +.\" Copyright (c) 1995 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 30 2015 $ +.Dt YPPUSH 8 +.Os +.Sh NAME +.Nm yppush +.Nd force distribution of one YP map +.Sh SYNOPSIS +.Nm yppush +.Op Fl v +.Op Fl d Ar domainname +.Op Fl h Ar hostname +.\" .Op Fl p Ar paralleljobs +.\" .Op Fl t Ar timeout +.Ar mapname +.Sh DESCRIPTION +The +.Nm +utility distributes one YP map from the master server to all +slave servers in the domain. +All servers of the domain are fetched from the YP map +.Pa ypservers . +Before starting distribution, the master server is told to reread its +Berkeley DB map files from disk. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar domainname +Don't use the default domain, use the specified domain. +.It Fl h Ar hostname +Distribute the map only to one host and not to the hosts in the +.Pa ypservers +map. +.\" .It Fl p Ar paralleljobs +.\"Set the number of parallel transfers. +.\".It Fl t Ar timeout +.\"Set the amount of time to elapse before a timeout is registered. +.It Fl v +Verbose. +Announce what the program is doing. +.El +.Sh SEE ALSO +.Xr dbopen 3 , +.Xr Makefile.yp 8 , +.Xr yp 8 , +.Xr ypserv 8 +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se +.Sh BUGS +The map is also pushed from the master server to itself, +which has no effect other than slowing down operation. diff --git a/static/openbsd/man8/ypserv.8 b/static/openbsd/man8/ypserv.8 new file mode 100644 index 00000000..13963dd7 --- /dev/null +++ b/static/openbsd/man8/ypserv.8 @@ -0,0 +1,141 @@ +.\" $OpenBSD: ypserv.8,v 1.30 2020/11/01 21:32:04 jmc Exp $ +.\" +.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 1 2020 $ +.Dt YPSERV 8 +.Os +.Sh NAME +.Nm ypserv +.Nd YP server daemon +.Sh SYNOPSIS +.Nm ypserv +.Op Fl 1dx +.Op Fl a Ar aclfile +.Sh DESCRIPTION +.Nm +is a fundamental part of the network information system called YP. +This server provides information from YP maps to the YP clients +on the network. +.Pp +A YP map is stored on the server as a Berkeley database. +A number of YP maps are grouped together in a domain. +.Nm +determines the domains it serves by looking for a directory with +the domain name in +.Pa /var/yp . +.Pp +YP hasn't been known for high security through the years. +In recent years +security has improved by restricting access to the server. +In SunOS 4.1 +has a new file occurred named +.Pa /var/yp/securenet . +It contains networks the server can assume is secure. +For information about the file format, see +.Xr securenet 5 . +.Pp +Before the author of this server had seen +.Xr securenet 5 +another format, +.Xr ypserv.acl 5 , +was implemented. +This file format makes it possible to allow and deny hosts and networks +access to the server. +This file can have any name since it's given by the argument to +.Fl a +(use full path). +.Pp +If a host isn't secure, all queries to the server will result in a YP_NODOM +result. +.Pp +If the file +.Pa /var/yp/ypserv.log +exists then messages will be written to the file. +.Pp +If a directory named the same as the system domainname exists in +.Pa /var/yp +(i.e., the domainname is +.Dq foo +and the directory +.Pa /var/yp/foo +exists), then +.Nm +will be automatically started at boot time. +.Pp +On receipt of a hangup signal, +.Dv SIGHUP , +.Nm +will reopen the log file and reread its configuration, +including both the map files and the +.Xr ypserv.acl 5 +or +.Xr securenet 5 +configuration file. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 1 +Allow +.Nm +to answer old YP version 1 requests. +.It Fl a Ar aclfile +Don't use +.Pa /var/yp/securenet . +Use another file with a different file format. +For further information see +.Xr ypserv.acl 5 . +.It Fl d +Use Internet Domain Name System. +If a query to map +.Dq hosts.byname +or +.Dq hosts.byaddr +fails, make a DNS query and return the result if successful. +Alternately, if these maps were built on the YP master using +.Nm makedbm +.Fl b +then DNS queries will be done without needing to specify +.Fl d . +.It Fl x +Terminate the server after processing +.Ar aclfile +or +.Pa /var/yp/securenet . +.El +.Sh FILES +.Bl -tag -width /var/yp/ypserv.log -compact +.It Pa /var/yp/ypserv.log +.It Pa /var/yp/securenet +.El +.Sh SEE ALSO +.Xr dbopen 3 , +.Xr securenet 5 , +.Xr ypserv.acl 5 , +.Xr Makefile.yp 8 , +.Xr yp 8 , +.Xr ypbind 8 +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se diff --git a/static/openbsd/man8/ypset.8 b/static/openbsd/man8/ypset.8 new file mode 100644 index 00000000..a4947a90 --- /dev/null +++ b/static/openbsd/man8/ypset.8 @@ -0,0 +1,82 @@ +.\" $OpenBSD: ypset.8,v 1.11 2015/09/10 15:16:44 schwarze Exp $ +.\" $NetBSD: ypset.8,v 1.2 1996/02/28 01:25:08 thorpej Exp $ +.\" +.\" Copyright (c) 1996 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Jason R. Thorpe. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 10 2015 $ +.Dt YPSET 8 +.Os +.Sh NAME +.Nm ypset +.Nd tell ypbind(8) which YP server process to use +.Sh SYNOPSIS +.Nm ypset +.Op Fl d Ar domain +.Op Fl h Ar host +.Ar server +.Sh DESCRIPTION +.Nm +tells the +.Xr ypbind 8 +process on the current machine which YP server process to communicate with. +If +.Ar server +is down or is not running a YP server process, it is not discovered until +a YP client process attempts to access a YP map, at which time +.Xr ypbind 8 +tests the binding and takes appropriate action. +.Pp +.Nm +is most useful for binding a YP client that is not on the same broadcast +network as the closest YP server, but can also be used for debugging +a local network's YP configuration, testing specific YP client +programs, or binding to a specific server when there are many servers on +the local network supplying YP maps. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar domain +Use the YP domain +.Ar domain +instead of the default domain as returned by +.Xr domainname 1 . +.It Fl h Ar host +Set the YP binding on +.Ar host +instead of the local machine. +.El +.Sh SEE ALSO +.Xr domainname 1 , +.Xr ypcat 1 , +.Xr ypmatch 1 , +.Xr ypwhich 1 , +.Xr yp 8 , +.Xr ypbind 8 , +.Xr yppoll 8 +.Sh AUTHORS +.An Theo de Raadt diff --git a/static/openbsd/man8/ypxfr.8 b/static/openbsd/man8/ypxfr.8 new file mode 100644 index 00000000..74cd0ee0 --- /dev/null +++ b/static/openbsd/man8/ypxfr.8 @@ -0,0 +1,86 @@ +.\" $OpenBSD: ypxfr.8,v 1.23 2021/02/02 07:37:18 jmc Exp $ +.\" +.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 2 2021 $ +.Dt YPXFR 8 +.Os +.Sh NAME +.Nm ypxfr , +.Nm ypxfr_1perhour , +.Nm ypxfr_1perday , +.Nm ypxfr_2perday +.Nd get a YP map from YP server +.Sh SYNOPSIS +.Nm ypxfr +.Op Fl cf +.Op Fl C Ar tid prog ipadd port +.Op Fl d Ar domain +.Op Fl h Ar host +.Op Fl s Ar domain +.Ar mapname +.Sh DESCRIPTION +.Nm ypxfr +is the utility in YP that transfers maps to the local host. +.Pp +Since the YP master transfers a map when it has changed, a YP slave should +check for missed maps regularly. +This can be done via an entry in +.Xr crontab 5 . +The scripts +.Ar ypxfr_1perhour , ypxfr_2perday +and +.Ar ypxfr_1perday +could be used for that. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C Ar tid prog ipadd port +This option is only used by ypserv. +This is to open communication with a yppush on another host. +.It Fl c +Don't send a "Clear current map" to local ypserv process. +Useful if ypserv isn't running locally to avoid timeout message. +.It Fl d Ar domain +Don't use default domain, use the specified domain. +.It Fl f +Force map transfer, even if version of master is older than local copy. +.It Fl h Ar host +Get map from host instead of the maps master host. +.It Fl s Ar domain +Specify a source domain other than the target domain. +.El +.Sh FILES +.Bl -tag -width /usr/sbin/ypxfr_1perhour -compact +.It Pa /usr/sbin/ypxfr_1perhour +.It Pa /usr/sbin/ypxfr_2perday +.It Pa /usr/sbin/ypxfr_1perday +.El +.Sh SEE ALSO +.Xr yp 8 , +.Xr yppush 8 , +.Xr ypserv 8 +.Sh AUTHORS +.An Mats O Jansson Aq Mt moj@stacken.kth.se diff --git a/static/openbsd/man8/zdump.8 b/static/openbsd/man8/zdump.8 new file mode 100644 index 00000000..211f289a --- /dev/null +++ b/static/openbsd/man8/zdump.8 @@ -0,0 +1,87 @@ +.\" $OpenBSD: zdump.8,v 1.7 2025/06/23 13:53:11 millert Exp $ +.Dd $Mdocdate: June 23 2025 $ +.Dt ZDUMP 8 +.Os +.Sh NAME +.Nm zdump +.Nd time zone dumper +.Sh SYNOPSIS +.Nm zdump +.Op Fl Vv +.Oo +.Fl c +.Oo Ar loyear , Oc Ns Ar hiyear +.Oc +.Oo +.Fl t +.Oo Ar lotime , Oc Ns Ar hitime +.Oc +.Ar zonename ... +.Sh DESCRIPTION +.Nm +prints the current time in each +.Ar zonename +named on the command line. +.Pp +These options are available: +.Bl -tag -width Ds +.It Xo +.Fl c +.Oo Ar loyear , Oc Ns Ar hiyear +.Xc +Cut off verbose output near the start of the given year(s). +By default, +the program cuts off verbose output near the start of the years \-500 and 2500. +.It Xo +.Fl t +.Oo Ar lotime , Oc Ns Ar hitime +.Xc +Cut off verbose output at the start of the given time(s), +given in seconds since 1970-01-01 00:00:00 UTC. +.It Fl V +Like +.Fl v , +except omit the times relative to the extreme time values. +This generates output that is easier to compare to that of +implementations with different time representations. +.It Fl v +For each +.Ar zonename +on the command line, +print the time at the lowest possible time value, +the time one day after the lowest possible time value, +the times both one second before and exactly at +each detected time discontinuity, +the time at one day less than the highest possible time value, +and the time at the highest possible time value. +Each line ends with +.Dq isdst=1 +if the given time is Daylight Saving Time or +.Dq isdst=0 +otherwise. +.El +.Sh LIMITATIONS +Time discontinuities are found by sampling the results returned by localtime +at twelve-hour intervals. +This works in all real-world cases; +one can construct artificial time zones for which this fails. +.Pp +In the output, +.Dq UT +denotes the value returned by +.Xr gmtime 3 , +which uses UTC for modern time stamps and some other UT flavor for +time stamps that predate the introduction of UTC. +No attempt is currently made to have the output use +.Dq UTC +for newer and +.Dq UT +for older time stamps, +partly because the exact date of the introduction of UTC is problematic. +.\" @(#)zdump.8 8.1 +.Sh SEE ALSO +.Xr ctime 3 , +.Xr tzfile 5 , +.Xr zic 8 +.\" This file is in the public domain, so clarified as of +.\" 2009-05-17 by Arthur David Olson. diff --git a/static/openbsd/man8/zic.8 b/static/openbsd/man8/zic.8 new file mode 100644 index 00000000..1cbc49f7 --- /dev/null +++ b/static/openbsd/man8/zic.8 @@ -0,0 +1,469 @@ +.\" $OpenBSD: zic.8,v 1.7 2025/06/23 13:53:11 millert Exp $ +.Dd $Mdocdate: June 23 2025 $ +.Dt ZIC 8 +.Os +.Sh NAME +.Nm zic +.Nd time zone compiler +.Sh SYNOPSIS +.Nm zic +.Bk -words +.Op Fl v +.Op Fl d Ar directory +.Op Fl L Ar leapsecondfilename +.Op Fl l Ar timezone +.Op Fl p Ar timezone +.Op Ar filename ... +.Ek +.Sh DESCRIPTION +.Nm +reads text from the file(s) named on the command line +and creates the time conversion information files specified in this input. +If a +.Ar filename +is +.Dq Fl , +the standard input is read. +.Pp +These options are available: +.Bl -tag -width "-d directory" +.It Fl d Ar directory +Create time conversion information files in the named directory rather than +in the standard directory named below. +.It Fl L Ar leapsecondfilename +Read leap second information from the file with the given name. +If this option is not used, +no leap second information appears in output files. +.It Fl l Ar timezone +Use the given time zone as local time. +.Nm +will act as if the input contained a link line of the form +.Pp +.Dl Link timezone localtime +.It Fl p Ar timezone +Use the given time zone's rules when handling POSIX-format +time zone environment variables. +.Nm +will act as if the input contained a link line of the form +.Pp +.Dl Link timezone posixrules +.It Fl v +Be more verbose, and complain about the following situations: +.Pp +The input data specifies a link to a link. +.Pp +A year that appears in a data file is outside the range +of years representable by +.Xr time 3 +values. +.Pp +A time of 24:00 or more appears in the input. +Pre-1998 versions of +.Nm +prohibit 24:00, and pre-2007 versions prohibit times greater than 24:00. +.Pp +A rule goes past the start or end of the month. +Pre-2004 versions of +.Nm +prohibit this. +.Pp +The output file does not contain all the information about the +long-term future of a zone, because the future cannot be summarized as +an extended POSIX TZ string. +For example, as of 2013 this problem +occurs for Iran's daylight-saving rules for the predicted future, as +these rules are based on the Iranian calendar, which cannot be +represented. +.Pp +The output contains data that may not be handled properly by client +code designed for older +.Nm +output formats. +These compatibility issues affect only time stamps +before 1970 or after the start of 2038. +.Pp +A time zone abbreviation has fewer than 3 characters. +POSIX requires at least 3. +.El +.Pp +Input lines are made up of fields. +Fields are separated from one another by one or more whitespace characters. +Leading and trailing whitespace on input lines is ignored. +An unquoted sharp character (#) in the input introduces a comment which extends +to the end of the line the sharp character appears on. +White space characters and sharp characters may be enclosed in double quotes +(") if they're to be used as part of a field. +Any line that is blank (after comment stripping) is ignored. +Non-blank lines are expected to be of one of three types: +rule lines, zone lines, and link lines. +.Pp +Names (such as month names) must be in English and are case insensitive. +Abbreviations, if used, must be unambiguous in context. +.Pp +A rule line has the form: +.Bd -literal -offset indent +Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +.Ed +.Pp +For example: +.Bd -literal -offset indent +Rule US 1967 1973 - Apr lastSun 2:00 1:00 D +.Ed +.Pp +The fields that make up a rule line are: +.Bl -tag -width "LETTER/S" +.It Cm NAME +Gives the (arbitrary) name of the set of rules this rule is part of. +.It Cm FROM +Gives the first year in which the rule applies. +Any integer year can be supplied; the Gregorian calendar is assumed. +The word +.Em minimum +(or an abbreviation) means the minimum year representable as an integer. +The word +.Em maximum +(or an abbreviation) means the maximum year representable as an integer. +Rules can describe times that are not representable as time values, +with the unrepresentable times ignored; this allows rules to be portable +among hosts with differing time value types. +.It Cm TO +Gives the final year in which the rule applies. +In addition to +.Em minimum +and +.Em maximum +(as above), +the word +.Em only +(or an abbreviation) +may be used to repeat the value of the +.Em FROM +field. +.It Cm TYPE +Gives the type of year in which the rule applies. +This field is obsolete and should always be +.Dq Fl . +.It Cm IN +Names the month in which the rule takes effect. +Month names may be abbreviated. +.It Cm ON +Gives the day on which the rule takes effect. +Recognized forms include: +.Pp +.Bl -tag -width "SunXX25" -compact -offset indent +.It 5 +the fifth of the month +.It lastSun +the last Sunday in the month +.It lastMon +the last Monday in the month +.It Sun>=8 +first Sunday on or after the eighth +.It Sun<=25 +last Sunday on or before the 25th +.El +.Pp +Names of days of the week may be abbreviated or spelled out in full. +Note that there must be no spaces within the +.Em ON +field. +.It Cm AT +Gives the time of day at which the rule takes effect. +Recognized forms include: +.Pp +.Bl -tag -width "1:28:14" -compact -offset indent +.It 2 +time in hours +.It 2:00 +time in hours and minutes +.It 15:00 +24-hour format time (for times after noon) +.It 1:28:14 +time in hours, minutes, and seconds +.It \&- +equivalent to 0 +.El +.Pp +where hour 0 is midnight at the start of the day, +and hour 24 is midnight at the end of the day. +Any of these forms may be followed by the letter +.Em w +if the given time is local +.Dq wall clock +time, +.Em s +if the given time is local +.Dq standard +time, or +.Em u +(or +.Em g +or +.Em z ) +if the given time is universal time; +in the absence of an indicator, +wall clock time is assumed. +.It Cm SAVE +Gives the amount of time to be added to local standard time when the rule is in +effect. +This field has the same format as the +.Em AT +field +(although, of course, the +.Em w +and +.Em s +suffixes are not used). +.It Cm LETTER/S +Gives the +.Dq variable part +(for example, the +.Dq S +or +.Dq D +in +.Dq EST +or +.Dq EDT ) +of time zone abbreviations to be used when this rule is in effect. +If this field is +.Dq \- , +the variable part is null. +.El +.Pp +A zone line has the form: +.Bd -literal -offset 3n +Zone NAME GMTOFF RULES/SAVE FORMAT [UNTILYEAR [MONTH [DAY [TIME]]]] +.Ed +.Pp +For example: +.Bd -literal -offset 3n +Zone Australia/Adelaide 9:30 Aus CST 1971 Oct 31 2:00 +.Ed +.Pp +The fields that make up a zone line are: +.Bl -tag -width GMTOFF +.It Cm NAME +The name of the time zone. +This is the name used in creating the time conversion information file for the +zone. +.It Cm GMTOFF +The amount of time to add to UT to get standard time in this zone. +This field has the same format as the +.Em AT +and +.Em SAVE +fields of rule lines; +begin the field with a minus sign if time must be subtracted from UT. +.It Cm RULES/SAVE +The name of the rule(s) that apply in the time zone or, +alternately, an amount of time to add to local standard time. +If this field is +.Dq \- +then standard time always applies in the time zone. +.It Cm FORMAT +The format for time zone abbreviations in this time zone. +The pair of characters +.Em %s +is used to show where the +.Dq variable part +of the time zone abbreviation goes. +Alternately, a format can use the pair of characters +.Em %z +to stand for the UTC offset in the form +.No \(+- Ns Em hh , +.No \(+- Ns Em hhmm , +or +.No \(+- Ns Em hhmmss , +using the shortest form that does not lose information, where +.Em hh , +.Em mm , +and +.Em ss +are the hours, minutes, and seconds east (+) or west (\(mi) of UTC. +Alternately, +a slash +.Pq \&/ +separates standard and daylight abbreviations. +.It Cm UNTILYEAR [MONTH [DAY [TIME]]] +The time at which the UT offset or the rule(s) change for a location. +It is specified as a year, a month, a day, and a time of day. +If this is specified, +the time zone information is generated from the given UT offset +and rule change until the time specified. +The month, day, and time of day have the same format as the IN, ON, and AT +fields of a rule; trailing fields can be omitted, and default to the +earliest possible value for the missing fields. +.Pp +The next line must be a +.Dq continuation +line; this has the same form as a zone line except that the +string +.Dq Zone +and the name are omitted, as the continuation line will +place information starting at the time specified as the +.Dq until +information in the previous line in the file used by the previous line. +Continuation lines may contain +.Dq until +information, just as zone lines do, indicating that the next line is a further +continuation. +.El +.Pp +A link line has the form: +.Bd -literal -offset indent +Link LINK-FROM LINK-TO +.Ed +.Pp +For example: +.Bd -literal -offset indent +Link Europe/Istanbul Asia/Istanbul +.Ed +.Pp +The +.Em LINK-FROM +field should appear as the +.Em NAME +field in some zone line; +the +.Em LINK-TO +field is used as an alternate name for that zone. +.Pp +Except for continuation lines, +lines may appear in any order in the input. +However, the behavior is unspecified if multiple zone or link lines +define the same name, or if the source of one link line is the target +of another. +.Pp +Lines in the file that describes leap seconds have the following form: +.Bd -literal -offset indent +Leap YEAR MONTH DAY HH:MM:SS CORR R/S +.Ed +.Pp +For example: +.Bd -literal -offset indent +Leap 1974 Dec 31 23:59:60 + S +.Ed +.Pp +The +.Em YEAR , +.Em MONTH , +.Em DAY , +and +.Em HH:MM:SS +fields tell when the leap second happened. +The +.Em CORR +field +should be +.Dq + +if a second was added +or +.Dq - +if a second was skipped. +.\" There's no need to document the following, since it's impossible for more +.\" than one leap second to be inserted or deleted at a time. +.\" The C Standard is in error in suggesting the possibility. +.\" See Terry J Quinn, The BIPM and the accurate measure of time, +.\" Proc IEEE 79, 7 (July 1991), 894-905. +.\" or +.\" .q ++ +.\" if two seconds were added +.\" or +.\" .q -- +.\" if two seconds were skipped. +The +.Em R/S +field should be (an abbreviation of) +.Dq Stationary +if the leap second time given by the other fields should be interpreted as UTC +or (an abbreviation of) +.Dq Rolling +if the leap second time given by the other fields should be interpreted as +local wall clock time. +.Sh EXTENDED EXAMPLE +Here is an extended example of +.Nm +input, intended to illustrate many of its features. +.Bd -literal +# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +Rule Swiss 1941 1942 - May Mon>=1 1:00 1:00 S +Rule Swiss 1941 1942 - Oct Mon>=1 2:00 0 - + +Rule EU 1977 1980 - Apr Sun>=1 1:00u 1:00 S +Rule EU 1977 only - Sep lastSun 1:00u 0 - +Rule EU 1978 only - Oct 1 1:00u 0 - +Rule EU 1979 1995 - Sep lastSun 1:00u 0 - +Rule EU 1981 max - Mar lastSun 1:00u 1:00 S +Rule EU 1996 max - Oct lastSun 1:00u 0 - + +# Zone NAME GMTOFF RULES/SAVE FORMAT UNTIL +Zone Europe/Zurich 0:34:08 - LMT 1853 Jul 16 + 0:29:46 - BMT 1894 Jun + 1:00 Swiss CE%sT 1981 + 1:00 EU CE%sT + +Link Europe/Zurich Switzerland +.Ed +.Pp +In this example, the zone is named Europe/Zurich +but it has an alias as Switzerland. +This example says that Zurich was 34 minutes and 8 +seconds west of UT until 1853-07-16 at 00:00, when the legal offset +was changed to 7\(de\|26\(fm\|22.50\(sd; although this works out to +0:29:45.50, the input format cannot represent fractional seconds so it +is rounded here. +After 1894-06-01 at 00:00 Swiss daylight saving rules +(defined with lines beginning with "Rule Swiss") apply, +and the UT offset became one hour. +From 1981 to the present, +EU daylight saving rules have applied, +and the UTC offset has remained at one hour. +.Pp +In 1940, daylight saving time applied from +November 2 at 00:00 to December 31 at 00:00. +In 1941 and 1942, daylight saving time applied from the first Monday +in May at 01:00 to the first Monday in October at 02:00. +The pre-1981 EU daylight-saving rules have no effect here, +but are included for completeness. +Since 1981, +daylight saving has begun on the last Sunday in March at 01:00 UTC. +Until 1995 it ended the last Sunday in September at 01:00 UTC, +but this changed to the last Sunday in October starting in 1996. +.Pp +For purposes of display, +"LMT" and "BMT" were initially used, respectively. +Since Swiss rules and later EU rules were applied, +the display name for the timezone has been CET for standard time +and CEST for daylight saving time. +.Sh FILES +.Bl -tag -width "/usr/share/zoneinfo" -compact +.It Pa /etc/localtime +link to local time zone +.It Pa /usr/share/zoneinfo +standard directory used for created files +.El +.Sh SEE ALSO +.Xr ctime 3 , +.Xr tzfile 5 , +.Xr zdump 8 +.Sh CAVEATS +For areas with more than two types of local time, +you may need to use local standard time in the +.Em AT +field of the earliest transition time's rule to ensure that +the earliest transition time recorded in the compiled file is correct. +.Pp +If, +for a particular zone, +a clock advance caused by the start of daylight saving +coincides with and is equal to +a clock retreat caused by a change in UT offset, +.Nm +produces a single transition to daylight saving at the new UT offset +(without any change in wall clock time). +To get separate transitions +use multiple zone continuation lines +specifying transition instants using universal time. +.\" This file is in the public domain, so clarified as of +.\" 2009-05-17 by Arthur David Olson. -- cgit v1.2.3