Markup fixes.
This commit is contained in:
parent
b31a663480
commit
a73a3ab56b
@ -399,7 +399,8 @@ extensions can store all of the data from
|
||||
.Va struct stat .
|
||||
.It Cm LIBARCHIVE.xattr. Ns Ar namespace Ns . Ns Ar key
|
||||
Libarchive stores POSIX.1e-style extended attributes using
|
||||
keys of this form. The
|
||||
keys of this form.
|
||||
The
|
||||
.Ar key
|
||||
value is URL-encoded:
|
||||
All non-ASCII characters and the two special characters
|
||||
|
@ -32,7 +32,7 @@
|
||||
.\" @(#)pwcache.3 8.1 (Berkeley) 6/9/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd Dd March 22, 2002
|
||||
.Dd March 22, 2002
|
||||
.Dt PWCACHE 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -243,7 +243,7 @@ The following sequences are used to represent the indicated characters:
|
||||
.Dv NL No (012)
|
||||
.It Li \er
|
||||
.Dv CR No (015)
|
||||
.It Li \es
|
||||
.It Li \es
|
||||
.Dv SP No (040)
|
||||
.It Li \et
|
||||
.Dv HT No (011)
|
||||
|
@ -57,12 +57,12 @@ will set up the specified debug registers as indicated by the
|
||||
arguments.
|
||||
The
|
||||
.Fa watchnum
|
||||
argument specifies which watch register is used, 0, 1, 2, 3, or -1.
|
||||
argument specifies which watch register is used, 0, 1, 2, 3, or \-1.
|
||||
If
|
||||
.Fa watchnum
|
||||
is -1, a free watch register is found and used.
|
||||
is \-1, a free watch register is found and used.
|
||||
If there are no free
|
||||
watch registers, an error code of -1 is returned.
|
||||
watch registers, an error code of \-1 is returned.
|
||||
The
|
||||
.Fa watchaddr
|
||||
argument
|
||||
@ -89,7 +89,7 @@ to retrieve and install the debug register values for a process.
|
||||
On success, the
|
||||
.Fn i386_clr_watch
|
||||
function returns 0.
|
||||
On error, -1 returned which indicates that
|
||||
On error, \-1 returned which indicates that
|
||||
.Fa watchnum
|
||||
is invalid (not in the range of 0-3).
|
||||
If the specified watchnum was already disabled, no error is returned.
|
||||
@ -100,10 +100,10 @@ function returns the
|
||||
.Fa watchnum
|
||||
argument, or the watchnum actually used in the case where the specified
|
||||
.Fa watchnum
|
||||
was -1.
|
||||
was \-1.
|
||||
On error, the
|
||||
.Fn i386_set_watch
|
||||
function returns -1 indicating that the watchpoint could not established
|
||||
function returns \-1 indicating that the watchpoint could not established
|
||||
because either no more watchpoints are available, or
|
||||
.Fa watchnum ,
|
||||
.Fa size ,
|
||||
|
@ -18,7 +18,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd December 20, 2004
|
||||
.Dd May 21, 2006
|
||||
.Dt GAI_STRERROR 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -32,7 +32,7 @@
|
||||
.\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd May 25, 1995
|
||||
.Dd May 12, 2006
|
||||
.Dt GETHOSTBYNAME 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -101,7 +101,7 @@ If you set the timeout value to 0,
|
||||
immediately returns an error
|
||||
.Pq Dv RPC_TIMEDOUT .
|
||||
Set the timeout argument to 0 for batching calls.
|
||||
.Bl -column CLSET_FD_NCLOSE "struct timeval *" "do not close fd on destroy"
|
||||
.Bl -column CLSET_FD_NCLOSE "struct timeval *"
|
||||
.It Dv CLGET_SVC_ADDR Ta "struct netbuf *" Ta "get servers address"
|
||||
.It Dv CLGET_FD Ta "int *" Ta "get fd from handle"
|
||||
.It Dv CLSET_FD_CLOSE Ta "void" Ta "close fd on destroy"
|
||||
|
@ -36,7 +36,7 @@
|
||||
.\" @(#)fclose.3 8.1 (Berkeley) 6/4/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd June 4, 1993
|
||||
.Dd April 22, 2006
|
||||
.Dt FCLOSE 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -143,8 +143,9 @@ function returns the usable size of the allocation pointed to by
|
||||
.Fa ptr .
|
||||
The return value may be larger than the size that was requested during
|
||||
allocation.
|
||||
The
|
||||
.Fn malloc_usable_size
|
||||
is not a mechanism for in-place
|
||||
function is not a mechanism for in-place
|
||||
.Fn realloc ;
|
||||
rather it is provided solely as a tool for introspection purposes.
|
||||
Any discrepancy between the requested allocation size and the size reported by
|
||||
@ -177,7 +178,7 @@ The process will call
|
||||
.Xr abort 3
|
||||
in these cases.
|
||||
.It H
|
||||
Use
|
||||
Use
|
||||
.Xr madvise 2
|
||||
when pages within a chunk are no longer in use, but the chunk as a whole cannot
|
||||
yet be deallocated.
|
||||
@ -263,7 +264,7 @@ Each byte of new memory allocated by
|
||||
.Fn realloc
|
||||
or
|
||||
.Fn reallocf
|
||||
will be initialized to 0x0.
|
||||
will be initialized to 0.
|
||||
Note that this initialization only happens once for each byte, so
|
||||
.Fn realloc
|
||||
and
|
||||
@ -279,48 +280,6 @@ and
|
||||
options are intended for testing and debugging.
|
||||
An application which changes its behavior when these options are used
|
||||
is flawed.
|
||||
.Sh RETURN VALUES
|
||||
The
|
||||
.Fn malloc
|
||||
and
|
||||
.Fn calloc
|
||||
functions return a pointer to the allocated memory if successful; otherwise
|
||||
a
|
||||
.Dv NULL
|
||||
pointer is returned and
|
||||
.Va errno
|
||||
is set to
|
||||
.Er ENOMEM .
|
||||
.Pp
|
||||
The
|
||||
.Fn realloc
|
||||
and
|
||||
.Fn reallocf
|
||||
functions return a pointer, possibly identical to
|
||||
.Fa ptr ,
|
||||
to the allocated memory
|
||||
if successful; otherwise a
|
||||
.Dv NULL
|
||||
pointer is returned, and
|
||||
.Va errno
|
||||
is set to
|
||||
.Er ENOMEM
|
||||
if the error was the result of an allocation failure.
|
||||
The
|
||||
.Fn realloc
|
||||
function always leaves the original buffer intact
|
||||
when an error occurs, whereas
|
||||
.Fn reallocf
|
||||
deallocates it in this case.
|
||||
.Pp
|
||||
The
|
||||
.Fn free
|
||||
function returns no value.
|
||||
.Pp
|
||||
The
|
||||
.Fn malloc_usable_size
|
||||
function returns the usable size of the allocation pointed to by
|
||||
.Fa ptr .
|
||||
.Sh IMPLEMENTATION NOTES
|
||||
This allocator uses multiple arenas in order to reduce lock contention for
|
||||
threaded programs on multi-processor systems.
|
||||
@ -353,7 +312,7 @@ Allocation requests that are larger than the maximum quantum-multiple size
|
||||
class, but no larger than one half of a page, are rounded up to the nearest
|
||||
power of two.
|
||||
Allocation requests that are larger than half of a page, but no larger than half
|
||||
of a chunk (see the
|
||||
of a chunk (see the
|
||||
.Dq K
|
||||
option), are rounded up to the nearest run size.
|
||||
Allocation requests that are larger than half of a chunk are rounded up to the
|
||||
@ -402,7 +361,8 @@ which focus on detecting and pinpointing problems by trading performance for
|
||||
extra sanity checks and detailed diagnostics.
|
||||
.Sh DIAGNOSTIC MESSAGES
|
||||
If any of the memory allocation/deallocation functions detect an error or
|
||||
warning condition, a message will be printed to file descriptor STDERR_FILENO.
|
||||
warning condition, a message will be printed to file descriptor
|
||||
.Dv STDERR_FILENO .
|
||||
Errors will result in the process dumping core.
|
||||
If the
|
||||
.Dq A
|
||||
@ -418,10 +378,50 @@ file descriptor is not suitable for this.
|
||||
Please note that doing anything which tries to allocate memory in
|
||||
this function is likely to result in a crash or deadlock.
|
||||
.Pp
|
||||
All messages are prefixed by:
|
||||
.Bl -diag
|
||||
.It <progname>: (malloc)
|
||||
.El
|
||||
All messages are prefixed by
|
||||
.Dq Ao Ar progname Ac Ns Li : (malloc) .
|
||||
.Sh RETURN VALUES
|
||||
The
|
||||
.Fn malloc
|
||||
and
|
||||
.Fn calloc
|
||||
functions return a pointer to the allocated memory if successful; otherwise
|
||||
a
|
||||
.Dv NULL
|
||||
pointer is returned and
|
||||
.Va errno
|
||||
is set to
|
||||
.Er ENOMEM .
|
||||
.Pp
|
||||
The
|
||||
.Fn realloc
|
||||
and
|
||||
.Fn reallocf
|
||||
functions return a pointer, possibly identical to
|
||||
.Fa ptr ,
|
||||
to the allocated memory
|
||||
if successful; otherwise a
|
||||
.Dv NULL
|
||||
pointer is returned, and
|
||||
.Va errno
|
||||
is set to
|
||||
.Er ENOMEM
|
||||
if the error was the result of an allocation failure.
|
||||
The
|
||||
.Fn realloc
|
||||
function always leaves the original buffer intact
|
||||
when an error occurs, whereas
|
||||
.Fn reallocf
|
||||
deallocates it in this case.
|
||||
.Pp
|
||||
The
|
||||
.Fn free
|
||||
function returns no value.
|
||||
.Pp
|
||||
The
|
||||
.Fn malloc_usable_size
|
||||
function returns the usable size of the allocation pointed to by
|
||||
.Fa ptr .
|
||||
.Sh ENVIRONMENT
|
||||
The following environment variables affect the execution of the allocation
|
||||
functions:
|
||||
|
@ -32,7 +32,7 @@
|
||||
.\" @(#)chflags.2 8.3 (Berkeley) 5/2/95
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd May 5, 2002
|
||||
.Dd May 16, 2006
|
||||
.Dt CHFLAGS 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -74,34 +74,33 @@ The flags specified are formed by
|
||||
.Em or Ns 'ing
|
||||
the following values
|
||||
.Pp
|
||||
.Bl -tag -width "SF_IMMUTABLE" -compact -offset indent
|
||||
.It UF_NODUMP
|
||||
.Bl -tag -width ".Dv SF_IMMUTABLE" -compact -offset indent
|
||||
.It Dv UF_NODUMP
|
||||
Do not dump the file.
|
||||
.It UF_IMMUTABLE
|
||||
.It Dv UF_IMMUTABLE
|
||||
The file may not be changed.
|
||||
.It UF_APPEND
|
||||
.It Dv UF_APPEND
|
||||
The file may only be appended to.
|
||||
.It UF_NOUNLINK
|
||||
.It Dv UF_NOUNLINK
|
||||
The file may not be renamed or deleted.
|
||||
.It UF_OPAQUE
|
||||
.It Dv UF_OPAQUE
|
||||
The directory is opaque when viewed through a union stack.
|
||||
.It SF_ARCHIVED
|
||||
.It Dv SF_ARCHIVED
|
||||
The file may be archived.
|
||||
.It SF_IMMUTABLE
|
||||
.It Dv SF_IMMUTABLE
|
||||
The file may not be changed.
|
||||
.It SF_APPEND
|
||||
.It Dv SF_APPEND
|
||||
The file may only be appended to.
|
||||
.It SF_NOUNLINK
|
||||
.It Dv SF_NOUNLINK
|
||||
The file may not be renamed or deleted.
|
||||
.It SF_SNAPSHOT
|
||||
.It Dv SF_SNAPSHOT
|
||||
The file is a snapshot file.
|
||||
.El
|
||||
.Pp
|
||||
If one of
|
||||
.Dq SF_IMMUTABLE ,
|
||||
.Dq SF_APPEND ,
|
||||
If one of
|
||||
.Dv SF_IMMUTABLE , SF_APPEND ,
|
||||
or
|
||||
.Dq SF_NOUNLINK
|
||||
.Dv SF_NOUNLINK
|
||||
is set a non-super-user cannot change any flags and even the super-user
|
||||
can change flags only if securelevel is greater than 0.
|
||||
(See
|
||||
@ -109,20 +108,15 @@ can change flags only if securelevel is greater than 0.
|
||||
for details.)
|
||||
.Pp
|
||||
The
|
||||
.Dq UF_IMMUTABLE ,
|
||||
.Dq UF_APPEND ,
|
||||
.Dq UF_NOUNLINK ,
|
||||
.Dq UF_NODUMP ,
|
||||
.Dv UF_IMMUTABLE , UF_APPEND , UF_NOUNLINK , UF_NODUMP ,
|
||||
and
|
||||
.Dq UF_OPAQUE
|
||||
.Dv UF_OPAQUE
|
||||
flags may be set or unset by either the owner of a file or the super-user.
|
||||
.Pp
|
||||
The
|
||||
.Dq SF_IMMUTABLE ,
|
||||
.Dq SF_APPEND ,
|
||||
.Dq SF_NOUNLINK ,
|
||||
.Dv SF_IMMUTABLE , SF_APPEND , SF_NOUNLINK ,
|
||||
and
|
||||
.Dq SF_ARCHIVED
|
||||
.Dv SF_ARCHIVED
|
||||
flags may only be set or unset by the super-user.
|
||||
Attempts to set these flags by non-super-users are rejected, attempts by
|
||||
non-superusers to clear flags that are already unset are silently ignored.
|
||||
@ -133,7 +127,7 @@ the system is in single-user mode.
|
||||
for details.)
|
||||
.Pp
|
||||
The
|
||||
.Dq SF_SNAPSHOT
|
||||
.Dv SF_SNAPSHOT
|
||||
flag is maintained by the system and cannot be changed by any user.
|
||||
.Sh RETURN VALUES
|
||||
.Rv -std
|
||||
@ -158,18 +152,16 @@ The effective user ID does not match the owner of the file and
|
||||
the effective user ID is not the super-user.
|
||||
.It Bq Er EPERM
|
||||
One of
|
||||
.Dq SF_IMMUTABLE ,
|
||||
.Dq SF_APPEND ,
|
||||
.Dv SF_IMMUTABLE , SF_APPEND ,
|
||||
or
|
||||
.Dq SF_NOUNLINK
|
||||
.Dv SF_NOUNLINK
|
||||
is set and the user is either not the super-user or
|
||||
securelevel is greater than 0.
|
||||
.It Bq Er EPERM
|
||||
A non-super-user tries to set one of
|
||||
.Dq SF_IMMUTABLE ,
|
||||
.Dq SF_APPEND ,
|
||||
.Dv SF_IMMUTABLE , SF_APPEND ,
|
||||
or
|
||||
.Dq SF_NOUNLINK .
|
||||
.Dv SF_NOUNLINK .
|
||||
.It Bq Er EROFS
|
||||
The named file resides on a read-only file system.
|
||||
.It Bq Er EFAULT
|
||||
@ -201,18 +193,16 @@ The effective user ID does not match the owner of the file and
|
||||
the effective user ID is not the super-user.
|
||||
.It Bq Er EPERM
|
||||
One of
|
||||
.Dq SF_IMMUTABLE ,
|
||||
.Dq SF_APPEND ,
|
||||
.Dv SF_IMMUTABLE , SF_APPEND ,
|
||||
or
|
||||
.Dq SF_NOUNLINK
|
||||
.Dv SF_NOUNLINK
|
||||
is set and the user is either not the super-user or
|
||||
securelevel is greater than 0.
|
||||
.It Bq Er EPERM
|
||||
A non-super-user tries to set one of
|
||||
.Dq SF_IMMUTABLE ,
|
||||
.Dq SF_APPEND ,
|
||||
.Dv SF_IMMUTABLE , SF_APPEND ,
|
||||
or
|
||||
.Dq SF_NOUNLINK .
|
||||
.Dv SF_NOUNLINK .
|
||||
.It Bq Er EROFS
|
||||
The file resides on a read-only file system.
|
||||
.It Bq Er EIO
|
||||
|
@ -63,13 +63,20 @@ which is specified by
|
||||
The
|
||||
.Fa clock_id
|
||||
argument
|
||||
can be one of four values: CLOCK_REALTIME for time that increments as
|
||||
a wall clock should, CLOCK_MONOTONIC which increments in SI seconds,
|
||||
CLOCK_UPTIME which starts at zero when the kernel boots and increments
|
||||
can be one of five values:
|
||||
.Dv CLOCK_REALTIME
|
||||
for time that increments as
|
||||
a wall clock should,
|
||||
.Dv CLOCK_MONOTONIC
|
||||
which increments in SI seconds,
|
||||
.Dv CLOCK_UPTIME
|
||||
which starts at zero when the kernel boots and increments
|
||||
monotonically in SI seconds while the machine is running,
|
||||
CLOCK_VIRTUAL for time that increments only when
|
||||
.Dv CLOCK_VIRTUAL
|
||||
for time that increments only when
|
||||
the CPU is running in user mode on behalf of the calling process, or
|
||||
CLOCK_PROF for time that increments when the CPU is running in user or
|
||||
.Dv CLOCK_PROF
|
||||
for time that increments when the CPU is running in user or
|
||||
kernel mode.
|
||||
.Pp
|
||||
The structure pointed to by
|
||||
|
@ -32,7 +32,7 @@
|
||||
.\" @(#)connect.2 8.1 (Berkeley) 6/4/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd June 4, 1993
|
||||
.Dd August 16, 2006
|
||||
.Dt CONNECT 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -131,13 +131,14 @@ constant or the
|
||||
.Dv INADDR_NONE
|
||||
return value) through a socket that does not provide broadcast functionality.
|
||||
.It Bq Er EAGAIN
|
||||
An auto-assigned port number was requested but no auto-assigned ports
|
||||
are available. Increasing the port range specified by
|
||||
An auto-assigned port number was requested but no auto-assigned ports
|
||||
are available.
|
||||
Increasing the port range specified by
|
||||
.Xr sysctl 3
|
||||
MIB variables
|
||||
.Dq Va net.inet.ip.portrange.first
|
||||
.Va net.inet.ip.portrange.first
|
||||
and
|
||||
.Dq Va net.inet.ip.portrange.last
|
||||
.Va net.inet.ip.portrange.last
|
||||
may alleviate the problem.
|
||||
.El
|
||||
.Pp
|
||||
|
@ -163,7 +163,10 @@ and set with
|
||||
.It Dv SO_SNDTIMEO Ta "set timeout value for output"
|
||||
.It Dv SO_RCVTIMEO Ta "set timeout value for input"
|
||||
.It Dv SO_ACCEPTFILTER Ta "set accept filter on listening socket"
|
||||
.It Dv SO_NOSIGPIPE Ta "controls generation of SIGPIPE for the socket"
|
||||
.It Dv SO_NOSIGPIPE Ta
|
||||
controls generation of
|
||||
.Dv SIGPIPE
|
||||
for the socket
|
||||
.It Dv SO_TYPE Ta "get the type of the socket (get only)"
|
||||
.It Dv SO_ERROR Ta "get and clear error on the socket (get only)"
|
||||
.El
|
||||
@ -359,7 +362,9 @@ of NULL will remove the filter.
|
||||
.Pp
|
||||
The
|
||||
.Dv SO_NOSIGPIPE
|
||||
option controls generation of the SIGPIPE signal normally sent
|
||||
option controls generation of the
|
||||
.Dv SIGPIPE
|
||||
signal normally sent
|
||||
when writing to a connected socket where the other end has been
|
||||
closed returns with the error
|
||||
.Er EPIPE .
|
||||
|
@ -43,12 +43,12 @@ The
|
||||
.Fn kldnext
|
||||
system call
|
||||
returns the fileid of the next kld file (that is, the one after
|
||||
.Va fileid )
|
||||
.Fa fileid )
|
||||
or 0 if
|
||||
.Va fileid
|
||||
.Fa fileid
|
||||
is the last file loaded.
|
||||
To get the fileid of the first kld file, pass
|
||||
.Va fileid
|
||||
.Fa fileid
|
||||
of 0 to
|
||||
.Fn kldnext .
|
||||
.Sh RETURN VALUES
|
||||
@ -67,7 +67,7 @@ The only error set by
|
||||
is
|
||||
.Er ENOENT ,
|
||||
which is set when
|
||||
.Va fileid
|
||||
.Fa fileid
|
||||
refers to a kld file that does not exist (is not loaded).
|
||||
.Sh SEE ALSO
|
||||
.Xr kldfind 2 ,
|
||||
|
@ -24,7 +24,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd June 4, 2005
|
||||
.Dd August 25, 2006
|
||||
.Dt KQUEUE 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -106,7 +106,7 @@ of service attacks are no longer necessary.
|
||||
The
|
||||
.Xr sysctl 3
|
||||
MIB variable
|
||||
.Dq Va kern.ipc.somaxconn
|
||||
.Va kern.ipc.somaxconn
|
||||
specifies a hard limit on
|
||||
.Fa backlog ;
|
||||
if a value greater than
|
||||
|
@ -353,7 +353,8 @@ is limited to the maximum file size or available userland address
|
||||
space.
|
||||
Files may not be able to be made more than 1TB large on 32 bit systems
|
||||
due to file systems restrictions and bugs, but address space is far more
|
||||
restrictive. Larger files may be possible on 64 bit systems.
|
||||
restrictive.
|
||||
Larger files may be possible on 64 bit systems.
|
||||
.Pp
|
||||
The previous documented limit of 2GB was a documentation bug.
|
||||
That limit has not existed since
|
||||
|
@ -32,7 +32,7 @@
|
||||
.\" @(#)open.2 8.2 (Berkeley) 11/16/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd November 16, 1993
|
||||
.Dd January 10, 2006
|
||||
.Dt OPEN 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -174,10 +174,10 @@ controlling terminal when it opens a tty device.
|
||||
This is the default on
|
||||
.Fx ,
|
||||
but is present for
|
||||
.Tn POSIX
|
||||
.Tn POSIX
|
||||
compatibility.
|
||||
The
|
||||
.Fn open
|
||||
.Fn open
|
||||
system call will not assign controlling terminals on
|
||||
.Fx .
|
||||
.Pp
|
||||
|
@ -134,13 +134,15 @@ does not exist.
|
||||
.Xr sigwait 2 ,
|
||||
.Xr sigwaitinfo 2 ,
|
||||
.Xr pause 3 ,
|
||||
.Xr pthread_sigmask 3
|
||||
.Xr pthread_sigmask 3 ,
|
||||
.Xr siginfo 3
|
||||
.Sh STANDARDS
|
||||
The
|
||||
.Fn sigqueue
|
||||
system call conforms to
|
||||
.St -p1003.1-2004
|
||||
.St -p1003.1-2004
|
||||
.Sh HISTORY
|
||||
Support for POSIX realtime signal queue first appeared in
|
||||
Support for
|
||||
.Tn POSIX
|
||||
realtime signal queue first appeared in
|
||||
.Fx 7.0 .
|
||||
|
@ -158,5 +158,7 @@ The
|
||||
system call conforms to
|
||||
.St -p1003.1-2004
|
||||
.Sh HISTORY
|
||||
Support for POSIX per-process timer first appeared in
|
||||
Support for
|
||||
.Tn POSIX
|
||||
per-process timer first appeared in
|
||||
.Fx 7.0 .
|
||||
|
@ -74,5 +74,7 @@ The
|
||||
system call conforms to
|
||||
.St -p1003.1-2004
|
||||
.Sh HISTORY
|
||||
Support for POSIX per-process timer first appeared in
|
||||
Support for
|
||||
.Tn POSIX
|
||||
per-process timer first appeared in
|
||||
.Fx 7.0 .
|
||||
|
@ -259,5 +259,7 @@ and
|
||||
system calls conform to
|
||||
.St -p1003.1-2004
|
||||
.Sh HISTORY
|
||||
Support for POSIX per-process timer first appeared in
|
||||
Support for
|
||||
.Tn POSIX
|
||||
per-process timer first appeared in
|
||||
.Fx 7.0 .
|
||||
|
@ -180,7 +180,7 @@ The
|
||||
argument
|
||||
points outside the process's allocated address space.
|
||||
.It Bq Er EINVAL
|
||||
The
|
||||
The
|
||||
.Va tv_usec
|
||||
component of at least one of the values specified by the
|
||||
.Fa times
|
||||
|
@ -63,7 +63,7 @@
|
||||
.Ft int
|
||||
.Fo devinfo_foreach_device_resource
|
||||
.Fa "struct devinfo_dev *dev"
|
||||
.Fa "int \*[lp]*fn\*[rp]\*[lp]struct devinfo_dev *dev, struct devinfo_res *res, void *arg\*[rp]"
|
||||
.Fa "int \*[lp]*fn\*[rp]\*[lp]struct devinfo_dev *dev, \:struct devinfo_res *res, void *arg\*[rp]"
|
||||
.Fa "void *arg"
|
||||
.Fc
|
||||
.Ft int
|
||||
|
@ -51,13 +51,13 @@
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Fn ipsec_set_policy
|
||||
function generates an IPsec policy specification structure,
|
||||
function generates an IPsec policy specification structure,
|
||||
.Li struct sadb_x_policy
|
||||
and/or
|
||||
.Li struct sadb_x_ipsecrequest
|
||||
from a human-readable policy specification.
|
||||
The policy specification must be given as a C string,
|
||||
passed in the
|
||||
The policy specification must be given as a C string,
|
||||
passed in the
|
||||
.Fa policy
|
||||
argument and the length of the string, given as
|
||||
.Fa len .
|
||||
@ -66,7 +66,7 @@ The
|
||||
function returns pointer to a buffer which contains a properly formed
|
||||
IPsec policy specification structure.
|
||||
The buffer is dynamically allocated, and must be freed by using the
|
||||
.Xr free 3
|
||||
.Xr free 3
|
||||
library function.
|
||||
.Pp
|
||||
The
|
||||
@ -94,13 +94,13 @@ The
|
||||
.Fn ipsec_dump_policy
|
||||
function returns a pointer to dynamically allocated string.
|
||||
It is the caller's responsibility to free the returned pointer using the
|
||||
.Xr free 3
|
||||
.Xr free 3
|
||||
library call.
|
||||
.Pp
|
||||
A
|
||||
A
|
||||
.Fa policy
|
||||
is given in the following way:
|
||||
.Bl -tag -width "discard"
|
||||
.Bl -tag -width "discard"
|
||||
.It Ar direction Li discard
|
||||
The
|
||||
.Ar direction
|
||||
@ -108,7 +108,7 @@ must be
|
||||
.Li in
|
||||
or
|
||||
.Li out
|
||||
and
|
||||
and
|
||||
specifies which direction the policy needs to be applied, either on
|
||||
inbound or outbound packets.
|
||||
When the
|
||||
@ -121,10 +121,11 @@ means to consult the security policy database
|
||||
in the kernel, as controlled by
|
||||
.Xr setkey 8 .
|
||||
.It Ar direction Li bypass
|
||||
A direction of
|
||||
A direction of
|
||||
.Li bypass
|
||||
indicates that IPsec processing should not occur and that the
|
||||
packet will be transmitted in clear. The bypass option is only
|
||||
packet will be transmitted in clear.
|
||||
The bypass option is only
|
||||
available to privileged sockets.
|
||||
.It Xo
|
||||
.Ar direction
|
||||
@ -138,7 +139,7 @@ means that matching packets are processed by IPsec.
|
||||
can be followed by one or more
|
||||
.Ar request
|
||||
string, which is formatted as:
|
||||
.Bl -tag -width "discard"
|
||||
.Bl -tag -width "discard"
|
||||
.It Xo
|
||||
.Ar protocol
|
||||
.Li /
|
||||
@ -164,8 +165,8 @@ The
|
||||
is either
|
||||
.Li transport
|
||||
or
|
||||
.Li tunnel
|
||||
the meanings of both modes are described in
|
||||
.Li tunnel
|
||||
the meanings of both modes are described in
|
||||
.Xr ipsec 4 .
|
||||
.Pp
|
||||
The
|
||||
@ -210,9 +211,10 @@ or
|
||||
means that the kernel should consult the default security policies as
|
||||
defined by a set of
|
||||
.Xr sysctl 8 ,
|
||||
variables. The relevant
|
||||
.Xr sysctl 8
|
||||
variables are described in
|
||||
variables.
|
||||
The relevant
|
||||
.Xr sysctl 8
|
||||
variables are described in
|
||||
.Xr ipsec 4 .
|
||||
.Pp
|
||||
When
|
||||
@ -221,15 +223,16 @@ is selected a relevant security association
|
||||
(SA)
|
||||
can be used when available but is not necessary.
|
||||
If the SA is available then packets will be handled by IPsec,
|
||||
i.e. encrypted and/or authenticated but if an SA is not available then
|
||||
packets will be transmitted in the clear. The
|
||||
i.e., encrypted and/or authenticated but if an SA is not available then
|
||||
packets will be transmitted in the clear.
|
||||
The
|
||||
.Li use
|
||||
option is not recommended because it allows for accidental
|
||||
mis-configurations where encrypted or authenticated link becomes
|
||||
unencrypted or unauthenticated, the
|
||||
.Li require
|
||||
keyword is recommended instead of
|
||||
.Li use
|
||||
.Li use
|
||||
where possible.
|
||||
Using the
|
||||
.Li require
|
||||
@ -250,7 +253,7 @@ Put the decimal number as the identifier after the
|
||||
.Li unique
|
||||
keyword in this way:
|
||||
.Li unique : number ,
|
||||
where
|
||||
where
|
||||
.Li number
|
||||
must be between 1 and 32767.
|
||||
.Pp
|
||||
@ -270,7 +273,7 @@ is omitted, it will be interpreted as
|
||||
.El
|
||||
.Pp
|
||||
Note that there is a difference between the specification allowed here
|
||||
and in
|
||||
and in
|
||||
.Xr setkey 8 .
|
||||
When specifying security policies with
|
||||
.Xr setkey 8 ,
|
||||
@ -278,42 +281,16 @@ neither entrust nor bypass are used.
|
||||
Refer to
|
||||
.Xr setkey 8
|
||||
for details.
|
||||
.Sh EXAMPLES
|
||||
Set a policy that all inbound packets are discarded.
|
||||
.Bd -literal -offset indent
|
||||
in discard
|
||||
|
||||
.Ed
|
||||
.\"
|
||||
All outbound packets are required to be processed by IPsec and
|
||||
transported using ESP.
|
||||
.Bd -literal -offset indent
|
||||
out ipsec esp/transport//require
|
||||
|
||||
.Ed
|
||||
.\"
|
||||
All inbound packets are required to be authenticated using the AH protocol.
|
||||
.Bd -literal -offset indent
|
||||
in ipsec ah/transport//require
|
||||
|
||||
.Ed
|
||||
.\"
|
||||
Tunnel packets outbound through the endpoints at 10.1.1.2 and 10.1.1.1.
|
||||
.Bd -literal -offset indent
|
||||
out ipsec esp/tunnel/10.1.1.2-10.1.1.1/require
|
||||
|
||||
.Ed
|
||||
.\"
|
||||
.Sh RETURN VALUES
|
||||
The
|
||||
.Fn ipsec_set_policy
|
||||
function returns a pointer to the allocated buffer containing a the
|
||||
policy specification if successful; otherwise a NULL pointer is
|
||||
returned.
|
||||
returned.
|
||||
.Pp
|
||||
The
|
||||
.Fn ipsec_get_policylen
|
||||
function returns a positive value,
|
||||
function returns a positive value,
|
||||
indicating the buffer size,
|
||||
on success, and a negative value on error.
|
||||
.Pp
|
||||
@ -323,6 +300,26 @@ function returns a pointer to a dynamically allocated region
|
||||
containing a human readable security policy on success, and
|
||||
.Dv NULL
|
||||
on error.
|
||||
.Sh EXAMPLES
|
||||
Set a policy that all inbound packets are discarded.
|
||||
.Pp
|
||||
.Dl "in discard"
|
||||
.Pp
|
||||
.\"
|
||||
All outbound packets are required to be processed by IPsec and
|
||||
transported using ESP.
|
||||
.Pp
|
||||
.Dl "out ipsec esp/transport//require"
|
||||
.Pp
|
||||
.\"
|
||||
All inbound packets are required to be authenticated using the AH protocol.
|
||||
.Pp
|
||||
.Dl "in ipsec ah/transport//require"
|
||||
.Pp
|
||||
.\"
|
||||
Tunnel packets outbound through the endpoints at 10.1.1.2 and 10.1.1.1.
|
||||
.Pp
|
||||
.Dl "out ipsec esp/tunnel/10.1.1.2-10.1.1.1/require"
|
||||
.Sh SEE ALSO
|
||||
.Xr ipsec_strerror 3 ,
|
||||
.Xr ipsec 4 ,
|
||||
@ -332,4 +329,4 @@ These functions first appeared in WIDE/KAME IPv6 protocol stack kit.
|
||||
.Pp
|
||||
IPv6 and IPsec support based on the KAME Project (http://www.kame.net/) stack
|
||||
was initially integrated into
|
||||
.Fx 4.0
|
||||
.Fx 4.0 .
|
||||
|
@ -158,7 +158,7 @@ This is the first record in a log file.
|
||||
.It Dv PMCLOG_TYPE_MAP_IN
|
||||
A record describing the introduction of a mapping to an executable
|
||||
object by a
|
||||
.Xr kldload 2
|
||||
.Xr kldload 2
|
||||
or
|
||||
.Xr mmap 2
|
||||
system call.
|
||||
|
@ -76,7 +76,9 @@ by 1024 until it will.
|
||||
In this case, prefix
|
||||
.Fa suffix
|
||||
with the appropriate SI designator.
|
||||
.Nm
|
||||
The
|
||||
.Fn humanize_number
|
||||
function
|
||||
follows the traditional computer science conventions rather than the proposed
|
||||
SI power of two convention.
|
||||
.Pp
|
||||
|
Loading…
x
Reference in New Issue
Block a user