diff options
Diffstat (limited to 'share')
39 files changed, 207 insertions, 255 deletions
diff --git a/share/man/man3/intro.3 b/share/man/man3/intro.3 index a58b093..b7c5bff 100644 --- a/share/man/man3/intro.3 +++ b/share/man/man3/intro.3 @@ -81,10 +81,7 @@ string operators, character tests and character operators, des encryption routines, storage allocation, time functions, signal handling and more. -.It Xr libcurses Po -.Fl l Ns Ar curses -.Fl l Ns Ar termcap -.Pc +.It Xr libcurses Pq Fl l Ns Ar curses Fl l Ns Ar termcap Terminal independent screen management routines for two dimensional non-bitmap display terminals. (See @@ -102,7 +99,8 @@ indicates the proper interface to use. .It Xr libkvm Pq Fl l Ns Ar kvm Functions used to access kernel memory are in this library. They can be used against both a running system and a crash dump. -.Pq See Xr kvm 3 . ) +(See +.Xr kvm 3 . ) .It Xr libl Pq Fl l Ns Ar l The library for .Xr lex 1 . diff --git a/share/man/man4/adw.4 b/share/man/man4/adw.4 index 16da918..d95e39b 100644 --- a/share/man/man4/adw.4 +++ b/share/man/man4/adw.4 @@ -51,7 +51,7 @@ AdvanSys products incorporating these chips include the and .Tn ABP3950U2W . Both chips support, synchronous transfers -.Pq 20MHz and 40MHz max respectively , +(20MHz and 40MHz max respectively), 16bit transfers, tagged queueing, and up to 253 concurrent SCSI transactions. .Pp diff --git a/share/man/man4/atkbd.4 b/share/man/man4/atkbd.4 index e9f971f..adce166 100644 --- a/share/man/man4/atkbd.4 +++ b/share/man/man4/atkbd.4 @@ -140,9 +140,11 @@ The .Nm driver accepts the following driver flags. They can be set either in the kernel configuration file -.Pq see Xr config 8 , +(see +.Xr config 8 ) , or else in the User Configuration Menu at boot time -.Pq see Xr boot 8 . +(see +.Xr boot 8 ) . .Bl -tag -width FAIL .It bit 0 (FAIL_IF_NO_KBD) By default the diff --git a/share/man/man4/atkbdc.4 b/share/man/man4/atkbdc.4 index 1aba04d..3211496 100644 --- a/share/man/man4/atkbdc.4 +++ b/share/man/man4/atkbdc.4 @@ -56,7 +56,8 @@ The following kernel configuration options can be used to control the .Nm driver. They may be set in the kernel configuration file -.Pq see Xr config 8 . +(see +.Xr config 8 ) . .Bl -tag -width MOUSE .It Em KBD_RESETDELAY=X , KBD_MAXWAIT=Y The keyboard driver diff --git a/share/man/man4/bpf.4 b/share/man/man4/bpf.4 index 21d4f9c..376254b 100644 --- a/share/man/man4/bpf.4 +++ b/share/man/man4/bpf.4 @@ -522,11 +522,9 @@ M[k] <- X The alu instructions perform operations between the accumulator and index register or constant, and store the result back in the accumulator. For binary operations, a source mode is required -.Po -.Dv BPF_K +.Dv ( BPF_K or -.Dv BPF_X -.Pc . +.Dv BPF_X ) . .Pp .Bl -tag -width "BPF_ALU+BPF_MUL+BPF_K" -compact .It Li BPF_ALU+BPF_ADD+BPF_K diff --git a/share/man/man4/divert.4 b/share/man/man4/divert.4 index 5941318..48101bc 100644 --- a/share/man/man4/divert.4 +++ b/share/man/man4/divert.4 @@ -100,10 +100,8 @@ the tag is interpreted as the rule number rule processing should restart. .Sh LOOP AVOIDANCE Packets written into a divert socket -.Po -using -.Xr sendto 2 -.Pc +(using +.Xr sendto 2 ) re-enter the packet filter at the rule number following the tag given in the port part of the socket address, which is usually already set at the rule number that caused the diversion diff --git a/share/man/man4/gif.4 b/share/man/man4/gif.4 index 2d25c69..64a3c5a 100644 --- a/share/man/man4/gif.4 +++ b/share/man/man4/gif.4 @@ -63,12 +63,13 @@ Also, administrator needs to configure protocol and addresses used for the inner header, by using .Xr ifconfig 8 . Note that IPv6 link-local address -.Pq those start with Li fe80:: +(those start with +.Li fe80:: ) will be automatically configured whenever possible. You may need to remove IPv6 link-local address manually using .Xr ifconfig 8 , when you would like to disable the use of IPv6 as inner header -.Pq like when you need pure IPv4-over-IPv6 tunnel . +(like when you need pure IPv4-over-IPv6 tunnel). Finally, use routing table to route the packets toward .Nm interface. @@ -103,20 +104,16 @@ With .Dv IFF_LINK1 , .Nm will copy ECN bits -.Po -.Dv 0x02 +.Dv ( 0x02 and .Dv 0x01 -on IPv4 TOS byte or IPv6 traffic class byte -.Pc +on IPv4 TOS byte or IPv6 traffic class byte) on egress and ingress, as follows: .Bl -tag -width "Ingress" -offset indent .It Ingress Copy TOS bits except for ECN CE -.Po -masked with -.Dv 0xfe -.Pc +(masked with +.Dv 0xfe ) from inner to outer. set ECN CE bit to @@ -181,7 +178,7 @@ For example, you cannot usually use to talk with IPsec devices that use IPsec tunnel mode. .Pp The current code does not check if the ingress address -.Pq outer source address +(outer source address) configured to .Nm makes sense. @@ -192,7 +189,7 @@ and your node will generate packets with a spoofed source address. If the outer protocol is IPv4, .Nm does not try to perform path MTU discovery for the encapsulated packet -.Pq DF bit is set to 0 . +(DF bit is set to 0). .Pp If the outer protocol is IPv6, path MTU discovery for encapsulated packet may affect communication over the interface. diff --git a/share/man/man4/icmp6.4 b/share/man/man4/icmp6.4 index 3aeb1c3..c30fbbf 100644 --- a/share/man/man4/icmp6.4 +++ b/share/man/man4/icmp6.4 @@ -113,7 +113,7 @@ system calls may be used). Outgoing packets automatically have an .Tn IPv6 header prepended to them -.Pq based on the destination address . +(based on the destination address). .Tn ICMPv6 pseudo header checksum field .Pq Li icmp6_cksum @@ -171,7 +171,7 @@ Six macros operate on an icmp6_filter structure: .El .Pp The first argument to the last four macros -.Pq an integer +(an integer) is an .Tn ICMPv6 message type, between 0 and 255. @@ -199,7 +199,7 @@ messages of a given .Tn ICMPv6 type should be passed to the application or not passed to the application -.Pq blocked . +(blocked). .Pp The final two macros, .Dv WILLPASS @@ -262,8 +262,6 @@ socket with a network address for which no network interface exists. .\" .Sh HISTORY The implementation is based on KAME stack -.Po -which is descendant of WIDE hydrangea IPv6 stack kit -.Pc . +(which is descendant of WIDE hydrangea IPv6 stack kit). .Pp Part of the document was shamelessly copied from RFC2292. diff --git a/share/man/man4/ifmib.4 b/share/man/man4/ifmib.4 index 5288a76..405f69b 100644 --- a/share/man/man4/ifmib.4 +++ b/share/man/man4/ifmib.4 @@ -132,7 +132,8 @@ was full .Pq Li struct if_data more information from a structure defined in .Aq Pa net/if.h -.Pq see Xr if_data 9 +(see +.Xr if_data 9 ) .El .Pp Class-specific information can be retrieved by examining the diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4 index c87818f..22a1062 100644 --- a/share/man/man4/inet6.4 +++ b/share/man/man4/inet6.4 @@ -88,10 +88,8 @@ struct sockaddr_in6 { .Pp Sockets may be created with the local address .Dq Dv :: -.Po -which is equal to IPv6 address -.Dv 0:0:0:0:0:0:0:0 -.Pc +(which is equal to IPv6 address +.Dv 0:0:0:0:0:0:0:0 ) to affect .Dq wildcard matching on incoming messages. @@ -313,7 +311,7 @@ Boolean: enable/disable receiving of router advertisement packets, and autoconfiguration of address prefixes and default routers. The node must be a host -.Pq not a router +(not a router) for the option to be meaningful. Defaults to off. .It Dv IPV6CTL_KEEPFAITH @@ -332,7 +330,7 @@ Defaults to off. Integer: default interval between .Tn IPv6 packet forwarding engine log output -.Pq in seconds . +(in seconds). .It Dv IPV6CTL_HDRNESTLIMIT .Pq ip6.hdrnestlimit Integer: default number of the maximum @@ -424,21 +422,17 @@ Basically, it says this: A specific bind on an .Dv AF_INET6 socket -.Po -.Xr bind 2 -with an address specified -.Pc +.Xr ( bind 2 +with an address specified) should accept IPv6 traffic to that address only. .It If you perform a wildcard bind on an .Dv AF_INET6 socket -.Po -.Xr bind 2 +.Xr ( bind 2 to IPv6 address -.Li :: -.Pc , +.Li :: ) , and there is no wildcard bind .Dv AF_INET socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic @@ -465,9 +459,7 @@ However, RFC2553 does not define the ordering constraint between calls to .Xr bind 2 , nor how IPv4 TCP/UDP port numbers and IPv6 TCP/UDP port numbers relate to each other -.Po -should they be integrated or separated -.Pc . +(should they be integrated or separated). Implemented behavior is very different from kernel to kernel. Therefore, it is unwise to rely too much upon the behavior of .Dv AF_INET6 diff --git a/share/man/man4/intro.4 b/share/man/man4/intro.4 index bdf2a23..d4037ec 100644 --- a/share/man/man4/intro.4 +++ b/share/man/man4/intro.4 @@ -70,7 +70,8 @@ sometimes also called They are usually located under the directory .Pa /dev in the file system hierarchy -.Pq see also Xr hier 7 . +(see also +.Xr hier 7 ) . .Pp Until .Xr devfs 5 @@ -95,7 +96,7 @@ Some devices come in two flavors: and .Em character devices, or by a better name, buffered and unbuffered -.Pq raw +(raw) devices. The traditional names are reflected by the letters .Ql b and @@ -123,7 +124,7 @@ device. This includes making backups of entire disk partitions, or to .Em raw floppy disks -.Pq i.e. those used like tapes . +(i.e. those used like tapes). .Pp Access restrictions to device nodes are usually subject of the regular file permissions of the device node entry, instead of being implied @@ -146,11 +147,9 @@ manual pages in this section provide a sample line for the configuration file in their synopsis portion. See also the sample config file .Pa /sys/i386/conf/LINT -.Po -for the +(for the .Em i386 -architecture -.Pc . +architecture). .Sh SEE ALSO .Xr close 2 , .Xr ioctl 2 , diff --git a/share/man/man4/ip6.4 b/share/man/man4/ip6.4 index 3faf320..e5f8e0a 100644 --- a/share/man/man4/ip6.4 +++ b/share/man/man4/ip6.4 @@ -96,9 +96,9 @@ There are several .Xr setsockopt 2 Ns / Ns Xr getsockopt 2 options. They are separated into the basic IPv6 sockets API -.Pq defined in RFC2553 , +(defined in RFC2553), and the advanced API -.Pq defined in RFC2292 . +(defined in RFC2292). The basic API looks very similar to the API presented in .Xr ip 4 . Advanced API uses ancillary data and can handle more complex cases. @@ -697,9 +697,7 @@ are not defined in the RFCs and should be considered implementation dependent. .\" .Sh HISTORY The implementation is based on KAME stack -.Po -which is descendant of WIDE hydrangea IPv6 stack kit -.Pc . +(which is descendant of WIDE hydrangea IPv6 stack kit). .Pp Part of the document was shamelessly copied from RFC2553 and RFC2292. .\" diff --git a/share/man/man4/ipsec.4 b/share/man/man4/ipsec.4 index 29c097c..93bde4e 100644 --- a/share/man/man4/ipsec.4 +++ b/share/man/man4/ipsec.4 @@ -43,17 +43,15 @@ is a security protocol in Internet Protocol layer. .Nm is defined for both IPv4 and IPv6 -.Po -.Xr inet 4 +.Xr ( inet 4 and -.Xr inet6 4 -.Pc . +.Xr inet6 4 ) . .Nm consists of two sub-protocols, namely ESP -.Pq encapsulated security payload +(encapsulated security payload) and AH -.Pq authentication header . +(authentication header). ESP protects IP payload from wire-tapping by encrypting it by secret key cryptography algorithms. AH guarantees integrity of IP packet @@ -95,9 +93,9 @@ interface is used to define host-wide default behavior. .Pp The kernel code does not implement dynamic encryption key exchange protocol like IKE -.Pq Internet Key Exchange . +(Internet Key Exchange). That should be implemented as userland programs -.Pq usually as daemons , +(usually as daemons), by using the above described APIs. .\" .Ss Policy management @@ -196,17 +194,17 @@ during AH authentication data computation. The variable is for tweaking AH behavior to interoperate with devices that implement RFC1826 AH. It should be set to non-zero -.Pq clear the type-of-service field +(clear the type-of-service field) for RFC2402 conformance. .It Li ipsec.ah_offsetmask During AH authentication data computation, the kernel will include 16bit fragment offset field -.Pq including flag bits +(including flag bits) in IPv4 header, after computing logical AND with the variable. The variable is for tweaking AH behavior to interoperate with devices that implement RFC1826 AH. It should be set to zero -.Pq clear the fragment offset field during computation +(clear the fragment offset field during computation) for RFC2402 conformance. .It Li ipsec.dfbit The variable configures the kernel behavior on IPv4 IPsec tunnel encapsulation. @@ -217,7 +215,7 @@ The variable is supplied to conform to RFC2401 chapter 6.1. .It Li ipsec.ecn If set to non-zero, IPv4 IPsec tunnel encapsulation/decapsulation behavior will be friendly to ECN -.Pq explicit congestion notification , +(explicit congestion notification), as documented in .Li draft-ietf-ipsec-ecn-02.txt . .Xr gif 4 @@ -297,20 +295,16 @@ AH and tunnel mode encapsulation may not work as you might expect. If you configure inbound .Dq require policy against AH tunnel or any IPsec encapsulating policy with AH -.Po -like -.Dq Li esp/tunnel/A-B/use ah/transport/A-B/require -.Pc , +(like +.Dq Li esp/tunnel/A-B/use ah/transport/A-B/require ) , tunnelled packets will be rejected. This is because we enforce policy check on inner packet on reception, and AH authenticates encapsulating -.Pq outer +(outer) packet, not the encapsulated -.Pq inner +(inner) packet -.Po -so for the receiving kernel there's no sign of authenticity -.Pc . +(so for the receiving kernel there's no sign of authenticity). The issue will be solved when we revamp our policy engine to keep all the packet decapsulation history. .Pp diff --git a/share/man/man4/kame.4 b/share/man/man4/kame.4 index a4a0b17..e0f385c 100644 --- a/share/man/man4/kame.4 +++ b/share/man/man4/kame.4 @@ -39,13 +39,14 @@ software package is a result of joint work of several IPv6 researchers in Japan, to provide reference implementation of IPv6 to Berkeley Software Distribution -.Pq BSD -derived system such as BSD/OS, +.Pq Bx +derived system such as +.Bsx , .Fx , .Nx and .Ox -.Pq in alphabetical order . +(in alphabetical order). .Pp .\" Package consists of set of patches and additions to kernel, .\" modification to application, daemons, header files and libraries. @@ -148,11 +149,9 @@ You also can check out the IPv6 and IPsec chapters in the handbook. Also check latest status of project at web page: .Pa http://www.kame.net/ . -.Po -Hope you can see a +(Hope you can see a .Dq Dancing Turtle -.Li :-) -.Pc +.Li :-) ) .\" .Ss APIs introduced or modified .Xr if_indextoname 3 , diff --git a/share/man/man4/man4.i386/apm.4 b/share/man/man4/man4.i386/apm.4 index a19cb7f..949673c 100644 --- a/share/man/man4/man4.i386/apm.4 +++ b/share/man/man4/man4.i386/apm.4 @@ -64,7 +64,7 @@ Control execution of HLT in the kernel context switch routine. Get per battery information. .Pp Some APM implementations execute the HLT -.Pq Halt CPU until an interrupt occurs +(Halt CPU until an interrupt occurs) instruction in the .Dq Em Idle CPU call, while others do not. Thus enabling this may result in diff --git a/share/man/man4/man4.i386/io.4 b/share/man/man4/man4.i386/io.4 index 398e0bf..0e085c8 100644 --- a/share/man/man4/man4.i386/io.4 +++ b/share/man/man4/man4.i386/io.4 @@ -38,7 +38,7 @@ The special file .Pa /dev/io is a controlled security hole that allows a process to gain I/O privileges -.Pq which are normally reserved for kernel-internal code . +(which are normally reserved for kernel-internal code). Any process that holds a file descriptor on .Pa /dev/io open will get its diff --git a/share/man/man4/man4.i386/mse.4 b/share/man/man4/man4.i386/mse.4 index 3dc8cb0..64b2748 100644 --- a/share/man/man4/man4.i386/mse.4 +++ b/share/man/man4/man4.i386/mse.4 @@ -133,10 +133,12 @@ The driver accepts the following driver flag. Set it in the kernel configuration file -.Pq see Xr config 8 +(see +.Xr config 8 ) or in the User Configuration Menu at the boot time -.Pq see Xr boot 8 . +(see +.Xr boot 8 ) . .Pp .Bl -tag -width MOUSE .It bit 4..7 ACCELERATION @@ -260,7 +262,8 @@ is always set to -1. The .Dv accelfactor field holds a value to control acceleration feature -.Pq see Sx Acceleration . +(see +.Sx Acceleration ) . It is zero or greater. If it is zero, acceleration is disabled. .Pp diff --git a/share/man/man4/pcvt.4 b/share/man/man4/pcvt.4 index add327c..e0d18a9 100644 --- a/share/man/man4/pcvt.4 +++ b/share/man/man4/pcvt.4 @@ -70,10 +70,8 @@ to be also configured in the kernel. Almost full DEC .Tn VT220 functionality -.Po -moving towards -.Tn VT320 -.Pc +(moving towards +.Tn VT320 ) .It Completely independent virtual terminals for MDA/HGC/CGA/EGA and VGA .It @@ -97,11 +95,9 @@ Support for MDA, CGA, EGA and VGA display adaptors Support for 132 column operation on some VGA chipsets .It X Window Support for XFree86 -.Po -requires +(requires .Em XSERVER -to be defined -.Pc +to be defined) .El .Pp What it cannot: @@ -121,7 +117,7 @@ No VT52 support at all No 8-bit controls .It Only limited AT-keyboard -.Pq 84 keys +(84 keys) support .El .Ss Scrollback @@ -156,7 +152,7 @@ in the kernel source tree for detailed documentation. .Pp Note: the following conventions apply to all the Boolean options. If an option is given with no value, a value of 1 -.Pq activated +(activated) is substituted. If an option value is given as 0, this options is deactivated. @@ -188,7 +184,7 @@ Default: on If enabled, a blinking-star screensaver is used. If disabled, the screen is simply blanked -.Pq which might be useful for energy-saving monitors . +(which might be useful for energy-saving monitors). .Pp Default: on .It Em PCVT_CTRL_ALT_DEL @@ -205,9 +201,7 @@ Do NOT override a security lock for the keyboard. Default: on .It Em PCVT_24LINESDEF If enabled, the 25-line modi -.Po -VT emulation with 25 lines, and HP emulation with 28 lines -.Pc +(VT emulation with 25 lines, and HP emulation with 28 lines) default to 24 lines only to provide a better compatibility to the original DEV VT220 (TM). Thus it should be possible to use the terminal information for those terminals without further changes. @@ -413,7 +407,7 @@ Since the .Sq native character set of any IBM-compatible PC video board does not allow the full interpretation of DEC multinational character set or ISO Latin-1 -.Pq ISO 8859-1 , +(ISO 8859-1), this might be very useful for a U**X environment. .Pp .Bl -tag -width 20n -offset indent -compact @@ -466,7 +460,7 @@ CH_SET4, CH_SET5, CH_SET6, or CH_SET7, too. .Pp Note that there's a dependence between the font size and a possible screen height -.Pq in character rows , +(in character rows), depending on the video adaptor used: .Bd -literal Screen size (rows) on: EGA VGA @@ -561,7 +555,8 @@ Note that setting the number of columns to 132 is only supported on some VGA adaptors. Any unsupported numbers cause the ioctl to fail with .Va errno -.Pq see Xr intro 2 +(see +.Xr intro 2 ) being set to .Er EINVAL . .Pp @@ -689,7 +684,7 @@ Device nodes to access the .Nm driver .It Pa i386/isa/pcvt/pcvt_conf.h -.Pq relative to the kernel source tree +(relative to the kernel source tree) Documents the various compile-time options to tailor .Nm . .El diff --git a/share/man/man4/psm.4 b/share/man/man4/psm.4 index 8bff201..356b808 100644 --- a/share/man/man4/psm.4 +++ b/share/man/man4/psm.4 @@ -67,12 +67,14 @@ The .Nm driver allows the user to initially set the resolution via the driver flag -.Pq see Sx DRIVER CONFIGURATION +(see +.Sx "DRIVER CONFIGURATION" ) or change it later via the .Xr ioctl 2 command .Dv MOUSE_SETMODE -.Pq see Sx IOCTLS . +(see +.Sx IOCTLS ) . .Ss Report Rate Frequency, or report rate, at which the device sends movement and button state reports to the host system is also configurable. @@ -92,7 +94,8 @@ At the level zero the basic support is provided; the device driver will report horizontal and vertical movement of the attached device and state of up to three buttons. The movement and status are encoded in a series of fixed-length data packets -.Pq see Sx Data Packet Format . +(see +.Sx "Data Packet Format" ) . This is the default level of operation and the driver is initially at this level when opened by the user program. .Pp @@ -191,7 +194,8 @@ There are following kernel configuration options to control the .Nm driver. They may be set in the kernel configuration file -.Pq see Xr config 8 . +(see +.Xr config 8 ) . .Bl -tag -width MOUSE .It Em KBD_RESETDELAY=X , KBD_MAXWAIT=Y The @@ -229,7 +233,8 @@ driver accepts the following driver flags. Set them in the kernel configuration file or in the User Configuration Menu at the boot time -.Pq see Xr boot 8 . +(see +.Xr boot 8 ) . .Pp .Bl -tag -width MOUSE .It bit 0..3 RESOLUTION @@ -484,7 +489,8 @@ Typical resolutions are: The .Dv accelfactor field holds a value to control acceleration feature -.Pq see Sx Acceleration . +(see +.Sx Acceleration ) . It must be zero or greater. If it is zero, acceleration is disabled. .Pp The @@ -648,7 +654,8 @@ for known IDs. At debug level 1 more information will be logged while the driver probes the auxiliary port (mouse port). Messages are logged with the LOG_KERN facility at the LOG_DEBUG level -.Pq see Xr syslogd 8 . +(see +.Xr syslogd 8 ) . .Bd -literal -offset indent psm0: current command byte:xxxx kbdio: TEST_AUX_PORT status:0000 diff --git a/share/man/man4/splash.4 b/share/man/man4/splash.4 index 19d36a2..e4a2ee0 100644 --- a/share/man/man4/splash.4 +++ b/share/man/man4/splash.4 @@ -84,7 +84,8 @@ If the standard VGA video mode is used, the size of the bitmap must be 320x200 or less. If you enable the VESA mode support in the kernel, either by statically linking the VESA module or by loading the VESA module -.Pq see Xr vga 4 , +(see +.Xr vga 4 ) , you can load bitmaps up to a resolution of 1024x768, depending on the VESA BIOS and the amount of video memory on the video card. .Ss Screen saver @@ -145,7 +146,9 @@ on the AT 84 keyboard. You can change the .Ar saver key by modifying the keymap -.Pq see Xr kbdcontrol 1 , Xr keymap 5 , +(see +.Xr kbdcontrol 1 , +.Xr keymap 5 ) , and assign the .Ar saver function to a key of your preference. @@ -179,7 +182,8 @@ have the following line in the kernel configuration file. .Pp Next, edit .Pa /boot/loader.conf -.Pq see Xr loader.conf 5 +(see +.Xr loader.conf 5 ) and include the following lines: .Bd -literal -offset indent splash_bmp_load="YES" diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4 index c5f05e3..94d6d63 100644 --- a/share/man/man4/stf.4 +++ b/share/man/man4/stf.4 @@ -53,17 +53,15 @@ interface. The .Nm interface is necessary for site border router -.Po -called +(called .Dq 6to4 router -in the specification -.Pc . +in the specification). .Pp Due to the way 6to4 protocol is specified, .Nm interface requires certain configuration to work properly. Single -.Pq no more than 1 +(no more than 1) valid 6to4 address needs to be configured to the interface. .Dq A valid 6to4 address is an address which has the following properties. @@ -83,9 +81,9 @@ Since the specification forbids the use of IPv4 private address, the address needs to be a global IPv4 address. .It Subnet identifier portion -.Pq 48th to 63rd bit +(48th to 63rd bit) and interface identifier portion -.Pq lower 64 bits +(lower 64 bits) are properly filled to avoid address collisions. .El .Pp @@ -182,7 +180,8 @@ The following configuration accepts packets from IPv4 source .Li 9.1.0.0/16 only. It emits 6to4 packet only for IPv6 destination 2002:0901::/32 -.Pq IPv4 destination will match Li 9.1.0.0/16 . +(IPv4 destination will match +.Li 9.1.0.0/16 ) . .Bd -literal # ifconfig ne0 inet 9.1.2.3 netmask 0xffff0000 # ifconfig stf0 inet6 2002:0901:0203:0000:a00:5aff:fe38:6f86 \\ @@ -193,12 +192,12 @@ The following configuration uses the .Nm interface as an output-only device. You need to have alternative IPv6 connectivity -.Pq other than 6to4 +(other than 6to4) to use this configuration. For outbound traffic, you can reach other 6to4 networks efficiently via .Nm stf . For inbound traffic, you will not receive any 6to4-tunneled packets -.Pq less security drawbacks . +(less security drawbacks). Be careful not to advertise your 6to4 prefix to others .Pq Li 2002:8504:0506::/48 , and not to use your 6to4 prefix as a source. diff --git a/share/man/man4/syscons.4 b/share/man/man4/syscons.4 index 2b05dc3..ca685e4 100644 --- a/share/man/man4/syscons.4 +++ b/share/man/man4/syscons.4 @@ -363,10 +363,12 @@ The following driver flags can be used to control the .Nm driver. They can be set either in the kernel configuration file -.Pq see Xr config 8 , +(see +.Xr config 8 ) , or else in the User Configuration Menu at boot time -.Pq see Xr boot 8 . +(see +.Xr boot 8 ) . .Bl -tag -width bit_0 .\".It bit 0 (VISUAL_BELL) .\"Uses the ``visual'' bell. diff --git a/share/man/man4/sysmouse.4 b/share/man/man4/sysmouse.4 index 0e9493a..6174554 100644 --- a/share/man/man4/sysmouse.4 +++ b/share/man/man4/sysmouse.4 @@ -44,7 +44,8 @@ supplies mouse data to the user process in the standardized way via the .Nm driver. This arrangement makes it possible for the console and the user process -.Pq such as the Tn X\ Window System +(such as the +.Tn X\ Window System ) to share the mouse. .Pp The user process which wants to utilize mouse operation simply opens diff --git a/share/man/man4/tap.4 b/share/man/man4/tap.4 index fecd0a2..48f2bc3 100644 --- a/share/man/man4/tap.4 +++ b/share/man/man4/tap.4 @@ -56,7 +56,7 @@ the control device there); writing an Ethernet frame to the control device generates an input frame on the network interface, as if the -.Pq non-existent +(non-existent) hardware had just received it. .Pp The Ethernet tunnel device, normally @@ -91,14 +91,15 @@ amount of data provided to .Fn write . Writes will not block; if the frame cannot be accepted for a transient reason -.Pq e.g., no buffer space available , +(e.g., no buffer space available), it is silently dropped; if the reason is not transient -.Pq e.g., frame too large , +(e.g., frame too large), an error is returned. The following .Xr ioctl 2 calls are supported -.Pq defined in Aq Pa net/if_tap.h Ns : +(defined in +.Aq Pa net/if_tap.h ) : .Bl -tag -width VMIO_SIOCSETMACADDR .It Dv TAPSDEBUG The argument should be a pointer to an @@ -114,7 +115,7 @@ this stores the internal debugging variable's value into it. Turn non-blocking I/O for reads off or on, according as the argument .Va int Ns 's value is or isn't zero -.Pq Writes are always nonblocking . +(Writes are always nonblocking). .It Dv FIOASYNC Turn asynchronous I/O for reads (i.e., generation of @@ -171,7 +172,8 @@ address of the .Dq remote side. This command is used by VMware port and expected to be executed on a descriptor, associated with control device -.Pq usually Pa /dev/vmnet Ns Sy N . +(usually +.Pa /dev/vmnet Ns Sy N ) . .El .Pp The control device also supports diff --git a/share/man/man4/vga.4 b/share/man/man4/vga.4 index 44edef3..e7bb8cd 100644 --- a/share/man/man4/vga.4 +++ b/share/man/man4/vga.4 @@ -76,7 +76,8 @@ module can be dynamically loaded into the kernel using .Sh DRIVER CONFIGURATION .Ss Kernel Configuration Options The following kernel configuration options -.Pq see Xr config 8 +(see +.Xr config 8 ) can be used to control the .Nm driver. diff --git a/share/man/man5/a.out.5 b/share/man/man5/a.out.5 index a659ba7..027cf96 100644 --- a/share/man/man5/a.out.5 +++ b/share/man/man5/a.out.5 @@ -402,11 +402,9 @@ field hold one of two values: .Dv AUX_FUNC and .Dv AUX_OBJECT -.Po -see +(see .Aq Pa link.h -for their definitions -.Pc . +for their definitions). .Dv AUX_FUNC associates the symbol with a callable function, while .Dv AUX_OBJECT diff --git a/share/man/man5/link.5 b/share/man/man5/link.5 index 85c0e27..199591e 100644 --- a/share/man/man5/link.5 +++ b/share/man/man5/link.5 @@ -196,10 +196,8 @@ The location of the Procedure Linkage Table within this image. The location of an array of .Fa relocation_info structures -.Po -see -.Xr a.out 5 -.Pc +(see +.Xr a.out 5 ) specifying run-time relocations. .It Fa sdt_hash The location of the hash table for fast symbol lookup in this object's @@ -227,10 +225,8 @@ A structure describes a shared object that is needed to complete the link edit process of the object containing it. A list of such objects -.Po -chained through -.Fa sod_next -.Pc +(chained through +.Fa sod_next ) is pointed at by the .Fa sdt_sods @@ -256,10 +252,8 @@ specifies a library that is to be searched for by .Nm ld.so . The path name is obtained by searching a set of directories -.Po -see also -.Xr ldconfig 8 -.Pc +(see also +.Xr ldconfig 8 ) for a shared object matching .Em lib\&<sod_name>\&.so.n.m . If not set, @@ -340,10 +334,8 @@ struct nzlist { .Ed .Bl -tag -width nz_size .It Fa nlist -.Po -see -.Xr nlist 3 -.Pc . +(see +.Xr nlist 3 ) . .It Fa nz_size The size of the data represented by this symbol. .El diff --git a/share/man/man5/periodic.conf.5 b/share/man/man5/periodic.conf.5 index b30ad8f..39fc21d 100644 --- a/share/man/man5/periodic.conf.5 +++ b/share/man/man5/periodic.conf.5 @@ -346,10 +346,8 @@ Set to .Dq YES if you want to run .Xr df 1 -.Po -with the arguments supplied in -.Va daily_status_disks_df_flags -.Pc +(with the arguments supplied in +.Va daily_status_disks_df_flags ) and .Ic dump -W . .It Va daily_status_disks_df_flags diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 06bbad4..05b8b9e 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -168,11 +168,9 @@ if you are not running NIS. .It Va dhcp_program .Pq Vt str Path to the DHCP client program -.Po -.Pa /sbin/dhclient , +.Pa ( /sbin/dhclient , the ISC DHCP client, -is the default -.Pc . +is the default). .It Va dhcp_flags .Pq Vt str Additional flags to pass to the DHCP client program. @@ -1681,10 +1679,8 @@ at system boot time. .It Va sshd_program .Pq Vt str Path to the SSH server program -.Po -.Pa /usr/sbin/sshd -is the default -.Pc . +.Pa ( /usr/sbin/sshd +is the default). .It Va sshd_enable .Pq Vt bool Set to diff --git a/share/man/man7/ports.7 b/share/man/man7/ports.7 index c495c7c..52444d9 100644 --- a/share/man/man7/ports.7 +++ b/share/man/man7/ports.7 @@ -85,7 +85,7 @@ The following targets will be run automatically by each proceeding target in order. That is, .Ar build will be run -.Pq if necessary +(if necessary) by .Ar install , and so on all the way to @@ -108,7 +108,7 @@ Defining will skip this step. .It Ar depends Install -.Pq or compile if only compilation is necessary +(or compile if only compilation is necessary) any dependencies of the current port. When called by the .Ar extract or @@ -160,7 +160,7 @@ portion recurses to dependencies unless is defined, but the .Sq distclean portion never recurses -.Pq this is perhaps a bug . +(this is perhaps a bug). .It Ar reinstall Use this to restore a port after using .Xr pkg_delete 1 @@ -258,12 +258,10 @@ The full path to the package. .El .It Ev PREFIX Where to install things in general -.Po -usually +(usually .Pa /usr/local or -.Pa /usr/X11R6 -.Pc +.Pa /usr/X11R6 ) .It Ev MASTER_SITES Primary sites for distribution files if not found locally. .It Ev PATCH_SITES @@ -295,11 +293,9 @@ If defined, only operate on a port if it can be installed 100% automatically. .Bl -tag -width /usr/ports/xxxx -compact .It Pa /usr/ports The default ports directory -.Po -.Fx +.No ( Fx and -.Ox -.Pc . +.Ox ) . .It Pa /usr/pkgsrc The default ports directory (NetBSD). .It Pa /usr/ports/Mk/bsd.port.mk @@ -324,7 +320,7 @@ The handbook .Pp http://www.FreeBSD.org/ports -.Pq searchable index of all ports +(searchable index of all ports) .Sh AUTHORS .An -nosplit This man page was originated by diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index 187c8b6..a58e5e4 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -37,10 +37,8 @@ detection is one of the single most important aspects of any security mechanism. For example, it makes little sense to set the .Pa schg flags -.Po -see -.Xr chflags 1 -.Pc +(see +.Xr chflags 1 ) on every system binary because while this may temporarily protect the binaries, it prevents a hacker who has broken in from making an easily detectable change that may result in your security mechanisms not @@ -81,9 +79,7 @@ sysadmins still run standard telnetd, rlogind, rshd, and ftpd servers on their machines. These servers, by default, do not operate over encrypted connections. The result is that if you have any moderate-sized user base, one or more of your users logging into your system from a remote location -.Po -which is the most common and convenient way to login to a system -.Pc +(which is the most common and convenient way to login to a system) will have his or her password sniffed. The attentive system admin will analyze his remote access logs looking for suspicious source addresses @@ -157,7 +153,8 @@ Of course, as a sysadmin you have to be able to get to root, so we open up a few holes. But we make sure these holes require additional password verification to operate. One way to make root accessible is to add appropriate staff accounts to the wheel group -.Pq in Pa /etc/group . +(in +.Pa /etc/group ) . The staff members placed in the wheel group are allowed to .Sq su @@ -194,7 +191,7 @@ key pair. When you use something like kerberos you generally must secure the machines which run the kerberos servers and your desktop workstation. When you use a public/private key pair with ssh, you must generally secure the machine you are logging in FROM -.Pq typically your workstation , +(typically your workstation), but you can also add an additional layer of protection to the key pair by password protecting the keypair when you create it with @@ -228,7 +225,7 @@ changing a password on N machines can be a mess. You can also impose re-passwording restrictions with kerberos: not only can a kerberos ticket be made to timeout after a while, but the kerberos system can require that the user choose a new password after a certain period of time -.Pq say, once a month . +(say, once a month). .Sh SECURING ROOT - ROOT-RUN SERVERS AND SUID/SGID BINARIES The prudent sysadmin only runs the servers he needs to, no more, no less. Be aware that third party servers are often the most bug-prone. For example, @@ -260,7 +257,7 @@ There are a number of other servers that typically do not run in sandboxes: sendmail, popper, imapd, ftpd, and others. There are alternatives to some of these, but installing them may require more work then you are willing to put -.Pq the convenience factor strikes again . +(the convenience factor strikes again). You may have to run these servers as root and rely on other mechanisms to detect break-ins that might occur through them. @@ -277,12 +274,12 @@ While nothing is 100% safe, the system-default suid and sgid binaries can be considered reasonably safe. Still, root holes are occasionally found in these binaries. A root hole was found in Xlib in 1998 that made xterm -.Pq which is typically suid +(which is typically suid) vulnerable. It is better to be safe then sorry and the prudent sysadmin will restrict suid binaries that only staff should run to a special group that only staff can access, and get rid of -.Pq chmod 000 +.Pq Li "chmod 000" any suid binaries that nobody uses. A server with no display generally does not need an xterm binary. Sgid binaries can be almost as dangerous. If an intruder can break an sgid-kmem binary the @@ -319,11 +316,9 @@ attacker cannot obtain root-write access. .Pp Your security scripts should always check for and report changes to the password file -.Po -see +(see .Sq Checking file integrity -below -.Pc . +below). .Sh SECURING THE KERNEL CORE, RAW DEVICES, AND FILESYSTEMS If an attacker breaks root he can do just about anything, but there are certain conveniences. For example, most modern kernels have a @@ -442,19 +437,15 @@ idea. The and .Sq nosuid options -.Po -see -.Xr mount 8 -.Pc +(see +.Xr mount 8 ) are what you want to look into. I would scan them anyway at least once a week, since the object of this layer is to detect a break-in whether or not the breakin is effective. .Pp Process accounting -.Po -see -.Xr accton 8 -.Pc +(see +.Xr accton 8 ) is a relatively low-overhead feature of the operating system which I recommend using as a post-break-in evaluation mechanism. It is especially useful in tracking down how an intruder has @@ -493,10 +484,8 @@ Kernel Route Cache A common DOS attack is against a forking server that attempts to cause the server to eat processes, file descriptors, and memory until the machine dies. Inetd -.Po -see -.Xr inetd 8 -.Pc +(see +.Xr inetd 8 ) has several options to limit this sort of attack. It should be noted that while it is possible to prevent a machine from going down it is not generally possible to prevent a service from being disrupted @@ -557,7 +546,7 @@ firewall everything *except* ports A, B, C, D, and M-Z This way you can firewall off all of your low ports except for certain specific services such as named -.Pq if you are primary for a zone , +(if you are primary for a zone), ntalkd, sendmail, and other internet-accessible services. If you try to configure the firewall the other @@ -572,15 +561,13 @@ without compromising your low ports. Also take note that allows you to control the range of port numbers used for dynamic binding via the various net.inet.ip.portrange sysctl's -.Pq sysctl -a \&| fgrep portrange , +.Pq Li "sysctl -a | fgrep portrange" , which can also ease the complexity of your firewall's configuration. I usually use a normal first/last range of 4000 to 5000, and a hiport range of 49152 to 65535, then block everything under 4000 off in my firewall -.Po -except for certain specific -internet-accessible ports, of course -.Pc . +(except for certain specific +internet-accessible ports, of course). .Pp Another common DOS attack is called a springboard attack - to attack a server in a manner that causes the server to generate responses which then overload @@ -628,7 +615,7 @@ If your servers are connected to the internet via a T3 or better it may be prudent to manually override both rtexpire and rtminexpire via .Xr sysctl 8 . Never set either parameter to zero -.Pq unless you want to crash the machine :-) . +(unless you want to crash the machine :-)). Setting both parameters to 2 seconds should be sufficient to protect the route table from attack. .Sh ACCESS ISSUES WITH KERBEROS AND SSH diff --git a/share/man/man9/cd.9 b/share/man/man9/cd.9 index 0047c26..6e9e93e 100644 --- a/share/man/man9/cd.9 +++ b/share/man/man9/cd.9 @@ -64,7 +64,7 @@ driver. .It Dv CD_Q_BCD_TRACKS This flag is for broken drives that return the track numbers in packed BCD instead of straight decimal. If the drive seems to skip tracks -.Pq tracks 10-15 are skipped +(tracks 10-15 are skipped) then you have a drive that is in need of this flag. .It Dv CD_Q_NO_CHANGER This flag tells the driver that the device in question is not a changer. diff --git a/share/man/man9/ifnet.9 b/share/man/man9/ifnet.9 index dab3a76..b015ba0 100644 --- a/share/man/man9/ifnet.9 +++ b/share/man/man9/ifnet.9 @@ -628,11 +628,9 @@ The local address of the interface. .Pq Li "struct sockaddr *" The remote address of point-to-point interfaces, and the broadcast address of broadcast interfaces. -.Po -.Li ifa_broadaddr +.Li ( ifa_broadaddr is a macro for -.Li ifa_dstaddr . -.Pc +.Li ifa_dstaddr . ) .It Li ifa_netmask .Pq Li "struct sockaddr *" The network mask for multi-access interfaces, and the confusion diff --git a/share/man/man9/mbuf.9 b/share/man/man9/mbuf.9 index 5ff0c5e..985b452 100644 --- a/share/man/man9/mbuf.9 +++ b/share/man/man9/mbuf.9 @@ -114,7 +114,7 @@ An mbuf is a basic unit of memory management in the kernel IPC subsystem. Network packets and socket buffers are stored in mbufs. A network packet may span multiple mbufs arranged into a chain -.Pq linked list , +(linked list), which allows adding or trimming network headers with little overhead. .Pp @@ -279,10 +279,8 @@ is set to a failed allocation will result in the caller being put to sleep for a designated kern.ipc.mbuf_wait -.Po -.Xr sysctl 8 -tunable -.Pc +.Xr ( sysctl 8 +tunable) number of ticks. A number of other mbuf-related functions and macros have the same argument because they may @@ -303,7 +301,7 @@ This macro operates on an mbuf chain. It is an optimized wrapper for .Fn m_prepend that can make use of possible empty space before data -.Pq "e.g. left after trimming of a link-layer header" . +(e.g. left after trimming of a link-layer header). The new chain pointer or .Dv NULL is in @@ -404,7 +402,7 @@ so they are accessible with Return the new chain on success, .Dv NULL on failure -.Pq the chain is freed in this case . +(the chain is freed in this case). .Sy Note : It doesn't allocate any clusters, so .Fa len diff --git a/share/man/man9/mi_switch.9 b/share/man/man9/mi_switch.9 index 85f69d1..7c11f8d 100644 --- a/share/man/man9/mi_switch.9 +++ b/share/man/man9/mi_switch.9 @@ -74,7 +74,7 @@ voluntarily relinquishes the CPU to wait for some resource to become available. .It after handling a trap -.Pq e.g. a system call, device interrupt +(e.g. a system call, device interrupt) when the kernel prepares a return to user-mode execution. This case is typically handled by machine dependent trap-handling code after detection @@ -86,7 +86,8 @@ the machine defined .Fn need_resched . .It in the signal handling code -.Pq see Xr issignal 9 +(see +.Xr issignal 9 ) if a signal is delivered that causes a process to stop. .El .Pp @@ -94,7 +95,8 @@ if a signal is delivered that causes a process to stop. records the amount of time the current process has been running in the process structure and checks this value against the CPU time limits allocated to the process -.Pq see Xr getrlimit 2 . +(see +.Xr getrlimit 2 ) . Exceeding the soft limit results in a .Dv SIGXCPU signal to be posted to the process, while exceeding the hard limit will diff --git a/share/man/man9/psignal.9 b/share/man/man9/psignal.9 index c628bc1..da0e993 100644 --- a/share/man/man9/psignal.9 +++ b/share/man/man9/psignal.9 @@ -83,14 +83,15 @@ The target process is currently ignoring the signal. .It If a stop signal is sent to a sleeping process that takes the default action -.Pq see Xr sigaction 2 , +(see +.Xr sigaction 2 ) , the process is stopped without awakening it. .It .Dv SIGCONT restarts a stopped process -.Pq or puts them back to sleep +(or puts them back to sleep) regardless of the signal action -.Pq e.g., blocked or ignored . +(e.g., blocked or ignored). .El .Pp If the target process is being traced diff --git a/share/man/man9/sleep.9 b/share/man/man9/sleep.9 index 366101d..3aa8080 100644 --- a/share/man/man9/sleep.9 +++ b/share/man/man9/sleep.9 @@ -109,7 +109,8 @@ is returned if the current system call should be restarted if possible, and .Er EINTR is returned if the system call should be interrupted by the signal -.Pq return Er EINTR . +(return +.Er EINTR ) . .Pp .Nm Msleep is a variation on tsleep. The parameter diff --git a/share/man/man9/style.9 b/share/man/man9/style.9 index bb034bc..643912f 100644 --- a/share/man/man9/style.9 +++ b/share/man/man9/style.9 @@ -133,11 +133,9 @@ all in lowercase and the macro has the same name all in uppercase. .\" functions are used. If a macro needs more than a single line, use braces -.Po -.Sq \&{ +.Sq ( \&{ and -.Sq \&} -.Pc . +.Sq \&} ) . Right-justify the backslashes; it makes it easier to read. If the macro encapsulates a compound statement, enclose it in a @@ -528,11 +526,9 @@ The usage statement should be structured in the following order: Options without operands come first, in alphabetical order, inside a single set of brackets -.Po -.Sq \&[ +.Sq ( \&[ and -.Sq \&] -.Pc . +.Sq \&] ) . .It Options with operands come next, also in alphabetical order, diff --git a/share/termcap/termcap.5 b/share/termcap/termcap.5 index dcca69e..669ba00 100644 --- a/share/termcap/termcap.5 +++ b/share/termcap/termcap.5 @@ -1112,9 +1112,9 @@ Terminals that use .Dq %.\& need to be able to backspace the cursor -.Po Sy \&le Pc +.Pq Sy \&le and to move the cursor up one line on the screen -.Po Sy \&up Pc . +.Pq Sy \&up . This is necessary because it is not always safe to transmit .Sy \&\en , .Sy \&^D , |