man pages: add missing commas between subordinate and main clauses

jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.

ok jmc@

remove switch(4) entry in SEE ALSO;

Unhook switch.4 and update bridge.4 since some switch(4) specific ioctls
will be removed soon.
OK sthen@ kn@ patrick@

Mention tpmr(4) using bridge ioctls

knock out useless Pp;

STP works fine on etherip(4), it was gif(4) that lacked a MAC address.

getting etherip(4) to talk to a switch so i could verify this was
pretty fun.

remi@ pointed this bit of the manpage out somewhere, but it didn't
seem right anymore since etherip(4) was split out of gif(4). these
days if we have an interface that can be added to a bridge, we try
to make it look like an actual ethernet interface, which includes
having a mac address. we don't really have interfaces that change
modes and have these edge cases anymore.

Document port protection support in switch(4). Also add SIOCBRDGSIFPROT to
list of ioctls in bridge(4).

OK ccardenas@ kn@ phessler@

remove defines for ioctls the kernel doesn't recognise
ok mpi@

tweak previous;

Add switch(4) man page and update the bridge(4) man page about the
modification for switch(4).

ok goda

etherip(4) was introduced in 5.9 as a clean alternative to gif(4)'s layer-2
mode that was enabled when it was added to a bridge(4). Update the manual
pages to direct people towards using etherip(4) for this purpose.
Reads fine to jmc@, ok mpi@.

This code will be removed from gif(4) in the future. Switching should be
as simple as renaming the config file (hostname.gifX -> hostname.etheripX),
changing the interface name in hostname.bridgeX, and updating firewall
rules etc. to match - I've tested this with etherip+bridge+isakmpd+ospf
tunnels.

convert .Fd #include to .In

obvious .Pa fixes; found with mandocdb(8)

use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@

blocknonip fix; from Holger Mikolon
ok deraadt

Move information describing the bridge and brconfig behaviour into
the relevant manual pages. Functionality is described in the (4)
pages, controlling the functionality in ifconfig(8), and the hostname.if
gains the old bridgename.if(5) functionality.
ok claudio jmc

vether(4) is a virtual ethernet device driver which can be used
so that a bridge-etherip-tunnel host can join into the bridge itself.
It is ridiculous that this capability was missing from our network
stack portfolio, considering we have bgp and ospf daemons...
discussed at length with claudio

Clarifications about the interaction of bridge and PF.
From Geoff Steckel with a few changes

"please commit it (if no one objects)" jmc, "yes" henning

convert to new .Dd format;

no need to cause every reference to pf to be an Xr; on the other
hand, referencing `PF' is not so helpful either;

mutated from a diff from okan demirmen;

remove trailing space;

'keep state' is now the default.

ok jmc

add includes; from peter philipp (pr #5177)
ok mickey

let us not talk about ipsecadm and vpn anymore; ok reyk

no need to specify a "count" argument: ifconfig(8) handles these
"on demand";

from jan niemann;
ok deraadt

sync to reality, document missing ioctls
mdoc fixes
normalize ioctl listing
slightly reorganize some parts
grammar, punctuation, and rewording fixes
remove crud introduced in rev 1.17 and never removed

Note: this update does *not* include the controversial stuff discussed
on h@; it contains what is in the header file.

help and ok (previously) jmc

uppercase + whitespace fix from jmc@.

Talk about return-rst improvements. noticed+ok deraadt@

mention ifconfig create; sync synopsis like (Op Ar count). with jmc, deraadt

remove .Pp's before lists and displays;

- fix lists/displays
- quote .Cd's
- add/remove .Pp's as necessary
- fix some .Re/.Rs's
- simplify macros

sync struct ifbrlreq with reality

document that is is unsupported to use return-rst/icmp or synproxy
on bridging firewalls

henning@ ok, spelling fixes from jmc@

- section reorder
- some macro fixes
- kill whitespace at EOL

Nuke clause 3 & 4.

corrections from Leandro Costa.

- corrections to tradenames
- updated URLs
- general typos

thanks Leandro!

various typos;

document SIOCBRDGARL; pointed out by jmc

no photurisd

Do not end an enumerations of Xr with a dot, and do not let a dot hide
inside an enumeration as well.

Xr cleanup; seb@todesplanet.de

Document transparent IPsec.

document when the bridge will fragment ip packets..
- ok jason@, dhartmei@

ip6 corrections; pb@sysfive.com

add support for creating span ports so that one can snoop a bridge
from another interface/machine/network.

Make nroff happy with .Sq rather than literal quotes.

Document bridge/pf interaction more appropriately. Ok Jason Wright.

Powered by @mantoya:
o) start new sentence on a new line;
o) minor mdoc fixes;
millert@ ok

Tip of the day: www.mpechismazohist.com

o) We don't like .Pp before/after .Sh;
o) .Nm always has argument in .Sh SYNOPSIS;
o) We always closes .Bl and .Bd tags;

millert@ ok

Clarify the wording of the input-rules-only restriction. ok jason@

IPF->PF Xr reference; openbsd@davidkrause.com

PF-related text/references (jsyn@nthought.com)

Remove loop detection bug, even though we may not be quite finished
with it yet. We should be done in the next few days.

comment out references to ipf to be replaced in the future with whatever packet filter we end up using

Update for use of gif.

Various repairs.

.Sh AUTHOR -> AUTHORS, ok aaron@

Remove merge conflict marker accidentaly left in this file.

ethernet -> Ethernet

Purely mdoc fixes.

fix conflict remnant; jakob@crt.se

mention enc interfaces, too

Remove trailing whitespace.

Use .An and Aq constructs

typo

only ipf input rules are used

add ethernet MAC filtering capability
also includes split of bridgeintr() with some optimizations for quicker
frame handling

Document the blocknonip flag.

Xr bridgename.if(5)

there is no IP(4) manpage...

Typo fixes.

Don't delete the cache on down/up transitions unless it's empty. Instead
flush the dynamics. Required other handling of the cache table to accomodate.
Modify SIOCBRDGFLUSH to handle flushall and flush dynamic requests.

- remove all trailing whitespace
* except when it is escaped with a `\' at the end of the line
- fix remaining .Nm usage as well
- this is from a patch I received from kwesterback@home.com, who has been
working on some scripts for fixing formatting errors in mdoc'd man pages

Ok, so there could be a cost/benefit debate with this commit, but since I have
the patch we might as well commit it...

longer explanation of what a bridge is and why you'd use this one

Typos; Suzanne M. Lea <smlea@uncg.edu>

finish documenting ioctls and errors

Add flag to allow some interfaces to not see packets with unknown destination.

Add the ability to mark an interface as "non-learning"

big overhaul:
o SNAP encapsulated IP filtering
o static address cache entries
o address deletion from cache
o dynamic & full cache flush
o filter packets based on each interface, not on the bridge as a whole
o KNF nits
o allow addition of ~IFF_UP interfaces
o man page & user level fixes to match the above

Make address cache expiration actually work and provide a knob
for adjusting the timeout.

reflect new ioctl interfaces
move sections around to match mdoc.template

spacing

Ethernet bridge/IP firewall driver.

remove switch(4) entry in SEE ALSO;

Unhook switch.4 and update bridge.4 since some switch(4) specific ioctls
will be removed soon.
OK sthen@ kn@ patrick@

Mention tpmr(4) using bridge ioctls

knock out useless Pp;

STP works fine on etherip(4), it was gif(4) that lacked a MAC address.

getting etherip(4) to talk to a switch so i could verify this was
pretty fun.

remi@ pointed this bit of the manpage out somewhere, but it didn't
seem right anymore since etherip(4) was split out of gif(4). these
days if we have an interface that can be added to a bridge, we try
to make it look like an actual ethernet interface, which includes
having a mac address. we don't really have interfaces that change
modes and have these edge cases anymore.

Document port protection support in switch(4). Also add SIOCBRDGSIFPROT to
list of ioctls in bridge(4).

OK ccardenas@ kn@ phessler@

remove defines for ioctls the kernel doesn't recognise
ok mpi@

tweak previous;

Add switch(4) man page and update the bridge(4) man page about the
modification for switch(4).

ok goda

etherip(4) was introduced in 5.9 as a clean alternative to gif(4)'s layer-2
mode that was enabled when it was added to a bridge(4). Update the manual
pages to direct people towards using etherip(4) for this purpose.
Reads fine to jmc@, ok mpi@.

This code will be removed from gif(4) in the future. Switching should be
as simple as renaming the config file (hostname.gifX -> hostname.etheripX),
changing the interface name in hostname.bridgeX, and updating firewall
rules etc. to match - I've tested this with etherip+bridge+isakmpd+ospf
tunnels.

convert .Fd #include to .In

obvious .Pa fixes; found with mandocdb(8)

use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@

blocknonip fix; from Holger Mikolon
ok deraadt

Move information describing the bridge and brconfig behaviour into
the relevant manual pages. Functionality is described in the (4)
pages, controlling the functionality in ifconfig(8), and the hostname.if
gains the old bridgename.if(5) functionality.
ok claudio jmc

vether(4) is a virtual ethernet device driver which can be used
so that a bridge-etherip-tunnel host can join into the bridge itself.
It is ridiculous that this capability was missing from our network
stack portfolio, considering we have bgp and ospf daemons...
discussed at length with claudio

Clarifications about the interaction of bridge and PF.
From Geoff Steckel with a few changes

"please commit it (if no one objects)" jmc, "yes" henning

convert to new .Dd format;

no need to cause every reference to pf to be an Xr; on the other
hand, referencing `PF' is not so helpful either;

mutated from a diff from okan demirmen;

remove trailing space;

'keep state' is now the default.

ok jmc

add includes; from peter philipp (pr #5177)
ok mickey

let us not talk about ipsecadm and vpn anymore; ok reyk

no need to specify a "count" argument: ifconfig(8) handles these
"on demand";

from jan niemann;
ok deraadt

sync to reality, document missing ioctls
mdoc fixes
normalize ioctl listing
slightly reorganize some parts
grammar, punctuation, and rewording fixes
remove crud introduced in rev 1.17 and never removed

Note: this update does *not* include the controversial stuff discussed
on h@; it contains what is in the header file.

help and ok (previously) jmc

uppercase + whitespace fix from jmc@.

Talk about return-rst improvements. noticed+ok deraadt@

mention ifconfig create; sync synopsis like (Op Ar count). with jmc, deraadt

remove .Pp's before lists and displays;

- fix lists/displays
- quote .Cd's
- add/remove .Pp's as necessary
- fix some .Re/.Rs's
- simplify macros

sync struct ifbrlreq with reality

document that is is unsupported to use return-rst/icmp or synproxy
on bridging firewalls

henning@ ok, spelling fixes from jmc@

- section reorder
- some macro fixes
- kill whitespace at EOL

Nuke clause 3 & 4.

corrections from Leandro Costa.

- corrections to tradenames
- updated URLs
- general typos

thanks Leandro!

various typos;

document SIOCBRDGARL; pointed out by jmc

no photurisd

Do not end an enumerations of Xr with a dot, and do not let a dot hide
inside an enumeration as well.

Xr cleanup; seb@todesplanet.de

Document transparent IPsec.

document when the bridge will fragment ip packets..
- ok jason@, dhartmei@

ip6 corrections; pb@sysfive.com

add support for creating span ports so that one can snoop a bridge
from another interface/machine/network.

Make nroff happy with .Sq rather than literal quotes.

Document bridge/pf interaction more appropriately. Ok Jason Wright.

Powered by @mantoya:
o) start new sentence on a new line;
o) minor mdoc fixes;
millert@ ok

Tip of the day: www.mpechismazohist.com

o) We don't like .Pp before/after .Sh;
o) .Nm always has argument in .Sh SYNOPSIS;
o) We always closes .Bl and .Bd tags;

millert@ ok

Clarify the wording of the input-rules-only restriction. ok jason@

IPF->PF Xr reference; openbsd@davidkrause.com

PF-related text/references (jsyn@nthought.com)

Remove loop detection bug, even though we may not be quite finished
with it yet. We should be done in the next few days.

comment out references to ipf to be replaced in the future with whatever packet filter we end up using

Update for use of gif.

Various repairs.

.Sh AUTHOR -> AUTHORS, ok aaron@

Remove merge conflict marker accidentaly left in this file.

ethernet -> Ethernet

Purely mdoc fixes.

fix conflict remnant; jakob@crt.se

mention enc interfaces, too

Remove trailing whitespace.

Use .An and Aq constructs

typo

only ipf input rules are used

add ethernet MAC filtering capability
also includes split of bridgeintr() with some optimizations for quicker
frame handling

Document the blocknonip flag.

Xr bridgename.if(5)

there is no IP(4) manpage...

Typo fixes.

Don't delete the cache on down/up transitions unless it's empty. Instead
flush the dynamics. Required other handling of the cache table to accomodate.
Modify SIOCBRDGFLUSH to handle flushall and flush dynamic requests.

- remove all trailing whitespace
* except when it is escaped with a `\' at the end of the line
- fix remaining .Nm usage as well
- this is from a patch I received from kwesterback@home.com, who has been
working on some scripts for fixing formatting errors in mdoc'd man pages

Ok, so there could be a cost/benefit debate with this commit, but since I have
the patch we might as well commit it...

longer explanation of what a bridge is and why you'd use this one

Typos; Suzanne M. Lea <smlea@uncg.edu>

finish documenting ioctls and errors

Add flag to allow some interfaces to not see packets with unknown destination.

Add the ability to mark an interface as "non-learning"

big overhaul:
o SNAP encapsulated IP filtering
o static address cache entries
o address deletion from cache
o dynamic & full cache flush
o filter packets based on each interface, not on the bridge as a whole
o KNF nits
o allow addition of ~IFF_UP interfaces
o man page & user level fixes to match the above

Make address cache expiration actually work and provide a knob
for adjusting the timeout.

reflect new ioctl interfaces
move sections around to match mdoc.template

spacing

Ethernet bridge/IP firewall driver.

Unhook switch.4 and update bridge.4 since some switch(4) specific ioctls
will be removed soon.
OK sthen@ kn@ patrick@

Mention tpmr(4) using bridge ioctls

knock out useless Pp;

STP works fine on etherip(4), it was gif(4) that lacked a MAC address.

getting etherip(4) to talk to a switch so i could verify this was
pretty fun.

remi@ pointed this bit of the manpage out somewhere, but it didn't
seem right anymore since etherip(4) was split out of gif(4). these
days if we have an interface that can be added to a bridge, we try
to make it look like an actual ethernet interface, which includes
having a mac address. we don't really have interfaces that change
modes and have these edge cases anymore.

Document port protection support in switch(4). Also add SIOCBRDGSIFPROT to
list of ioctls in bridge(4).

OK ccardenas@ kn@ phessler@

remove defines for ioctls the kernel doesn't recognise
ok mpi@

tweak previous;

Add switch(4) man page and update the bridge(4) man page about the
modification for switch(4).

ok goda

etherip(4) was introduced in 5.9 as a clean alternative to gif(4)'s layer-2
mode that was enabled when it was added to a bridge(4). Update the manual
pages to direct people towards using etherip(4) for this purpose.
Reads fine to jmc@, ok mpi@.

This code will be removed from gif(4) in the future. Switching should be
as simple as renaming the config file (hostname.gifX -> hostname.etheripX),
changing the interface name in hostname.bridgeX, and updating firewall
rules etc. to match - I've tested this with etherip+bridge+isakmpd+ospf
tunnels.

convert .Fd #include to .In

obvious .Pa fixes; found with mandocdb(8)

use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@

blocknonip fix; from Holger Mikolon
ok deraadt

Move information describing the bridge and brconfig behaviour into
the relevant manual pages. Functionality is described in the (4)
pages, controlling the functionality in ifconfig(8), and the hostname.if
gains the old bridgename.if(5) functionality.
ok claudio jmc

vether(4) is a virtual ethernet device driver which can be used
so that a bridge-etherip-tunnel host can join into the bridge itself.
It is ridiculous that this capability was missing from our network
stack portfolio, considering we have bgp and ospf daemons...
discussed at length with claudio

Clarifications about the interaction of bridge and PF.
From Geoff Steckel with a few changes

"please commit it (if no one objects)" jmc, "yes" henning

convert to new .Dd format;

no need to cause every reference to pf to be an Xr; on the other
hand, referencing `PF' is not so helpful either;

mutated from a diff from okan demirmen;

remove trailing space;

'keep state' is now the default.

ok jmc

add includes; from peter philipp (pr #5177)
ok mickey

let us not talk about ipsecadm and vpn anymore; ok reyk

no need to specify a "count" argument: ifconfig(8) handles these
"on demand";

from jan niemann;
ok deraadt

sync to reality, document missing ioctls
mdoc fixes
normalize ioctl listing
slightly reorganize some parts
grammar, punctuation, and rewording fixes
remove crud introduced in rev 1.17 and never removed

Note: this update does *not* include the controversial stuff discussed
on h@; it contains what is in the header file.

help and ok (previously) jmc

uppercase + whitespace fix from jmc@.

Talk about return-rst improvements. noticed+ok deraadt@

mention ifconfig create; sync synopsis like (Op Ar count). with jmc, deraadt

remove .Pp's before lists and displays;

- fix lists/displays
- quote .Cd's
- add/remove .Pp's as necessary
- fix some .Re/.Rs's
- simplify macros

sync struct ifbrlreq with reality

document that is is unsupported to use return-rst/icmp or synproxy
on bridging firewalls

henning@ ok, spelling fixes from jmc@

- section reorder
- some macro fixes
- kill whitespace at EOL

Nuke clause 3 & 4.

corrections from Leandro Costa.

- corrections to tradenames
- updated URLs
- general typos

thanks Leandro!

various typos;

document SIOCBRDGARL; pointed out by jmc

no photurisd

Do not end an enumerations of Xr with a dot, and do not let a dot hide
inside an enumeration as well.

Xr cleanup; seb@todesplanet.de

Document transparent IPsec.

document when the bridge will fragment ip packets..
- ok jason@, dhartmei@

ip6 corrections; pb@sysfive.com

add support for creating span ports so that one can snoop a bridge
from another interface/machine/network.

Make nroff happy with .Sq rather than literal quotes.

Document bridge/pf interaction more appropriately. Ok Jason Wright.

Powered by @mantoya:
o) start new sentence on a new line;
o) minor mdoc fixes;
millert@ ok

Tip of the day: www.mpechismazohist.com

o) We don't like .Pp before/after .Sh;
o) .Nm always has argument in .Sh SYNOPSIS;
o) We always closes .Bl and .Bd tags;

millert@ ok

Clarify the wording of the input-rules-only restriction. ok jason@

IPF->PF Xr reference; openbsd@davidkrause.com

PF-related text/references (jsyn@nthought.com)

Remove loop detection bug, even though we may not be quite finished
with it yet. We should be done in the next few days.

comment out references to ipf to be replaced in the future with whatever packet filter we end up using

Update for use of gif.

Various repairs.

.Sh AUTHOR -> AUTHORS, ok aaron@

Remove merge conflict marker accidentaly left in this file.

ethernet -> Ethernet

Purely mdoc fixes.

fix conflict remnant; jakob@crt.se

mention enc interfaces, too

Remove trailing whitespace.

Use .An and Aq constructs

typo

only ipf input rules are used

add ethernet MAC filtering capability
also includes split of bridgeintr() with some optimizations for quicker
frame handling

Document the blocknonip flag.

Xr bridgename.if(5)

there is no IP(4) manpage...

Typo fixes.

Don't delete the cache on down/up transitions unless it's empty. Instead
flush the dynamics. Required other handling of the cache table to accomodate.
Modify SIOCBRDGFLUSH to handle flushall and flush dynamic requests.

- remove all trailing whitespace
* except when it is escaped with a `\' at the end of the line
- fix remaining .Nm usage as well
- this is from a patch I received from kwesterback@home.com, who has been
working on some scripts for fixing formatting errors in mdoc'd man pages

Ok, so there could be a cost/benefit debate with this commit, but since I have
the patch we might as well commit it...

longer explanation of what a bridge is and why you'd use this one

Typos; Suzanne M. Lea <smlea@uncg.edu>

finish documenting ioctls and errors

Add flag to allow some interfaces to not see packets with unknown destination.

Add the ability to mark an interface as "non-learning"

big overhaul:
o SNAP encapsulated IP filtering
o static address cache entries
o address deletion from cache
o dynamic & full cache flush
o filter packets based on each interface, not on the bridge as a whole
o KNF nits
o allow addition of ~IFF_UP interfaces
o man page & user level fixes to match the above

Make address cache expiration actually work and provide a knob
for adjusting the timeout.

reflect new ioctl interfaces
move sections around to match mdoc.template

spacing

Ethernet bridge/IP firewall driver.

Mention tpmr(4) using bridge ioctls

knock out useless Pp;

STP works fine on etherip(4), it was gif(4) that lacked a MAC address.

getting etherip(4) to talk to a switch so i could verify this was
pretty fun.

remi@ pointed this bit of the manpage out somewhere, but it didn't
seem right anymore since etherip(4) was split out of gif(4). these
days if we have an interface that can be added to a bridge, we try
to make it look like an actual ethernet interface, which includes
having a mac address. we don't really have interfaces that change
modes and have these edge cases anymore.

Document port protection support in switch(4). Also add SIOCBRDGSIFPROT to
list of ioctls in bridge(4).

OK ccardenas@ kn@ phessler@

remove defines for ioctls the kernel doesn't recognise
ok mpi@

tweak previous;

Add switch(4) man page and update the bridge(4) man page about the
modification for switch(4).

ok goda

etherip(4) was introduced in 5.9 as a clean alternative to gif(4)'s layer-2
mode that was enabled when it was added to a bridge(4). Update the manual
pages to direct people towards using etherip(4) for this purpose.
Reads fine to jmc@, ok mpi@.

This code will be removed from gif(4) in the future. Switching should be
as simple as renaming the config file (hostname.gifX -> hostname.etheripX),
changing the interface name in hostname.bridgeX, and updating firewall
rules etc. to match - I've tested this with etherip+bridge+isakmpd+ospf
tunnels.

convert .Fd #include to .In

obvious .Pa fixes; found with mandocdb(8)

use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@

blocknonip fix; from Holger Mikolon
ok deraadt

Move information describing the bridge and brconfig behaviour into
the relevant manual pages. Functionality is described in the (4)
pages, controlling the functionality in ifconfig(8), and the hostname.if
gains the old bridgename.if(5) functionality.
ok claudio jmc

vether(4) is a virtual ethernet device driver which can be used
so that a bridge-etherip-tunnel host can join into the bridge itself.
It is ridiculous that this capability was missing from our network
stack portfolio, considering we have bgp and ospf daemons...
discussed at length with claudio

Clarifications about the interaction of bridge and PF.
From Geoff Steckel with a few changes

"please commit it (if no one objects)" jmc, "yes" henning

convert to new .Dd format;

no need to cause every reference to pf to be an Xr; on the other
hand, referencing `PF' is not so helpful either;

mutated from a diff from okan demirmen;

remove trailing space;

'keep state' is now the default.

ok jmc

add includes; from peter philipp (pr #5177)
ok mickey

let us not talk about ipsecadm and vpn anymore; ok reyk

no need to specify a "count" argument: ifconfig(8) handles these
"on demand";

from jan niemann;
ok deraadt

sync to reality, document missing ioctls
mdoc fixes
normalize ioctl listing
slightly reorganize some parts
grammar, punctuation, and rewording fixes
remove crud introduced in rev 1.17 and never removed

Note: this update does *not* include the controversial stuff discussed
on h@; it contains what is in the header file.

help and ok (previously) jmc

uppercase + whitespace fix from jmc@.

Talk about return-rst improvements. noticed+ok deraadt@

mention ifconfig create; sync synopsis like (Op Ar count). with jmc, deraadt

remove .Pp's before lists and displays;

- fix lists/displays
- quote .Cd's
- add/remove .Pp's as necessary
- fix some .Re/.Rs's
- simplify macros

sync struct ifbrlreq with reality

document that is is unsupported to use return-rst/icmp or synproxy
on bridging firewalls

henning@ ok, spelling fixes from jmc@

- section reorder
- some macro fixes
- kill whitespace at EOL

Nuke clause 3 & 4.

corrections from Leandro Costa.

- corrections to tradenames
- updated URLs
- general typos

thanks Leandro!

various typos;

document SIOCBRDGARL; pointed out by jmc

no photurisd

Do not end an enumerations of Xr with a dot, and do not let a dot hide
inside an enumeration as well.

Xr cleanup; seb@todesplanet.de

Document transparent IPsec.

document when the bridge will fragment ip packets..
- ok jason@, dhartmei@

ip6 corrections; pb@sysfive.com

add support for creating span ports so that one can snoop a bridge
from another interface/machine/network.

Make nroff happy with .Sq rather than literal quotes.

Document bridge/pf interaction more appropriately. Ok Jason Wright.

Powered by @mantoya:
o) start new sentence on a new line;
o) minor mdoc fixes;
millert@ ok

Tip of the day: www.mpechismazohist.com

o) We don't like .Pp before/after .Sh;
o) .Nm always has argument in .Sh SYNOPSIS;
o) We always closes .Bl and .Bd tags;

millert@ ok

Clarify the wording of the input-rules-only restriction. ok jason@

IPF->PF Xr reference; openbsd@davidkrause.com

PF-related text/references (jsyn@nthought.com)

Remove loop detection bug, even though we may not be quite finished
with it yet. We should be done in the next few days.

comment out references to ipf to be replaced in the future with whatever packet filter we end up using

Update for use of gif.

Various repairs.

.Sh AUTHOR -> AUTHORS, ok aaron@

Remove merge conflict marker accidentaly left in this file.

ethernet -> Ethernet

Purely mdoc fixes.

fix conflict remnant; jakob@crt.se

mention enc interfaces, too

Remove trailing whitespace.

Use .An and Aq constructs

typo

only ipf input rules are used

add ethernet MAC filtering capability
also includes split of bridgeintr() with some optimizations for quicker
frame handling

Document the blocknonip flag.

Xr bridgename.if(5)

there is no IP(4) manpage...

Typo fixes.

Don't delete the cache on down/up transitions unless it's empty. Instead
flush the dynamics. Required other handling of the cache table to accomodate.
Modify SIOCBRDGFLUSH to handle flushall and flush dynamic requests.

- remove all trailing whitespace
* except when it is escaped with a `\' at the end of the line
- fix remaining .Nm usage as well
- this is from a patch I received from kwesterback@home.com, who has been
working on some scripts for fixing formatting errors in mdoc'd man pages

Ok, so there could be a cost/benefit debate with this commit, but since I have
the patch we might as well commit it...

longer explanation of what a bridge is and why you'd use this one

Typos; Suzanne M. Lea <smlea@uncg.edu>

finish documenting ioctls and errors

Add flag to allow some interfaces to not see packets with unknown destination.

Add the ability to mark an interface as "non-learning"

big overhaul:
o SNAP encapsulated IP filtering
o static address cache entries
o address deletion from cache
o dynamic & full cache flush
o filter packets based on each interface, not on the bridge as a whole
o KNF nits
o allow addition of ~IFF_UP interfaces
o man page & user level fixes to match the above

Make address cache expiration actually work and provide a knob
for adjusting the timeout.

reflect new ioctl interfaces
move sections around to match mdoc.template

spacing

Ethernet bridge/IP firewall driver.

knock out useless Pp;

STP works fine on etherip(4), it was gif(4) that lacked a MAC address.

getting etherip(4) to talk to a switch so i could verify this was
pretty fun.

remi@ pointed this bit of the manpage out somewhere, but it didn't
seem right anymore since etherip(4) was split out of gif(4). these
days if we have an interface that can be added to a bridge, we try
to make it look like an actual ethernet interface, which includes
having a mac address. we don't really have interfaces that change
modes and have these edge cases anymore.

Document port protection support in switch(4). Also add SIOCBRDGSIFPROT to
list of ioctls in bridge(4).

OK ccardenas@ kn@ phessler@

remove defines for ioctls the kernel doesn't recognise
ok mpi@

tweak previous;

Add switch(4) man page and update the bridge(4) man page about the
modification for switch(4).

ok goda

etherip(4) was introduced in 5.9 as a clean alternative to gif(4)'s layer-2
mode that was enabled when it was added to a bridge(4). Update the manual
pages to direct people towards using etherip(4) for this purpose.
Reads fine to jmc@, ok mpi@.

This code will be removed from gif(4) in the future. Switching should be
as simple as renaming the config file (hostname.gifX -> hostname.etheripX),
changing the interface name in hostname.bridgeX, and updating firewall
rules etc. to match - I've tested this with etherip+bridge+isakmpd+ospf
tunnels.

convert .Fd #include to .In

obvious .Pa fixes; found with mandocdb(8)

use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@

blocknonip fix; from Holger Mikolon
ok deraadt

Move information describing the bridge and brconfig behaviour into
the relevant manual pages. Functionality is described in the (4)
pages, controlling the functionality in ifconfig(8), and the hostname.if
gains the old bridgename.if(5) functionality.
ok claudio jmc

vether(4) is a virtual ethernet device driver which can be used
so that a bridge-etherip-tunnel host can join into the bridge itself.
It is ridiculous that this capability was missing from our network
stack portfolio, considering we have bgp and ospf daemons...
discussed at length with claudio

Clarifications about the interaction of bridge and PF.
From Geoff Steckel with a few changes

"please commit it (if no one objects)" jmc, "yes" henning

convert to new .Dd format;

no need to cause every reference to pf to be an Xr; on the other
hand, referencing `PF' is not so helpful either;

mutated from a diff from okan demirmen;

remove trailing space;

'keep state' is now the default.

ok jmc

add includes; from peter philipp (pr #5177)
ok mickey

let us not talk about ipsecadm and vpn anymore; ok reyk

no need to specify a "count" argument: ifconfig(8) handles these
"on demand";

from jan niemann;
ok deraadt

sync to reality, document missing ioctls
mdoc fixes
normalize ioctl listing
slightly reorganize some parts
grammar, punctuation, and rewording fixes
remove crud introduced in rev 1.17 and never removed

Note: this update does *not* include the controversial stuff discussed
on h@; it contains what is in the header file.

help and ok (previously) jmc

uppercase + whitespace fix from jmc@.

Talk about return-rst improvements. noticed+ok deraadt@

mention ifconfig create; sync synopsis like (Op Ar count). with jmc, deraadt

remove .Pp's before lists and displays;

- fix lists/displays
- quote .Cd's
- add/remove .Pp's as necessary
- fix some .Re/.Rs's
- simplify macros

sync struct ifbrlreq with reality

document that is is unsupported to use return-rst/icmp or synproxy
on bridging firewalls

henning@ ok, spelling fixes from jmc@

- section reorder
- some macro fixes
- kill whitespace at EOL

Nuke clause 3 & 4.

corrections from Leandro Costa.

- corrections to tradenames
- updated URLs
- general typos

thanks Leandro!

various typos;

document SIOCBRDGARL; pointed out by jmc

no photurisd

Do not end an enumerations of Xr with a dot, and do not let a dot hide
inside an enumeration as well.

Xr cleanup; seb@todesplanet.de

Document transparent IPsec.

document when the bridge will fragment ip packets..
- ok jason@, dhartmei@

ip6 corrections; pb@sysfive.com

add support for creating span ports so that one can snoop a bridge
from another interface/machine/network.

Make nroff happy with .Sq rather than literal quotes.

Document bridge/pf interaction more appropriately. Ok Jason Wright.

Powered by @mantoya:
o) start new sentence on a new line;
o) minor mdoc fixes;
millert@ ok

Tip of the day: www.mpechismazohist.com

o) We don't like .Pp before/after .Sh;
o) .Nm always has argument in .Sh SYNOPSIS;
o) We always closes .Bl and .Bd tags;

millert@ ok

Clarify the wording of the input-rules-only restriction. ok jason@

IPF->PF Xr reference; openbsd@davidkrause.com

PF-related text/references (jsyn@nthought.com)

Remove loop detection bug, even though we may not be quite finished
with it yet. We should be done in the next few days.

comment out references to ipf to be replaced in the future with whatever packet filter we end up using

Update for use of gif.

Various repairs.

.Sh AUTHOR -> AUTHORS, ok aaron@

Remove merge conflict marker accidentaly left in this file.

ethernet -> Ethernet

Purely mdoc fixes.

fix conflict remnant; jakob@crt.se

mention enc interfaces, too

Remove trailing whitespace.

Use .An and Aq constructs

typo

only ipf input rules are used

add ethernet MAC filtering capability
also includes split of bridgeintr() with some optimizations for quicker
frame handling

Document the blocknonip flag.

Xr bridgename.if(5)

there is no IP(4) manpage...

Typo fixes.

Don't delete the cache on down/up transitions unless it's empty. Instead
flush the dynamics. Required other handling of the cache table to accomodate.
Modify SIOCBRDGFLUSH to handle flushall and flush dynamic requests.

- remove all trailing whitespace
* except when it is escaped with a `\' at the end of the line
- fix remaining .Nm usage as well
- this is from a patch I received from kwesterback@home.com, who has been
working on some scripts for fixing formatting errors in mdoc'd man pages

Ok, so there could be a cost/benefit debate with this commit, but since I have
the patch we might as well commit it...

longer explanation of what a bridge is and why you'd use this one

Typos; Suzanne M. Lea <smlea@uncg.edu>

finish documenting ioctls and errors

Add flag to allow some interfaces to not see packets with unknown destination.

Add the ability to mark an interface as "non-learning"

big overhaul:
o SNAP encapsulated IP filtering
o static address cache entries
o address deletion from cache
o dynamic & full cache flush
o filter packets based on each interface, not on the bridge as a whole
o KNF nits
o allow addition of ~IFF_UP interfaces
o man page & user level fixes to match the above

Make address cache expiration actually work and provide a knob
for adjusting the timeout.

reflect new ioctl interfaces
move sections around to match mdoc.template

spacing

Ethernet bridge/IP firewall driver.

Document port protection support in switch(4). Also add SIOCBRDGSIFPROT to
list of ioctls in bridge(4).

OK ccardenas@ kn@ phessler@

remove defines for ioctls the kernel doesn't recognise
ok mpi@

tweak previous;

Add switch(4) man page and update the bridge(4) man page about the
modification for switch(4).

ok goda

etherip(4) was introduced in 5.9 as a clean alternative to gif(4)'s layer-2
mode that was enabled when it was added to a bridge(4). Update the manual
pages to direct people towards using etherip(4) for this purpose.
Reads fine to jmc@, ok mpi@.

This code will be removed from gif(4) in the future. Switching should be
as simple as renaming the config file (hostname.gifX -> hostname.etheripX),
changing the interface name in hostname.bridgeX, and updating firewall
rules etc. to match - I've tested this with etherip+bridge+isakmpd+ospf
tunnels.

convert .Fd #include to .In

obvious .Pa fixes; found with mandocdb(8)

use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@

blocknonip fix; from Holger Mikolon
ok deraadt

Move information describing the bridge and brconfig behaviour into
the relevant manual pages. Functionality is described in the (4)
pages, controlling the functionality in ifconfig(8), and the hostname.if
gains the old bridgename.if(5) functionality.
ok claudio jmc

vether(4) is a virtual ethernet device driver which can be used
so that a bridge-etherip-tunnel host can join into the bridge itself.
It is ridiculous that this capability was missing from our network
stack portfolio, considering we have bgp and ospf daemons...
discussed at length with claudio

Clarifications about the interaction of bridge and PF.
From Geoff Steckel with a few changes

"please commit it (if no one objects)" jmc, "yes" henning

convert to new .Dd format;

no need to cause every reference to pf to be an Xr; on the other
hand, referencing `PF' is not so helpful either;

mutated from a diff from okan demirmen;

remove trailing space;

'keep state' is now the default.

ok jmc

add includes; from peter philipp (pr #5177)
ok mickey

let us not talk about ipsecadm and vpn anymore; ok reyk

no need to specify a "count" argument: ifconfig(8) handles these
"on demand";

from jan niemann;
ok deraadt

sync to reality, document missing ioctls
mdoc fixes
normalize ioctl listing
slightly reorganize some parts
grammar, punctuation, and rewording fixes
remove crud introduced in rev 1.17 and never removed

Note: this update does *not* include the controversial stuff discussed
on h@; it contains what is in the header file.

help and ok (previously) jmc

uppercase + whitespace fix from jmc@.

Talk about return-rst improvements. noticed+ok deraadt@

mention ifconfig create; sync synopsis like (Op Ar count). with jmc, deraadt

remove .Pp's before lists and displays;

- fix lists/displays
- quote .Cd's
- add/remove .Pp's as necessary
- fix some .Re/.Rs's
- simplify macros

sync struct ifbrlreq with reality

document that is is unsupported to use return-rst/icmp or synproxy
on bridging firewalls

henning@ ok, spelling fixes from jmc@

- section reorder
- some macro fixes
- kill whitespace at EOL

Nuke clause 3 & 4.

corrections from Leandro Costa.

- corrections to tradenames
- updated URLs
- general typos

thanks Leandro!

various typos;

document SIOCBRDGARL; pointed out by jmc

no photurisd

Do not end an enumerations of Xr with a dot, and do not let a dot hide
inside an enumeration as well.

Xr cleanup; seb@todesplanet.de

Document transparent IPsec.

document when the bridge will fragment ip packets..
- ok jason@, dhartmei@

ip6 corrections; pb@sysfive.com

add support for creating span ports so that one can snoop a bridge
from another interface/machine/network.

Make nroff happy with .Sq rather than literal quotes.

Document bridge/pf interaction more appropriately. Ok Jason Wright.

Powered by @mantoya:
o) start new sentence on a new line;
o) minor mdoc fixes;
millert@ ok

Tip of the day: www.mpechismazohist.com

o) We don't like .Pp before/after .Sh;
o) .Nm always has argument in .Sh SYNOPSIS;
o) We always closes .Bl and .Bd tags;

millert@ ok

Clarify the wording of the input-rules-only restriction. ok jason@

IPF->PF Xr reference; openbsd@davidkrause.com