-.\" $OpenBSD: atactl.8,v 1.2 2000/02/02 02:52:05 deraadt Exp $
+.\" $OpenBSD: atactl.8,v 1.3 2000/03/18 22:55:53 aaron Exp $
.\" $NetBSD: atactl.8,v 1.5 1999/02/24 18:49:14 jwise Exp $
.\"
.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
.Sh DESCRIPTION
.Nm
allows a user or system administrator to issue commands to and otherwise
-control devices which reside on standard IDE and ATA controllers. It is
-used by specifying
+control devices which reside on standard IDE and ATA controllers.
+It is used by specifying
a device to manipulate, the command to perform, and any arguments
the command may require.
-.Sh DEVICE COMMANDS
-The following commands may be used on IDE and ATA devices. Note
-that not all devices support all commands.
+.Pp
+The following commands may be used on IDE and ATA devices.
+Note that not all devices support all commands.
.Pp
If the
.Ar device
.Ar command ,
the
.Cm identify
-command is implied.
+command is implied.
.Pp
.Cm identify
.Pp
.Pp
.Cm idle
.Pp
-Place the specified device into Idle mode. This mode may consume less
-power than Active mode.
+Place the specified device into Idle mode.
+This mode may consume less power than Active mode.
.Pp
.Cm standby
.Pp
-Place the specified device into Standby mode. This mode will consume
-less power than Idle mode.
+Place the specified device into Standby mode.
+This mode will consume less power than Idle mode.
.Pp
.Cm sleep
.Pp
-Place he specified device into Sleep mode. This mode will consume
-less power than Standby mode, but requires a device reset to resume
-operation. Typically the
+Place he specified device into Sleep mode.
+This mode will consume less power than Standby mode,
+but requires a device reset to resume operation.
+Typically the
.Xr wd 4
driver performs this reset automatically, but this should still be
used with caution.
Places the specified device into Idle mode, and sets the Standby timer
to
.Ar standby-timer
-seconds. A value of 0 will disable the Standby timer.
+seconds.
+A value of 0 will disable the Standby timer.
.Pp
.Cm setstandby
.Ar standby-timer
Places the specified device into Standby mode, and sets the Standby timer
to
.Ar standby-timer
-seconds. A value of 0 will disable the Standby timer.
+seconds.
+A value of 0 will disable the Standby timer.
.Pp
.Cm checkpower
.Pp
Will print out if the device is in Active, Idle, or Standby power
management mode.
-.Sh BUGS
-The output from the
-.Cm identify
-command is rather ugly.
.Sh SEE ALSO
.Xr ioctl 2 ,
.Xr wd 4
.Sh AUTHOR
The
.Nm
-command was written by Ken Hornstein. It was based heavily on the
+command was written by Ken Hornstein.
+It was based heavily on the
.Xr scsictl 8
command written by Jason R. Thorpe.
.Sh HISTORY
.Nm
command first appeared in
.Ox 2.6 .
+.Sh BUGS
+The output from the
+.Cm identify
+command is rather ugly.
-.\" $OpenBSD: badsect.8,v 1.9 1999/06/29 12:20:43 aaron Exp $
+.\" $OpenBSD: badsect.8,v 1.10 2000/03/18 22:55:54 aaron Exp $
.\" $NetBSD: badsect.8,v 1.8 1995/03/18 14:54:27 cgd Exp $
.\"
.\" Copyright (c) 1985, 1991, 1993
.Ar bbdir sector Op Ar ...
.Sh DESCRIPTION
.Nm
-makes a file to contain a bad sector. Normally, bad sectors
+makes a file to contain a bad sector.
+Normally, bad sectors
are made inaccessible by the standard formatter, which provides
a forwarding table for bad sectors to the driver; see
.Xr bad144 8
First mount the file system, and change to its root directory.
Make a directory
.Li BAD
-there. Run
+there.
+Run
.Nm
giving as argument the
.Ar BAD
Then change back to the root directory, unmount the file system
and run
.Xr fsck 8
-on the file system. The bad sectors should show up in two files
-or in the bad sector files and the free list. Have
+on the file system.
+The bad sectors should show up in two files
+or in the bad sector files and the free list.
+Have
.Xr fsck
remove files containing the offending bad sectors, but
.Em do not
A positive response will cause
.Xr fsck
to convert the inode to a regular file containing the bad block.
-.Sh SEE ALSO
-.Xr bad144 8 ,
-.Xr fsck 8
.Sh DIAGNOSTICS
.Nm
refuses to attach a block that
resides in a critical area or is out of range of the file system.
A warning is issued if the block is already in use.
+.Sh SEE ALSO
+.Xr bad144 8 ,
+.Xr fsck 8
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.1 .
.Sh BUGS
If more than one sector which comprise a file system fragment are bad,
you should specify only one of them to
.Nm badsect ,
as the blocks in the bad sector files actually cover all the sectors in a
file system fragment.
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.1 .
-.\" $OpenBSD: brconfig.8,v 1.6 2000/02/11 04:22:27 jason Exp $
+.\" $OpenBSD: brconfig.8,v 1.7 2000/03/18 22:55:54 aaron Exp $
.\"
.\" Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
.\" All rights reserved.
.Nd manipulate bridge interfaces
.Sh SYNOPSIS
.Nm brconfig
-.Ar -a
+.Fl a
.Nm brconfig
.Ar bridge-name
.Op Ar up
The
.Nm brconfig
utility retrieves kernel state of bridge interfaces and allows
-user control of these bridges. In the first synopsis, the command
+user control of these bridges.
+In the first synopsis, the command
will list the status of all bridges in the system.
In the second, its command line consists
of the name of a bridge and a set of operations to be
-performed on that bridge. The commands are executed in
-the order they were specified. If no command is specified in
-the second synopsis, the
+performed on that bridge.
+The commands are executed in the order they were specified.
+If no command is specified in the second synopsis, the
.Nm brconfig
will display status information about the bridge.
With the third synopsis, rules for filtering Ethernet MAC addresses can
This is the default for interfaces added to the bridge.
.It Ar -discover interface
Mark an interface so that packets are not sent out of the interface
-if the destination port of the packet is unknown. Turning this flag
+if the destination port of the packet is unknown.
+Turning this flag
off means that the bridge will not send packets out of this interface
unless the packet is a broadcast packet, multicast packet, or a
packet with a destination address found on the interface's segment.
Rules have a similiar syntax to
.Xr ipf 4 .
Rules can be used to selectively block or pass frames based on Ethernet
-MAC address. Rules are processed in the order in which they were added
+MAC address.
+Rules are processed in the order in which they were added
to the interface, and the first rule matched takes the action (block or pass)
-of the rule. If no source or destination address is specified, the
+of the rule.
+If no source or destination address is specified, the
rule will match all frames (good for creating a catchall policy).
.It Ar rulefile filename
Load a set of rules from the file
.It Cm brconfig bridge0 rule block out on fxp0
The above commands will set up a filter so that 0:1:2:3:4:5 can send frames
through fxp0 only to 5:4:3:2:1, and 5:4:3:2:1:0 can return frames through
-fxp0 to 0:1:2:3:4:5. All other traffic trying to go into and be sent from
-fxp0 will be blocked.
+fxp0 to 0:1:2:3:4:5.
+All other traffic trying to go into and be sent from fxp0 will be blocked.
.El
.Sh SEE ALSO
.Xr bridge 4 ,
.Xr bridgename.if 5 ,
.Xr ifconfig 8
-.Sh HISTORY
-.Nm brconfig
-first appeared in
-.Ox 2.5 .
.Sh AUTHOR
The
.Xr brconfig 8
.An Jason L. Wright Aq jason@thought.net
as part of an undergraduate independent study at the
University of North Carolina at Greensboro.
+.Sh HISTORY
+The
+.Nm brconfig
+command first appeared in
+.Ox 2.5 .
.Sh BUGS
There are some rather special network interface chipsets which will
not work in a bridge configuration.
Some chipsets have serious flaws when running in promiscuous mode, like the
TI ThunderLAN (see
-.Xr tl 4 ),
+.Xr tl 4 ) ,
which receives its own transmissions (this renders the address learning
-cache useless). Most other chipsets work fine though.
+cache useless).
+Most other chipsets work fine though.
-.\" $OpenBSD: ccdconfig.8,v 1.12 1999/07/03 02:11:06 aaron Exp $
+.\" $OpenBSD: ccdconfig.8,v 1.13 2000/03/18 22:55:55 aaron Exp $
.\" $NetBSD: ccdconfig.8,v 1.4 1996/02/28 01:01:17 thorpej Exp $
.\"
.\" Copyright (c) 1996 The NetBSD Foundation, Inc.
.Sh DESCRIPTION
.Nm
is used to dynamically configure and unconfigure concatenated disk
-devices, or ccds. For more information about the ccd, see
+devices, or ccds.
+For more information about the ccd, see
.Xr ccd 4 .
.Pp
The options are as follows:
.Bl -tag -width indent
.It Fl c
-Configure a ccd. This is the default behavior of
+Configure a ccd.
+This is the default behavior of
.Nm ccdconfig .
.It Fl C
Configure all ccd devices listed in the ccd configuration file.
.Pa /etc/ccd.conf .
.It Fl g
Dump the current ccd configuration in a format suitable for use as the
-ccd configuration file. If no arguments are specified, every configured
-ccd is dumped. Otherwise, the configuration of each listed ccd is dumped.
+ccd configuration file.
+If no arguments are specified, every configured
+ccd is dumped.
+Otherwise, the configuration of each listed ccd is dumped.
.It Fl M Ar core
Extract values associated with the name list from
.Ar core
.Pp
A ccd is described on the command line and in the ccd configuration
file by the name of the ccd, the interleave factor, the ccd configuration
-flags, and a list of one or more devices. The flags may be represented
+flags, and a list of one or more devices.
+The flags may be represented
as a decimal number, a hexadecimal number, a comma-separated list
of strings, or the word
.Dq none .
-.\" $OpenBSD: disklabel.8,v 1.34 1999/10/10 16:49:28 aaron Exp $
+.\" $OpenBSD: disklabel.8,v 1.35 2000/03/18 22:55:55 aaron Exp $
.\" $NetBSD: disklabel.8,v 1.9 1995/03/18 14:54:38 cgd Exp $
.\"
.\" Copyright (c) 1987, 1988, 1991, 1993
The
.Nm
utility can be used to install, examine, or modify the label on a disk drive or
-pack. The disk label contains information about disk characteristics (size,
+pack.
+The disk label contains information about disk characteristics (size,
type, etc.) and the partition layout, stored on the disk
-itself. It is used by the operating system to optimize disk I/O and
+itself.
+It is used by the operating system to optimize disk I/O and
locate the filesystems resident on the disk.
.Pp
The options are as follows:
Print additional information during operation (verbose mode).
.It Fl r
Causes the label to be read from or written to the disk directly,
-rather than going through the system's in-core copy of the label. This
-option may allow a label to be installed on a disk without kernel
+rather than going through the system's in-core copy of the label.
+This option may allow a label to be installed on a disk without kernel
support for a label, such as when labels are first installed on a
-system. This flag does not work on a number of architectures, thus it is
-not considered the right way to put a new label on a disk. Its use is
-discouraged.
+system.
+This flag does not work on a number of architectures, thus it is
+not considered the right way to put a new label on a disk.
+Its use is discouraged.
.It Fl B
-Install bootstrap code. The
+Install bootstrap code.
+The
.Fl r
flag is implied by
.Fl B
.It Fl d
Use the
.Em default
-label. This ignores any existing
+label.
+This ignores any existing
.Ox
-partitions on the disk. Note that this option will only work for disks
-that are capable of reporting their geometry, such as SCSI, IDE, and
-ESDI. May not be used in conjunction with the
+partitions on the disk.
+Note that this option will only work for disks
+that are capable of reporting their geometry, such as SCSI, IDE, and ESDI.
+May not be used in conjunction with the
.Fl r
flag.
.It Fl c
Clear the system's in-core copy of the label and update it based on
-the on-disk label. May not be used in conjunction with the
+the on-disk label.
+May not be used in conjunction with the
.Fl r
flag.
.It Fl f Ar tempfile
in
.Xr fstab 5
format for any partitions for which mount point information has been
-specified. The
+specified.
+The
.Fl f
flag is only valid when used in conjunction with the
.Fl E
-flag. If
+flag.
+If
.Ar tempfile
already exists, it will be overwritten.
.It Fl t
Allow writing of the pack label area on the selected disk.
.El
.Pp
-The first form of the command (read) is used to examine the label on
+The first form of the command (read) is used to examine the label on
the named disk drive (e.g., sd0 or
.Pa /dev/rsd0c Ns ).
It will display all of the parameters associated with the drive
incorrect, the kernel may have constructed or modified the label.
.Pp
The second form of the command (write) is used to write a standard
-label on the designated drive. The drive parameters and partitions are
-taken from that file. If different disks of the same physical type are
+label on the designated drive.
+The drive parameters and partitions are taken from that file.
+If different disks of the same physical type are
to have different partitions, it will be necessary to have separate
disktab entries describing each, or to edit the label after
-installation as described below. The optional argument is a pack
-identification string, up to 16 characters long. The pack ID must be
-quoted if it contains blanks. If the
+installation as described below.
+The optional argument is a pack
+identification string, up to 16 characters long.
+The pack ID must be quoted if it contains blanks.
+If the
.Fl r
flag is given, the disk sectors containing the label and bootstrap
-will be written directly. A side-effect of this is that any existing
+will be written directly.
+A side-effect of this is that any existing
bootstrap code will be overwritten and the disk rendered unbootable.
If
.Fl r
is not specified, the existing label will be updated via the in-core
-copy and any bootstrap code will be unaffected. If the disk does not
-already have a label, the
+copy and any bootstrap code will be unaffected.
+If the disk does not already have a label, the
.Fl r
-flag must be used. In either case, the kernel's in-core label is
-replaced.
+flag must be used.
+In either case, the kernel's in-core label is replaced.
.Pp
In the third form of the command (edit), the label is read from the
in-core kernel copy, or directly from the disk if the
.Fl r
-flag is also given. The label is formatted and then supplied to an
-editor for changes. If no editor is specified in an
+flag is also given.
+The label is formatted and then supplied to an editor for changes.
+If no editor is specified in an
.Ev EDITOR
environment variable,
.Xr vi 1
-is used. When the editor terminates, the formatted label is reread and
-used to rewrite the disk label. Existing bootstrap code is unchanged
-regardless of whether
+is used.
+When the editor terminates, the formatted label is reread and
+used to rewrite the disk label.
+Existing bootstrap code is unchanged regardless of whether
.Fl r
was specified.
.Pp
The initial label editor mode is only intended for new disks as it
will move partitions around as necessary to maintain a contiguous pool
-of free blocks. Some commands or prompts take an optional unit.
+of free blocks.
+Some commands or prompts take an optional unit.
Available units are
.Sq b
for bytes,
for megabytes,
and
.Sq g
-for gigabytes. Quantities will be rounded to the nearest
-cylinder when units are specified for sizes (or offsets). Commands
-may be aborted by entering
+for gigabytes.
+Quantities will be rounded to the nearest
+cylinder when units are specified for sizes (or offsets).
+Commands may be aborted by entering
.Ql ^D
(Control-D).
Entering
.Ql ^D
at the main
.Ql >
-prompt will exit the editor. At prompts that request a size,
+prompt will exit the editor.
+At prompts that request a size,
.Ql *
may be entered to indicate the rest of the available space.
The editor commands are as follows:
.Bl -tag -width "p [unit] "
.It ? Op command
-Display help message with all available commands. You may specify a
+Display help message with all available commands.
+You may specify a
.Em command
-for which to get more detailed help. There is also (simple)
-context-sensitive help available at most prompts.
+for which to get more detailed help.
+There is also (simple) context-sensitive help available at most prompts.
.It M
Display this manual page.
.It u
-Undo (or redo) last change. Entering
+Undo (or redo) last change.
+Entering
.Em u
-once will undo your last change. Entering it again will restore the change.
+once will undo your last change.
+Entering it again will restore the change.
.It p Op unit
-Print the current disk label. If a
+Print the current disk label.
+If a
.Em unit
is given, the size and offsets are displayed in terms of the
specified unit.
.It e
-Edit drive parameters. This option is used to set the following
-parameters: sectors/track, tracks/cylinder, sectors/cylinder,
+Edit drive parameters.
+This option is used to set the following
+parameters: sectors/track, tracks/cylinder, sectors/cylinder,
number of cylinders on the disk, total sectors on the disk, rpm,
interleave, disk type, and a descriptive label string.
.It b
-Set OpenBSD disk boundaries. This option tells
+Set OpenBSD disk boundaries.
+This option tells
.Nm
-which parts of the disk it is allowed to modify. This option is
+which parts of the disk it is allowed to modify.
+This option is
probably only useful for ports with fdisk partition tables where the
-ending sector in the MBR is incorrect. The user may enter
+ending sector in the MBR is incorrect.
+The user may enter
.Ql *
at the
.Dq Size
prompt to indicate the entire size of the disk (minus
-the starting sector). This is useful for disks larger than 8
+the starting sector).
+This is useful for disks larger than 8
gigabytes where the fdisk partition table is incapable of storing
the real size.
.It r
-Recalculate free space. This option should really not be necessary
-under normal circumstances.
+Recalculate free space.
+This option should really not be necessary under normal circumstances.
.It a Op part
-Add new partition. This option adds a new BSD partition. If no
-partition letter is specified (a-p), the user will be prompted for
+Add new partition.
+This option adds a new BSD partition.
+If no partition letter is specified (a-p), the user will be prompted for
one.
.It c Op part
-Change the size of an existing partition. If no partition is
-specified, the user will be prompted for one. The new size may be
+Change the size of an existing partition.
+If no partition is specified, the user will be prompted for one.
+The new size may be
in terms of the aforementioned units and may also be prefixed with
.Ql +
or
.It d Op part
Delete an existing partition (or
.Ql *
-to delete all partitions). If no partition is specified, the
-user will be prompted for one. You may not delete the
+to delete all partitions).
+If no partition is specified, the user will be prompted for one.
+You may not delete the
.Ql c
partition.
.It g Op d|b|u
.Nm
made any changes).
.It m Op part
-Modify parameters for an existing partition. If no partition is
-specified, the user will be prompted for one. This option allows
+Modify parameters for an existing partition.
+If no partition is specified, the user will be prompted for one.
+This option allows
the user to change the filesystem type, starting offset, partition
size, block fragment size, block size, and cylinders per group for
the specified partition (not all parameters are configurable for
non-BSD partitions).
.It n Op part
-Name the mount point for an existing partition. If no partition is
-specified, the user will be prompted for one. This option is only
-valid if
+Name the mount point for an existing partition.
+If no partition is specified, the user will be prompted for one.
+This option is only valid if
.Nm
was invoked with the
.Fl f
format (suitable for loading via
the
.Fl R
-option). If no path is specified, the user will be prompted for
-one.
+option).
+If no path is specified, the user will be prompted for one.
.It w
-Write the label to disk. This option will commit any changes to
-the on-disk label.
+Write the label to disk.
+This option will commit any changes to the on-disk label.
.It q
-Quit the editor. If any changes have been made, the user will be
+Quit the editor.
+If any changes have been made, the user will be
asked whether or not to save the changes to the on-disk label.
.It x
Exit the editor without saving any changes to the label.
.Pp
In the restore form of the command, the prototype file used to create
the label should be in the same format as that produced when reading
-or editing a label. Comments are delimited by
+or editing a label.
+Comments are delimited by
.Ar \&#
-and newline. As with
+and newline.
+As with
.Fl w ,
any existing bootstrap code will be clobbered if
.Fl r
The final three forms of
.Nm
are used to install bootstrap code on machines where the bootstrap is
-part of the label. The bootstrap code is comprised of one or two boot
+part of the label.
+The bootstrap code is comprised of one or two boot
programs depending on the machine.
.Pp
When installting bootstrap code with the
.Fl B
flag, if the names are not explicitly given, standard boot programs
-will be used. The boot programs are located in
+will be used.
+The boot programs are located in
.Pa /usr/mdec .
The names of the programs are taken from the
.Dq b0
.Ar disktype
was given and its disktab entry exists and includes those parameters.
Otherwise, boot program names are derived from the name of the
-disk. These names are of the form
+disk.
+These names are of the form
.Pa basename Ns boot
for the primary (or only) bootstrap, and
.Pf boot Pa basename
.Em sd0 .
.Pp
The first of the three boot-installation forms is used to install
-bootstrap code without changing the existing label. It is essentially
+bootstrap code without changing the existing label.
+It is essentially
a read command with respect to the disk label itself and all options
are related to the specification of the boot program as described
-previously. The final two forms are analogous to the basic write and
+previously.
+The final two forms are analogous to the basic write and
restore versions except that they will install bootstrap code in
addition to a new label.
-.Sh FILES
-.Bl -tag -width Pa -compact
-.It Pa /etc/disktab
-.It Pa /usr/mdec/ Ns Em xx Ns boot
-.It Pa /usr/mdec/boot Ns Em xx
-.El
.Sh EXAMPLES
.Dl disklabel sd0
.Pp
.Dq sd2212
found in
.Pa /etc/disktab .
-Any existing bootstrap code will be clobbered. (Normally you do
-not want to use the
+Any existing bootstrap code will be clobbered.
+(Normally you do not want to use the
.Fl r
flag though.)
.Pp
.Dl disklabel -e -r sd0
.Pp
Read the on-disk label for sd0, edit it and reinstall in-core as
-well as on-disk. (Normally you do not want to use the
+well as on-disk.
+(Normally you do not want to use the
.Fl r
flag
-though.) Existing bootstrap code is unaffected.
+though.)
+Existing bootstrap code is unaffected.
.Pp
.Dl disklabel -R sd0 mylabel
.Pp
.Pp
.Dl disklabel -B sd0
.Pp
-Install a new bootstrap on sd0. The boot code comes from
+Install a new bootstrap on sd0.
+The boot code comes from
.Pa /usr/mdec/sdboot
and possibly
.Pa /usr/mdec/bootsd .
On-disk and in-core labels are unchanged, but on some systems other
-information may be destroyed. Use with care.
+information may be destroyed.
+Use with care.
.Pp
.Dl disklabel -w -B /dev/rsd0c -b newboot sd2212
.Pp
-Install a new label and bootstrap. The label is derived from
-disktab information for
+Install a new label and bootstrap.
+The label is derived from disktab information for
.Dq sd2212
and installed both in-core and
-on-disk. The bootstrap code comes from the file
+on-disk.
+The bootstrap code comes from the file
.Pa /usr/mdec/newboot .
+.Sh FILES
+.Bl -tag -width Pa -compact
+.It Pa /etc/disktab
+.It Pa /usr/mdec/ Ns Em xx Ns boot
+.It Pa /usr/mdec/boot Ns Em xx
+.El
.Sh SEE ALSO
.Xr disklabel 5 ,
.Xr disktab 5
.Sh DIAGNOSTICS
The kernel device drivers will not allow the size of a disk partition
to be decreased or the offset of a partition to be changed while
-it is open. Some device drivers create a label containing only a
+it is open.
+Some device drivers create a label containing only a
single large partition if a disk is unlabeled; thus, the label must
be written to the
.Sq a
partition.
.Pp
On some machines the bootstrap code may not fit entirely in the
-area allocated for it by some filesystems. As a result, it may
+area allocated for it by some filesystems.
+As a result, it may
not be possible to have filesystems on some partitions of a
.Dq bootable
-disk. When installing bootstrap code,
+disk.
+When installing bootstrap code,
.Nm
-checks for these cases. If the installed boot code would overlap
-a partition of type
+checks for these cases.
+If the installed boot code would overlap a partition of type
.Dv FS_UNUSED
it is marked as type
.Dv FS_BOOT .
.Sh NOTES
On i386 machines,
.Xr installboot 8
-is normally used to install boot code. The
+is normally used to install boot code.
+The
.Fl B
option to
.Nm
.Sq a
partition on the tahoe, the
.Sq c
-partition on all others. In
+partition on all others.
+In
.Fl E
mode,
.Nm
is far too quick to shuffle partitions around; it should keep a
free block list and only move partitions around with the user's
-permission. Also, in
+permission.
+Also, in
.Fl E
mode, partitions outside the OpenBSD portion of the disk should
be changeable.
-.\" $OpenBSD: dump.8,v 1.22 2000/03/05 00:28:49 aaron Exp $
+.\" $OpenBSD: dump.8,v 1.23 2000/03/18 22:55:55 aaron Exp $
.\" $NetBSD: dump.8,v 1.17 1997/06/05 11:15:06 lukem Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
examines files
on a filesystem
and determines which files
-need to be backed up. These files
-are copied to the given disk, tape or other
+need to be backed up.
+These files are copied to the given disk, tape or other
storage medium for safe keeping (see the
.Fl f
option below for doing remote backups).
A dump that is larger than the output medium is broken into
multiple volumes.
On most media the size is determined by writing until an
-end-of-media indication is returned. This can be enforced
-by using the
+end-of-media indication is returned.
+This can be enforced by using the
.Cm a
option.
.Pp
.It Fl a
.Dq auto-size .
Bypass all tape length considerations, and enforce writing until
-an end-of-media indication is returned. This option is recommended
-for most modern tape drives. Use of this option is particularly
+an end-of-media indication is returned.
+This option is recommended for most modern tape drives.
+Use of this option is particularly
recommended when appending to an existing tape, or using a tape
drive with hardware compression (where you can never be sure about
the compression ratio).
whilst a backup is in progress, statistics on the amount completed,
current transfer rate, and estimated finished time, will be written
to the standard error output.
+.Sh DIAGNOSTICS
+Many, and verbose.
+.Pp
+.Nm
+exits with zero status on success.
+Startup errors are indicated with an exit code of 1;
+abnormal termination is indicated with an exit code of 3.
.Sh FILES
.Bl -tag -width /etc/dumpdates -compact
.It Pa /dev/rst0
.Xr fstab 5 ,
.Xr restore 8 ,
.Xr rmt 8
-.Sh DIAGNOSTICS
-Many, and verbose.
-.Pp
+.Sh HISTORY
+A
.Nm
-exits with zero status on success.
-Startup errors are indicated with an exit code of 1;
-abnormal termination is indicated with an exit code of 3.
+command appeared in
+.At v6 .
.Sh BUGS
Fewer than 32 read errors on the filesystem are ignored.
.Pp
and provided more assistance
for the operator running
.Xr restore .
-.Sh HISTORY
-A
-.Nm
-command appeared in
-.At v6 .
-.\" $OpenBSD: fdisk.8,v 1.30 2000/03/05 00:28:49 aaron Exp $
+.\" $OpenBSD: fdisk.8,v 1.31 2000/03/18 22:55:55 aaron Exp $
.\"
.\" Copyright (c) 1997 Tobias Weingartner
.\" All rights reserved.
.Ar device
.Sh DESCRIPTION
In order for the BIOS to boot the kernel, certain conventions must be
-adhered to. Sector 0 of a bootable hard disk must contain boot code,
-an MBR partition table, and a magic number. These MBR partitions (also
+adhered to.
+Sector 0 of a bootable hard disk must contain boot code,
+an MBR partition table, and a magic number.
+These MBR partitions (also
known as BIOS partitions) can be used to break the disk up into several
-pieces. The BIOS loads sector 0 of the boot disk into memory, verifies
+pieces.
+.Pp
+The BIOS loads sector 0 of the boot disk into memory, verifies
the magic number, and begins executing the code at the first byte.
The normal DOS MBR boot code searches the MBR partition table for an
.Dq active
partition (indicated by a
-.Dq \&*
+.Ql \&*
in the first column), and if one
is found, the boot block from that partition is loaded and executed in
place of the original (MBR) boot block.
options.
.Pp
This disk is divided into two partitions that happen to fill the disk.
-The first partition overlaps the third partition. (Used for debugging
-purposes.)
+The first partition overlaps the third partition.
+(Used for debugging purposes.)
.Bl -tag -width "start/size"
.It Em "#"
-Number of partition table entry. A
+Number of partition table entry.
+A
.Dq \&*
denotes the bootable partition.
.It Em "id"
will completely overwrite the primary MBR, and start with a fresh one using
a default template, or one given by the
.Fl f
-flag. It will set up partition number 3 to be an
+flag.
+It will set up partition number 3 to be an
.Os
partition, that will start at cylinder 0, head 1, sector 1, and extend
to the end of the disk.
This mode is designed to initialize an MBR the very first time,
-or when it has been corrupted beyond repair. It is almost equivalent
-to the DOS command
+or when it has been corrupted beyond repair.
+It is almost equivalent to the DOS command
.Dq FDISK /MBR .
.Pp
The flag
.Fl e
is used to modify a partition table using a interactive edit mode of the
.Nm
-program. This mode is designed to allow you to change any partition on the
-drive you choose, including extended partitions. It is a very powerful mode,
+program.
+This mode is designed to allow you to change any partition on the
+drive you choose, including extended partitions.
+It is a very powerful mode,
but is safe as long as you do not execute the
.Em write
command, or answer in the negative (the default) when
When you first enter this mode, you are presented with a prompt, that looks
like so:
.Em "fdisk: 0>" .
-This prompt has two important pieces of information for you. It will tell
-you if the in-memory copy of the boot block has been modified or not. If it
-has been modified, the prompt will change to look like:
+This prompt has two important pieces of information for you.
+It will tell
+you if the in-memory copy of the boot block has been modified or not.
+If it has been modified, the prompt will change to look like:
.Em "fdisk:*0>" .
The second piece of information pertains to the number given in the prompt.
This number specifies the disk offset of the currently selected boot block
-you are editing. This number could be something different that zero when
-you are editing extended partitions. The list of commands and their
-explanations are given below.
+you are editing.
+This number could be something different that zero when
+you are editing extended partitions.
+The list of commands and their explanations are given below.
.Bl -tag -width "update"
.It Em help
Display a list of commands that
Display the current drive geometry that
.Nm
has
-probed. You are given a chance to edit it if you wish.
+probed.
+You are given a chance to edit it if you wish.
.It Em edit
Edit a given table entry in the memory copy of
-the current boot block. You may edit either in BIOS geometry mode,
+the current boot block.
+You may edit either in BIOS geometry mode,
or in sector offsets and sizes.
.It Em flag
-Make the given partition table entry bootable. Only one
-entry can be marked bootable. If you wish to boot from an extended
+Make the given partition table entry bootable.
+Only one entry can be marked bootable.
+If you wish to boot from an extended
partition, you will need to mark the partition table entry for the
extended partition as bootable.
.It Em update
Print the currently selected in-memory copy of the boot
block and its MBR table to the terminal.
.It Em write
-Write the in-memory copy of the boot block to disk. You will
-be asked to confirm this operation.
+Write the in-memory copy of the boot block to disk.
+You will be asked to confirm this operation.
.It Em exit
Exit the current level of
.Nm fdisk ,
.Nm fdisk ,
either returning to the
previously selected in-memory copy of a boot block, or exiting the
-program if there is none. Unlike
+program if there is none.
+Unlike
.Em exit
it does write the modified block out.
.It Em abort
-.\" $OpenBSD: fsck.8,v 1.15 1999/06/04 02:45:15 aaron Exp $
+.\" $OpenBSD: fsck.8,v 1.16 2000/03/18 22:55:56 aaron Exp $
.\" $NetBSD: fsck.8,v 1.14 1996/10/03 20:08:29 christos Exp $
.\"
.\" Copyright (c) 1996 Christos Zoulas. All rights reserved.
The options are as follows:
.Bl -tag -width indent
.It Fl d
-Debugging mode. Just print the commands without executing them. Available
-only if
+Debugging mode.
+Just print the commands without executing them.
+Available only if
.Nm
is compiled to support it.
.It Fl f
Limit the number of parallel checks to
.Ar maxparallel .
By default, the limit is the number of
-disks, running one process per disk. If a smaller limit is given,
+disks, running one process per disk.
+If a smaller limit is given,
the disks are checked round-robin, one filesystem at a time.
.It Fl n
Cause
.It Fl p
Enter preen mode.
.It Fl t Ar fstype
-Invoke fsck only in the comma separated list of filesystem types. If the
-list starts with
+Invoke fsck only in the comma separated list of filesystem types.
+If the list starts with
.Dq no ,
invoke fsck only in the filesystem types that are
.Em not
-.\" $OpenBSD: fsck_ext2fs.8,v 1.10 1999/07/21 01:07:53 deraadt Exp $
+.\" $OpenBSD: fsck_ext2fs.8,v 1.11 2000/03/18 22:55:57 aaron Exp $
.\" $NetBSD: fsck_ext2fs.8,v 1.1 1997/06/11 11:21:48 bouyer Exp $
.\"
.\" Copyright (c) 1997 Manuel Bouyer.
.Sh DESCRIPTION
.Nm
performs interactive filesystem consistency checks and repair for each of
-the filesystems specified on the command line. It is normally invoked from
+the filesystems specified on the command line.
+It is normally invoked from
.Xr fsck 8 .
.Pp
The kernel takes care that only a restricted class of innocuous filesystem
with an abnormal return status.
For each corrected inconsistency one or more lines will be printed
identifying the filesystem on which the correction will take place,
-and the nature of the correction. After successfully correcting a filesystem,
+and the nature of the correction.
+After successfully correcting a filesystem,
.Nm
will print the number of files on that filesystem
and the number of used and free blocks.
.Bl -tag -width indent
.It Fl b Ar block#
Use the block specified immediately after the flag as
-the super block for the filesystem. Block 8193 is usually
-an alternate super block.
+the super block for the filesystem.
+Block 8193 is usually an alternate super block.
.It Fl d
Print debugging output.
.It Fl f
-Force checking of file systems. Normally, if a file system is cleanly
-unmounted, the kernel will set a
+Force checking of file systems.
+Normally, if a file system is cleanly unmounted, the kernel will set a
.Dq clean flag
in the file system superblock and
.Nm
-will not check the file system. This option forces
+will not check the file system.
+This option forces
.Nm
to check the file system, regardless of the state of the clean flag.
.It Fl m Ar mode
-.\" $OpenBSD: fsck_ffs.8,v 1.10 1999/07/21 01:07:53 deraadt Exp $
+.\" $OpenBSD: fsck_ffs.8,v 1.11 2000/03/18 22:55:57 aaron Exp $
.\" $NetBSD: fsck_ffs.8,v 1.12 1996/09/23 16:18:34 christos Exp $
.\"
.\" Copyright (c) 1980, 1989, 1991, 1993
with an abnormal return status and an automatic reboot will then fail.
For each corrected inconsistency one or more lines will be printed
identifying the filesystem on which the correction will take place,
-and the nature of the correction. After successfully correcting a filesystem,
+and the nature of the correction.
+After successfully correcting a filesystem,
.Nm
will print the number of files on that filesystem,
the number of used and free blocks,
.Nm fsck_ffs :
.Bl -tag -width indent
.It Fl f
-Force checking of file systems. Normally, if a file system is cleanly
-unmounted, the kernel will set a
+Force checking of file systems.
+Normally, if a file system is cleanly unmounted, the kernel will set a
.Dq clean flag
in the file system superblock and
.Nm
-will not check the file system. This option forces
+will not check the file system.
+This option forces
.Nm
to check the file system, regardless of the state of the clean flag.
.It Fl b Ar block#
Use the
.Ar block
specified as
-the super block for the filesystem. Block 32 is usually
-an alternate super block.
+the super block for the filesystem.
+Block 32 is usually an alternate super block.
.It Fl m Ar mode
Use the
.Ar mode
-.\" $OpenBSD: fsck_msdos.8,v 1.8 1998/12/15 01:20:31 aaron Exp $
+.\" $OpenBSD: fsck_msdos.8,v 1.9 2000/03/18 22:55:57 aaron Exp $
.\" $NetBSD: fsck_msdos.8,v 1.4 1996/10/17 20:41:24 cgd Exp $
.\"
.\" Copyright (C) 1995 Wolfgang Solfrank
during automatic reboot, when a FAT filesystem is detected.
When preening file systems,
.Nm
-will fix common inconsistencies non-interactively. If
-more serious problems are found,
+will fix common inconsistencies non-interactively.
+If more serious problems are found,
.Nm
does not try to fix them, indicates that it was not
successful, and exits.
-.\" $OpenBSD: fsdb.8,v 1.12 1999/07/04 18:59:39 aaron Exp $
+.\" $OpenBSD: fsdb.8,v 1.13 2000/03/18 22:55:57 aaron Exp $
.\" $NetBSD: fsdb.8,v 1.5 1997/01/11 05:51:40 lukem Exp $
.\"
.\" Copyright (c) 1996 The NetBSD Foundation, Inc.
opens
.Ar fsname
(usually a raw disk partition) and runs a command loop
-allowing manipulation of the file system's inode data. You are prompted
-to enter a command with
+allowing manipulation of the file system's inode data.
+You are prompted to enter a command with
.Ic "fsdb (inum X)>"
where
.Va X
-is the currently selected i-number. The initial selected inode is the
-root of the filesystem (i-number 2).
+is the currently selected i-number.
+The initial selected inode is the root of the file system (i-number 2).
+.Pp
The command processor uses the
.Xr editline 3
library, so you can use command line editing to reduce typing if desired.
When you exit the command loop, the file system superblock is marked
dirty and any buffered blocks are written to the file system.
.Pp
-The
-.Fl d
-option enables additional debugging output (which comes primarily from
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl d
+Enables additional debugging output (which comes primarily from
.Xr fsck 8 -derived
code).
-.Sh COMMANDS
+.El
+.Pp
Besides the built-in
.Xr editline 3
commands,
.It Cm clri
Clear the current inode.
.Pp
-.It Cm lookup Ar name
-.It Cm cd Ar name
+.It Cm lookup Ar name , Cm cd Ar name
Find
.Ar name
in the current directory and make its inode the current inode.
.Ar Name
may be a multi-component name or may begin with slash to indicate that
-the root inode should be used to start the lookup. If some component
+the root inode should be used to start the lookup.
+If some component
along the pathname is not found, the last valid directory encountered is
left as the active inode.
.Pp
This command is valid only if the starting inode is a directory.
.Pp
-.It Cm active
-.It Cm print
+.It Cm active , Cm print
Print out the active inode.
.Pp
.It Cm uplink
.Ar number .
.Pp
.It Cm ls
-List the current inode's directory entries. This command is valid only
-if the current inode is a directory.
+List the current inode's directory entries.
+This command is valid only if the current inode is a directory.
.Pp
-.It Cm rm Ar name
-.It Cm del Ar name
+.It Cm rm Ar name , Cm del Ar name
Remove the entry
.Ar name
-from the current directory inode. This command is valid only
-if the current inode is a directory.
+from the current directory inode.
+This command is valid only if the current inode is a directory.
.Pp
.It Cm ln Ar ino Ar name
Create a link to inode
.Ar ino
under the name
.Ar name
-in the current directory inode. This command is valid only
-if the current inode is a directory.
+in the current directory inode.
+This command is valid only if the current inode is a directory.
.Pp
.It Cm chinum Ar dirslot Ar inum
Change the i-number in directory entry
.Ar dirslot
to
.Ar name .
-This command cannot expand a directory entry. You can only rename an
+This command cannot expand a directory entry.
+You can only rename an
entry if the name will fit into the existing directory slot.
.Pp
.It Cm chtype Ar type
Change the generation number of the current inode to
.Ar gen .
.Pp
-.It Cm mtime Ar time
-.It Cm ctime Ar time
-.It Cm atime Ar time
+.It Xo Cm mtime Ar time ,
+.Cm ctime Ar time ,
+.Cm atime Ar time
+.Xc
Change the modification, change, or access time (respectively) on the
current inode to
.Ar time .
.Em YYYYMMDDHHMMSS[.nsec]
where
.Em nsec
-is an optional nanosecond specification. If no nanoseconds are specified, the
+is an optional nanosecond specification.
+If no nanoseconds are specified, the
.Va mtimensec ,
.Va ctimensec ,
or
.Va atimensec
field will be set to zero.
.Pp
-.It Cm quit, Cm q, Cm exit, Em <EOF>
+.It Xo Cm quit ,
+.Cm q , Cm exit, Em <EOF>
+.Xc
Exit the program.
.El
.Sh SEE ALSO
.Xr fs 5 ,
.Xr clri 8 ,
.Xr fsck 8
+.Sh HISTORY
+.Nm
+uses the source code for
+.Xr fsck 8
+to implement most of the file system manipulation code.
+The remainder of
+.Nm
+first appeared in
+.Nx 1.1 .
.Sh BUGS
Manipulation of
.Dq short
There are a bunch of other things that you might want to do which
.Nm
doesn't implement.
-.Sh HISTORY
-.Nm
-uses the source code for
-.Xr fsck 8
-to implement most of the file system manipulation code. The remainder of
-.Nm
-first appeared in
-.Nx 1.1 .
.Sh WARNING
Use this tool with extreme caution \(en you can damage an FFS file system
beyond what
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: fsirand.8,v 1.18 2000/03/05 00:28:57 aaron Exp $
+.\" $OpenBSD: fsirand.8,v 1.19 2000/03/18 22:55:57 aaron Exp $
.\"
.Dd January 25, 1997
.Dt FSIRAND 8
itself so it is no longer necessary to
run
.Nm
-by hand on a new filesystem. It is only used to
-re-randomize or report on an existing filesystem.
+by hand on a new filesystem.
+It is only used to re-randomize or report on an existing filesystem.
.Pp
.Nm
should only be used on an unmounted filesystem that
.Xr fs 5 ,
.Xr fsck 8 ,
.Xr newfs 8
+.Sh AUTHOR
+Todd C. Miller <Todd.Miller@courtesan.com>
.Sh HISTORY
The
.Nm
.Nm
first appeared in
.Ox 2.1 .
-.Sh AUTHOR
-Todd C. Miller <Todd.Miller@courtesan.com>
-.\" $OpenBSD: ifconfig.8,v 1.38 2000/01/17 03:02:14 mickey Exp $
+.\" $OpenBSD: ifconfig.8,v 1.39 2000/03/18 22:55:57 aaron Exp $
.\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
.\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
.\"
must be used at boot-time to define the network address
of each interface present on a machine; it may also be used at
a later time to redefine an interface's address
-or other operating parameters. To configure a bridge interface,
-use the
+or other operating parameters.
+To configure a bridge interface, use the
.Xr brconfig 8
program instead.
.Pp
-Available operands for
-.Nm ifconfig :
+The operands are as follows:
.Bl -tag -width Ds
.It Ar address
For the
For the
.Tn ISO
family, addresses are specified as a long hexadecimal string,
-as in the Xerox family. However, two consecutive dots imply a zero
+as in the Xerox family.
+However, two consecutive dots imply a zero
byte, and the dots are optional, if the user wishes to (carefully)
count out long strings of digits in network byte order.
.Tn AppleTalk
.Cm srcsa
or
.Cm dstsa
-flags. If the all-zeroes SA is specified, the sending SA is cleared
-by default.
+flags.
+If the all-zeroes SA is specified, the sending SA is cleared by default.
.It Cm debug
Enable driver dependent debugging code; usually, this turns on
extra console error logging.
.Xr ipsec 4
Security Association (SA) to an
.Xr enc 4
-interface. The interface can then be used in conjunction with the
+interface.
+The interface can then be used in conjunction with the
.Xr bridge 4
-to establish virtual Local Area Networks (LANs). The SA is specified
-as
+to establish virtual Local Area Networks (LANs).
+The SA is specified as
.Ar address/SPI/protocol ,
where
.Ar address
is a hexadecimal number, and
.Ar protocol
is a decimal number identifying the security protocol (typically 50
-for ESP, 51 for AH, or 4 for IP-in-IP). The SA must exist for the
-operation to be successfully completed. Typically, such SAs would be
+for ESP, 51 for AH, or 4 for IP-in-IP).
+The SA must exist for the operation to be successfully completed.
+Typically, such SAs would be
established via
.Xr ipsecadm 1 .
This SA will be used to send packets to a remote host via
SA is specified, any existing binding between the corresponding
.Xr enc 4
interface and the SA is cleared (in fact, just the SPI and the protocol
-part of the SA have to be set to zero). Only one SA may be bound to an
+part of the SA have to be set to zero).
+Only one SA may be bound to an
.Xr enc 4
-interface at a time. SAs may not be bound to the
+interface at a time.
+SAs may not be bound to the
.Dq enc0
interface.
.It Cm giftunnel
Set the source and destination tunnel addresses on a
.Xr gif 4
-interface. Packets routed to this interface will be encapsulated in
-IPv4 or IPv6, depending on the source and destination address
-families. Both addresses must be of the same family. This flag
-obsoletes the old
+interface.
+Packets routed to this interface will be encapsulated in
+IPv4 or IPv6, depending on the source and destination address families.
+Both addresses must be of the same family.
+This flag obsoletes the old
.Nm gifconfig
command.
.It Cm ipdst
.It Cm link[0-2]
Enable special processing of the link level of the interface.
These three options are interface specific in actual effect; however,
-they are in general used to select special modes of operation. An example
+they are in general used to select special modes of operation.
+An example
of this is to enable SLIP compression, or to select the connector type
-for some Ethernet cards. Refer to the man page for the specific driver
-for more information.
+for some Ethernet cards.
+Refer to the man page for the specific driver for more information.
.It Fl link[0-2]
Disable special processing at the link level with the specified interface.
.It Cm media Ar type
Set the media type of the interface to
.Ar type .
Some interfaces support the mutually exclusive use of one of several
-different physical media connectors. For example, a 10Mb/s Ethernet
-interface might support the use of either
+different physical media connectors.
+For example, a 10Mb/s Ethernet interface might support the use of either
.Tn AUI
-or twisted pair connectors. Setting the media type to
+or twisted pair connectors.
+Setting the media type to
.Dq 10base5
or
.Dq AUI
.Dq 10baseT
or
.Dq UTP
-would activate twisted pair. Refer to the interfaces' driver
+would activate twisted pair.
+Refer to the interfaces' driver
specific man page for a complete list of the available types.
.It Cm mediaopt Ar opts
Set the specified media options on the interface.
Set the media instance to
.Ar minst .
This is useful for devices which have multiple physical layer interfaces
-(PHYs). Setting the instance on such devices may not be strictly required
+(PHYs).
+Setting the instance on such devices may not be strictly required
by the network interface driver as the driver may take care of this
automatically; see the driver's manual page for more information.
.It Cm metric Ar n
37 type addresses.
.It Cm phase
The argument following this specifies the version (phase) of the
-AppleTalk network attached to the interface. Values of 1 or 2 are permitted.
+AppleTalk network attached to the interface.
+Values of 1 or 2 are permitted.
.It Cm pltime Ar n
(inet6 only)
Set preferred lifetime for the address.
.It Cm range
Under AppleTalk, set the interface to respond to a
.Em netrange
-of the form startnet-endnet. AppleTalk uses this scheme instead of
-netmasks though OpenBSD implements it internally as a set of netmasks.
+of the form startnet-endnet.
+AppleTalk uses this scheme instead of
+netmasks though
+.Ox
+implements it internally as a set of netmasks.
.It Cm srcsa
Similar to
.Cm dstsa ,
.Xr ipsec 4
SA to an
.Xr enc 4
-interface. The SAs bound via this operation are receiving SAs. Any
-packets received over one of these SAs, will be made to appear as if
+interface.
+The SAs bound via this operation are receiving SAs.
+Any packets received over one of these SAs, will be made to appear as if
it arrived by the corresponding
.Xr enc 4
-interface. If the interface is part of a bridge, the packets will be
-delivered to the bridge. Contrary to the
+interface.
+If the interface is part of a bridge, the packets will be
+delivered to the bridge.
+Contrary to the
.Cm dstsa
flag, multiple SAs may be bound to an
.Xr enc 4
-interface via this operation. Similar to the
+interface via this operation.
+Similar to the
.Cm dstsa
flag, no SAs may be bound to the
.Dq enc0
causes
.Nm
to print information on all interfaces.
-The protocol family may be specified as well. Additionally, if
+The protocol family may be specified as well.
+Additionally, if
.Fl am ,
is used, interface media information is printed.
.Pp
If
.Fl A
is used, it causes full interface alias information for each interface to
-be displayed. If
+be displayed.
+If
.Fl Am
is used, interface media information is printed for all interfaces
as well.
followed by an interface name is specified, then the media information
for that interface will be printed.
.Pp
-Only the super-user may modify the configuration of a network interface.
+Only the superuser may modify the configuration of a network interface.
.Sh EXAMPLES
.Bl -tag -width ifconfig
.It Cm ifconfig fxp0 inet 192.168.1.10 netmask 255.255.255.0
-.\" $OpenBSD: init.8,v 1.25 2000/03/14 21:31:34 aaron Exp $
+.\" $OpenBSD: init.8,v 1.26 2000/03/18 22:55:58 aaron Exp $
.\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
The kernel
.Xr securelevel 7
is normally set to 0 while in single-user mode, and raised to 1 when
-the system begins multi-user operations. This action will not take
-place if the securelevel is -1, and can be modified via the
+the system begins multi-user operations.
+This action will not take
+place if the securelevel is \-1, and can be modified via the
.Pa /etc/rc.securelevel
script.
.Pp
The
.Xr login
program, when a valid user logs in,
-executes a shell for that user. When this shell
-dies, either because the user logged out
+executes a shell for that user.
+When this shell dies, either because the user logged out
or an abnormal termination occurred (a signal),
the
.Nm
-.\" $OpenBSD: ipf.5,v 1.21 2000/03/14 21:31:34 aaron Exp $
+.\" $OpenBSD: ipf.5,v 1.22 2000/03/18 22:55:58 aaron Exp $
.Dd July 9, 1999
.Dt IPF 5
.Os
.Sh DESCRIPTION
A rule file for
.Nm
-may have any name or even be stdin. As
+may have any name or even be stdin.
+As
.Xr ipfstat 8
produces parseable rules as output when displaying the internal
kernel filter lists, it is quite plausible to use its output to feed back
into
-.Nm ipf .
+.Nm ipf .
Thus, to remove all filters on input packets, the following
could be done:
.nf
lists, prepending the rule with
.Cm @n
will cause it to be inserted
-as the n'th entry in the current list. This is especially useful when
+as the n'th entry in the current list.
+This is especially useful when
modifying and testing active filter rulesets.
.Sh ACTIONS
The action indicates what to do with the packet if it matches the rest
-of the filter rule. Each rule
+of the filter rule.
+Each rule
.Em must
-have an action. The following actions are recognized:
+have an action.
+The following actions are recognized:
.Pp
.Bl -tag -width XXXXXXXX -offset indent
.It block
-indicates that the packet should be flagged to be dropped. In response
+indicates that the packet should be flagged to be dropped.
+In response
to blocking a packet, the filter may be instructed to send a reply
packet, either an ICMP packet
.Pq Cm return-icmp ,
An ICMP packet may be generated in response to
any IP packet, and its type may optionally be specified, but a TCP
reset may only be used with a rule which is being applied to TCP
-packets. When using
+packets.
+When using
.Cm return-icmp
or
.Cm return-icmp-as-dest ,
-it is possible to specify the actual unreachable `type'. That is, whether
+it is possible to specify the actual unreachable `type'.
+That is, whether
it is a network unreachable, port unreachable or even administratively
-prohibited. This is done by enclosing the ICMP code associated with it
+prohibited.
+This is done by enclosing the ICMP code associated with it
in parenthesis directly following
.Cm return-icmp
or
.It count
causes the packet to be included in the accounting statistics kept by
the filter, and has no effect on whether the packet will be allowed through
-the filter. These statistics are viewable with
+the filter.
+These statistics are viewable with
.Xr ipfstat 8 .
.It call
this action is used to invoke the named function in the kernel, which
-must conform to a specific calling interface. Customized actions and
-semantics can thus be implemented to supplement those available. This
-feature is for use by knowledgeable hackers, and is not currently
+must conform to a specific calling interface.
+Customized actions and
+semantics can thus be implemented to supplement those available.
+This feature is for use by knowledgeable hackers, and is not currently
documented.
.It "skip <n>"
causes the filter to skip over the next
.Cm n
-filter rules. If a rule is inserted or deleted inside the region being
+filter rules.
+If a rule is inserted or deleted inside the region being
skipped over, then the value of
.Cm n
is adjusted appropriately.
.It auth
this allows authentication to be performed by a user-space program running
-and waiting for packet information to validate. The packet is held for a
+and waiting for packet information to validate.
+The packet is held for a
period of time in an internal buffer whilst it waits for the program to return
to the kernel the
.Em real
flags for whether it should be allowed through
-or not. Such a program might look at the source address and request some sort
+or not.
+Such a program might look at the source address and request some sort
of authentication from the user (such as a password) before allowing the
packet through or telling the kernel to drop it if from an unrecognised source.
.It preauth
tells the filter that for packets of this class, it should look in the
-pre-authenticated list for further clarification. If no further matching
+pre-authenticated list for further clarification.
+If no further matching
rule is found, the packet will be dropped (the FR_PREAUTH is not the same
-as FR_PASS). If a further matching rule is found, the result from that is
-used in its instead. This might be used in a situation where a person
+as FR_PASS).
+If a further matching rule is found, the result from that is
+used in its instead.
+This might be used in a situation where a person
.Em logs in
to the firewall and it sets up some temporary rules defining
the access for that person.
Each packet moving through the kernel is either inbound (just been received
on an interface, and moving towards the kernel's protocol processing) or
outbound (transmitted or forwarded by the stack, and on its way to an
-interface). There is a requirement that each filter rule explicitly
+interface).
+There is a requirement that each filter rule explicitly
state which side of the I/O it is to be used on.
.Sh OPTIONS
-The list of options is brief, and all are indeed optional. Where
-options are used, they must be present in the order shown here. These
-are the currently supported options:
+The list of options is brief, and all are indeed optional.
+Where options are used, they must be present in the order shown here.
+These are the currently supported options:
.Pp
.Bl -tag -width dup-to -offset indent
.It log
log (as described in the LOGGING section below).
.It quick
allows "short-cut" rules in order to speed up the filter or override
-later rules. If a packet matches a filter rule which is marked as
+later rules.
+If a packet matches a filter rule which is marked as
.Cm quick ,
this rule will be the last rule checked, allowing a
"short-circuit" path to avoid processing later rules for this
-packet. The current status of the packet (after any effects of the
+packet.
+The current status of the packet (after any effects of the
current rule) will determine whether it is passed or blocked.
.Pp
If this option is missing, the rule is taken to be a "fall-through"
that processing will continue to see if there are any more matches.
.It on
allows an interface name to be incorporated into the matching
-procedure. Interface names are as printed by
+procedure.
+Interface names are as printed by
.Ic "netstat -i" .
If this option is used, the rule will only match if the packet is going
-through that interface in the specified direction (in/out). If this
-option is absent, the rule is taken to be applied to a packet
+through that interface in the specified direction (in/out).
+If this option is absent, the rule is taken to be applied to a packet
regardless of the interface it is present on (i.e., on all interfaces).
Filter rulesets are common to all interfaces, rather than having a
filter list for each interface.
.It dup-to
causes the packet to be copied, and the duplicate packet to be sent
outbound on the specified interface, optionally with the destination
-IP address changed to that specified. This is useful for off-host
-logging, using a network sniffer.
+IP address changed to that specified.
+This is useful for off-host logging, using a network sniffer.
.It to
causes the packet to be moved to the outbound queue on the
-specified interface. This can be used to circumvent kernel routing
+specified interface.
+This can be used to circumvent kernel routing
decisions, and even to bypass the rest of the kernel processing of the
-packet (if applied to an inbound rule). It is thus possible to
+packet (if applied to an inbound rule).
+It is thus possible to
construct a firewall that behaves transparently, like a filtering hub
-or switch, rather than a router. The
+or switch, rather than a router.
+The
.Cm fastroute
keyword is a synonym for this option.
.Sh MATCHING PARAMETERS
The keywords described in this section are used to describe attributes
of the packet to be used when determining whether rules match or don't
-match. The following general-purpose attributes are provided for
+match.
+The following general-purpose attributes are provided for
matching, and must be used in this order:
.Pp
.Bl -tag -width XXXXXXX -offset indent
.It tos
packets with different Type-Of-Service values can be filtered.
-Individual service levels or combinations can be filtered upon. The
-value for the TOS mask can either be represented as a hex number or a
+Individual service levels or combinations can be filtered upon.
+The value for the TOS mask can either be represented as a hex number or a
decimal integer value.
.It ttl
-packets may also be selected by their Time-To-Live value. The value given in
+packets may also be selected by their Time-To-Live value.
+The value given in
the filter rule must exactly match that in the packet for a match to occur.
This value can only be given as a decimal integer value.
.It proto
-allows a specific protocol to be matched against. All protocol names
-found in
+allows a specific protocol to be matched against.
+All protocol names found in
.Pn /etc/protocols
are recognized and may be used.
However, the protocol may also be given as a DECIMAL number, allowing
and
.Cm to
keywords are used to match against IP
-addresses (and optionally port numbers). Rules must specify
+addresses (and optionally port numbers).
+Rules must specify
.Em both
source and destination parameters.
.Pp
IP addresses may be specified in one of two ways: as a numerical
address/mask, or as a hostname
.Cm mask
-netmask. The hostname
+netmask.
+The hostname
may either be a valid hostname, from either the hosts file or DNS
(depending on your configuration and library), an interface name
(in the case of IP address aliases, only the first IP address is used)
or of the dotted numeric
-form. There is no special designation for networks but network names
-are recognized. Note that having your filter rules depend on DNS
+form.
+There is no special designation for networks but network names
+are recognized.
+Note that having your filter rules depend on DNS
results can introduce an avenue of attack, and is
.Em highly
discouraged.
which is taken to
be 0.0.0.0/0 (see below for mask syntax) and matches all IP addresses.
Only the presence of "any" has an implied mask, in all other
-situations, a hostname MUST be accompanied by a mask. It is possible
+situations, a hostname MUST be accompanied by a mask.
+It is possible
to give "any" a hostmask, but in the context of this language, it is
non-sensical.
.Pp
The numerical format "x/y" indicates that a mask of y
consecutive 1 bits set is generated, starting with the MSB, so a y value
-of 16 would give 0xffff0000. The symbolic "x mask y" indicates
+of 16 would give 0xffff0000.
+The symbolic "x mask y" indicates
that the mask y is in dotted IP notation or a hexadecimal number of
-the form 0x12345678. Note that all the bits of the IP address
+the form 0x12345678.
+Note that all the bits of the IP address
indicated by the bitmask must match the address on the packet exactly;
there isn't currently a way to invert the sense of the match, or to
match ranges of IP addresses which do not express themselves easily as
match is included, for either or both of source and
destination, then it is only applied to
.\" XXX - "may only be" ? how does this apply to other protocols? will it not match, or will it be ignored?
-TCP and UDP packets. If there is no
+TCP and UDP packets.
+If there is no
.Cm proto
match parameter,
-packets from both protocols are compared. This is equivalent to "proto
-tcp/udp". When composing
+packets from both protocols are compared.
+This is equivalent to "proto tcp/udp".
+When composing
.Cm port
comparisons, either the service
-name or an integer port number may be used. Port comparisons may be
+name or an integer port number may be used.
+Port comparisons may be
done in a number of forms, with a number of comparison operators, or
-port ranges may be specified. When the port appears as part of the
+port ranges may be specified.
+When the port appears as part of the
.Cm from
object, it matches the source port number, when it appears
as part of the
.Bl -tag -width XXXXXXX -offset indent
.It with
is used to match irregular attributes that some packets may have
-associated with them. To match the presence of IP options in general,
-use
+associated with them.
+To match the presence of IP options in general, use
.Cm "with ipopts" .
To match packets that are too short to contain
a complete header, use
.Pp
Multiple consecutive
.Cm with
-clauses are allowed. Alternatively,
-the keyword
+clauses are allowed.
+Alternatively, the keyword
.Cm and
may be used in place of
.Cm with ,
match of the rule.
.\" XXX describe the options more specifically in a separate section
.It flags
-is only effective for TCP filtering. Each of the letters possible
+is only effective for TCP filtering.
+Each of the letters possible
represents one of the possible flags that can be set in the TCP
-header. The association is as follows:
+header.
+The association is as follows:
.Bd -literal
F - FIN
S - SYN
.Ed
.Pp
The various flag symbols may be used in combination, so that "SA"
-would represent a SYN-ACK combination present in a packet. There is
+would represent a SYN-ACK combination present in a packet.
+There is
nothing preventing the specification of combinations, such as "SFR",
that would not normally be generated by law-abiding TCP
-implementations. However, to guard against weird aberrations, it is
-necessary to state which flags you are filtering against. To allow
+implementations.
+However, to guard against weird aberrations, it is
+necessary to state which flags you are filtering against.
+To allow
this, it is possible to set a mask indicating which TCP flags you wish
-to compare (i.e., those you deem significant). This is done by
+to compare (i.e., those you deem significant).
+This is done by
appending "/<flags>" to the set of TCP flags you wish to match
against, e.g.:
.Bd -literal
.Ed
.It icmp-type
is only effective when used with \fBproto icmp\fP and must NOT be used
-in conjunction with \fBflags\fP. There are a number of types, which can be
+in conjunction with \fBflags\fP.
+There are a number of types, which can be
referred to by an abbreviation recognized by this language, or the numbers
-with which they are associated can be used. The most important from
-a security point of view is the ICMP redirect.
+with which they are associated can be used.
+The most important from a security point of view is the ICMP redirect.
.El
.Sh KEEP HISTORY
The second last parameter that can be set for a filter rule is whether or not
-to record historical information for that packet, and what sort to keep. The
-following information can be kept:
+to record historical information for that packet, and what sort to keep.
+The following information can be kept:
.Pp
.Bl -tag -width XXXXXXX -offset indent
.It state
-keeps information about the flow of a communication session. State can
-be kept for TCP, UDP, and ICMP packets.
+keeps information about the flow of a communication session.
+State can be kept for TCP, UDP, and ICMP packets.
.It frags
keeps information on fragmented packets, to be applied to later
fragments.
allowing packets which match these to flow straight through, rather
than going through the access control list.
.Sh GROUPS
-The last pair of parameters control filter rule "grouping". By default, all
-filter rules are placed in group 0 if no other group is specified. To add a
+The last pair of parameters control filter rule "grouping".
+By default, all
+filter rules are placed in group 0 if no other group is specified.
+To add a
rule to a non-default group, the group must first be started by creating a
group
.Cm head .
If a packet matches a rule which is the
.Cm head
of a group, the filter processing then switches to the group, using
-that rule as the default for the group. If
+that rule as the default for the group.
+If
.Cm quick
is used with a
.Cm head
.Sh LOGGING
When a packet is logged, with either the \fBlog\fP action or option,
the headers of the packet are written to the \fBipl\fP packet logging
-pseudo-device. Immediately following the \fBlog\fP keyword, the
+pseudo-device.
+Immediately following the \fBlog\fP keyword, the
following qualifiers may be used (in order):
.Bl -tag -width XXXXXXXX -offset indent
.It body
information about this packet using
.Xr ipmon 8 's
.Fl s
-option. If no facility is specified, the default facility is assumed. If no facility is specified, the default facility is assumed.
+option.
+If no facility is specified, the default facility is assumed.
.El
.Pp
See
.Xr ipl 4
for the format of records written
-to this device. The ipmon(8) program can be used to read and format
-this log.
+to this device.
+The
+.Xr ipmon 8
+program can be used to read and format this log.
.Sh EXAMPLES
The \fBquick\fP option is good for rules such as:
.Pp
.Ed
.Pp
which sets up the range 6000-6003 as being permitted and all others being
-denied. Note that the effect of the first rule is overridden by subsequent
-rules. Another (easier) way to do the same is:
+denied.
+Note that the effect of the first rule is overridden by subsequent rules.
+Another (easier) way to do the same is:
.Bd -literal
block in from any to any port 6000 <> 6003
pass in from any to any port 5999 >< 6004
.Pp
Note that both the "block" and "pass" are needed here to effect a
result as a failed match on the "block" action does not imply a pass,
-only that the rule hasn't taken effect. To then allow ports < 1024, a
-rule such as:
+only that the rule hasn't taken effect.
+To then allow ports < 1024, a rule such as:
.Pp
.Dl pass in quick from any to any port < 1024
.Pp
-would be needed before the first block. To create a new group for
+would be needed before the first block.
+To create a new group for
processing all inbound packets on le0/le1/lo0, with the default being to block
all inbound packets, we would do something like:
.Bd -literal
.Dl pass in proto icmp all group 100
.Pp
Note that because only inbound packets on le0 are used processed by group 100,
-there is no need to respecify the interface name. Likewise, we could further
-breakup processing of TCP, etc, as follows:
+there is no need to respecify the interface name.
+Likewise, we could further breakup processing of TCP, etc, as follows:
.Bd -literal
block in proto tcp all head 110 group 100
pass in from any to any port = 23 group 110
.Ed
.Pp
-and so on. The last line, if written without the groups would be:
+and so on.
+The last line, if written without the groups would be:
.Pp
.Dl pass in on le0 proto tcp from any to any port = telnet
.Pp
-.\" $OpenBSD: ipf.8,v 1.21 2000/03/05 00:28:50 aaron Exp $
+.\" $OpenBSD: ipf.8,v 1.22 2000/03/18 22:55:58 aaron Exp $
.Dd January 6, 2000
.Dt IPF 8
.Os
to all fragments), and much more.
.Pp
.Nm
-provides special capabilities for the most common Internet protocols. Both
-TCP and UDP packets may be filtered by port number or port range, or ICMP
-packets by type/code. Rules may filter packets on any arbitrary combination of
+provides special capabilities for the most common Internet protocols.
+Both TCP and UDP packets may be filtered by port number or port range, or ICMP
+packets by type/code.
+Rules may filter packets on any arbitrary combination of
TCP flags, IP options, IP security classes, or Type of Service (TOS).
.Nm
also supports inverted host/net matching.
Network Address Translation (NAT).
.El
.Pp
-Once these steps are complete a rule file may be created. A very
-simple rule file might contain the following:
+Once these steps are complete a rule file may be created.
+A very simple rule file might contain the following:
.Pp
.Dl pass in from any to any
.Dl pass out from any to any
.Pp
-Here we're passing all packets and not doing any filtering. This is a
+Here we're passing all packets and not doing any filtering.
+This is a
recommended starting point since it allows the current configuration to be
-tested before formulating and installing a more restrictive ruleset. For
-example, the following:
+tested before formulating and installing a more restrictive ruleset.
+For example, the following:
.Pp
.Dl "block in on we0 proto tcp from foo/32 to any"
.Pp
.Dq we0
from host
.Dq foo
-to any internal destination. If this file is
+to any internal destination.
+If this file is
.Pa /etc/ipf.rules
(the default location), the following command will flush the kernel's current
ruleset, install the new ruleset, and enable
.Nm
can maintain a separate
.Dq inactive
-ruleset simultaneously. Inactive rulesets are useful for debugging pending or
+ruleset simultaneously.
+Inactive rulesets are useful for debugging pending or
proposed changes to the active ruleset (see
.Fl I
option below).
The options are as follows:
.Bl -tag -width Ds
.It Fl A
-Apply changes to the active ruleset. This is the default.
+Apply changes to the active ruleset.
+This is the default.
.It Fl I
Apply changes to the inactive ruleset.
.It Fl D
.Sq a
(all filtering rules).
.It Fl F Ar table
-Flush entries from state tables. If
+Flush entries from state tables.
+If
.Ar table
is
.Sq s ,
If
.Sq S ,
.Nm
-removes the entire state table. Only one of the two options may be specified.
+removes the entire state table.
+Only one of the two options may be specified.
A fully established connection will appear in
.Ic ipfstat -s output
as
.It Fl P
Add rules as temporary entries in the authentication rule table.
.It Fl V
-Show version information. This will display the version information compiled
+Show version information.
+This will display the version information compiled
into the ipf binary and retrieve it from the kernel code (if running/present).
If it is present in the kernel, information about its current state will be
displayed (whether logging is active, default filtering, etc).
.It Fl d
-Enable debug mode. Causes a hexdump of filter rules to be generated as it
-processes each one.
+Enable debug mode.
+Causes a hexdump of filter rules to be generated as it processes each one.
.It Fl f Ar filename
Read, parse, and process the
.Nm
.Cm block ,
or
.Cm nomatch .
-Any packet which exits filtering and matches the set category is logged. This
+Any packet which exits filtering and matches the set category is logged.
+This
is useful for causing all packets which don't match any of the loaded rules to
be logged.
.It Fl n
-No change. Prevent
+No change.
+Prevent
.Nm
from actually changing the state of the in-kernel filtering configuration.
.It Fl o
.It Fl v
Enable verbose mode.
.Nm
-will echo each of the successfully processed rules to the standard output. The
+will echo each of the successfully processed rules to the standard output.
+The
original rule and any error messages that result will be echoed to standard
error.
.It Fl y
Force
.Nm
to synchronize the IP filter's in-kernel network interface list with the
-current system interface list. In particular, if an interface's IP address
+current system interface list.
+In particular, if an interface's IP address
changes (i.e., due to a DHCP operation),
.Nm
must be executed with this option.
.Dl ipf -A -Fa -f /etc/ipf.rules -E
.Pp
It is advisable to work with an inactive filtering list before commiting new
-rules to the active in-kernel filtering list. To load a ruleset into the
-inactive list:
+rules to the active in-kernel filtering list.
+To load a ruleset into the inactive list:
.Pp
.Dl ipf -I -Fa -f /etc/ipf.rules
.Pp
.Nm
remotely and has made changes to the
.Pa /etc/ipf.rules
-file on the remote system. The following command sequence is noteworthy:
+file on the remote system.
+The following command sequence is noteworthy:
.Pp
.Dl ipf -I -Fa -f /etc/ipf.rules
.Dl ipf -s; sleep 10; ipf -s
.Pp
The first command installs the new ruleset into the inactive filtering list.
The second command first swaps the inactive (new) rules with the active (old)
-rules. After entering the second command, type some characters. If the
-characters are echoed the new ruleset is possibly valid. If not, within 10
-seconds the old ruleset will be re-installed. This trick is useful for
-minimizing service disruptions.
+rules.
+After entering the second command, type some characters.
+If the characters are echoed the new ruleset is possibly valid.
+If not, within 10
+seconds the old ruleset will be re-installed.
+This trick is useful for minimizing service disruptions.
.Sh NOTES
-Rules are checked in the order they are specified. The last matching rule
-wins, except when the
+Rules are checked in the order they are specified.
+The last matching rule wins, except when the
.Dq quick
keyword is present (see
.Xr ipf 5 ) .
.Pp
Note that
.Fl F Ns No a
-does not affect the state table. To view the current state table, use the
+does not affect the state table.
+To view the current state table, use the
.Xr ipfstat 8
program:
.Pp
.Xr ipnat 8
.Pp
http://coombs.anu.edu.au/~avalon
-
-
-.\" $OpenBSD: ipfstat.8,v 1.18 1999/10/05 20:08:03 aaron Exp $
+.\" $OpenBSD: ipfstat.8,v 1.19 2000/03/18 22:55:58 aaron Exp $
.Dd June 13, 1999
.Dt IPFSTAT 8
.Os
.Dq inactive
and
.Dq active
-filter list details. For use in combination with
+filter list details.
+For use in combination with
.Fl h .
.It Fl n
Show the rule number for each rule as it is printed.
Show packet/flow state information (statistics) and held state information (in
the kernel) if any is present.
.It Fl v
-Turn verbose mode on. Displays more debugging information.
+Turn verbose mode on.
+Displays more debugging information.
.El
.Sh FILES
.Bl -tag -width /dev/ipstate -compact
-.\" $OpenBSD: ipnat.4,v 1.17 2000/01/24 07:27:02 kjell Exp $
+.\" $OpenBSD: ipnat.4,v 1.18 2000/03/18 22:55:58 aaron Exp $
.Dd June 5, 1999
.Dt IPNAT 4
.Os
Unlike
.Xr ipf 4 ,
only a single list is supported by the kernel NAT
-interface. An inactive list which can be swapped to is not currently
-supported.
+interface.
+An inactive list which can be swapped to is not currently supported.
.Pp
.Pp
To add/delete rules to/from the NAT list, two
-.\" $OpenBSD: ipnat.5,v 1.12 2000/01/24 07:27:02 kjell Exp $
+.\" $OpenBSD: ipnat.5,v 1.13 2000/03/18 22:55:59 aaron Exp $
.Dd June 5, 1999
.Dt IPNAT 5
.Os
Files processed by
.Xr ipnat 8
are normal text files containing either a valid NAT rule or a comment on each
-non-blank line. Comment lines begin with a
+non-blank line.
+Comment lines begin with a
.Ql #
-and are ignored, as are blank lines. Valid NAT rules
-are described by the following grammar:
+and are ignored, as are blank lines.
+Valid NAT rules are described by the following grammar:
.Bd -literal -offset indent
natrule ::= maprule | rdrrule | bimaprule
.Ql \&:
in the
.Fa portrange
-rule, there must be no whitespace before or after it. In the case
-of the
+rule, there must be no whitespace before or after it.
+In the case of the
.Ql \&/
in the
.Fa proxy
A
.Ql \&.
in the element causes the element to be interpreted as a numeric IP
-address of the form 1.2.3.4. An
+address of the form 1.2.3.4.
+An
.Ql x
-in the element causes the element to be interpreted as a 32 bit hex value. If all
+in the element causes the element to be interpreted as a 32 bit hex value.
+If all
else fails the element is interpreted as the number of sequential 1's to place
as the most significant bits in the 32 bit network mask.
Whatever the interpretation method, a result network mask of all 1's, indicating a
-hostname, is valid. A network mask of 31 1's (255.255.255.254)
+hostname, is valid.
+A network mask of 31 1's (255.255.255.254)
is considered invalid as there is no space for allocating host
.Tn IP Ns #\&'s
after consideration for broadcast and network addresses.
.Pp
The obvious problem here is we're trying to squeeze over 16,000,000
.Tn IP
-addresses into a 254 address space. To increase the scope, remapping for
+addresses into a 254 address space.
+To increase the scope, remapping for
.Tn TCP
and/or
.Tn UDP ,
.Pp
which falls only 527,566
.Sq addresses
-short of the space available in network
-10. If we were to combine these rules, they would need to be specified as
+short of the space available in network 10.
+If we were to combine these rules, they would need to be specified as
follows:
.Bd -literal -offset indent
map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
.It Fl s
Display statistics.
.It Fl v
-Verbosity. Displays detailed information pertaining to rule processing.
+Verbosity.
+Displays detailed information pertaining to rule processing.
.El
.Pp
Certain configuration requirements must be met before
.It
Packet filtering (see
.Xr ipf 8 )
-must be enabled, even if it's not being used. Check the
+must be enabled, even if it's not being used.
+Check the
.Pa /etc/rc.conf
file and make sure it contains the assignment
.Cm ipfilter=YES .
standard input is represented by a single dash
.Pq Ql - .
Each rule is parsed, then sequentially added to
-the kernel's internal NAT list. Like
+the kernel's internal NAT list.
+Like
.Xr ipf 8 ,
if an entry contradicts another previously added, the newer will take
precedence.
.Ql # )
and blank lines are ignored as
.Nm
-parses the file. Entries may be separated by spaces or tabs. Each rule must
-begin with either
+parses the file.
+Entries may be separated by spaces or tabs.
+Each rule must begin with either
.Em map ,
.Em bimap ,
or
for sample rule entries.
.Ss Mapping rules
.Em map
-tells the NAT how a range of addresses should be translated. The entries use
-the following format:
+tells the NAT how a range of addresses should be translated.
+The entries use the following format:
.Pp
.Bd -unfilled -offset indent -compact
map ifname internal/mask -> external/mask options
.Pp
The
.Em ifname
-field is the interface to which packets are sent. A gateway with a PPP link
-would probably use
+field is the interface to which packets are sent.
+A gateway with a PPP link would probably use
.Dq ppp0
or
.Dq tun0 ,
.Pp
The address range of the LAN goes in the
.Em internal
-field. This is usually one of the three blocks of address space the Internet
+field.
+This is usually one of the three blocks of address space the Internet
Assigned Numbers Authority has allocated for private networks (RFC 1597):
.Pp
.Bd -unfilled -offset indent -compact
address is the offically assigned IP number of the gateway or network.
.Pp
.Em mask
-is the netmask of the address. This mask is 32 bits long, and is divided into
-four 8-bit numbers.
+is the netmask of the address.
+This mask is 32 bits long, and is divided into four 8-bit numbers.
.Pp
.Bd -unfilled -offset indent -compact
11111111.0.0.0 Class A - 8 bits set.
.Em internal
and
.Em external
-may be an actual IP address, the name of an interface, or a hostname. If it is
-a network number, however, a problem may arise. For example:
+may be an actual IP address, the name of an interface, or a hostname.
+If it is a network number, however, a problem may arise.
+For example:
.Pp
.Bd -unfilled -offset indent -compact
map ppp0 10.0.0.0/8 -> 209.1.2.0/24
16,000,000 IP addresses are being squeezed into an address space of only 254.
This is solved by the
.Em portmap
-option, which remaps ports instead of IP addresses. The protocol is specified
-by following the option with either
+option, which remaps ports instead of IP addresses.
+The protocol is specified by following the option with either
.Em tcp ,
.Em udp ,
.Em tcp/udp ,
or
.Em tcpudp
-(the last two have the same effect). The syntax to assign a range of ports is
+(the last two have the same effect).
+The syntax to assign a range of ports is
.Dq portnumber:portnumber .
This looks like:
.Pp
.Pp
.Ss Bidirectional mapping rules
.Em bimap
-is used to create static, bidirectional NAT mappings. Standard
+is used to create static, bidirectional NAT mappings.
+Standard
.Em map
rules only create NAT mappings when the connection is initiated from the
-internal IP address. For example, using the following rule:
+internal IP address.
+For example, using the following rule:
.Pp
.Bd -unfilled -offset indent -compact
map ppp0 10.0.0.3/32 -> 209.1.2.3/32
.Ed
.Pp
NAT mappings will only be created if the machine at 10.0.0.3 initiates the
-connection. To create a truly bidirectional NAT entry,
+connection.
+To create a truly bidirectional NAT entry,
.Em bimap
-is necessary. Using the following rule, for example, clients on the
-ppp0 side of the NAT box can initiate requests to 209.1.2.3. This
-traffic will be mapped to 10.0.0.3 as expected:
+is necessary.
+Using the following rule, for example, clients on the
+ppp0 side of the NAT box can initiate requests to 209.1.2.3.
+This traffic will be mapped to 10.0.0.3 as expected:
.Pp
.Bd -unfilled -offset indent -compact
bimap ppp0 10.0.0.3/32 -> 209.1.2.3/32
.Em bimap
should be used in conjunction with either proxy arp, or
.Xr ifconfig 8
-aliases. For example, if we create two bimap entries such as:
+aliases.
+For example, if we create two bimap entries such as:
.Pp
.Bd -unfilled -offset indent -compact
bimap fxp0 10.0.0.3/32 -> 209.1.2.3/32
.Pp
.Ss Redirection rules
.Em rdr
-tells the NAT how to redirect incoming packets. It is useful if one wishes to
+tells the NAT how to redirect incoming packets.
+It is useful if one wishes to
redirect a connection through a proxy, or to another box on the private
-network. The format of this directive is:
+network.
+The format of this directive is:
.Pp
rdr ifname external/mask port service -> internal port service protocol
.Pp
rdr xl0 0.0.0.0/0 port 25 -> 204.213.176.10 port smtp
.Ed
.Pp
-This redirects all smtp packets received on xl0 to 204.213.176.10, port 25. A
-netmask is not needed on the
+This redirects all smtp packets received on xl0 to 204.213.176.10, port 25.
+A netmask is not needed on the
.Em internal
-address; it is always 32. The
+address; it is always 32.
+The
.Em external
and
.Em internal
fields, similar to the
.Em map
-directive, may be actual addresses, hostnames, or interfaces. Likewise, the
+directive, may be actual addresses, hostnames, or interfaces.
+Likewise, the
.Em service
-field may be the name of a service, or a port number. The
+field may be the name of a service, or a port number.
+The
.Em protocol
of the service may be selected by appending
.Em tcp ,
.Em tcp/udp ,
or
.Em tcpudp
-(the last two have the same effect) to the end of the line. TCP is the default.
+(the last two have the same effect) to the end of the line.
+TCP is the default.
.Sh FILES
.Bl -tag -width /usr/share/ipf/nat.1 -compact
.It Pa /etc/ipnat.rules
.El
.Sh BUGS
.Em bimap
-should really only be used with single IP addresses (x.x.x.x/32). Bimapping
+should really only be used with single IP addresses (x.x.x.x/32).
+Bimapping
other CIDR ranges will result in unexpected, and possibly random mappings
into the destination address block.
.Sh SEE ALSO
-.\" $OpenBSD: ipsecadm.8,v 1.20 2000/01/13 04:48:55 angelos Exp $
+.\" $OpenBSD: ipsecadm.8,v 1.21 2000/03/18 22:55:59 aaron Exp $
+.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
and
.Fl key .
.It old esp
-Setup a SA which uses the old esp transforms. Only
-encryption algorithms can be applied. Allowed modifiers are:
+Setup a SA which uses the old esp transforms.
+Only encryption algorithms can be applied.
+Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl proxy ,
and
.Fl key .
.It new ah
-Setup a SA which uses the new ah transforms. Authentication
-will be done with HMAC using the specified hash algorithm. Allowed modifiers
-are:
+Setup a SA which uses the new ah transforms.
+Authentication will be done with HMAC using the specified hash algorithm.
+Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl proxy ,
and
.Fl key .
.It old ah
-Setup a SA which uses the old ah transforms. Simple keyed
-hashes will be used for authentication. Allowed modifiers are:
+Setup a SA which uses the old ah transforms.
+Simple keyed hashes will be used for authentication.
+Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl proxy ,
and
.Fl key .
.It ip4
-Setup an SA which uses the IP-in-IP encapsulation protocol. This mode
+Setup an SA which uses the IP-in-IP encapsulation protocol.
+This mode
offers no security services by itself, but can be used to route other
-(experimental or otherwise) protocols over an IP network. The SPI value
+(experimental or otherwise) protocols over an IP network.
+The SPI value
is not used for anything other than referencing the information, and
-does not appear on the wire. Unlike other setups, like new esp, there
-is no necessary setup in the receiving side. Allowed modifiers are:
+does not appear on the wire.
+Unlike other setups, like new esp, there
+is no necessary setup in the receiving side.
+Allowed modifiers are:
.Fl dst ,
.Fl src ,
and
Allowed modifiers are:
.Fl dst ,
.Fl spi ,
-.Fl proto .
+.Fl proto ,
and
.Fl chain .
.It group
-Group two SAs together. Allowed modifiers are:
+Group two SAs together.
+Allowed modifiers are:
.Fl dst ,
.Fl spi ,
.Fl proto ,
.Fl bypass .
The
.Xr netstat 1
-command shows the existing egress (outbound) flows. A
+command shows the existing egress (outbound) flows.
+A
.Nm bypass
flow is used to specify a flow for which IPSec processing will be
bypassed, i.e packets will not be processed by any SAs.
This can be useful while travelling where the IP address of potential
clients is not known.
.It flush
-Flush SAs from from kernel. This includes flushing any flows and
-routing entries associated with the SAs. Allowed modifiers are:
+Flush SAs from from kernel.
+This includes flushing any flows and
+routing entries associated with the SAs.
+Allowed modifiers are:
.Fl ah ,
.Fl esp ,
.Fl oldah ,
The modifiers have the following meanings:
.Bl -tag -width forcetunnel -offset indent
.It src
-The source IP address for the SA. This is necessary for incoming
+The source IP address for the SA.
+This is necessary for incoming
SAs to avoid source address spoofing between mutually
-suspicious hosts that have established SAs with us. For outgoing SAs,
-this field is used to fill in the source address when doing
-tunneling.
+suspicious hosts that have established SAs with us.
+For outgoing SAs,
+this field is used to fill in the source address when doing tunneling.
.It dst
The destination IP address for the SA.
.It proxy
This IP address, if provided, is checked against the inner IP address when
-doing tunneling to a firewall, to prevent source spoofing attacks. It is
-strongly recommended that this option is provided when applicable. It is
+doing tunneling to a firewall, to prevent source spoofing attacks.
+It is
+strongly recommended that this option is provided when applicable.
+It is
applicable in a scenario when host A is using IPsec to communicate with
-firewall B, and through that to host C. In that case, the proxy address for
-the incoming SA should be C. This option is not necessary for outgoing SAs.
+firewall B, and through that to host C.
+In that case, the proxy address for
+the incoming SA should be C.
+This option is not necessary for outgoing SAs.
.It spi
The Security Parameter Index (SPI).
.It tunnel
-This option has been deprecated. The arguments are ignored, and it
-otherwise has the same effect as the
+This option has been deprecated.
+The arguments are ignored, and it otherwise has the same effect as the
.Nm forcetunnel
option.
.It newpadding
This option has been deprecated.
.It forcetunnel
Force IP-inside-IP encapsulation before ESP or AH processing is performed for
-outgoing packets. The source/destination addresses of the outgoing IP packet
+outgoing packets.
+The source/destination addresses of the outgoing IP packet
will be those provided in the
.Nm src
and
.Nm dst
-options. Notice that the IPsec stack will perform IP-inside-IP encapsulation
+options.
+Notice that the IPsec stack will perform IP-inside-IP encapsulation
when deemed necessary, even if this flag has not been set.
.It enc
-The encryption algorithm to be used with the SA. Possible values
-are:
+The encryption algorithm to be used with the SA.
+Possible values are:
.Bl -tag -width skipjack
.It Nm des
This is available for both old and new esp.
Notice that hardware crackers for DES can be (and have been) built for
-US$250,000 (in 1998). Use DES for encryption of critical information
-at your own risk.
-We suggest using 3DES instead. DES support is kept for interoperability
-(with old implementations) purposes only. See
+US$250,000 (in 1998).
+Use DES for encryption of critical information at your own risk.
+We suggest using 3DES instead.
+DES support is kept for interoperability
+(with old implementations) purposes only.
+See
.Xr des_cipher 3 .
.It Nm 3des
-This is available for both old and new esp. It is considered
-more secure than straight DES, since it uses larger keys.
+This is available for both old and new esp.
+It is considered more secure than straight DES, since it uses larger keys.
.It Nm blf
-Blowfish encryption is available only in new esp. See
+Blowfish encryption is available only in new esp.
+See
.Xr blf_key 3 .
.It Nm cast
CAST encryption is available only in new esp.
.It Nm skipjack
-SKIPJACK encryption is available only in new esp. This algorithm designed
-by the NSA is faster than 3DES. However, since it was designed by the NSA
+SKIPJACK encryption is available only in new esp.
+This algorithm designed by the NSA and is faster than 3DES.
+However, since it was designed by the NSA
it is a poor choice.
.El
.Pp
.It auth
-The authentication algorithm to be used with the SA. Possible values
-are:
+The authentication algorithm to be used with the SA.
+Possible values are:
.Nm md5
and
.Nm sha1
-for both old and new ah and also new esp. Also
+for both old and new ah and also new esp.
+Also
.Nm rmd160
for both new ah and esp.
.It key
-The secret symmetric key used for encryption and authentication. The size
-for
+The secret symmetric key used for encryption and authentication.
+The size for
.Nm des
and
.Nm 3des
-is fixed to 8 and 24 respectively. For other ciphers like
+is fixed to 8 and 24 respectively.
+For other ciphers like
.Nm cast
or
.Nm blf
-the key length can be variable. The
+the key length can be variable.
+The
.Nm key
-should be given in hexadecimal digits. The
+should be given in hexadecimal digits.
+The
.Nm key
should be chosen in random (ideally, using some true-random source like
-coin flipping). It is very important that the key is not guessable. One
-practical way of generating keys is by using the
+coin flipping).
+It is very important that the key is not guessable.
+One practical way of generating keys is by using the
.Xr random 4
device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1)
.It authkey
The secret key material used for authentication
-if additional authentication in new esp mode is required. For
-old or new ah the key material for authentication is passed with the
+if additional authentication in new esp mode is required.
+For old or new ah the key material for authentication is passed with the
.Nm key
-option. The
+option.
+The
.Nm key
-should be given in hexadecimal digits. The
+should be given in hexadecimal digits.
+The
.Nm key
should be chosen in random (ideally, using some true-random source like
-coin flipping). It is very important that the key is not guessable. One
-practical way of generating keys is by using the
+coin flipping).
+It is very important that the key is not guessable.
+One practical way of generating keys is by using the
.Xr random 4
device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1)
.It iv
-This option has been deprecated. The argument is ignored. When applicable,
-it has the same behaviour as the
+This option has been deprecated.
+The argument is ignored.
+When applicable, it has the same behaviour as the
.Nm halfiv
option.
.It halfiv
-This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes). It
-may only be used with old ESP.
+This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes).
+It may only be used with old ESP.
.It proto
The security protocol needed by
.Nm delspi ,
.It addr
The source address, source network mask, destination address and destination
network mask against which packets need to match to use the specified
-Security Association. All addresses must be of the same address family
+Security Association.
+All addresses must be of the same address family
(IPv4 or IPv6).
.It transport
The protocol number which packets need to match to use the specified
-Security Association. By default the protocol number is not used for
-matching. Instead of a number, a valid protocol name that appears in
+Security Association.
+By default the protocol number is not used for matching.
+Instead of a number, a valid protocol name that appears in
.Xr protocols 5
can be used.
.It sport
.Nm flush ,
only flush SAs of type ip4.
.El
-.Sh EXAMPLE
+.Sh EXAMPLES
Setup a SA which uses new esp with 3des encryption and HMAC-SHA1
authentication:
.Bd -literal
-.\" $OpenBSD: isakmpd.8,v 1.16 2000/02/01 02:46:18 niklas Exp $
+.\" $OpenBSD: isakmpd.8,v 1.17 2000/03/18 22:55:59 aaron Exp $
.\" $EOM: isakmpd.8,v 1.19 2000/01/31 22:33:46 niklas Exp $
.\"
.\" Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
.It Xo Fl D
.Ar debug-class Ns No = Ns Ar level
.Xc
-This argument is possible to specify many times. It takes a parameter of
-the form
+This argument is possible to specify many times.
+It takes a parameter of the form
.Ar class Ns No = Ns Ar level
where both
.Ar class
.Ar level
the level you want that debugging class to
limit debug printouts at (i.e., all debug printouts above the level specified
-will not output anything). If
+will not output anything).
+If
.Ar class
is set to 'A',
then all debugging classes are set to the specified level.
option specifies the
.Tn FIFO
(a.k.a. named pipe) where the daemon listens for
-user requests. If the path given is a dash
+user requests.
+If the path given is a dash
.Pq Sq \&- ,
.Nm
will listen to stdin instead.
-.\" $OpenBSD: isakmpd.conf.5,v 1.30 2000/01/31 08:38:28 niklas Exp $
+.\" $OpenBSD: isakmpd.conf.5,v 1.31 2000/03/18 22:55:59 aaron Exp $
.\" $EOM: isakmpd.conf.5,v 1.38 2000/01/31 08:39:44 niklas Exp $
.\"
.\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
.Pp
The file is of a well known type of format called .INI style, named after
the suffix used by an overrated windowing environment for its configuration
-files. This format consists of sections, each beginning with a line looking
-like:
+files.
+This format consists of sections, each beginning with a line looking like:
.Bd -literal
[Section name]
.Ed
.Ed
If the value needs more space than fits on a single line it's possible to
continue it on the next by ending the first with a backspace character
-immediately before the newline character. This method can extend a value for
-an arbitrary amount of lines.
+immediately before the newline character.
+This method can extend a value for an arbitrary amount of lines.
.Pp
Comments can be put anywhere in the file by using a hash mark
.Pq Sq \&# .
Often the right-hand side values consist of other section names.
This results in a tree structure.
Some values are treated as a list of several scalar values, such lists always
-use comma as the separator. Some values are formatted like this: X,Y:Z, which
+use comma as the separator.
+Some values are formatted like this: X,Y:Z, which
is an offer/accept syntax, where X is a value we offer and Y:Z is a range of
accepted values, inclusive.
.Pp
How many seconds should an exchange maximally take to setup
before we give up.
.It Em Listen-on
-A list of IP-addresses OK to listen on. This list is used as
+A list of IP-addresses OK to listen on.
+This list is used as
a filter for the set of addresses the interfaces configured
-provides. This means that we won't see if an address given
+provides.
+This means that we won't see if an address given
here does not exist on this host, and thus no error is given for
that case.
.It Em Shared-SADB
If this tag is defined, whatever the value is, some semantics of
.Nm
are changed so that multiple instances can run on top of one SADB
-and setup SAs with eachother. Specifically this means replay
+and setup SAs with eachother.
+Specifically this means replay
protection will not be asked for, and errors that can occur when
updating an SA with its parameters a 2nd time will be ignored.
.El
ISAKMP SA negotiation parameter root
.Bl -tag -width 12n
.It Em <IP-address>
-A name of the ISAKMP peer at the given IP-address. This name
-is used as the section name for further information to be
-found. Look at <ISAKMP-peer> below.
+A name of the ISAKMP peer at the given IP-address.
+This name is used as the section name for further information to be found.
+Look at <ISAKMP-peer> below.
.El
.It Em Phase 2
IPsec SA negotiation parameter root
.It Em Connections
A list of directed IPSec "connection" names that should be brought up
automatically, either on first use if the system supports it, or at
-startup of the daemon. These names are section names where further
-information can be found. Look at <IPSec-connection> below.
+startup of the daemon.
+These names are section names where further information can be found.
+Look at <IPSec-connection> below.
Normally any connection mentioned here are treated as part of the
"Passive-connection" list we present below, however there is a
-flag: "Active-only" that disables this behaviour. This too is
-mentioned in the <IPSec-connection> section, in the "Flags" tag.
+flag: "Active-only" that disables this behaviour.
+This too is mentioned in the <IPSec-connection> section, in the "Flags" tag.
.It Em Passive-connections
A list of IPSec "connection" names we recognize and accept initiations for.
-These names are section names where further information can be found. Look
-at <IPSec-connection> below. Currently only the Local-ID and Remote-ID tags
+These names are section names where further information can be found.
+Look at <IPSec-connection> below.
+Currently only the Local-ID and Remote-ID tags
are looked at in those sections, as they are matched against the IDs given
by the initiator.
.El
A directory containing PEM certificates of certification authorities
that we trust to sign other certificates.
.It Em Cert-directory
-A directory containing PEM certificates that we trust to be valid.
+A directory containing PEM certificates that we trust to be valid.
These certificates are used in preference to those passed in messages and
are required to have a SubjectAltName extension.
.It Em Accept-self-signed
.It Em Address
The IP-address of the peer.
.It Em Port
-In case of UDP, the UDP port number to send to. This is optional, the
+In case of UDP, the UDP port number to send to.
+This is optional, the
default value is 500 which is the IANA-registered number for ISAKMP.
.It Em Configuration
-The name of the ISAKMP-configuration section to use. Look at
-<ISAKMP-configuration> below.
+The name of the ISAKMP-configuration section to use.
+Look at <ISAKMP-configuration> below.
.It Em Authentication
-Authentication data for this specific peer. In the case of
-preshared key, this is the key value itself.
+Authentication data for this specific peer.
+In the case of preshared key, this is the key value itself.
.It Em ID
If existent, the name of the section that describes the
local client ID that we should present to our peer. If not present, it
over to the remote daemon. Look at <Phase1-ID> below.
.It Em Flags
A comma-separated list of flags controlling the further
-handling of the ISAKMP SA. Currently there are no specific
-ISAKMP SA flags defined.
+handling of the ISAKMP SA.
+Currently there are no specific ISAKMP SA flags defined.
.It Em Next-hop
A Linux FreeS/WAN specific value which should be the IP address of the
next hop along the path to reach the peer, usually a router.
.It Em <Phase1-ID>
.Bl -tag -width 12n
.It Em ID-type
-The ID type as given by the RFCs. For Phase 1 this is currently
+The ID type as given by the RFCs.
+For Phase 1 this is currently
.Li IPV4_ADDR ,
.Li IPV4_ADDR_SUBNET ,
.Li FQDN ,
.It Em <ISAKMP-configuration>
.Bl -tag -width 12n
.It Em DOI
-The domain of interpretation as given by the RFCs. Normally
+The domain of interpretation as given by the RFCs.
+Normally
.Li IPSEC .
.It Em EXCHANGE_TYPE
-The exchange type as given by the RFCs. For main mode this is
+The exchange type as given by the RFCs.
+For main mode this is
.Li ID_PROT
and for aggressive mode it is
.Li AGGRESSIVE .
.It Em Transforms
A list of proposed transforms to use for protecting the
-ISAKMP traffic. These are actually names for sections
-further describing the transforms. Look at <ISAKMP-transform>
-below.
+ISAKMP traffic.
+These are actually names for sections
+further describing the transforms.
+Look at <ISAKMP-transform> below.
.El
.It Em <ISAKMP-transform>
.Bl -tag -width 12n
encryption algorithm proposed will be accepted.
.It Em KEY_LENGTH
For encryption algorithms with variable key length, this is
-where the offered/accepted keylengths are described. The
-value is of the offer-accept kind described above.
+where the offered/accepted keylengths are described.
+The value is of the offer-accept kind described above.
.It Em HASH_ALGORITHM
The hash algorithm as the RFCs name it, or ANY.
.It Em AUTHENTICATION_METHOD
The authentication method as the RFCs name it, or ANY.
.It Em GROUP_DESCRIPTION
-The group used for Diffie-Hellman exponentiations, or ANY. The
-name are symbolic, like
+The group used for Diffie-Hellman exponentiations, or ANY.
+The name are symbolic, like
.Li MODP_768 , MODP_1024 , EC_155
and
.Li EC_185 .
really are handled by the same code inside isakmpd.
.It Em ISAKMP-peer
The name of the ISAKMP-peer which to talk to in order to
-set up this connection. The value is the name of an
-<ISAKMP-peer> section. See above.
+set up this connection.
+The value is the name of an <ISAKMP-peer> section.
+See above.
.It Em Configuration
-The name of the IPSec-configuration section to use. Look at
-<IPSec-configuration> below.
+The name of the IPSec-configuration section to use.
+Look at <IPSec-configuration> below.
.It Em Local-ID
If existent, the name of the section that describes the
optional local client ID that we should present to our peer.
.It Em Remote-ID
If existent, the name of the section that describes the
optional remote client ID that we should present to our peer.
-It is also used when we act as responders to find out what
+It is also used when we act as responders to find out what
<IPSec-connection> we are dealing with.
Look at <IPSec-ID> below.
.It Em Flags
A comma-separated list of flags controlling the further
-handling of the IPSec SA. Currently only one flag is defined:
+handling of the IPSec SA.
+Currently only one flag is defined:
.Bl -tag -width 12n
.It Em Active-only
If this flag is given and this <IPSec-connection> is part of the phase 2
.It Em <IPSec-configuration>
.Bl -tag -width 12n
.It Em DOI
-The domain of interpretation as given by the RFCs. Normally
+The domain of interpretation as given by the RFCs.
+Normally
.Li IPSEC .
.It Em EXCHANGE_TYPE
-The exchange type as given by the RFCs. For quick mode this is
+The exchange type as given by the RFCs.
+For quick mode this is
.Li QUICK_MODE .
.It Em Suites
A list of protection suites (bundles of protocols) usable for
-protecting the IP traffic. Each of the list elements is a
-name of an <IPSec-suite> section. See below.
+protecting the IP traffic.
+Each of the list elements is a name of an <IPSec-suite> section.
+See below.
.El
.It Em <IPSec-suite>
.Bl -tag -width 12n
.It Em Protocols
A list of the protocols included in this protection suite.
Each of the list elements is a name of an <IPSec-protocol>
-section. See below.
+section.
+See below.
.El
.It Em <IPSec-protocol>
.Bl -tag -width 12n
.It Em PROTOCOL_ID
-The protocol as given by the RFCs. Acceptable values today
-are
+The protocol as given by the RFCs.
+Acceptable values today are
.Li IPSEC_AH
and
.Li IPSEC_ESP .
.It Em Transforms
A list of transforms usable for implementing the protocol.
Each of the list elements is a name of an <IPSec-transform>
-section. See below.
+section.
+See below.
.It Em ReplayWindow
-The size of the window used for replay protection. This is normally
-left alone. Look at the
+The size of the window used for replay protection.
+This is normally left alone.
+Look at the
.Nm ESP
and
.Nm AH
.It Em TRANSFORM_ID
The transform ID as given by the RFCs.
.It Em ENCAPSULATION_MODE
-The encapsulation mode as given by the RFCs. This means
-TRANSPORT or TUNNEL.
+The encapsulation mode as given by the RFCs.
+This means TRANSPORT or TUNNEL.
.It Em AUTHENTICATION_ALGORITHM
The optional authentication algorithm in the case of this
being an ESP transform.
.It Em GROUP_DESCRIPTION
An optional (provides PFS if present) Diffie-Hellman group
-description. The values are the same as GROUP_DESCRIPTION's
+description.
+The values are the same as GROUP_DESCRIPTION's
in <ISAKMP-transform> sections shown above.
.It Em Life
List of lifetimes, each element is a <Lifetime> section name.
.It Em <IPSec-ID>
.Bl -tag -width 12n
.It Em ID-type
-The ID type as given by the RFCs. For IPSec this is currently
+The ID type as given by the RFCs.
+For IPSec this is currently
.Li IPV4_ADDR
or
.Li IPV4_ADDR_SUBNET .
-.\" $OpenBSD: mkfifo.1,v 1.4 1999/06/05 01:29:38 aaron Exp $
+.\" $OpenBSD: mkfifo.1,v 1.5 2000/03/18 22:55:59 aaron Exp $
.\" $NetBSD: mkfifo.1,v 1.4 1994/12/23 07:16:54 jtc Exp $
.\"
.\" Copyright (c) 1990, 1993
.Sh SYNOPSIS
.Nm mkfifo
.Op Fl m Ar mode
-.Ar fifo_name ...
+.Ar fifo_name ...
.Sh DESCRIPTION
.Nm mkfifo
creates the FIFOs requested, in the order specified,
-.\" $OpenBSD: mknod.8,v 1.8 1999/07/21 12:32:18 aaron Exp $
+.\" $OpenBSD: mknod.8,v 1.9 2000/03/18 22:55:59 aaron Exp $
.\" $NetBSD: mknod.8,v 1.9 1995/08/10 23:47:32 jtc Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
To make nodes manually, the arguments are:
.Bl -tag -width majorx
.It Ar name
-Device or FIFO name. For example
+Device or FIFO name.
+For example
.Dq sd
for a SCSI disk or a
.Dq pty
-for pseudo-devices. FIFOs may be named arbitrarily by the user.
+for pseudo-devices.
+FIFOs may be named arbitrarily by the user.
.It Cm b | Cm c | Cm p
-Type of device or FIFO. If the
-device is a block type device such as a tape or disk drive which needs
+Type of device or FIFO.
+If the device is a block type device such as a tape or disk drive which needs
both cooked and raw special files,
the type is
.Cm b .
.Cm p .
.It Ar major
The major device number is an integer number which tells the kernel
-which device driver entry point to use. To learn what
-major device number to use for a particular device, check the file
+which device driver entry point to use.
+To learn what major device number to use for a particular device,
+check the file
.Pa /dev/MAKEDEV
to see if the device is known.
.It Ar minor
-.\" $OpenBSD: modload.8,v 1.14 2000/03/05 00:28:56 aaron Exp $
+.\" $OpenBSD: modload.8,v 1.15 2000/03/18 22:55:59 aaron Exp $
.\" $NetBSD: modload.8,v 1.5 1995/03/18 14:56:43 cgd Exp $
.\"
.\" Copyright (c) 1993 Christopher G. Demetriou
The options are as follows:
.Bl -tag -width indent
.It Fl d
-Debug. Used to debug
+Debug.
+Used to debug
.Nm
itself.
.It Fl q
.It Fl u
Delete the loaded module
.Pq Ar output_file
-after loading. If the output file was not specified, this option causes the
+after loading.
+If the output file was not specified, this option causes the
temporary file to be kept rather than deleted.
.It Fl v
Print comments about the loading process.
.Dq xxxinit .
.It Fl p Ar postinstall
Specify the name of a shell script or program that will
-be executed if the module is successfully loaded. It
-is always passed the module ID (in decimal) and module
+be executed if the module is successfully loaded.
+It is always passed the module ID (in decimal) and module
type (in hexadecimal) as the first two arguments.
For loadable drivers, the third argument is
the block or character major device number.
call number.
.It Fl o Ar output_file
Specify the name of the output file that is produced by
-the linker. If this option is not specified, a file in the
+the linker.
+If this option is not specified, a file in the
.Pa /tmp
directory
is used with the name generated from the module name with a
-.\" $OpenBSD: mount.8,v 1.19 2000/03/05 00:28:50 aaron Exp $
+.\" $OpenBSD: mount.8,v 1.20 2000/03/18 22:56:00 aaron Exp $
.\" $NetBSD: mount.8,v 1.11 1995/07/12 06:23:21 cgd Exp $
.\"
.\" Copyright (c) 1980, 1989, 1991, 1993
This is a
.Em dangerous
flag to set since it does not guarantee to keep a consistent
-file system structure on the disk. You should not use this flag
+file system structure on the disk.
+You should not use this flag
unless you are prepared to recreate the file system should your
-system crash. The most common use of this flag is to speed up
+system crash.
+The most common use of this flag is to speed up
.Xr restore 8
where it can give a factor of two speed increase.
.It force
The options specific to the various file system types are
described in the manual pages for those file systems'
.Nm mount_XXX
-commands. For instance, the options specific to Berkeley
+commands.
+For instance, the options specific to Berkeley
Fast File Systems are described in the
.Xr mount_ffs 8
manual page.
-.\" $OpenBSD: mount_ffs.8,v 1.7 1999/07/21 01:07:54 deraadt Exp $
+.\" $OpenBSD: mount_ffs.8,v 1.8 2000/03/18 22:56:00 aaron Exp $
.\" $NetBSD: mount_ffs.8,v 1.2 1996/02/05 06:33:47 jtc Exp $
.\"
.\" Copyright (c) 1980, 1989, 1991, 1993
The
.Nm mount_ufs
form of the command is meant for backward
-compatibility only. Fast File Systems should no longer
-be listed as type
+compatibility only.
+Fast File Systems should no longer be listed as type
.Dq ufs
in
.Xr fstab 5
-.\" $OpenBSD: mount_kernfs.8,v 1.11 1999/07/21 01:07:54 deraadt Exp $
+.\" $OpenBSD: mount_kernfs.8,v 1.12 2000/03/18 22:56:00 aaron Exp $
.\" $NetBSD: mount_kernfs.8,v 1.6 1995/03/18 14:57:24 cgd Exp $
.\"
.\" Copyright (c) 1992, 1993, 1994
The hostname can be changed by writing to this file.
A trailing newline will be stripped from the hostname being written.
.It Pa domainname
-The domainname, with a trailing newline. Behaves like a hostname.
+The domainname, with a trailing newline.
+Behaves like a hostname.
.It Pa hz
Frequency of the system clock (decimal ASCII).
.It Pa ipsec
-.\" $OpenBSD: mount_msdos.8,v 1.10 1999/05/12 13:26:49 aaron Exp $
+.\" $OpenBSD: mount_msdos.8,v 1.11 2000/03/18 22:56:00 aaron Exp $
.\" $NetBSD: mount_msdos.8,v 1.10 1996/01/19 21:14:43 leo Exp $
.\"
.\" Copyright (c) 1993,1994 Christopher G. Demetriou
be mounted for any existing Windows 95/98 long filenames.
If no such entries are found,
.Fl s
-is the default. Otherwise
+is the default.
+Otherwise
.Fl l
is assumed.
.It Fl 9
Ignore the special Windows 95/98 directory entries even
-if deleting or renaming a file. This forces
+if deleting or renaming a file.
+This forces
.Fl s .
.It Fl G
This option causes the filesystem to be interpreted as an Atari-Gemdos
-filesystem. The differences to the msdos filesystem are minimal and
-limited to the boot block. This option enforces
+filesystem.
+The differences to the msdos filesystem are minimal and
+limited to the boot block.
+This option enforces
.Fl s .
.El
.Sh SEE ALSO
and
.Fl l
will result in empty filesystems to be populated
-with short filenames only. To generate long filenames
-on empty DOS filesystems use
+with short filenames only.
+To generate long filenames on empty DOS file systems use
.Fl l .
.Pp
Note that Windows 95/98 handles only access dates,
-.\" $OpenBSD: mount_nfs.8,v 1.16 2000/03/14 21:31:34 aaron Exp $
+.\" $OpenBSD: mount_nfs.8,v 1.17 2000/03/18 22:56:00 aaron Exp $
.\" $NetBSD: mount_nfs.8,v 1.3 1996/02/18 11:59:10 fvdl Exp $
.\"
.\" Copyright (c) 1992, 1993, 1994, 1995
.It Fl 2
Use the NFS Version 2 protocol.
.It Fl 3
-Use the NFS Version 3 protocol. The default is to try version 3 first, and
+Use the NFS Version 3 protocol.
+The default is to try version 3 first, and
fall back to version 2 if the mount fails.
.It Fl D Ar deadthresh
Used with NQNFS to set the
This option is not generally recommended and is really an experimental
feature.
.It Fl I Ar readdirsize
-Set the readdir read size to the specified value. The value should normally
+Set the readdir read size to the specified value.
+The value should normally
be a multiple of DIRBLKSIZ that is <= the read size for the mount.
.It Fl K
Pass Kerberos authenticators to the server for client-to-server
Values are normally in the 10-30 second range.
.It Fl P
The kernel always uses a reserved port number to communicate with
-clients. This option is ignored, and exists solely for compatibility
+clients.
+This option is ignored, and exists solely for compatibility
with older systems.
.It Fl R Ar retrycnt
Set the retry count for doing the mount to the specified value.
For UDP mount points, do not do a
.Xr connect 2 .
This must be used for servers that do not reply to requests from the
-standard NFS port number 2049. It may also be required for servers
+standard NFS port number 2049.
+It may also be required for servers
with more than one IP address (only necessary if replies come from
an address other than the one specified in the mount request).
.It Fl d
This option reduces RPC traffic for cases such as
.Dq "ls -l" ,
but tends to flood the attribute and name caches with prefetched entries.
-Try this option and see whether performance improves or degrades. Probably
+Try this option and see whether performance improves or degrades.
+Probably
most useful for client to server network interconnects with a large bandwidth
times delay product.
.It Fl m Ar realm
-.\" $OpenBSD: mount_null.8,v 1.13 1999/09/23 04:12:02 alex Exp $
+.\" $OpenBSD: mount_null.8,v 1.14 2000/03/18 22:56:00 aaron Exp $
.\" $NetBSD: mount_null.8,v 1.4 1996/04/10 20:57:19 thorpej Exp $
.\"
.\" Copyright (c) 1992, 1993, 1994
.Nm
takes two arguments: the pathname
of the lower vfs (target-pn) and the pathname where the null
-layer will appear in the namespace (mount-point-pn). After
-the null layer is put into place, the contents
+layer will appear in the namespace (mount-point-pn).
+After the null layer is put into place, the contents
of target-pn subtree will be aliased under mount-point-pn.
.\"
.\"
.Sh OPERATION OF A NULL LAYER
The null layer is the minimum file system layer,
simply bypassing all possible operations to the lower layer
-for processing there. The majority of its activity centers
+for processing there.
+The majority of its activity centers
on the bypass routine, through which nearly all vnode operations
pass.
.Pp
The bypass routine accepts arbitrary vnode operations for
-handling by the lower layer. It begins by examining vnode
+handling by the lower layer.
+It begins by examining vnode
operation arguments and replacing any null-nodes by their
-lower-layer equivalents. It then invokes the operation
-on the lower layer. Finally, it replaces the null-nodes
+lower-layer equivalents.
+It then invokes the operation on the lower layer.
+Finally, it replaces the null-nodes
in the arguments and, if a vnode is returned by the operation,
stacks a null-node on top of the returned vnode.
.Pp
.\"
.Sh INSTANTIATING VNODE STACKS
Mounting associates the null layer with a lower layer,
-in effect stacking two VFSes. Vnode stacks are instead
-created on demand as files are accessed.
+in effect stacking two VFSes.
+Vnode stacks are instead created on demand as files are accessed.
.Pp
The initial mount creates a single vnode stack for the
-root of the new null layer. All other vnode stacks
-are created as a result of vnode operations on
+root of the new null layer.
+All other vnode stacks are created as a result of vnode operations on
this or other null vnode stacks.
.Pp
New vnode stacks come into existence as a result of
A
.Em vop_lookup
would be
-done on the root null-node. This operation would bypass through
+done on the root null-node.
+This operation would bypass through
to the lower layer which would return a vnode representing
the UFS
.Pa sys .
.\"
.Sh INVOKING OPERATIONS ON LOWER LAYERS
There are two techniques to invoke operations on a lower layer
-when the operation cannot be completely bypassed. Each method
-is appropriate in different situations. In both cases,
-it is the responsibility of the aliasing layer to make
+when the operation cannot be completely bypassed.
+Each method is appropriate in different situations.
+In both cases, it is the responsibility of the aliasing layer to make
the operation arguments "correct" for the lower layer
by mapping an vnode arguments to the lower layer.
.Pp
The first approach is to call the aliasing layer's bypass routine.
This method is most suitable when you wish to invoke the operation
-currently being handled on the lower layer. It has the advantage
-the bypass routine already must do argument mapping.
+currently being handled on the lower layer.
+It has the advantage the bypass routine already must do argument mapping.
An example of this is
.Em null_getattrs
in the null layer.
.Em VOP_OPERATIONNAME
interface.
The advantage of this method is that it is easy to invoke
-arbitrary operations on the lower layer. The disadvantage
-is that vnodes arguments must be manually mapped.
+arbitrary operations on the lower layer.
+The disadvantage is that vnodes arguments must be manually mapped.
.\"
.\"
.Sh SEE ALSO
-.\" $OpenBSD: mount_portal.8,v 1.10 1999/07/21 01:07:55 deraadt Exp $
+.\" $OpenBSD: mount_portal.8,v 1.11 2000/03/18 22:56:01 aaron Exp $
.\" $NetBSD: mount_portal.8,v 1.6 1995/08/18 15:01:19 pk Exp $
.\"
.\" Copyright (c) 1993, 1994
whitespace separated fields.
A hash
.Pq Sq #
-character causes the remainder of a line to
-be ignored. Blank lines are ignored.
+character causes the remainder of a line to be ignored.
+Blank lines are ignored.
.Pp
The first field is a pathname prefix to match
against the requested pathname.
-.\" $OpenBSD: mount_umap.8,v 1.13 2000/03/04 22:19:30 aaron Exp $
+.\" $OpenBSD: mount_umap.8,v 1.14 2000/03/18 22:56:01 aaron Exp $
.\" $NetBSD: mount_umap.8,v 1.4 1996/03/05 02:36:42 thorpej Exp $
.\"
.\" Copyright (c) 1992, 1993, 1994
.Nm
command uses a set of files provided by the user to make correspondences
between UIDs and GIDs in the subtree's original environment and
-some other set of IDs in the local environment. For instance, user
+some other set of IDs in the local environment.
+For instance, user
smith might have UID 1000 in the original environment, while having
-UID 2000 in the local environment. The
+UID 2000 in the local environment.
+The
.Nm
command allows the subtree from smith's original environment to be
mapped in such a way that all files with owner UID 1000 look like
describe the mappings to be made between identifiers.
Briefly, the format of these files is a count of the number of
mappings on the first line, with each subsequent line containing
-a single mapping. Each of these mappings consists of an ID from
+a single mapping.
+Each of these mappings consists of an ID from
the original environment and the corresponding ID in the local environment,
separated by whitespace.
.Em uid-mapfile
and any GIDs not mapped in
.Em gid-mapfile
will be treated as group
-NULLGROUP. At most 64 UIDs can be mapped for a given subtree, and
+NULLGROUP.
+At most 64 UIDs can be mapped for a given subtree, and
at most 16 groups can be mapped by a given subtree.
.Pp
The mapfiles can be located anywhere in the file hierarchy, but they
must be owned by root, and they must be writable only by root.
.Nm
will refuse to map the subtree if the ownership or permissions on
-these files are improper. It will also balk if the count of mappings
+these files are improper.
+It will also balk if the count of mappings
in the first line of the map files is not correct.
.Pp
The layer created by the
.Nm
command is meant to serve as a simple example of file system layering.
-It is not meant for production use. The implementation is not very
-sophisticated.
+It is not meant for production use.
+The implementation is not very sophisticated.
.Sh SEE ALSO
.Xr mount 8 ,
.Xr mount_null 8
-.\" $OpenBSD: mount_xfs.8,v 1.13 1999/07/21 01:07:56 deraadt Exp $
+.\" $OpenBSD: mount_xfs.8,v 1.14 2000/03/18 22:56:01 aaron Exp $
.\" $NetBSD: mount_null.8,v 1.4 1996/04/10 20:57:19 thorpej Exp $
.\"
.\" Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
.Sh DESCRIPTION
The
.Nm
-command mounts one of the xfs character devices. The character device is used
+command mounts one of the xfs character devices.
+The character device is used
for communication with a user-land cachemanager and fileprovider.
.Pp
The options are as follows:
.El
.Pp
The xfs filesystem was written primarily to make a free, AFS-compatible
-filesystem (Arla). But since the xfs interface is simple and generic
+filesystem (Arla).
+But since the xfs interface is simple and generic
it could be used for other filesystems as well.
.\"
.Sh SEE ALSO
-.\" $OpenBSD: ncheck_ffs.8,v 1.10 2000/03/05 00:28:56 aaron Exp $
+.\" $OpenBSD: ncheck_ffs.8,v 1.11 2000/03/18 22:56:02 aaron Exp $
.\"
.\" Copyright (c) 1995, 1996 SigmaSoft, Th. Lockert <tholo@sigmasoft.com>
.\" All rights reserved.
.Sh DESCRIPTION
.Nm
generates a list of filenames and inode numbers for the given
-file system. Names of directories are followed by a
+file system.
+Names of directories are followed by a
.Dq \&. .
.Pp
The options are as follows:
-.\" $OpenBSD: newfs.8,v 1.19 1999/12/03 19:24:18 art Exp $
+.\" $OpenBSD: newfs.8,v 1.20 2000/03/18 22:56:01 aaron Exp $
.\" $NetBSD: newfs.8,v 1.12 1995/03/18 14:58:41 cgd Exp $
.\"
.\" Copyright (c) 1983, 1987, 1991, 1993, 1994
The special file is typically that of the primary swap area,
since that is where the file system will be backed up when
free memory gets low and the memory supporting
-the file system has to be paged. If the keyword
+the file system has to be paged.
+If the keyword
.Dq swap
is used instead of a special file name, default configuration parameters
-will be used. (This option is useful when trying to use
+will be used.
+(This option is useful when trying to use
.Nm mount_mfs
on a machine without any disks.)
.Pp
.It Fl U
Enables soft updates on the new filesystem.
.It Fl q
-Operate in quiet mode. With this option,
+Operate in quiet mode.
+With this option,
.Nm
will not print extraneous information like superblock backups.
.It Fl a Ar maxcontig
.Xr tunefs 8
for more details on how to set this option.
.It Fl n Ar number of rotational positions
-The number of distinct rotational positions. The default is 1.
+The number of distinct rotational positions.
+The default is 1.
.It Fl o Ar optimization\ preference
.Ar space
or
+.\" $OpenBSD: newfs_msdos.8,v 1.15 2000/03/18 22:56:02 aaron Exp $
+.\"
.\" Copyright (c) 1998 Robert Nordier
.\" All rights reserved.
.\"
.It Fl I Ar volid
Volume ID.
.It Fl L Ar label
-Volume label (up to 11 characters). The label should consist of
+Volume label (up to 11 characters).
+The label should consist of
only those characters permitted in regular DOS (8+3) filenames.
.It Fl O Ar OEM
-OEM string (up to 8 characters). The default is
+OEM string (up to 8 characters).
+The default is
"BSD 4.4".
.It Fl S Ar sector-size
-Number of bytes per sector. Acceptable values are powers of 2
-in the range 128 through 32768.
+Number of bytes per sector.
+Acceptable values are powers of 2 in the range 128 through 32768.
.It Fl a Ar FAT-size
Number of sectors per FAT.
.It Fl b Ar block-size
-File system block size (bytes per cluster). This should resolve to an
-acceptable number of sectors per cluster (see below).
+File system block size (bytes per cluster).
+This should resolve to an acceptable number of sectors per cluster (see below).
.It Fl c Ar cluster-size
-Sectors per cluster. Acceptable values are powers of 2 in the range
-1 through 128.
+Sectors per cluster.
+Acceptable values are powers of 2 in the range 1 through 128.
.It Fl e Ar dirents
Number of root directory entries (FAT12 and FAT16 only).
.It Fl f Ar format
-Specify a standard (floppy disk) format. The eight standard formats
+Specify a standard (floppy disk) format.
+The eight standard formats
are (capacities in kilobytes): 160, 180, 320, 360, 720, 1200, 1440,
2880.
.It Fl h Ar heads
Location of the file system info sector (FAT32 only).
A value of 0xffff signifies no info sector.
.It Fl k Ar backup
-Location of the backup boot sector (FAT32 only). A value
-of 0xffff signifies no backup sector.
+Location of the backup boot sector (FAT32 only).
+A value of 0xffff signifies no backup sector.
.It Fl m Ar media
Media descriptor (acceptable range 0xf0 to 0xff).
.It Fl n Ar FATs
-Number of FATs. Acceptable values are 1 to 16 inclusive. The default
-is 2.
+Number of FATs.
+Acceptable values are 1 to 16 inclusive.
+The default is 2.
.It Fl o Ar hidden
Number of hidden sectors.
.It Fl r Ar reserved
.Sh NOTES
FAT file system parameters occupy a "Boot Sector BPB (BIOS Parameter
Block)" in the first of the "reserved" sectors which precede the actual
-file system. For reference purposes, this structure is presented
-below.
+file system.
+For reference purposes, this structure is presented below.
.Bd -literal
struct bsbpb {
u_int16_t bps; /* [-S] bytes per sector */
-.\" $OpenBSD: newlfs.8,v 1.8 1999/06/04 02:45:19 aaron Exp $
+.\" $OpenBSD: newlfs.8,v 1.9 2000/03/18 22:56:02 aaron Exp $
.\" $NetBSD: newlfs.8,v 1.2 1995/03/18 14:58:54 cgd Exp $
.\"
.\" Copyright (c) 1993
This flag is currently required.
.It Fl m Ar freespace\&%
The percentage of space reserved from normal users; the minimum
-free space threshold. The default value used is 10%.
+free space threshold.
+The default value used is 10%.
See
.Xr tunefs 8
for more details on how to set this option.
-.\" $OpenBSD: nfsiod.8,v 1.9 1999/07/21 01:07:56 deraadt Exp $
+.\" $OpenBSD: nfsiod.8,v 1.10 2000/03/18 22:56:02 aaron Exp $
.\" $NetBSD: nfsiod.8,v 1.6 1995/03/18 14:59:04 cgd Exp $
.\"
.\" Copyright (c) 1989, 1991, 1993
.El
.Pp
A client should run enough daemons to handle its maximum
-level of concurrency, typically four to six. The system maximum is twenty.
+level of concurrency, typically four to six.
+The system maximum is twenty.
.Pp
The
.Nm
-.\" $OpenBSD: photurisd.8,v 1.6 1999/09/23 04:12:02 alex Exp $
+.\" $OpenBSD: photurisd.8,v 1.7 2000/03/18 22:56:02 aaron Exp $
+.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
.Fl i
option can be used to ignore the
.Pa photuris.startup
-file. Otherwise the exchanges in that file will be initiated
-on startup.
+file.
+Otherwise the exchanges in that file will be initiated on startup.
.It Fl d Ar directory
The
.Fl d
.Ar directory
in which
.Nm
-looks for its startup files. The default is
+looks for its startup files.
+The default is
.Pa /etc/photuris/ .
.It Fl p Ar port
The
The file
.Pa photuris.conf
contains the moduli for the DH exchange and the actual exchange
-schemes used to establish a shared secret. The following keywords are
-understood:
+schemes used to establish a shared secret.
+The following keywords are understood:
.Bl -tag -width exchange -offset indent
.It Ic modulus
-This keyword is followed by the numeric generator and modulus. Those two
-values describe the group in which exchange values for the
+This keyword is followed by the numeric generator and modulus.
+Those two values describe the group in which exchange values for the
.Dq Diffie-Hellmann
-key exchange are generated. The modulus needs to be a
+key exchange are generated.
+The modulus needs to be a
.Dq safe prime .
.It Ic exchange
-This keyword is used to specify the supported exchange schemes. The scheme is
+This keyword is used to specify the supported exchange schemes.
+The scheme is
followed by either zero or the number of bits of the modulus to be used
with this scheme.
If zero is specified the given scheme acts as modifier to the base
-scheme. The base scheme is
+scheme.
+The base scheme is
.Dq DH_G_2_MD5
-(generator of two and MD5 identification). Extended schemes are
+(generator of two and MD5 identification).
+Extended schemes are
.Dq DH_G_2_DES_MD5
and
.Dq DH_G_2_3DES_SHA1 .
An exchange can only be configured if an apropriate modulus has be given
before.
.It Ic config
-This is used to configure the LifeTimes of SPIs and exchanges. The configurable
-values are:
+This is used to configure the LifeTimes of SPIs and exchanges.
+The configurable values are:
.Ic exchange_max_retries ,
.Ic exchange_retransmit_timeout ,
.Ic exchange_timeout ,
The file
.Pa attributes.conf
contains the attributes, i.e., different choices of encryption
-and authentication, offered to the other peer. If a line starts with an ip
+and authentication, offered to the other peer.
+If a line starts with an ip
address and a space separated netmask the following attributes are only
-offered to hosts lying in that net range. Only one attribute per line
-is allowed. An attribute can either be an already defined tag or
-a new definition of an attribute. In that case the line is followed by a
-comma separated list:
+offered to hosts lying in that net range.
+Only one attribute per line is allowed.
+An attribute can either be an already defined tag or
+a new definition of an attribute.
+In that case the line is followed by a comma-separated list:
.Ar attribute name ,
.Ar Photuris ID ,
.Ar type of attribute
and
.Ar key length .
-The name is only used as reference. A list of possible Photuris IDs can
-be found in
+The name is only used as reference.
+A list of possible Photuris IDs can be found in
.Pa /usr/share/ipsec/attributes.conf .
The attribute type is one of the following:
.Dq enc ,
.Bl -tag -width identity_pair_local -offset indent
.It Ic identity local
Defines the identity the local daemon will assume and the according
-password. Both name and secret are braced by quotation marks and follow
-the
+password.
+Both name and secret are braced by quotation marks and follow the
.Ic identity local
directive.
.It Ic identity remote
Defines the parties the daemon can communicate with and their secrets.
Both name and secret are braced by quotation marks and follow the
.Ic identity remote
-directive. The name and secret are the same as the identity local
-on the remote site.
+directive.
+The name and secret are the same as the identity local on the remote site.
.It Ic identity pair local
If the identity of the remote site is already known,
.Ic identity pair local
enables the daemon to assume an identity and secret based on
-the remote identity. The directive is followed by the
+the remote identity.
+The directive is followed by the
remote identity, a new local identity and an according secret.
In that way the secrets are not shared with all other parties.
.El
.Ic user
are understood in the
.Pa photuris.startup
-file. The values are as follows:
+file.
+The values are as follows:
.Bl -tag -width exchange_lifetime -offset indent
.It Ic dst
The destination IP address with which the exchange is to be established.
.Nm
daemon.
.It Ic options
-The options to be used in the exchange. Possible values are
+The options to be used in the exchange.
+Possible values are
.Dq enc
and
.Dq auth .
.Ic tsrc
and
.Ic tdst
-(see below) are specified, a tunnel (IP over IP) is setup. The
+(see below) are specified, a tunnel (IP over IP) is setup.
+The
.Ic tsrc
option is a network address with netmask used for matching the source
-IP address of a packet. When both the source and the destination
+IP address of a packet.
+When both the source and the destination
addresses match their respective options the packet will be routed into the
tunnel.
.It Ic tdst
.Ic tsrc
(see above) and
.Ic tdst
-are specified, a tunnel (IP over IP) is setup. The
+are specified, a tunnel (IP over IP) is setup.
+The
.Ic tdst
option is a network address with netmask used for matching the destination
-IP address of a packet. When both the source and the destination
+IP address of a packet.
+When both the source and the destination
addresses match their respective options the packet will be routed into the
tunnel.
.It Ic exchange_lifetime
-Determines the lifetime of the exchange. After an exchange expires
+Determines the lifetime of the exchange.
+After an exchange expires
no new SPIs are created, which means the transport or tunnel is torn down
as soon as the current SPI times out (see
.Ic spi_lifetime
-below). The default value is gotten from the
+below).
+The default value is gotten from the
.Ic exchange_lifetime
parameter given in
.Pa photuris.conf .
.It Ic spi_lifetime
Determines the lifetime of each created SPI in the exchange.
.It Ic user
-The user name for whom the keying shall be done. Preconfigured
-secrets are taken from the users secret file.
+The user name for whom the keying shall be done.
+Preconfigured secrets are taken from the users secret file.
.El
.Pp
Exchanges are separated by newlines.
-.\" $OpenBSD: ping.8,v 1.19 1999/07/18 16:21:55 hugh Exp $
+.\" $OpenBSD: ping.8,v 1.20 2000/03/18 22:56:02 aaron Exp $
.\" $NetBSD: ping.8,v 1.10 1995/12/31 04:55:35 ghudson Exp $
.\"
.\" Copyright (c) 1985, 1991, 1993
This can be very hard on a network and should be used with caution.
.Ef
.It Fl I Ar ifaddr
-Specify the interface to transmit from on machines with multiple
-interfaces. For unicast and multicast pings.
+Specify the interface to transmit from on machines with multiple interfaces.
+For unicast and multicast pings.
.It Fl i Ar wait
Wait
.Ar wait
is specified,
.Nm
sends that many packets as fast as possible before falling into its normal
-mode of behavior. Only root may set a preload value.
+mode of behavior.
+Only root may set a preload value.
.It Fl n
Numeric output only.
No attempt will be made to lookup symbolic names for host addresses.
If more routes come back than should, such as due to an illegal spoofed
packet,
.Nm
-will print the route list and then truncate it at the correct
-spot. Many hosts ignore or discard this option.
+will print the route list and then truncate it at the correct spot.
+Many hosts ignore or discard this option.
.It Fl r
Bypass the normal routing tables and send directly to a host on an attached
network.
data bytes when combined
with the 8 bytes of
.Tn ICMP
-header data. If the
+header data.
+If the
.Fl D
or
.Fl T
that are received are listed.
.It Fl w Ar maxwait
Specifies the number of seconds to wait for a response to a packet
-before transmitting the next one. The default is 10.
+before transmitting the next one.
+The default is 10.
.El
.Pp
In addition, the following option may be used for multicast pings:
If duplicate packets are received, they are not included in the packet
loss calculation, although the round trip time of these packets is used
in calculating the minimum/average/maximum round trip time numbers and
-the standard deviation. When the specified number of packets have been
+the standard deviation.
+When the specified number of packets have been
sent (and received), or if the program is terminated with a
.Dv SIGINT ,
a brief summary is displayed.
-.\" $OpenBSD: ping6.8,v 1.5 2000/02/28 14:06:39 itojun Exp $
+.\" $OpenBSD: ping6.8,v 1.6 2000/03/18 22:56:03 aaron Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
must be a string constructed of the following charaters.
.Bl -tag -width Ds -compact
.It Ic a
-requests all the responder's unicast addresses. If the charater is ommited,
+requests all the responder's unicast addresses.
+If the charater is ommited,
only those addresses which belong to the interface which has the
responder's address are requests.
.It Ic c
.It Ic l
requests responder's link-local addresses.
.It Ic A
-requests responder's anycast addresses. Without this character, the responder
-will return unicast addresses only. With this character, the responder
-will return anycast addresses only.
+requests responder's anycast addresses.
+Without this character, the responder
+will return unicast addresses only.
+With this character, the responder will return anycast addresses only.
Note that the specification does not specify how to get responder's
-anycast addresses. This is an experimental option.
+anycast addresses.
+This is an experimental option.
.El
.It Fl b Ar bufsiz
Set socket buffer size.
.Fl I
option as well, the address must be assinged to the specified interface.
.It Fl s Ar packetsize
-Specifies the number of data bytes to be sent.
+Specifies the number of data bytes to be sent.
The default is 56, which translates into 64
.Tn ICMP
data bytes when combined
-.\" $OpenBSD: quotacheck.8,v 1.8 1999/06/04 02:45:22 aaron Exp $
+.\" $OpenBSD: quotacheck.8,v 1.9 2000/03/18 22:56:03 aaron Exp $
.\" $NetBSD: quotacheck.8,v 1.4 1995/03/18 14:59:20 cgd Exp $
.\"
.\" Copyright (c) 1983, 1990, 1991, 1993
.Pa /etc/fstab
are checked.
.It Fl d
-Enable debugging mode. No actual data will be written on disk(s).
+Enable debugging mode.
+No actual data will be written on disk(s).
.It Fl g
Only group quotas listed in
.Pa /etc/fstab
-.\" $OpenBSD: raidctl.8,v 1.11 2000/03/14 21:31:42 aaron Exp $
+.\" $OpenBSD: raidctl.8,v 1.12 2000/03/18 22:56:03 aaron Exp $
.\" $NetBSD: raidctl.8,v 1.11 2000/01/05 03:02:41 oster Exp $
.\"
.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
the RAIDframe disk device.
.Nm
is primarily used to dynamically configure and unconfigure RAIDframe disk
-devices. For more information about the RAIDframe disk device, see
+devices.
+For more information about the RAIDframe disk device, see
.Xr raid 4 .
.Pp
This document assumes the reader has at least rudimentary knowledge of
.Ar dev .
.It Fl B Ar dev
Initiate a copyback of reconstructed data from a spare disk to
-it's original disk. This is performed after a component has failed,
+it's original disk.
+This is performed after a component has failed,
and the failed drive has been reconstructed onto a spare drive.
.It Fl c Ar config_file Ar dev
Configure the RAIDframe device
.It Fl C Ar config_file Ar dev
As for
.Ar -c ,
-but forces the configuration to take place. This is required the
-first time a RAID set is configured.
+but forces the configuration to take place.
+This is required the first time a RAID set is configured.
.It Fl f Ar component Ar dev
This marks the specified
.Ar component
Fails the specified
.Ar component
of the device, and immediately begin a reconstruction of the failed
-disk onto an available hot spare. This is one of the mechanisms used to start
+disk onto an available hot spare.
+This is one of the mechanisms used to start
the reconstruction process if a component does have a hardware failure.
.It Fl g Ar component Ar dev
Get the component label for the specified component.
.It Fl i Ar dev
-Initialize (re-write) the parity on the device. This
+Initialize (re-write) the parity on the device.
+This
.Em must
be done before the RAID device is labeled and before
filesystems are created on the RAID device, and is normally used after
.Xr fsck 8
) to ensure the integrity of the parity.
.It Fl I Ar serial_number Ar dev
-Initialize the component labels on each component of the device.
+Initialize the component labels on each component of the device.
.Ar serial_number
is used as one of the keys in determining whether a
-particular set of components belong to the same RAID set. While not
-strictly enforced, different serial numbers should be used for
+particular set of components belong to the same RAID set.
+While not strictly enforced, different serial numbers should be used for
different RAID sets.
.It Fl p Ar dev
-Check the status of the parity on the RAID set. Displays a status
-message, and returns successfully if the parity is up-to-date.
+Check the status of the parity on the RAID set.
+Displays a status message; returns successfully if the parity is up-to-date.
.It Fl P Ar dev
Check the status of the parity on the RAID set, and initialize
(re-write) the parity if the parity is not known to be up-to-date.
Display the status of the RAIDframe device for each of the components
and spares.
.It Fl S Ar dev
-Check the status of component reconstruction. The output indicates
+Check the status of component reconstruction.
+The output indicates
the amount of progress achieved in reconstructing a failed component.
.It Fl u Ar dev
Unconfigure the RAIDframe device.
.It Fl v
-Be more verbose. For operations such as reconstructions, parity
+Be more verbose.
+For operations such as reconstructions, parity
re-writing, and copybacks, provide a progress indicator.
.El
.Pp
.Pa /dev/rraid0d ) .
.Pp
The format of the configuration file is complex, and
-only an abbreviated treatment is given here. In the configuration
-files, a
-.Sq #
+only an abbreviated treatment is given here.
+In the configuration files, a
+.Ql #
indicates the beginning of a comment.
.Pp
There are 4 required sections of a configuration file, and 2
-optional components. Each section begins with a
+optional components.
+Each section begins with a
.Dq START ,
followed by
the section name, and the confuration parameters associated with that
-section. The first section is the
+section.
+The first section is the
.Dq array
section, and it specifies
-the number of rows, columns, and spare disks in the RAID array. For
-example:
+the number of rows, columns, and spare disks in the RAID array.
+For example:
.Bd -unfilled -offset indent
START array
1 3 0
.Ed
.Pp
-indicates an array with 1 row, 3 columns, and 0 spare disks. Note
-that although multi-dimensional arrays may be specified, they are
+indicates an array with 1 row, 3 columns, and 0 spare disks.
+Note that although multi-dimensional arrays may be specified, they are
.Em not
supported in the driver.
.Pp
The second section, the
.Dq disks
section, specifies the actual
-components of the device. For example:
+components of the device.
+For example:
.Bd -unfilled -offset indent
START disks
/dev/sd0e
/dev/sd2e
.Ed
.Pp
-specifies the three component disks to be used in the RAID device. If
-any of the specified drives cannot be found when the RAID device is
+specifies the three component disks to be used in the RAID device.
+If any of the specified drives cannot be found when the RAID device is
configured, then they will be marked as
.Dq failed ,
and the system will
-operate in degraded mode. Note that it is
+operate in degraded mode.
+Note that it is
.Em imperative
that the order of the components in the configuration file does not
-change between configurations of a RAID device. Changing the order
+change between configurations of a RAID device.
+Changing the order
of the components (at least at the time of this writing) will result in
data loss.
.Pp
.Dq hot spares
-- devices
which are on-line, but are not actively used by the RAID driver unless
-one of the main components fail. A simple
+one of the main components fail.
+A simple
.Dq spare
section might be:
.Bd -unfilled -offset indent
/dev/sd3e
.Ed
.Pp
-for a configuration with a single spare component. If no spare drives
-are to be used in the configuration, then the
+for a configuration with a single spare component.
+If no spare drives are to be used in the configuration, then the
.Dq spare
section may be omitted.
.Pp
The next section is the
.Dq layout
-section. This section describes the
+section.
+This section describes the
general layout parameters for the RAID device, and provides such
information as sectors per stripe unit, stripe units per parity unit,
stripe units per reconstruction unit, and the parity configuration to
-use. This section might look like:
+use.
+This section might look like:
.Bd -unfilled -offset indent
START layout
# sectPerSU SUsPerParityUnit SUsPerReconUnit RAID_level
.Pp
The sectors per stripe unit specifies, in blocks, the interleave
factor; i.e., the number of contiguous sectors to be written to each
-component for a single stripe. Appropriate selection of this value
+component for a single stripe.
+Appropriate selection of this value
(32 in this example) is the subject of much research in RAID
-architectures. The stripe units per parity unit and
+architectures.
+The stripe units per parity unit and
stripe units per reconstruction unit are normally each set to 1.
While certain values above 1 are permitted, a discussion of valid
values and the consequences of using anything other than 1 are outside
-the scope of this document. The last value in this section (5 in this
-example) indicates the parity configuration desired. Valid entries
-include:
+the scope of this document.
+The last value in this section (5 in this
+example) indicates the parity configuration desired.
+Valid entries include:
.Bl -tag -width inde
.It 0
-RAID level 0. No parity, only simple striping.
+RAID level 0.
+No parity, only simple striping.
.It 1
-RAID level 1. Mirroring.
+RAID level 1.
+Mirroring.
.It 4
-RAID level 4. Striping across components, with parity stored on the
-last component.
+RAID level 4.
+Striping across components, with parity stored on the last component.
.It 5
-RAID level 5. Striping across components, parity distributed across
-all components.
+RAID level 5.
+Striping across components, parity distributed across all components.
.El
.Pp
There are other valid entries here, including those for Even-Odd
.Pp
The next required section is the
.Dq queue
-section. This is most often
-specified as:
+section.
+This is most often specified as:
.Bd -unfilled -offset indent
START queue
fifo 1
.Ed
.Pp
where the queuing method is specified as FIFO (first-in, first-out),
-and the size of the per-component queue is limited to 1 request. A
-value of 1 is quite conservative here, and values of 100 or more may
+and the size of the per-component queue is limited to 1 request.
+A value of 1 is quite conservative here, and values of 100 or more may
been used to increase the driver performance.
Other queuing methods may also be specified, but a discussion of them
is beyond the scope of this document.
.Pp
The final section, the
.Dq debug
-section, is optional. For more details
-on this the reader is referred to the RAIDframe documentation
+section, is optional.
+For more details on this the reader is referred to the RAIDframe documentation
dissussed in the
.Sx HISTORY
section.
for a more complete configuration file example.
.Sh EXAMPLES
The examples in this section will focus on a RAID 5 configuration.
-Other RAID configurations will behave similarly. It is highly
-recommended that before using the RAID driver for real filesystems
+Other RAID configurations will behave similarly.
+It is highly
+recommended that before using the RAID driver for real file systems
that the system administrator(s) have used
.Em all
of the options for
.Nm raidctl ,
-and that they understand how the component reconstruction process
-works. While this example is not created as a tutorial, the steps
+and that they understand how the component reconstruction process works.
+While this example is not created as a tutorial, the steps
shown here can be easily duplicated using four equal-sized partitions
from any number of disks (including all four from a single disk).
.Pp
.Nm
is to configure and unconfigure
.Xr raid 4
-devices. To configure a device, a configuration
-file which looks something like:
+devices.
+To configure a device, a configuration file which looks something like:
.Bd -unfilled -offset indent
START array
# numRow numCol numSpare
fifo 100
.Ed
.Pp
-is first created. In short, this configuration file specifies a RAID
+is first created.
+In short, this configuration file specifies a RAID
5 configuration consisting of the disks
.Pa /dev/sd1e ,
.Pa /dev/sd2e ,
available as a
.Dq hot spare
in case one of
-the three main drives should fail. If the above configuration is in a
-file called
+the three main drives should fail.
+If the above configuration is in a file called
.Pa rfconfig ,
raid device 0 in the normal case can be configured with:
.Bd -unfilled -offset indent
raidctl -c rfconfig /dev/rraid0d
.Ed
.Pp
-on the i386 architecture. On all other architectures,
+on the i386 architecture.
+On all other architectures,
.Pa /dev/rraid0c
is used in place of
.Pa /dev/rraid0d .
.Pp
A RAID set will not configure with
.Fl c
-if the component labels are not correct. A
+if the component labels are not correct.
+A
.Sq component label
contains important information about the component, including a
user-specified serial number, the row and column of that component in the RAID
The
.Fl C
forces the configuration to succeed, even if any of the component
-labels are incorrect. This option should not be used lightly in
+labels are incorrect.
+This option should not be used lightly in
situations other than initial configurations, as if
the system is refusing to configure a RAID set, there is probably a
very good reason for it.
.Pp
When the RAID set is configured for the first time, it is
necessary to initialize the component labels, and to initialize the
-parity on the RAID set. Initializing the component labels is done with:
+parity on the RAID set.
+Initializing the component labels is done with:
.Bd -unfilled -offset indent
raidctl -I 112341 raid0
.Ed
.Pp
where
.Sq 112341
-is a user-specified serial number for the RAID set. Using different
+is a user-specified serial number for the RAID set.
+Using different
serial numbers between RAID sets is strongly encouraged, as using the
same serial number for all RAID sets will only serve to decrease the
usefulness of the component label checking.
.Ed
.Pp
Initializing the parity in this way may also be required after an
-unclean shutdown. Once the parity is known to be correct,
-it is then safe to perform
+unclean shutdown.
+Once the parity is known to be correct, it is then safe to perform
.Xr disklabel 8 ,
.Xr newfs 8 ,
or
raidctl -p raid0
.Ed
.Pp
-can be used to check the current status of the parity. To check the
-parity and rebuild it if necessary the command:
+can be used to check the current status of the parity.
+To check the parity and rebuild it if necessary the command:
.Bd -unfilled -offset indent
raidctl -P raid0
.Ed
.Pp
-is used. Note that re-writing the parity can be done while
+is used.
+Note that re-writing the parity can be done while
other operations on the RAID set are taking place (e.g., while doing a
.Xr fsck 8
-on a filesystem on the RAID set). However: for maximum effectiveness
+on a filesystem on the RAID set).
+However: for maximum effectiveness
of the RAID set, the parity should be known to be correct before any
data on the set is modified.
.Pp
.Pp
For a component label to be considered valid, that particular
component label must be in agreement with the other component labels
-in the set. For example, the serial number, 'modification counter',
-number of rows and number of columns must all be in agreement. If any
+in the set.
+For example, the serial number,
+.Dq modification counter ,
+number of rows, and number of columns must all be in agreement.
+If any
of these are different, then the component is not considered to be
part of the set.
.Pp
.Pp
Note that with the use of
.Fl f
-a reconstruction has not been started. To both fail the disk and
-start a reconstruction, the
+a reconstruction has not been started.
+To both fail the disk and start a reconstruction, the
.Fl F
option must be used:
.Bd -unfilled -offset indent
/dev/sd4e: used_spare
.Ed
.Pp
-This indicates that a reconstruction is in progress. To find out how
-the reconstruction is progressing the
+This indicates that a reconstruction is in progress.
+To find out how the reconstruction is progressing the
.Fl S
-option may be used. This will indicate the progress in terms of the
-percentage of the reconstruction that is completed. When the
-reconstruction is finished the
+option may be used.
+This will indicate the progress in terms of the
+percentage of the reconstruction that is completed.
+When the reconstruction is finished the
.Fl s
option will show:
.Bd -unfilled -offset indent
/dev/sd4e: used_spare
.Ed
.Pp
-At this point there are at least two options. First, if
+At this point there are at least two options.
+First, if
.Pa /dev/sd2e
is known to be good (i.e., the failure was either caused by
.Fl f
or the failed disk was replaced), then a copyback of the data can
be initiated with the
.Fl B
-option. In this example, this would copy the entire contents of
+option.
+In this example, this would copy the entire contents of
.Pa /dev/sd4e
to
.Pa /dev/sd2e .
.Pa /dev/sd4e
in place of
.Pa /dev/sd2e
-in the configuration file. For example, the
-configuration file (in part) might now look like:
+in the configuration file.
+For example, the configuration file (in part) might now look like:
.Bd -unfilled -offset indent
START array
1 3 0
.Pa /dev/sd4e
is completely interchangeable with
.Pa /dev/sd2e
-at this point. Note that extreme care must be taken when
-changing the order of the drives in a configuration. This is one of
+at this point.
+Note that extreme care must be taken when
+changing the order of the drives in a configuration.
+This is one of
the few instances where the devices and/or their orderings can be
-changed without loss of data! In general, the ordering of components
-in a configuration file should
+changed without loss of data!
+In general, the ordering of components in a configuration file should
.Em never
be changed.
.Pp
No spares.
.Ed
.Pp
-In this case there are a number of options. The first option is to add a hot
-spare using:
+In this case there are a number of options.
+The first option is to add a hot spare using:
.Bd -unfilled -offset indent
raidctl -a /dev/sd4e raid0
.Ed
.Pp
to rebuild the
.Pa /dev/sd2e
-component. As the rebuilding is in progress,
-the status will be:
+component.
+As the rebuilding is in progress, the status will be:
.Bd -unfilled -offset indent
Components:
/dev/sd1e: optimal
/dev/sd3e: optimal
No spares.
.Ed
-.Pp
-
.Pp
The final operation performed by
.Nm
is to unconfigure a
.Xr raid 4
-device. This is accomplished via a simple:
+device.
+This is accomplished via a simple:
.Bd -unfilled -offset indent
raidctl -u raid0
.Ed
at which point the device is ready to be reconfigured.
.Sh WARNINGS
Certain RAID levels (1, 4, 5, 6, and others) can protect against some
-data loss due to component failure. However the loss of two
+data loss due to component failure.
+However the loss of two
components of a RAID 4 or 5 system, or the loss of a single component
of a RAID 0 system will result in the entire filesystem being lost.
RAID is
Recomputation of parity
.Em must
be performed whenever there is a chance that it may have been
-compromised. This includes after system crashes, or before a RAID
-device has been used for the first time. Failure to keep parity
+compromised.
+This includes after system crashes, or before a RAID
+device has been used for the first time.
+Failure to keep parity
correct will be catastrophic should a component ever fail -- it is
better to use RAID 0 and get the additional space and speed, than it
-is to use parity, but not keep the parity correct. At least with RAID
-0 there is no perception of increased data security.
+is to use parity, but not keep the parity correct.
+At least with RAID 0 there is no perception of increased data security.
.Pp
.Sh FILES
.Bl -tag -width /dev/XXrXraidX -compact
.Xr ccd 4 ,
.Xr raid 4 ,
.Xr rc 8
-.Sh BUGS
-Hot-spare removal is currently not available.
.Sh HISTORY
RAIDframe is a framework for rapid prototyping of RAID structures
developed by the folks at the Parallel Data Laboratory at Carnegie
.Pp
The
.Nm
-command first appeared as a program in CMU's RAIDframe v1.1 distribution. This
-version of
+command first appeared as a program in CMU's RAIDframe v1.1 distribution.
+This version of
.Nm
is a complete re-write, and first appeared in
.Nx 1.4 .
+.Sh BUGS
+Hot-spare removal is currently not available.
.Sh COPYRIGHT
.Bd -unfilled
-.\" $OpenBSD: boot_atari.8,v 1.8 1999/07/08 19:58:30 deraadt Exp $
+.\" $OpenBSD: boot_atari.8,v 1.9 2000/03/18 22:56:03 aaron Exp $
.\" $NetBSD: boot_atari.8,v 1.1 1996/06/27 11:07:56 leo Exp $
.\"
.\" Copyright (c) 1990, 1991 The Regents of the University of California.
When the
.Ox
kernel is booted normally (using one of the two methods discussed below),
-it initializes itself and proceeds to boot the system. An automatic
+it initializes itself and proceeds to boot the system.
+An automatic
consistency check of the file systems takes place, and unless this
-fails, the system comes up to multi-user operations. The proper way
-to shut the system down is with the
+fails, the system comes up to multi-user operations.
+The proper way to shut the system down is with the
.Xr shutdown 8
command.
.Pp
If the system crashes, it will enter the kernel debugger,
.Xr ddb 8 ,
-if it is configured in the kernel. If the debugger is not present
+if it is configured in the kernel.
+If the debugger is not present
or has exited, the system will attempt a dump to the
configured dump device (which will be automatically recovered with
.Xr savecore 8
-during the next boot cycle). After the dump completes (successful
+during the next boot cycle).
+After the dump completes (successful
or not), the system will attempt a reboot.
.Pp
.Ss Booting OpenBSD using the bootloader
.Xr installboot 8 ,
the Atari BIOS will automatically start the
.Ox
-bootloader. By default,
-it will load the kernel image
+bootloader.
+By default, it will load the kernel image
.Pa /bsd
-and attempt to boot it into multi-user mode. This behaviour can be changed by
-either keeping the
+and attempt to boot it into multi-user mode.
+This behaviour can be changed by either keeping the
.Sq Alternate
or
.Sq Right-Shift
-key pressed during the boot process. When
-the
+key pressed during the boot process.
+When the
.Sq Alternate
key is pressed, the bootstrap is aborted, causing the BIOS
to continue scanning the disks for a bootable partition (this is compatible
-with AHDI 3.0). Pressing the
+with AHDI 3.0).
+Pressing the
.Sq Right-Shift
key during the boot causes the bootloader to enter interactive mode.
In interactive mode, the command line looks like:
If something other than
.Pa .OpenBSD
is specified, control is returned to the BIOS with the boot preference set to
-the selected type. Due to limitations of the BIOS, however, the search for
+the selected type.
+Due to limitations of the BIOS, however, the search for
bootblocks is continued rather than restarted.
.It Em boot-path
This gives you the opportunity to boot another kernel, say:
.Ox
from GEM, you have to use the
.Xr loadbsd
-program that is supplied on the kernel-floppy. The
+program that is supplied on the kernel-floppy.
+The
.Xr loadbsd
command line
specification is:
Test loading of the kernel but don't start
.Ox .
.It Fl w
-Wait for a keypress before exiting loadbsd. This is useful when starting this
-program under GEM.
+Wait for a keypress before exiting loadbsd.
+This is useful when starting this program under GEM.
.It Fl D
Show debugging output while booting the kernel.
.It Fl S Ar amount
-Set the amount of available ST compatible RAM in bytes. Normally this
+Set the amount of available ST compatible RAM in bytes.
+Normally this
value is set automatically from the values initialized by the BIOS.
.It Fl T Ar amount
-Set the amount of available TT compatible RAM in bytes. Normally this
+Set the amount of available TT compatible RAM in bytes.
+Normally this
value is set automatically from the values initialized by the BIOS.
.It Fl V
Print the version of
Note: Because the loadbsd program can only read kernels from a GEMDOS
filesystem, the file
.Pa /bsd
-is usually not the same as the actual kernel booted. This can cause some
-programs to fail.
+is usually not the same as the actual kernel booted.
+This can cause some programs to fail.
.Sh FILES
.Bl -tag -width /bsd -compact
.It Pa /bsd
-.\" $OpenBSD: boot_i386.8,v 1.10 1999/06/04 02:45:23 aaron Exp $
+.\" $OpenBSD: boot_i386.8,v 1.11 2000/03/18 22:56:03 aaron Exp $
.\"
.\" Copyright (c) 1997 Tobias Weingartner
.\"
This test will find and initialize memory, keyboard, and other devices.
It will search for and initialize any extension ROMs that are present,
and then attempt to boot the operating system from an available boot
-drive. Failing this, older IBM systems came up in ROM BASIC.
+drive.
+Failing this, older IBM systems came up in ROM BASIC.
.Pp
The newer
.Tn "PC AT"
The BIOS loads the first block (at physical location: track 0, head 0,
sector 1) off the boot device into memory, and if the last two bytes in the
block match the signature 0x55AA, the BIOS considers the block a valid
-bootable drive. The BIOS then proceeds to call the machine code program
-in this block. If the BIOS is current, it will also pass the boot drive
+bootable drive.
+The BIOS then proceeds to call the machine code program in this block.
+If the BIOS is current, it will also pass the boot drive
to the boot block in register %dl.
.Pp
-There are two different types of boot blocks on devices. There is the
-MBR (master boot record) and the PBR (partition boot record). A digression
+There are two different types of boot blocks on devices.
+There is the
+MBR (master boot record) and the PBR (partition boot record).
+A digression
into a little piece of history will quickly give light as to why this is so.
In the beginning, the PC
.Dq architecture
came with a single or dual floppy
-drives, and no hard drives. The only type of bootable sectors on any device
-were the PBRs. They were responsible for loading the rest of the operating
-system from the correct device. When hard disks came out, it was felt that
+drives, and no hard drives.
+The only type of bootable sectors on any device were the PBRs.
+They were responsible for loading the rest of the operating
+system from the correct device.
+When hard disks came out, it was felt that
such a huge space should be able to be partitioned into separate drives,
and this is when the MBR was invented.
.Pp
The MBR relocates itself upon being loaded and invoked by the BIOS.
Embeded within the MBR is a partition table, with four partition table
-entries. The MBR code traverses this table (which was loaded with the
+entries.
+The MBR code traverses this table (which was loaded with the
MBR by the BIOS), looking for an active entry, and then loads the MBR or
-PBR from the disk location specified by the partition table entry. So
-in reality, the MBR is nothing more than a fancy chaining PBR.
+PBR from the disk location specified by the partition table entry.
+So in reality, the MBR is nothing more than a fancy chaining PBR.
.Pp
Note: The MBR could load another MBR, which is the case when you are booting
-off an extended partition. In other words, the first block of an extended
+off an extended partition.
+In other words, the first block of an extended
partition is really an MBR, which will then load the corresponding MBR or PBR
out of its extended partition's partition table.
.Sh GEOMETRY TRANSLATION
is a mess, and a compatibility nightmare.
.Pp
The PC BIOS has an API to manipulate any disk that the BIOS happens to
-support. This interface uses 10 bits to address the cylinder, 8 bits to
-address the head, and 6 bits to address the sector of a drive. This
-restricts any application using the BIOS to being able to address only
+support.
+This interface uses 10 bits to address the cylinder, 8 bits to
+address the head, and 6 bits to address the sector of a drive.
+This restricts any application using the BIOS to being able to address only
1024 cylinders, 256 heads, and 63 (since the sectors are 1 based) sectors
-on a disk. These limitations proved to be fine for roughly 3 years after
+on a disk.
+These limitations proved to be fine for roughly 3 years after
the debut of hard disks on PC computers.
.Pp
Many (if not all) newer drives have many more cylinders than the BIOS API
-can support, and likely more sectors per track as well. To allow the BIOS
-the ability of accessing these large drives, the BIOS would
+can support, and likely more sectors per track as well.
+To allow the BIOS the ability of accessing these large drives, the BIOS would
.Dq re-map
the
cylinder/head/sector of the real drive geometry into something that would
drive, still using the restricted BIOS API.
.Pp
The reason this has become a problem is that any modern OS will use its own
-drivers to access the disk drive, bypassing the BIOS completely. However,
+drivers to access the disk drive, bypassing the BIOS completely.
+However,
the MBR, PBR, and partition tables are all still written using the original
-BIOS access methods. This is for backwards compatibility to the original
-IBM PC!
+BIOS access methods.
+This is for backwards compatibility to the original IBM PC!
.Pp
So the gist of it is, the MBR, PBR, and partition table need to have BIOS
geometry offsets and cylinder/head/sector values for them to be able to
-load any type of operating system. This geometry can, and likely will,
+load any type of operating system.
+This geometry can, and likely will,
change whenever you move a disk from machine to machine, or from controller
to controller.
.Em They are controller and machine specific .
The
.Dq PC BIOS Architecture
makes this process very prone to weird and
-wonderful interactions between differing operating systems. There is
-no published standard to the MBR and PBR, which makes coding these a
-nightmare. Somebody *please* write me a decent BIOS, and make them (the
-masses) use it!
+wonderful interactions between differing operating systems.
+There is no published standard to the MBR and PBR,
+which makes coding these a nightmare.
+Somebody *please* write me a decent BIOS, and make them (the masses) use it!
-.\" $OpenBSD: boot_mac68k.8,v 1.11 2000/03/14 21:31:42 aaron Exp $
+.\" $OpenBSD: boot_mac68k.8,v 1.12 2000/03/18 22:56:03 aaron Exp $
.\" $NetBSD: boot_mac68k.8,v 1.1 1995/07/02 02:09:52 briggs Exp $
.\"
.\" Copyright (c) 1990, 1991 The Regents of the University of California.
Normally, the
.Ox
kernel on the mac68k architecture is booted from the native operating
-system by means of an application program. When the kernel takes over,
-it initializes itself and proceeds to boot the system. An automatic
+system by means of an application program.
+When the kernel takes over,
+it initializes itself and proceeds to boot the system.
+An automatic
consistency check of the file systems takes place, and unless this
-fails, the system comes up to multi-user operations. The proper way
-to shut the system down is with the
+fails, the system comes up to multi-user operations.
+The proper way to shut the system down is with the
.Xr shutdown 8
command.
.Pp
If the system crashes, it will enter the kernel debugger,
.Xr ddb 8 ,
-if it is configured in the kernel. If the debugger is not present
+if it is configured in the kernel.
+If the debugger is not present
or has exited, the system will attempt a dump to the
configured dump device (which will be automatically recovered with
.Xr savecore 8
-during the next boot cycle). After the dump completes (successful
+during the next boot cycle).
+After the dump completes (successful
or not), the system will attempt a reboot.
.Pp
On most mac68k machines with
position.
The native OS can be configured to automatically start the
.Ox
-boot program. Additionally, the
+boot program.
+Additionally, the
.Ox
boot program can be configured to boot
.Ox
-without intervention. When a system is so configured, it can crash
+without intervention.
+When a system is so configured, it can crash
or lose power and reboot back to a fully multi-user state without
any intervention.
.Pp
.Ss The boot application
-The boot application runs in the native OS on the system. It has a
+The boot application runs in the native OS on the system.
+It has a
dialog where booting preferences may be changed and an option whereby
-these options may be saved. The preferences are stored in the program
+these options may be saved.
+The preferences are stored in the program
itself, not in a preferences folder, thus allowing two separate copies
of the program to be configured differently (e.g., to boot different
bsd or bsd.test, or to boot from two different drives).
.Pp
-One option that may be specified is a boot to single-user mode. This
-stops the boot process very early on and allows system maintenance.
+One option that may be specified is a boot to single-user mode.
+This stops the boot process very early on and allows system maintenance.
If one wishes to provide some security at this phase of the boot, remove
the
.Dq secure
.Pp
Another useful option that may be specified is the
.Dq serial console
-option. This will allow a serial device (terminal or computer) to
-act as a console for the system. This device must be configured to
+option.
+This will allow a serial device (terminal or computer) to
+act as a console for the system.
+This device must be configured to
use 9600 baud, eight bits, no parity, and one stop bit (9600-8N1).
Either the printer port or the modem port (tty01 and tty00,
respectively) may be used for this.
It is sometimes useful to boot a kernel that resides in a folder
in native OS rather than from the usual location in the
.Ox
-file system. A radio button is supplied for this purpose. Note that
-some programs will not run properly if the kernel is not found as
+file system.
+A radio button is supplied for this purpose.
+Note that some programs will not run properly if the kernel is not found as
.Pa /bsd
within the
.Ox
-.\" $OpenBSD: boot_pmax.8,v 1.14 1999/07/08 19:58:30 deraadt Exp $
+.\" $OpenBSD: boot_pmax.8,v 1.15 2000/03/18 22:56:03 aaron Exp $
.\" $NetBSD: boot_pmax.8,v 1.1 1995/04/25 23:55:11 mellon Exp $
.\"
.\" Copyright (c) 1990, 1991 The Regents of the University of California.
.Nm haltaction
environment
variable in EEPROM to determine whether or not to attempt an automatic
-boot. If this
-variable is set to
+boot.
+If this variable is set to
.Dq h ,
the ROM prints a prompt on the console and
-waits for user commands. If set to
+waits for user commands.
+If set to
.Dq b ,
the ROM attempts to autoboot.
.Pp
On the DECstation 2100 and 3100, the path used for automatic booting is
stored in the
.Nm bootpath
-environment variable. The path is made up of a
+environment variable.
+The path is made up of a
device type specifier (e.g., rz, tz, mop or tftp), followed by
a triplet in the form (x,y,z), followed by a filename to load.
.Pp
.Pp
The filename is optional for bootp/tftp and mop booting, since in
these cases the network protocol can be used to determine which
-file to boot. When booting off the tape, no filename should be
+file to boot.
+When booting off the tape, no filename should be
specified, and when booting off disk, the filename of a kernel
-must be specified. Generally, the kernel is named
+must be specified.
+Generally, the kernel is named
.Pa bsd .
.Pp
An example
argument to the bootloader,
requesting that
.Ox
-attempt to come up to multi-user mode. At the boot ROM prompt,
-the user may boot
+attempt to come up to multi-user mode.
+At the boot ROM prompt, the user may boot
.Ox
with either the
.Nm auto
or the
.Nm boot
-command. If the
+command.
+If the
.Nm auto
command is used, the
.Fl a
.Nm auto
command is issued with no arguments, the kernel specified in the
.Nm bootpath
-environment variable is booted. An alternate kernel may be specified
-with the
+environment variable is booted.
+An alternate kernel may be specified with the
.Fl f
flag, followed by the path of the kernel to boot, as described above.
For example:
is specified in the
.Nm boot
environment variable, along with any arguments
-to be passed to the kernel. Note that to specify boot arguments (e.g.,
+to be passed to the kernel.
+Note that to specify boot arguments (e.g.,
.Fl a )
when setting the
.Nm boot
environment variable, the filename and arguments
-must be enclosed in quotes. For example:
+must be enclosed in quotes.
+For example:
.Pp
.Dl setenv boot "3/rz4/bsd -a"
.Pp
The device from which to boot is specified as the TurboChannel slot
number, a TurboChannel-option-specific device name, and a path to the
-file to load, all separated by slashes. You can get a list of the
+file to load, all separated by slashes.
+You can get a list of the
devices installed in your TurboChannel slots (as well as any built-in
devices which appear as TurboChannel slots) by typing the
.Nm cnfg
command
-at the boot prompt. You can get more detailed information about a specific
+at the boot prompt.
+You can get more detailed information about a specific
TurboChannel option by typing
.Nm cnfg
followed by the slot number of that
.Dq rz#
for disks or
.Dq tz#
-for tapes, where # is the SCSI ID of the device. For network
+for tapes, where # is the SCSI ID of the device.
+For network
devices, the option-specific protocol identifier is either mop or tftp.
Filename requirements are as for the DECstation 2100 and 3100.
.Pp
.Ox
from the boot prompt, the
.Nm boot
-command must be used. With no arguments, this simply boots the default
+command must be used.
+With no arguments, this simply boots the default
kernel with the default arguments as set with
.Nm setenv
.Nm boot .
.Nm boot
environment variable is set, or if an alternate kernel is to be
booted, the path of that kernel may be specified after the boot command as
-described above, and any arguments may be passed similarly. For example:
+described above, and any arguments may be passed similarly.
+For example:
.Pp
.Dl boot 3/rz4/bsd.new -a
.Sh SEE ALSO
-.\" $OpenBSD: boot_sparc.8,v 1.13 1999/07/08 20:28:03 deraadt Exp $
+.\" $OpenBSD: boot_sparc.8,v 1.14 2000/03/18 22:56:03 aaron Exp $
.\" $NetBSD: boot_sparc.8,v 1.4 1995/04/25 11:37:25 pk Exp $
.\"
.\" Copyright (c) 1992, 1993
The
.Dq new-style
SPARC boot ROM is a full-featured Forth system with emacs
-key bindings. It can be put in
+key bindings.
+It can be put in
.Dq old-style
user-interface compatibility
mode (in which case it shows a simple
.Dq \&>
prompt), but this is essentially
-useless. However, by default the ROM runs in old-mode; to enter new-mode type
+useless.
+However, by default the ROM runs in old-mode; to enter new-mode type
.Dq n .
The ROM then shows a Forth-style
.Dq ok
-prompt. It is recommended to have
-the ROM always start in its native
+prompt.
+It is recommended to have the ROM always start in its native
.Dq new-style
-mode. Utter the following
+mode.
+Utter the following
incantation in new-mode to force the ROM to always start in new-mode:
.Pp
.Em \ ok
-.\" $OpenBSD: boot_vax.8,v 1.9 1999/07/08 19:58:30 deraadt Exp $
+.\" $OpenBSD: boot_vax.8,v 1.10 2000/03/18 22:56:03 aaron Exp $
.\" $NetBSD: boot_vax.8,v 1.3 1995/04/23 10:33:39 cgd Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.Tn UNIX ) .
.Pp
On an 11/750, the reset button will boot from the device
-selected by the front panel boot device switch. In systems
-with RK07's, position B normally selects the RK07 for boot.
-This will boot multi-user. To boot from RK07 with boot flags you
-may specify
+selected by the front panel boot device switch.
+In systems with RK07's, position B normally selects the RK07 for boot.
+This will boot multi-user.
+To boot from RK07 with boot flags you may specify
.Pp
.Bd -unfilled -offset indent -compact
.Li \&>>>B/ Ns Fl n No DMA0
disk).
A non-zero disk partition can be used by adding (partition times 1000 hex)
to
-.Ar n .
+.Ar n .
.Pp
The boot procedure on the Micro
.Tn VAX
as on the 11/750.
.Pp
The 11/750 boot procedure uses the boot ROMs to load block 0 off
-the specified device. The
+the specified device.
+The
.Pa /usr/mdec
directory contains a number
of bootstrap programs for the various disks which should be placed
-.\" $OpenBSD: reboot.8,v 1.17 1999/07/20 18:35:36 aaron Exp $
+.\" $OpenBSD: reboot.8,v 1.18 2000/03/18 22:56:04 aaron Exp $
.\" $NetBSD: reboot.8,v 1.3 1995/10/05 05:36:21 mycroft Exp $
.\"
.\" Copyright (c) 1990, 1991, 1993
.It Fl d
Causes system to create a dump before rebooting.
This option is useful for debugging system dump procedures or
-capturing the state of a corrupted or misbehaving system. See
+capturing the state of a corrupted or misbehaving system.
+See
.Xr savecore 8
for information on how to recover this dump.
.It Fl n
Prevent file system cache from being flushed.
This option should probably not be used.
.It Fl q
-Quick. The system is halted or restarted quickly and ungracefully, and only
+Quick.
+The system is halted or restarted quickly and ungracefully, and only
the flushing of the file system cache is performed.
This option should probably not be used.
.It Fl p
Causes the system to power down, if it is being halted, and the
-hardware supports automatic power down. (Currently supported on some
-i386, sparc, and mac68k platforms.)
+hardware supports automatic power down.
+(Currently supported on some i386, sparc, and mac68k platforms.)
.El
.Pp
Normally, the
-.\" $OpenBSD: restore.8,v 1.16 1999/07/04 18:59:41 aaron Exp $
+.\" $OpenBSD: restore.8,v 1.17 2000/03/18 22:56:04 aaron Exp $
.\" $NetBSD: restore.8,v 1.15 1997/07/01 05:37:53 lukem Exp $
.\"
.\" Copyright (c) 1985, 1991, 1993
mounted, and the user
.Xr cd Ns 'd
into the pristine file system
-before starting the restoration of the initial level 0 backup. If the
-level 0 restores successfully, the
+before starting the restoration of the initial level 0 backup.
+If the level 0 restores successfully, the
.Fl r
flag may be used to restore
any necessary incremental backups on top of the level 0.
Normally,
.Nm
will try to determine dynamically whether the dump was made from an
-old (pre-4.4) or new format file sytem. The
+old (pre-4.4) or new format file sytem.
+The
.Fl c
flag disables this check, and only allows reading a dump in the old
format.
-.\" $OpenBSD: route.8,v 1.20 2000/03/14 21:31:35 aaron Exp $
+.\" $OpenBSD: route.8,v 1.21 2000/03/18 22:56:04 aaron Exp $
.\" $NetBSD: route.8,v 1.6 1995/03/18 15:00:13 cgd Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.Oc
.Sh DESCRIPTION
.Nm
-is a utility used to manually manipulate the network
-routing tables. It normally is not needed, as a
+is a utility used to manually manipulate the network routing tables.
+It normally is not needed, as a
system routing table management daemon such as
.Xr routed 8 ,
should tend to this task.
Run in debug-only mode, i.e., don't actually modify the routing table.
.It Fl n
Bypasses attempts to print host and network names symbolically
-when reporting actions. (The process of translating between symbolic
+when reporting actions.
+(The process of translating between symbolic
names and numerical equivalents can be quite time consuming, and
may require correct operation of the network; thus it may be expedient
to forgo this, especially when attempting to repair networking operations.)
.Sh DIAGNOSTICS
.Bl -tag -width Ds
.It Sy "add [host \&| network ] %s: gateway %s flags %x"
-The specified route is being added to the tables. The
-values printed are from the routing table entry supplied
-in the
+The specified route is being added to the tables.
+The values printed are from the routing table entry supplied in the
.Xr ioctl 2
call.
If the gateway address used was not the primary address of the gateway
-.\" $OpenBSD: routed.8,v 1.28 2000/03/04 20:02:24 aaron Exp $
+.\" $OpenBSD: routed.8,v 1.29 2000/03/18 22:56:04 aaron Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
redirected host routes in the kernel table.
.Pp
The Router Discover standard requires that advertisements
-have a default "lifetime" of 30 minutes. That means should
-something happen, a client can be without a good route for
-30 minutes. It is a good idea to reduce the default to 45
-seconds using
+have a default "lifetime" of 30 minutes.
+That means should something happen, a client can be without a good route for
+30 minutes.
+It is a good idea to reduce the default to 45 seconds using
.Fl P Cm rdisc_interval=45
on the command line or
.Cm rdisc_interval=45
or on a gateway that uses another routing protocol whose routes
are not reported to other local routers.
Notice that because a metric of 1 is used, this feature is
-dangerous. It is more commonly accidentally used to create chaos with a routing
+dangerous.
+It is more commonly accidentally used to create chaos with a routing
loop than to solve problems.
.It Fl h
Causes host or point-to-point routes to not be advertised,
This is useful for filling "holes" in CIDR allocations.
This parameter must appear by itself on a line.
.Pp
-Do not use this feature unless necessary. It is dangerous.
+Do not use this feature unless necessary.
+It is dangerous.
.It Cm passwd Ns \&= Ns Ar XXX
Specifies a RIPv2 password that will be included on all RIPv2
responses sent and checked on all RIPv2 responses received.
-.\" $OpenBSD: scan_ffs.8,v 1.9 2000/03/05 00:28:50 aaron Exp $
+.\" $OpenBSD: scan_ffs.8,v 1.10 2000/03/18 22:56:04 aaron Exp $
.\"
.\" Copyright (c) 1997 Niklas Hallqvist, Tobias Weingartner
.\" All rights reserved.
.Op Fl e Ar end
.Ar device
.Sh DESCRIPTION
-This is the life-saver of typos. If you have ever been working too long,
+This is the life-saver of typos.
+If you have ever been working too long,
and just happened to type 'disklabel -rw sd0 floppy', instead of 'disklabel
-rw fd0 floppy', you know what I am talking about.
.Pp
This little program will take a raw disk device (which you might have to
create) that covers the whole disk, and finds all probable UFS/FFS partitions
-on the disk. It has various options to make it go faster, and to print out
+on the disk.
+It has various options to make it go faster, and to print out
information to help in the reconstruction of the disklabel.
.Pp
The options are as follows:
.It Fl l
This will make
.Nm
-print out a string looking much like the input to disklabel. With a little
-massaging, this output can usually be used in the disklabel edit.
+print out a string looking much like the input to disklabel.
+With a little massaging, this output can usually be used in the disklabel edit.
.Pp
.It Fl s
This tells
.Nm
to be smart about skipping partitions (when it thinks it found a valid one).
By not scanning partitions for superblocks, the program completes a couple of
-orders of magnitude faster. However, sometimes being smart is too good for
+orders of magnitude faster.
+However, sometimes being smart is too good for
its own good,
especially if your disk has had a different layout previously, or contains
other non-UFS/FFS filesystems.
.It Fl b Ar begin
Tell
.Nm
-where to begin searching for filesystems. This makes it easier to skip swap
+where to begin searching for filesystems.
+This makes it easier to skip swap
partitions, or other large non-UFS/FFS partitions.
.Pp
.It Fl e Ar end
.It Ar device
This specifies which device
.Nm
-should use to scan for filesystems. Usually this device should cover the
-whole disk in question.
+should use to scan for filesystems.
+Usually this device should cover the whole disk in question.
.Pp
.El
.Pp
The basic operation of this program is as follows:
.Bl -enum -width "1111"
.It
-Panic. You usually do so anyways, so you might as well get it over with.
-Just don't do anything stupid. Panic away from your machine. Then relax,
-and see if the steps below won't help you out.
+Panic.
+You usually do so anyways, so you might as well get it over with.
+Just don't do anything stupid.
+Panic away from your machine.
+Then relax, and see if the steps below won't help you out.
.It
-Try to find your old disklabel by any other means possible. This includes
+Try to find your old disklabel by any other means possible.
+This includes
printouts, backups, screendumps, and whatever other method you can think of.
The more information you have, the better your chances are in recovering the
disklabel of the disk.
.Pp
.It
Create a disklabel on the affected disk, which covers the whole disk, and has
-at least one partition which covers the whole disk. As the
+at least one partition which covers the whole disk.
+As the
.Dq c
partition
usually covers the whole disk anyways, this sounds like a good place to start.
.It
Run
.Nm
-over this partition. If you have any information about the disklabel
+over this partition.
+If you have any information about the disklabel
which used to exist on the disk, keep that in mind while
.Nm
spews out its things.
.Pp
.El
.Pp
-Last but certainly not least, we wish you good luck. The UFS/FFS filesystems
-are pretty sturdy. I've seen them reconstructed after some pretty weird and
-awesome fumbles. If you can't have backups, at least have funky tools to help
+Last but certainly not least, we wish you good luck.
+The UFS/FFS filesystems are pretty sturdy.
+I've seen them reconstructed after some pretty weird and
+awesome fumbles.
+If you can't have backups, at least have funky tools to help
you out of a jam when they happen.
.Sh SEE ALSO
.Xr disklabel 8
It is not perfect, and could do a lot more things with date/time information
in the superblocks it finds, but this program has saved more than one butt,
more than once.
-
-.\" $OpenBSD: scsi.8,v 1.15 2000/03/05 00:28:50 aaron Exp $
+.\" $OpenBSD: scsi.8,v 1.16 2000/03/18 22:56:04 aaron Exp $
.\" $FreeBSD: scsi.8,v 1.5 1995/05/05 20:41:58 dufault Exp $
.\"
.\" Written By Julian ELischer
.Sh DESCRIPTION
The
.Nm
-program is used to send commands to a SCSI device. It is also
-a sample usage of the user-level SCSI commands.
+program is used to send commands to a SCSI device.
+It is also a sample usage of the user-level SCSI commands.
.Ar out_fmt
can be
.Ql -
that should be opened, i.e.,
.Pa /dev/rsd0c .
.It Fl d Ar debug_level
-Sets the SCSI kernel debug level. The kernel must have been compiled
-with the SCSIDEBUG
-option. See
+Sets the SCSI kernel debug level.
+The kernel must have been compiled with the
+.Cm SCSIDEBUG
+option.
+See
.Pa /sys/scsi/scsi_debug.h
to figure out what to set the kernel debug level to.
.Pp
.It Fl z Ar seconds
Freezes all activity on all SCSI busses for a given number of
-seconds. If
+seconds.
+If
.Fl v
is also specified, a BEL character is sent to the standard
output at the start and finish of the bus freeze.
This kernel code is not committed yet.
.Pp
.It Fl m Ar page
-Read a device mode page. The file
+Read a device mode page.
+The file
.Pa /usr/share/misc/scsi_modes
-is read to discover how to interpret the mode data. The environment
-variable
+is read to discover how to interpret the mode data.
+The environment variable
.Ev SCSI_MODES
can specify a different file to use.
.Pp
.It Fl P Ar pc
-Specify a page control field. The page control
-fields are
+Specify a page control field.
+The page control fields are
.Bd -literal -offset
0 Current Values
1 Changeable Values
.Ed
.Pp
.It Fl e
-Permits you to edit the fields. It will use the editor specified
-by your
+Permits you to edit the fields.
+It will use the editor specified by your
.Ev EDITOR
-environment variable. To store changes permanently,
-edit page control 3 using the
+environment variable.
+To store changes permanently, edit page control 3 using the
.Fl P
flag.
.Pp
.It Fl c
Permits you to send user-level SCSI commands specified on
the command line to a
-device. The command is sent using the SCIOCCOMMAND ioctl, so the
-device you are accessing must permit this ioctl. See
+device.
+The command is sent using the
+.Dv SCIOCCOMMAND
+ioctl, so the device you are accessing must permit this ioctl.
+See
.Xr scsi 4
for full details of which minor devices permit the ioctl, and
.Xr scsi 3
Indicates that this is a data out command (i.e., data will be sent from
the system to the device) with
.Ar count
-bytes of data. The data out is built up using the facilities described in
+bytes of data.
+The data out is built up using the facilities described in
.Xr scsi 3
using the provided arguments to fill in any integer variables.
.Ar out_fmt
Indicates that this is a data in command (i.e., data will be read from
the device into the system) with
.Ar count
-bytes of data read in. The information is extracted according to
+bytes of data read in.
+The information is extracted according to
.Ar in_fmt
using the facilities described in
.Xr scsi 3
The
.Ev SU_DEBUG_LEVEL
variable can be set to a non-zero integer to increase
-the level of debugging. Currently this is a on or off thing; it should
+the level of debugging.
+Currently this is a on or off thing; it should
perhaps use the ioctl to set the debug level in the kernel and then set
it back to zero at program exit.
.Pp
.Xr scsi 3 ,
.Xr scsi 4
.Sh BUGS
-Some devices respond to an inquiry for all LUNS. This will cause them
+Some devices respond to an inquiry for all LUNS.
+This will cause them
to come on line to 8 times during reprobe to different logical units.
"scsi -f /dev/rsd0c -c "4 0 0 0 0 0" permits anyone who can write to
.Pa /dev/rsd0c
-.\" $OpenBSD: shutdown.8,v 1.16 2000/01/15 07:00:43 ericj Exp $
+.\" $OpenBSD: shutdown.8,v 1.17 2000/03/18 22:56:05 aaron Exp $
.\" $NetBSD: shutdown.8,v 1.6 1995/03/18 15:01:07 cgd Exp $
.\"
.\" Copyright (c) 1988, 1991, 1993
or
.Ar yymmddhhmm ,
where the year, month, and day may be defaulted
-to the current system values. The first form brings the system down in
+to the current system values.
+The first form brings the system down in
.Ar number
minutes and the second at the absolute time specified.
.It Ar warning-message
.Pp
At intervals, becoming more frequent as apocalypse approaches
and starting at ten hours before shutdown, warning messages are displayed
-on the terminals of all users logged in. Five minutes before
+on the terminals of all users logged in.
+Five minutes before
shutdown, or immediately if shutdown is in less than 5 minutes,
logins are disabled by creating
.Pa /etc/nologin
and copying the
-warning message there. If this file exists when a user attempts to
-log in,
+warning message there.
+If this file exists when a user attempts to log in,
.Xr login 1
-prints its contents and exits. The file is
-removed just before
+prints its contents and exits.
+The file is removed just before
.Nm
exits.
.Pp
-.\" $OpenBSD: slattach.8,v 1.9 1999/09/25 16:53:39 deraadt Exp $
+.\" $OpenBSD: slattach.8,v 1.10 2000/03/18 22:56:05 aaron Exp $
.\" $NetBSD: slattach.8,v 1.12 1995/03/18 15:01:12 cgd Exp $
.\"
.\" Copyright (c) 1986, 1991, 1993
.Nm slattach :
.Bl -tag -width Ar
.It Fl h
-Turn on RTS/CTS flow control. By default, no flow control is done.
+Turn on RTS/CTS flow control.
+By default, no flow control is done.
.It Fl m
-Maintain modem control signals after closing the line. Specifically,
-this disables HUPCL.
+Maintain modem control signals after closing the line.
+Specifically, this disables HUPCL.
.It Fl s Ar baudrate
-Specifies the speed of the connection. If not specified, the
-default of 9600 is used.
+Specifies the speed of the connection.
+If not specified, the default of 9600 is used.
.It Ar ttyname
Specifies the name of the tty device.
.Ar ttyname
-.\" $OpenBSD: startkey.1,v 1.6 1999/09/23 04:12:03 alex Exp $
+.\" $OpenBSD: startkey.1,v 1.7 2000/03/18 22:56:05 aaron Exp $
+.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
.Nm
utility attempts to contact the
.Xr photurisd 8
-daemon and initialize a key exchange. The flags are:
+daemon and initialize a key exchange.
+The flags are:
.Bl -tag -width Ds
.It Fl d Ar directory
The
.Fl d
option specifies the directory in which
.Xr photurisd
-looks for its startup files. The default is
+looks for its startup files.
+The default is
.Pa /etc/photuris/ .
.El
.Pp
.Xr photuris
daemon.
.It Ic options
-The options to be used in the exchange. Possible values are
+The options to be used in the exchange.
+Possible values are
.Dq enc
and
.Dq auth .
.Ic tsrc
and
.Ic tdst
-(see below) are specified, a tunnel (IP over IP) is setup. The
+(see below) are specified, a tunnel (IP over IP) is setup.
+The
.Ic tsrc
option is a network address with netmask used for matching the source
-IP address of a packet. When both the source and the destination
+IP address of a packet.
+When both the source and the destination
addresses match their respective options the packet will be routed into the
tunnel.
.It Ic tdst
.Ic tsrc
(see above) and
.Ic tdst
-are specified, a tunnel (IP over IP) is setup. The
+are specified, a tunnel (IP over IP) is setup.
+The
.Ic tdst
option is a network address with netmask used for matching the destination
-IP address of a packet. When both the source and the destination
+IP address of a packet.
+When both the source and the destination
addresses match their respective options the packet will be routed into the
tunnel.
.It Ic exchange_lifetime
-Determines the lifetime of the exchange. After an exchange expires
+Determines the lifetime of the exchange.
+After an exchange expires
no new SPIs are created, which means the transport or tunnel is torn down
as soon as the current SPI times out (see
.Ic spi_lifetime
-below). The default value is gotten from the
+below).
+The default value is gotten from the
.Ic exchange_lifetime
parameter given in
.Pa photuris.conf .
.It Ic spi_lifetime
Determines the lifetime of each created SPI in the exchange.
.It Ic user
-The user name for whom the keying shall be done. Preconfigured
-secrets are taken from the users secret file.
+The user name for whom the keying shall be done.
+Preconfigured secrets are taken from the users secret file.
.El
.Sh EXAMPLE
startkey dst=169.200.12.23 options=auth
-.\" $OpenBSD: swapctl.8,v 1.9 2000/03/05 00:28:51 aaron Exp $
+.\" $OpenBSD: swapctl.8,v 1.10 2000/03/18 22:56:05 aaron Exp $
.\" $NetBSD: swapctl.8,v 1.14 1998/05/22 18:27:52 msaitoh Exp $
.\"
.\" Copyright (c) 1997 Matthew R. Green
file for devices and files with an
.Dq sw
type, and adds all these entries
-as swap devices. If no swap devices are configured,
+as swap devices.
+If no swap devices are configured,
.Nm
will exit with an error code.
.It Fl a
.Fl a
option requires that a
.Ar path
-also be in the argument list. The
+also be in the argument list.
+The
.Ar path
is added to the kernel's list of swap devices using the
.Xr swapctl 2
-system call. When using the
+system call.
+When using the
.Nm swapon
form of this command, the
.Fl a
.Fl p
option sets the priority of swap devices or files to the
.Ar priority
-argument. This works with the
+argument.
+This works with the
.\" .Fl d ,
.Fl a ,
.Fl c
option.
The
.Fl t
-option allows the type of device to add to be specified. An argument of
+option allows the type of device to add to be specified.
+An argument of
.Ar blk
causes all block devices in
.Pa /etc/fstab
-to be added. An argument of
+to be added.
+An argument of
.Ar noblk
causes all non-block devices in
.Pa /etc/fstab
-to be added. This option is useful in early system startup, where swapping
+to be added.
+This option is useful in early system startup, where swapping
may be needed before all file systems are available, such as during
disk checks of large file systems.
.El
.Pp
.Bl -tag -width nfsmntpt=/path -compact
.It priority=N
-This option sets the priority of the specified swap device to N. The
-highest priority is 0, second priority is 1, etc.
+This option sets the priority of the specified swap device to N.
+The highest priority is 0, second priority is 1, etc.
.It nfsmntpt=/path
-This option is useful for swapping to NFS files. It specifies
-the local mount point to mount an NFS filesystem. Typically, once
+This option is useful for swapping to NFS files.
+It specifies the local mount point to mount an NFS filesystem.
+Typically, once
this mount has succeeded, the file to be used for swapping on will
-be available under this point mount. For example:
+be available under this point mount.
+For example:
.Bd -literal
server:/export/swap/client none swap sw,nfsmntpt=/swap
.Ed
if (more likely when) it runs out of real memory.
.Pp
Local and remote swap files cannot be configured until after the file
-systems they reside on are mounted read/write. The system startup
-scripts need to
+systems they reside on are mounted read/write.
+The system startup scripts need to
.Xr fsck 8
-all local file systems before this can happen. This process requires
-substantial amounts of memory on some systems. If you configure no
+all local file systems before this can happen.
+This process requires substantial amounts of memory on some systems.
+If you configure no
local block swap devices on a machine that has local file systems to
check and rely only on swap files, the machine will have no swap space
at all during system
-.\" $OpenBSD: sysctl.8,v 1.43 2000/01/21 02:53:06 angelos Exp $
+.\" $OpenBSD: sysctl.8,v 1.44 2000/03/18 22:56:05 aaron Exp $
.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
.\"
.\" Copyright (c) 1993
.Ed
.Pp
Set the list of reserved TCP ports that should not be allocated
-by the kernel dynamically. This can be used to keep daemons
+by the kernel dynamically.
+This can be used to keep daemons
from stealing a specific port that another program needs to function.
List elements may be separated by commas and/or whitespace.
.Bd -literal -offset indent -compact
-.\" $OpenBSD: ttyflags.8,v 1.7 1998/12/15 01:20:45 aaron Exp $
+.\" $OpenBSD: ttyflags.8,v 1.8 2000/03/18 22:56:05 aaron Exp $
.\" $NetBSD: ttyflags.8,v 1.2 1995/03/18 15:01:22 cgd Exp $
.\"
.\" Copyright (c) 1994 Christopher G. Demetriou
.Ar tty
arguments are optional, but must not be specified if the
.Fl a
-flag is used. If specified, the
+flag is used.
+If specified, the
.Ar tty
arguments should be the base names of
the ttys, as found in
-.\" $OpenBSD: tunefs.8,v 1.13 1999/05/29 01:50:18 aaron Exp $
+.\" $OpenBSD: tunefs.8,v 1.14 2000/03/18 22:56:06 aaron Exp $
.\" $NetBSD: tunefs.8,v 1.8 1995/03/18 15:01:29 cgd Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
given below:
.Bl -tag -width Ds
.It Fl A
-The file system has several backups of the super-block. Specifying
-this option will cause all backups to be modified as well as the
-primary super-block. This is potentially dangerous - use with caution.
+The file system has several backups of the super-block.
+Specifying this option will cause all backups to be modified as well as the
+primary super-block.
+This is potentially dangerous - use with caution.
.It Fl a Ar maxcontig
This specifies the maximum number of contiguous blocks that will
be laid out before forcing a rotational delay (see
the file system can be optimized for time.
.It Fl p
This option shows a summary of what the current tuneable settings
-are on the selected file system. More detailed information can be
-obtained in the
+are on the selected file system.
+More detailed information can be obtained in the
.Xr dumpfs 8
manual page.
.It Fl s Ar enable_or_disable
-This option enables soft updates on the file system. Soft updates
+This option enables soft updates on the file system.
+Soft updates
eliminates most synchronous writes to disk by maintaining
-a partial order of writes to the disk. This significantly improves
+a partial order of writes to the disk.
+This significantly improves
meta-data operations (file creation and deletion) at the expense of
subjecting them to the same potential 30-second delay as file data.
Recovery is made simpler, however, by maintaining a strict ordering of
-.\" $OpenBSD: wicontrol.8,v 1.7 2000/03/02 18:50:00 ho Exp $
+.\" $OpenBSD: wicontrol.8,v 1.8 2000/03/18 22:56:06 aaron Exp $
.\"
.\" Copyright (c) 1997, 1998, 1999
.\" Bill Paul <wpaul@ctr.columbia.edu> All rights reserved.
.Xr wi 4
and
.Xr awi 4
-drivers. Most of the parameters that can be changed relate to the
-IEEE 802.11 protocol which the WaveLAN implements. This includes
+drivers.
+Most of the parameters that can be changed relate to the
+IEEE 802.11 protocol which the WaveLAN implements.
+This includes
the station name, whether the station is operating in ad-hoc (point
to point) or BSS (service set) mode, and the network name of a service
set to join (IBSS) if BSS mode is enabled.
Display the statistics counters for the specified WaveLAN/IEEE
interface.
.It Fl e Ar 0|1
-Enable or disable WEP encryption. Permitted values are
+Enable or disable WEP encryption.
+Permitted values are
.Ar 0
(encryption disabled) or
.Ar 1
-(encryption enabled). Encryption is off by default.
+(encryption enabled).
+Encryption is off by default.
.It Fl k Ar key "[ -v 1|2|3|4 ]"
-Set WEP encryption keys. There are four default encryption keys that can be
-programmed. A specific key can be set using the
+Set WEP encryption keys.
+There are four default encryption keys that can be programmed.
+A specific key can be set using the
.Fl v
-flag. If the
+flag.
+If the
.Fl v
-flag is not specified, the first key will be set. Encryption keys can either
+flag is not specified, the first key will be set.
+Encryption keys can either
be normal text (i.e., "hello") or a series of hexadecimal digits
-(i.e., "0x1234512345"). For WaveLAN Silver cards, the key is
+(i.e., "0x1234512345").
+For WaveLAN Silver cards, the key is
restricted to 40 bits, hence the key can be either a 5-character text string
-or 10 hexadecimal digits. For WaveLAN Gold cards, the key can be up to
+or 10 hexadecimal digits.
+For WaveLAN Gold cards, the key can be up to
128 bits, which means the key can be specified as either a 16-character
text string or 32 hexadecimal digits.
.It Fl T Ar 1|2|3|4
Specify which of the four WEP encryption keys will be used to encrypt
transmitted packets.
.It Fl t Ar tx rate
-Set the transmit rate of the specified interface. The legal values
+Set the transmit rate of the specified interface.
+The legal values
for the transmit rate vary depending on whether the interface is a
-standard WaveLAN/IEEE or a WaveLAN/IEEE Turbo adapter. The standard
+standard WaveLAN/IEEE or a WaveLAN/IEEE Turbo adapter.
+The standard
NICs support a maximum transmit rate of 2Mbps while the turbo NICs
-support a maximum speed of 6Mbps. The following table shows the
+support a maximum speed of 6Mbps.
+The following table shows the
legal transmit rate settings and the corresponding transmit speeds:
.Bd -filled -offset indent
.Bl -column "TX rate " "NIC speed "
.El
.Ed
.Pp
-The standard NICs support only settings 1 through 3. Turbo NICs support
-all the above listed speed settings.
+The standard NICs support only settings 1 through 3.
+Turbo NICs support all the above listed speed settings.
The default driver setting is 3 (auto rate select).
.It Fl n Ar network name
-Set the name of the service set (IBSS) that this station wishes to
-join. The
+Set the name of the service set (IBSS) that this station wishes to join.
+The
.Ar network name
-can be any text string up to 30 characters in length. The default name
+can be any text string up to 30 characters in length.
+The default name
is the empty string which should allow the station to connect to the first
-available access point. The interface should be set for BSS mode using
-the
+available access point.
+The interface should be set for BSS mode using the
.Fl p
flag in order for this to work.
.It Fl s Ar station name
Sets the
.Ar station name
-for the specified interface. The
+for the specified interface.
+The
.Ar station name
-is used for diagnostic purposes. The Lucent WaveMANAGER sofware can
-poll the names of remote hosts.
+is used for diagnostic purposes.
+The Lucent WaveMANAGER sofware can poll the names of remote hosts.
.It Fl c Ar 0|1
-Allow the station to create a service set (IBSS). Permitted values
-are 0 (don't create IBSS) and 1 (enable creation of IBSS). The default
-is 0.
+Allow the station to create a service set (IBSS).
+Permitted values are 0 (don't create IBSS) and 1 (enable creation of IBSS).
+The default is 0.
.Pp
Note: this option is provided for experimental purposes only: enabling
the creation of an IBSS on a host system doesn't appear to actually work.
.It Fl p Ar port type
Set the
.Ar port type
-for a specified interface. The legal values for
+for a specified interface.
+The legal values for
.Ar port type
-are 1 (BSS mode) and 3 (ad-hoc) mode. In ad-hoc mode, the station can
+are 1 (BSS mode) and 3 (ad-hoc) mode.
+In ad-hoc mode, the station can
communicate directly with any other stations within direct radio range
-(provided that they are also operating in ad-hoc mode). In BSS mode,
+(provided that they are also operating in ad-hoc mode).
+In BSS mode,
hosts must associate with a service set controlled by an access point,
-which relays traffic between end stations. The default setting is 3
-(ad-hoc mode).
+which relays traffic between end stations.
+The default setting is 3 (ad-hoc mode).
.It Fl a Ar access_point_density
Specify the
.Ar access point density
-for a given interface. Legal values are 1 (low), 2 (medium) and 3 (high).
+for a given interface.
+Legal values are 1 (low), 2 (medium) and 3 (high).
This setting influences some of the radio modem threshold settings.
.It Fl m Ar MAC address
-Set the station address for the specified interface. The
+Set the station address for the specified interface.
+The
.Ar MAC address
is specified as a series of six hexadecimal values separated by colons,
-e.g.: 00:60:1d:12:34:56. This programs the new address into the card
-and updates the interface as well.
+e.g.: 00:60:1d:12:34:56.
+This programs the new address into the card and updates the interface as well.
.It Fl d Ar max_data_length
Set the maximum receive and transmit frame size for a specified interface.
The
.Ar max data length
-can be any number from 350 to 2304. The default is 2304.
+can be any number from 350 to 2304.
+The default is 2304.
.It Fl r Ar RTS threshold
-Set the RTS/CTS threshold for a given interface. This controls the
-number of bytes used for the RTS/CTS handshake boundary. The
+Set the RTS/CTS threshold for a given interface.
+This controls the number of bytes used for the RTS/CTS handshake boundary.
+The
.Ar RTS threshold
-can be any value between 0 and 2047. The default is 2347.
+can be any value between 0 and 2047.
+The default is 2347.
.It Fl f Ar frequency
-Set the radio frequency of a given interface. The
+Set the radio frequency of a given interface.
+The
.Ar frequency
-should be specfied as a channel ID as shown in the table below. The
-list of available frequencies is dependent on radio regulations specified
-by regional authorities. Recognized regulatory authorities include
-the FCC (United States), ETSI (Europe), France and Japan. Frequencies
-in the table are specified in Mhz.
+should be specfied as a channel ID as shown in the table below.
+The list of available frequencies is dependent on radio regulations specified
+by regional authorities.
+Recognized regulatory authorities include
+the FCC (United States), ETSI (Europe), France and Japan.
+Frequencies in the table are specified in Mhz.
.Bd -filled -offset indent
.Bl -column "Channel ID " "FCC " "ETSI " "France " "Japan "
.Em "Channel ID FCC ETSI France Japan"
.Ed
.Pp
If an illegal channel is specified, the
-NIC will revert to its default channel. For NICs sold in the United States
-and Europe, the default channel is 3. For NICs sold in France, the default
-channel is 11. For NICs sold in Japan, the only available channel is 14.
+NIC will revert to its default channel.
+For NICs sold in the United States and Europe, the default channel is 3.
+For NICs sold in France, the default channel is 11.
+For NICs sold in Japan, the only available channel is 14.
Note that two stations must be set to the same channel in order to
communicate.
.It Fl P Ar 0|1
-Enable or disable power management on a given interface. Enabling
-power management uses an alternating sleep/wake protocol to help
+Enable or disable power management on a given interface.
+Enabling power management uses an alternating sleep/wake protocol to help
conserve power on mobile stations, at the cost of some increased
-receive latency. Power management is off by default. Note that power
+receive latency.
+Power management is off by default.
+Note that power
management requires the cooperation of an access point in order to
-function; it is not functional in ad-hoc mode. Also, power management
+function; it is not functional in ad-hoc mode.
+Also, power management
is only implemented in Lucent WavePOINT firmware version 2.03 or
-later, and in WaveLAN PCMCIA adapter firmware 2.00 or later. Older
-revisions will silently ignore the power management setting. Legal
-values for this parameter are 0 (off) and 1 (on).
+later, and in WaveLAN PCMCIA adapter firmware 2.00 or later.
+Older revisions will silently ignore the power management setting.
+Legal values for this parameter are 0 (off) and 1 (on).
.It Fl S Ar max sleep interval
Specify the sleep interval to use when power management is enabled.
The
.Are max sleep interval
-is specified in milliseconds. The default is 100.
+is specified in milliseconds.
+The default is 100.
.El
.Sh SEE ALSO
.Xr awi 4 ,
projects / openbsd / commitdiff