Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r261832-261834:

r261832:
Add cross references between rc.conf(5) and jail.conf(5).

r261833:
Add commas (,) to the list in the SEE ALSO section, to match most
other manuals.

r261834:
Bump .Dd forgotten in r261832.

MFC r256775,r256776:
Add support for "first boot" rc.d scripts.

Document this new functionality in rc.conf(5) and rc(8).

Bump __FreeBSD_version so that ports can make use of this.

MFC r253290:
Document that a literal jail name of 0 (zero) is not allowed.

PR: 174436
Approved by: re (glebius)

MFC 251584:

Add :ifname modifier to specify interface-specific routes into
{,ipv6_}static_routes and rc.d/routing. For example:

static_routes="foo bar:em0"
route_foo="-net 10.0.0.0/24 -gateway 192.168.2.1"
route_bar="-net 192.168.1.0/24 -gateway 192.168.0.2"

At boot time, all of the static routes are installed as before.
The differences are:

- "/etc/rc.d/netif start/stop <if>" now configures static routes
with :<if> if any.
- "/etc/rc.d/routing start/stop <af> <if>" works as well. <af> cannot be
omitted when <if> is specified, but a keyword "any" or "all" can be used
for <af> and <if>.

MFC 242184:

Add setfib(1) support for services as <name>_fib in rc.conf.

MFC 230453, 230726, 252015, 252426:

- ipv6_enable + ipv6_gateway_enable should unset ACCEPT_RTADV by default for
backward compatibility.

- Configurations in ipv6_prefix_IF should be recognized even if there is no
ifconfig_IF_ipv6.

- DAD wait should be performed at once, not on a per-interface basis, if
possible. This fixes an issue that a system with a lot of IPv6-capable
interfaces takes too long for booting.

- Add CIDR notation support like 192.168.1-2.10-16/24 to $ifconfig_IF_aliasN.
This is an extended version of ipv4_addr_IF which supports both IPv4 and
IPv6, and multiple range specifications. To avoid to generate too many
addresses, the maximum number of the generated addresses is currently
limited to 31.

- Add $ifconfig_IF_aliases, which accepts multiple IP aliases in a variable.

- ipv6_prefix_IF now supports !/64 prefix length. In addition to the old
64-bit format (2001:db8:1:1), a full 128-bit format like 2001:db8:1:1::/64
is supported.

- Replace ifconfig command with $IFCONFIG_CMD variable to support
a dry-run mode in the future.

- Remove IP aliases before removing all of IPv4 addresses when doing
"rc.d/netif down".

- Add a DAD wait to network6_getladdr() because it is possible to fail to
configure an EUI64 address when ipv6_prefix_IF is specified.

MFC r249591:
Document jail_<jname>_parameters option.

The description explains why we should not configure "path",
"host.hostname", "command", "ip4.addr" and ip6.addr" parameters with
this, but rather use the historical rc.conf(5) options.

MFC r238707:
Document the following in rc.conf.5:
- rtsold_enable
- rtsold_flags
- rtsol_flags

Approved by: re (kib)

MFC r235337:

General mdoc(7) and typo fixes.

PR: 167804

MFC r232157, r232158:

r232157:
Fix various typos in manual pages.

Submitted by: amdmi3
PR: 165431

r232158:
Whitespace cleanup:
o Wrap sentences on to new lines
o Cleanup trailing whitespace

MFC r231667:

Add new functionality to the force_depend method.

MFC r231194:

Add a knob to always load the default rulesets. While I'm here document
the other devfs_ knobs in rc.conf.5.

MFC r228457:

The "inet" keyword in the "ifconfig_IF_aliasN" is mandatory for
IPv4 aliases to work since network.subr@197139.

Approved by: re (bz)

MFC r226649, 226651, 226652, 226653:
- Fix an issue that 127/8 is not configured when $ifconfig_DEFAULT is not empty.
- Add description that IPv6 configuration will be ignored if $ifconfig_IF_ipv6
is empty.
- Move a configuration example "inet6 accept_rtadv" to just after the manual
GUA configuration.
- Add an example of $ipv6_prefix_IF.
- Add support for removing addresses added by ipv6_prefix_hostid_addr_up()
upon rc.d/netif stop.

Approved by: re (bz)

MFC r226654, r226657, r226658:

MFC r226654 [1]:
Add etc/rc.d/static_ndp, analogous to etc/rc.d/static_arp.
Make sure that static ARP and NDP bindings are set before NETWORKING.

As static_ndp is based on static_arp, pass copyright to the project with
permission of the original author (delphij@).

MFC r226657 [2]:
Correctly reassign copyright of etc/rc.d/static_ndp back to delphij@
as the project itself is no legal entity

MFC r226658 [3]:
Add information about static_ndp_pairs to rc.conf(5) manual page

Reviewed by: Xin Li <delphij@FreeBSD.org> [1]
Reported by: Joe Dahl <joel@vnode.se> [2]
Submitted by: Sergey Kandaurov <pluknet@FreeBSD.org> [3]
Approved by: re (kib)

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

- Document $ipv6_cpe_wanif.
- Emphasize $ipv6_enable and $ipv6_prefer are deprecated.
- Add more detail descriptions about $ipv6_activate_all_interfaces.
- Add some more examples of $ifconfig_IF_ipv6.
- rtsold(8) and rtadvd(8) can be used even when ipv6_gateway_enable=NO now.

Approved by: re (kib)

Correct the RFC number for the description of IPv6 privacy addressing

Reviewed by: bz
Approved by: re (kib)

Add the netwait rc.d script. It waits for the specified period for the
network to become active.

PR: conf/151063
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>

Add rc.d/kld to load kernel modules after local disks are up.
This method is many times faster than doing it in /boot/loader.conf.

Add missing section number for .Xr jail.

MFC after: 3 days

Update man pages related to the change in default NFS client
applied by r221124. I also deleted references to idmapd, since that
daemon no longer exists.
This is a content change.

Introduce to rc.subr get_pidfile_from_conf(). It does just what it sounds
like, determines the path to a pid file as it is specified in a conf file.

Use the new feature for rc.d/named and rc.d/devd, the 2 services in the
base that list their pid files in their conf files.

Remove the now-obsolete named_pidfile, and warn users if they have it set.

Add missing section number for .Xr rc.

Pointed out by: keramida
Approved by: keramida (mentor)

Document rc.conf.d in rc.conf(5).

PR: 140495
Submitted by: Tom Judge (tom of tomjudge com)
Approved by: keramida (mentor)
MFC after: 2 weeks

Fix a typo.

Submitted by: Garrett Cooper

Add gptboot_enable rc variable, which allows to turn gptboot reporting off in
case user wants to implement his own actions and doesn't want the attributes to
vanish.

Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
MFC after: 3 days

Remove references to the long-gone ramdisk

Submitted by: Garrett Cooper <yanegomi@gmail.com>

Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.

The $ip6addrctl_policy is a variable to choose a pre-defined address
selection policy set by ip6addrctl(8).
The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
respectively. When "AUTO" is specified, it attempts to read
/etc/ip6addrctl.conf first. If it is found, it reads and installs it as
a policy table. If not, either of the two pre-defined policy tables is
chosen automatically according to $ipv6_activate_all_interfaces.

When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
$ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.

The default values are ip6addrctl_policy=AUTO and
ipv6_activate_all_interfaces=NO.

Discussed with: ume and bz

Add $ipv6_privacy to support net.inet6.ip6.use_tempaddr. Note that this
will be replaced with a per-IF version later.

Based on: changes in r206408 by dougb

Revert changes in r206408.

Discussed with: dougb, core.5, and core.6

Note in rc.conf(5) that jail_list should contain only alphanumeric
characters.

PR: 150098
Submitted by: cc (cpt_complain at yahoo dot com)
Approved by: keramida (mentor)
MFC after: 1 week

Correctly sort usbconfig(8) within the SEE ALSO section.

Noticed by: dougb
MFC after: 3 days

Update references from nonexistent usbconfig(1) to usbconfig(8).

PR: docs/149221
Submitted by: Lars Hartmann (lars at chaotika dot org)
MFC after: 3 days

Fix a bunch of typos and spelling mistakes.

Bump document for content change in r210002.

In the example for how to create a VLAN, also include an example of
setting the IP address. While it is documented earlier in rc.conf(5)
that the '.' in the VLAN name becomes a '_' in rc.conf, this may not be
easy to find when just using rc.conf(5) as reference documentation.

MFC after: 1 week

Better handling of ipv6_default_interface using
net.inet6.ip6.use_defaultzone=1. Now, it works IPv6 link-local
unicast addresses as well as IPv6 link-local multicast addresses.

MFC after: 1 week

In case a user wants to configure only an IPv6 link-local address
add an example that shows how to do it.

Nuke the descriptions about ipv6_firewall_* as they were unified
into firewall_*.

MFC after: 3 days

Add rc.d/ubthidhci. This small script calls usbconfig(1) to change a USB
Bluetooth controller from HID mode to HCI mode.

MFC after: 1 week

Improve the handling of IPv6 configuration in rc.d. The ipv6_enable
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.

With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.

Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].

1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.

2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.

3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.

4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.

5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).

6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.

7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.

8. In /etc/defaults/rc.conf:

Add an example for RTADV configuration.

Set ipv6_network_interfaces to AUTO.

Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.

Add a default for ipv6_privacy (NO).

9. Document all of this in rc.conf.5.

Redirect stdin from /dev/null when starting a jail:
At least in RELENG_7 this fixes some start problems for some programs
from the ports. It is also more correct, as a jail shall not expect
input (interactivity) from the jail-host.

Revert the current behavior of starting jails in the background and
make it optional only for the start of jails (jail_parallell_start=YES
in rc.conf):
- The stop can not be done in the background, the system needs to wait
until everything is stopped correctly before it can reboot or power
down.
- The start should not be done in parallel by default, this not only
breaks POLA for people comming from RELENG_x, it may also break a
dependency chain with other scripts in the jail-host, which need to
do some stuff after the jails are up and running (e.g. hardlinking
a mysql socket from one jail into another one).

Discussed on: freebsd-jails@

Please welcome HAST - Highly Avalable Storage.

HAST allows to transparently store data on two physically separated machines
connected over the TCP/IP network. HAST works in Primary-Secondary
(Master-Backup, Master-Slave) configuration, which means that only one of the
cluster nodes can be active at any given time. Only Primary node is able to
handle I/O requests to HAST-managed devices. Currently HAST is limited to two
cluster nodes in total.

HAST operates on block level - it provides disk-like devices in /dev/hast/
directory for use by file systems and/or applications. Working on block level
makes it transparent for file systems and applications. There in no difference
between using HAST-provided device and raw disk, partition, etc. All of them
are just regular GEOM providers in FreeBSD.

For more information please consult hastd(8), hastctl(8) and hast.conf(5)
manual pages, as well as http://wiki.FreeBSD.org/HAST.

Sponsored by: FreeBSD Foundation
Sponsored by: OMCnet Internet Service GmbH
Sponsored by: TransIP BV

Introduce new rc.conf variable firewall_coscripts. It can be used to
specify list of executables and/or rc scripts that should be executed
after firewall starts/stops.

Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru>
Reviewed by: rhodes, rc@
MFC after: 1 week

Add support for configuring vlan(4) interfaces as child devices similar to
wlan(4) interfaces. vlan(4) interfaces are listed via a new 'vlans_<IF>'
variable. If a vlan interface is a number, then that number is treated as
the vlan tag for the interface and the interface will be named '<IF>.<tag>'.
Otherwise, the vlan tag must be provided via a vlan parameter in a
'create_args_<vlan>' variable.

While I'm here, fix a few nits in rc.conf(5) and mention create_args_<IF> in
the description of cloned_interfaces.

Reviewed by: brooks
MFC after: 2 weeks

In r199127/r199152 I forgot to bump .Dd

s/a default/the default/

Submitted by: remko

Add a note about no hostname leading to "Amnesiac" on the console

The text is inspired by the PR, but more in line with the existing text

PR: docs/140434
Submitted by: Jason Helfman <jhelfman@e-e.com>

Fixed a markup bug.

Fix several logic bugs in the previous IPv6 variable change and
re-add $ipv6_enable support for backward compatibility. From
UPDATING:

1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
for IPv4. For aliases, $ifconfig_IF_aliasN should be used.
Note that both variables need the "inet6" keyword at the head.

Do not set $ipv6_network_interfaces manually if you do not
understand what you are doing. It is not needed in most cases.

$ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
they are obsolete.

2. $ipv6_enable is obsolete. Use $ipv6_prefer and/or
"inet6 accept_rtadv" keyword in ifconfig(8) instead.

If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
all configured interfaces have "inet6 accept_rtadv" in the
$ifconfig_IF_ipv6. These are for backward compatibility.

3. A new variable $ipv6_prefer has been added. If NO, IPv6
functionality of interfaces with no corresponding
$ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
and the default address selection policy of ip6addrctl(8)
is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
Note that if you want to configure IPv6 functionality on the
disabled interfaces after boot, first you need to clear the flag by
using ifconfig(8) like:

ifconfig em0 inet6 -ifdisabled

If YES, the default address selection policy is set as
IPv6-preferred.

The default value of $ipv6_prefer is NO.

4. If your system need to receive Router Advertisement messages,
define "inet6 accept_rtadv" in $ifconfig_IF_ipv6. The rc(8)
scripts automatically invoke rtsol(8) when the interface becomes
UP. The Router Advertisement messages are used for SLAAC
(State-Less Address AutoConfiguration).

Add a knob to show 'Starting foo:' messages when faststart is used,
such as at boot time.

The following changes are added because of
network_ipv6->rc.d/netif integration:

- $ipv6_enable is now obsolete. Instead, IPv6 is enabled by
default if the kernel supports it, and $ipv6_network_interfaces
is "none" by default. If you want to use IPv6, define
$ipv6_network_interfaces and $ifconfig_xxx_ipv6.

An interface which is in $network_interfaces and not in
$ipv6_network_interfaces will be marked as "inet6
-auto_linklocal ifdisabled" (see ifconfig(8)).

- $ipv6_ifconfig_xxx is renamed to ifconfig_xxx_ipv6 for
consistency with other address families. The old variables
still work but can be removed in the future. Note that
ipv6_ifconfig_xxx="..." should be replaced with
ifconfig_xxx_ipv6="inet6 ...".

- Receiving ICMPv6 Router Advertisement is not automatically
enabled even if there is no manual configuration of IPv6 in
rc.conf. If you want it, define
ifconfig_xxx_ipv6="inet6 ... accept_rtadv".

- The rc.d/ip6addrctl now chooses address selection policy based
on $ipv6_prefer, not $ipv6_enable. The default is
ipv6_prefer=NO.

- $router* and $ipv6_router* are replaced with $routed_* and
$route6d_* for consistency. The old variables still work but
can be removed in the future.

MFC after: 3 days

Add a new rc.d script, static_arp, which enables the administrator to
statically bind IPv4 <-> MAC address at boot time.

In order to use this, the administrator needs to configure the following
rc.conf(5) variable:

- static_arp_pairs: A list of names for static bind pairs, and,
- a series of static_arp_(name): the arguments that is being passed to
``arp -S'' operation.

Example:
static_arp_pairs="gw"
static_arp_gw="192.168.1.1 00:01:02:03:04:05"

See the rc.conf(5) manual page for more details.

Reviewed by: -rc@
MFC after: 2 weeks

1. New feature; option to have the script loop until a specified hostname
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.

Added (pre|post)(start|stop) jail hooks. These can be used to run
arbitrary commands (outside the jail) associated with said events,
e.g. to bring up/down CARP interfaces representing services run in
jails.

Reviewed by: simon

o Correct geli(8) command line.

PR: docs/133961
Submitted by: Aldis Berjoza
MFC after: 1 week

Add support for setting the debug flags on wlan interfaces after the are
created using wlandebug_<ifn> variables.

Rename the rc.conf(5) knob if_up_delay to defaultroute_delay to better
reflect its purpose.

Backout change 187782. It inhibits ntpd from starting at all
when ntpd_sync_on_start is set.

Noticed by: rafan

Bump .Dd for r187782.

When synchronizing the clock at system startup time, use both
the -g and -q options. They do a slightly different thing and
both are necessary when the time difference is large.

Noticed by: danger, in the forums
Approved by: roberto
MFC after: 1 week

Update jail startup script for multi-IPv4/v6/no-IP jails.

Note: this is only really necessary because of the ifconfig
logic to add/remove the jail IPs upon start/stop.
Consensus among simon and I is that the logic should
really be factored out from the startup script and put
into a proper management solution.

- We now support starting of no-IP jails.
- Remove the global jail_<jname>_netmask option as it is only
helpful to set netmasks/prefixes for the right address
family and per address.
- Implement jail_<jname>_ip options to support both
address familes with regard to ifconfig logic.
- Implement _multi<n> support suffix to the jail_<jname>_ip
option to configure additional addresses to avoid overlong,
unreadbale jail_<jname>_ip lines with lots of addresses.

Submitted by: initial work from Ruben van Staveren
Discussed on: freebsd-jail in Nov 2008.
Reviewed by: simon, ru (partial, older version)
MFC after: 1 week

Change IP addresses/prefixes to be from "Test-Net" (IPv4 documentation
prefix 192.0.2.0/24) rather than from private-use networks.

MFC after: 1 week

The description of the various securelevels has moved to the
security.7 manpage a while ago.

MFC after: 1 week
Noticed by: simon

Undocument dead option.

MFC after: 3 days

Allow a jail's IP alias to be created with an arbitrary netmask.

MFC after: 3 days

Change the wording to prefer 'forwarding' but still retain the word routing for
clarity.

Suggested by: dougb

Allow a jail to be started with a specific route fib.

Reviewed by: secteam (simon)
Reviewed by: brooks, bz

Rename the RCng 'kernel' script to 'kernel_symlink'.

Requested by: many

Only symlink booted kernel directory to /boot/kernel if user has explicitly
requested it. This is too dangerous to just do behind the admin's back.

To catch up with rev 179872: rename enable_quotas to quota_enable.

Remove ISDN4BSD (I4B) from HEAD as it is not MPSAFE and
parts relied on the now removed NET_NEEDS_GIANT.
Most of I4B has been disconnected from the build
since July 2007 in HEAD/RELENG_7.

This is what was removed:
- configuration in /etc/isdn
- examples
- man pages
- kernel configuration
- sys/i4b (drivers, layers, include files)
- user space tools
- i4b support from ppp
- further documentation

Discussed with: rwatson, re

Change the default value of synchronous_dhclient to NO.

To preserve the existing behavior of etc/rc.d/netif, add code to wait
up to if_up_delay seconds (30 seconds by default) for a default route to
be configured if there are any dhcp interfaces. This should be extended
to test that the interface is actually up.

X-MFC after:

Replace the prototype vaps_<ifn> and vap_create_<ifn> variables with
more wlans_<ifn> and create_args_<ifn>

Add documentation for these variants and generally update the wireless
device example.

There is are very short lived shim from vaps_<ifn> which produces
a warning and vap_create_<ifn> which does not. Misuse the MFC
notification service to remind me to remove them.

MFC after: 3 weeks

Update .Dd

Pointed out by: Niclas Zeising <niclas-dot-zeising-at-gmail.com>
MFC after: 1 week

Add rfcomm_pppd_server rc script to allow start rfcomm_pppd(8) in server
mode at boot time. Multiple profiles can be started at the same time.
The whole idea is very similar to the ppp rc script.

Document Bluetooth knobs in rc.conf(5)

MFC after: 1 week

Add support for hardwiring ppp sessions to particular devices with new
per-profile variables of the form ppp_<profile>_unit. No ppp_unit
variable is supported since tying the same unit to more than one profile
won't work.

PR: conf/122127
MFC after: 1 week

Allow the characters .-+/ to appear in ppp profile names by folding them
to _ when evaluating ppp_<profile>_nat and ppp_<profile>_mode. Document
the per-profile variables.

PR: conf/121452, conf/122127 (partial)
MFC after: 1 week

Use the new command file feature of ddb(8) to support setting ddb(4)
scripts at boot. This is currently disabled by default. /etc/ddb.conf
contains some potentially reasonable default scripts.

PR: conf/119995
Submitted by: Scot Hetzel <swhetzel at gmail dot com> (Earlier version)
X-MFC after: textdumps

Add a dummynet_enable knob to go with firewall_enable. If this knob
is enabled dummynet(4) is added to the list of required modules.

Discussed on: #freebsd-bugbusters (rwatson, trhodes)
PR: conf/79196
MFC after: 1 week

- Document firewall_nat_enable related settings.

Tested by: AB
MFC after: 1 month

o From the Problem Report: the TCP_DROP_SYNFIN kernel option is now
included in the kernel by default. Remove reference to this option
from defaults/rc.conf and rc.conf(5).

PR: conf/119098
Submitted by: Beat Gaetzi
MFC after: 1 week

Actually the keyword tells network.subr to launch wpa_supplicant on the
selected interface. wpa_supplicant does not only handle WPA
authentication but also EAP/LEAP as well as WEP encryption or no
encryption at all. The patch clarifies this.

PR: 117046
Submitted by: lme
Reviewed by: bruffer
Approved by: jkois (mentor)

Backout sensors framework.

Requested by: phk
Discussed on: cvs-all

Remove trailing whitespace.

Import OpenBSD's sysctl hardware sensors framework.

This commit includes the following core components:

* sample configuration file for sensorsd
* rc(8) script and glue code for sensorsd(8)
* sysctl(3) doc fixes for CTL_HW tree
* sysctl(3) documentation for hardware sensors
* sysctl(8) documentation for hardware sensors
* support for the sensor structure for sysctl(8)
* rc.conf(5) documentation for starting sensorsd(8)
* sensor_attach(9) et al documentation
* /sys/kern/kern_sensors.c
o sensor_attach(9) API for drivers to register ksensors
o sensor_task_register(9) API for the update task
o sysctl(3) glue code
o hw.sensors shadow tree for sysctl(8) internal magic
* <sys/sensors.h>
* HW_SENSORS definition for <sys/sysctl.h>
* sensors display for systat(1), including documentation
* sensorsd(8) and all applicable documentation

The userland part of the framework is entirely source-code
compatible with OpenBSD 4.1, 4.2 and -current as of today.

All sensor readings can be viewed with `sysctl hw.sensors`,
monitored in semi-realtime with `systat -sensors` and also
logged with `sensorsd`.

Submitted by: Constantine A. Murenin <cnst@FreeBSD.org>
Sponsored by: Google Summer of Code 2007 (GSoC2007/cnst-sensors)
Mentored by: syrinx
Tested by: many
OKed by: kensmith
Obtained from: OpenBSD (parts)

Add a startup script for ftp-proxy(8) now that it is no longer started as
part of inetd(8).

Approved by: re (bmah)
Reviewed by: freebsd-rc (a while back)
Reminded by: kevlo

Fix what seems to be a copy-paste buglet (`moused_type' is used
in the description of `moused_flags', instead of the later), and
add a description of `moused_XXX_flags' where `XXX' is the port
name of a non-default moused invocation -- including an example
of using "-3" with the default moused(8) instance, but no special
flags for moused(8) invocations handling 3-button USB mice (which
seems a very common scenario these days).

MFC after: 3 days

Changes to my local build lead to my confusion - revert the last change, but
reword the original text a bit. Sorry for the churn.

Quick jump: thompsa

There is no pf module yet.

Add a pfsync_syncpeer option to /etc/defaults/rc.conf and rc.conf(5),
which can be used to turn off multicast pfsync support, and enable
the transmission of directed PFSYNC (IP protocol: 240) packets to
a specific "sync peer" host.

PR: conf/111225
Submitted by: Bas van Beek <bas@tobin.nl>
Approved by: mtm, mlaier
MFC after: 2 weeks

- Add ZFS startup script.

Submitted by: des

- When starting mountd(8) and ZFS is enabled, add /etc/zfs/exports file.
- Update rc.conf(5).

Add rpc_statd_flags and rpc_lockd_flags options to allow options to be
passed to rpc.statd and rpc.lockd

MFC after: 1 week

Spell .Xr without a '/'.

Pointy hat: brooks

Fix a couple markup problems in the previous commit and bump the
document date.

Reported by: ru

Allow background_fsck_delay to be set to a negative value which delays
the background fsck indefinitely. This allows the administrator to run
it at a convenient time. To support running it from cron, the
forcestart argument now causes the fsck to start with no delay and all
output to be suppressed.

As suggested more than once in the lists, drop -M from flags to mfs
for /tmp and /var. This makes the memory discs swap-backed instead
of malloc-backed. A swap-backed memory disc should not be worse
than a malloc-backed one in any scenario because it will start
touching swap only when needed. OTOH, a malloc-backed disc can
starve limited kernel resources and evenually crash the system.

Reflect the change in the rc.conf(5) manpage. Also stop telling
lies there about softupdates: it does not waste disc space, it
just can delay its freeing.

Suggested by: many
PR: kern/87255
MFC after: 1 week

Nuke pcnfsd(8) reference.

PR: 108980
Submitted by: Yonatan

Add support for EtherChannel configuration to rc startup scripts.

Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.

PR: conf/104884
Submitted by: nork
Harassed by: brd
Discussed with: brooks, dougb

Bump .Dd for r1.313.

Document new quota knobs.

Spelling fixes.

Small fixes.

Add idmapd_flags to defaults/rc.conf.
Document it and idmapd_enable.

Add a missing whitespace.

Reported by: simon
Approved by: cperciva (mentor, implicit)

Introduce mixer_enable (default: YES).

PR: conf/101268
Submitted by: Eugene Grosbein <eugen@grosbein.pp.ru>
Approved by: cperciva (mentor)
X-MFC after: 6.2-RELEASE
Sponsored by: FreeBSD Test-Bugathon

Push removal of mrouted down to the rest of the tree.

Markup fixes.

Bump the document date.

Suggested by: ru

Add a -p switch to dhclient. The switch tells dhclient to persist
despite the interface link status.

Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.

Reviewed by: brooks@

The month name in .Dd should be spelled in full.

Pointed out by: ru

Touch document date (Dd).

Since Alpha support isn't in HEAD anymore, remove Alpha-specific
rc.conf(5) knobs, too: osf1_enable, unaligned_print.

- Remove hardcoded /etc/ntp.conf configuration file from ntpdate rc.d script
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.

Requested by: Chris Timmons <cwt@networks.cwu.edu>
Approved by: cperciva (mentor, implicit)
MFC after: 1 week

Add rc.d/bridge which is invoked when a new interface arrives and can
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).

Add jail_<jname>_exec_afterstart<N> rc.conf variable, where <N> is
1,2 and so on.
It specifies the command to be run as Nth after jail startup.

sh(1)-fu by: Dario Freni
PR: conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)

Add two new scripts (mdconfig/mdconfig2) to replace old ramdisk{,-own}
scripts. These scripts handle vnode backed md(4) devices.

Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).

Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).

Use should be as easy as:

mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"

See rc.conf(5) for more information and description of the additional
variables.

Approved by: cperciva

Send the pcvt(4) driver off to retirement.

Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.

- Change the "jail_" prefix for internal script variables. This fixes an
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]

Reported by: pjd [1], clsung [2]
Approved by: cperciva
X-MFC after: i got sufficient testing from people using rc.d/jail

- Add new ntpd_config variable so that people can override it in rc.conf.
- Add default value in /etc/defaults/rc.conf.
- Add documentation bits to rc.conf(5).

Approved by: cperciva (mentor)
MFC after: 1 week

Spell synchronous with required silent 'h'.

Reported by: ru, ceri
Pointy hat: brooks

Commit the various network interface configutation updates I've been
working on.
1) Make it possible to configure interfaces with certain characters in
their names that aren't valid in shell variables. Currently supported
characters are ".-/+". They are converted into '_' characters.
2) Replace nearly all eval statements in network.subr with a new
function get_if_var which substitues an interface name (after the
translations above) for "IF" in a variable name.
3) Fix list_net_interfaces() in the nodhcp case.
4) Allow the administrator to specify if dhclient should be started
when /etc/rc.d/netif configures the interface or only by devd.
This can be set on both a per interface and system wide basis.

PR: conf/88974 [1,2], conf/92433 [1,2]

- Add following global jail options, used if no jail-specific options are
set:
* jail_mount_enable
* jail_devfs_ruleset
* jail_devfs_enable
* jail_fdescfs_enable
* jail_procfs_enable
* jail_fstab
* jail_flags
- Add a jail_interface / jail_<jid>_interface option. An ip alias will be
created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
This is not a mandatory option.
- Document all missing jail_* options in rc.conf(5).

Approved by: cperciva (mentor)
MFC after: 2 weeks

Fix spelling error

MFC after: 1 day

Add a default ldconfig32_paths entry in default/rc.conf for 32-bit compatability shared libraries.
It is used by the ldconfig rc.d scripts.
Document this variable in the man page

PR: amd64/91571
Approved by: philip (mentor)
MFC after: 3

Remove pccard variables which are no longer supported after the move
to NEWCARD.

Overhaul the named boot script:

1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.

As a result of introducing the named_uid knob, the default named_flags
are now empty.

Update defaults/rc.conf and rc.conf(5) to reflect these changes.

Correct references to ipnat(8).

MFC after: 3 days

- Add a startup script for hostapd.
- Document associated variable in rc.conf(5).

Approved by: dougb
MFC after: 1 week

Add a couple of obviously missing xrefs to SEE ALSO:
ftpd(8), geli(8).

Note that options are set using sh(1) syntax.

MFC after: 3 days

Add an rc.d script for stand-alone ftpd.

Document the script's controls on the rc.conf(5)
manpage and touch its Dd.

PR: conf/90893
MFC after: 5 days

It's perfectly valid to run rpc_statd and rpc_lockd as an NFS client, so
update the documentation to reflect that.

PR: docs/86090
Submitted by: Lowell Gilbert <freebsd-bugs-local at be-well dot ilk point org>
MFC after: 3 days
MFC to: RELENG_5, RELENG_6

Mention that NETWORKING is probably the right value for
early_late_divider in a jail.

Add an explcit Xr for jail(8)

Bump .Dd date after latest changes.

Approved by: simon

Add a mechanism to include files added by ports which contain
the names of directories to include in the base ldconfig script.
This will eliminate the need for each port to install its own
boot script which does nothing but ldocnfig a given directory.

This code was developed by flz (ports committer), discussed on
freebsd-rc@, and modified slightly by me.

Submitted by: flz
Reviewed by: brooks

Fix semantics in the documentation of the "jail_socket_unixiproute_only"
variable ("YES" vs. "NO") and be more precise and intuitive on what is
actually allowed/restricted by this variable ("UNIX/IP/route sockets"
vs. "TCP/IP protocols").

MFC after: 3 days

Brooks pointed out a potential problem with disabling the X cleaning
by default, so add a new knob that is on by default, and check that
knob in start_precmd so that it can run even if cleaning /tmp is
not enabled. This has the advantage of not violating POLA, while
still allowing the user to disable this behavior if they wish (for
example on a server that will never run X).

Clear up problems with /etc/rc.d/{abi|cleanvar|cleartmp} brought
to light by the PR. Specifically, convert these three scripts
into good rc.d citizens, making sure that their functionality
is preserved, but the rc.d framework rules are not broken.

Add support for cleanvar as a regular rc.d script in the
default rc.conf, and document this in the man page.

Add a descriptive comment to rc.conf that regarding the
three emulation/compatibility services provided by abi
so users will not be confused by these services not having
their own startup scripts.

PR: conf/84574
Submitted by: Alexander Botero-Lowry

Remove usbd(8) and all references to it. It is no longer necessary
since devd(8) now provides the same functionality.

Submitted by: Anish Mistry

Remove rcconf.sh from /etc/rc.d, and instead load the configuration
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...

Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.

Reviewed by: brooks

-mdoc sweep.

Add a new configuration variable, ipv4_addrs_<ifn>, which adds one or
more IPv4 address from a ranged list in CIRD notation:

ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"

In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.

Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>

Correct a grammo and capitalize a few abbreviations.

Add an rc.d script to start pfsync at the right moment of the
system boot, and hook it up in the system.

The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.

Discussed with: mlaier on -pf
MFC after: 5 days

Add firewall-related xrefs to SEE ALSO.

Minor clarifications and fixes to wording, grammar, and markup
around ${network_interfaces}.

Add a new rc.conf entry, kerberos5_server_flags, which allows the
administrator to specify additional start-up flags to the Kerberos
5 Authentication Server.

MFC after: 3 days

Fix system shutdown timeout handling by again supporting longer running
shutdown procedures (which have a duration of more than 120 seconds).

We have two user-space affecting shutdown timeouts: a "soft" one in
/etc/rc.shutdown and a "hard" one in init(8). The first one can be
configured via /etc/rc.conf variable "rcshutdown_timeout" and defaults
to 30 seconds. The second one was originally (in 1998) intended to be
configured via sysctl(8) variable "kern.shutdown_timeout" and defaults
to 120 seconds.

Unfortunately, the "kern.shutdown_timeout" was declared "unused" in 1999
(as it obviously is actually not used within the kernel itself) and
hence was intentionally but misleadingly removed in revision 1.107 from
init_main.c. Kernel sysctl(8) variables are certainly a wrong way to
control user-space processes in general, but in this particular case the
sysctl(8) variable should have remained as it supports init(8), which
isn't passed command line flags (which in turn could have been set via
/etc/rc.conf), etc.

As there is already a similar "kern.init_path" sysctl(8) variable which
directly affects init(8), resurrect the init(8) shutdown timeout under
sysctl(8) variable "kern.init_shutdown_timeout". But this time document
it as being intentionally unused within the kernel and used by init(8).
Also document it in the manpages init(8) and rc.conf(5).

Reviewed by: phk
MFC after: 2 weeks

Reflect a recent change in /etc/rc.subr that made ``-M''
appear in tmpmfs and varmfs default flags explicitly.
Explain why -M is good for these file systems (it maximizes
performance and makes the system more stable at low memory
conditions by reducing the chance of thrashing.)

Bump .Dd accordingly.

MFC after: 3 days

- Remove the removable_interfaces variable. /etc/pccard_ether will
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
of an interface at boot or via /etc/pccard_ether. This allows
/etc/rc.d/netif to be used to start and stop an interface on a purely
manual basis. The decision to affect pccard_ether may be revisited at
a later date.

Requested by: imp, gallatin (removable_interfaces)
Discussed with: sam, Randy Bush (NOAUTO)

Refer to the OpenBSD dhclient instead of the ISC dhclient.

Reported by: Bob Johnson <bob89 at eng dot ufl dot edu>
PR: 84963

Add scripts for GELI device configuration on boot.

rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.

Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days

Teach rc.d/encswap script how to use geli(8) for swap encryption.

MFC after: 3 days

rc.conf(5) update - gbde_swap_enable variable has been removed.

Reminded by: dougb

- Document network_interfaces=auto (the default!).
- Remove documentation of pccard_ifconfig as it is now gone.
- Document pccard_ifconfig's replacement ifconfig_DEFAULT.

Use 'manual page' instead of 'man page' for consistency.

Approved by: re (hrs)

Add missing .Ed call that was fatal for the rest of manpage.
Bump document date.

Approved by: re

Update to the new world of network configuration. The documenation is
slightly ahead of reality as rc support for WPA is only partialy in
place.

Submitted by: Jeremie Le Hen <jeremie at le-hen dot org>

Remove default and documenation for pccard_ether_delay since I removed
it from /etc/pccard_ether.

Submitted by: Jeremie Le Hen <jeremie at le-hen dot org>

- document powerd_flags too
- add a reference to powerd(8)

Approved by: mentor (joerg)

Typeo.

Submitted by: Emil Mikulic

Document bsnmpd related options.

Reminded by: maxim

Add note about powerd(8)

Submitted by: netchild

Remove mention of mac_lomac(4) policy from here too.

Document the newsyslog_* and chkprintcap_* variables I added yesterday.

Note changes to throttling sysctls and new power_profile(8) cpufrq support.

Backout last commit, lomac_enable is still valid. Just Xref mac_lomac.4
instead of lomac.4.

Remove last traces of lomac(4)

MFC after: 3 days

Fixed xref.

Scheduled mdoc(7) sweep.

Remove trailing spaces.

Forgotten by: me

Inform users how to set throttling and cpu idling variables for the
power_profile rc script.

Reflect the cuaa->cuad namechange in documentation.

Might as well do them all while I'm at it :-)

Submitted by: Steve Kargl <sgk@troutmask.apl.washington.edu>

Revert the noexec,nosuid,nodev options for md /tmp file systems, since
the change in the default behavior may break existing, working setups.

Requested by: brooks

Bump document date for the {tmp,var}mfs_flags change.

Add two new rc.conf options: tmpmfs_flags and varmfs_flags.

These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).

Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.

Reviewed by: mtm
Inspired by: J. D. Bronson, jbronson at wixb dot com

Sync up with vinum(8) and rc.d/vinum removal.

OK'ed by: phk

Do a better job of supporting more than one mouse device
on the system.

To start/stop/check on a specific device give the device name as
the second argument to the script:
# /etc/rc.d/moused start ums0

To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
moused_ums0_enable=yes
moused_ums0_flags="-z 4"
moused_ums0_port="/dev/ums0"

Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.

To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.

To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.

Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.

MFC after: 1 month

Allow to change interfaces name on boot time.
Now, one should be able to put something like this into /etc/rc.conf:

ifconfig_fxp0_name="net0"
ifconfig_net0="inet 10.0.0.1/16"

Reviewed by: green

Bump document date that was forgotten in the last commit.

Reminded by: ru

IPDIVERT will automatically load ipdivert.ko if not compiled into the
kernel.

Bump the document date, s/filesystem/file system/ and add missing word.

Noticed by: ru

Introduce root_rw_mount as a new variable in defaults/rc.conf to
unbreak /etc/rc.d/root for diskless systems that get their root
filesystem from a read-only NFS mount.

PR: conf/72927
Submitted by: Ralf Wenk <RZ-FreeBSD1004@fh-karlsruhe.de>
Reviewed by: brooks

The populate_var variable checks /var for writability, not /tmp.

Noticed by: Alan Gerber <agerber@ncsu.edu>

Fix an mdoc warning:
Using a macro as first argument cancels effect of .Li (#2984)

MFC after: 3 days

Remove obsolete references to PFIL_HOOKS and RANDOM_IP_ID

MFC after: 1 days

Update descriptions of named-related knobs.

Document the latest changes to src/etc/defaults/rc.conf.
Bump document date.

Document the AUTO setting for dumpdev.

MFC after: 4 weeks

Add a mention of the ntpd_sync_on_start tunable.

Requested by: maxim

For the gbde attach script:
- Ask the user up to X times (3 by default) for the pass-phrase, if
it is incorrect the first time.
- Add support for storing the lockfiles in another other directory
than /etc.
- Document that it is possible to override the location of each single
lockfile.

Approved by: pjd

Mechanically kill hard sentence breaks and double whitespaces.

Document rc.conf's "keyboard" directive.

Reminded by: dougb

Add an example to rc.conf(5) about how to use the static_routes variable.
We already do this for jails and their various control variables.

PR: conf/62772

Assorted markup, spelling, and grammar fixes.

Bump manual page date for last update.

Suggested by: ru

- Update description of watchdogd_enable to reflect current reality.
- Document watchdogd_flags.

Document new ramdisk_X_????? settings.

Style:
- do not comment out entries in newsyslog.conf
- use tabs to line up inetd.conf

Requested by: bde
Approved by: bms(mentor)

Add rc.d script to start pflogd and add rcvars etc. Also document vars in
rc.conf(5) and put a sample entry to newsyslog.conf

Reviewed by: -current
Approved by: bms(mentor)

Bump date and remove trailing whitespace.

Document ntpdate_hosts.

Overhaul the /etc/rc.d/diskless script by splitting it out into
hostname, resolve, tmp, and var scripts. The latter three are new and
were repo copied. These scripts no longer depend on being booted with
and NFS root instead attempt to automaticly create mfs /tmp and /var
volumes if the they are not writable. This behavior can be overridden
in /etc/rc.conf.

Reviewed by: luigi, pjd

Add rc.d script for pf(4) (more to come once pflogd(8) works as well).
Update defaults and write some lines for rc.conf(5) also.
Mostly dup'ed from ipf

Reviewed by: -current
Approved by: bms(mentor)

1. Remove the named_rcng variable. Mike's caution in this area was a good
thing, but we're ready to move on.

2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.

3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].

4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.

5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.

There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.

Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush

Document the virecover_enable knob.
From the PR:
Certain MTA configurations mean that the notifications from
virecover keep bouncing; so here's a patch to allow administrators
to turn them off.

PR: conf/54910
Reminded by: ru

Whitespace nit.

Add support for initializing swap devices with random one-shot keys. Note
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.

Sponsored by: Teleplan AS

Documented the new parameter cron_dst.

Add a missing 'the'

Add a default setting of NO for the gbde auto attach script, and
document the options.

o Fix a typo in rev. 1.196: ifconfig 9 -> ifconfig 8.

PR: docs/56488
Submitted by: Yoshihiko Sarumaru <mistral@imasy.or.jp>

Remove a stray ".Xr rtadvd 8" that snuck in in the middle of a sentence.

Now that routes for IP over ATM may look much more complex than before,
use the atmconfig(8) utility instead of route(8) to install those routes.
For this we need a new rc.conf variable natm_static_routes that works
just like static_routes except that the referenced routes use the syntax
of atmconfig(8).

Okay'ed by: mtm

Dhclient can't block anymore during startup. Document
the 'background_dhclient' better.

Convert the atm{2,3}.sh rc scripts to normal rc.d scripts. Add support
for the harp(4) pseudo driver and for loadable native HARP drivers
(like hfa_pci).

To use harp(4) the rc variable natm_interfaces must be set to the
list of NATM interfaces to be used for HARP. These interfaces
will be brought up with ifconfig and the harp(4) will be loaded.

To use loadable native HARP drivers atm_load must be set to
the list of drivers to load.

Reviewed by: mtm, gordon (partly)

Document background_dhclient.

Add documentation for watchdogd_enable setting.

Approved by: jeff (mentor)

Catch up man page with reality in rc.d/named.

Pointed out by: Simon L. Nielsen <simon@nitro.dk>

Remove reference to deprecated xtend(8)

The dhcp_program and dhcp_flags variables have to be renamed to
take advantage of the rc.subr(8) glue. They are renamed dhclient_program
and dhclient_flags.
o Rename them in rc.conf(5)
o Rename them in /etc/defaults/rc.conf
o Add the deprecated variables to /etc/rc.subr
o Isolate the use of the 'command' variable to the
NetBSD specific parts in /etc/rc.d/dhclient.
o Now that dhcp_flags has also been renamed it will
be applied properly by rc.subr(8) glue code.

Reported by: John Nielsen <john@jnielsen.net>

Assorted mdoc(7) fixes.

Document netfs_types.

Assorted mdoc(7), grammar, spelling, and punctuation fixes.

Approved by: re (blanket)

Fixed troff(1) and mdoc(7) warnings.

Approved by: re (blanket)

Remove man page reference for gated, as it isn't in the base system
nor is it available from the ports tree.

xtend rc.conf variables are gone.

Noticed by: bde

More factual updates for kerberos 5.

Use .Pa for the pccard_ether file.
s/spppconfig/spppcontrol/

Submitted by: "Simon L. Nielsen" <simon@nitro.dk>

Add new knobs for controlling jails in rc.d and document them.

Approved by: makrm (mentor)

Catch this file up with rc.conf(5).

Submitted by: Simon L. Nielsen <simon@nitro.dk> (original version)

Fix typo in the version of the diff that I committed.

Submitted by: Simon L. Nielsen <simon@nitro.dk>

Document mountd_flags.

PR: 50023
Submitted by: Simon L.Nielsen <simon@nitro.dk>

A new rc-ng script to build linker.hints files with kldxref(8)
automatically at boot time. Associated rc.conf(5) knobs and
documentation are included.

Document keybell="" switch and refer to kbdcontrol(1) for details.

The nfs_privport variable doesn't exist - mention nfs_reserved_port_only
instead.

Approved by: murray (mentor)
MFC After: 2 days

Improve the wording.

Reviewed by: ru

Document start_if.${ifn} scripts.

Not objected to by: -doc

Correct the man page for nfs_bufpackets. DEFAULT is not an acceptable
value.

PR: conf/31280
MFC after: 3 days

Kill whitespace at EOL.

Approved by: markm (mentor)
Noticed by: ru

Add rc_debug knob to rc.conf. The code for it has been in rc.subr for
some time now.
Document all knobs introduced by rc.d

Approved by: markm (mentor)
Reviewd by: gordon (earlier revision)

english(4) police.

mdoc(7) police: markup nits.

Delay an optional amount of time after booting before starting a
background fsck. The delay defaults to sixty seconds to allow
large applications such as the X server to start before disk I/O
bandwidth is monopolized by fsck.

Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
Sponsored by: DARPA & NAI Labs.

Uniformly refer to a file system as "file system".

Approved by: re

mdoc(7) police: scheduled sweep.

Approved by: re

Document devd_enable.

Submitted by: dougb

Update rc.conf.5 man page to reflect bootparamd_enable and _flags

document options for integrating pcvt configuration into the new /etc/rc.d
startup system.

Update manpage to reflect reality:
xntpd -> ntpd
single_mountd_enable -> mountd_enable
portmap -> rpcbind

Document savecore_flags.

PR: docs/35967
Submitted by: Gary W. Swearingen <swear@blarg.net>

Quoting Peter Wemm, "At great personal risk, touch the sendmail startup
again."

As an alternative to sendmail_enable=NONE, solve the boot time problem
for non-sendmail users completely by moving all of the sendmail startup
code from /etc/rc to /etc/rc.sendmail. The source for that script will
be kept in src/etc/sendmail/rc.sendmail so make.conf's NO_SENDMAIL will
prevent it from being installed. A new rc.conf variable,
mta_start_script specifies the script to run to start the user's
preferred MTA. For backward compatibility, it will default to
/etc/rc.sendmail. The specified script is called out of /etc/rc after
checking to make sure it exists. A new rc.sendmail.8 man page has also
been added which now houses the sendmail_* variable descriptions
formerly in rc.conf.5.

Use /etc/rc.sendmail in /etc/mail/Makefile to reduce code duplication.

Reviewed by: -current, -stable, obrien, peter, ru
MFC after: 1 week

Add an entry for sendmail_submit_flags.

Provide a way for users to completely prevent sendmail from trying to start
at boot time.

Instead of rc.conf's sendmail_enable only accepting YES or NO, it can now
also accept NONE. If set to NONE, none of the other sendmail related
startup items will be done.

Remove an extra queue running daemon might be started that wasn't necessary
(it didn't hurt anything but it wasn't needed).

The new logic is:

# MTA
if ${sendmail_enable} == NONE
# Do nothing
else if ${sendmail_enable} == YES
start sendmail with ${sendmail_flags}
else if ${sendmail_submit_enable} == YES
start sendmail with ${sendmail_submit_flags}
else if ${sendmail_outbound_enable} == YES
start sendmail with ${sendmail_outbound_flags}
endif
# MSP Queue Runner
if ${sendmail_enable} != NONE &&
[ -r /etc/mail/submit.cf] && ${sendmail_msp_queue_enable} == YES
start sendmail with ${sendmail_msp_queue_flags}
endif

Discussed with: Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.ORG>,
Christopher Schulte <schulte+freebsd@nospam.schulte.org>
MFC after: 1 week

mdoc(7) police: tidy up.

Typo: s/Kensignton/Kensington/

MFC after: 3 days

Document the "lomac_enable" rc.conf switch.

Reminded by: Makoto Matsushita <matusita@jp.FreeBSD.org>

Don't protect savecore(8) from being run with a bad dumpdir
argument. Don't fail silently, but let savecore(8) make noise. It
won't behave badly, it doesn't need protection.

At the same time, allow the administrator to have dumpdev enabled
while dumpdir (savecore(8)) is disabled and document how to do it.

PR: conf/35725

Add information about {kerberos,kadmind}5_enable and change
{kerberos,kadmind}_enable to {kerberos,kadmind}4_enable to match
reality. Fix some mismatched parentheses while I'm here.

PR: 34982
Submitted by: Michel Oosterhof <m.oosterhof@xs4all.nl>

There is no reason to demand the administrator set 'natd_interface'
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'

Fix the documentation, rc.conf(5), to reflect this change.

Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.

MFC after: 3 days

Add infrastructure for sendmail 8.12. If users are not starting a daemon
at boot (sendmail_enable=NO), a localhost-only daemon may started
(sendmail_submit_enable) as it is needed to accept mail from command line
submissions. If this isn't desired, see etc/mail/README for more hints.

Optionally (sendmail_msp_queue_enable) start a queue runner for the
submission queue in case a daemon isn't available to accept command line
submitted mail at submission time.

Note that the syslog labels for all of these sendmail processes have been
uniquified for easier log parsing.

Make the rc.conf(5) 'log_in_vain' knob an integer.

Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).

PR: bin/32953
Reviewed by: -bugs discussion
MFC after: 1 week

Fix spelling errors.

yp(4) -> yp(8).

PR: docs/30797

mdoc(7) police: tidy up markup.

Don't require operators to override the list of network filesystem
types (networkfs_types) with a version that includes the original
list.

This increases the scope for user error and also means that systems with
networkfs_types set in /etc/rc.conf will not benefit from changes to the
list in /etc/defaults/rc.conf on upgrade.

Instead, store the default list in /etc/rc itself and allow the operator
to append to that list by specifying her own list in networkfs_types.

Rename networkfs_types to extra_netfs_types accordingly, as the new name
better describes the purpose of the variable. Default the value to
'NO'.

Re-introduce the fix that delays mounting of network filesystems until
the network is initialized. This was first implemented in rev 1.268
of src/etc/rc, but was backed out at wollman's request.

The objection was that the right place for the fix is in mount(8).
Having looked at that problem, I find it hard to believe that
the hoops one would have to jump through can be justified by the
desire for purity alone.

Note that there are reported issues surrounding nfsclient kernel
support and mount_nfs(8), which currently make NFS an ugly exception
to the general case.

With this change, systems with non-NFS network filesystems configured
for mounting on startup in /etc/fstab are no longer guaranteed to
fail on startup.

Better document gif interface cloning intrastructure.

MFC After: 2 days

mdoc(7) police:

- Avoid using second person.
- Remove whitespace at EOL.

(Forced commit to list actual problems fixed / PRs affected).

Overview of problems fixed:

- fix support for saving and restoring filter/NAT state information
(across reboots for example);

- ipmon(8) is started before loading any filter/NAT rules;

- ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable anymore,
they now also work when only ipnat_enable is true;

- the multiple occurrences of code loading the ipfilter kernel module
have been removed;

- the options have been removed from the _program variables in
defaults/rc.conf and the comments in that file have been updated to
reflect (possibly new) reality;

- the rc.conf.5 manual page has been updated to reflect the changes.

Submitted by: Arjan de Vet <devet@devet.org>
PR: conf/25223, kern/25344, conf/25809,
conf/26275, bin/27016, conf/31482

second part of the patches to complete ipf changes to rc

PR: multiple
Submitted by: Arjan de Vet <devet@devet.org>

Correct typo.

PR: 32066
Submitted by: Peter Avalos <pavalos@theshell.com>

Typo correction: detailled -> detailed.

Approved by: nik

Remove references to nfsiod(8) and nfs_client_flags
now that they are obsolete.

Document the dumpdir variable, and write a better description of the dumpdev
variable.

MFC: 1 week

mdoc(7) police: markup and spelling nits.

Add a new rc.conf variable, cloned_interfaces, to create cloned
interfaces at boot.

Due to a bug in the ed driver, which leads to hangs when using it with
dhclient and pccard_ether, introduce the concept of a "settle time" to
pccard_ether with the new pccard_ether_delay variable. Defaults to 5
seconds, which is enough time for the ed driver to finish its
autoconfiguration for newer Linksys based cards. This also can
eliminate the ed0: timeout messages that happen at startup as well.

MFC: after RE says OK.

Remove more vestages of diskcheckd, which is now in ports/sysutils.

mdoc(7) police: Fixed broken xrefs.

Zap reference to tickadj(8). Forgotten in rev. 1.24.

Do not use contractions where they aren't necessary, use "host"
instead of "computer", and clean up some confusing sentences.

Submitted by: sheldonh

Shoot (and kill) the second person with a high-powered rifle.

There is no "(integer)" type; it's called "(int)".

PR: 20749
Submitted by: Ralf S. Engelschall <rse@engelschall.com>

Add new entires for firewall_flags, amd_map_program, and
enable_quotas. Plus other assorted fixes.

PR: 20479
Submitted by: Ralf S. Engelschall <rse@engelschall.com>

Mark up IPFIREWALL in .Dv.

Document the sendmail_outbound_enable and sendmail_outbound_flags,
which were introduced 5 months ago. Looking at the descriptions,
these two look like the stupidest options to have arrived in a while,
but they must be documented now that they've been merged onto the
stable branch.

mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.

Fix xrefs.

times.3: gettimeofday(3) --> gettimeofday(2)
rc.conf.5: isndn(8) --> isdnd(8)
idsnd(8) --> isdnd(8)

MFC after: 2 weeks

mdoc(7) police: expand plain text xrefs.

mdoc(7) police:

Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.

mdoc(7) police: remove hard sentence breaks and wrap lines over 80
characters.

Fix or add types where appropriate.

Improve markup.

Reviewed by: ru

change the default for isdn_fsdev to NO.
PR: 26818
Submitted by: Clement Ballabriga <clement@asso.ups-tlse.fr>

mdoc(7) police: mark up kernel options in .Dv, rc.conf variables in
.Va, and use .Pp instead of blank lines all over the place.

Consistently capitalize the first letter of the first word in the
variable descriptions.

Document syslogd_program and inetd_program.

Add a script_name_sep rc.conf knob to specify the IFS character
for separating the startup scripts' list into individual filenames.

Run the shutdown scripts in reverse alphabetical order, so dependent
services are stopped before the services they depend upon.

Reviewed by: -arch, -audit
MFC after: 3 weeks

mdoc(7) police: fixed markup.

Remove duplicate words.

Fix cross-references:
xntpd.8 --> ntpd.8
acl_delete_perms.3 --> acl_delete_perm.3
getname.2 --> getsockname.2

MFC after: 1 week

Correct cross-reference:
portmap.8 --> rpcbind.8

Submitted by: .Xr testing script

Fix cross-references:
ipnat.8 --> ipnat.1
environ.5 --> environ.7
isssetugid.2 --> issetugid.2

MFC after: 1 week

Add diskcheck-daemon.

With a small disk being 20GB these days, chances are pretty good that
an ailing sector will not be read while still being recoverable by
the drive.

Diskcheck daemon will read disks in the background at a low rate and
that way give the diskdrive a chance to detect and correct soft read
errors before they become hard errors.

Idea by: phk
Written by: ben

RFC 1323 (TCP extensions) is now on by default.

Introduce a background_fsck rc.conf option which allows the user to
enable or disable background fsck'ing all in one shot. Default is
currently 'YES'.

Reviewed by: jkh

mdoc(7) police: sort xrefs.

New option isdn_screenflags to set the syscons screen params for isdnd,
plus documentation.

Submitted by: Alexander Leidinger <Alexander@Leidinger.net>
Not objected to by: hm
MFC after: 1 week

Document allscreens_kbdflags.

Reviewed by: ru

mdoc(7) police: use .Va and .Vt where appropriate

Reviewed by: ru

mdoc(7) police: removed hard sentence breaks.

Document all isdn_* variables in rc.conf(5) - 6 more knobs to frob!
PR: conf/24865
Submitted by: schweikh
Reviewed by: hm

Fix typo in mousechar range

Describe mousechar_start hook

mdoc(7) police: normalize .Nd.

vnconfig(8) -> mdconfig(8).

Add removable_interfaces to /etc/defaults/rc.conf. It is used
(undocumented until now) by /etc/pccard_ether.

MFC candidate.

Pointed out by: Dave Crane <dave@trig.net>
Reviewed by: -mobile

Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a few
very specific scenarios, and now that we have had net.inet.tcp.blackhole for
quite some time there is really no reason to use it any more.

(second of three commits)

Eliminate mdocNG warnings caused by misplaced or extraneous macro calls.

Typo fixes: prefered -> preferred
There are some others in contributed/external code I haven't touched.

Introduce the option of running fsck -y if the initial preen fails.
Defaults to off.

Obtained from: Yahoo!

Add the options of which cron program to run, and specifying flags
to it.

PR: conf/24358
Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net>

Prepare for mdoc(7)NG.

Prepare for mdoc(7)NG.

fix typos.

PR: 23934
Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>

mdoc(7) police: use canonical form of .Dd macro.

add PC-Card melody beep(PC Card bus, kludge version)

Original idea from: PAO3

This brings support for IP Filter into rc.network and rc.conf with
the appropriate documentation added to rc.conf(5). If all goes well
with this over the next few weeks, the PR will be closed with the
pullup of patches back to 4-STABLE.

PR: 20202
Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Reviewed by: Darren Reed <darrenr@freebsd.org>
Approved by: Darren Reed <darrenr@freebsd.org>
Obtained from: Gerhard Sittig <Gerhard.Sittig@gmx.net>

Mention pccard_beep.

Requested by: sanpei

Add a unaligned_print option (alpha only)
Document osf1_enable

Submitted by: Eric D. Futch <efutch@nyct.net>
PR: 21649

Document ibcs2_loaders and provide a default for it in
etc/defaults/rc.conf .

Make the word "ldconfig" a bona fide cross-reference, and clarify
that this option has an effect only during system start-up.

Submitted by: sheldonh

Describe ldconfig_insecure.

Allow a ppp_user specification to run ppp at startup

PR: 20258

Clear the obsolete argument to the Os macro.
Clear extraneous arguments to Nm.
Use Pa to mark up paths.
Use a single tagged list in the FILES section.

Fix up typo.
Add description of sshd_program variable.

Submitted by: Ashley Penney <ashp@unloved.org>,
Adrian Chadd <adrian@freebsd.org>

The rand_irqs variable was removed in rev 1.67 of rc.conf. Remove it
from the documentation also.

Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf.
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.

Not objected to by: freebsd-arch

Document $clear_daily_*

Fix nits in previous commit: hard sentence break and grammar.

Describe firewall_logging option

Fix language in description of firewall_script.

Submitted by: sheldonh

Document firewall_script

Back out the hook to execute the file ${firewall_type}. The intended
purpose of the hook was to provide the ability for a shell program to
instantiate the firewall rules instead of forcing them to be
statically coded. This functionality was already present through the
use of ${firewall_script}, and I see no need to keep the
${firewall_type} hook around.

Reminded by: Dag-Erling Smorgrav <des@freebsd.org>

Update the man page regarding the behaviour for the ${firewall_type}
variable.

Reminded by: Ruslan Ermilov <ru@FreeBSD.org>

Add a sysctl to specify the amount of UDP receive space NFS should
reserve, in maximal NFS packets. Originally only 2 packets worth of
space was reserved. The default is now 4, which appears to greatly
improve performance for slow to mid-speed machines on gigabit networks.

Add documentation and correct some prior documentation.

Problem Researched by: Andrew Gallatin <gallatin@cs.duke.edu>
Approved by: jkh

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

Add dhclient(8) crossreference to the dhcp_flags section.

Submitted by: sheldonh

Fix old style /fB /fR emphasis to the correct usage of .Em or other
more appropriate uses of mdoc macros given the context they were
used in.

Add crossreference to dhclient(8) since our interfaces nowadays
support DHCP and more information would be handy.

Add description for how to enable DHCP for network interfaces.

PR: 15980
Submitted by: John Reynolds <jjreynold@home.com>
Reviewed by: sheldonh

Document allscreens_flags. This commit perpetuates the i386-centric
nature of this manual page. :-(

PR: 15066
Reported by: Andy Farkas <andyf@speednet.com.au>

Mention USB mouse support.

Document single_mountd_enable

Remove man_locles - goes to manpath.config

Document pppoed options

Remove the description of the deprecated savecore_enable option,
which is no longer used. Expand the description of the dumpdev
option accordingly.

PR: 14152
Reported by: nrahlstr

Fix typo.

Pointed out by: Kelly Yancey <kbyanc@posi.net>

Describe the 'start_vinum' rc.conf knob.

PR: conf/13357
Submitted by: Neil Blakey-Milner <nbm@rucus.ru.ac.za>

"tcp_extensions" turns on RFC1323 extensions only.

PR: docs/13879
Submitted by: Martin Kammerhofer <dada@sbox.tu-graz.ac.at>

mdoc(7)'fy.

Pointed out by: ru

rc.conf -> /etc/motd

PR: docs/13748

Document tcp_keepalive, tcp_drop_synfin, tcp_restrict_rst,
icmp_drop_redirect and icmp_log_redirect.

Describe man_locales

Submitted by: "Alexey Zelkin" <phantom@crimea.edu>

MFS: tweak my wording a little.

- Don't use contractions
- discuss the setting of hostname in the face of DHCP

Submitted by: John Baldwin <jobaldwi@vt.edu> (DHCP part)

$Id$ -> $FreeBSD$

Document apmd stuff.

ppp_alias -> ppp_nat

Submitted by: Josef L. Karthauser <joe@FreeBSD.org.uk>

Revise description on moused options:
- Clearly distinguish PS/2, bus, and serial protocols.
- Explicitly state that serial mouse protocols don't work with
the PS/2 and bus mice.

Fix a bunch of broken cross-references

Various man page cleanup:

- Sort xrefs
- FreeBSD.ORG -> FreeBSD.org
- Be consistent with section names as outlined in mdoc(7).
- Other misc mdoc cleanup.

PR: doc/13144
Submitted by: Alexey M. Zelkin <phantom@cris.net>

Document log_in_vain.

Forgotten by: imp
Reminded by: Andreas Klemm

Add a default ppp.conf (mode 600).

Originally submitted by: Wayne Self <wself@cdrom.com>

Allow a ppp startup option in rc.conf.

Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.

Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>

Document dhcp flags.

Submitted by: "Sean O'Connell" <sean@stat.Duke.EDU>

Use .Xr to xref pccardd(8).

Properly document /etc/defaults/rc.conf and rc_conf_files.

Submitted by: Sheldon Hearn <sheldonh@uunet.co.za>

Added pccard_conf parameter.

Added $pccardd_flags.

Clarify static_routes variable's meaning

PR: docs/12302
Submitted by: Don Croyle <croyle@gelemna.ft-wayne.in.us>
Reviewed by: nik

Document portmap_program and lpd_program
Suggested by: Bill Fumerola <billf@jade.chc-chimes.com>

Mention securelevel 3 to match comment in rc.conf.

Document natd_program

Document rwhod_flags

Reviewed by: freebsd-current

Update manual pages for rc(8) and rc.conf(5) based on recent changes
to rc.local and rc.conf[.local].

Document the new nfs_access_cache variable.

Remove all references to tickadj(8) from rc, rc.conf and rc.conf.5.

Disable building tickadj(8) by removing util from SUBDIR in the xntpd
Makefile. Note that the sources are still there and tickadj can still
be built and installed by doing:

# cd /usr/src/usr.sbin/xntpd/util
# make all install

There are enough references to tickadj in e.g. the xntpd documentation
(not to mention the sysctl variables it uses etc.) that I don't feel
up to implementing the final solution right now.

Kinda-approved-by: phk

Here are some scripts and man pages for configuring HARP ATM
interfaces.

Reviewed by: phk
Submitted by: Mike Spengler <mks@networkcs.com>

natd_interface can now be specified as either an IP address or
an interface name, so describe that here.

Mention `kern_securelevel' variables in manual page.

Reminded-by: max

Reviewed by: Amancio
Submitted by: Randall Hopper <rhh@ct.picker.com>
The patch supports using the X10 Mouse Remote in both stand-alone and
pass-through configurations, so you can plug your mouse and remote into the
same serial port, use the mouse for X, and use the remote for other apps
like Fxtv. For instance, we can now control fxtv via the remote control
just like a TV : change channels, mute, increase volume, zoom video,
freeze frame 8)

The mouse events are channeled through the syscons/sysmouse I/F like
normal, and the remote buttons are "syphoned off" to a UNIX-domain stream
socket (defined as _PATH_MOUSEREMOTE in <machine/mouse.h>) for a
remote-aware app to grab and use.

For further info on the X10 Mouse Remote see:
http://www.x10.com/products/x10_mk19a.htm

Overlooked, that newer naming convention is xxx_program instead of xxx_prog.
So changed it to ntpdate_program and xntpd_program.
Backout last change, now we have again named_program, sorry.

document ntpdate_prog and xntpd_prog
fix: named_program -> named_prog to reflect "real life"
(I suggest keeping this shorter name convention as it is
actually used in the config file)

Add natd support.
PR: 6339
Submitted by: cdillon@wolves.k12.mo.us

.Sh AUTHOR -> .Sh AUTHORS according to mdoc specs.
Use .An/.Aq.

Document rarpd flags.

Typo fixes.
PR: 5951
Submitted by: Doug <Studded@dal.net>

Documented moused flags.
Submitted by: Kazutaka YOKOTA <yokota@zodiac.mech.utsunomiya-u.ac.jp>

Document new variables forward_sourceroute and accept_sourceroute. While
we're at it: also document the already existing arpproxy.

Mention nameD_program.

Document the new ldconfig_paths variable.

PR: 5178
Submitted by: Evan Champion <evanc@synapse.net>

Update moused docs.

Submitted by: Kazutaka YOKOTA <yokota@zodiac.mech.utsunomiya-u.ac.jp>

Added cross references for apm, cron, inetd, lpd, moused, mrouted,
nfsd, nfsiod, portmap, rpc.lockd, rpc.statd, syslogd, tickadj, and
ypbind.

Document the new clear_tmp_enable option in the manpage.

Prodded by: max

Allow the system to be configured to pass "-n" to kerberos and
kadmind or not; also, only run kadmind on a non-slave server. Man
page for rc.conf is also updated.

Reviewed by: Mark Murray

Describe "mrouted_flags".

Make rc.conf man page reflect reality w.r.t firewall_{*}.

Sort cross refereces in section SEE ALSO.