diff --git a/lib/libarchive/tar.5 b/lib/libarchive/tar.5 index e194a7d771d4..5857fb58a3b7 100644 --- a/lib/libarchive/tar.5 +++ b/lib/libarchive/tar.5 @@ -399,7 +399,8 @@ extensions can store all of the data from .Va struct stat . .It Cm LIBARCHIVE.xattr. Ns Ar namespace Ns . Ns Ar key Libarchive stores POSIX.1e-style extended attributes using -keys of this form. The +keys of this form. +The .Ar key value is URL-encoded: All non-ASCII characters and the two special characters diff --git a/lib/libc/gen/pwcache.3 b/lib/libc/gen/pwcache.3 index feb834d2bcbe..e0fe10bc8c53 100644 --- a/lib/libc/gen/pwcache.3 +++ b/lib/libc/gen/pwcache.3 @@ -32,7 +32,7 @@ .\" @(#)pwcache.3 8.1 (Berkeley) 6/9/93 .\" $FreeBSD$ .\" -.Dd Dd March 22, 2002 +.Dd March 22, 2002 .Dt PWCACHE 3 .Os .Sh NAME diff --git a/lib/libc/gen/vis.3 b/lib/libc/gen/vis.3 index 58b2c765f49e..abe7611b4c7a 100644 --- a/lib/libc/gen/vis.3 +++ b/lib/libc/gen/vis.3 @@ -243,7 +243,7 @@ The following sequences are used to represent the indicated characters: .Dv NL No (012) .It Li \er .Dv CR No (015) -.It Li \es +.It Li \es .Dv SP No (040) .It Li \et .Dv HT No (011) diff --git a/lib/libc/i386/sys/i386_set_watch.3 b/lib/libc/i386/sys/i386_set_watch.3 index e3195fc4d7d6..f818ee7656ce 100644 --- a/lib/libc/i386/sys/i386_set_watch.3 +++ b/lib/libc/i386/sys/i386_set_watch.3 @@ -57,12 +57,12 @@ will set up the specified debug registers as indicated by the arguments. The .Fa watchnum -argument specifies which watch register is used, 0, 1, 2, 3, or -1. +argument specifies which watch register is used, 0, 1, 2, 3, or \-1. If .Fa watchnum -is -1, a free watch register is found and used. +is \-1, a free watch register is found and used. If there are no free -watch registers, an error code of -1 is returned. +watch registers, an error code of \-1 is returned. The .Fa watchaddr argument @@ -89,7 +89,7 @@ to retrieve and install the debug register values for a process. On success, the .Fn i386_clr_watch function returns 0. -On error, -1 returned which indicates that +On error, \-1 returned which indicates that .Fa watchnum is invalid (not in the range of 0-3). If the specified watchnum was already disabled, no error is returned. @@ -100,10 +100,10 @@ function returns the .Fa watchnum argument, or the watchnum actually used in the case where the specified .Fa watchnum -was -1. +was \-1. On error, the .Fn i386_set_watch -function returns -1 indicating that the watchpoint could not established +function returns \-1 indicating that the watchpoint could not established because either no more watchpoints are available, or .Fa watchnum , .Fa size , diff --git a/lib/libc/net/gai_strerror.3 b/lib/libc/net/gai_strerror.3 index 51d0d073a0bf..25cff0c01cf1 100644 --- a/lib/libc/net/gai_strerror.3 +++ b/lib/libc/net/gai_strerror.3 @@ -18,7 +18,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 20, 2004 +.Dd May 21, 2006 .Dt GAI_STRERROR 3 .Os .Sh NAME diff --git a/lib/libc/net/gethostbyname.3 b/lib/libc/net/gethostbyname.3 index 7c83d0270afd..afd01b0ccbce 100644 --- a/lib/libc/net/gethostbyname.3 +++ b/lib/libc/net/gethostbyname.3 @@ -32,7 +32,7 @@ .\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95 .\" $FreeBSD$ .\" -.Dd May 25, 1995 +.Dd May 12, 2006 .Dt GETHOSTBYNAME 3 .Os .Sh NAME diff --git a/lib/libc/rpc/rpc_clnt_create.3 b/lib/libc/rpc/rpc_clnt_create.3 index 3008b15dc7bf..34c90ed77d1d 100644 --- a/lib/libc/rpc/rpc_clnt_create.3 +++ b/lib/libc/rpc/rpc_clnt_create.3 @@ -101,7 +101,7 @@ If you set the timeout value to 0, immediately returns an error .Pq Dv RPC_TIMEDOUT . Set the timeout argument to 0 for batching calls. -.Bl -column CLSET_FD_NCLOSE "struct timeval *" "do not close fd on destroy" +.Bl -column CLSET_FD_NCLOSE "struct timeval *" .It Dv CLGET_SVC_ADDR Ta "struct netbuf *" Ta "get servers address" .It Dv CLGET_FD Ta "int *" Ta "get fd from handle" .It Dv CLSET_FD_CLOSE Ta "void" Ta "close fd on destroy" diff --git a/lib/libc/stdio/fclose.3 b/lib/libc/stdio/fclose.3 index 320de294e4cc..23f884f5b49f 100644 --- a/lib/libc/stdio/fclose.3 +++ b/lib/libc/stdio/fclose.3 @@ -36,7 +36,7 @@ .\" @(#)fclose.3 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd April 22, 2006 .Dt FCLOSE 3 .Os .Sh NAME diff --git a/lib/libc/stdlib/malloc.3 b/lib/libc/stdlib/malloc.3 index b29509d28a9e..495fc22f2189 100644 --- a/lib/libc/stdlib/malloc.3 +++ b/lib/libc/stdlib/malloc.3 @@ -143,8 +143,9 @@ function returns the usable size of the allocation pointed to by .Fa ptr . The return value may be larger than the size that was requested during allocation. +The .Fn malloc_usable_size -is not a mechanism for in-place +function is not a mechanism for in-place .Fn realloc ; rather it is provided solely as a tool for introspection purposes. Any discrepancy between the requested allocation size and the size reported by @@ -177,7 +178,7 @@ The process will call .Xr abort 3 in these cases. .It H -Use +Use .Xr madvise 2 when pages within a chunk are no longer in use, but the chunk as a whole cannot yet be deallocated. @@ -263,7 +264,7 @@ Each byte of new memory allocated by .Fn realloc or .Fn reallocf -will be initialized to 0x0. +will be initialized to 0. Note that this initialization only happens once for each byte, so .Fn realloc and @@ -279,48 +280,6 @@ and options are intended for testing and debugging. An application which changes its behavior when these options are used is flawed. -.Sh RETURN VALUES -The -.Fn malloc -and -.Fn calloc -functions return a pointer to the allocated memory if successful; otherwise -a -.Dv NULL -pointer is returned and -.Va errno -is set to -.Er ENOMEM . -.Pp -The -.Fn realloc -and -.Fn reallocf -functions return a pointer, possibly identical to -.Fa ptr , -to the allocated memory -if successful; otherwise a -.Dv NULL -pointer is returned, and -.Va errno -is set to -.Er ENOMEM -if the error was the result of an allocation failure. -The -.Fn realloc -function always leaves the original buffer intact -when an error occurs, whereas -.Fn reallocf -deallocates it in this case. -.Pp -The -.Fn free -function returns no value. -.Pp -The -.Fn malloc_usable_size -function returns the usable size of the allocation pointed to by -.Fa ptr . .Sh IMPLEMENTATION NOTES This allocator uses multiple arenas in order to reduce lock contention for threaded programs on multi-processor systems. @@ -353,7 +312,7 @@ Allocation requests that are larger than the maximum quantum-multiple size class, but no larger than one half of a page, are rounded up to the nearest power of two. Allocation requests that are larger than half of a page, but no larger than half -of a chunk (see the +of a chunk (see the .Dq K option), are rounded up to the nearest run size. Allocation requests that are larger than half of a chunk are rounded up to the @@ -402,7 +361,8 @@ which focus on detecting and pinpointing problems by trading performance for extra sanity checks and detailed diagnostics. .Sh DIAGNOSTIC MESSAGES If any of the memory allocation/deallocation functions detect an error or -warning condition, a message will be printed to file descriptor STDERR_FILENO. +warning condition, a message will be printed to file descriptor +.Dv STDERR_FILENO . Errors will result in the process dumping core. If the .Dq A @@ -418,10 +378,50 @@ file descriptor is not suitable for this. Please note that doing anything which tries to allocate memory in this function is likely to result in a crash or deadlock. .Pp -All messages are prefixed by: -.Bl -diag -.It : (malloc) -.El +All messages are prefixed by +.Dq Ao Ar progname Ac Ns Li : (malloc) . +.Sh RETURN VALUES +The +.Fn malloc +and +.Fn calloc +functions return a pointer to the allocated memory if successful; otherwise +a +.Dv NULL +pointer is returned and +.Va errno +is set to +.Er ENOMEM . +.Pp +The +.Fn realloc +and +.Fn reallocf +functions return a pointer, possibly identical to +.Fa ptr , +to the allocated memory +if successful; otherwise a +.Dv NULL +pointer is returned, and +.Va errno +is set to +.Er ENOMEM +if the error was the result of an allocation failure. +The +.Fn realloc +function always leaves the original buffer intact +when an error occurs, whereas +.Fn reallocf +deallocates it in this case. +.Pp +The +.Fn free +function returns no value. +.Pp +The +.Fn malloc_usable_size +function returns the usable size of the allocation pointed to by +.Fa ptr . .Sh ENVIRONMENT The following environment variables affect the execution of the allocation functions: diff --git a/lib/libc/sys/chflags.2 b/lib/libc/sys/chflags.2 index 3897d383472b..fff18e43bdb6 100644 --- a/lib/libc/sys/chflags.2 +++ b/lib/libc/sys/chflags.2 @@ -32,7 +32,7 @@ .\" @(#)chflags.2 8.3 (Berkeley) 5/2/95 .\" $FreeBSD$ .\" -.Dd May 5, 2002 +.Dd May 16, 2006 .Dt CHFLAGS 2 .Os .Sh NAME @@ -74,34 +74,33 @@ The flags specified are formed by .Em or Ns 'ing the following values .Pp -.Bl -tag -width "SF_IMMUTABLE" -compact -offset indent -.It UF_NODUMP +.Bl -tag -width ".Dv SF_IMMUTABLE" -compact -offset indent +.It Dv UF_NODUMP Do not dump the file. -.It UF_IMMUTABLE +.It Dv UF_IMMUTABLE The file may not be changed. -.It UF_APPEND +.It Dv UF_APPEND The file may only be appended to. -.It UF_NOUNLINK +.It Dv UF_NOUNLINK The file may not be renamed or deleted. -.It UF_OPAQUE +.It Dv UF_OPAQUE The directory is opaque when viewed through a union stack. -.It SF_ARCHIVED +.It Dv SF_ARCHIVED The file may be archived. -.It SF_IMMUTABLE +.It Dv SF_IMMUTABLE The file may not be changed. -.It SF_APPEND +.It Dv SF_APPEND The file may only be appended to. -.It SF_NOUNLINK +.It Dv SF_NOUNLINK The file may not be renamed or deleted. -.It SF_SNAPSHOT +.It Dv SF_SNAPSHOT The file is a snapshot file. .El .Pp -If one of -.Dq SF_IMMUTABLE , -.Dq SF_APPEND , +If one of +.Dv SF_IMMUTABLE , SF_APPEND , or -.Dq SF_NOUNLINK +.Dv SF_NOUNLINK is set a non-super-user cannot change any flags and even the super-user can change flags only if securelevel is greater than 0. (See @@ -109,20 +108,15 @@ can change flags only if securelevel is greater than 0. for details.) .Pp The -.Dq UF_IMMUTABLE , -.Dq UF_APPEND , -.Dq UF_NOUNLINK , -.Dq UF_NODUMP , +.Dv UF_IMMUTABLE , UF_APPEND , UF_NOUNLINK , UF_NODUMP , and -.Dq UF_OPAQUE +.Dv UF_OPAQUE flags may be set or unset by either the owner of a file or the super-user. .Pp The -.Dq SF_IMMUTABLE , -.Dq SF_APPEND , -.Dq SF_NOUNLINK , +.Dv SF_IMMUTABLE , SF_APPEND , SF_NOUNLINK , and -.Dq SF_ARCHIVED +.Dv SF_ARCHIVED flags may only be set or unset by the super-user. Attempts to set these flags by non-super-users are rejected, attempts by non-superusers to clear flags that are already unset are silently ignored. @@ -133,7 +127,7 @@ the system is in single-user mode. for details.) .Pp The -.Dq SF_SNAPSHOT +.Dv SF_SNAPSHOT flag is maintained by the system and cannot be changed by any user. .Sh RETURN VALUES .Rv -std @@ -158,18 +152,16 @@ The effective user ID does not match the owner of the file and the effective user ID is not the super-user. .It Bq Er EPERM One of -.Dq SF_IMMUTABLE , -.Dq SF_APPEND , +.Dv SF_IMMUTABLE , SF_APPEND , or -.Dq SF_NOUNLINK +.Dv SF_NOUNLINK is set and the user is either not the super-user or securelevel is greater than 0. .It Bq Er EPERM A non-super-user tries to set one of -.Dq SF_IMMUTABLE , -.Dq SF_APPEND , +.Dv SF_IMMUTABLE , SF_APPEND , or -.Dq SF_NOUNLINK . +.Dv SF_NOUNLINK . .It Bq Er EROFS The named file resides on a read-only file system. .It Bq Er EFAULT @@ -201,18 +193,16 @@ The effective user ID does not match the owner of the file and the effective user ID is not the super-user. .It Bq Er EPERM One of -.Dq SF_IMMUTABLE , -.Dq SF_APPEND , +.Dv SF_IMMUTABLE , SF_APPEND , or -.Dq SF_NOUNLINK +.Dv SF_NOUNLINK is set and the user is either not the super-user or securelevel is greater than 0. .It Bq Er EPERM A non-super-user tries to set one of -.Dq SF_IMMUTABLE , -.Dq SF_APPEND , +.Dv SF_IMMUTABLE , SF_APPEND , or -.Dq SF_NOUNLINK . +.Dv SF_NOUNLINK . .It Bq Er EROFS The file resides on a read-only file system. .It Bq Er EIO diff --git a/lib/libc/sys/clock_gettime.2 b/lib/libc/sys/clock_gettime.2 index 15c71563370e..beb0bd8a3ebf 100644 --- a/lib/libc/sys/clock_gettime.2 +++ b/lib/libc/sys/clock_gettime.2 @@ -63,13 +63,20 @@ which is specified by The .Fa clock_id argument -can be one of four values: CLOCK_REALTIME for time that increments as -a wall clock should, CLOCK_MONOTONIC which increments in SI seconds, -CLOCK_UPTIME which starts at zero when the kernel boots and increments +can be one of five values: +.Dv CLOCK_REALTIME +for time that increments as +a wall clock should, +.Dv CLOCK_MONOTONIC +which increments in SI seconds, +.Dv CLOCK_UPTIME +which starts at zero when the kernel boots and increments monotonically in SI seconds while the machine is running, -CLOCK_VIRTUAL for time that increments only when +.Dv CLOCK_VIRTUAL +for time that increments only when the CPU is running in user mode on behalf of the calling process, or -CLOCK_PROF for time that increments when the CPU is running in user or +.Dv CLOCK_PROF +for time that increments when the CPU is running in user or kernel mode. .Pp The structure pointed to by diff --git a/lib/libc/sys/connect.2 b/lib/libc/sys/connect.2 index 80a327d96ad7..eae89e8fde13 100644 --- a/lib/libc/sys/connect.2 +++ b/lib/libc/sys/connect.2 @@ -32,7 +32,7 @@ .\" @(#)connect.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd August 16, 2006 .Dt CONNECT 2 .Os .Sh NAME @@ -131,13 +131,14 @@ constant or the .Dv INADDR_NONE return value) through a socket that does not provide broadcast functionality. .It Bq Er EAGAIN -An auto-assigned port number was requested but no auto-assigned ports -are available. Increasing the port range specified by +An auto-assigned port number was requested but no auto-assigned ports +are available. +Increasing the port range specified by .Xr sysctl 3 MIB variables -.Dq Va net.inet.ip.portrange.first +.Va net.inet.ip.portrange.first and -.Dq Va net.inet.ip.portrange.last +.Va net.inet.ip.portrange.last may alleviate the problem. .El .Pp diff --git a/lib/libc/sys/getsockopt.2 b/lib/libc/sys/getsockopt.2 index 24610a39827c..5458175fbffc 100644 --- a/lib/libc/sys/getsockopt.2 +++ b/lib/libc/sys/getsockopt.2 @@ -163,7 +163,10 @@ and set with .It Dv SO_SNDTIMEO Ta "set timeout value for output" .It Dv SO_RCVTIMEO Ta "set timeout value for input" .It Dv SO_ACCEPTFILTER Ta "set accept filter on listening socket" -.It Dv SO_NOSIGPIPE Ta "controls generation of SIGPIPE for the socket" +.It Dv SO_NOSIGPIPE Ta +controls generation of +.Dv SIGPIPE +for the socket .It Dv SO_TYPE Ta "get the type of the socket (get only)" .It Dv SO_ERROR Ta "get and clear error on the socket (get only)" .El @@ -359,7 +362,9 @@ of NULL will remove the filter. .Pp The .Dv SO_NOSIGPIPE -option controls generation of the SIGPIPE signal normally sent +option controls generation of the +.Dv SIGPIPE +signal normally sent when writing to a connected socket where the other end has been closed returns with the error .Er EPIPE . diff --git a/lib/libc/sys/kldnext.2 b/lib/libc/sys/kldnext.2 index ff929c3bb687..c856a2e671f8 100644 --- a/lib/libc/sys/kldnext.2 +++ b/lib/libc/sys/kldnext.2 @@ -43,12 +43,12 @@ The .Fn kldnext system call returns the fileid of the next kld file (that is, the one after -.Va fileid ) +.Fa fileid ) or 0 if -.Va fileid +.Fa fileid is the last file loaded. To get the fileid of the first kld file, pass -.Va fileid +.Fa fileid of 0 to .Fn kldnext . .Sh RETURN VALUES @@ -67,7 +67,7 @@ The only error set by is .Er ENOENT , which is set when -.Va fileid +.Fa fileid refers to a kld file that does not exist (is not loaded). .Sh SEE ALSO .Xr kldfind 2 , diff --git a/lib/libc/sys/kqueue.2 b/lib/libc/sys/kqueue.2 index 06146e2b157e..2abb04b767e1 100644 --- a/lib/libc/sys/kqueue.2 +++ b/lib/libc/sys/kqueue.2 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 4, 2005 +.Dd August 25, 2006 .Dt KQUEUE 2 .Os .Sh NAME diff --git a/lib/libc/sys/listen.2 b/lib/libc/sys/listen.2 index 4c324978dba9..894c9bfed995 100644 --- a/lib/libc/sys/listen.2 +++ b/lib/libc/sys/listen.2 @@ -106,7 +106,7 @@ of service attacks are no longer necessary. The .Xr sysctl 3 MIB variable -.Dq Va kern.ipc.somaxconn +.Va kern.ipc.somaxconn specifies a hard limit on .Fa backlog ; if a value greater than diff --git a/lib/libc/sys/mmap.2 b/lib/libc/sys/mmap.2 index c32371b7f96a..dbb586431cc7 100644 --- a/lib/libc/sys/mmap.2 +++ b/lib/libc/sys/mmap.2 @@ -353,7 +353,8 @@ is limited to the maximum file size or available userland address space. Files may not be able to be made more than 1TB large on 32 bit systems due to file systems restrictions and bugs, but address space is far more -restrictive. Larger files may be possible on 64 bit systems. +restrictive. +Larger files may be possible on 64 bit systems. .Pp The previous documented limit of 2GB was a documentation bug. That limit has not existed since diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2 index c494388f2aa1..0496ce0a8506 100644 --- a/lib/libc/sys/open.2 +++ b/lib/libc/sys/open.2 @@ -32,7 +32,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd November 16, 1993 +.Dd January 10, 2006 .Dt OPEN 2 .Os .Sh NAME @@ -174,10 +174,10 @@ controlling terminal when it opens a tty device. This is the default on .Fx , but is present for -.Tn POSIX +.Tn POSIX compatibility. The -.Fn open +.Fn open system call will not assign controlling terminals on .Fx . .Pp diff --git a/lib/libc/sys/sigqueue.2 b/lib/libc/sys/sigqueue.2 index b556ba46a749..780b6a03c5b2 100644 --- a/lib/libc/sys/sigqueue.2 +++ b/lib/libc/sys/sigqueue.2 @@ -134,13 +134,15 @@ does not exist. .Xr sigwait 2 , .Xr sigwaitinfo 2 , .Xr pause 3 , -.Xr pthread_sigmask 3 +.Xr pthread_sigmask 3 , .Xr siginfo 3 .Sh STANDARDS The .Fn sigqueue system call conforms to -.St -p1003.1-2004 +.St -p1003.1-2004 .Sh HISTORY -Support for POSIX realtime signal queue first appeared in +Support for +.Tn POSIX +realtime signal queue first appeared in .Fx 7.0 . diff --git a/lib/libc/sys/timer_create.2 b/lib/libc/sys/timer_create.2 index 7202bc6dca86..9e4bc237d3bf 100644 --- a/lib/libc/sys/timer_create.2 +++ b/lib/libc/sys/timer_create.2 @@ -158,5 +158,7 @@ The system call conforms to .St -p1003.1-2004 .Sh HISTORY -Support for POSIX per-process timer first appeared in +Support for +.Tn POSIX +per-process timer first appeared in .Fx 7.0 . diff --git a/lib/libc/sys/timer_delete.2 b/lib/libc/sys/timer_delete.2 index 97524a100632..36d9775be7b1 100644 --- a/lib/libc/sys/timer_delete.2 +++ b/lib/libc/sys/timer_delete.2 @@ -74,5 +74,7 @@ The system call conforms to .St -p1003.1-2004 .Sh HISTORY -Support for POSIX per-process timer first appeared in +Support for +.Tn POSIX +per-process timer first appeared in .Fx 7.0 . diff --git a/lib/libc/sys/timer_settime.2 b/lib/libc/sys/timer_settime.2 index 330410df0916..82f3eb7ae4ad 100644 --- a/lib/libc/sys/timer_settime.2 +++ b/lib/libc/sys/timer_settime.2 @@ -259,5 +259,7 @@ and system calls conform to .St -p1003.1-2004 .Sh HISTORY -Support for POSIX per-process timer first appeared in +Support for +.Tn POSIX +per-process timer first appeared in .Fx 7.0 . diff --git a/lib/libc/sys/utimes.2 b/lib/libc/sys/utimes.2 index 30085e481046..7c8750cc6672 100644 --- a/lib/libc/sys/utimes.2 +++ b/lib/libc/sys/utimes.2 @@ -180,7 +180,7 @@ The argument points outside the process's allocated address space. .It Bq Er EINVAL -The +The .Va tv_usec component of at least one of the values specified by the .Fa times diff --git a/lib/libdevinfo/devinfo.3 b/lib/libdevinfo/devinfo.3 index 49516ccb9adf..0788100b7e88 100644 --- a/lib/libdevinfo/devinfo.3 +++ b/lib/libdevinfo/devinfo.3 @@ -63,7 +63,7 @@ .Ft int .Fo devinfo_foreach_device_resource .Fa "struct devinfo_dev *dev" -.Fa "int \*[lp]*fn\*[rp]\*[lp]struct devinfo_dev *dev, struct devinfo_res *res, void *arg\*[rp]" +.Fa "int \*[lp]*fn\*[rp]\*[lp]struct devinfo_dev *dev, \:struct devinfo_res *res, void *arg\*[rp]" .Fa "void *arg" .Fc .Ft int diff --git a/lib/libipsec/ipsec_set_policy.3 b/lib/libipsec/ipsec_set_policy.3 index 8be32f535107..0b7d756e2dcc 100644 --- a/lib/libipsec/ipsec_set_policy.3 +++ b/lib/libipsec/ipsec_set_policy.3 @@ -51,13 +51,13 @@ .Sh DESCRIPTION The .Fn ipsec_set_policy -function generates an IPsec policy specification structure, +function generates an IPsec policy specification structure, .Li struct sadb_x_policy and/or .Li struct sadb_x_ipsecrequest from a human-readable policy specification. -The policy specification must be given as a C string, -passed in the +The policy specification must be given as a C string, +passed in the .Fa policy argument and the length of the string, given as .Fa len . @@ -66,7 +66,7 @@ The function returns pointer to a buffer which contains a properly formed IPsec policy specification structure. The buffer is dynamically allocated, and must be freed by using the -.Xr free 3 +.Xr free 3 library function. .Pp The @@ -94,13 +94,13 @@ The .Fn ipsec_dump_policy function returns a pointer to dynamically allocated string. It is the caller's responsibility to free the returned pointer using the -.Xr free 3 +.Xr free 3 library call. .Pp -A +A .Fa policy is given in the following way: -.Bl -tag -width "discard" +.Bl -tag -width "discard" .It Ar direction Li discard The .Ar direction @@ -108,7 +108,7 @@ must be .Li in or .Li out -and +and specifies which direction the policy needs to be applied, either on inbound or outbound packets. When the @@ -121,10 +121,11 @@ means to consult the security policy database in the kernel, as controlled by .Xr setkey 8 . .It Ar direction Li bypass -A direction of +A direction of .Li bypass indicates that IPsec processing should not occur and that the -packet will be transmitted in clear. The bypass option is only +packet will be transmitted in clear. +The bypass option is only available to privileged sockets. .It Xo .Ar direction @@ -138,7 +139,7 @@ means that matching packets are processed by IPsec. can be followed by one or more .Ar request string, which is formatted as: -.Bl -tag -width "discard" +.Bl -tag -width "discard" .It Xo .Ar protocol .Li / @@ -164,8 +165,8 @@ The is either .Li transport or -.Li tunnel -the meanings of both modes are described in +.Li tunnel +the meanings of both modes are described in .Xr ipsec 4 . .Pp The @@ -210,9 +211,10 @@ or means that the kernel should consult the default security policies as defined by a set of .Xr sysctl 8 , -variables. The relevant -.Xr sysctl 8 -variables are described in +variables. +The relevant +.Xr sysctl 8 +variables are described in .Xr ipsec 4 . .Pp When @@ -221,15 +223,16 @@ is selected a relevant security association (SA) can be used when available but is not necessary. If the SA is available then packets will be handled by IPsec, -i.e. encrypted and/or authenticated but if an SA is not available then -packets will be transmitted in the clear. The +i.e., encrypted and/or authenticated but if an SA is not available then +packets will be transmitted in the clear. +The .Li use option is not recommended because it allows for accidental mis-configurations where encrypted or authenticated link becomes unencrypted or unauthenticated, the .Li require keyword is recommended instead of -.Li use +.Li use where possible. Using the .Li require @@ -250,7 +253,7 @@ Put the decimal number as the identifier after the .Li unique keyword in this way: .Li unique : number , -where +where .Li number must be between 1 and 32767. .Pp @@ -270,7 +273,7 @@ is omitted, it will be interpreted as .El .Pp Note that there is a difference between the specification allowed here -and in +and in .Xr setkey 8 . When specifying security policies with .Xr setkey 8 , @@ -278,42 +281,16 @@ neither entrust nor bypass are used. Refer to .Xr setkey 8 for details. -.Sh EXAMPLES -Set a policy that all inbound packets are discarded. -.Bd -literal -offset indent -in discard - -.Ed -.\" -All outbound packets are required to be processed by IPsec and -transported using ESP. -.Bd -literal -offset indent -out ipsec esp/transport//require - -.Ed -.\" -All inbound packets are required to be authenticated using the AH protocol. -.Bd -literal -offset indent -in ipsec ah/transport//require - -.Ed -.\" -Tunnel packets outbound through the endpoints at 10.1.1.2 and 10.1.1.1. -.Bd -literal -offset indent -out ipsec esp/tunnel/10.1.1.2-10.1.1.1/require - -.Ed -.\" .Sh RETURN VALUES The .Fn ipsec_set_policy function returns a pointer to the allocated buffer containing a the policy specification if successful; otherwise a NULL pointer is -returned. +returned. .Pp The .Fn ipsec_get_policylen -function returns a positive value, +function returns a positive value, indicating the buffer size, on success, and a negative value on error. .Pp @@ -323,6 +300,26 @@ function returns a pointer to a dynamically allocated region containing a human readable security policy on success, and .Dv NULL on error. +.Sh EXAMPLES +Set a policy that all inbound packets are discarded. +.Pp +.Dl "in discard" +.Pp +.\" +All outbound packets are required to be processed by IPsec and +transported using ESP. +.Pp +.Dl "out ipsec esp/transport//require" +.Pp +.\" +All inbound packets are required to be authenticated using the AH protocol. +.Pp +.Dl "in ipsec ah/transport//require" +.Pp +.\" +Tunnel packets outbound through the endpoints at 10.1.1.2 and 10.1.1.1. +.Pp +.Dl "out ipsec esp/tunnel/10.1.1.2-10.1.1.1/require" .Sh SEE ALSO .Xr ipsec_strerror 3 , .Xr ipsec 4 , @@ -332,4 +329,4 @@ These functions first appeared in WIDE/KAME IPv6 protocol stack kit. .Pp IPv6 and IPsec support based on the KAME Project (http://www.kame.net/) stack was initially integrated into -.Fx 4.0 +.Fx 4.0 . diff --git a/lib/libpmc/pmclog.3 b/lib/libpmc/pmclog.3 index 82674a9ef09c..688445a4524a 100644 --- a/lib/libpmc/pmclog.3 +++ b/lib/libpmc/pmclog.3 @@ -158,7 +158,7 @@ This is the first record in a log file. .It Dv PMCLOG_TYPE_MAP_IN A record describing the introduction of a mapping to an executable object by a -.Xr kldload 2 +.Xr kldload 2 or .Xr mmap 2 system call. diff --git a/lib/libutil/humanize_number.3 b/lib/libutil/humanize_number.3 index d5b4e285c084..f101ce123e43 100644 --- a/lib/libutil/humanize_number.3 +++ b/lib/libutil/humanize_number.3 @@ -76,7 +76,9 @@ by 1024 until it will. In this case, prefix .Fa suffix with the appropriate SI designator. -.Nm +The +.Fn humanize_number +function follows the traditional computer science conventions rather than the proposed SI power of two convention. .Pp