From 100d1b33f088fd38f69129afff7f9c2a1e084a57 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 24 May 2024 06:52:24 +0200 Subject: Merging upstream version 6.8. Signed-off-by: Daniel Baumann --- man7 | 1 + man7/address_families.7 | 392 ---- man7/aio.7 | 446 ---- man7/armscii-8.7 | 120 - man7/arp.7 | 306 --- man7/ascii.7 | 169 -- man7/attributes.7 | 865 -------- man7/boot.7 | 230 -- man7/bootparam.7 | 664 ------ man7/bpf-helpers.7 | 5171 ------------------------------------------- man7/capabilities.7 | 1872 ---------------- man7/cgroup_namespaces.7 | 248 --- man7/cgroups.7 | 1914 ---------------- man7/charsets.7 | 335 --- man7/complex.7 | 83 - man7/cp1251.7 | 166 -- man7/cp1252.7 | 156 -- man7/cpuset.7 | 1504 ------------- man7/credentials.7 | 384 ---- man7/ddp.7 | 245 -- man7/environ.7 | 354 --- man7/epoll.7 | 610 ----- man7/fanotify.7 | 1456 ------------ man7/feature_test_macros.7 | 937 -------- man7/fifo.7 | 70 - man7/futex.7 | 121 - man7/glibc.7 | 1 - man7/glob.7 | 205 -- man7/hier.7 | 654 ------ man7/hostname.7 | 97 - man7/icmp.7 | 196 -- man7/inode.7 | 480 ---- man7/inotify.7 | 1100 --------- man7/intro.7 | 23 - man7/ip.7 | 1541 ------------- man7/ipc_namespaces.7 | 66 - man7/ipv6.7 | 416 ---- man7/iso-8859-1.7 | 1 - man7/iso-8859-10.7 | 1 - man7/iso-8859-11.7 | 1 - man7/iso-8859-13.7 | 1 - man7/iso-8859-14.7 | 1 - man7/iso-8859-15.7 | 1 - man7/iso-8859-16.7 | 1 - man7/iso-8859-2.7 | 1 - man7/iso-8859-3.7 | 1 - man7/iso-8859-4.7 | 1 - man7/iso-8859-5.7 | 1 - man7/iso-8859-6.7 | 1 - man7/iso-8859-7.7 | 1 - man7/iso-8859-8.7 | 1 - man7/iso-8859-9.7 | 1 - man7/iso_8859-1.7 | 150 -- man7/iso_8859-10.7 | 146 -- man7/iso_8859-11.7 | 143 -- man7/iso_8859-13.7 | 146 -- man7/iso_8859-14.7 | 146 -- man7/iso_8859-15.7 | 149 -- man7/iso_8859-16.7 | 147 -- man7/iso_8859-2.7 | 151 -- man7/iso_8859-3.7 | 139 -- man7/iso_8859-4.7 | 146 -- man7/iso_8859-5.7 | 151 -- man7/iso_8859-6.7 | 104 - man7/iso_8859-7.7 | 150 -- man7/iso_8859-8.7 | 114 - man7/iso_8859-9.7 | 146 -- man7/iso_8859_1.7 | 1 - man7/iso_8859_10.7 | 1 - man7/iso_8859_11.7 | 1 - man7/iso_8859_13.7 | 1 - man7/iso_8859_14.7 | 1 - man7/iso_8859_15.7 | 1 - man7/iso_8859_16.7 | 1 - man7/iso_8859_2.7 | 1 - man7/iso_8859_3.7 | 1 - man7/iso_8859_4.7 | 1 - man7/iso_8859_5.7 | 1 - man7/iso_8859_6.7 | 1 - man7/iso_8859_7.7 | 1 - man7/iso_8859_8.7 | 1 - man7/iso_8859_9.7 | 1 - man7/kernel_lockdown.7 | 109 - man7/keyrings.7 | 901 -------- man7/koi8-r.7 | 169 -- man7/koi8-u.7 | 175 -- man7/landlock.7 | 585 ----- man7/latin1.7 | 1 - man7/latin10.7 | 1 - man7/latin2.7 | 1 - man7/latin3.7 | 1 - man7/latin4.7 | 1 - man7/latin5.7 | 1 - man7/latin6.7 | 1 - man7/latin7.7 | 1 - man7/latin8.7 | 1 - man7/latin9.7 | 1 - man7/libc.7 | 115 - man7/locale.7 | 379 ---- man7/mailaddr.7 | 134 -- man7/man-pages.7 | 1227 ---------- man7/man.7 | 1 - man7/math_error.7 | 246 -- man7/mount_namespaces.7 | 1371 ------------ man7/mq_overview.7 | 389 ---- man7/namespaces.7 | 417 ---- man7/netdevice.7 | 449 ---- man7/netlink.7 | 611 ----- man7/network_namespaces.7 | 62 - man7/nptl.7 | 112 - man7/numa.7 | 170 -- man7/operator.7 | 54 - man7/packet.7 | 694 ------ man7/path_resolution.7 | 264 --- man7/persistent-keyring.7 | 124 -- man7/pid_namespaces.7 | 388 ---- man7/pipe.7 | 407 ---- man7/pkeys.7 | 237 -- man7/posixoptions.7 | 1014 --------- man7/precedence.7 | 1 - man7/process-keyring.7 | 55 - man7/pthreads.7 | 937 -------- man7/pty.7 | 161 -- man7/queue.7 | 138 -- man7/random.7 | 213 -- man7/raw.7 | 281 --- man7/regex.7 | 293 --- man7/rtld-audit.7 | 606 ----- man7/rtnetlink.7 | 590 ----- man7/sched.7 | 992 --------- man7/sem_overview.7 | 139 -- man7/session-keyring.7 | 113 - man7/shm_overview.7 | 104 - man7/sigevent.7 | 1 - man7/signal-safety.7 | 341 --- man7/signal.7 | 1019 --------- man7/sock_diag.7 | 825 ------- man7/socket.7 | 1274 ----------- man7/spufs.7 | 804 ------- man7/standards.7 | 307 --- man7/string_copying.7 | 767 ------- man7/suffixes.7 | 265 --- man7/svipc.7 | 1 - man7/symlink.7 | 564 ----- man7/system_data_types.7 | 242 -- man7/sysvipc.7 | 99 - man7/tcp.7 | 1563 ------------- man7/termio.7 | 45 - man7/thread-keyring.7 | 50 - man7/time.7 | 218 -- man7/time_namespaces.7 | 345 --- man7/tis-620.7 | 1 - man7/udp.7 | 312 --- man7/udplite.7 | 137 -- man7/unicode.7 | 246 -- man7/units.7 | 108 - man7/unix.7 | 1223 ---------- man7/uri.7 | 761 ------- man7/url.7 | 1 - man7/urn.7 | 1 - man7/user-keyring.7 | 81 - man7/user-session-keyring.7 | 92 - man7/user_namespaces.7 | 1469 ------------ man7/utf-8.7 | 205 -- man7/utf8.7 | 1 - man7/uts_namespaces.7 | 46 - man7/vdso.7 | 612 ----- man7/vsock.7 | 232 -- man7/x25.7 | 124 -- man7/xattr.7 | 180 -- 170 files changed, 1 insertion(+), 55754 deletions(-) create mode 120000 man7 delete mode 100644 man7/address_families.7 delete mode 100644 man7/aio.7 delete mode 100644 man7/armscii-8.7 delete mode 100644 man7/arp.7 delete mode 100644 man7/ascii.7 delete mode 100644 man7/attributes.7 delete mode 100644 man7/boot.7 delete mode 100644 man7/bootparam.7 delete mode 100644 man7/bpf-helpers.7 delete mode 100644 man7/capabilities.7 delete mode 100644 man7/cgroup_namespaces.7 delete mode 100644 man7/cgroups.7 delete mode 100644 man7/charsets.7 delete mode 100644 man7/complex.7 delete mode 100644 man7/cp1251.7 delete mode 100644 man7/cp1252.7 delete mode 100644 man7/cpuset.7 delete mode 100644 man7/credentials.7 delete mode 100644 man7/ddp.7 delete mode 100644 man7/environ.7 delete mode 100644 man7/epoll.7 delete mode 100644 man7/fanotify.7 delete mode 100644 man7/feature_test_macros.7 delete mode 100644 man7/fifo.7 delete mode 100644 man7/futex.7 delete mode 100644 man7/glibc.7 delete mode 100644 man7/glob.7 delete mode 100644 man7/hier.7 delete mode 100644 man7/hostname.7 delete mode 100644 man7/icmp.7 delete mode 100644 man7/inode.7 delete mode 100644 man7/inotify.7 delete mode 100644 man7/intro.7 delete mode 100644 man7/ip.7 delete mode 100644 man7/ipc_namespaces.7 delete mode 100644 man7/ipv6.7 delete mode 100644 man7/iso-8859-1.7 delete mode 100644 man7/iso-8859-10.7 delete mode 100644 man7/iso-8859-11.7 delete mode 100644 man7/iso-8859-13.7 delete mode 100644 man7/iso-8859-14.7 delete mode 100644 man7/iso-8859-15.7 delete mode 100644 man7/iso-8859-16.7 delete mode 100644 man7/iso-8859-2.7 delete mode 100644 man7/iso-8859-3.7 delete mode 100644 man7/iso-8859-4.7 delete mode 100644 man7/iso-8859-5.7 delete mode 100644 man7/iso-8859-6.7 delete mode 100644 man7/iso-8859-7.7 delete mode 100644 man7/iso-8859-8.7 delete mode 100644 man7/iso-8859-9.7 delete mode 100644 man7/iso_8859-1.7 delete mode 100644 man7/iso_8859-10.7 delete mode 100644 man7/iso_8859-11.7 delete mode 100644 man7/iso_8859-13.7 delete mode 100644 man7/iso_8859-14.7 delete mode 100644 man7/iso_8859-15.7 delete mode 100644 man7/iso_8859-16.7 delete mode 100644 man7/iso_8859-2.7 delete mode 100644 man7/iso_8859-3.7 delete mode 100644 man7/iso_8859-4.7 delete mode 100644 man7/iso_8859-5.7 delete mode 100644 man7/iso_8859-6.7 delete mode 100644 man7/iso_8859-7.7 delete mode 100644 man7/iso_8859-8.7 delete mode 100644 man7/iso_8859-9.7 delete mode 100644 man7/iso_8859_1.7 delete mode 100644 man7/iso_8859_10.7 delete mode 100644 man7/iso_8859_11.7 delete mode 100644 man7/iso_8859_13.7 delete mode 100644 man7/iso_8859_14.7 delete mode 100644 man7/iso_8859_15.7 delete mode 100644 man7/iso_8859_16.7 delete mode 100644 man7/iso_8859_2.7 delete mode 100644 man7/iso_8859_3.7 delete mode 100644 man7/iso_8859_4.7 delete mode 100644 man7/iso_8859_5.7 delete mode 100644 man7/iso_8859_6.7 delete mode 100644 man7/iso_8859_7.7 delete mode 100644 man7/iso_8859_8.7 delete mode 100644 man7/iso_8859_9.7 delete mode 100644 man7/kernel_lockdown.7 delete mode 100644 man7/keyrings.7 delete mode 100644 man7/koi8-r.7 delete mode 100644 man7/koi8-u.7 delete mode 100644 man7/landlock.7 delete mode 100644 man7/latin1.7 delete mode 100644 man7/latin10.7 delete mode 100644 man7/latin2.7 delete mode 100644 man7/latin3.7 delete mode 100644 man7/latin4.7 delete mode 100644 man7/latin5.7 delete mode 100644 man7/latin6.7 delete mode 100644 man7/latin7.7 delete mode 100644 man7/latin8.7 delete mode 100644 man7/latin9.7 delete mode 100644 man7/libc.7 delete mode 100644 man7/locale.7 delete mode 100644 man7/mailaddr.7 delete mode 100644 man7/man-pages.7 delete mode 100644 man7/man.7 delete mode 100644 man7/math_error.7 delete mode 100644 man7/mount_namespaces.7 delete mode 100644 man7/mq_overview.7 delete mode 100644 man7/namespaces.7 delete mode 100644 man7/netdevice.7 delete mode 100644 man7/netlink.7 delete mode 100644 man7/network_namespaces.7 delete mode 100644 man7/nptl.7 delete mode 100644 man7/numa.7 delete mode 100644 man7/operator.7 delete mode 100644 man7/packet.7 delete mode 100644 man7/path_resolution.7 delete mode 100644 man7/persistent-keyring.7 delete mode 100644 man7/pid_namespaces.7 delete mode 100644 man7/pipe.7 delete mode 100644 man7/pkeys.7 delete mode 100644 man7/posixoptions.7 delete mode 100644 man7/precedence.7 delete mode 100644 man7/process-keyring.7 delete mode 100644 man7/pthreads.7 delete mode 100644 man7/pty.7 delete mode 100644 man7/queue.7 delete mode 100644 man7/random.7 delete mode 100644 man7/raw.7 delete mode 100644 man7/regex.7 delete mode 100644 man7/rtld-audit.7 delete mode 100644 man7/rtnetlink.7 delete mode 100644 man7/sched.7 delete mode 100644 man7/sem_overview.7 delete mode 100644 man7/session-keyring.7 delete mode 100644 man7/shm_overview.7 delete mode 100644 man7/sigevent.7 delete mode 100644 man7/signal-safety.7 delete mode 100644 man7/signal.7 delete mode 100644 man7/sock_diag.7 delete mode 100644 man7/socket.7 delete mode 100644 man7/spufs.7 delete mode 100644 man7/standards.7 delete mode 100644 man7/string_copying.7 delete mode 100644 man7/suffixes.7 delete mode 100644 man7/svipc.7 delete mode 100644 man7/symlink.7 delete mode 100644 man7/system_data_types.7 delete mode 100644 man7/sysvipc.7 delete mode 100644 man7/tcp.7 delete mode 100644 man7/termio.7 delete mode 100644 man7/thread-keyring.7 delete mode 100644 man7/time.7 delete mode 100644 man7/time_namespaces.7 delete mode 100644 man7/tis-620.7 delete mode 100644 man7/udp.7 delete mode 100644 man7/udplite.7 delete mode 100644 man7/unicode.7 delete mode 100644 man7/units.7 delete mode 100644 man7/unix.7 delete mode 100644 man7/uri.7 delete mode 100644 man7/url.7 delete mode 100644 man7/urn.7 delete mode 100644 man7/user-keyring.7 delete mode 100644 man7/user-session-keyring.7 delete mode 100644 man7/user_namespaces.7 delete mode 100644 man7/utf-8.7 delete mode 100644 man7/utf8.7 delete mode 100644 man7/uts_namespaces.7 delete mode 100644 man7/vdso.7 delete mode 100644 man7/vsock.7 delete mode 100644 man7/x25.7 delete mode 100644 man7/xattr.7 (limited to 'man7') diff --git a/man7 b/man7 new file mode 120000 index 0000000..8402b5f --- /dev/null +++ b/man7 @@ -0,0 +1 @@ +man/man7 \ No newline at end of file diff --git a/man7/address_families.7 b/man7/address_families.7 deleted file mode 100644 index 14464be..0000000 --- a/man7/address_families.7 +++ /dev/null @@ -1,392 +0,0 @@ -.\" Copyright (c) 2018 by Eugene Syromyatnikov , -.\" and Copyright (c) 2018 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH address_families 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -address_families \- socket address families (domains) -.SH SYNOPSIS -.nf -.BR "#include " " /* See NOTES */" -.B #include -.P -.BI "int socket(int " domain ", int " type ", int " protocol ); -.fi -.SH DESCRIPTION -The -.I domain -argument of the -.BR socket (2) -specifies a communication domain; this selects the protocol -family which will be used for communication. -These families are defined in -.IR . -The formats currently understood by the Linux kernel include: -.TP -.B AF_UNIX -.TQ -.B AF_LOCAL -Local communication. -For further information, see -.BR unix (7). -.TP -.B AF_INET -IPv4 Internet protocols. -For further information, see -.BR ip (7). -.TP -.B AF_AX25 -Amateur radio AX.25 protocol. -For further information, see -.BR ax25 (4). -.\" Part of ax25-tools -.TP -.B AF_IPX -IPX \- Novell protocols. -.TP -.B AF_APPLETALK -AppleTalk -For further information, see -.BR ddp (7). -.TP -.B AF_NETROM -AX.25 packet layer protocol. -For further information, see -.BR netrom (4), -.\" Part of ax25-tools package -.UR https://www.tldp.org/HOWTO/AX25-HOWTO/x61.html -.I The Packet Radio Protocols and Linux -.UE -and the -.IR AX.25 ", " NET/ROM ", and " "ROSE network programming" -chapters of the -.UR https://www.tldp.org/HOWTO/AX25-HOWTO/x2107.html -.I Linux Amateur Radio AX.25 HOWTO -.UE . -.TP -.B AF_BRIDGE -Can't be used for creating sockets; -mostly used for bridge links in -.BR rtnetlink (7) -protocol commands. -.TP -.B AF_ATMPVC -Access to raw ATM Permanent Virtual Circuits (PVCs). -For further information, see the -.UR https://www.tldp.org/HOWTO/text/ATM-Linux-HOWTO -.I ATM on Linux HOWTO -.UE . -.TP -.B AF_X25 -ITU-T X.25 / ISO/IEC\~8208 protocol. -For further information, see -.BR x25 (7). -.TP -.B AF_INET6 -IPv6 Internet protocols. -For further information, see -.BR ipv6 (7). -.TP -.B AF_ROSE -RATS (Radio Amateur Telecommunications Society). -Open Systems environment (ROSE) AX.25 packet layer protocol. -For further information, see the resources listed for -.BR AF_NETROM . -.TP -.B AF_DECnet -DECet protocol sockets. -See -.I Documentation/networking/decnet.txt -in the Linux kernel source tree for details. -.TP -.B AF_NETBEUI -Reserved for "802.2LLC project"; never used. -.TP -.B AF_SECURITY -This was a short-lived (between Linux 2.1.30 and 2.1.99pre2) protocol family -for firewall upcalls. -.TP -.B AF_KEY -Key management protocol, originally developed for usage with IPsec -(since Linux 2.1.38). -This has no relation to -.BR keyctl (2) -and the in-kernel key storage facility. -See -.UR https://tools.ietf.org/html/rfc2367 -RFC 2367 -.I PF_KEY Key Management API, Version 2 -.UE -for details. -.TP -.B AF_NETLINK -Kernel user interface device. -For further information, see -.BR netlink (7). -.TP -.B AF_PACKET -Low-level packet interface. -For further information, see -.BR packet (7). -.\" .TP -.\" .B AF_ASH -.\" Asynchronous Serial Host protocol (?) -.\" Notes from Eugene Syromyatnikov: -.\" I haven't found any concrete information about this one; -.\" it never was implemented in Linux, at least, judging by historical -.\" repos. There is also this file (and its variations): -.\" https://github.com/ecki/net-tools/blob/master/lib/ash.c -.\" ( https://github.com/ecki/net-tools/commits/master/lib/ash.c ) -.\" it mentions "NET-2 distribution" (BSD Net/2?), but, again, I failed -.\" to find any mentions of "ash" protocol there. -.\" (for the reference: -.\" ftp://pdp11.org.ru/pub/unix-archive/Distributions/UCB/Net2/net2.tar.gz ) -.\" Another source that mentions it is -.\" https://www.silabs.com/documents/public/user-guides/ug101-uart-gateway-protocol-reference.pdf -.\" https://www.silabs.com/documents/public/user-guides/ug115-ashv3-protocol-reference.pdf -.\" but I doubt that it's related, as former files use 64-byte addresses and -.\" "Hamming-encode of hops", and that's barely combines with a protocol -.\" that is mainly used over serial connection. -.TP -.B AF_ECONET -.\" commit: 349f29d841dbae854bd7367be7c250401f974f47 -Acorn Econet protocol (removed in Linux 3.5). -See the -.UR http://www.8bs.com/othrdnld/manuals/econet.shtml -Econet documentation -.UE -for details. -.TP -.B AF_ATMSVC -Access to ATM Switched Virtual Circuits (SVCs) -See the -.UR https://www.tldp.org/HOWTO/text/ATM-Linux-HOWTO -.I ATM on Linux HOWTO -.UE -for details. -.TP -.B AF_RDS -.\" commit: 639b321b4d8f4e412bfbb2a4a19bfebc1e68ace4 -Reliable Datagram Sockets (RDS) protocol (since Linux 2.6.30). -RDS over RDMA has no relation to -.B AF_SMC -or -.BR AF_XDP . -For further information, see -.\" rds-tools: https://github.com/oracle/rds-tools/blob/master/rds.7 -.\" rds-tools: https://github.com/oracle/rds-tools/blob/master/rds-rdma.7 -.BR rds (7), -.BR rds\-rdma (7), -and -.I Documentation/networking/rds.txt -in the Linux kernel source tree. -.TP -.B AF_IRDA -.\" commits: 1ca163afb6fd569b, d64c2a76123f0300 -Socket interface over IrDA -(moved to staging in Linux 4.14, removed in Linux 4.17). -.\" irda-utils: https://sourceforge.net/p/irda/code/HEAD/tree/tags/IRDAUTILS_0_9_18/irda-utils/man/irda.7.gz?format=raw -For further information, see -.BR irda (7). -.TP -.B AF_PPPOX -Generic PPP transport layer, for setting up L2 tunnels -(L2TP and PPPoE). -See -.I Documentation/networking/l2tp.txt -in the Linux kernel source tree for details. -.TP -.B AF_WANPIPE -.\" commits: ce0ecd594d78710422599918a608e96dd1ee6024 -Legacy protocol for wide area network (WAN) connectivity -that was used by Sangoma WAN cards (called "WANPIPE"); -removed in Linux 2.6.21. -.TP -.B AF_LLC -.\" linux-history commit: 34beb106cde7da233d4df35dd3d6cf4fee937caa -Logical link control (IEEE 802.2 LLC) protocol, upper part -of data link layer of ISO/OSI networking protocol stack -(since Linux 2.4); -has no relation to -.BR AF_PACKET . -See chapter -.I 13.5.3. Logical Link Control -in -.I Understanding Linux Kernel Internals -(O'Reilly Media, 2006) -and -.I IEEE Standards for Local Area Networks: Logical Link Control -(The Institute of Electronics and Electronics Engineers, Inc., -New York, New York, 1985) -for details. -See also -.UR https://wiki.linuxfoundation.org/networking/llc -some historical notes -.UE -regarding its development. -.TP -.B AF_IB -.\" commits: 8d36eb01da5d371f..ce117ffac2e93334 -InfiniBand native addressing (since Linux 3.11). -.TP -.B AF_MPLS -.\" commits: 0189197f441602acdca3f97750d392a895b778fd -Multiprotocol Label Switching (since Linux 4.1); -mostly used for configuring MPLS routing via -.BR netlink (7), -as it doesn't expose ability to create sockets to user space. -.TP -.B AF_CAN -.\" commits: 8dbde28d9711475a..5423dd67bd0108a1 -Controller Area Network automotive bus protocol (since Linux 2.6.25). -See -.I Documentation/networking/can.rst -in the Linux kernel source tree for details. -.TP -.B AF_TIPC -.\" commits: b97bf3fd8f6a16966d4f18983b2c40993ff937d4 -TIPC, "cluster domain sockets" protocol (since Linux 2.6.16). -See -.UR http://tipc.io/programming.html -.I TIPC Programmer's Guide -.UE -and the -.UR http://tipc.io/protocol.html -protocol description -.UE -for details. -.TP -.B AF_BLUETOOTH -.\" commits: 8d36eb01da5d371f..ce117ffac2e93334 -Bluetooth low-level socket protocol (since Linux 3.11). -See -.UR https://git.kernel.org\:/pub/scm\:/bluetooth/bluez.git\:/tree/doc/mgmt-api.txt -.I Bluetooth Management API overview -.UE -and -.UR https://people.csail.mit.edu/albert/bluez-intro/ -.I An Introduction to Bluetooth Programming -by Albert Huang -.UE -for details. -.TP -.B AF_IUCV -.\" commit: eac3731bd04c7131478722a3c148b78774553116 -IUCV (inter-user communication vehicle) z/VM protocol -for hypervisor-guest interaction (since Linux 2.6.21); -has no relation to -.B AF_VSOCK -and/or -.B AF_SMC -See -.UR https://www.ibm.com\:/support\:/knowledgecenter\:/en/SSB27U_6.4.0\:/com.ibm.zvm.v640.hcpb4\:/iucv.htm -.I IUCV protocol overview -.UE -for details. -.TP -.B AF_RXRPC -.\" commit: 17926a79320afa9b95df6b977b40cca6d8713cea -.\" http://people.redhat.com/~dhowells/rxrpc/ -.\" https://www.infradead.org/~dhowells/kafs/af_rxrpc_client.html -.\" http://workshop.openafs.org/afsbpw09/talks/thu_2/kafs.pdf -.\" http://pages.cs.wisc.edu/~remzi/OSTEP/dist-afs.pdf -.\" http://web.mit.edu/kolya/afs/rx/rx-spec -Rx, Andrew File System remote procedure call protocol -(since Linux 2.6.22). -See -.I Documentation/networking/rxrpc.txt -in the Linux kernel source tree for details. -.TP -.B AF_ISDN -.\" commit: 1b2b03f8e514e4f68e293846ba511a948b80243c -New "modular ISDN" driver interface protocol (since Linux 2.6.27). -See the -.UR http://www.misdn.eu/wiki/Main_Page/ -mISDN wiki -.UE -for details. -.TP -.B AF_PHONET -.\" commit: 4b07b3f69a8471cdc142c51461a331226fef248a -Nokia cellular modem IPC/RPC interface (since Linux 2.6.31). -See -.I Documentation/networking/phonet.txt -in the Linux kernel source tree for details. -.TP -.B AF_IEEE802154 -.\" commit: 9ec7671603573ede31207eb5b0b3e1aa211b2854 -IEEE 802.15.4 WPAN (wireless personal area network) raw packet protocol -(since Linux 2.6.31). -See -.I Documentation/networking/ieee802154.txt -in the Linux kernel source tree for details. -.TP -.B AF_CAIF -.\" commit: 529d6dad5bc69de14cdd24831e2a14264e93daa4 -.\" https://lwn.net/Articles/371017/ -.\" http://read.pudn.com/downloads157/doc/comm/698729/Misc/caif/Com%20CPU%20to%20Appl%20CPU%20Interface%20DESCRIPTION_LZN901%202002_revR1C.pdf -.\" http://read.pudn.com/downloads157/doc/comm/698729/Misc/caif/Com%20CPU%20to%20Appl%20CPU%20Interface%20PROTOCOL%20SPECIFICATION_LZN901%201708_revR1A.pdf -Ericsson's Communication CPU to Application CPU interface (CAIF) protocol -(since Linux 2.6.36). -See -.I Documentation/networking/caif/Linux\-CAIF.txt -in the Linux kernel source tree for details. -.TP -.B AF_ALG -Interface to kernel crypto API (since Linux 2.6.38). -See -.I Documentation/crypto/userspace\-if.rst -in the Linux kernel source tree for details. -.TP -.B AF_VSOCK -.\" commit: d021c344051af91f42c5ba9fdedc176740cbd238 -VMWare VSockets protocol for hypervisor-guest interaction (since Linux 3.9); -has no relation to -.B AF_IUCV -and -.BR AF_SMC . -For further information, see -.BR vsock (7). -.TP -.B AF_KCM -.\" commit: 03c8efc1ffeb6b82a22c1af8dd908af349563314 -KCM (kernel connection multiplexer) interface (since Linux 4.6). -See -.I Documentation/networking/kcm.txt -in the Linux kernel source tree for details. -.TP -.B AF_QIPCRTR -.\" commit: bdabad3e363d825ddf9679dd431cca0b2c30f881 -Qualcomm IPC router interface protocol (since Linux 4.7). -.TP -.B AF_SMC -.\" commit: f3a3e248f3f7cd9a4bed334022704d7e7fc781bf -SMC-R (shared memory communications over RDMA) protocol (since Linux 4.11), -and SMC-D (shared memory communications, direct memory access) protocol -for intra-node z/VM quest interaction (since Linux 4.19); -has no relation to -.BR AF_RDS ", " AF_IUCV -or -.BR AF_VSOCK . -See -.UR https://tools.ietf.org/html/rfc7609 -RFC 7609 -.I IBM's Shared Memory Communications over RDMA (SMC-R) Protocol -.UE -for details regarding SMC-R. -See -.UR https://www-01.ibm.com\:/software/network\:/commserver\:/SMC-D/index.html -.I SMC-D Reference Information -.UE -for details regarding SMC-D. -.TP -.B AF_XDP -.\" commit: c0c77d8fb787cfe0c3fca689c2a30d1dad4eaba7 -XDP (express data path) interface (since Linux 4.18). -See -.I Documentation/networking/af_xdp.rst -in the Linux kernel source tree for details. -.SH SEE ALSO -.BR socket (2), -.BR socket (7) diff --git a/man7/aio.7 b/man7/aio.7 deleted file mode 100644 index d371831..0000000 --- a/man7/aio.7 +++ /dev/null @@ -1,446 +0,0 @@ -.\" Copyright (c) 2010 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH AIO 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -aio \- POSIX asynchronous I/O overview -.SH DESCRIPTION -The POSIX asynchronous I/O (AIO) interface allows applications -to initiate one or more I/O operations that are performed -asynchronously (i.e., in the background). -The application can elect to be notified of completion of -the I/O operation in a variety of ways: -by delivery of a signal, by instantiation of a thread, -or no notification at all. -.P -The POSIX AIO interface consists of the following functions: -.TP -.BR aio_read (3) -Enqueue a read request. -This is the asynchronous analog of -.BR read (2). -.TP -.BR aio_write (3) -Enqueue a write request. -This is the asynchronous analog of -.BR write (2). -.TP -.BR aio_fsync (3) -Enqueue a sync request for the I/O operations on a file descriptor. -This is the asynchronous analog of -.BR fsync (2) -and -.BR fdatasync (2). -.TP -.BR aio_error (3) -Obtain the error status of an enqueued I/O request. -.TP -.BR aio_return (3) -Obtain the return status of a completed I/O request. -.TP -.BR aio_suspend (3) -Suspend the caller until one or more of a specified set of -I/O requests completes. -.TP -.BR aio_cancel (3) -Attempt to cancel outstanding I/O requests on a specified -file descriptor. -.TP -.BR lio_listio (3) -Enqueue multiple I/O requests using a single function call. -.P -The -.I aiocb -("asynchronous I/O control block") structure defines -parameters that control an I/O operation. -An argument of this type is employed with all of the functions listed above. -This structure has the following form: -.P -.in +4n -.EX -#include -\& -struct aiocb { - /* The order of these fields is implementation\-dependent */ -\& - int aio_fildes; /* File descriptor */ - off_t aio_offset; /* File offset */ - volatile void *aio_buf; /* Location of buffer */ - size_t aio_nbytes; /* Length of transfer */ - int aio_reqprio; /* Request priority */ - struct sigevent aio_sigevent; /* Notification method */ - int aio_lio_opcode; /* Operation to be performed; - lio_listio() only */ -\& - /* Various implementation\-internal fields not shown */ -}; -\& -/* Operation codes for \[aq]aio_lio_opcode\[aq]: */ -\& -enum { LIO_READ, LIO_WRITE, LIO_NOP }; -.EE -.in -.P -The fields of this structure are as follows: -.TP -.I aio_fildes -The file descriptor on which the I/O operation is to be performed. -.TP -.I aio_offset -This is the file offset at which the I/O operation is to be performed. -.TP -.I aio_buf -This is the buffer used to transfer data for a read or write operation. -.TP -.I aio_nbytes -This is the size of the buffer pointed to by -.IR aio_buf . -.TP -.I aio_reqprio -This field specifies a value that is subtracted -from the calling thread's real-time priority in order to -determine the priority for execution of this I/O request (see -.BR pthread_setschedparam (3)). -The specified value must be between 0 and the value returned by -.IR sysconf(_SC_AIO_PRIO_DELTA_MAX) . -This field is ignored for file synchronization operations. -.TP -.I aio_sigevent -This field is a structure that specifies how the caller is -to be notified when the asynchronous I/O operation completes. -Possible values for -.I aio_sigevent.sigev_notify -are -.BR SIGEV_NONE , -.BR SIGEV_SIGNAL , -and -.BR SIGEV_THREAD . -See -.BR sigevent (3type) -for further details. -.TP -.I aio_lio_opcode -The type of operation to be performed; used only for -.BR lio_listio (3). -.P -In addition to the standard functions listed above, -the GNU C library provides the following extension to the POSIX AIO API: -.TP -.BR aio_init (3) -Set parameters for tuning the behavior of the glibc POSIX AIO implementation. -.SH ERRORS -.TP -.B EINVAL -The -.I aio_reqprio -field of the -.I aiocb -structure was less than 0, -or was greater than the limit returned by the call -.IR sysconf(_SC_AIO_PRIO_DELTA_MAX) . -.SH STANDARDS -POSIX.1-2008. -.SH HISTORY -POSIX.1-2001. -glibc 2.1. -.SH NOTES -It is a good idea to zero out the control block buffer before use (see -.BR memset (3)). -The control block buffer and the buffer pointed to by -.I aio_buf -must not be changed while the I/O operation is in progress. -These buffers must remain valid until the I/O operation completes. -.P -Simultaneous asynchronous read or write operations using the same -.I aiocb -structure yield undefined results. -.P -The current Linux POSIX AIO implementation is provided in user space by glibc. -This has a number of limitations, most notably that maintaining multiple -threads to perform I/O operations is expensive and scales poorly. -Work has been in progress for some time on a kernel -state-machine-based implementation of asynchronous I/O -(see -.BR io_submit (2), -.BR io_setup (2), -.BR io_cancel (2), -.BR io_destroy (2), -.BR io_getevents (2)), -but this implementation hasn't yet matured to the point where -the POSIX AIO implementation can be completely -reimplemented using the kernel system calls. -.\" http://lse.sourceforge.net/io/aio.html -.\" http://lse.sourceforge.net/io/aionotes.txt -.\" http://lwn.net/Articles/148755/ -.SH EXAMPLES -The program below opens each of the files named in its command-line -arguments and queues a request on the resulting file descriptor using -.BR aio_read (3). -The program then loops, -periodically monitoring each of the I/O operations -that is still in progress using -.BR aio_error (3). -Each of the I/O requests is set up to provide notification by delivery -of a signal. -After all I/O requests have completed, -the program retrieves their status using -.BR aio_return (3). -.P -The -.B SIGQUIT -signal (generated by typing control-\e) causes the program to request -cancelation of each of the outstanding requests using -.BR aio_cancel (3). -.P -Here is an example of what we might see when running this program. -In this example, the program queues two requests to standard input, -and these are satisfied by two lines of input containing -"abc" and "x". -.P -.in +4n -.EX -$ \fB./a.out /dev/stdin /dev/stdin\fP -opened /dev/stdin on descriptor 3 -opened /dev/stdin on descriptor 4 -aio_error(): - for request 0 (descriptor 3): In progress - for request 1 (descriptor 4): In progress -\fBabc\fP -I/O completion signal received -aio_error(): - for request 0 (descriptor 3): I/O succeeded - for request 1 (descriptor 4): In progress -aio_error(): - for request 1 (descriptor 4): In progress -\fBx\fP -I/O completion signal received -aio_error(): - for request 1 (descriptor 4): I/O succeeded -All I/O requests completed -aio_return(): - for request 0 (descriptor 3): 4 - for request 1 (descriptor 4): 2 -.EE -.in -.SS Program source -\& -.EX -#include -#include -#include -#include -#include -#include -#include -\& -#define BUF_SIZE 20 /* Size of buffers for read operations */ -\& -#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); } while (0) -\& -struct ioRequest { /* Application\-defined structure for tracking - I/O requests */ - int reqNum; - int status; - struct aiocb *aiocbp; -}; -\& -static volatile sig_atomic_t gotSIGQUIT = 0; - /* On delivery of SIGQUIT, we attempt to - cancel all outstanding I/O requests */ -\& -static void /* Handler for SIGQUIT */ -quitHandler(int sig) -{ - gotSIGQUIT = 1; -} -\& -#define IO_SIGNAL SIGUSR1 /* Signal used to notify I/O completion */ -\& -static void /* Handler for I/O completion signal */ -aioSigHandler(int sig, siginfo_t *si, void *ucontext) -{ - if (si\->si_code == SI_ASYNCIO) { - write(STDOUT_FILENO, "I/O completion signal received\en", 31); -\& - /* The corresponding ioRequest structure would be available as - struct ioRequest *ioReq = si\->si_value.sival_ptr; - and the file descriptor would then be available via - ioReq\->aiocbp\->aio_fildes */ - } -} -\& -int -main(int argc, char *argv[]) -{ - struct sigaction sa; - int s; - int numReqs; /* Total number of queued I/O requests */ - int openReqs; /* Number of I/O requests still in progress */ -\& - if (argc < 2) { - fprintf(stderr, "Usage: %s ...\en", - argv[0]); - exit(EXIT_FAILURE); - } -\& - numReqs = argc \- 1; -\& - /* Allocate our arrays. */ -\& - struct ioRequest *ioList = calloc(numReqs, sizeof(*ioList)); - if (ioList == NULL) - errExit("calloc"); -\& - struct aiocb *aiocbList = calloc(numReqs, sizeof(*aiocbList)); - if (aiocbList == NULL) - errExit("calloc"); -\& - /* Establish handlers for SIGQUIT and the I/O completion signal. */ -\& - sa.sa_flags = SA_RESTART; - sigemptyset(&sa.sa_mask); -\& - sa.sa_handler = quitHandler; - if (sigaction(SIGQUIT, &sa, NULL) == \-1) - errExit("sigaction"); -\& - sa.sa_flags = SA_RESTART | SA_SIGINFO; - sa.sa_sigaction = aioSigHandler; - if (sigaction(IO_SIGNAL, &sa, NULL) == \-1) - errExit("sigaction"); -\& - /* Open each file specified on the command line, and queue - a read request on the resulting file descriptor. */ -\& - for (size_t j = 0; j < numReqs; j++) { - ioList[j].reqNum = j; - ioList[j].status = EINPROGRESS; - ioList[j].aiocbp = &aiocbList[j]; -\& - ioList[j].aiocbp\->aio_fildes = open(argv[j + 1], O_RDONLY); - if (ioList[j].aiocbp\->aio_fildes == \-1) - errExit("open"); - printf("opened %s on descriptor %d\en", argv[j + 1], - ioList[j].aiocbp\->aio_fildes); -\& - ioList[j].aiocbp\->aio_buf = malloc(BUF_SIZE); - if (ioList[j].aiocbp\->aio_buf == NULL) - errExit("malloc"); -\& - ioList[j].aiocbp\->aio_nbytes = BUF_SIZE; - ioList[j].aiocbp\->aio_reqprio = 0; - ioList[j].aiocbp\->aio_offset = 0; - ioList[j].aiocbp\->aio_sigevent.sigev_notify = SIGEV_SIGNAL; - ioList[j].aiocbp\->aio_sigevent.sigev_signo = IO_SIGNAL; - ioList[j].aiocbp\->aio_sigevent.sigev_value.sival_ptr = - &ioList[j]; -\& - s = aio_read(ioList[j].aiocbp); - if (s == \-1) - errExit("aio_read"); - } -\& - openReqs = numReqs; -\& - /* Loop, monitoring status of I/O requests. */ -\& - while (openReqs > 0) { - sleep(3); /* Delay between each monitoring step */ -\& - if (gotSIGQUIT) { -\& - /* On receipt of SIGQUIT, attempt to cancel each of the - outstanding I/O requests, and display status returned - from the cancelation requests. */ -\& - printf("got SIGQUIT; canceling I/O requests: \en"); -\& - for (size_t j = 0; j < numReqs; j++) { - if (ioList[j].status == EINPROGRESS) { - printf(" Request %zu on descriptor %d:", j, - ioList[j].aiocbp\->aio_fildes); - s = aio_cancel(ioList[j].aiocbp\->aio_fildes, - ioList[j].aiocbp); - if (s == AIO_CANCELED) - printf("I/O canceled\en"); - else if (s == AIO_NOTCANCELED) - printf("I/O not canceled\en"); - else if (s == AIO_ALLDONE) - printf("I/O all done\en"); - else - perror("aio_cancel"); - } - } -\& - gotSIGQUIT = 0; - } -\& - /* Check the status of each I/O request that is still - in progress. */ -\& - printf("aio_error():\en"); - for (size_t j = 0; j < numReqs; j++) { - if (ioList[j].status == EINPROGRESS) { - printf(" for request %zu (descriptor %d): ", - j, ioList[j].aiocbp\->aio_fildes); - ioList[j].status = aio_error(ioList[j].aiocbp); -\& - switch (ioList[j].status) { - case 0: - printf("I/O succeeded\en"); - break; - case EINPROGRESS: - printf("In progress\en"); - break; - case ECANCELED: - printf("Canceled\en"); - break; - default: - perror("aio_error"); - break; - } -\& - if (ioList[j].status != EINPROGRESS) - openReqs\-\-; - } - } - } -\& - printf("All I/O requests completed\en"); -\& - /* Check status return of all I/O requests. */ -\& - printf("aio_return():\en"); - for (size_t j = 0; j < numReqs; j++) { - ssize_t s; -\& - s = aio_return(ioList[j].aiocbp); - printf(" for request %zu (descriptor %d): %zd\en", - j, ioList[j].aiocbp\->aio_fildes, s); - } -\& - exit(EXIT_SUCCESS); -} -.EE -.SH SEE ALSO -.ad l -.nh -.BR io_cancel (2), -.BR io_destroy (2), -.BR io_getevents (2), -.BR io_setup (2), -.BR io_submit (2), -.BR aio_cancel (3), -.BR aio_error (3), -.BR aio_init (3), -.BR aio_read (3), -.BR aio_return (3), -.BR aio_write (3), -.BR lio_listio (3) -.P -"Asynchronous I/O Support in Linux 2.5", -Bhattacharya, Pratt, Pulavarty, and Morgan, -Proceedings of the Linux Symposium, 2003, -.UR https://www.kernel.org/doc/ols/2003/ols2003\-pages\-351\-366.pdf -.UE diff --git a/man7/armscii-8.7 b/man7/armscii-8.7 deleted file mode 100644 index 633c8d6..0000000 --- a/man7/armscii-8.7 +++ /dev/null @@ -1,120 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ARMSCII-8 7 2022-12-15 "Linux man-pages 6.7" -.SH NAME -armscii-8 \- Armenian character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The Armenian Standard Code for Information Interchange, -8-bit coded character set. -.SS ArmSCII-8 characters -The following table displays the characters in ArmSCII-8 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -242 162 A2 և ARMENIAN SMALL LIGATURE ECH YIWN -243 163 A3 ։ ARMENIAN FULL STOP -244 164 A4 ) RIGHT PARENTHESIS -245 165 A5 ( LEFT PARENTHESIS -246 166 A6 » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -247 167 A7 « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -250 168 A8 — EM DASH -251 169 A9 . FULL STOP -252 170 AA ՝ ARMENIAN COMMA -253 171 AB , COMMA -254 172 AC - HYPHEN-MINUS -255 173 AD ֊ ARMENIAN HYPHEN -256 174 AE … HORIZONTAL ELLIPSIS -257 175 AF ՜ ARMENIAN EXCLAMATION MARK -260 176 B0 ՛ ARMENIAN EMPHASIS MARK -261 177 B1 ՞ ARMENIAN QUESTION MARK -262 178 B2 Ա ARMENIAN CAPITAL LETTER AYB -263 179 B3 ա ARMENIAN SMALL LETTER AYB -264 180 B4 Բ ARMENIAN CAPITAL LETTER BEN -265 181 B5 բ ARMENIAN SMALL LETTER BEN -266 182 B6 Գ ARMENIAN CAPITAL LETTER GIM -267 183 B7 գ ARMENIAN SMALL LETTER GIM -270 184 B8 Դ ARMENIAN CAPITAL LETTER DA -271 185 B9 դ ARMENIAN SMALL LETTER DA -272 186 BA Ե ARMENIAN CAPITAL LETTER ECH -273 187 BB ե ARMENIAN SMALL LETTER ECH -274 188 BC Զ ARMENIAN CAPITAL LETTER ZA -275 189 BD զ ARMENIAN SMALL LETTER ZA -276 190 BE Է ARMENIAN CAPITAL LETTER EH -277 191 BF է ARMENIAN SMALL LETTER EH -300 192 C0 Ը ARMENIAN CAPITAL LETTER ET -301 193 C1 ը ARMENIAN SMALL LETTER ET -302 194 C2 Թ ARMENIAN CAPITAL LETTER TO -303 195 C3 թ ARMENIAN SMALL LETTER TO -304 196 C4 Ժ ARMENIAN CAPITAL LETTER ZHE -305 197 C5 ժ ARMENIAN SMALL LETTER ZHE -306 198 C6 Ի ARMENIAN CAPITAL LETTER INI -307 199 C7 ի ARMENIAN SMALL LETTER INI -310 200 C8 Լ ARMENIAN CAPITAL LETTER LIWN -311 201 C9 լ ARMENIAN SMALL LETTER LIWN -312 202 CA Խ ARMENIAN CAPITAL LETTER XEH -313 203 CB խ ARMENIAN SMALL LETTER XEH -314 204 CC Ծ ARMENIAN CAPITAL LETTER CA -315 205 CD ծ ARMENIAN SMALL LETTER CA -316 206 CE Կ ARMENIAN CAPITAL LETTER KEN -317 207 CF կ ARMENIAN SMALL LETTER KEN -320 208 D0 Հ ARMENIAN CAPITAL LETTER HO -321 209 D1 հ ARMENIAN SMALL LETTER HO -322 210 D2 Ձ ARMENIAN CAPITAL LETTER JA -323 211 D3 ձ ARMENIAN SMALL LETTER JA -324 212 D4 Ղ ARMENIAN CAPITAL LETTER GHAD -325 213 D5 ղ ARMENIAN SMALL LETTER GHAD -326 214 D6 Ճ ARMENIAN CAPITAL LETTER CHEH -327 215 D7 ճ ARMENIAN SMALL LETTER CHEH -330 216 D8 Մ ARMENIAN CAPITAL LETTER MEN -331 217 D9 մ ARMENIAN SMALL LETTER MEN -332 218 DA Յ ARMENIAN CAPITAL LETTER YI -333 219 DB յ ARMENIAN SMALL LETTER YI -334 220 DC Ն ARMENIAN CAPITAL LETTER NOW -335 221 DD ն ARMENIAN SMALL LETTER NOW -336 222 DE Շ ARMENIAN CAPITAL LETTER SHA -337 223 DF շ ARMENIAN SMALL LETTER SHA -340 224 E0 Ո ARMENIAN CAPITAL LETTER VO -341 225 E1 ո ARMENIAN SMALL LETTER VO -342 226 E2 Չ ARMENIAN CAPITAL LETTER CHA -343 227 E3 չ ARMENIAN SMALL LETTER CHA -344 228 E4 Պ ARMENIAN CAPITAL LETTER PEH -345 229 E5 պ ARMENIAN SMALL LETTER PEH -346 230 E6 Ջ ARMENIAN CAPITAL LETTER JHEH -347 231 E7 ջ ARMENIAN SMALL LETTER JHEH -350 232 E8 Ռ ARMENIAN CAPITAL LETTER RA -351 233 E9 ռ ARMENIAN SMALL LETTER RA -352 234 EA Ս ARMENIAN CAPITAL LETTER SEH -353 235 EB ս ARMENIAN SMALL LETTER SEH -354 236 EC Վ ARMENIAN CAPITAL LETTER VEW -355 237 ED վ ARMENIAN SMALL LETTER VEW -356 238 EE Տ ARMENIAN CAPITAL LETTER TIWN -357 239 EF տ ARMENIAN SMALL LETTER TIWN -360 240 F0 Ր ARMENIAN CAPITAL LETTER REH -361 241 F1 ր ARMENIAN SMALL LETTER REH -362 242 F2 Ց ARMENIAN CAPITAL LETTER CO -363 243 F3 ց ARMENIAN SMALL LETTER CO -364 244 F4 Ւ ARMENIAN CAPITAL LETTER YIWN -365 245 F5 ւ ARMENIAN SMALL LETTER YIWN -366 246 F6 Փ ARMENIAN CAPITAL LETTER PIWR -367 247 F7 փ ARMENIAN SMALL LETTER PIWR -370 248 F8 Ք ARMENIAN CAPITAL LETTER KEH -371 249 F9 ք ARMENIAN SMALL LETTER KEH -372 250 FA Օ ARMENIAN CAPITAL LETTER OH -373 251 FB օ ARMENIAN SMALL LETTER OH -374 252 FC Ֆ ARMENIAN CAPITAL LETTER FEH -375 253 FD ֆ ARMENIAN SMALL LETTER FEH -376 254 FE ՚ ARMENIAN APOSTROPHE -.TE -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/arp.7 b/man7/arp.7 deleted file mode 100644 index 9de545c..0000000 --- a/man7/arp.7 +++ /dev/null @@ -1,306 +0,0 @@ -'\" t -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Matthew Wilcox . -.\" -.\" Modified June 1999 Andi Kleen -.\" $Id: arp.7,v 1.10 2000/04/27 19:31:38 ak Exp $ -.\" -.TH arp 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -arp \- Linux ARP kernel module. -.SH DESCRIPTION -This kernel protocol module implements the Address Resolution -Protocol defined in RFC\ 826. -It is used to convert between Layer2 hardware addresses -and IPv4 protocol addresses on directly connected networks. -The user normally doesn't interact directly with this module except to -configure it; -instead it provides a service for other protocols in the kernel. -.P -A user process can receive ARP packets by using -.BR packet (7) -sockets. -There is also a mechanism for managing the ARP cache -in user-space by using -.BR netlink (7) -sockets. -The ARP table can also be controlled via -.BR ioctl (2) -on any -.B AF_INET -socket. -.P -The ARP module maintains a cache of mappings between hardware addresses -and protocol addresses. -The cache has a limited size so old and less -frequently used entries are garbage-collected. -Entries which are marked -as permanent are never deleted by the garbage-collector. -The cache can -be directly manipulated by the use of ioctls and its behavior can be -tuned by the -.I /proc -interfaces described below. -.P -When there is no positive feedback for an existing mapping after some -time (see the -.I /proc -interfaces below), a neighbor cache entry is considered stale. -Positive feedback can be gotten from a higher layer; for example from -a successful TCP ACK. -Other protocols can signal forward progress -using the -.B MSG_CONFIRM -flag to -.BR sendmsg (2). -When there is no forward progress, ARP tries to reprobe. -It first tries to ask a local arp daemon -.B app_solicit -times for an updated MAC address. -If that fails and an old MAC address is known, a unicast probe is sent -.B ucast_solicit -times. -If that fails too, it will broadcast a new ARP -request to the network. -Requests are sent only when there is data queued -for sending. -.P -Linux will automatically add a nonpermanent proxy arp entry when it -receives a request for an address it forwards to and proxy arp is -enabled on the receiving interface. -When there is a reject route for the target, no proxy arp entry is added. -.SS Ioctls -Three ioctls are available on all -.B AF_INET -sockets. -They take a pointer to a -.I struct arpreq -as their argument. -.P -.in +4n -.EX -struct arpreq { - struct sockaddr arp_pa; /* protocol address */ - struct sockaddr arp_ha; /* hardware address */ - int arp_flags; /* flags */ - struct sockaddr arp_netmask; /* netmask of protocol address */ - char arp_dev[16]; -}; -.EE -.in -.P -.BR SIOCSARP ", " SIOCDARP " and " SIOCGARP -respectively set, delete, and get an ARP mapping. -Setting and deleting ARP maps are privileged operations and may -be performed only by a process with the -.B CAP_NET_ADMIN -capability or an effective UID of 0. -.P -.I arp_pa -must be an -.B AF_INET -address and -.I arp_ha -must have the same type as the device which is specified in -.IR arp_dev . -.I arp_dev -is a zero-terminated string which names a device. -.RS -.TS -tab(:) allbox; -c s -l l. -\fIarp_flags\fR -flag:meaning -ATF_COM:Lookup complete -ATF_PERM:Permanent entry -ATF_PUBL:Publish entry -ATF_USETRAILERS:Trailers requested -ATF_NETMASK:Use a netmask -ATF_DONTPUB:Don't answer -.TE -.RE -.P -If the -.B ATF_NETMASK -flag is set, then -.I arp_netmask -should be valid. -Linux 2.2 does not support proxy network ARP entries, so this -should be set to 0xffffffff, or 0 to remove an existing proxy arp entry. -.B ATF_USETRAILERS -is obsolete and should not be used. -.SS /proc interfaces -ARP supports a range of -.I /proc -interfaces to configure parameters on a global or per-interface basis. -The interfaces can be accessed by reading or writing the -.I /proc/sys/net/ipv4/neigh/*/* -files. -Each interface in the system has its own directory in -.IR /proc/sys/net/ipv4/neigh/ . -The setting in the "default" directory is used for all newly created -devices. -Unless otherwise specified, time-related interfaces are specified -in seconds. -.TP -.IR anycast_delay " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The maximum number of jiffies to delay before replying to a -IPv6 neighbor solicitation message. -Anycast support is not yet implemented. -Defaults to 1 second. -.TP -.IR app_solicit " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The maximum number of probes to send to the user space ARP daemon via -netlink before dropping back to multicast probes (see -.IR mcast_solicit ). -Defaults to 0. -.TP -.IR base_reachable_time " (since Linux 2.2)" -.\" Precisely: 2.1.79 -Once a neighbor has been found, the entry is considered to be valid -for at least a random value between -.IR base_reachable_time "/2 and 3*" base_reachable_time /2. -An entry's validity will be extended if it receives positive feedback -from higher level protocols. -Defaults to 30 seconds. -This file is now obsolete in favor of -.IR base_reachable_time_ms . -.TP -.IR base_reachable_time_ms " (since Linux 2.6.12)" -As for -.IR base_reachable_time , -but measures time in milliseconds. -Defaults to 30000 milliseconds. -.TP -.IR delay_first_probe_time " (since Linux 2.2)" -.\" Precisely: 2.1.79 -Delay before first probe after it has been decided that a neighbor -is stale. -Defaults to 5 seconds. -.TP -.IR gc_interval " (since Linux 2.2)" -.\" Precisely: 2.1.79 -How frequently the garbage collector for neighbor entries -should attempt to run. -Defaults to 30 seconds. -.TP -.IR gc_stale_time " (since Linux 2.2)" -.\" Precisely: 2.1.79 -Determines how often to check for stale neighbor entries. -When a neighbor entry is considered stale, it is resolved again before -sending data to it. -Defaults to 60 seconds. -.TP -.IR gc_thresh1 " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The minimum number of entries to keep in the ARP cache. -The garbage collector will not run if there are fewer than -this number of entries in the cache. -Defaults to 128. -.TP -.IR gc_thresh2 " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The soft maximum number of entries to keep in the ARP cache. -The garbage collector will allow the number of entries to exceed -this for 5 seconds before collection will be performed. -Defaults to 512. -.TP -.IR gc_thresh3 " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The hard maximum number of entries to keep in the ARP cache. -The garbage collector will always run if there are more than -this number of entries in the cache. -Defaults to 1024. -.TP -.IR locktime " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The minimum number of jiffies to keep an ARP entry in the cache. -This prevents ARP cache thrashing if there is more than one potential -mapping (generally due to network misconfiguration). -Defaults to 1 second. -.TP -.IR mcast_solicit " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The maximum number of attempts to resolve an address by -multicast/broadcast before marking the entry as unreachable. -Defaults to 3. -.TP -.IR proxy_delay " (since Linux 2.2)" -.\" Precisely: 2.1.79 -When an ARP request for a known proxy-ARP address is received, delay up to -.I proxy_delay -jiffies before replying. -This is used to prevent network flooding in some cases. -Defaults to 0.8 seconds. -.TP -.IR proxy_qlen " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The maximum number of packets which may be queued to proxy-ARP addresses. -Defaults to 64. -.TP -.IR retrans_time " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The number of jiffies to delay before retransmitting a request. -Defaults to 1 second. -This file is now obsolete in favor of -.IR retrans_time_ms . -.TP -.IR retrans_time_ms " (since Linux 2.6.12)" -The number of milliseconds to delay before retransmitting a request. -Defaults to 1000 milliseconds. -.TP -.IR ucast_solicit " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The maximum number of attempts to send unicast probes before asking -the ARP daemon (see -.IR app_solicit ). -Defaults to 3. -.TP -.IR unres_qlen " (since Linux 2.2)" -.\" Precisely: 2.1.79 -The maximum number of packets which may be queued for each unresolved -address by other network layers. -Defaults to 3. -.SH VERSIONS -The -.I struct arpreq -changed in Linux 2.0 to include the -.I arp_dev -member and the ioctl numbers changed at the same time. -Support for the old ioctls was dropped in Linux 2.2. -.P -Support for proxy arp entries for networks (netmask not equal 0xffffffff) -was dropped in Linux 2.2. -It is replaced by automatic proxy arp setup by -the kernel for all reachable hosts on other interfaces (when -forwarding and proxy arp is enabled for the interface). -.P -The -.I neigh/* -interfaces did not exist before Linux 2.2. -.SH BUGS -Some timer settings are specified in jiffies, which is architecture- -and kernel version-dependent; see -.BR time (7). -.P -There is no way to signal positive feedback from user space. -This means connection-oriented protocols implemented in user space -will generate excessive ARP traffic, because ndisc will regularly -reprobe the MAC address. -The same problem applies for some kernel protocols (e.g., NFS over UDP). -.P -This man page mashes together functionality that is IPv4-specific -with functionality that is shared between IPv4 and IPv6. -.SH SEE ALSO -.BR capabilities (7), -.BR ip (7), -.BR arpd (8) -.P -RFC\ 826 for a description of ARP. -RFC\ 2461 for a description of IPv6 neighbor discovery and the base -algorithms used. -Linux 2.2+ IPv4 ARP uses the IPv6 algorithms when applicable. diff --git a/man7/ascii.7 b/man7/ascii.7 deleted file mode 100644 index 19193e1..0000000 --- a/man7/ascii.7 +++ /dev/null @@ -1,169 +0,0 @@ -'\" t -.\" Copyright (c) 1993 Michael Haardt (michael@moria.de) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Created 1993-04-02 by Michael Haardt (michael@moria.de) -.\" Modified 1993-07-24 by Rik Faith (faith@cs.unc.edu) -.\" Modified 1994-05-15 by Daniel Quinlan (quinlan@yggdrasil.com) -.\" Modified 1994-11-22 by Daniel Quinlan (quinlan@yggdrasil.com) -.\" Modified 1995-07-11 by Daniel Quinlan (quinlan@yggdrasil.com) -.\" Modified 1996-12-18 by Michael Haardt and aeb -.\" Modified 1999-05-31 by Dimitri Papadopoulos (dpo@club-internet.fr) -.\" Modified 1999-08-08 by Michael Haardt (michael@moria.de) -.\" Modified 2004-04-01 by aeb -.\" -.TH ascii 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -ascii \- ASCII character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -ASCII is the American Standard Code for Information Interchange. -It is a 7-bit code. -Many 8-bit codes (e.g., ISO/IEC\~8859-1) contain ASCII as their lower half. -The international counterpart of ASCII is known as ISO/IEC\~646-IRV. -.P -The following table contains the 128 ASCII characters. -.P -C program \f(CW\[aq]\eX\[aq]\fP escapes are noted. -.P -.EX -.TS -l l l l | l l l l. -Oct Dec Hex Char Oct Dec Hex Char -_ -000 0 00 NUL \[aq]\e0\[aq] (null character) 100 64 40 @ -001 1 01 SOH (start of heading) 101 65 41 A -002 2 02 STX (start of text) 102 66 42 B -003 3 03 ETX (end of text) 103 67 43 C -004 4 04 EOT (end of transmission) 104 68 44 D -005 5 05 ENQ (enquiry) 105 69 45 E -006 6 06 ACK (acknowledge) 106 70 46 F -007 7 07 BEL \[aq]\ea\[aq] (bell) 107 71 47 G -010 8 08 BS \[aq]\eb\[aq] (backspace) 110 72 48 H -011 9 09 HT \[aq]\et\[aq] (horizontal tab) 111 73 49 I -012 10 0A LF \[aq]\en\[aq] (new line) 112 74 4A J -013 11 0B VT \[aq]\ev\[aq] (vertical tab) 113 75 4B K -014 12 0C FF \[aq]\ef\[aq] (form feed) 114 76 4C L -015 13 0D CR \[aq]\er\[aq] (carriage ret) 115 77 4D M -016 14 0E SO (shift out) 116 78 4E N -017 15 0F SI (shift in) 117 79 4F O -020 16 10 DLE (data link escape) 120 80 50 P -021 17 11 DC1 (device control 1) 121 81 51 Q -022 18 12 DC2 (device control 2) 122 82 52 R -023 19 13 DC3 (device control 3) 123 83 53 S -024 20 14 DC4 (device control 4) 124 84 54 T -025 21 15 NAK (negative ack.) 125 85 55 U -026 22 16 SYN (synchronous idle) 126 86 56 V -027 23 17 ETB (end of trans. blk) 127 87 57 W -030 24 18 CAN (cancel) 130 88 58 X -031 25 19 EM (end of medium) 131 89 59 Y -032 26 1A SUB (substitute) 132 90 5A Z -033 27 1B ESC (escape) 133 91 5B [ -034 28 1C FS (file separator) 134 92 5C \e \[aq]\e\e\[aq] -035 29 1D GS (group separator) 135 93 5D ] -036 30 1E RS (record separator) 136 94 5E \[ha] -037 31 1F US (unit separator) 137 95 5F \&_ -040 32 20 SPACE 140 96 60 \` -041 33 21 ! 141 97 61 a -042 34 22 " 142 98 62 b -043 35 23 # 143 99 63 c -044 36 24 $ 144 100 64 d -045 37 25 % 145 101 65 e -046 38 26 & 146 102 66 f -047 39 27 \[aq] 147 103 67 g -050 40 28 ( 150 104 68 h -051 41 29 ) 151 105 69 i -052 42 2A * 152 106 6A j -053 43 2B + 153 107 6B k -054 44 2C , 154 108 6C l -055 45 2D \- 155 109 6D m -056 46 2E . 156 110 6E n -057 47 2F / 157 111 6F o -060 48 30 0 160 112 70 p -061 49 31 1 161 113 71 q -062 50 32 2 162 114 72 r -063 51 33 3 163 115 73 s -064 52 34 4 164 116 74 t -065 53 35 5 165 117 75 u -066 54 36 6 166 118 76 v -067 55 37 7 167 119 77 w -070 56 38 8 170 120 78 x -071 57 39 9 171 121 79 y -072 58 3A : 172 122 7A z -073 59 3B ; 173 123 7B { -074 60 3C < 174 124 7C | -075 61 3D = 175 125 7D } -076 62 3E > 176 126 7E \[ti] -077 63 3F ? 177 127 7F DEL -.TE -.EE -.SS Tables -For convenience, below are more compact tables in hex and decimal. -.P -.EX - 2 3 4 5 6 7 30 40 50 60 70 80 90 100 110 120 - ------------- --------------------------------- -0: 0 @ P \` p 0: ( 2 < F P Z d n x -1: ! 1 A Q a q 1: ) 3 = G Q [ e o y -2: " 2 B R b r 2: * 4 > H R \e f p z -3: # 3 C S c s 3: ! + 5 ? I S ] g q { -4: $ 4 D T d t 4: " , 6 @ J T \[ha] h r | -5: % 5 E U e u 5: # \- 7 A K U _ i s } -6: & 6 F V f v 6: $ . 8 B L V \` j t \[ti] -7: \[aq] 7 G W g w 7: % / 9 C M W a k u DEL -8: ( 8 H X h x 8: & 0 : D N X b l v -9: ) 9 I Y i y 9: \[aq] 1 ; E O Y c m w -A: * : J Z j z -B: + ; K [ k { -C: , < L \e l | -D: \- = M ] m } -E: . > N \[ha] n \[ti] -F: / ? O _ o DEL -.EE -.SH NOTES -.SS History -/etc/ascii (VII) appears in the UNIX Programmer's Manual. -.P -On older terminals, the underscore code is displayed as a left arrow, -called backarrow, the caret is displayed as an up-arrow and the vertical -bar has a hole in the middle. -.P -Uppercase and lowercase characters differ by just one bit and the -ASCII character 2 differs from the double quote by just one bit, too. -That made it much easier to encode characters mechanically or with a -non-microcontroller-based electronic keyboard and that pairing was found -on old teletypes. -.P -The ASCII standard was published by the United States of America -Standards Institute (USASI) in 1968. -.\" -.\" ASA was the American Standards Association and X3 was an ASA sectional -.\" committee on computers and data processing. Its name changed to -.\" American National Standards Committee X3 (ANSC-X3) and now it is known -.\" as Accredited Standards Committee X3 (ASC X3). It is accredited by ANSI -.\" and administered by ITI. The subcommittee X3.2 worked on coded -.\" character sets; the task group working on ASCII appears to have been -.\" designated X3.2.4. In 1966, ASA became the United States of America -.\" Standards Institute (USASI) and published ASCII in 1968. It became the -.\" American National Standards Institute (ANSI) in 1969 and is the -.\" U.S. member body of ISO; private and nonprofit. -.\" -.SH SEE ALSO -.BR charsets (7), -.BR iso_8859\-1 (7), -.BR iso_8859\-2 (7), -.BR iso_8859\-3 (7), -.BR iso_8859\-4 (7), -.BR iso_8859\-5 (7), -.BR iso_8859\-6 (7), -.BR iso_8859\-7 (7), -.BR iso_8859\-8 (7), -.BR iso_8859\-9 (7), -.BR iso_8859\-10 (7), -.BR iso_8859\-11 (7), -.BR iso_8859\-13 (7), -.BR iso_8859\-14 (7), -.BR iso_8859\-15 (7), -.BR iso_8859\-16 (7), -.BR utf\-8 (7) diff --git a/man7/attributes.7 b/man7/attributes.7 deleted file mode 100644 index 838f039..0000000 --- a/man7/attributes.7 +++ /dev/null @@ -1,865 +0,0 @@ -.\" Copyright (c) 2014, Red Hat, Inc -.\" Written by Alexandre Oliva -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.TH attributes 7 2023-11-01 "Linux man-pages 6.7" -.SH NAME -attributes \- POSIX safety concepts -.SH DESCRIPTION -.\" -.\" -.IR Note : -the text of this man page is based on the material taken from -the "POSIX Safety Concepts" section of the GNU C Library manual. -Further details on the topics described here can be found in that -manual. -.P -Various function manual pages include a section ATTRIBUTES -that describes the safety of calling the function in various contexts. -This section annotates functions with the following safety markings: -.TP -.I MT-Safe -.I MT-Safe -or -Thread-Safe functions are safe to call in the presence -of other threads. -MT, in MT-Safe, stands for Multi Thread. -.IP -Being MT-Safe does not imply a function is atomic, nor that it uses any -of the memory synchronization mechanisms POSIX exposes to users. -It is even possible that calling MT-Safe functions in sequence -does not yield an MT-Safe combination. -For example, having a thread call two MT-Safe -functions one right after the other does not guarantee behavior -equivalent to atomic execution of a combination of both functions, -since concurrent calls in other threads may interfere in a destructive way. -.IP -Whole-program optimizations that could inline functions across library -interfaces may expose unsafe reordering, and so performing inlining -across the GNU C Library interface is not recommended. -The documented -MT-Safety status is not guaranteed under whole-program optimization. -However, functions defined in user-visible headers are designed to be -safe for inlining. -.\" .TP -.\" .I AS-Safe -.\" .I AS-Safe -.\" or Async-Signal-Safe functions are safe to call from -.\" asynchronous signal handlers. -.\" AS, in AS-Safe, stands for Asynchronous Signal. -.\" -.\" Many functions that are AS-Safe may set -.\" .IR errno , -.\" or modify the floating-point environment, -.\" because their doing so does not make them -.\" unsuitable for use in signal handlers. -.\" However, programs could misbehave should asynchronous signal handlers -.\" modify this thread-local state, -.\" and the signal handling machinery cannot be counted on to -.\" preserve it. -.\" Therefore, signal handlers that call functions that may set -.\" .I errno -.\" or modify the floating-point environment -.\" .I must -.\" save their original values, and restore them before returning. -.\" .TP -.\" .I AC-Safe -.\" .I AC-Safe -.\" or Async-Cancel-Safe functions are safe to call when -.\" asynchronous cancelation is enabled. -.\" AC in AC-Safe stands for Asynchronous Cancelation. -.\" -.\" The POSIX standard defines only three functions to be AC-Safe, namely -.\" .BR pthread_cancel (3), -.\" .BR pthread_setcancelstate (3), -.\" and -.\" .BR pthread_setcanceltype (3). -.\" At present the GNU C Library provides no -.\" guarantees beyond these three functions, -.\" but does document which functions are presently AC-Safe. -.\" This documentation is provided for use -.\" by the GNU C Library developers. -.\" -.\" Just like signal handlers, cancelation cleanup routines must configure -.\" the floating point environment they require. -.\" The routines cannot assume a floating point environment, -.\" particularly when asynchronous cancelation is enabled. -.\" If the configuration of the floating point -.\" environment cannot be performed atomically then it is also possible that -.\" the environment encountered is internally inconsistent. -.TP -.I MT-Unsafe \" ", " AS-Unsafe ", " AC-Unsafe -.I MT-Unsafe \" ", " AS-Unsafe ", " AC-Unsafe -functions are not safe to call in a multithreaded programs. -.\" functions are not -.\" safe to call within the safety contexts described above. -.\" Calling them -.\" within such contexts invokes undefined behavior. -.\" -.\" Functions not explicitly documented as safe in a safety context should -.\" be regarded as Unsafe. -.\" .TP -.\" .I Preliminary -.\" .I Preliminary -.\" safety properties are documented, indicating these -.\" properties may -.\" .I not -.\" be counted on in future releases of -.\" the GNU C Library. -.\" -.\" Such preliminary properties are the result of an assessment of the -.\" properties of our current implementation, -.\" rather than of what is mandated and permitted -.\" by current and future standards. -.\" -.\" Although we strive to abide by the standards, in some cases our -.\" implementation is safe even when the standard does not demand safety, -.\" and in other cases our implementation does not meet the standard safety -.\" requirements. -.\" The latter are most likely bugs; the former, when marked -.\" as -.\" .IR Preliminary , -.\" should not be counted on: future standards may -.\" require changes that are not compatible with the additional safety -.\" properties afforded by the current implementation. -.\" -.\" Furthermore, -.\" the POSIX standard does not offer a detailed definition of safety. -.\" We assume that, by "safe to call", POSIX means that, -.\" as long as the program does not invoke undefined behavior, -.\" the "safe to call" function behaves as specified, -.\" and does not cause other functions to deviate from their specified behavior. -.\" We have chosen to use its loose -.\" definitions of safety, not because they are the best definitions to use, -.\" but because choosing them harmonizes this manual with POSIX. -.\" -.\" Please keep in mind that these are preliminary definitions and annotations, -.\" and certain aspects of the definitions are still under -.\" discussion and might be subject to clarification or change. -.\" -.\" Over time, -.\" we envision evolving the preliminary safety notes into stable commitments, -.\" as stable as those of our interfaces. -.\" As we do, we will remove the -.\" .I Preliminary -.\" keyword from safety notes. -.\" As long as the keyword remains, however, -.\" they are not to be regarded as a promise of future behavior. -.P -Other keywords that appear in safety notes are defined in subsequent sections. -.\" -.\" -.\" .SS Unsafe features -.\" Functions that are unsafe to call in certain contexts are annotated with -.\" keywords that document their features that make them unsafe to call. -.\" AS-Unsafe features in this section indicate the functions are never safe -.\" to call when asynchronous signals are enabled. -.\" AC-Unsafe features -.\" indicate they are never safe to call when asynchronous cancelation is -.\" .\" enabled. -.\" There are no MT-Unsafe marks in this section. -.\" .TP -.\" .\" .I code -.\" Functions marked with -.\" .I lock -.\" as an AS-Unsafe feature may be -.\" .\" interrupted by a signal while holding a non-recursive lock. -.\" If the signal handler calls another such function that takes the same lock, -.\" the result is a deadlock. -.\" -.\" Functions annotated with -.\" .I lock -.\" as an AC-Unsafe feature may, if canceled asynchronously, -.\" fail to release a lock that would have been released if their execution -.\" had not been interrupted by asynchronous thread cancelation. -.\" Once a lock is left taken, -.\" attempts to take that lock will block indefinitely. -.\" .TP -.\" .I corrupt -.\" Functions marked with -.\" .\" .I corrupt -.\" as an AS-Unsafe feature may corrupt -.\" data structures and misbehave when they interrupt, -.\" or are interrupted by, another such function. -.\" Unlike functions marked with -.\" .IR lock , -.\" these take recursive locks to avoid MT-Safety problems, -.\" but this is not enough to stop a signal handler from observing -.\" a partially-updated data structure. -.\" Further corruption may arise from the interrupted function's -.\" failure to notice updates made by signal handlers. -.\" -.\" Functions marked with -.\" .I corrupt -.\" as an AC-Unsafe feature may leave -.\" data structures in a corrupt, partially updated state. -.\" Subsequent uses of the data structure may misbehave. -.\" -.\" .\" A special case, probably not worth documenting separately, involves -.\" .\" reallocing, or even freeing pointers. Any case involving free could -.\" .\" be easily turned into an ac-safe leak by resetting the pointer before -.\" .\" releasing it; I don't think we have any case that calls for this sort -.\" .\" of fixing. Fixing the realloc cases would require a new interface: -.\" .\" instead of @code{ptr=realloc(ptr,size)} we'd have to introduce -.\" .\" @code{acsafe_realloc(&ptr,size)} that would modify ptr before -.\" .\" releasing the old memory. The ac-unsafe realloc could be implemented -.\" .\" in terms of an internal interface with this semantics (say -.\" .\" __acsafe_realloc), but since realloc can be overridden, the function -.\" .\" we call to implement realloc should not be this internal interface, -.\" .\" but another internal interface that calls __acsafe_realloc if realloc -.\" .\" was not overridden, and calls the overridden realloc with async -.\" .\" cancel disabled. --lxoliva -.\" .TP -.\" .I heap -.\" Functions marked with -.\" .I heap -.\" may call heap memory management functions from the -.\" .BR malloc (3)/ free (3) -.\" family of functions and are only as safe as those functions. -.\" This note is thus equivalent to: -.\" -.\" | AS-Unsafe lock | AC-Unsafe lock fd mem | -.\" .\" @sampsafety{@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} -.\" .\" -.\" .\" Check for cases that should have used plugin instead of or in -.\" .\" addition to this. Then, after rechecking gettext, adjust i18n if -.\" .\" needed. -.\" .TP -.\" .I dlopen -.\" Functions marked with -.\" .I dlopen -.\" use the dynamic loader to load -.\" shared libraries into the current execution image. -.\" This involves opening files, mapping them into memory, -.\" allocating additional memory, resolving symbols, -.\" applying relocations and more, -.\" all of this while holding internal dynamic loader locks. -.\" -.\" The locks are enough for these functions to be AS-Unsafe and AC-Unsafe, -.\" but other issues may arise. -.\" At present this is a placeholder for all -.\" potential safety issues raised by -.\" .BR dlopen (3). -.\" -.\" .\" dlopen runs init and fini sections of the module; does this mean -.\" .\" dlopen always implies plugin? -.\" .TP -.\" .I plugin -.\" Functions annotated with -.\" .I plugin -.\" may run code from plugins that -.\" may be external to the GNU C Library. -.\" Such plugin functions are assumed to be -.\" MT-Safe, AS-Unsafe and AC-Unsafe. -.\" Examples of such plugins are stack unwinding libraries, -.\" name service switch (NSS) and character set conversion (iconv) back-ends. -.\" -.\" Although the plugins mentioned as examples are all brought in by means -.\" of dlopen, the -.\" .I plugin -.\" keyword does not imply any direct -.\" involvement of the dynamic loader or the -.\" .I libdl -.\" interfaces, -.\" those are covered by -.\" .IR dlopen . -.\" For example, if one function loads a module and finds the addresses -.\" of some of its functions, -.\" while another just calls those already-resolved functions, -.\" the former will be marked with -.\" .IR dlopen , -.\" whereas the latter will get the -.\" .IR plugin . -.\" When a single function takes all of these actions, then it gets both marks. -.\" .TP -.\" .I i18n -.\" Functions marked with -.\" .I i18n -.\" may call internationalization -.\" functions of the -.\" .BR gettext (3) -.\" family and will be only as safe as those -.\" functions. -.\" This note is thus equivalent to: -.\" -.\" | MT-Safe env | AS-Unsafe corrupt heap dlopen | AC-Unsafe corrupt | -.\" -.\" .\" @sampsafety{@mtsafe{@mtsenv{}}@asunsafe{@asucorrupt{} @ascuheap{} @ascudlopen{}}@acunsafe{@acucorrupt{}}} -.\" .TP -.\" .I timer -.\" Functions marked with -.\" .I timer -.\" use the -.\" .BR alarm (3) -.\" function or -.\" similar to set a time-out for a system call or a long-running operation. -.\" In a multi-threaded program, there is a risk that the time-out signal -.\" will be delivered to a different thread, -.\" thus failing to interrupt the intended thread. -.\" Besides being MT-Unsafe, such functions are always -.\" AS-Unsafe, because calling them in signal handlers may interfere with -.\" timers set in the interrupted code, and AC-Unsafe, -.\" because there is no safe way to guarantee an earlier timer -.\" will be reset in case of asynchronous cancelation. -.\" -.\" -.SS Conditionally safe features -For some features that make functions unsafe to call in certain contexts, -there are known ways to avoid the safety problem other than -refraining from calling the function altogether. -The keywords that follow refer to such features, -and each of their definitions indicates -how the whole program needs to be constrained in order to remove the -safety problem indicated by the keyword. -Only when all the reasons that -make a function unsafe are observed and addressed, -by applying the documented constraints, -does the function become safe to call in a context. -.TP -.I init -Functions marked with -.I init -as an MT-Unsafe feature perform -MT-Unsafe initialization when they are first called. -.IP -Calling such a function at least once in single-threaded mode removes -this specific cause for the function to be regarded as MT-Unsafe. -If no other cause for that remains, -the function can then be safely called after other threads are started. -.\" -.\" Functions marked with -.\" .I init -.\" as an AS-Unsafe or AC-Unsafe feature use the GNU C Library internal -.\" .I libc_once -.\" machinery or similar to initialize internal data structures. -.\" -.\" If a signal handler interrupts such an initializer, -.\" and calls any function that also performs -.\" .I libc_once -.\" initialization, it will deadlock if the thread library has been loaded. -.\" -.\" Furthermore, if an initializer is partially complete before it is canceled -.\" or interrupted by a signal whose handler requires the same initialization, -.\" some or all of the initialization may be performed more than once, -.\" leaking resources or even resulting in corrupt internal data. -.\" -.\" Applications that need to call functions marked with -.\" .I init -.\" as an AS-Safety or AC-Unsafe feature should ensure -.\" the initialization is performed -.\" before configuring signal handlers or enabling cancelation, -.\" so that the AS-Safety and AC-Safety issues related with -.\" .I libc_once -.\" do not arise. -.\" -.\" .\" We may have to extend the annotations to cover conditions in which -.\" .\" initialization may or may not occur, since an initial call in a safe -.\" .\" context is no use if the initialization doesn't take place at that -.\" .\" time: it doesn't remove the risk for later calls. -.TP -.I race -Functions annotated with -.I race -as an MT-Safety issue operate on -objects in ways that may cause data races or similar forms of -destructive interference out of concurrent execution. -In some cases, -the objects are passed to the functions by users; -in others, they are used by the functions to return values to users; -in others, they are not even exposed to users. -.\" -.\" We consider access to objects passed as (indirect) arguments to -.\" functions to be data race free. -.\" The assurance of data race free objects -.\" is the caller's responsibility. -.\" We will not mark a function as MT-Unsafe or AS-Unsafe -.\" if it misbehaves when users fail to take the measures required by -.\" POSIX to avoid data races when dealing with such objects. -.\" As a general rule, if a function is documented as reading from -.\" an object passed (by reference) to it, or modifying it, -.\" users ought to use memory synchronization primitives -.\" to avoid data races just as they would should they perform -.\" the accesses themselves rather than by calling the library function. -.\" Standard I/O -.\" .RI ( "FILE *" ) -.\" streams are the exception to the general rule, -.\" in that POSIX mandates the library to guard against data races -.\" in many functions that manipulate objects of this specific opaque type. -.\" We regard this as a convenience provided to users, -.\" rather than as a general requirement whose expectations -.\" should extend to other types. -.\" -.\" In order to remind users that guarding certain arguments is their -.\" responsibility, we will annotate functions that take objects of certain -.\" types as arguments. -.\" We draw the line for objects passed by users as follows: -.\" objects whose types are exposed to users, -.\" and that users are expected to access directly, -.\" such as memory buffers, strings, -.\" and various user-visible structured types, do -.\" .I not -.\" give reason for functions to be annotated with -.\" .IR race . -.\" It would be noisy and redundant with the general requirement, -.\" and not many would be surprised by the library's lack of internal -.\" guards when accessing objects that can be accessed directly by users. -.\" -.\" As for objects that are opaque or opaque-like, -.\" in that they are to be manipulated only by passing them -.\" to library functions (e.g., -.\" .IR FILE , -.\" .IR DIR , -.\" .IR obstack , -.\" .IR iconv_t ), -.\" there might be additional expectations as to internal coordination -.\" of access by the library. -.\" We will annotate, with -.\" .I race -.\" followed by a colon and the argument name, -.\" functions that take such objects but that do not take -.\" care of synchronizing access to them by default. -.\" For example, -.\" .I FILE -.\" stream -.\" .I unlocked -.\" functions -.\" .RB ( unlocked_stdio (3)) -.\" will be annotated, -.\" but those that perform implicit locking on -.\" .I FILE -.\" streams by default will not, -.\" even though the implicit locking may be disabled on a per-stream basis. -.\" -.\" In either case, we will not regard as MT-Unsafe functions that may -.\" access user-supplied objects in unsafe ways should users fail to ensure -.\" the accesses are well defined. -.\" The notion prevails that users are expected to safeguard against -.\" data races any user-supplied objects that the library accesses -.\" on their behalf. -.\" -.\" .\" The above describes @mtsrace; @mtasurace is described below. -.\" -.\" This user responsibility does not apply, however, -.\" to objects controlled by the library itself, -.\" such as internal objects and static buffers used -.\" to return values from certain calls. -.\" When the library doesn't guard them against concurrent uses, -.\" these cases are regarded as MT-Unsafe and AS-Unsafe (although the -.\" .I race -.\" mark under AS-Unsafe will be omitted -.\" as redundant with the one under MT-Unsafe). -.\" As in the case of user-exposed objects, -.\" the mark may be followed by a colon and an identifier. -.\" The identifier groups all functions that operate on a -.\" certain unguarded object; users may avoid the MT-Safety issues related -.\" with unguarded concurrent access to such internal objects by creating a -.\" non-recursive mutex related with the identifier, -.\" and always holding the mutex when calling any function marked -.\" as racy on that identifier, -.\" as they would have to should the identifier be -.\" an object under user control. -.\" The non-recursive mutex avoids the MT-Safety issue, -.\" but it trades one AS-Safety issue for another, -.\" so use in asynchronous signals remains undefined. -.\" -.\" When the identifier relates to a static buffer used to hold return values, -.\" the mutex must be held for as long as the buffer remains in use -.\" by the caller. -.\" Many functions that return pointers to static buffers offer reentrant -.\" variants that store return values in caller-supplied buffers instead. -.\" In some cases, such as -.\" .BR tmpname (3), -.\" the variant is chosen not by calling an alternate entry point, -.\" but by passing a non-null pointer to the buffer in which the -.\" returned values are to be stored. -.\" These variants are generally preferable in multi-threaded programs, -.\" although some of them are not MT-Safe because of other internal buffers, -.\" also documented with -.\" .I race -.\" notes. -.TP -.I const -Functions marked with -.I const -as an MT-Safety issue non-atomically -modify internal objects that are better regarded as constant, -because a substantial portion of the GNU C Library accesses them without -synchronization. -Unlike -.IR race , -which causes both readers and -writers of internal objects to be regarded as MT-Unsafe,\" and AS-Unsafe, -this mark is applied to writers only. -Writers remain\" equally -MT-Unsafe\" and AS-Unsafe -to call, -but the then-mandatory constness of objects they -modify enables readers to be regarded as MT-Safe\" and AS-Safe -(as long as no other reasons for them to be unsafe remain), -since the lack of synchronization is not a problem when the -objects are effectively constant. -.IP -The identifier that follows the -.I const -mark will appear by itself as a safety note in readers. -Programs that wish to work around this safety issue, -so as to call writers, may use a non-recursive -read-write lock -associated with the identifier, and guard -.I all -calls to functions marked with -.I const -followed by the identifier with a write lock, and -.I all -calls to functions marked with the identifier -by itself with a read lock. -.\" The non-recursive locking removes the MT-Safety problem, -.\" but it trades one AS-Safety problem for another, -.\" so use in asynchronous signals remains undefined. -.\" -.\" .\" But what if, instead of marking modifiers with const:id and readers -.\" .\" with just id, we marked writers with race:id and readers with ro:id? -.\" .\" Instead of having to define each instance of 'id', we'd have a -.\" .\" general pattern governing all such 'id's, wherein race:id would -.\" .\" suggest the need for an exclusive/write lock to make the function -.\" .\" safe, whereas ro:id would indicate 'id' is expected to be read-only, -.\" .\" but if any modifiers are called (while holding an exclusive lock), -.\" .\" then ro:id-marked functions ought to be guarded with a read lock for -.\" .\" safe operation. ro:env or ro:locale, for example, seems to convey -.\" .\" more clearly the expectations and the meaning, than just env or -.\" .\" locale. -.TP -.I sig -Functions marked with -.I sig -as a MT-Safety issue -.\" (that implies an identical AS-Safety issue, omitted for brevity) -may temporarily install a signal handler for internal purposes, -which may interfere with other uses of the signal, -identified after a colon. -.IP -This safety problem can be worked around by ensuring that no other uses -of the signal will take place for the duration of the call. -Holding a non-recursive mutex while calling all functions that use the same -temporary signal; -blocking that signal before the call and resetting its -handler afterwards is recommended. -.\" -.\" There is no safe way to guarantee the original signal handler is -.\" restored in case of asynchronous cancelation, -.\" therefore so-marked functions are also AC-Unsafe. -.\" -.\" .\" fixme: at least deferred cancelation should get it right, and would -.\" .\" obviate the restoring bit below, and the qualifier above. -.\" -.\" Besides the measures recommended to work around the -.\" MT-Safety and AS-Safety problem, -.\" in order to avert the cancelation problem, -.\" disabling asynchronous cancelation -.\" .I and -.\" installing a cleanup handler to restore the signal to the desired state -.\" and to release the mutex are recommended. -.TP -.I term -Functions marked with -.I term -as an MT-Safety issue may change the -terminal settings in the recommended way, namely: call -.BR tcgetattr (3), -modify some flags, and then call -.BR tcsetattr (3), -this creates a window in which changes made by other threads are lost. -Thus, functions marked with -.I term -are MT-Unsafe. -.\" The same window enables changes made by asynchronous signals to be lost. -.\" These functions are also AS-Unsafe, -.\" but the corresponding mark is omitted as redundant. -.IP -It is thus advisable for applications using the terminal to avoid -concurrent and reentrant interactions with it, -by not using it in signal handlers or blocking signals that might use it, -and holding a lock while calling these functions and interacting -with the terminal. -This lock should also be used for mutual exclusion with -functions marked with -.IR race:tcattr(fd) , -where -.I fd -is a file descriptor for the controlling terminal. -The caller may use a single mutex for simplicity, -or use one mutex per terminal, -even if referenced by different file descriptors. -.\" -.\" Functions marked with -.\" .I term -.\" as an AC-Safety issue are supposed to -.\" restore terminal settings to their original state, -.\" after temporarily changing them, but they may fail to do so if canceled. -.\" -.\" .\" fixme: at least deferred cancelation should get it right, and would -.\" .\" obviate the restoring bit below, and the qualifier above. -.\" -.\" Besides the measures recommended to work around the -.\" MT-Safety and AS-Safety problem, -.\" in order to avert the cancelation problem, -.\" disabling asynchronous cancelation -.\" .I and -.\" installing a cleanup handler to -.\" restore the terminal settings to the original state and to release the -.\" mutex are recommended. -.\" -.\" -.SS Other safety remarks -Additional keywords may be attached to functions, -indicating features that do not make a function unsafe to call, -but that may need to be taken into account in certain classes of programs: -.TP -.I locale -Functions annotated with -.I locale -as an MT-Safety issue read from -the locale object without any form of synchronization. -Functions -annotated with -.I locale -called concurrently with locale changes may -behave in ways that do not correspond to any of the locales active -during their execution, but an unpredictable mix thereof. -.IP -We do not mark these functions as MT-Unsafe,\" or AS-Unsafe, -however, -because functions that modify the locale object are marked with -.I const:locale -and regarded as unsafe. -Being unsafe, the latter are not to be called when multiple threads -are running or asynchronous signals are enabled, -and so the locale can be considered effectively constant -in these contexts, -which makes the former safe. -.\" Should the locking strategy suggested under @code{const} be used, -.\" failure to guard locale uses is not as fatal as data races in -.\" general: unguarded uses will @emph{not} follow dangling pointers or -.\" access uninitialized, unmapped or recycled memory. Each access will -.\" read from a consistent locale object that is or was active at some -.\" point during its execution. Without synchronization, however, it -.\" cannot even be assumed that, after a change in locale, earlier -.\" locales will no longer be used, even after the newly-chosen one is -.\" used in the thread. Nevertheless, even though unguarded reads from -.\" the locale will not violate type safety, functions that access the -.\" locale multiple times may invoke all sorts of undefined behavior -.\" because of the unexpected locale changes. -.TP -.I env -Functions marked with -.I env -as an MT-Safety issue access the -environment with -.BR getenv (3) -or similar, without any guards to ensure -safety in the presence of concurrent modifications. -.IP -We do not mark these functions as MT-Unsafe,\" or AS-Unsafe, -however, -because functions that modify the environment are all marked with -.I const:env -and regarded as unsafe. -Being unsafe, the latter are not to be called when multiple threads -are running or asynchronous signals are enabled, -and so the environment can be considered -effectively constant in these contexts, -which makes the former safe. -.TP -.I hostid -The function marked with -.I hostid -as an MT-Safety issue reads from the system-wide data structures that -hold the "host ID" of the machine. -These data structures cannot generally be modified atomically. -Since it is expected that the "host ID" will not normally change, -the function that reads from it -.RB ( gethostid (3)) -is regarded as safe, -whereas the function that modifies it -.RB ( sethostid (3)) -is marked with -.IR const:hostid , -indicating it may require special care if it is to be called. -In this specific case, -the special care amounts to system-wide -(not merely intra-process) coordination. -.TP -.I sigintr -Functions marked with -.I sigintr -as an MT-Safety issue access the -GNU C Library -.I _sigintr -internal data structure without any guards to ensure -safety in the presence of concurrent modifications. -.IP -We do not mark these functions as MT-Unsafe,\" or AS-Unsafe, -however, -because functions that modify this data structure are all marked with -.I const:sigintr -and regarded as unsafe. -Being unsafe, -the latter are not to be called when multiple threads are -running or asynchronous signals are enabled, -and so the data structure can be considered -effectively constant in these contexts, -which makes the former safe. -.\" .TP -.\" .I fd -.\" Functions annotated with -.\" .I fd -.\" as an AC-Safety issue may leak file -.\" descriptors if asynchronous thread cancelation interrupts their -.\" execution. -.\" -.\" Functions that allocate or deallocate file descriptors will generally be -.\" marked as such. -.\" Even if they attempted to protect the file descriptor -.\" allocation and deallocation with cleanup regions, -.\" allocating a new descriptor and storing its number where the cleanup region -.\" could release it cannot be performed as a single atomic operation. -.\" Similarly, -.\" releasing the descriptor and taking it out of the data structure -.\" normally responsible for releasing it cannot be performed atomically. -.\" There will always be a window in which the descriptor cannot be released -.\" because it was not stored in the cleanup handler argument yet, -.\" or it was already taken out before releasing it. -.\" .\" It cannot be taken out after release: -.\" an open descriptor could mean either that the descriptor still -.\" has to be closed, -.\" or that it already did so but the descriptor was -.\" reallocated by another thread or signal handler. -.\" -.\" Such leaks could be internally avoided, with some performance penalty, -.\" by temporarily disabling asynchronous thread cancelation. -.\" However, -.\" since callers of allocation or deallocation functions would have to do -.\" this themselves, to avoid the same sort of leak in their own layer, -.\" it makes more sense for the library to assume they are taking care of it -.\" than to impose a performance penalty that is redundant when the problem -.\" is solved in upper layers, and insufficient when it is not. -.\" -.\" This remark by itself does not cause a function to be regarded as -.\" AC-Unsafe. -.\" However, cumulative effects of such leaks may pose a -.\" problem for some programs. -.\" If this is the case, -.\" suspending asynchronous cancelation for the duration of calls -.\" to such functions is recommended. -.\" .TP -.\" .I mem -.\" Functions annotated with -.\" .I mem -.\" as an AC-Safety issue may leak -.\" memory if asynchronous thread cancelation interrupts their execution. -.\" -.\" The problem is similar to that of file descriptors: there is no atomic -.\" interface to allocate memory and store its address in the argument to a -.\" cleanup handler, -.\" or to release it and remove its address from that argument, -.\" without at least temporarily disabling asynchronous cancelation, -.\" which these functions do not do. -.\" -.\" This remark does not by itself cause a function to be regarded as -.\" generally AC-Unsafe. -.\" However, cumulative effects of such leaks may be -.\" severe enough for some programs that disabling asynchronous cancelation -.\" for the duration of calls to such functions may be required. -.TP -.I cwd -Functions marked with -.I cwd -as an MT-Safety issue may temporarily -change the current working directory during their execution, -which may cause relative pathnames to be resolved in unexpected ways in -other threads or within asynchronous signal or cancelation handlers. -.IP -This is not enough of a reason to mark so-marked functions as MT-Unsafe, -.\" or AS-Unsafe, -but when this behavior is optional (e.g., -.BR nftw (3) -with -.BR FTW_CHDIR ), -avoiding the option may be a good alternative to -using full pathnames or file descriptor-relative (e.g., -.BR openat (2)) -system calls. -.\" .TP -.\" .I !posix -.\" This remark, as an MT-Safety, AS-Safety or AC-Safety -.\" note to a function, -.\" indicates the safety status of the function is known to differ -.\" from the specified status in the POSIX standard. -.\" For example, POSIX does not require a function to be Safe, -.\" but our implementation is, or vice-versa. -.\" -.\" For the time being, the absence of this remark does not imply the safety -.\" properties we documented are identical to those mandated by POSIX for -.\" the corresponding functions. -.TP -.I :identifier -Annotations may sometimes be followed by identifiers, -intended to group several functions that, for example, -access the data structures in an unsafe way, as in -.I race -and -.IR const , -or to provide more specific information, -such as naming a signal in a function marked with -.IR sig . -It is envisioned that it may be applied to -.I lock -and -.I corrupt -as well in the future. -.IP -In most cases, the identifier will name a set of functions, -but it may name global objects or function arguments, -or identifiable properties or logical components associated with them, -with a notation such as, for example, -.I :buf(arg) -to denote a buffer associated with the argument -.IR arg , -or -.I :tcattr(fd) -to denote the terminal attributes of a file descriptor -.IR fd . -.IP -The most common use for identifiers is to provide logical groups of -functions and arguments that need to be protected by the same -synchronization primitive in order to ensure safe operation in a given -context. -.TP -.I /condition -Some safety annotations may be conditional, -in that they only apply if a boolean expression involving arguments, -global variables or even the underlying kernel evaluates to true. -.\" Such conditions as -.\" .I /hurd -.\" or -.\" .I /!linux!bsd -.\" indicate the preceding marker only -.\" applies when the underlying kernel is the HURD, -.\" or when it is neither Linux nor a BSD kernel, respectively. -For example, -.I /!ps -and -.I /one_per_line -indicate the preceding marker only applies when argument -.I ps -is NULL, or global variable -.I one_per_line -is nonzero. -.IP -When all marks that render a function unsafe are -adorned with such conditions, -and none of the named conditions hold, -then the function can be regarded as safe. -.SH SEE ALSO -.BR pthreads (7), -.BR signal\-safety (7) diff --git a/man7/boot.7 b/man7/boot.7 deleted file mode 100644 index 3aa0341..0000000 --- a/man7/boot.7 +++ /dev/null @@ -1,230 +0,0 @@ -.\" Written by Oron Peled . -.\" -.\" SPDX-License-Identifier: GPL-1.0-or-later -.\" -.\" I tried to be as much generic in the description as possible: -.\" - General boot sequence is applicable to almost any -.\" OS/Machine (DOS/PC, Linux/PC, Solaris/SPARC, CMS/S390) -.\" - kernel and init(1) is applicable to almost any UNIX/Linux -.\" - boot scripts are applicable to SYSV-R4 based UNIX/Linux -.\" -.\" Modified 2004-11-03 patch from Martin Schulze -.\" -.TH boot 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -boot \- System bootup process based on UNIX System V Release 4 -.SH DESCRIPTION -The \fBbootup process\fR (or "\fBboot sequence\fR") varies in details -among systems, but can be roughly divided into phases controlled by -the following components: -.IP (1) 5 -hardware -.IP (2) -operating system (OS) loader -.IP (3) -kernel -.IP (4) -root user-space process (\fIinit\fR and \fIinittab\fR) -.IP (5) -boot scripts -.P -Each of these is described below in more detail. -.SS Hardware -After power-on or hard reset, control is given -to a program stored in read-only memory (normally -PROM); for historical reasons involving the personal -computer, this program is often called "the \fBBIOS\fR". -.P -This program normally performs a basic self-test of the -machine and accesses nonvolatile memory to read -further parameters. -This memory in the PC is -battery-backed CMOS memory, so most people -refer to it as "the \fBCMOS\fR"; outside -of the PC world, it is usually called "the \fBNVRAM\fR" -(nonvolatile RAM). -.P -The parameters stored in the NVRAM vary among -systems, but as a minimum, they should specify -which device can supply an OS loader, or at least which -devices may be probed for one; such a device is known as "the -\fBboot device\fR". -The hardware boot stage loads the OS loader from a fixed position on -the boot device, and then transfers control to it. -.TP -Note: -The device from which the OS loader is read may be attached via a network, -in which case the details of booting are further specified by protocols such as -DHCP, TFTP, PXE, Etherboot, etc. -.SS OS loader -The main job of the OS loader is to locate the kernel -on some device, load it, and run it. -Most OS loaders allow -interactive use, in order to enable specification of an alternative -kernel (maybe a backup in case the one last compiled -isn't functioning) and to pass optional parameters -to the kernel. -.P -In a traditional PC, the OS loader is located in the initial 512-byte block -of the boot device; this block is known as "the \fBMBR\fR" -(Master Boot Record). -.P -In most systems, the OS loader is very -limited due to various constraints. -Even on non-PC systems, -there are some limitations on the size and complexity -of this loader, but the size limitation of the PC MBR -(512 bytes, including the partition table) makes it -almost impossible to squeeze much functionality into it. -.P -Therefore, most systems split the role of loading the OS between -a primary OS loader and a secondary OS loader; this secondary -OS loader may be located within a larger portion of persistent -storage, such as a disk partition. -.P -In Linux, the OS loader is often -.BR grub (8) -(an alternative is -.BR lilo (8)). -.SS Kernel -When the kernel is loaded, it initializes various components of -the computer and operating system; each portion of software -responsible for such a task is usually consider "a \fBdriver\fR" for -the applicable component. -The kernel starts the virtual memory -swapper (it is a kernel process, called "kswapd" in a modern Linux -kernel), and mounts some filesystem at the root path, -.IR / . -.P -Some of the parameters that may be passed to the kernel -relate to these activities (for example, the default root filesystem -can be overridden); for further information -on Linux kernel parameters, read -.BR bootparam (7). -.P -Only then does the kernel create the initial userland -process, which is given the number 1 as its -.B PID -(process ID). -Traditionally, this process executes the -program -.IR /sbin/init , -to which are passed the parameters that haven't already been -handled by the kernel. -.SS Root user-space process -.TP -Note: -The following description applies to an OS based on UNIX System V Release 4. -However, a number of widely used systems have adopted a related but -fundamentally different approach known as -.BR systemd (1), -for which the bootup process is detailed in its associated -.BR bootup (7). -.P -When -.I /sbin/init -starts, it reads -.I /etc/inittab -for further instructions. -This file defines what should be run when the -.I /sbin/init -program is instructed to enter a particular run level, giving -the administrator an easy way to establish an environment -for some usage; each run level is associated with a set of services -(for example, run level -.B S -is single-user mode, -and run level -.B 2 -entails running most network services). -.P -The administrator may change the current run level via -.BR init (1), -and query the current run level via -.BR runlevel (8). -.P -However, since it is not convenient to manage individual services -by editing this file, -.I /etc/inittab -only bootstraps a set of scripts -that actually start/stop the individual services. -.SS Boot scripts -.TP -Note: -The following description applies to an OS based on UNIX System V Release 4. -However, a number of widely used systems (Slackware Linux, FreeBSD, OpenBSD) -have a somewhat different scheme for boot scripts. -.P -For each managed service (mail, nfs server, cron, etc.), there is -a single startup script located in a specific directory -.RI ( /etc/init.d -in most versions of Linux). -Each of these scripts accepts as a single argument -the word "start" (causing it to start the service) or the word -\&"stop" (causing it to stop the service). -The script may optionally -accept other "convenience" parameters (e.g., "restart" to stop and then -start, "status" to display the service status, etc.). -Running the script -without parameters displays the possible arguments. -.SS Sequencing directories -To make specific scripts start/stop at specific run levels and in a -specific order, there are \fIsequencing directories\fR, normally -of the form \fI/etc/rc[0\-6S].d\fR. -In each of these directories, -there are links (usually symbolic) to the scripts in the \fI/etc/init.d\fR -directory. -.P -A primary script (usually \fI/etc/rc\fR) is called from -.BR inittab (5); -this primary script calls each service's script via a link in the -relevant sequencing directory. -Each link whose name begins with \[aq]S\[aq] is called with -the argument "start" (thereby starting the service). -Each link whose name begins with \[aq]K\[aq] is called with -the argument "stop" (thereby stopping the service). -.P -To define the starting or stopping order within the same run level, -the name of a link contains an \fBorder-number\fR. -Also, for clarity, the name of a link usually -ends with the name of the service to which it refers. -For example, -the link \fI/etc/rc2.d/S80sendmail\fR starts the -.BR sendmail (8) -service on -run level 2. -This happens after \fI/etc/rc2.d/S12syslog\fR is run -but before \fI/etc/rc2.d/S90xfs\fR is run. -.P -To manage these links is to manage the boot order and run levels; -under many systems, there are tools to help with this task -(e.g., -.BR chkconfig (8)). -.SS Boot configuration -A program that provides a service is often called a "\fBdaemon\fR". -Usually, a daemon may receive various command-line options -and parameters. -To allow a system administrator to change these -inputs without editing an entire boot script, -some separate configuration file is used, and is located in a specific -directory where an associated boot script may find it -(\fI/etc/sysconfig\fR on older Red Hat systems). -.P -In older UNIX systems, such a file contained the actual command line -options for a daemon, but in modern Linux systems (and also -in HP-UX), it just contains shell variables. -A boot script in \fI/etc/init.d\fR reads and includes its configuration -file (that is, it "\fBsources\fR" its configuration file) and then uses -the variable values. -.SH FILES -.IR /etc/init.d/ , -.IR /etc/rc[S0\-6].d/ , -.I /etc/sysconfig/ -.SH SEE ALSO -.BR init (1), -.BR systemd (1), -.BR inittab (5), -.BR bootparam (7), -.BR bootup (7), -.BR runlevel (8), -.BR shutdown (8) diff --git a/man7/bootparam.7 b/man7/bootparam.7 deleted file mode 100644 index f9d3c10..0000000 --- a/man7/bootparam.7 +++ /dev/null @@ -1,664 +0,0 @@ -.\" Copyright (c) 1995,1997 Paul Gortmaker and Andries Brouwer -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" This man page written 950814 by aeb, based on Paul Gortmaker's HOWTO -.\" (dated v1.0.1, 15/08/95). -.\" Major update, aeb, 970114. -.\" -.TH bootparam 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -bootparam \- introduction to boot time parameters of the Linux kernel -.SH DESCRIPTION -The Linux kernel accepts certain 'command-line options' or 'boot time -parameters' at the moment it is started. -In general, this is used to -supply the kernel with information about hardware parameters that -the kernel would not be able to determine on its own, or to avoid/override -the values that the kernel would otherwise detect. -.P -When the kernel is booted directly by the BIOS, -you have no opportunity to specify any parameters. -So, in order to take advantage of this possibility you have to -use a boot loader that is able to pass parameters, such as GRUB. -.SS The argument list -The kernel command line is parsed into a list of strings -(boot arguments) separated by spaces. -Most of the boot arguments have the form: -.P -.in +4n -.EX -name[=value_1][,value_2]...[,value_10] -.EE -.in -.P -where 'name' is a unique keyword that is used to identify what part of -the kernel the associated values (if any) are to be given to. -Note the limit of 10 is real, as the present code handles only 10 comma -separated parameters per keyword. -(However, you can reuse the same -keyword with up to an additional 10 parameters in unusually -complicated situations, assuming the setup function supports it.) -.P -Most of the sorting is coded in the kernel source file -.IR init/main.c . -First, the kernel -checks to see if the argument is any of the special arguments 'root=', -\&'nfsroot=', 'nfsaddrs=', 'ro', 'rw', 'debug', or 'init'. -The meaning of these special arguments is described below. -.P -Then it walks a list of setup functions -to see if the specified argument string (such as 'foo') has -been associated with a setup function ('foo_setup()') for a particular -device or part of the kernel. -If you passed the kernel the line -foo=3,4,5,6 then the kernel would search the bootsetups array to see -if 'foo' was registered. -If it was, then it would call the setup -function associated with 'foo' (foo_setup()) and hand it the arguments -3, 4, 5, and 6 as given on the kernel command line. -.P -Anything of the form 'foo=bar' that is not accepted as a setup function -as described above is then interpreted as an environment variable to -be set. -A (useless?) example would be to use 'TERM=vt100' as a boot -argument. -.P -Any remaining arguments that were not picked up by the kernel and were -not interpreted as environment variables are then passed onto PID 1, -which is usually the -.BR init (1) -program. -The most common argument that -is passed to the -.I init -process is the word 'single' which instructs it -to boot the computer in single user mode, and not launch all the usual -daemons. -Check the manual page for the version of -.BR init (1) -installed on -your system to see what arguments it accepts. -.SS General non-device-specific boot arguments -.TP -.B "'init=...'" -This sets the initial command to be executed by the kernel. -If this is not set, or cannot be found, the kernel will try -.IR /sbin/init , -then -.IR /etc/init , -then -.IR /bin/init , -then -.I /bin/sh -and panic if all of this fails. -.TP -.B "'nfsaddrs=...'" -This sets the NFS boot address to the given string. -This boot address is used in case of a net boot. -.TP -.B "'nfsroot=...'" -This sets the NFS root name to the given string. -If this string -does not begin with '/' or ',' or a digit, then it is prefixed by -\&'/tftpboot/'. -This root name is used in case of a net boot. -.TP -.B "'root=...'" -This argument tells the kernel what device is to be used as the root -filesystem while booting. -The default of this setting is determined -at compile time, and usually is the value of the root device of the -system that the kernel was built on. -To override this value, and -select the second floppy drive as the root device, one would -use 'root=/dev/fd1'. -.IP -The root device can be specified symbolically or numerically. -A symbolic specification has the form -.IR /dev/XXYN , -where XX designates -the device type (e.g., 'hd' for ST-506 compatible hard disk, with Y in -\&'a'\[en]'d'; 'sd' for SCSI compatible disk, with Y in 'a'\[en]'e'), -Y the driver letter or -number, and N the number (in decimal) of the partition on this device. -.IP -Note that this has nothing to do with the designation of these -devices on your filesystem. -The '/dev/' part is purely conventional. -.IP -The more awkward and less portable numeric specification of the above -possible root devices in major/minor format is also accepted. -(For example, -.I /dev/sda3 -is major 8, minor 3, so you could use 'root=0x803' as an -alternative.) -.TP -.B 'rootdelay=' -This parameter sets the delay (in seconds) to pause before attempting -to mount the root filesystem. -.TP -.B 'rootflags=...' -This parameter sets the mount option string for the root filesystem -(see also -.BR fstab (5)). -.TP -.B 'rootfstype=...' -The 'rootfstype' option tells the kernel to mount the root filesystem as -if it where of the type specified. -This can be useful (for example) to -mount an ext3 filesystem as ext2 and then remove the journal in the root -filesystem, in fact reverting its format from ext3 to ext2 without the -need to boot the box from alternate media. -.TP -.BR 'ro' " and " 'rw' -The 'ro' option tells the kernel to mount the root filesystem -as 'read-only' so that filesystem consistency check programs (fsck) -can do their work on a quiescent filesystem. -No processes can -write to files on the filesystem in question until it is 'remounted' -as read/write capable, for example, by 'mount \-w \-n \-o remount /'. -(See also -.BR mount (8).) -.IP -The 'rw' option tells the kernel to mount the root filesystem read/write. -This is the default. -.TP -.B "'resume=...'" -This tells the kernel the location of -the suspend-to-disk data that you want the machine to resume from -after hibernation. -Usually, it is the same as your swap partition or file. -Example: -.IP -.in +4n -.EX -resume=/dev/hda2 -.EE -.in -.TP -.B "'reserve=...'" -This is used to protect I/O port regions from probes. -The form of the command is: -.IP -.in +4n -.EX -.BI reserve= iobase,extent[,iobase,extent]... -.EE -.in -.IP -In some machines it may be necessary to prevent device drivers from -checking for devices (auto-probing) in a specific region. -This may be -because of hardware that reacts badly to the probing, or hardware -that would be mistakenly identified, or merely -hardware you don't want the kernel to initialize. -.IP -The reserve boot-time argument specifies an I/O port region that -shouldn't be probed. -A device driver will not probe a reserved region, -unless another boot argument explicitly specifies that it do so. -.IP -For example, the boot line -.IP -.in +4n -.EX -reserve=0x300,32 blah=0x300 -.EE -.in -.IP -keeps all device drivers except the driver for 'blah' from probing -0x300\-0x31f. -.TP -.B "'panic=N'" -By default, the kernel will not reboot after a panic, but this option -will cause a kernel reboot after N seconds (if N is greater than zero). -This panic timeout can also be set by -.IP -.in +4n -.EX -echo N > /proc/sys/kernel/panic -.EE -.in -.TP -.B "'reboot=[warm|cold][,[bios|hard]]'" -Since Linux 2.0.22, a reboot is by default a cold reboot. -One asks for the old default with 'reboot=warm'. -(A cold reboot may be required to reset certain hardware, -but might destroy not yet written data in a disk cache. -A warm reboot may be faster.) -By default, a reboot is hard, by asking the keyboard controller -to pulse the reset line low, but there is at least one type -of motherboard where that doesn't work. -The option 'reboot=bios' will -instead jump through the BIOS. -.TP -.BR 'nosmp' " and " 'maxcpus=N' -(Only when __SMP__ is defined.) -A command-line option of 'nosmp' or 'maxcpus=0' will disable SMP -activation entirely; an option 'maxcpus=N' limits the maximum number -of CPUs activated in SMP mode to N. -.SS Boot arguments for use by kernel developers -.TP -.B "'debug'" -Kernel messages are handed off to a daemon (e.g., -.BR klogd (8) -or similar) so that they may be logged to disk. -Messages with a priority above -.I console_loglevel -are also printed on the console. -(For a discussion of log levels, see -.BR syslog (2).) -By default, -.I console_loglevel -is set to log messages at levels higher than -.BR KERN_DEBUG . -This boot argument will cause the kernel to also -print messages logged at level -.BR KERN_DEBUG . -The console loglevel can also be set on a booted system via the -.I /proc/sys/kernel/printk -file (described in -.BR syslog (2)), -the -.BR syslog (2) -.B SYSLOG_ACTION_CONSOLE_LEVEL -operation, or -.BR dmesg (8). -.TP -.B "'profile=N'" -It is possible to enable a kernel profiling function, -if one wishes to find out where the kernel is spending its CPU cycles. -Profiling is enabled by setting the variable -.I prof_shift -to a nonzero value. -This is done either by specifying -.B CONFIG_PROFILE -at compile time, or by giving the 'profile=' option. -Now the value that -.I prof_shift -gets will be N, when given, or -.BR CONFIG_PROFILE_SHIFT , -when that is given, or 2, the default. -The significance of this variable is that it -gives the granularity of the profiling: each clock tick, if the -system was executing kernel code, a counter is incremented: -.IP -.in +4n -.EX -profile[address >> prof_shift]++; -.EE -.in -.IP -The raw profiling information can be read from -.IR /proc/profile . -Probably you'll want to use a tool such as readprofile.c to digest it. -Writing to -.I /proc/profile -will clear the counters. -.SS Boot arguments for ramdisk use -(Only if the kernel was compiled with -.BR CONFIG_BLK_DEV_RAM .) -In general it is a bad idea to use a ramdisk under Linux\[em]the -system will use available memory more efficiently itself. -But while booting, -it is often useful to load the floppy contents into a -ramdisk. -One might also have a system in which first -some modules (for filesystem or hardware) must be loaded -before the main disk can be accessed. -.IP -In Linux 1.3.48, ramdisk handling was changed drastically. -Earlier, the memory was allocated statically, and there was -a 'ramdisk=N' parameter to tell its size. -(This could also be set in the kernel image at compile time.) -These days ram disks use the buffer cache, and grow dynamically. -For a lot of information on the current ramdisk -setup, see the kernel source file -.I Documentation/blockdev/ramdisk.txt -.RI ( Documentation/ramdisk.txt -in older kernels). -.IP -There are four parameters, two boolean and two integral. -.TP -.B "'load_ramdisk=N'" -If N=1, do load a ramdisk. -If N=0, do not load a ramdisk. -(This is the default.) -.TP -.B "'prompt_ramdisk=N'" -If N=1, do prompt for insertion of the floppy. -(This is the default.) -If N=0, do not prompt. -(Thus, this parameter is never needed.) -.TP -.BR 'ramdisk_size=N' " or (obsolete) " 'ramdisk=N' -Set the maximal size of the ramdisk(s) to N kB. -The default is 4096 (4\ MB). -.TP -.B "'ramdisk_start=N'" -Sets the starting block number (the offset on the floppy where -the ramdisk starts) to N. -This is needed in case the ramdisk follows a kernel image. -.TP -.B "'noinitrd'" -(Only if the kernel was compiled with -.B CONFIG_BLK_DEV_RAM -and -.BR CONFIG_BLK_DEV_INITRD .) -These days it is possible to compile the kernel to use initrd. -When this feature is enabled, the boot process will load the kernel -and an initial ramdisk; then the kernel converts initrd into -a "normal" ramdisk, which is mounted read-write as root device; -then -.I /linuxrc -is executed; afterward the "real" root filesystem is mounted, -and the initrd filesystem is moved over to -.IR /initrd ; -finally -the usual boot sequence (e.g., invocation of -.IR /sbin/init ) -is performed. -.IP -For a detailed description of the initrd feature, see the kernel source file -.I Documentation/admin\-guide/initrd.rst -.\" commit 9d85025b0418163fae079c9ba8f8445212de8568 -(or -.I Documentation/initrd.txt -before Linux 4.10). -.IP -The 'noinitrd' option tells the kernel that although it was compiled for -operation with initrd, it should not go through the above steps, but -leave the initrd data under -.IR /dev/initrd . -(This device can be used only once: the data is freed as soon as -the last process that used it has closed -.IR /dev/initrd .) -.SS Boot arguments for SCSI devices -General notation for this section: -.P -.I iobase --- the first I/O port that the SCSI host occupies. -These are specified in hexadecimal notation, -and usually lie in the range from 0x200 to 0x3ff. -.P -.I irq --- the hardware interrupt that the card is configured to use. -Valid values will be dependent on the card in question, but will -usually be 5, 7, 9, 10, 11, 12, and 15. -The other values are usually -used for common peripherals like IDE hard disks, floppies, serial -ports, and so on. -.P -.I scsi\-id --- the ID that the host adapter uses to identify itself on the -SCSI bus. -Only some host adapters allow you to change this value, as -most have it permanently specified internally. -The usual default value -is 7, but the Seagate and Future Domain TMC-950 boards use 6. -.P -.I parity --- whether the SCSI host adapter expects the attached devices -to supply a parity value with all information exchanges. -Specifying a one indicates parity checking is enabled, -and a zero disables parity checking. -Again, not all adapters will support selection of parity -behavior as a boot argument. -.TP -.B "'max_scsi_luns=...'" -A SCSI device can have a number of 'subdevices' contained within -itself. -The most common example is one of the new SCSI CD-ROMs that -handle more than one disk at a time. -Each CD is addressed as a -\&'Logical Unit Number' (LUN) of that particular device. -But most -devices, such as hard disks, tape drives, and such are only one device, -and will be assigned to LUN zero. -.IP -Some poorly designed SCSI devices cannot handle being probed for -LUNs not equal to zero. -Therefore, if the compile-time flag -.B CONFIG_SCSI_MULTI_LUN -is not set, newer kernels will by default probe only LUN zero. -.IP -To specify the number of probed LUNs at boot, one enters -\&'max_scsi_luns=n' as a boot arg, where n is a number between one and -eight. -To avoid problems as described above, one would use n=1 to -avoid upsetting such broken devices. -.TP -.B "SCSI tape configuration" -Some boot time configuration of the SCSI tape driver can be achieved -by using the following: -.IP -.in +4n -.EX -.BI st= buf_size[,write_threshold[,max_bufs]] -.EE -.in -.IP -The first two numbers are specified in units of kB. -The default -.I buf_size -is 32k\ B, and the maximum size that can be specified is a -ridiculous 16384\ kB. -The -.I write_threshold -is the value at which the buffer is committed to tape, with a -default value of 30\ kB. -The maximum number of buffers varies -with the number of drives detected, and has a default of two. -An example usage would be: -.IP -.in +4n -.EX -st=32,30,2 -.EE -.in -.IP -Full details can be found in the file -.I Documentation/scsi/st.txt -(or -.I drivers/scsi/README.st -for older kernels) in the Linux kernel source. -.SS Hard disks -.TP -.B "IDE Disk/CD-ROM Driver Parameters" -The IDE driver accepts a number of parameters, which range from disk -geometry specifications, to support for broken controller chips. -Drive-specific options are specified by using 'hdX=' with X in 'a'\[en]'h'. -.IP -Non-drive-specific options are specified with the prefix 'hd='. -Note that using a drive-specific prefix for a non-drive-specific option -will still work, and the option will just be applied as expected. -.IP -Also note that 'hd=' can be used to refer to the next unspecified -drive in the (a, ..., h) sequence. -For the following discussions, -the 'hd=' option will be cited for brevity. -See the file -.I Documentation/ide/ide.txt -(or -.I Documentation/ide.txt -.\" Linux 2.0, 2.2, 2.4 -in older kernels, or -.I drivers/block/README.ide -in ancient kernels) in the Linux kernel source for more details. -.TP -.B "The 'hd=cyls,heads,sects[,wpcom[,irq]]' options" -These options are used to specify the physical geometry of the disk. -Only the first three values are required. -The cylinder/head/sectors -values will be those used by fdisk. -The write precompensation value -is ignored for IDE disks. -The IRQ value specified will be the IRQ -used for the interface that the drive resides on, and is not really a -drive-specific parameter. -.TP -.B "The 'hd=serialize' option" -The dual IDE interface CMD-640 chip is broken as designed such that -when drives on the secondary interface are used at the same time as -drives on the primary interface, it will corrupt your data. -Using this -option tells the driver to make sure that both interfaces are never -used at the same time. -.TP -.B "The 'hd=noprobe' option" -Do not probe for this drive. -For example, -.IP -.in +4n -.EX -hdb=noprobe hdb=1166,7,17 -.EE -.in -.IP -would disable the probe, but still specify the drive geometry so -that it would be registered as a valid block device, and hence -usable. -.TP -.B "The 'hd=nowerr' option" -Some drives apparently have the -.B WRERR_STAT -bit stuck on permanently. -This enables a work-around for these broken devices. -.TP -.B "The 'hd=cdrom' option" -This tells the IDE driver that there is an ATAPI compatible CD-ROM -attached in place of a normal IDE hard disk. -In most cases the CD-ROM -is identified automatically, but if it isn't then this may help. -.TP -.B "Standard ST-506 Disk Driver Options ('hd=')" -The standard disk driver can accept geometry arguments for the disks -similar to the IDE driver. -Note however that it expects only three -values (C/H/S); any more or any less and it will silently ignore you. -Also, it accepts only 'hd=' as an argument, that is, 'hda=' -and so on are not valid here. -The format is as follows: -.IP -.in +4n -.EX -hd=cyls,heads,sects -.EE -.in -.IP -If there are two disks installed, the above is repeated with the -geometry parameters of the second disk. -.SS Ethernet devices -Different drivers make use of different parameters, but they all at -least share having an IRQ, an I/O port base value, and a name. -In its most generic form, it looks something like this: -.P -.in +4n -.EX -ether=irq,iobase[,param_1[,...param_8]],name -.EE -.in -.P -The first nonnumeric argument is taken as the name. -The param_n values (if applicable) usually have different meanings for each -different card/driver. -Typical param_n values are used to specify -things like shared memory address, interface selection, DMA channel -and the like. -.P -The most common use of this parameter is to force probing for a second -ethercard, as the default is to probe only for one. -This can be accomplished with a simple: -.P -.in +4n -.EX -ether=0,0,eth1 -.EE -.in -.P -Note that the values of zero for the IRQ and I/O base in the above -example tell the driver(s) to autoprobe. -.P -The Ethernet-HowTo has extensive documentation on using multiple -cards and on the card/driver-specific implementation -of the param_n values where used. -Interested readers should refer to -the section in that document on their particular card. -.SS The floppy disk driver -There are many floppy driver options, and they are all listed in -.I Documentation/blockdev/floppy.txt -(or -.I Documentation/floppy.txt -in older kernels, or -.I drivers/block/README.fd -for ancient kernels) in the Linux kernel source. -See that file for the details. -.SS The sound driver -The sound driver can also accept boot arguments to override the compiled-in -values. -This is not recommended, as it is rather complex. -It is described in the Linux kernel source file -.I Documentation/sound/oss/README.OSS -.RI ( drivers/sound/Readme.linux -in older kernel versions). -It accepts -a boot argument of the form: -.P -.in +4n -.EX -sound=device1[,device2[,device3...[,device10]]] -.EE -.in -.P -where each deviceN value is of the following format 0xTaaaId and the -bytes are used as follows: -.P -T \- device type: 1=FM, 2=SB, 3=PAS, 4=GUS, 5=MPU401, 6=SB16, -7=SB16-MPU401 -.P -aaa \- I/O address in hex. -.P -I \- interrupt line in hex (i.e., 10=a, 11=b, ...) -.P -d \- DMA channel. -.P -As you can see, it gets pretty messy, and you are better off to compile -in your own personal values as recommended. -Using a boot argument of -\&'sound=0' will disable the sound driver entirely. -.SS The line printer driver -.TP -.B "'lp='" -.br -Syntax: -.IP -.in +4n -.EX -lp=0 -lp=auto -lp=reset -lp=port[,port...] -.EE -.in -.IP -You can tell the printer driver what ports to use and what ports not -to use. -The latter comes in handy if you don't want the printer driver -to claim all available parallel ports, so that other drivers -(e.g., PLIP, PPA) can use them instead. -.IP -The format of the argument is multiple port names. -For example, -lp=none,parport0 would use the first parallel port for lp1, and -disable lp0. -To disable the printer driver entirely, one can use -lp=0. -.\" .SH AUTHORS -.\" Linus Torvalds (and many others) -.SH SEE ALSO -.BR klogd (8), -.BR mount (8) -.P -For up-to-date information, see the kernel source file -.IR Documentation/admin\-guide/kernel\-parameters.txt . diff --git a/man7/bpf-helpers.7 b/man7/bpf-helpers.7 deleted file mode 100644 index b4236f1..0000000 --- a/man7/bpf-helpers.7 +++ /dev/null @@ -1,5171 +0,0 @@ -.\" Man page generated from reStructuredText. -. -. -.nr rst2man-indent-level 0 -. -.de1 rstReportMargin -\\$1 \\n[an-margin] -level \\n[rst2man-indent-level] -level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] -- -\\n[rst2man-indent0] -\\n[rst2man-indent1] -\\n[rst2man-indent2] -.. -.de1 INDENT -.\" .rstReportMargin pre: -. RS \\$1 -. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] -. nr rst2man-indent-level +1 -.\" .rstReportMargin post: -.. -.de UNINDENT -. RE -.\" indent \\n[an-margin] -.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] -.nr rst2man-indent-level -1 -.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] -.in \\n[rst2man-indent\\n[rst2man-indent-level]]u -.. -.TH "BPF-HELPERS" 7 "2023-11-10" "Linux v6.8" -.SH NAME -BPF-HELPERS \- list of eBPF helper functions -.\" Copyright (C) All BPF authors and contributors from 2014 to present. -. -.\" See git log include/uapi/linux/bpf.h in kernel tree for details. -. -.\" -. -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -. -.\" -. -.\" Please do not edit this file. It was generated from the documentation -. -.\" located in file include/uapi/linux/bpf.h of the Linux kernel sources -. -.\" (helpers description), and from scripts/bpf_doc.py in the same -. -.\" repository (header and footer). -. -.SH DESCRIPTION -.sp -The extended Berkeley Packet Filter (eBPF) subsystem consists in programs -written in a pseudo\-assembly language, then attached to one of the several -kernel hooks and run in reaction of specific events. This framework differs -from the older, \(dqclassic\(dq BPF (or \(dqcBPF\(dq) in several aspects, one of them being -the ability to call special functions (or \(dqhelpers\(dq) from within a program. -These functions are restricted to a white\-list of helpers defined in the -kernel. -.sp -These helpers are used by eBPF programs to interact with the system, or with -the context in which they work. For instance, they can be used to print -debugging messages, to get the time since the system was booted, to interact -with eBPF maps, or to manipulate network packets. Since there are several eBPF -program types, and that they do not run in the same context, each program type -can only call a subset of those helpers. -.sp -Due to eBPF conventions, a helper can not have more than five arguments. -.sp -Internally, eBPF programs call directly into the compiled helper functions -without requiring any foreign\-function interface. As a result, calling helpers -introduces no overhead, thus offering excellent performance. -.sp -This document is an attempt to list and document the helpers available to eBPF -developers. They are sorted by chronological order (the oldest helpers in the -kernel at the top). -.SH HELPERS -.INDENT 0.0 -.TP -.B \fBvoid *bpf_map_lookup_elem(struct bpf_map *\fP\fImap\fP\fB, const void *\fP\fIkey\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Perform a lookup in \fImap\fP for an entry associated to \fIkey\fP\&. -.TP -.B Return -Map value associated to \fIkey\fP, or \fBNULL\fP if no entry was -found. -.UNINDENT -.TP -.B \fBlong bpf_map_update_elem(struct bpf_map *\fP\fImap\fP\fB, const void *\fP\fIkey\fP\fB, const void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Add or update the value of the entry associated to \fIkey\fP in -\fImap\fP with \fIvalue\fP\&. \fIflags\fP is one of: -.INDENT 7.0 -.TP -.B \fBBPF_NOEXIST\fP -The entry for \fIkey\fP must not exist in the map. -.TP -.B \fBBPF_EXIST\fP -The entry for \fIkey\fP must already exist in the map. -.TP -.B \fBBPF_ANY\fP -No condition on the existence of the entry for \fIkey\fP\&. -.UNINDENT -.sp -Flag value \fBBPF_NOEXIST\fP cannot be used for maps of types -\fBBPF_MAP_TYPE_ARRAY\fP or \fBBPF_MAP_TYPE_PERCPU_ARRAY\fP (all -elements always exist), the helper would return an error. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_map_delete_elem(struct bpf_map *\fP\fImap\fP\fB, const void *\fP\fIkey\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Delete entry with \fIkey\fP from \fImap\fP\&. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_probe_read(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIunsafe_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For tracing programs, safely attempt to read \fIsize\fP bytes from -kernel space address \fIunsafe_ptr\fP and store the data in \fIdst\fP\&. -.sp -Generally, use \fBbpf_probe_read_user\fP() or -\fBbpf_probe_read_kernel\fP() instead. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBu64 bpf_ktime_get_ns(void)\fP -.INDENT 7.0 -.TP -.B Description -Return the time elapsed since system boot, in nanoseconds. -Does not include time the system was suspended. -See: \fBclock_gettime\fP(\fBCLOCK_MONOTONIC\fP) -.TP -.B Return -Current \fIktime\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_trace_printk(const char *\fP\fIfmt\fP\fB, u32\fP \fIfmt_size\fP\fB, ...)\fP -.INDENT 7.0 -.TP -.B Description -This helper is a \(dqprintk()\-like\(dq facility for debugging. It -prints a message defined by format \fIfmt\fP (of size \fIfmt_size\fP) -to file \fI/sys/kernel/tracing/trace\fP from TraceFS, if -available. It can take up to three additional \fBu64\fP -arguments (as an eBPF helpers, the total number of arguments is -limited to five). -.sp -Each time the helper is called, it appends a line to the trace. -Lines are discarded while \fI/sys/kernel/tracing/trace\fP is -open, use \fI/sys/kernel/tracing/trace_pipe\fP to avoid this. -The format of the trace is customizable, and the exact output -one will get depends on the options set in -\fI/sys/kernel/tracing/trace_options\fP (see also the -\fIREADME\fP file under the same directory). However, it usually -defaults to something like: -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -telnet\-470 [001] .N.. 419421.045894: 0x00000001: -.EE -.UNINDENT -.UNINDENT -.sp -In the above: -.INDENT 7.0 -.INDENT 3.5 -.INDENT 0.0 -.IP \(bu 2 -\fBtelnet\fP is the name of the current task. -.IP \(bu 2 -\fB470\fP is the PID of the current task. -.IP \(bu 2 -\fB001\fP is the CPU number on which the task is -running. -.IP \(bu 2 -In \fB\&.N..\fP, each character refers to a set of -options (whether irqs are enabled, scheduling -options, whether hard/softirqs are running, level of -preempt_disabled respectively). \fBN\fP means that -\fBTIF_NEED_RESCHED\fP and \fBPREEMPT_NEED_RESCHED\fP -are set. -.IP \(bu 2 -\fB419421.045894\fP is a timestamp. -.IP \(bu 2 -\fB0x00000001\fP is a fake value used by BPF for the -instruction pointer register. -.IP \(bu 2 -\fB\fP is the message formatted with -\fIfmt\fP\&. -.UNINDENT -.UNINDENT -.UNINDENT -.sp -The conversion specifiers supported by \fIfmt\fP are similar, but -more limited than for printk(). They are \fB%d\fP, \fB%i\fP, -\fB%u\fP, \fB%x\fP, \fB%ld\fP, \fB%li\fP, \fB%lu\fP, \fB%lx\fP, \fB%lld\fP, -\fB%lli\fP, \fB%llu\fP, \fB%llx\fP, \fB%p\fP, \fB%s\fP\&. No modifier (size -of field, padding with zeroes, etc.) is available, and the -helper will return \fB\-EINVAL\fP (but print nothing) if it -encounters an unknown specifier. -.sp -Also, note that \fBbpf_trace_printk\fP() is slow, and should -only be used for debugging purposes. For this reason, a notice -block (spanning several lines) is printed to kernel logs and -states that the helper should not be used \(dqfor production use\(dq -the first time this helper is used (or more precisely, when -\fBtrace_printk\fP() buffers are allocated). For passing values -to user space, perf events should be preferred. -.TP -.B Return -The number of bytes written to the buffer, or a negative error -in case of failure. -.UNINDENT -.TP -.B \fBu32 bpf_get_prandom_u32(void)\fP -.INDENT 7.0 -.TP -.B Description -Get a pseudo\-random number. -.sp -From a security point of view, this helper uses its own -pseudo\-random internal state, and cannot be used to infer the -seed of other random functions in the kernel. However, it is -essential to note that the generator used by the helper is not -cryptographically secure. -.TP -.B Return -A random 32\-bit unsigned value. -.UNINDENT -.TP -.B \fBu32 bpf_get_smp_processor_id(void)\fP -.INDENT 7.0 -.TP -.B Description -Get the SMP (symmetric multiprocessing) processor id. Note that -all programs run with migration disabled, which means that the -SMP processor id is stable during all the execution of the -program. -.TP -.B Return -The SMP id of the processor running the program. -.UNINDENT -.TP -.B \fBlong bpf_skb_store_bytes(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIoffset\fP\fB, const void *\fP\fIfrom\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Store \fIlen\fP bytes from address \fIfrom\fP into the packet -associated to \fIskb\fP, at \fIoffset\fP\&. \fIflags\fP are a combination of -\fBBPF_F_RECOMPUTE_CSUM\fP (automatically recompute the -checksum for the packet after storing the bytes) and -\fBBPF_F_INVALIDATE_HASH\fP (set \fIskb\fP\fB\->hash\fP, \fIskb\fP\fB\->swhash\fP and \fIskb\fP\fB\->l4hash\fP to 0). -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_l3_csum_replace(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIoffset\fP\fB, u64\fP \fIfrom\fP\fB, u64\fP \fIto\fP\fB, u64\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Recompute the layer 3 (e.g. IP) checksum for the packet -associated to \fIskb\fP\&. Computation is incremental, so the helper -must know the former value of the header field that was -modified (\fIfrom\fP), the new value of this field (\fIto\fP), and the -number of bytes (2 or 4) for this field, stored in \fIsize\fP\&. -Alternatively, it is possible to store the difference between -the previous and the new values of the header field in \fIto\fP, by -setting \fIfrom\fP and \fIsize\fP to 0. For both methods, \fIoffset\fP -indicates the location of the IP checksum within the packet. -.sp -This helper works in combination with \fBbpf_csum_diff\fP(), -which does not update the checksum in\-place, but offers more -flexibility and can handle sizes larger than 2 or 4 for the -checksum to update. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_l4_csum_replace(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIoffset\fP\fB, u64\fP \fIfrom\fP\fB, u64\fP \fIto\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Recompute the layer 4 (e.g. TCP, UDP or ICMP) checksum for the -packet associated to \fIskb\fP\&. Computation is incremental, so the -helper must know the former value of the header field that was -modified (\fIfrom\fP), the new value of this field (\fIto\fP), and the -number of bytes (2 or 4) for this field, stored on the lowest -four bits of \fIflags\fP\&. Alternatively, it is possible to store -the difference between the previous and the new values of the -header field in \fIto\fP, by setting \fIfrom\fP and the four lowest -bits of \fIflags\fP to 0. For both methods, \fIoffset\fP indicates the -location of the IP checksum within the packet. In addition to -the size of the field, \fIflags\fP can be added (bitwise OR) actual -flags. With \fBBPF_F_MARK_MANGLED_0\fP, a null checksum is left -untouched (unless \fBBPF_F_MARK_ENFORCE\fP is added as well), and -for updates resulting in a null checksum the value is set to -\fBCSUM_MANGLED_0\fP instead. Flag \fBBPF_F_PSEUDO_HDR\fP indicates -the checksum is to be computed against a pseudo\-header. -.sp -This helper works in combination with \fBbpf_csum_diff\fP(), -which does not update the checksum in\-place, but offers more -flexibility and can handle sizes larger than 2 or 4 for the -checksum to update. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_tail_call(void *\fP\fIctx\fP\fB, struct bpf_map *\fP\fIprog_array_map\fP\fB, u32\fP \fIindex\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This special helper is used to trigger a \(dqtail call\(dq, or in -other words, to jump into another eBPF program. The same stack -frame is used (but values on stack and in registers for the -caller are not accessible to the callee). This mechanism allows -for program chaining, either for raising the maximum number of -available eBPF instructions, or to execute given programs in -conditional blocks. For security reasons, there is an upper -limit to the number of successive tail calls that can be -performed. -.sp -Upon call of this helper, the program attempts to jump into a -program referenced at index \fIindex\fP in \fIprog_array_map\fP, a -special map of type \fBBPF_MAP_TYPE_PROG_ARRAY\fP, and passes -\fIctx\fP, a pointer to the context. -.sp -If the call succeeds, the kernel immediately runs the first -instruction of the new program. This is not a function call, -and it never returns to the previous program. If the call -fails, then the helper has no effect, and the caller continues -to run its subsequent instructions. A call can fail if the -destination program for the jump does not exist (i.e. \fIindex\fP -is superior to the number of entries in \fIprog_array_map\fP), or -if the maximum number of tail calls has been reached for this -chain of programs. This limit is defined in the kernel by the -macro \fBMAX_TAIL_CALL_CNT\fP (not accessible to user space), -which is currently set to 33. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_clone_redirect(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIifindex\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Clone and redirect the packet associated to \fIskb\fP to another -net device of index \fIifindex\fP\&. Both ingress and egress -interfaces can be used for redirection. The \fBBPF_F_INGRESS\fP -value in \fIflags\fP is used to make the distinction (ingress path -is selected if the flag is present, egress path otherwise). -This is the only flag supported for now. -.sp -In comparison with \fBbpf_redirect\fP() helper, -\fBbpf_clone_redirect\fP() has the associated cost of -duplicating the packet buffer, but this can be executed out of -the eBPF program. Conversely, \fBbpf_redirect\fP() is more -efficient, but it is handled through an action code where the -redirection happens only after the eBPF program has returned. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. Positive -error indicates a potential drop or congestion in the target -device. The particular positive error codes are not defined. -.UNINDENT -.TP -.B \fBu64 bpf_get_current_pid_tgid(void)\fP -.INDENT 7.0 -.TP -.B Description -Get the current pid and tgid. -.TP -.B Return -A 64\-bit integer containing the current tgid and pid, and -created as such: -\fIcurrent_task\fP\fB\->tgid << 32 |\fP -\fIcurrent_task\fP\fB\->pid\fP\&. -.UNINDENT -.TP -.B \fBu64 bpf_get_current_uid_gid(void)\fP -.INDENT 7.0 -.TP -.B Description -Get the current uid and gid. -.TP -.B Return -A 64\-bit integer containing the current GID and UID, and -created as such: \fIcurrent_gid\fP \fB<< 32 |\fP \fIcurrent_uid\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_get_current_comm(void *\fP\fIbuf\fP\fB, u32\fP \fIsize_of_buf\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Copy the \fBcomm\fP attribute of the current task into \fIbuf\fP of -\fIsize_of_buf\fP\&. The \fBcomm\fP attribute contains the name of -the executable (excluding the path) for the current task. The -\fIsize_of_buf\fP must be strictly positive. On success, the -helper makes sure that the \fIbuf\fP is NUL\-terminated. On failure, -it is filled with zeroes. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBu32 bpf_get_cgroup_classid(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Retrieve the classid for the current task, i.e. for the net_cls -cgroup to which \fIskb\fP belongs. -.sp -This helper can be used on TC egress path, but not on ingress. -.sp -The net_cls cgroup provides an interface to tag network packets -based on a user\-provided identifier for all traffic coming from -the tasks belonging to the related cgroup. See also the related -kernel documentation, available from the Linux sources in file -\fIDocumentation/admin\-guide/cgroup\-v1/net_cls.rst\fP\&. -.sp -The Linux kernel has two versions for cgroups: there are -cgroups v1 and cgroups v2. Both are available to users, who can -use a mixture of them, but note that the net_cls cgroup is for -cgroup v1 only. This makes it incompatible with BPF programs -run on cgroups, which is a cgroup\-v2\-only feature (a socket can -only hold data for one version of cgroups at a time). -.sp -This helper is only available is the kernel was compiled with -the \fBCONFIG_CGROUP_NET_CLASSID\fP configuration option set to -\(dq\fBy\fP\(dq or to \(dq\fBm\fP\(dq. -.TP -.B Return -The classid, or 0 for the default unconfigured classid. -.UNINDENT -.TP -.B \fBlong bpf_skb_vlan_push(struct sk_buff *\fP\fIskb\fP\fB, __be16\fP \fIvlan_proto\fP\fB, u16\fP \fIvlan_tci\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Push a \fIvlan_tci\fP (VLAN tag control information) of protocol -\fIvlan_proto\fP to the packet associated to \fIskb\fP, then update -the checksum. Note that if \fIvlan_proto\fP is different from -\fBETH_P_8021Q\fP and \fBETH_P_8021AD\fP, it is considered to -be \fBETH_P_8021Q\fP\&. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_vlan_pop(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Pop a VLAN header from the packet associated to \fIskb\fP\&. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_get_tunnel_key(struct sk_buff *\fP\fIskb\fP\fB, struct bpf_tunnel_key *\fP\fIkey\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get tunnel metadata. This helper takes a pointer \fIkey\fP to an -empty \fBstruct bpf_tunnel_key\fP of \fBsize\fP, that will be -filled with tunnel metadata for the packet associated to \fIskb\fP\&. -The \fIflags\fP can be set to \fBBPF_F_TUNINFO_IPV6\fP, which -indicates that the tunnel is based on IPv6 protocol instead of -IPv4. -.sp -The \fBstruct bpf_tunnel_key\fP is an object that generalizes the -principal parameters used by various tunneling protocols into a -single struct. This way, it can be used to easily make a -decision based on the contents of the encapsulation header, -\(dqsummarized\(dq in this struct. In particular, it holds the IP -address of the remote end (IPv4 or IPv6, depending on the case) -in \fIkey\fP\fB\->remote_ipv4\fP or \fIkey\fP\fB\->remote_ipv6\fP\&. Also, -this struct exposes the \fIkey\fP\fB\->tunnel_id\fP, which is -generally mapped to a VNI (Virtual Network Identifier), making -it programmable together with the \fBbpf_skb_set_tunnel_key\fP() helper. -.sp -Let\(aqs imagine that the following code is part of a program -attached to the TC ingress interface, on one end of a GRE -tunnel, and is supposed to filter out all messages coming from -remote ends with IPv4 address other than 10.0.0.1: -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -int ret; -struct bpf_tunnel_key key = {}; - -ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0); -if (ret < 0) - return TC_ACT_SHOT; // drop packet - -if (key.remote_ipv4 != 0x0a000001) - return TC_ACT_SHOT; // drop packet - -return TC_ACT_OK; // accept packet -.EE -.UNINDENT -.UNINDENT -.sp -This interface can also be used with all encapsulation devices -that can operate in \(dqcollect metadata\(dq mode: instead of having -one network device per specific configuration, the \(dqcollect -metadata\(dq mode only requires a single device where the -configuration can be extracted from this helper. -.sp -This can be used together with various tunnels such as VXLan, -Geneve, GRE or IP in IP (IPIP). -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_set_tunnel_key(struct sk_buff *\fP\fIskb\fP\fB, struct bpf_tunnel_key *\fP\fIkey\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Populate tunnel metadata for packet associated to \fIskb.\fP The -tunnel metadata is set to the contents of \fIkey\fP, of \fIsize\fP\&. The -\fIflags\fP can be set to a combination of the following values: -.INDENT 7.0 -.TP -.B \fBBPF_F_TUNINFO_IPV6\fP -Indicate that the tunnel is based on IPv6 protocol -instead of IPv4. -.TP -.B \fBBPF_F_ZERO_CSUM_TX\fP -For IPv4 packets, add a flag to tunnel metadata -indicating that checksum computation should be skipped -and checksum set to zeroes. -.TP -.B \fBBPF_F_DONT_FRAGMENT\fP -Add a flag to tunnel metadata indicating that the -packet should not be fragmented. -.TP -.B \fBBPF_F_SEQ_NUMBER\fP -Add a flag to tunnel metadata indicating that a -sequence number should be added to tunnel header before -sending the packet. This flag was added for GRE -encapsulation, but might be used with other protocols -as well in the future. -.TP -.B \fBBPF_F_NO_TUNNEL_KEY\fP -Add a flag to tunnel metadata indicating that no tunnel -key should be set in the resulting tunnel header. -.UNINDENT -.sp -Here is a typical usage on the transmit path: -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -struct bpf_tunnel_key key; - populate key ... -bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0); -bpf_clone_redirect(skb, vxlan_dev_ifindex, 0); -.EE -.UNINDENT -.UNINDENT -.sp -See also the description of the \fBbpf_skb_get_tunnel_key\fP() -helper for additional information. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBu64 bpf_perf_event_read(struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Read the value of a perf event counter. This helper relies on a -\fImap\fP of type \fBBPF_MAP_TYPE_PERF_EVENT_ARRAY\fP\&. The nature of -the perf event counter is selected when \fImap\fP is updated with -perf event file descriptors. The \fImap\fP is an array whose size -is the number of available CPUs, and each cell contains a value -relative to one CPU. The value to retrieve is indicated by -\fIflags\fP, that contains the index of the CPU to look up, masked -with \fBBPF_F_INDEX_MASK\fP\&. Alternatively, \fIflags\fP can be set to -\fBBPF_F_CURRENT_CPU\fP to indicate that the value for the -current CPU should be retrieved. -.sp -Note that before Linux 4.13, only hardware perf event can be -retrieved. -.sp -Also, be aware that the newer helper -\fBbpf_perf_event_read_value\fP() is recommended over -\fBbpf_perf_event_read\fP() in general. The latter has some ABI -quirks where error and counter value are used as a return code -(which is wrong to do since ranges may overlap). This issue is -fixed with \fBbpf_perf_event_read_value\fP(), which at the same -time provides more features over the \fBbpf_perf_event_read\fP() interface. Please refer to the description of -\fBbpf_perf_event_read_value\fP() for details. -.TP -.B Return -The value of the perf event counter read from the map, or a -negative error code in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_redirect(u32\fP \fIifindex\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Redirect the packet to another net device of index \fIifindex\fP\&. -This helper is somewhat similar to \fBbpf_clone_redirect\fP(), except that the packet is not cloned, which provides -increased performance. -.sp -Except for XDP, both ingress and egress interfaces can be used -for redirection. The \fBBPF_F_INGRESS\fP value in \fIflags\fP is used -to make the distinction (ingress path is selected if the flag -is present, egress path otherwise). Currently, XDP only -supports redirection to the egress interface, and accepts no -flag at all. -.sp -The same effect can also be attained with the more generic -\fBbpf_redirect_map\fP(), which uses a BPF map to store the -redirect target instead of providing it directly to the helper. -.TP -.B Return -For XDP, the helper returns \fBXDP_REDIRECT\fP on success or -\fBXDP_ABORTED\fP on error. For other program types, the values -are \fBTC_ACT_REDIRECT\fP on success or \fBTC_ACT_SHOT\fP on -error. -.UNINDENT -.TP -.B \fBu32 bpf_get_route_realm(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Retrieve the realm or the route, that is to say the -\fBtclassid\fP field of the destination for the \fIskb\fP\&. The -identifier retrieved is a user\-provided tag, similar to the -one used with the net_cls cgroup (see description for -\fBbpf_get_cgroup_classid\fP() helper), but here this tag is -held by a route (a destination entry), not by a task. -.sp -Retrieving this identifier works with the clsact TC egress hook -(see also \fBtc\-bpf(8)\fP), or alternatively on conventional -classful egress qdiscs, but not on TC ingress path. In case of -clsact TC egress hook, this has the advantage that, internally, -the destination entry has not been dropped yet in the transmit -path. Therefore, the destination entry does not need to be -artificially held via \fBnetif_keep_dst\fP() for a classful -qdisc until the \fIskb\fP is freed. -.sp -This helper is available only if the kernel was compiled with -\fBCONFIG_IP_ROUTE_CLASSID\fP configuration option. -.TP -.B Return -The realm of the route for the packet associated to \fIskb\fP, or 0 -if none was found. -.UNINDENT -.TP -.B \fBlong bpf_perf_event_output(void *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB, void *\fP\fIdata\fP\fB, u64\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Write raw \fIdata\fP blob into a special BPF perf event held by -\fImap\fP of type \fBBPF_MAP_TYPE_PERF_EVENT_ARRAY\fP\&. This perf -event must have the following attributes: \fBPERF_SAMPLE_RAW\fP -as \fBsample_type\fP, \fBPERF_TYPE_SOFTWARE\fP as \fBtype\fP, and -\fBPERF_COUNT_SW_BPF_OUTPUT\fP as \fBconfig\fP\&. -.sp -The \fIflags\fP are used to indicate the index in \fImap\fP for which -the value must be put, masked with \fBBPF_F_INDEX_MASK\fP\&. -Alternatively, \fIflags\fP can be set to \fBBPF_F_CURRENT_CPU\fP -to indicate that the index of the current CPU core should be -used. -.sp -The value to write, of \fIsize\fP, is passed through eBPF stack and -pointed by \fIdata\fP\&. -.sp -The context of the program \fIctx\fP needs also be passed to the -helper. -.sp -On user space, a program willing to read the values needs to -call \fBperf_event_open\fP() on the perf event (either for -one or for all CPUs) and to store the file descriptor into the -\fImap\fP\&. This must be done before the eBPF program can send data -into it. An example is available in file -\fIsamples/bpf/trace_output_user.c\fP in the Linux kernel source -tree (the eBPF program counterpart is in -\fIsamples/bpf/trace_output_kern.c\fP). -.sp -\fBbpf_perf_event_output\fP() achieves better performance -than \fBbpf_trace_printk\fP() for sharing data with user -space, and is much better suitable for streaming data from eBPF -programs. -.sp -Note that this helper is not restricted to tracing use cases -and can be used with programs attached to TC or XDP as well, -where it allows for passing data to user space listeners. Data -can be: -.INDENT 7.0 -.IP \(bu 2 -Only custom structs, -.IP \(bu 2 -Only the packet payload, or -.IP \(bu 2 -A combination of both. -.UNINDENT -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_load_bytes(const void *\fP\fIskb\fP\fB, u32\fP \fIoffset\fP\fB, void *\fP\fIto\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper was provided as an easy way to load data from a -packet. It can be used to load \fIlen\fP bytes from \fIoffset\fP from -the packet associated to \fIskb\fP, into the buffer pointed by -\fIto\fP\&. -.sp -Since Linux 4.7, usage of this helper has mostly been replaced -by \(dqdirect packet access\(dq, enabling packet data to be -manipulated with \fIskb\fP\fB\->data\fP and \fIskb\fP\fB\->data_end\fP -pointing respectively to the first byte of packet data and to -the byte after the last byte of packet data. However, it -remains useful if one wishes to read large quantities of data -at once from a packet into the eBPF stack. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_get_stackid(void *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Walk a user or a kernel stack and return its id. To achieve -this, the helper needs \fIctx\fP, which is a pointer to the context -on which the tracing program is executed, and a pointer to a -\fImap\fP of type \fBBPF_MAP_TYPE_STACK_TRACE\fP\&. -.sp -The last argument, \fIflags\fP, holds the number of stack frames to -skip (from 0 to 255), masked with -\fBBPF_F_SKIP_FIELD_MASK\fP\&. The next bits can be used to set -a combination of the following flags: -.INDENT 7.0 -.TP -.B \fBBPF_F_USER_STACK\fP -Collect a user space stack instead of a kernel stack. -.TP -.B \fBBPF_F_FAST_STACK_CMP\fP -Compare stacks by hash only. -.TP -.B \fBBPF_F_REUSE_STACKID\fP -If two different stacks hash into the same \fIstackid\fP, -discard the old one. -.UNINDENT -.sp -The stack id retrieved is a 32 bit long integer handle which -can be further combined with other data (including other stack -ids) and used as a key into maps. This can be useful for -generating a variety of graphs (such as flame graphs or off\-cpu -graphs). -.sp -For walking a stack, this helper is an improvement over -\fBbpf_probe_read\fP(), which can be used with unrolled loops -but is not efficient and consumes a lot of eBPF instructions. -Instead, \fBbpf_get_stackid\fP() can collect up to -\fBPERF_MAX_STACK_DEPTH\fP both kernel and user frames. Note that -this limit can be controlled with the \fBsysctl\fP program, and -that it should be manually increased in order to profile long -user stacks (such as stacks for Java programs). To do so, use: -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -# sysctl kernel.perf_event_max_stack= -.EE -.UNINDENT -.UNINDENT -.TP -.B Return -The positive or null stack id on success, or a negative error -in case of failure. -.UNINDENT -.TP -.B \fBs64 bpf_csum_diff(__be32 *\fP\fIfrom\fP\fB, u32\fP \fIfrom_size\fP\fB, __be32 *\fP\fIto\fP\fB, u32\fP \fIto_size\fP\fB, __wsum\fP \fIseed\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Compute a checksum difference, from the raw buffer pointed by -\fIfrom\fP, of length \fIfrom_size\fP (that must be a multiple of 4), -towards the raw buffer pointed by \fIto\fP, of size \fIto_size\fP -(same remark). An optional \fIseed\fP can be added to the value -(this can be cascaded, the seed may come from a previous call -to the helper). -.sp -This is flexible enough to be used in several ways: -.INDENT 7.0 -.IP \(bu 2 -With \fIfrom_size\fP == 0, \fIto_size\fP > 0 and \fIseed\fP set to -checksum, it can be used when pushing new data. -.IP \(bu 2 -With \fIfrom_size\fP > 0, \fIto_size\fP == 0 and \fIseed\fP set to -checksum, it can be used when removing data from a packet. -.IP \(bu 2 -With \fIfrom_size\fP > 0, \fIto_size\fP > 0 and \fIseed\fP set to 0, it -can be used to compute a diff. Note that \fIfrom_size\fP and -\fIto_size\fP do not need to be equal. -.UNINDENT -.sp -This helper can be used in combination with -\fBbpf_l3_csum_replace\fP() and \fBbpf_l4_csum_replace\fP(), to -which one can feed in the difference computed with -\fBbpf_csum_diff\fP(). -.TP -.B Return -The checksum result, or a negative error code in case of -failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_get_tunnel_opt(struct sk_buff *\fP\fIskb\fP\fB, void *\fP\fIopt\fP\fB, u32\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Retrieve tunnel options metadata for the packet associated to -\fIskb\fP, and store the raw tunnel option data to the buffer \fIopt\fP -of \fIsize\fP\&. -.sp -This helper can be used with encapsulation devices that can -operate in \(dqcollect metadata\(dq mode (please refer to the related -note in the description of \fBbpf_skb_get_tunnel_key\fP() for -more details). A particular example where this can be used is -in combination with the Geneve encapsulation protocol, where it -allows for pushing (with \fBbpf_skb_get_tunnel_opt\fP() helper) -and retrieving arbitrary TLVs (Type\-Length\-Value headers) from -the eBPF program. This allows for full customization of these -headers. -.TP -.B Return -The size of the option data retrieved. -.UNINDENT -.TP -.B \fBlong bpf_skb_set_tunnel_opt(struct sk_buff *\fP\fIskb\fP\fB, void *\fP\fIopt\fP\fB, u32\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Set tunnel options metadata for the packet associated to \fIskb\fP -to the option data contained in the raw buffer \fIopt\fP of \fIsize\fP\&. -.sp -See also the description of the \fBbpf_skb_get_tunnel_opt\fP() -helper for additional information. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_change_proto(struct sk_buff *\fP\fIskb\fP\fB, __be16\fP \fIproto\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Change the protocol of the \fIskb\fP to \fIproto\fP\&. Currently -supported are transition from IPv4 to IPv6, and from IPv6 to -IPv4. The helper takes care of the groundwork for the -transition, including resizing the socket buffer. The eBPF -program is expected to fill the new headers, if any, via -\fBskb_store_bytes\fP() and to recompute the checksums with -\fBbpf_l3_csum_replace\fP() and \fBbpf_l4_csum_replace\fP(). The main case for this helper is to perform NAT64 -operations out of an eBPF program. -.sp -Internally, the GSO type is marked as dodgy so that headers are -checked and segments are recalculated by the GSO/GRO engine. -The size for GSO target is adapted as well. -.sp -All values for \fIflags\fP are reserved for future usage, and must -be left at zero. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_change_type(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fItype\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Change the packet type for the packet associated to \fIskb\fP\&. This -comes down to setting \fIskb\fP\fB\->pkt_type\fP to \fItype\fP, except -the eBPF program does not have a write access to \fIskb\fP\fB\->pkt_type\fP beside this helper. Using a helper here allows -for graceful handling of errors. -.sp -The major use case is to change incoming \fIskb*s to -**PACKET_HOST*\fP in a programmatic way instead of having to -recirculate via \fBredirect\fP(..., \fBBPF_F_INGRESS\fP), for -example. -.sp -Note that \fItype\fP only allows certain values. At this time, they -are: -.INDENT 7.0 -.TP -.B \fBPACKET_HOST\fP -Packet is for us. -.TP -.B \fBPACKET_BROADCAST\fP -Send packet to all. -.TP -.B \fBPACKET_MULTICAST\fP -Send packet to group. -.TP -.B \fBPACKET_OTHERHOST\fP -Send packet to someone else. -.UNINDENT -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_under_cgroup(struct sk_buff *\fP\fIskb\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u32\fP \fIindex\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Check whether \fIskb\fP is a descendant of the cgroup2 held by -\fImap\fP of type \fBBPF_MAP_TYPE_CGROUP_ARRAY\fP, at \fIindex\fP\&. -.TP -.B Return -The return value depends on the result of the test, and can be: -.INDENT 7.0 -.IP \(bu 2 -0, if the \fIskb\fP failed the cgroup2 descendant test. -.IP \(bu 2 -1, if the \fIskb\fP succeeded the cgroup2 descendant test. -.IP \(bu 2 -A negative error code, if an error occurred. -.UNINDENT -.UNINDENT -.TP -.B \fBu32 bpf_get_hash_recalc(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Retrieve the hash of the packet, \fIskb\fP\fB\->hash\fP\&. If it is -not set, in particular if the hash was cleared due to mangling, -recompute this hash. Later accesses to the hash can be done -directly with \fIskb\fP\fB\->hash\fP\&. -.sp -Calling \fBbpf_set_hash_invalid\fP(), changing a packet -prototype with \fBbpf_skb_change_proto\fP(), or calling -\fBbpf_skb_store_bytes\fP() with the -\fBBPF_F_INVALIDATE_HASH\fP are actions susceptible to clear -the hash and to trigger a new computation for the next call to -\fBbpf_get_hash_recalc\fP(). -.TP -.B Return -The 32\-bit hash. -.UNINDENT -.TP -.B \fBu64 bpf_get_current_task(void)\fP -.INDENT 7.0 -.TP -.B Description -Get the current task. -.TP -.B Return -A pointer to the current task struct. -.UNINDENT -.TP -.B \fBlong bpf_probe_write_user(void *\fP\fIdst\fP\fB, const void *\fP\fIsrc\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Attempt in a safe way to write \fIlen\fP bytes from the buffer -\fIsrc\fP to \fIdst\fP in memory. It only works for threads that are in -user context, and \fIdst\fP must be a valid user space address. -.sp -This helper should not be used to implement any kind of -security mechanism because of TOC\-TOU attacks, but rather to -debug, divert, and manipulate execution of semi\-cooperative -processes. -.sp -Keep in mind that this feature is meant for experiments, and it -has a risk of crashing the system and running programs. -Therefore, when an eBPF program using this helper is attached, -a warning including PID and process name is printed to kernel -logs. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_current_task_under_cgroup(struct bpf_map *\fP\fImap\fP\fB, u32\fP \fIindex\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Check whether the probe is being run is the context of a given -subset of the cgroup2 hierarchy. The cgroup2 to test is held by -\fImap\fP of type \fBBPF_MAP_TYPE_CGROUP_ARRAY\fP, at \fIindex\fP\&. -.TP -.B Return -The return value depends on the result of the test, and can be: -.INDENT 7.0 -.IP \(bu 2 -1, if current task belongs to the cgroup2. -.IP \(bu 2 -0, if current task does not belong to the cgroup2. -.IP \(bu 2 -A negative error code, if an error occurred. -.UNINDENT -.UNINDENT -.TP -.B \fBlong bpf_skb_change_tail(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Resize (trim or grow) the packet associated to \fIskb\fP to the -new \fIlen\fP\&. The \fIflags\fP are reserved for future usage, and must -be left at zero. -.sp -The basic idea is that the helper performs the needed work to -change the size of the packet, then the eBPF program rewrites -the rest via helpers like \fBbpf_skb_store_bytes\fP(), -\fBbpf_l3_csum_replace\fP(), \fBbpf_l3_csum_replace\fP() -and others. This helper is a slow path utility intended for -replies with control messages. And because it is targeted for -slow path, the helper itself can afford to be slow: it -implicitly linearizes, unclones and drops offloads from the -\fIskb\fP\&. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_pull_data(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Pull in non\-linear data in case the \fIskb\fP is non\-linear and not -all of \fIlen\fP are part of the linear section. Make \fIlen\fP bytes -from \fIskb\fP readable and writable. If a zero value is passed for -\fIlen\fP, then all bytes in the linear part of \fIskb\fP will be made -readable and writable. -.sp -This helper is only needed for reading and writing with direct -packet access. -.sp -For direct packet access, testing that offsets to access -are within packet boundaries (test on \fIskb\fP\fB\->data_end\fP) is -susceptible to fail if offsets are invalid, or if the requested -data is in non\-linear parts of the \fIskb\fP\&. On failure the -program can just bail out, or in the case of a non\-linear -buffer, use a helper to make the data available. The -\fBbpf_skb_load_bytes\fP() helper is a first solution to access -the data. Another one consists in using \fBbpf_skb_pull_data\fP -to pull in once the non\-linear parts, then retesting and -eventually access the data. -.sp -At the same time, this also makes sure the \fIskb\fP is uncloned, -which is a necessary condition for direct write. As this needs -to be an invariant for the write part only, the verifier -detects writes and adds a prologue that is calling -\fBbpf_skb_pull_data()\fP to effectively unclone the \fIskb\fP from -the very beginning in case it is indeed cloned. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBs64 bpf_csum_update(struct sk_buff *\fP\fIskb\fP\fB, __wsum\fP \fIcsum\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Add the checksum \fIcsum\fP into \fIskb\fP\fB\->csum\fP in case the -driver has supplied a checksum for the entire packet into that -field. Return an error otherwise. This helper is intended to be -used in combination with \fBbpf_csum_diff\fP(), in particular -when the checksum needs to be updated after data has been -written into the packet through direct packet access. -.TP -.B Return -The checksum on success, or a negative error code in case of -failure. -.UNINDENT -.TP -.B \fBvoid bpf_set_hash_invalid(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Invalidate the current \fIskb\fP\fB\->hash\fP\&. It can be used after -mangling on headers through direct packet access, in order to -indicate that the hash is outdated and to trigger a -recalculation the next time the kernel tries to access this -hash or when the \fBbpf_get_hash_recalc\fP() helper is called. -.TP -.B Return -void. -.UNINDENT -.TP -.B \fBlong bpf_get_numa_node_id(void)\fP -.INDENT 7.0 -.TP -.B Description -Return the id of the current NUMA node. The primary use case -for this helper is the selection of sockets for the local NUMA -node, when the program is attached to sockets using the -\fBSO_ATTACH_REUSEPORT_EBPF\fP option (see also \fBsocket(7)\fP), -but the helper is also available to other eBPF program types, -similarly to \fBbpf_get_smp_processor_id\fP(). -.TP -.B Return -The id of current NUMA node. -.UNINDENT -.TP -.B \fBlong bpf_skb_change_head(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Grows headroom of packet associated to \fIskb\fP and adjusts the -offset of the MAC header accordingly, adding \fIlen\fP bytes of -space. It automatically extends and reallocates memory as -required. -.sp -This helper can be used on a layer 3 \fIskb\fP to push a MAC header -for redirection into a layer 2 device. -.sp -All values for \fIflags\fP are reserved for future usage, and must -be left at zero. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_xdp_adjust_head(struct xdp_buff *\fP\fIxdp_md\fP\fB, int\fP \fIdelta\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Adjust (move) \fIxdp_md\fP\fB\->data\fP by \fIdelta\fP bytes. Note that -it is possible to use a negative value for \fIdelta\fP\&. This helper -can be used to prepare the packet for pushing or popping -headers. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_probe_read_str(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIunsafe_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Copy a NUL terminated string from an unsafe kernel address -\fIunsafe_ptr\fP to \fIdst\fP\&. See \fBbpf_probe_read_kernel_str\fP() for -more details. -.sp -Generally, use \fBbpf_probe_read_user_str\fP() or -\fBbpf_probe_read_kernel_str\fP() instead. -.TP -.B Return -On success, the strictly positive length of the string, -including the trailing NUL character. On error, a negative -value. -.UNINDENT -.TP -.B \fBu64 bpf_get_socket_cookie(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -If the \fBstruct sk_buff\fP pointed by \fIskb\fP has a known socket, -retrieve the cookie (generated by the kernel) of this socket. -If no cookie has been set yet, generate a new cookie. Once -generated, the socket cookie remains stable for the life of the -socket. This helper can be useful for monitoring per socket -networking traffic statistics as it provides a global socket -identifier that can be assumed unique. -.TP -.B Return -A 8\-byte long unique number on success, or 0 if the socket -field is missing inside \fIskb\fP\&. -.UNINDENT -.TP -.B \fBu64 bpf_get_socket_cookie(struct bpf_sock_addr *\fP\fIctx\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Equivalent to bpf_get_socket_cookie() helper that accepts -\fIskb\fP, but gets socket from \fBstruct bpf_sock_addr\fP context. -.TP -.B Return -A 8\-byte long unique number. -.UNINDENT -.TP -.B \fBu64 bpf_get_socket_cookie(struct bpf_sock_ops *\fP\fIctx\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Equivalent to \fBbpf_get_socket_cookie\fP() helper that accepts -\fIskb\fP, but gets socket from \fBstruct bpf_sock_ops\fP context. -.TP -.B Return -A 8\-byte long unique number. -.UNINDENT -.TP -.B \fBu64 bpf_get_socket_cookie(struct sock *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Equivalent to \fBbpf_get_socket_cookie\fP() helper that accepts -\fIsk\fP, but gets socket from a BTF \fBstruct sock\fP\&. This helper -also works for sleepable programs. -.TP -.B Return -A 8\-byte long unique number or 0 if \fIsk\fP is NULL. -.UNINDENT -.TP -.B \fBu32 bpf_get_socket_uid(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get the owner UID of the socked associated to \fIskb\fP\&. -.TP -.B Return -The owner UID of the socket associated to \fIskb\fP\&. If the socket -is \fBNULL\fP, or if it is not a full socket (i.e. if it is a -time\-wait or a request socket instead), \fBoverflowuid\fP value -is returned (note that \fBoverflowuid\fP might also be the actual -UID value for the socket). -.UNINDENT -.TP -.B \fBlong bpf_set_hash(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIhash\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Set the full hash for \fIskb\fP (set the field \fIskb\fP\fB\->hash\fP) -to value \fIhash\fP\&. -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBlong bpf_setsockopt(void *\fP\fIbpf_socket\fP\fB, int\fP \fIlevel\fP\fB, int\fP \fIoptname\fP\fB, void *\fP\fIoptval\fP\fB, int\fP \fIoptlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Emulate a call to \fBsetsockopt()\fP on the socket associated to -\fIbpf_socket\fP, which must be a full socket. The \fIlevel\fP at -which the option resides and the name \fIoptname\fP of the option -must be specified, see \fBsetsockopt(2)\fP for more information. -The option value of length \fIoptlen\fP is pointed by \fIoptval\fP\&. -.sp -\fIbpf_socket\fP should be one of the following: -.INDENT 7.0 -.IP \(bu 2 -\fBstruct bpf_sock_ops\fP for \fBBPF_PROG_TYPE_SOCK_OPS\fP\&. -.IP \(bu 2 -\fBstruct bpf_sock_addr\fP for \fBBPF_CGROUP_INET4_CONNECT\fP, -\fBBPF_CGROUP_INET6_CONNECT\fP and \fBBPF_CGROUP_UNIX_CONNECT\fP\&. -.UNINDENT -.sp -This helper actually implements a subset of \fBsetsockopt()\fP\&. -It supports the following \fIlevel\fPs: -.INDENT 7.0 -.IP \(bu 2 -\fBSOL_SOCKET\fP, which supports the following \fIoptname\fPs: -\fBSO_RCVBUF\fP, \fBSO_SNDBUF\fP, \fBSO_MAX_PACING_RATE\fP, -\fBSO_PRIORITY\fP, \fBSO_RCVLOWAT\fP, \fBSO_MARK\fP, -\fBSO_BINDTODEVICE\fP, \fBSO_KEEPALIVE\fP, \fBSO_REUSEADDR\fP, -\fBSO_REUSEPORT\fP, \fBSO_BINDTOIFINDEX\fP, \fBSO_TXREHASH\fP\&. -.IP \(bu 2 -\fBIPPROTO_TCP\fP, which supports the following \fIoptname\fPs: -\fBTCP_CONGESTION\fP, \fBTCP_BPF_IW\fP, -\fBTCP_BPF_SNDCWND_CLAMP\fP, \fBTCP_SAVE_SYN\fP, -\fBTCP_KEEPIDLE\fP, \fBTCP_KEEPINTVL\fP, \fBTCP_KEEPCNT\fP, -\fBTCP_SYNCNT\fP, \fBTCP_USER_TIMEOUT\fP, \fBTCP_NOTSENT_LOWAT\fP, -\fBTCP_NODELAY\fP, \fBTCP_MAXSEG\fP, \fBTCP_WINDOW_CLAMP\fP, -\fBTCP_THIN_LINEAR_TIMEOUTS\fP, \fBTCP_BPF_DELACK_MAX\fP, -\fBTCP_BPF_RTO_MIN\fP\&. -.IP \(bu 2 -\fBIPPROTO_IP\fP, which supports \fIoptname\fP \fBIP_TOS\fP\&. -.IP \(bu 2 -\fBIPPROTO_IPV6\fP, which supports the following \fIoptname\fPs: -\fBIPV6_TCLASS\fP, \fBIPV6_AUTOFLOWLABEL\fP\&. -.UNINDENT -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_adjust_room(struct sk_buff *\fP\fIskb\fP\fB, s32\fP \fIlen_diff\fP\fB, u32\fP \fImode\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Grow or shrink the room for data in the packet associated to -\fIskb\fP by \fIlen_diff\fP, and according to the selected \fImode\fP\&. -.sp -By default, the helper will reset any offloaded checksum -indicator of the skb to CHECKSUM_NONE. This can be avoided -by the following flag: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_F_ADJ_ROOM_NO_CSUM_RESET\fP: Do not reset offloaded -checksum data of the skb to CHECKSUM_NONE. -.UNINDENT -.sp -There are two supported modes at this time: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_ADJ_ROOM_MAC\fP: Adjust room at the mac layer -(room space is added or removed between the layer 2 and -layer 3 headers). -.IP \(bu 2 -\fBBPF_ADJ_ROOM_NET\fP: Adjust room at the network layer -(room space is added or removed between the layer 3 and -layer 4 headers). -.UNINDENT -.sp -The following flags are supported at this time: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_F_ADJ_ROOM_FIXED_GSO\fP: Do not adjust gso_size. -Adjusting mss in this way is not allowed for datagrams. -.IP \(bu 2 -\fBBPF_F_ADJ_ROOM_ENCAP_L3_IPV4\fP, -\fBBPF_F_ADJ_ROOM_ENCAP_L3_IPV6\fP: -Any new space is reserved to hold a tunnel header. -Configure skb offsets and other fields accordingly. -.IP \(bu 2 -\fBBPF_F_ADJ_ROOM_ENCAP_L4_GRE\fP, -\fBBPF_F_ADJ_ROOM_ENCAP_L4_UDP\fP: -Use with ENCAP_L3 flags to further specify the tunnel type. -.IP \(bu 2 -\fBBPF_F_ADJ_ROOM_ENCAP_L2\fP(\fIlen\fP): -Use with ENCAP_L3/L4 flags to further specify the tunnel -type; \fIlen\fP is the length of the inner MAC header. -.IP \(bu 2 -\fBBPF_F_ADJ_ROOM_ENCAP_L2_ETH\fP: -Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the -L2 type as Ethernet. -.IP \(bu 2 -\fBBPF_F_ADJ_ROOM_DECAP_L3_IPV4\fP, -\fBBPF_F_ADJ_ROOM_DECAP_L3_IPV6\fP: -Indicate the new IP header version after decapsulating the outer -IP header. Used when the inner and outer IP versions are different. -.UNINDENT -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_redirect_map(struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Redirect the packet to the endpoint referenced by \fImap\fP at -index \fIkey\fP\&. Depending on its type, this \fImap\fP can contain -references to net devices (for forwarding packets through other -ports), or to CPUs (for redirecting XDP frames to another CPU; -but this is only implemented for native XDP (with driver -support) as of this writing). -.sp -The lower two bits of \fIflags\fP are used as the return code if -the map lookup fails. This is so that the return value can be -one of the XDP program return codes up to \fBXDP_TX\fP, as chosen -by the caller. The higher bits of \fIflags\fP can be set to -BPF_F_BROADCAST or BPF_F_EXCLUDE_INGRESS as defined below. -.sp -With BPF_F_BROADCAST the packet will be broadcasted to all the -interfaces in the map, with BPF_F_EXCLUDE_INGRESS the ingress -interface will be excluded when do broadcasting. -.sp -See also \fBbpf_redirect\fP(), which only supports redirecting -to an ifindex, but doesn\(aqt require a map to do so. -.TP -.B Return -\fBXDP_REDIRECT\fP on success, or the value of the two lower bits -of the \fIflags\fP argument on error. -.UNINDENT -.TP -.B \fBlong bpf_sk_redirect_map(struct sk_buff *\fP\fIskb\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u32\fP \fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Redirect the packet to the socket referenced by \fImap\fP (of type -\fBBPF_MAP_TYPE_SOCKMAP\fP) at index \fIkey\fP\&. Both ingress and -egress interfaces can be used for redirection. The -\fBBPF_F_INGRESS\fP value in \fIflags\fP is used to make the -distinction (ingress path is selected if the flag is present, -egress path otherwise). This is the only flag supported for now. -.TP -.B Return -\fBSK_PASS\fP on success, or \fBSK_DROP\fP on error. -.UNINDENT -.TP -.B \fBlong bpf_sock_map_update(struct bpf_sock_ops *\fP\fIskops\fP\fB, struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Add an entry to, or update a \fImap\fP referencing sockets. The -\fIskops\fP is used as a new value for the entry associated to -\fIkey\fP\&. \fIflags\fP is one of: -.INDENT 7.0 -.TP -.B \fBBPF_NOEXIST\fP -The entry for \fIkey\fP must not exist in the map. -.TP -.B \fBBPF_EXIST\fP -The entry for \fIkey\fP must already exist in the map. -.TP -.B \fBBPF_ANY\fP -No condition on the existence of the entry for \fIkey\fP\&. -.UNINDENT -.sp -If the \fImap\fP has eBPF programs (parser and verdict), those will -be inherited by the socket being added. If the socket is -already attached to eBPF programs, this results in an error. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_xdp_adjust_meta(struct xdp_buff *\fP\fIxdp_md\fP\fB, int\fP \fIdelta\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Adjust the address pointed by \fIxdp_md\fP\fB\->data_meta\fP by -\fIdelta\fP (which can be positive or negative). Note that this -operation modifies the address stored in \fIxdp_md\fP\fB\->data\fP, -so the latter must be loaded only after the helper has been -called. -.sp -The use of \fIxdp_md\fP\fB\->data_meta\fP is optional and programs -are not required to use it. The rationale is that when the -packet is processed with XDP (e.g. as DoS filter), it is -possible to push further meta data along with it before passing -to the stack, and to give the guarantee that an ingress eBPF -program attached as a TC classifier on the same device can pick -this up for further post\-processing. Since TC works with socket -buffers, it remains possible to set from XDP the \fBmark\fP or -\fBpriority\fP pointers, or other pointers for the socket buffer. -Having this scratch space generic and programmable allows for -more flexibility as the user is free to store whatever meta -data they need. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_perf_event_read_value(struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB, struct bpf_perf_event_value *\fP\fIbuf\fP\fB, u32\fP \fIbuf_size\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Read the value of a perf event counter, and store it into \fIbuf\fP -of size \fIbuf_size\fP\&. This helper relies on a \fImap\fP of type -\fBBPF_MAP_TYPE_PERF_EVENT_ARRAY\fP\&. The nature of the perf event -counter is selected when \fImap\fP is updated with perf event file -descriptors. The \fImap\fP is an array whose size is the number of -available CPUs, and each cell contains a value relative to one -CPU. The value to retrieve is indicated by \fIflags\fP, that -contains the index of the CPU to look up, masked with -\fBBPF_F_INDEX_MASK\fP\&. Alternatively, \fIflags\fP can be set to -\fBBPF_F_CURRENT_CPU\fP to indicate that the value for the -current CPU should be retrieved. -.sp -This helper behaves in a way close to -\fBbpf_perf_event_read\fP() helper, save that instead of -just returning the value observed, it fills the \fIbuf\fP -structure. This allows for additional data to be retrieved: in -particular, the enabled and running times (in \fIbuf\fP\fB\->enabled\fP and \fIbuf\fP\fB\->running\fP, respectively) are -copied. In general, \fBbpf_perf_event_read_value\fP() is -recommended over \fBbpf_perf_event_read\fP(), which has some -ABI issues and provides fewer functionalities. -.sp -These values are interesting, because hardware PMU (Performance -Monitoring Unit) counters are limited resources. When there are -more PMU based perf events opened than available counters, -kernel will multiplex these events so each event gets certain -percentage (but not all) of the PMU time. In case that -multiplexing happens, the number of samples or counter value -will not reflect the case compared to when no multiplexing -occurs. This makes comparison between different runs difficult. -Typically, the counter value should be normalized before -comparing to other experiments. The usual normalization is done -as follows. -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -normalized_counter = counter * t_enabled / t_running -.EE -.UNINDENT -.UNINDENT -.sp -Where t_enabled is the time enabled for event and t_running is -the time running for event since last normalization. The -enabled and running times are accumulated since the perf event -open. To achieve scaling factor between two invocations of an -eBPF program, users can use CPU id as the key (which is -typical for perf array usage model) to remember the previous -value and do the calculation inside the eBPF program. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_perf_prog_read_value(struct bpf_perf_event_data *\fP\fIctx\fP\fB, struct bpf_perf_event_value *\fP\fIbuf\fP\fB, u32\fP \fIbuf_size\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For an eBPF program attached to a perf event, retrieve the -value of the event counter associated to \fIctx\fP and store it in -the structure pointed by \fIbuf\fP and of size \fIbuf_size\fP\&. Enabled -and running times are also stored in the structure (see -description of helper \fBbpf_perf_event_read_value\fP() for -more details). -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_getsockopt(void *\fP\fIbpf_socket\fP\fB, int\fP \fIlevel\fP\fB, int\fP \fIoptname\fP\fB, void *\fP\fIoptval\fP\fB, int\fP \fIoptlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Emulate a call to \fBgetsockopt()\fP on the socket associated to -\fIbpf_socket\fP, which must be a full socket. The \fIlevel\fP at -which the option resides and the name \fIoptname\fP of the option -must be specified, see \fBgetsockopt(2)\fP for more information. -The retrieved value is stored in the structure pointed by -\fIopval\fP and of length \fIoptlen\fP\&. -.sp -\fIbpf_socket\fP should be one of the following: -.INDENT 7.0 -.IP \(bu 2 -\fBstruct bpf_sock_ops\fP for \fBBPF_PROG_TYPE_SOCK_OPS\fP\&. -.IP \(bu 2 -\fBstruct bpf_sock_addr\fP for \fBBPF_CGROUP_INET4_CONNECT\fP, -\fBBPF_CGROUP_INET6_CONNECT\fP and \fBBPF_CGROUP_UNIX_CONNECT\fP\&. -.UNINDENT -.sp -This helper actually implements a subset of \fBgetsockopt()\fP\&. -It supports the same set of \fIoptname\fPs that is supported by -the \fBbpf_setsockopt\fP() helper. The exceptions are -\fBTCP_BPF_*\fP is \fBbpf_setsockopt\fP() only and -\fBTCP_SAVED_SYN\fP is \fBbpf_getsockopt\fP() only. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_override_return(struct pt_regs *\fP\fIregs\fP\fB, u64\fP \fIrc\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Used for error injection, this helper uses kprobes to override -the return value of the probed function, and to set it to \fIrc\fP\&. -The first argument is the context \fIregs\fP on which the kprobe -works. -.sp -This helper works by setting the PC (program counter) -to an override function which is run in place of the original -probed function. This means the probed function is not run at -all. The replacement function just returns with the required -value. -.sp -This helper has security implications, and thus is subject to -restrictions. It is only available if the kernel was compiled -with the \fBCONFIG_BPF_KPROBE_OVERRIDE\fP configuration -option, and in this case it only works on functions tagged with -\fBALLOW_ERROR_INJECTION\fP in the kernel code. -.sp -Also, the helper is only available for the architectures having -the CONFIG_FUNCTION_ERROR_INJECTION option. As of this writing, -x86 architecture is the only one to support this feature. -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBlong bpf_sock_ops_cb_flags_set(struct bpf_sock_ops *\fP\fIbpf_sock\fP\fB, int\fP \fIargval\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Attempt to set the value of the \fBbpf_sock_ops_cb_flags\fP field -for the full TCP socket associated to \fIbpf_sock_ops\fP to -\fIargval\fP\&. -.sp -The primary use of this field is to determine if there should -be calls to eBPF programs of type -\fBBPF_PROG_TYPE_SOCK_OPS\fP at various points in the TCP -code. A program of the same type can change its value, per -connection and as necessary, when the connection is -established. This field is directly accessible for reading, but -this helper must be used for updates in order to return an -error if an eBPF program tries to set a callback that is not -supported in the current kernel. -.sp -\fIargval\fP is a flag array which can combine these flags: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_SOCK_OPS_RTO_CB_FLAG\fP (retransmission time out) -.IP \(bu 2 -\fBBPF_SOCK_OPS_RETRANS_CB_FLAG\fP (retransmission) -.IP \(bu 2 -\fBBPF_SOCK_OPS_STATE_CB_FLAG\fP (TCP state change) -.IP \(bu 2 -\fBBPF_SOCK_OPS_RTT_CB_FLAG\fP (every RTT) -.UNINDENT -.sp -Therefore, this function can be used to clear a callback flag by -setting the appropriate bit to zero. e.g. to disable the RTO -callback: -.INDENT 7.0 -.TP -.B \fBbpf_sock_ops_cb_flags_set(bpf_sock,\fP -\fBbpf_sock\->bpf_sock_ops_cb_flags & ~BPF_SOCK_OPS_RTO_CB_FLAG)\fP -.UNINDENT -.sp -Here are some examples of where one could call such eBPF -program: -.INDENT 7.0 -.IP \(bu 2 -When RTO fires. -.IP \(bu 2 -When a packet is retransmitted. -.IP \(bu 2 -When the connection terminates. -.IP \(bu 2 -When a packet is sent. -.IP \(bu 2 -When a packet is received. -.UNINDENT -.TP -.B Return -Code \fB\-EINVAL\fP if the socket is not a full TCP socket; -otherwise, a positive number containing the bits that could not -be set is returned (which comes down to 0 if all bits were set -as required). -.UNINDENT -.TP -.B \fBlong bpf_msg_redirect_map(struct sk_msg_buff *\fP\fImsg\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u32\fP \fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is used in programs implementing policies at the -socket level. If the message \fImsg\fP is allowed to pass (i.e. if -the verdict eBPF program returns \fBSK_PASS\fP), redirect it to -the socket referenced by \fImap\fP (of type -\fBBPF_MAP_TYPE_SOCKMAP\fP) at index \fIkey\fP\&. Both ingress and -egress interfaces can be used for redirection. The -\fBBPF_F_INGRESS\fP value in \fIflags\fP is used to make the -distinction (ingress path is selected if the flag is present, -egress path otherwise). This is the only flag supported for now. -.TP -.B Return -\fBSK_PASS\fP on success, or \fBSK_DROP\fP on error. -.UNINDENT -.TP -.B \fBlong bpf_msg_apply_bytes(struct sk_msg_buff *\fP\fImsg\fP\fB, u32\fP \fIbytes\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For socket policies, apply the verdict of the eBPF program to -the next \fIbytes\fP (number of bytes) of message \fImsg\fP\&. -.sp -For example, this helper can be used in the following cases: -.INDENT 7.0 -.IP \(bu 2 -A single \fBsendmsg\fP() or \fBsendfile\fP() system call -contains multiple logical messages that the eBPF program is -supposed to read and for which it should apply a verdict. -.IP \(bu 2 -An eBPF program only cares to read the first \fIbytes\fP of a -\fImsg\fP\&. If the message has a large payload, then setting up -and calling the eBPF program repeatedly for all bytes, even -though the verdict is already known, would create unnecessary -overhead. -.UNINDENT -.sp -When called from within an eBPF program, the helper sets a -counter internal to the BPF infrastructure, that is used to -apply the last verdict to the next \fIbytes\fP\&. If \fIbytes\fP is -smaller than the current data being processed from a -\fBsendmsg\fP() or \fBsendfile\fP() system call, the first -\fIbytes\fP will be sent and the eBPF program will be re\-run with -the pointer for start of data pointing to byte number \fIbytes\fP -\fB+ 1\fP\&. If \fIbytes\fP is larger than the current data being -processed, then the eBPF verdict will be applied to multiple -\fBsendmsg\fP() or \fBsendfile\fP() calls until \fIbytes\fP are -consumed. -.sp -Note that if a socket closes with the internal counter holding -a non\-zero value, this is not a problem because data is not -being buffered for \fIbytes\fP and is sent as it is received. -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBlong bpf_msg_cork_bytes(struct sk_msg_buff *\fP\fImsg\fP\fB, u32\fP \fIbytes\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For socket policies, prevent the execution of the verdict eBPF -program for message \fImsg\fP until \fIbytes\fP (byte number) have been -accumulated. -.sp -This can be used when one needs a specific number of bytes -before a verdict can be assigned, even if the data spans -multiple \fBsendmsg\fP() or \fBsendfile\fP() calls. The extreme -case would be a user calling \fBsendmsg\fP() repeatedly with -1\-byte long message segments. Obviously, this is bad for -performance, but it is still valid. If the eBPF program needs -\fIbytes\fP bytes to validate a header, this helper can be used to -prevent the eBPF program to be called again until \fIbytes\fP have -been accumulated. -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBlong bpf_msg_pull_data(struct sk_msg_buff *\fP\fImsg\fP\fB, u32\fP \fIstart\fP\fB, u32\fP \fIend\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For socket policies, pull in non\-linear data from user space -for \fImsg\fP and set pointers \fImsg\fP\fB\->data\fP and \fImsg\fP\fB\->data_end\fP to \fIstart\fP and \fIend\fP bytes offsets into \fImsg\fP, -respectively. -.sp -If a program of type \fBBPF_PROG_TYPE_SK_MSG\fP is run on a -\fImsg\fP it can only parse data that the (\fBdata\fP, \fBdata_end\fP) -pointers have already consumed. For \fBsendmsg\fP() hooks this -is likely the first scatterlist element. But for calls relying -on the \fBsendpage\fP handler (e.g. \fBsendfile\fP()) this will -be the range (\fB0\fP, \fB0\fP) because the data is shared with -user space and by default the objective is to avoid allowing -user space to modify data while (or after) eBPF verdict is -being decided. This helper can be used to pull in data and to -set the start and end pointer to given values. Data will be -copied if necessary (i.e. if data was not linear and if start -and end pointers do not point to the same chunk). -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.sp -All values for \fIflags\fP are reserved for future usage, and must -be left at zero. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_bind(struct bpf_sock_addr *\fP\fIctx\fP\fB, struct sockaddr *\fP\fIaddr\fP\fB, int\fP \fIaddr_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Bind the socket associated to \fIctx\fP to the address pointed by -\fIaddr\fP, of length \fIaddr_len\fP\&. This allows for making outgoing -connection from the desired IP address, which can be useful for -example when all processes inside a cgroup should use one -single IP address on a host that has multiple IP configured. -.sp -This helper works for IPv4 and IPv6, TCP and UDP sockets. The -domain (\fIaddr\fP\fB\->sa_family\fP) must be \fBAF_INET\fP (or -\fBAF_INET6\fP). It\(aqs advised to pass zero port (\fBsin_port\fP -or \fBsin6_port\fP) which triggers IP_BIND_ADDRESS_NO_PORT\-like -behavior and lets the kernel efficiently pick up an unused -port as long as 4\-tuple is unique. Passing non\-zero port might -lead to degraded performance. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_xdp_adjust_tail(struct xdp_buff *\fP\fIxdp_md\fP\fB, int\fP \fIdelta\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Adjust (move) \fIxdp_md\fP\fB\->data_end\fP by \fIdelta\fP bytes. It is -possible to both shrink and grow the packet tail. -Shrink done via \fIdelta\fP being a negative integer. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_get_xfrm_state(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIindex\fP\fB, struct bpf_xfrm_state *\fP\fIxfrm_state\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Retrieve the XFRM state (IP transform framework, see also -\fBip\-xfrm(8)\fP) at \fIindex\fP in XFRM \(dqsecurity path\(dq for \fIskb\fP\&. -.sp -The retrieved value is stored in the \fBstruct bpf_xfrm_state\fP -pointed by \fIxfrm_state\fP and of length \fIsize\fP\&. -.sp -All values for \fIflags\fP are reserved for future usage, and must -be left at zero. -.sp -This helper is available only if the kernel was compiled with -\fBCONFIG_XFRM\fP configuration option. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_get_stack(void *\fP\fIctx\fP\fB, void *\fP\fIbuf\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return a user or a kernel stack in bpf program provided buffer. -To achieve this, the helper needs \fIctx\fP, which is a pointer -to the context on which the tracing program is executed. -To store the stacktrace, the bpf program provides \fIbuf\fP with -a nonnegative \fIsize\fP\&. -.sp -The last argument, \fIflags\fP, holds the number of stack frames to -skip (from 0 to 255), masked with -\fBBPF_F_SKIP_FIELD_MASK\fP\&. The next bits can be used to set -the following flags: -.INDENT 7.0 -.TP -.B \fBBPF_F_USER_STACK\fP -Collect a user space stack instead of a kernel stack. -.TP -.B \fBBPF_F_USER_BUILD_ID\fP -Collect (build_id, file_offset) instead of ips for user -stack, only valid if \fBBPF_F_USER_STACK\fP is also -specified. -.sp -\fIfile_offset\fP is an offset relative to the beginning -of the executable or shared object file backing the vma -which the \fIip\fP falls in. It is \fInot\fP an offset relative -to that object\(aqs base address. Accordingly, it must be -adjusted by adding (sh_addr \- sh_offset), where -sh_{addr,offset} correspond to the executable section -containing \fIfile_offset\fP in the object, for comparisons -to symbols\(aq st_value to be valid. -.UNINDENT -.sp -\fBbpf_get_stack\fP() can collect up to -\fBPERF_MAX_STACK_DEPTH\fP both kernel and user frames, subject -to sufficient large buffer size. Note that -this limit can be controlled with the \fBsysctl\fP program, and -that it should be manually increased in order to profile long -user stacks (such as stacks for Java programs). To do so, use: -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -# sysctl kernel.perf_event_max_stack= -.EE -.UNINDENT -.UNINDENT -.TP -.B Return -The non\-negative copied \fIbuf\fP length equal to or less than -\fIsize\fP on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_load_bytes_relative(const void *\fP\fIskb\fP\fB, u32\fP \fIoffset\fP\fB, void *\fP\fIto\fP\fB, u32\fP \fIlen\fP\fB, u32\fP \fIstart_header\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is similar to \fBbpf_skb_load_bytes\fP() in that -it provides an easy way to load \fIlen\fP bytes from \fIoffset\fP -from the packet associated to \fIskb\fP, into the buffer pointed -by \fIto\fP\&. The difference to \fBbpf_skb_load_bytes\fP() is that -a fifth argument \fIstart_header\fP exists in order to select a -base offset to start from. \fIstart_header\fP can be one of: -.INDENT 7.0 -.TP -.B \fBBPF_HDR_START_MAC\fP -Base offset to load data from is \fIskb\fP\(aqs mac header. -.TP -.B \fBBPF_HDR_START_NET\fP -Base offset to load data from is \fIskb\fP\(aqs network header. -.UNINDENT -.sp -In general, \(dqdirect packet access\(dq is the preferred method to -access packet data, however, this helper is in particular useful -in socket filters where \fIskb\fP\fB\->data\fP does not always point -to the start of the mac header and where \(dqdirect packet access\(dq -is not available. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_fib_lookup(void *\fP\fIctx\fP\fB, struct bpf_fib_lookup *\fP\fIparams\fP\fB, int\fP \fIplen\fP\fB, u32\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Do FIB lookup in kernel tables using parameters in \fIparams\fP\&. -If lookup is successful and result shows packet is to be -forwarded, the neighbor tables are searched for the nexthop. -If successful (ie., FIB lookup shows forwarding and nexthop -is resolved), the nexthop address is returned in ipv4_dst -or ipv6_dst based on family, smac is set to mac address of -egress device, dmac is set to nexthop mac address, rt_metric -is set to metric from route (IPv4/IPv6 only), and ifindex -is set to the device index of the nexthop from the FIB lookup. -.sp -\fIplen\fP argument is the size of the passed in struct. -\fIflags\fP argument can be a combination of one or more of the -following values: -.INDENT 7.0 -.TP -.B \fBBPF_FIB_LOOKUP_DIRECT\fP -Do a direct table lookup vs full lookup using FIB -rules. -.TP -.B \fBBPF_FIB_LOOKUP_TBID\fP -Used with BPF_FIB_LOOKUP_DIRECT. -Use the routing table ID present in \fIparams\fP\->tbid -for the fib lookup. -.TP -.B \fBBPF_FIB_LOOKUP_OUTPUT\fP -Perform lookup from an egress perspective (default is -ingress). -.TP -.B \fBBPF_FIB_LOOKUP_SKIP_NEIGH\fP -Skip the neighbour table lookup. \fIparams\fP\->dmac -and \fIparams\fP\->smac will not be set as output. A common -use case is to call \fBbpf_redirect_neigh\fP() after -doing \fBbpf_fib_lookup\fP(). -.TP -.B \fBBPF_FIB_LOOKUP_SRC\fP -Derive and set source IP addr in \fIparams\fP\->ipv{4,6}_src -for the nexthop. If the src addr cannot be derived, -\fBBPF_FIB_LKUP_RET_NO_SRC_ADDR\fP is returned. In this -case, \fIparams\fP\->dmac and \fIparams\fP\->smac are not set either. -.UNINDENT -.sp -\fIctx\fP is either \fBstruct xdp_md\fP for XDP programs or -\fBstruct sk_buff\fP tc cls_act programs. -.TP -.B Return -.INDENT 7.0 -.IP \(bu 2 -< 0 if any input argument is invalid -.IP \(bu 2 -0 on success (packet is forwarded, nexthop neighbor exists) -.IP \(bu 2 -> 0 one of \fBBPF_FIB_LKUP_RET_\fP codes explaining why the -packet is not forwarded or needs assist from full stack -.UNINDENT -.sp -If lookup fails with BPF_FIB_LKUP_RET_FRAG_NEEDED, then the MTU -was exceeded and output params\->mtu_result contains the MTU. -.UNINDENT -.TP -.B \fBlong bpf_sock_hash_update(struct bpf_sock_ops *\fP\fIskops\fP\fB, struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Add an entry to, or update a sockhash \fImap\fP referencing sockets. -The \fIskops\fP is used as a new value for the entry associated to -\fIkey\fP\&. \fIflags\fP is one of: -.INDENT 7.0 -.TP -.B \fBBPF_NOEXIST\fP -The entry for \fIkey\fP must not exist in the map. -.TP -.B \fBBPF_EXIST\fP -The entry for \fIkey\fP must already exist in the map. -.TP -.B \fBBPF_ANY\fP -No condition on the existence of the entry for \fIkey\fP\&. -.UNINDENT -.sp -If the \fImap\fP has eBPF programs (parser and verdict), those will -be inherited by the socket being added. If the socket is -already attached to eBPF programs, this results in an error. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_msg_redirect_hash(struct sk_msg_buff *\fP\fImsg\fP\fB, struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is used in programs implementing policies at the -socket level. If the message \fImsg\fP is allowed to pass (i.e. if -the verdict eBPF program returns \fBSK_PASS\fP), redirect it to -the socket referenced by \fImap\fP (of type -\fBBPF_MAP_TYPE_SOCKHASH\fP) using hash \fIkey\fP\&. Both ingress and -egress interfaces can be used for redirection. The -\fBBPF_F_INGRESS\fP value in \fIflags\fP is used to make the -distinction (ingress path is selected if the flag is present, -egress path otherwise). This is the only flag supported for now. -.TP -.B Return -\fBSK_PASS\fP on success, or \fBSK_DROP\fP on error. -.UNINDENT -.TP -.B \fBlong bpf_sk_redirect_hash(struct sk_buff *\fP\fIskb\fP\fB, struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is used in programs implementing policies at the -skb socket level. If the sk_buff \fIskb\fP is allowed to pass (i.e. -if the verdict eBPF program returns \fBSK_PASS\fP), redirect it -to the socket referenced by \fImap\fP (of type -\fBBPF_MAP_TYPE_SOCKHASH\fP) using hash \fIkey\fP\&. Both ingress and -egress interfaces can be used for redirection. The -\fBBPF_F_INGRESS\fP value in \fIflags\fP is used to make the -distinction (ingress path is selected if the flag is present, -egress otherwise). This is the only flag supported for now. -.TP -.B Return -\fBSK_PASS\fP on success, or \fBSK_DROP\fP on error. -.UNINDENT -.TP -.B \fBlong bpf_lwt_push_encap(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fItype\fP\fB, void *\fP\fIhdr\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Encapsulate the packet associated to \fIskb\fP within a Layer 3 -protocol header. This header is provided in the buffer at -address \fIhdr\fP, with \fIlen\fP its size in bytes. \fItype\fP indicates -the protocol of the header and can be one of: -.INDENT 7.0 -.TP -.B \fBBPF_LWT_ENCAP_SEG6\fP -IPv6 encapsulation with Segment Routing Header -(\fBstruct ipv6_sr_hdr\fP). \fIhdr\fP only contains the SRH, -the IPv6 header is computed by the kernel. -.TP -.B \fBBPF_LWT_ENCAP_SEG6_INLINE\fP -Only works if \fIskb\fP contains an IPv6 packet. Insert a -Segment Routing Header (\fBstruct ipv6_sr_hdr\fP) inside -the IPv6 header. -.TP -.B \fBBPF_LWT_ENCAP_IP\fP -IP encapsulation (GRE/GUE/IPIP/etc). The outer header -must be IPv4 or IPv6, followed by zero or more -additional headers, up to \fBLWT_BPF_MAX_HEADROOM\fP -total bytes in all prepended headers. Please note that -if \fBskb_is_gso\fP(\fIskb\fP) is true, no more than two -headers can be prepended, and the inner header, if -present, should be either GRE or UDP/GUE. -.UNINDENT -.sp -\fBBPF_LWT_ENCAP_SEG6\fP* types can be called by BPF programs -of type \fBBPF_PROG_TYPE_LWT_IN\fP; \fBBPF_LWT_ENCAP_IP\fP type can -be called by bpf programs of types \fBBPF_PROG_TYPE_LWT_IN\fP and -\fBBPF_PROG_TYPE_LWT_XMIT\fP\&. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_lwt_seg6_store_bytes(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIoffset\fP\fB, const void *\fP\fIfrom\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Store \fIlen\fP bytes from address \fIfrom\fP into the packet -associated to \fIskb\fP, at \fIoffset\fP\&. Only the flags, tag and TLVs -inside the outermost IPv6 Segment Routing Header can be -modified through this helper. -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_lwt_seg6_adjust_srh(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIoffset\fP\fB, s32\fP \fIdelta\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Adjust the size allocated to TLVs in the outermost IPv6 -Segment Routing Header contained in the packet associated to -\fIskb\fP, at position \fIoffset\fP by \fIdelta\fP bytes. Only offsets -after the segments are accepted. \fIdelta\fP can be as well -positive (growing) as negative (shrinking). -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_lwt_seg6_action(struct sk_buff *\fP\fIskb\fP\fB, u32\fP \fIaction\fP\fB, void *\fP\fIparam\fP\fB, u32\fP \fIparam_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Apply an IPv6 Segment Routing action of type \fIaction\fP to the -packet associated to \fIskb\fP\&. Each action takes a parameter -contained at address \fIparam\fP, and of length \fIparam_len\fP bytes. -\fIaction\fP can be one of: -.INDENT 7.0 -.TP -.B \fBSEG6_LOCAL_ACTION_END_X\fP -End.X action: Endpoint with Layer\-3 cross\-connect. -Type of \fIparam\fP: \fBstruct in6_addr\fP\&. -.TP -.B \fBSEG6_LOCAL_ACTION_END_T\fP -End.T action: Endpoint with specific IPv6 table lookup. -Type of \fIparam\fP: \fBint\fP\&. -.TP -.B \fBSEG6_LOCAL_ACTION_END_B6\fP -End.B6 action: Endpoint bound to an SRv6 policy. -Type of \fIparam\fP: \fBstruct ipv6_sr_hdr\fP\&. -.TP -.B \fBSEG6_LOCAL_ACTION_END_B6_ENCAP\fP -End.B6.Encap action: Endpoint bound to an SRv6 -encapsulation policy. -Type of \fIparam\fP: \fBstruct ipv6_sr_hdr\fP\&. -.UNINDENT -.sp -A call to this helper is susceptible to change the underlying -packet buffer. Therefore, at load time, all checks on pointers -previously done by the verifier are invalidated and must be -performed again, if the helper is used in combination with -direct packet access. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_rc_repeat(void *\fP\fIctx\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is used in programs implementing IR decoding, to -report a successfully decoded repeat key message. This delays -the generation of a key up event for previously generated -key down event. -.sp -Some IR protocols like NEC have a special IR message for -repeating last button, for when a button is held down. -.sp -The \fIctx\fP should point to the lirc sample as passed into -the program. -.sp -This helper is only available is the kernel was compiled with -the \fBCONFIG_BPF_LIRC_MODE2\fP configuration option set to -\(dq\fBy\fP\(dq. -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBlong bpf_rc_keydown(void *\fP\fIctx\fP\fB, u32\fP \fIprotocol\fP\fB, u64\fP \fIscancode\fP\fB, u32\fP \fItoggle\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is used in programs implementing IR decoding, to -report a successfully decoded key press with \fIscancode\fP, -\fItoggle\fP value in the given \fIprotocol\fP\&. The scancode will be -translated to a keycode using the rc keymap, and reported as -an input key down event. After a period a key up event is -generated. This period can be extended by calling either -\fBbpf_rc_keydown\fP() again with the same values, or calling -\fBbpf_rc_repeat\fP(). -.sp -Some protocols include a toggle bit, in case the button was -released and pressed again between consecutive scancodes. -.sp -The \fIctx\fP should point to the lirc sample as passed into -the program. -.sp -The \fIprotocol\fP is the decoded protocol number (see -\fBenum rc_proto\fP for some predefined values). -.sp -This helper is only available is the kernel was compiled with -the \fBCONFIG_BPF_LIRC_MODE2\fP configuration option set to -\(dq\fBy\fP\(dq. -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBu64 bpf_skb_cgroup_id(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return the cgroup v2 id of the socket associated with the \fIskb\fP\&. -This is roughly similar to the \fBbpf_get_cgroup_classid\fP() -helper for cgroup v1 by providing a tag resp. identifier that -can be matched on or used for map lookups e.g. to implement -policy. The cgroup v2 id of a given path in the hierarchy is -exposed in user space through the f_handle API in order to get -to the same 64\-bit id. -.sp -This helper can be used on TC egress path, but not on ingress, -and is available only if the kernel was compiled with the -\fBCONFIG_SOCK_CGROUP_DATA\fP configuration option. -.TP -.B Return -The id is returned or 0 in case the id could not be retrieved. -.UNINDENT -.TP -.B \fBu64 bpf_get_current_cgroup_id(void)\fP -.INDENT 7.0 -.TP -.B Description -Get the current cgroup id based on the cgroup within which -the current task is running. -.TP -.B Return -A 64\-bit integer containing the current cgroup id based -on the cgroup within which the current task is running. -.UNINDENT -.TP -.B \fBvoid *bpf_get_local_storage(void *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get the pointer to the local storage area. -The type and the size of the local storage is defined -by the \fImap\fP argument. -The \fIflags\fP meaning is specific for each map type, -and has to be 0 for cgroup local storage. -.sp -Depending on the BPF program type, a local storage area -can be shared between multiple instances of the BPF program, -running simultaneously. -.sp -A user should care about the synchronization by himself. -For example, by using the \fBBPF_ATOMIC\fP instructions to alter -the shared data. -.TP -.B Return -A pointer to the local storage area. -.UNINDENT -.TP -.B \fBlong bpf_sk_select_reuseport(struct sk_reuseport_md *\fP\fIreuse\fP\fB, struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Select a \fBSO_REUSEPORT\fP socket from a -\fBBPF_MAP_TYPE_REUSEPORT_SOCKARRAY\fP \fImap\fP\&. -It checks the selected socket is matching the incoming -request in the socket buffer. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBu64 bpf_skb_ancestor_cgroup_id(struct sk_buff *\fP\fIskb\fP\fB, int\fP \fIancestor_level\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return id of cgroup v2 that is ancestor of cgroup associated -with the \fIskb\fP at the \fIancestor_level\fP\&. The root cgroup is at -\fIancestor_level\fP zero and each step down the hierarchy -increments the level. If \fIancestor_level\fP == level of cgroup -associated with \fIskb\fP, then return value will be same as that -of \fBbpf_skb_cgroup_id\fP(). -.sp -The helper is useful to implement policies based on cgroups -that are upper in hierarchy than immediate cgroup associated -with \fIskb\fP\&. -.sp -The format of returned id and helper limitations are same as in -\fBbpf_skb_cgroup_id\fP(). -.TP -.B Return -The id is returned or 0 in case the id could not be retrieved. -.UNINDENT -.TP -.B \fBstruct bpf_sock *bpf_sk_lookup_tcp(void *\fP\fIctx\fP\fB, struct bpf_sock_tuple *\fP\fItuple\fP\fB, u32\fP \fItuple_size\fP\fB, u64\fP \fInetns\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Look for TCP socket matching \fItuple\fP, optionally in a child -network namespace \fInetns\fP\&. The return value must be checked, -and if non\-\fBNULL\fP, released via \fBbpf_sk_release\fP(). -.sp -The \fIctx\fP should point to the context of the program, such as -the skb or socket (depending on the hook in use). This is used -to determine the base network namespace for the lookup. -.sp -\fItuple_size\fP must be one of: -.INDENT 7.0 -.TP -.B \fBsizeof\fP(\fItuple\fP\fB\->ipv4\fP) -Look for an IPv4 socket. -.TP -.B \fBsizeof\fP(\fItuple\fP\fB\->ipv6\fP) -Look for an IPv6 socket. -.UNINDENT -.sp -If the \fInetns\fP is a negative signed 32\-bit integer, then the -socket lookup table in the netns associated with the \fIctx\fP -will be used. For the TC hooks, this is the netns of the device -in the skb. For socket hooks, this is the netns of the socket. -If \fInetns\fP is any other signed 32\-bit value greater than or -equal to zero then it specifies the ID of the netns relative to -the netns associated with the \fIctx\fP\&. \fInetns\fP values beyond the -range of 32\-bit integers are reserved for future use. -.sp -All values for \fIflags\fP are reserved for future usage, and must -be left at zero. -.sp -This helper is available only if the kernel was compiled with -\fBCONFIG_NET\fP configuration option. -.TP -.B Return -Pointer to \fBstruct bpf_sock\fP, or \fBNULL\fP in case of failure. -For sockets with reuseport option, the \fBstruct bpf_sock\fP -result is from \fIreuse\fP\fB\->socks\fP[] using the hash of the -tuple. -.UNINDENT -.TP -.B \fBstruct bpf_sock *bpf_sk_lookup_udp(void *\fP\fIctx\fP\fB, struct bpf_sock_tuple *\fP\fItuple\fP\fB, u32\fP \fItuple_size\fP\fB, u64\fP \fInetns\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Look for UDP socket matching \fItuple\fP, optionally in a child -network namespace \fInetns\fP\&. The return value must be checked, -and if non\-\fBNULL\fP, released via \fBbpf_sk_release\fP(). -.sp -The \fIctx\fP should point to the context of the program, such as -the skb or socket (depending on the hook in use). This is used -to determine the base network namespace for the lookup. -.sp -\fItuple_size\fP must be one of: -.INDENT 7.0 -.TP -.B \fBsizeof\fP(\fItuple\fP\fB\->ipv4\fP) -Look for an IPv4 socket. -.TP -.B \fBsizeof\fP(\fItuple\fP\fB\->ipv6\fP) -Look for an IPv6 socket. -.UNINDENT -.sp -If the \fInetns\fP is a negative signed 32\-bit integer, then the -socket lookup table in the netns associated with the \fIctx\fP -will be used. For the TC hooks, this is the netns of the device -in the skb. For socket hooks, this is the netns of the socket. -If \fInetns\fP is any other signed 32\-bit value greater than or -equal to zero then it specifies the ID of the netns relative to -the netns associated with the \fIctx\fP\&. \fInetns\fP values beyond the -range of 32\-bit integers are reserved for future use. -.sp -All values for \fIflags\fP are reserved for future usage, and must -be left at zero. -.sp -This helper is available only if the kernel was compiled with -\fBCONFIG_NET\fP configuration option. -.TP -.B Return -Pointer to \fBstruct bpf_sock\fP, or \fBNULL\fP in case of failure. -For sockets with reuseport option, the \fBstruct bpf_sock\fP -result is from \fIreuse\fP\fB\->socks\fP[] using the hash of the -tuple. -.UNINDENT -.TP -.B \fBlong bpf_sk_release(void *\fP\fIsock\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Release the reference held by \fIsock\fP\&. \fIsock\fP must be a -non\-\fBNULL\fP pointer that was returned from -\fBbpf_sk_lookup_xxx\fP(). -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_map_push_elem(struct bpf_map *\fP\fImap\fP\fB, const void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Push an element \fIvalue\fP in \fImap\fP\&. \fIflags\fP is one of: -.INDENT 7.0 -.TP -.B \fBBPF_EXIST\fP -If the queue/stack is full, the oldest element is -removed to make room for this. -.UNINDENT -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_map_pop_elem(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIvalue\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Pop an element from \fImap\fP\&. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_map_peek_elem(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIvalue\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get an element from \fImap\fP without removing it. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_msg_push_data(struct sk_msg_buff *\fP\fImsg\fP\fB, u32\fP \fIstart\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For socket policies, insert \fIlen\fP bytes into \fImsg\fP at offset -\fIstart\fP\&. -.sp -If a program of type \fBBPF_PROG_TYPE_SK_MSG\fP is run on a -\fImsg\fP it may want to insert metadata or options into the \fImsg\fP\&. -This can later be read and used by any of the lower layer BPF -hooks. -.sp -This helper may fail if under memory pressure (a malloc -fails) in these cases BPF programs will get an appropriate -error and BPF programs will need to handle them. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_msg_pop_data(struct sk_msg_buff *\fP\fImsg\fP\fB, u32\fP \fIstart\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Will remove \fIlen\fP bytes from a \fImsg\fP starting at byte \fIstart\fP\&. -This may result in \fBENOMEM\fP errors under certain situations if -an allocation and copy are required due to a full ring buffer. -However, the helper will try to avoid doing the allocation -if possible. Other errors can occur if input parameters are -invalid either due to \fIstart\fP byte not being valid part of \fImsg\fP -payload and/or \fIpop\fP value being to large. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_rc_pointer_rel(void *\fP\fIctx\fP\fB, s32\fP \fIrel_x\fP\fB, s32\fP \fIrel_y\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is used in programs implementing IR decoding, to -report a successfully decoded pointer movement. -.sp -The \fIctx\fP should point to the lirc sample as passed into -the program. -.sp -This helper is only available is the kernel was compiled with -the \fBCONFIG_BPF_LIRC_MODE2\fP configuration option set to -\(dq\fBy\fP\(dq. -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBlong bpf_spin_lock(struct bpf_spin_lock *\fP\fIlock\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Acquire a spinlock represented by the pointer \fIlock\fP, which is -stored as part of a value of a map. Taking the lock allows to -safely update the rest of the fields in that value. The -spinlock can (and must) later be released with a call to -\fBbpf_spin_unlock\fP(\fIlock\fP). -.sp -Spinlocks in BPF programs come with a number of restrictions -and constraints: -.INDENT 7.0 -.IP \(bu 2 -\fBbpf_spin_lock\fP objects are only allowed inside maps of -types \fBBPF_MAP_TYPE_HASH\fP and \fBBPF_MAP_TYPE_ARRAY\fP (this -list could be extended in the future). -.IP \(bu 2 -BTF description of the map is mandatory. -.IP \(bu 2 -The BPF program can take ONE lock at a time, since taking two -or more could cause dead locks. -.IP \(bu 2 -Only one \fBstruct bpf_spin_lock\fP is allowed per map element. -.IP \(bu 2 -When the lock is taken, calls (either BPF to BPF or helpers) -are not allowed. -.IP \(bu 2 -The \fBBPF_LD_ABS\fP and \fBBPF_LD_IND\fP instructions are not -allowed inside a spinlock\-ed region. -.IP \(bu 2 -The BPF program MUST call \fBbpf_spin_unlock\fP() to release -the lock, on all execution paths, before it returns. -.IP \(bu 2 -The BPF program can access \fBstruct bpf_spin_lock\fP only via -the \fBbpf_spin_lock\fP() and \fBbpf_spin_unlock\fP() -helpers. Loading or storing data into the \fBstruct -bpf_spin_lock\fP \fIlock\fP\fB;\fP field of a map is not allowed. -.IP \(bu 2 -To use the \fBbpf_spin_lock\fP() helper, the BTF description -of the map value must be a struct and have \fBstruct -bpf_spin_lock\fP \fIanyname\fP\fB;\fP field at the top level. -Nested lock inside another struct is not allowed. -.IP \(bu 2 -The \fBstruct bpf_spin_lock\fP \fIlock\fP field in a map value must -be aligned on a multiple of 4 bytes in that value. -.IP \(bu 2 -Syscall with command \fBBPF_MAP_LOOKUP_ELEM\fP does not copy -the \fBbpf_spin_lock\fP field to user space. -.IP \(bu 2 -Syscall with command \fBBPF_MAP_UPDATE_ELEM\fP, or update from -a BPF program, do not update the \fBbpf_spin_lock\fP field. -.IP \(bu 2 -\fBbpf_spin_lock\fP cannot be on the stack or inside a -networking packet (it can only be inside of a map values). -.IP \(bu 2 -\fBbpf_spin_lock\fP is available to root only. -.IP \(bu 2 -Tracing programs and socket filter programs cannot use -\fBbpf_spin_lock\fP() due to insufficient preemption checks -(but this may change in the future). -.IP \(bu 2 -\fBbpf_spin_lock\fP is not allowed in inner maps of map\-in\-map. -.UNINDENT -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBlong bpf_spin_unlock(struct bpf_spin_lock *\fP\fIlock\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Release the \fIlock\fP previously locked by a call to -\fBbpf_spin_lock\fP(\fIlock\fP). -.TP -.B Return -0 -.UNINDENT -.TP -.B \fBstruct bpf_sock *bpf_sk_fullsock(struct bpf_sock *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper gets a \fBstruct bpf_sock\fP pointer such -that all the fields in this \fBbpf_sock\fP can be accessed. -.TP -.B Return -A \fBstruct bpf_sock\fP pointer on success, or \fBNULL\fP in -case of failure. -.UNINDENT -.TP -.B \fBstruct bpf_tcp_sock *bpf_tcp_sock(struct bpf_sock *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper gets a \fBstruct bpf_tcp_sock\fP pointer from a -\fBstruct bpf_sock\fP pointer. -.TP -.B Return -A \fBstruct bpf_tcp_sock\fP pointer on success, or \fBNULL\fP in -case of failure. -.UNINDENT -.TP -.B \fBlong bpf_skb_ecn_set_ce(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Set ECN (Explicit Congestion Notification) field of IP header -to \fBCE\fP (Congestion Encountered) if current value is \fBECT\fP -(ECN Capable Transport). Otherwise, do nothing. Works with IPv6 -and IPv4. -.TP -.B Return -1 if the \fBCE\fP flag is set (either by the current helper call -or because it was already present), 0 if it is not set. -.UNINDENT -.TP -.B \fBstruct bpf_sock *bpf_get_listener_sock(struct bpf_sock *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return a \fBstruct bpf_sock\fP pointer in \fBTCP_LISTEN\fP state. -\fBbpf_sk_release\fP() is unnecessary and not allowed. -.TP -.B Return -A \fBstruct bpf_sock\fP pointer on success, or \fBNULL\fP in -case of failure. -.UNINDENT -.TP -.B \fBstruct bpf_sock *bpf_skc_lookup_tcp(void *\fP\fIctx\fP\fB, struct bpf_sock_tuple *\fP\fItuple\fP\fB, u32\fP \fItuple_size\fP\fB, u64\fP \fInetns\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Look for TCP socket matching \fItuple\fP, optionally in a child -network namespace \fInetns\fP\&. The return value must be checked, -and if non\-\fBNULL\fP, released via \fBbpf_sk_release\fP(). -.sp -This function is identical to \fBbpf_sk_lookup_tcp\fP(), except -that it also returns timewait or request sockets. Use -\fBbpf_sk_fullsock\fP() or \fBbpf_tcp_sock\fP() to access the -full structure. -.sp -This helper is available only if the kernel was compiled with -\fBCONFIG_NET\fP configuration option. -.TP -.B Return -Pointer to \fBstruct bpf_sock\fP, or \fBNULL\fP in case of failure. -For sockets with reuseport option, the \fBstruct bpf_sock\fP -result is from \fIreuse\fP\fB\->socks\fP[] using the hash of the -tuple. -.UNINDENT -.TP -.B \fBlong bpf_tcp_check_syncookie(void *\fP\fIsk\fP\fB, void *\fP\fIiph\fP\fB, u32\fP \fIiph_len\fP\fB, struct tcphdr *\fP\fIth\fP\fB, u32\fP \fIth_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Check whether \fIiph\fP and \fIth\fP contain a valid SYN cookie ACK for -the listening socket in \fIsk\fP\&. -.sp -\fIiph\fP points to the start of the IPv4 or IPv6 header, while -\fIiph_len\fP contains \fBsizeof\fP(\fBstruct iphdr\fP) or -\fBsizeof\fP(\fBstruct ipv6hdr\fP). -.sp -\fIth\fP points to the start of the TCP header, while \fIth_len\fP -contains the length of the TCP header (at least -\fBsizeof\fP(\fBstruct tcphdr\fP)). -.TP -.B Return -0 if \fIiph\fP and \fIth\fP are a valid SYN cookie ACK, or a negative -error otherwise. -.UNINDENT -.TP -.B \fBlong bpf_sysctl_get_name(struct bpf_sysctl *\fP\fIctx\fP\fB, char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get name of sysctl in /proc/sys/ and copy it into provided by -program buffer \fIbuf\fP of size \fIbuf_len\fP\&. -.sp -The buffer is always NUL terminated, unless it\(aqs zero\-sized. -.sp -If \fIflags\fP is zero, full name (e.g. \(dqnet/ipv4/tcp_mem\(dq) is -copied. Use \fBBPF_F_SYSCTL_BASE_NAME\fP flag to copy base name -only (e.g. \(dqtcp_mem\(dq). -.TP -.B Return -Number of character copied (not including the trailing NUL). -.sp -\fB\-E2BIG\fP if the buffer wasn\(aqt big enough (\fIbuf\fP will contain -truncated name in this case). -.UNINDENT -.TP -.B \fBlong bpf_sysctl_get_current_value(struct bpf_sysctl *\fP\fIctx\fP\fB, char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get current value of sysctl as it is presented in /proc/sys -(incl. newline, etc), and copy it as a string into provided -by program buffer \fIbuf\fP of size \fIbuf_len\fP\&. -.sp -The whole value is copied, no matter what file position user -space issued e.g. sys_read at. -.sp -The buffer is always NUL terminated, unless it\(aqs zero\-sized. -.TP -.B Return -Number of character copied (not including the trailing NUL). -.sp -\fB\-E2BIG\fP if the buffer wasn\(aqt big enough (\fIbuf\fP will contain -truncated name in this case). -.sp -\fB\-EINVAL\fP if current value was unavailable, e.g. because -sysctl is uninitialized and read returns \-EIO for it. -.UNINDENT -.TP -.B \fBlong bpf_sysctl_get_new_value(struct bpf_sysctl *\fP\fIctx\fP\fB, char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get new value being written by user space to sysctl (before -the actual write happens) and copy it as a string into -provided by program buffer \fIbuf\fP of size \fIbuf_len\fP\&. -.sp -User space may write new value at file position > 0. -.sp -The buffer is always NUL terminated, unless it\(aqs zero\-sized. -.TP -.B Return -Number of character copied (not including the trailing NUL). -.sp -\fB\-E2BIG\fP if the buffer wasn\(aqt big enough (\fIbuf\fP will contain -truncated name in this case). -.sp -\fB\-EINVAL\fP if sysctl is being read. -.UNINDENT -.TP -.B \fBlong bpf_sysctl_set_new_value(struct bpf_sysctl *\fP\fIctx\fP\fB, const char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Override new value being written by user space to sysctl with -value provided by program in buffer \fIbuf\fP of size \fIbuf_len\fP\&. -.sp -\fIbuf\fP should contain a string in same form as provided by user -space on sysctl write. -.sp -User space may write new value at file position > 0. To override -the whole sysctl value file position should be set to zero. -.TP -.B Return -0 on success. -.sp -\fB\-E2BIG\fP if the \fIbuf_len\fP is too big. -.sp -\fB\-EINVAL\fP if sysctl is being read. -.UNINDENT -.TP -.B \fBlong bpf_strtol(const char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB, u64\fP \fIflags\fP\fB, long *\fP\fIres\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Convert the initial part of the string from buffer \fIbuf\fP of -size \fIbuf_len\fP to a long integer according to the given base -and save the result in \fIres\fP\&. -.sp -The string may begin with an arbitrary amount of white space -(as determined by \fBisspace\fP(3)) followed by a single -optional \(aq\fB\-\fP\(aq sign. -.sp -Five least significant bits of \fIflags\fP encode base, other bits -are currently unused. -.sp -Base must be either 8, 10, 16 or 0 to detect it automatically -similar to user space \fBstrtol\fP(3). -.TP -.B Return -Number of characters consumed on success. Must be positive but -no more than \fIbuf_len\fP\&. -.sp -\fB\-EINVAL\fP if no valid digits were found or unsupported base -was provided. -.sp -\fB\-ERANGE\fP if resulting value was out of range. -.UNINDENT -.TP -.B \fBlong bpf_strtoul(const char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB, u64\fP \fIflags\fP\fB, unsigned long *\fP\fIres\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Convert the initial part of the string from buffer \fIbuf\fP of -size \fIbuf_len\fP to an unsigned long integer according to the -given base and save the result in \fIres\fP\&. -.sp -The string may begin with an arbitrary amount of white space -(as determined by \fBisspace\fP(3)). -.sp -Five least significant bits of \fIflags\fP encode base, other bits -are currently unused. -.sp -Base must be either 8, 10, 16 or 0 to detect it automatically -similar to user space \fBstrtoul\fP(3). -.TP -.B Return -Number of characters consumed on success. Must be positive but -no more than \fIbuf_len\fP\&. -.sp -\fB\-EINVAL\fP if no valid digits were found or unsupported base -was provided. -.sp -\fB\-ERANGE\fP if resulting value was out of range. -.UNINDENT -.TP -.B \fBvoid *bpf_sk_storage_get(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIsk\fP\fB, void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get a bpf\-local\-storage from a \fIsk\fP\&. -.sp -Logically, it could be thought of getting the value from -a \fImap\fP with \fIsk\fP as the \fBkey\fP\&. From this -perspective, the usage is not much different from -\fBbpf_map_lookup_elem\fP(\fImap\fP, \fB&\fP\fIsk\fP) except this -helper enforces the key must be a full socket and the map must -be a \fBBPF_MAP_TYPE_SK_STORAGE\fP also. -.sp -Underneath, the value is stored locally at \fIsk\fP instead of -the \fImap\fP\&. The \fImap\fP is used as the bpf\-local\-storage -\(dqtype\(dq. The bpf\-local\-storage \(dqtype\(dq (i.e. the \fImap\fP) is -searched against all bpf\-local\-storages residing at \fIsk\fP\&. -.sp -\fIsk\fP is a kernel \fBstruct sock\fP pointer for LSM program. -\fIsk\fP is a \fBstruct bpf_sock\fP pointer for other program types. -.sp -An optional \fIflags\fP (\fBBPF_SK_STORAGE_GET_F_CREATE\fP) can be -used such that a new bpf\-local\-storage will be -created if one does not exist. \fIvalue\fP can be used -together with \fBBPF_SK_STORAGE_GET_F_CREATE\fP to specify -the initial value of a bpf\-local\-storage. If \fIvalue\fP is -\fBNULL\fP, the new bpf\-local\-storage will be zero initialized. -.TP -.B Return -A bpf\-local\-storage pointer is returned on success. -.sp -\fBNULL\fP if not found or there was an error in adding -a new bpf\-local\-storage. -.UNINDENT -.TP -.B \fBlong bpf_sk_storage_delete(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Delete a bpf\-local\-storage from a \fIsk\fP\&. -.TP -.B Return -0 on success. -.sp -\fB\-ENOENT\fP if the bpf\-local\-storage cannot be found. -\fB\-EINVAL\fP if sk is not a fullsock (e.g. a request_sock). -.UNINDENT -.TP -.B \fBlong bpf_send_signal(u32\fP \fIsig\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Send signal \fIsig\fP to the process of the current task. -The signal may be delivered to any of this process\(aqs threads. -.TP -.B Return -0 on success or successfully queued. -.sp -\fB\-EBUSY\fP if work queue under nmi is full. -.sp -\fB\-EINVAL\fP if \fIsig\fP is invalid. -.sp -\fB\-EPERM\fP if no permission to send the \fIsig\fP\&. -.sp -\fB\-EAGAIN\fP if bpf program can try again. -.UNINDENT -.TP -.B \fBs64 bpf_tcp_gen_syncookie(void *\fP\fIsk\fP\fB, void *\fP\fIiph\fP\fB, u32\fP \fIiph_len\fP\fB, struct tcphdr *\fP\fIth\fP\fB, u32\fP \fIth_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Try to issue a SYN cookie for the packet with corresponding -IP/TCP headers, \fIiph\fP and \fIth\fP, on the listening socket in \fIsk\fP\&. -.sp -\fIiph\fP points to the start of the IPv4 or IPv6 header, while -\fIiph_len\fP contains \fBsizeof\fP(\fBstruct iphdr\fP) or -\fBsizeof\fP(\fBstruct ipv6hdr\fP). -.sp -\fIth\fP points to the start of the TCP header, while \fIth_len\fP -contains the length of the TCP header with options (at least -\fBsizeof\fP(\fBstruct tcphdr\fP)). -.TP -.B Return -On success, lower 32 bits hold the generated SYN cookie in -followed by 16 bits which hold the MSS value for that cookie, -and the top 16 bits are unused. -.sp -On failure, the returned value is one of the following: -.sp -\fB\-EINVAL\fP SYN cookie cannot be issued due to error -.sp -\fB\-ENOENT\fP SYN cookie should not be issued (no SYN flood) -.sp -\fB\-EOPNOTSUPP\fP kernel configuration does not enable SYN cookies -.sp -\fB\-EPROTONOSUPPORT\fP IP packet version is not 4 or 6 -.UNINDENT -.TP -.B \fBlong bpf_skb_output(void *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB, void *\fP\fIdata\fP\fB, u64\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Write raw \fIdata\fP blob into a special BPF perf event held by -\fImap\fP of type \fBBPF_MAP_TYPE_PERF_EVENT_ARRAY\fP\&. This perf -event must have the following attributes: \fBPERF_SAMPLE_RAW\fP -as \fBsample_type\fP, \fBPERF_TYPE_SOFTWARE\fP as \fBtype\fP, and -\fBPERF_COUNT_SW_BPF_OUTPUT\fP as \fBconfig\fP\&. -.sp -The \fIflags\fP are used to indicate the index in \fImap\fP for which -the value must be put, masked with \fBBPF_F_INDEX_MASK\fP\&. -Alternatively, \fIflags\fP can be set to \fBBPF_F_CURRENT_CPU\fP -to indicate that the index of the current CPU core should be -used. -.sp -The value to write, of \fIsize\fP, is passed through eBPF stack and -pointed by \fIdata\fP\&. -.sp -\fIctx\fP is a pointer to in\-kernel struct sk_buff. -.sp -This helper is similar to \fBbpf_perf_event_output\fP() but -restricted to raw_tracepoint bpf programs. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_probe_read_user(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIunsafe_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Safely attempt to read \fIsize\fP bytes from user space address -\fIunsafe_ptr\fP and store the data in \fIdst\fP\&. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_probe_read_kernel(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIunsafe_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Safely attempt to read \fIsize\fP bytes from kernel space address -\fIunsafe_ptr\fP and store the data in \fIdst\fP\&. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_probe_read_user_str(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIunsafe_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Copy a NUL terminated string from an unsafe user address -\fIunsafe_ptr\fP to \fIdst\fP\&. The \fIsize\fP should include the -terminating NUL byte. In case the string length is smaller than -\fIsize\fP, the target is not padded with further NUL bytes. If the -string length is larger than \fIsize\fP, just \fIsize\fP\-1 bytes are -copied and the last byte is set to NUL. -.sp -On success, returns the number of bytes that were written, -including the terminal NUL. This makes this helper useful in -tracing programs for reading strings, and more importantly to -get its length at runtime. See the following snippet: -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -SEC(\(dqkprobe/sys_open\(dq) -void bpf_sys_open(struct pt_regs *ctx) -{ - char buf[PATHLEN]; // PATHLEN is defined to 256 - int res = bpf_probe_read_user_str(buf, sizeof(buf), - ctx\->di); - - // Consume buf, for example push it to - // userspace via bpf_perf_event_output(); we - // can use res (the string length) as event - // size, after checking its boundaries. -} -.EE -.UNINDENT -.UNINDENT -.sp -In comparison, using \fBbpf_probe_read_user\fP() helper here -instead to read the string would require to estimate the length -at compile time, and would often result in copying more memory -than necessary. -.sp -Another useful use case is when parsing individual process -arguments or individual environment variables navigating -\fIcurrent\fP\fB\->mm\->arg_start\fP and \fIcurrent\fP\fB\->mm\->env_start\fP: using this helper and the return value, -one can quickly iterate at the right offset of the memory area. -.TP -.B Return -On success, the strictly positive length of the output string, -including the trailing NUL character. On error, a negative -value. -.UNINDENT -.TP -.B \fBlong bpf_probe_read_kernel_str(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIunsafe_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Copy a NUL terminated string from an unsafe kernel address \fIunsafe_ptr\fP -to \fIdst\fP\&. Same semantics as with \fBbpf_probe_read_user_str\fP() apply. -.TP -.B Return -On success, the strictly positive length of the string, including -the trailing NUL character. On error, a negative value. -.UNINDENT -.TP -.B \fBlong bpf_tcp_send_ack(void *\fP\fItp\fP\fB, u32\fP \fIrcv_nxt\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Send out a tcp\-ack. \fItp\fP is the in\-kernel struct \fBtcp_sock\fP\&. -\fIrcv_nxt\fP is the ack_seq to be sent out. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_send_signal_thread(u32\fP \fIsig\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Send signal \fIsig\fP to the thread corresponding to the current task. -.TP -.B Return -0 on success or successfully queued. -.sp -\fB\-EBUSY\fP if work queue under nmi is full. -.sp -\fB\-EINVAL\fP if \fIsig\fP is invalid. -.sp -\fB\-EPERM\fP if no permission to send the \fIsig\fP\&. -.sp -\fB\-EAGAIN\fP if bpf program can try again. -.UNINDENT -.TP -.B \fBu64 bpf_jiffies64(void)\fP -.INDENT 7.0 -.TP -.B Description -Obtain the 64bit jiffies -.TP -.B Return -The 64 bit jiffies -.UNINDENT -.TP -.B \fBlong bpf_read_branch_records(struct bpf_perf_event_data *\fP\fIctx\fP\fB, void *\fP\fIbuf\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For an eBPF program attached to a perf event, retrieve the -branch records (\fBstruct perf_branch_entry\fP) associated to \fIctx\fP -and store it in the buffer pointed by \fIbuf\fP up to size -\fIsize\fP bytes. -.TP -.B Return -On success, number of bytes written to \fIbuf\fP\&. On error, a -negative value. -.sp -The \fIflags\fP can be set to \fBBPF_F_GET_BRANCH_RECORDS_SIZE\fP to -instead return the number of bytes required to store all the -branch entries. If this flag is set, \fIbuf\fP may be NULL. -.sp -\fB\-EINVAL\fP if arguments invalid or \fBsize\fP not a multiple -of \fBsizeof\fP(\fBstruct perf_branch_entry\fP). -.sp -\fB\-ENOENT\fP if architecture does not support branch records. -.UNINDENT -.TP -.B \fBlong bpf_get_ns_current_pid_tgid(u64\fP \fIdev\fP\fB, u64\fP \fIino\fP\fB, struct bpf_pidns_info *\fP\fInsdata\fP\fB, u32\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Returns 0 on success, values for \fIpid\fP and \fItgid\fP as seen from the current -\fInamespace\fP will be returned in \fInsdata\fP\&. -.TP -.B Return -0 on success, or one of the following in case of failure: -.sp -\fB\-EINVAL\fP if dev and inum supplied don\(aqt match dev_t and inode number -with nsfs of current task, or if dev conversion to dev_t lost high bits. -.sp -\fB\-ENOENT\fP if pidns does not exists for the current task. -.UNINDENT -.TP -.B \fBlong bpf_xdp_output(void *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB, void *\fP\fIdata\fP\fB, u64\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Write raw \fIdata\fP blob into a special BPF perf event held by -\fImap\fP of type \fBBPF_MAP_TYPE_PERF_EVENT_ARRAY\fP\&. This perf -event must have the following attributes: \fBPERF_SAMPLE_RAW\fP -as \fBsample_type\fP, \fBPERF_TYPE_SOFTWARE\fP as \fBtype\fP, and -\fBPERF_COUNT_SW_BPF_OUTPUT\fP as \fBconfig\fP\&. -.sp -The \fIflags\fP are used to indicate the index in \fImap\fP for which -the value must be put, masked with \fBBPF_F_INDEX_MASK\fP\&. -Alternatively, \fIflags\fP can be set to \fBBPF_F_CURRENT_CPU\fP -to indicate that the index of the current CPU core should be -used. -.sp -The value to write, of \fIsize\fP, is passed through eBPF stack and -pointed by \fIdata\fP\&. -.sp -\fIctx\fP is a pointer to in\-kernel struct xdp_buff. -.sp -This helper is similar to \fBbpf_perf_eventoutput\fP() but -restricted to raw_tracepoint bpf programs. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBu64 bpf_get_netns_cookie(void *\fP\fIctx\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Retrieve the cookie (generated by the kernel) of the network -namespace the input \fIctx\fP is associated with. The network -namespace cookie remains stable for its lifetime and provides -a global identifier that can be assumed unique. If \fIctx\fP is -NULL, then the helper returns the cookie for the initial -network namespace. The cookie itself is very similar to that -of \fBbpf_get_socket_cookie\fP() helper, but for network -namespaces instead of sockets. -.TP -.B Return -A 8\-byte long opaque number. -.UNINDENT -.TP -.B \fBu64 bpf_get_current_ancestor_cgroup_id(int\fP \fIancestor_level\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return id of cgroup v2 that is ancestor of the cgroup associated -with the current task at the \fIancestor_level\fP\&. The root cgroup -is at \fIancestor_level\fP zero and each step down the hierarchy -increments the level. If \fIancestor_level\fP == level of cgroup -associated with the current task, then return value will be the -same as that of \fBbpf_get_current_cgroup_id\fP(). -.sp -The helper is useful to implement policies based on cgroups -that are upper in hierarchy than immediate cgroup associated -with the current task. -.sp -The format of returned id and helper limitations are same as in -\fBbpf_get_current_cgroup_id\fP(). -.TP -.B Return -The id is returned or 0 in case the id could not be retrieved. -.UNINDENT -.TP -.B \fBlong bpf_sk_assign(struct sk_buff *\fP\fIskb\fP\fB, void *\fP\fIsk\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Helper is overloaded depending on BPF program type. This -description applies to \fBBPF_PROG_TYPE_SCHED_CLS\fP and -\fBBPF_PROG_TYPE_SCHED_ACT\fP programs. -.sp -Assign the \fIsk\fP to the \fIskb\fP\&. When combined with appropriate -routing configuration to receive the packet towards the socket, -will cause \fIskb\fP to be delivered to the specified socket. -Subsequent redirection of \fIskb\fP via \fBbpf_redirect\fP(), -\fBbpf_clone_redirect\fP() or other methods outside of BPF may -interfere with successful delivery to the socket. -.sp -This operation is only valid from TC ingress path. -.sp -The \fIflags\fP argument must be zero. -.TP -.B Return -0 on success, or a negative error in case of failure: -.sp -\fB\-EINVAL\fP if specified \fIflags\fP are not supported. -.sp -\fB\-ENOENT\fP if the socket is unavailable for assignment. -.sp -\fB\-ENETUNREACH\fP if the socket is unreachable (wrong netns). -.sp -\fB\-EOPNOTSUPP\fP if the operation is not supported, for example -a call from outside of TC ingress. -.UNINDENT -.TP -.B \fBlong bpf_sk_assign(struct bpf_sk_lookup *\fP\fIctx\fP\fB, struct bpf_sock *\fP\fIsk\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Helper is overloaded depending on BPF program type. This -description applies to \fBBPF_PROG_TYPE_SK_LOOKUP\fP programs. -.sp -Select the \fIsk\fP as a result of a socket lookup. -.sp -For the operation to succeed passed socket must be compatible -with the packet description provided by the \fIctx\fP object. -.sp -L4 protocol (\fBIPPROTO_TCP\fP or \fBIPPROTO_UDP\fP) must -be an exact match. While IP family (\fBAF_INET\fP or -\fBAF_INET6\fP) must be compatible, that is IPv6 sockets -that are not v6\-only can be selected for IPv4 packets. -.sp -Only TCP listeners and UDP unconnected sockets can be -selected. \fIsk\fP can also be NULL to reset any previous -selection. -.sp -\fIflags\fP argument can combination of following values: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_SK_LOOKUP_F_REPLACE\fP to override the previous -socket selection, potentially done by a BPF program -that ran before us. -.IP \(bu 2 -\fBBPF_SK_LOOKUP_F_NO_REUSEPORT\fP to skip -load\-balancing within reuseport group for the socket -being selected. -.UNINDENT -.sp -On success \fIctx\->sk\fP will point to the selected socket. -.TP -.B Return -0 on success, or a negative errno in case of failure. -.INDENT 7.0 -.IP \(bu 2 -\fB\-EAFNOSUPPORT\fP if socket family (\fIsk\->family\fP) is -not compatible with packet family (\fIctx\->family\fP). -.IP \(bu 2 -\fB\-EEXIST\fP if socket has been already selected, -potentially by another program, and -\fBBPF_SK_LOOKUP_F_REPLACE\fP flag was not specified. -.IP \(bu 2 -\fB\-EINVAL\fP if unsupported flags were specified. -.IP \(bu 2 -\fB\-EPROTOTYPE\fP if socket L4 protocol -(\fIsk\->protocol\fP) doesn\(aqt match packet protocol -(\fIctx\->protocol\fP). -.IP \(bu 2 -\fB\-ESOCKTNOSUPPORT\fP if socket is not in allowed -state (TCP listening or UDP unconnected). -.UNINDENT -.UNINDENT -.TP -.B \fBu64 bpf_ktime_get_boot_ns(void)\fP -.INDENT 7.0 -.TP -.B Description -Return the time elapsed since system boot, in nanoseconds. -Does include the time the system was suspended. -See: \fBclock_gettime\fP(\fBCLOCK_BOOTTIME\fP) -.TP -.B Return -Current \fIktime\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_seq_printf(struct seq_file *\fP\fIm\fP\fB, const char *\fP\fIfmt\fP\fB, u32\fP \fIfmt_size\fP\fB, const void *\fP\fIdata\fP\fB, u32\fP \fIdata_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -\fBbpf_seq_printf\fP() uses seq_file \fBseq_printf\fP() to print -out the format string. -The \fIm\fP represents the seq_file. The \fIfmt\fP and \fIfmt_size\fP are for -the format string itself. The \fIdata\fP and \fIdata_len\fP are format string -arguments. The \fIdata\fP are a \fBu64\fP array and corresponding format string -values are stored in the array. For strings and pointers where pointees -are accessed, only the pointer values are stored in the \fIdata\fP array. -The \fIdata_len\fP is the size of \fIdata\fP in bytes \- must be a multiple of 8. -.sp -Formats \fB%s\fP, \fB%p{i,I}{4,6}\fP requires to read kernel memory. -Reading kernel memory may fail due to either invalid address or -valid address but requiring a major memory fault. If reading kernel memory -fails, the string for \fB%s\fP will be an empty string, and the ip -address for \fB%p{i,I}{4,6}\fP will be 0. Not returning error to -bpf program is consistent with what \fBbpf_trace_printk\fP() does for now. -.TP -.B Return -0 on success, or a negative error in case of failure: -.sp -\fB\-EBUSY\fP if per\-CPU memory copy buffer is busy, can try again -by returning 1 from bpf program. -.sp -\fB\-EINVAL\fP if arguments are invalid, or if \fIfmt\fP is invalid/unsupported. -.sp -\fB\-E2BIG\fP if \fIfmt\fP contains too many format specifiers. -.sp -\fB\-EOVERFLOW\fP if an overflow happened: The same object will be tried again. -.UNINDENT -.TP -.B \fBlong bpf_seq_write(struct seq_file *\fP\fIm\fP\fB, const void *\fP\fIdata\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -\fBbpf_seq_write\fP() uses seq_file \fBseq_write\fP() to write the data. -The \fIm\fP represents the seq_file. The \fIdata\fP and \fIlen\fP represent the -data to write in bytes. -.TP -.B Return -0 on success, or a negative error in case of failure: -.sp -\fB\-EOVERFLOW\fP if an overflow happened: The same object will be tried again. -.UNINDENT -.TP -.B \fBu64 bpf_sk_cgroup_id(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return the cgroup v2 id of the socket \fIsk\fP\&. -.sp -\fIsk\fP must be a non\-\fBNULL\fP pointer to a socket, e.g. one -returned from \fBbpf_sk_lookup_xxx\fP(), -\fBbpf_sk_fullsock\fP(), etc. The format of returned id is -same as in \fBbpf_skb_cgroup_id\fP(). -.sp -This helper is available only if the kernel was compiled with -the \fBCONFIG_SOCK_CGROUP_DATA\fP configuration option. -.TP -.B Return -The id is returned or 0 in case the id could not be retrieved. -.UNINDENT -.TP -.B \fBu64 bpf_sk_ancestor_cgroup_id(void *\fP\fIsk\fP\fB, int\fP \fIancestor_level\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return id of cgroup v2 that is ancestor of cgroup associated -with the \fIsk\fP at the \fIancestor_level\fP\&. The root cgroup is at -\fIancestor_level\fP zero and each step down the hierarchy -increments the level. If \fIancestor_level\fP == level of cgroup -associated with \fIsk\fP, then return value will be same as that -of \fBbpf_sk_cgroup_id\fP(). -.sp -The helper is useful to implement policies based on cgroups -that are upper in hierarchy than immediate cgroup associated -with \fIsk\fP\&. -.sp -The format of returned id and helper limitations are same as in -\fBbpf_sk_cgroup_id\fP(). -.TP -.B Return -The id is returned or 0 in case the id could not be retrieved. -.UNINDENT -.TP -.B \fBlong bpf_ringbuf_output(void *\fP\fIringbuf\fP\fB, void *\fP\fIdata\fP\fB, u64\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Copy \fIsize\fP bytes from \fIdata\fP into a ring buffer \fIringbuf\fP\&. -If \fBBPF_RB_NO_WAKEUP\fP is specified in \fIflags\fP, no notification -of new data availability is sent. -If \fBBPF_RB_FORCE_WAKEUP\fP is specified in \fIflags\fP, notification -of new data availability is sent unconditionally. -If \fB0\fP is specified in \fIflags\fP, an adaptive notification -of new data availability is sent. -.sp -An adaptive notification is a notification sent whenever the user\-space -process has caught up and consumed all available payloads. In case the user\-space -process is still processing a previous payload, then no notification is needed -as it will process the newly added payload automatically. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBvoid *bpf_ringbuf_reserve(void *\fP\fIringbuf\fP\fB, u64\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Reserve \fIsize\fP bytes of payload in a ring buffer \fIringbuf\fP\&. -\fIflags\fP must be 0. -.TP -.B Return -Valid pointer with \fIsize\fP bytes of memory available; NULL, -otherwise. -.UNINDENT -.TP -.B \fBvoid bpf_ringbuf_submit(void *\fP\fIdata\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Submit reserved ring buffer sample, pointed to by \fIdata\fP\&. -If \fBBPF_RB_NO_WAKEUP\fP is specified in \fIflags\fP, no notification -of new data availability is sent. -If \fBBPF_RB_FORCE_WAKEUP\fP is specified in \fIflags\fP, notification -of new data availability is sent unconditionally. -If \fB0\fP is specified in \fIflags\fP, an adaptive notification -of new data availability is sent. -.sp -See \(aqbpf_ringbuf_output()\(aq for the definition of adaptive notification. -.TP -.B Return -Nothing. Always succeeds. -.UNINDENT -.TP -.B \fBvoid bpf_ringbuf_discard(void *\fP\fIdata\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Discard reserved ring buffer sample, pointed to by \fIdata\fP\&. -If \fBBPF_RB_NO_WAKEUP\fP is specified in \fIflags\fP, no notification -of new data availability is sent. -If \fBBPF_RB_FORCE_WAKEUP\fP is specified in \fIflags\fP, notification -of new data availability is sent unconditionally. -If \fB0\fP is specified in \fIflags\fP, an adaptive notification -of new data availability is sent. -.sp -See \(aqbpf_ringbuf_output()\(aq for the definition of adaptive notification. -.TP -.B Return -Nothing. Always succeeds. -.UNINDENT -.TP -.B \fBu64 bpf_ringbuf_query(void *\fP\fIringbuf\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Query various characteristics of provided ring buffer. What -exactly is queries is determined by \fIflags\fP: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_RB_AVAIL_DATA\fP: Amount of data not yet consumed. -.IP \(bu 2 -\fBBPF_RB_RING_SIZE\fP: The size of ring buffer. -.IP \(bu 2 -\fBBPF_RB_CONS_POS\fP: Consumer position (can wrap around). -.IP \(bu 2 -\fBBPF_RB_PROD_POS\fP: Producer(s) position (can wrap around). -.UNINDENT -.sp -Data returned is just a momentary snapshot of actual values -and could be inaccurate, so this facility should be used to -power heuristics and for reporting, not to make 100% correct -calculation. -.TP -.B Return -Requested value, or 0, if \fIflags\fP are not recognized. -.UNINDENT -.TP -.B \fBlong bpf_csum_level(struct sk_buff *\fP\fIskb\fP\fB, u64\fP \fIlevel\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Change the skbs checksum level by one layer up or down, or -reset it entirely to none in order to have the stack perform -checksum validation. The level is applicable to the following -protocols: TCP, UDP, GRE, SCTP, FCOE. For example, a decap of -| ETH | IP | UDP | GUE | IP | TCP | into | ETH | IP | TCP | -through \fBbpf_skb_adjust_room\fP() helper with passing in -\fBBPF_F_ADJ_ROOM_NO_CSUM_RESET\fP flag would require one call -to \fBbpf_csum_level\fP() with \fBBPF_CSUM_LEVEL_DEC\fP since -the UDP header is removed. Similarly, an encap of the latter -into the former could be accompanied by a helper call to -\fBbpf_csum_level\fP() with \fBBPF_CSUM_LEVEL_INC\fP if the -skb is still intended to be processed in higher layers of the -stack instead of just egressing at tc. -.sp -There are three supported level settings at this time: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_CSUM_LEVEL_INC\fP: Increases skb\->csum_level for skbs -with CHECKSUM_UNNECESSARY. -.IP \(bu 2 -\fBBPF_CSUM_LEVEL_DEC\fP: Decreases skb\->csum_level for skbs -with CHECKSUM_UNNECESSARY. -.IP \(bu 2 -\fBBPF_CSUM_LEVEL_RESET\fP: Resets skb\->csum_level to 0 and -sets CHECKSUM_NONE to force checksum validation by the stack. -.IP \(bu 2 -\fBBPF_CSUM_LEVEL_QUERY\fP: No\-op, returns the current -skb\->csum_level. -.UNINDENT -.TP -.B Return -0 on success, or a negative error in case of failure. In the -case of \fBBPF_CSUM_LEVEL_QUERY\fP, the current skb\->csum_level -is returned or the error code \-EACCES in case the skb is not -subject to CHECKSUM_UNNECESSARY. -.UNINDENT -.TP -.B \fBstruct tcp6_sock *bpf_skc_to_tcp6_sock(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Dynamically cast a \fIsk\fP pointer to a \fItcp6_sock\fP pointer. -.TP -.B Return -\fIsk\fP if casting is valid, or \fBNULL\fP otherwise. -.UNINDENT -.TP -.B \fBstruct tcp_sock *bpf_skc_to_tcp_sock(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Dynamically cast a \fIsk\fP pointer to a \fItcp_sock\fP pointer. -.TP -.B Return -\fIsk\fP if casting is valid, or \fBNULL\fP otherwise. -.UNINDENT -.TP -.B \fBstruct tcp_timewait_sock *bpf_skc_to_tcp_timewait_sock(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Dynamically cast a \fIsk\fP pointer to a \fItcp_timewait_sock\fP pointer. -.TP -.B Return -\fIsk\fP if casting is valid, or \fBNULL\fP otherwise. -.UNINDENT -.TP -.B \fBstruct tcp_request_sock *bpf_skc_to_tcp_request_sock(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Dynamically cast a \fIsk\fP pointer to a \fItcp_request_sock\fP pointer. -.TP -.B Return -\fIsk\fP if casting is valid, or \fBNULL\fP otherwise. -.UNINDENT -.TP -.B \fBstruct udp6_sock *bpf_skc_to_udp6_sock(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Dynamically cast a \fIsk\fP pointer to a \fIudp6_sock\fP pointer. -.TP -.B Return -\fIsk\fP if casting is valid, or \fBNULL\fP otherwise. -.UNINDENT -.TP -.B \fBlong bpf_get_task_stack(struct task_struct *\fP\fItask\fP\fB, void *\fP\fIbuf\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return a user or a kernel stack in bpf program provided buffer. -Note: the user stack will only be populated if the \fItask\fP is -the current task; all other tasks will return \-EOPNOTSUPP. -To achieve this, the helper needs \fItask\fP, which is a valid -pointer to \fBstruct task_struct\fP\&. To store the stacktrace, the -bpf program provides \fIbuf\fP with a nonnegative \fIsize\fP\&. -.sp -The last argument, \fIflags\fP, holds the number of stack frames to -skip (from 0 to 255), masked with -\fBBPF_F_SKIP_FIELD_MASK\fP\&. The next bits can be used to set -the following flags: -.INDENT 7.0 -.TP -.B \fBBPF_F_USER_STACK\fP -Collect a user space stack instead of a kernel stack. -The \fItask\fP must be the current task. -.TP -.B \fBBPF_F_USER_BUILD_ID\fP -Collect buildid+offset instead of ips for user stack, -only valid if \fBBPF_F_USER_STACK\fP is also specified. -.UNINDENT -.sp -\fBbpf_get_task_stack\fP() can collect up to -\fBPERF_MAX_STACK_DEPTH\fP both kernel and user frames, subject -to sufficient large buffer size. Note that -this limit can be controlled with the \fBsysctl\fP program, and -that it should be manually increased in order to profile long -user stacks (such as stacks for Java programs). To do so, use: -.INDENT 7.0 -.INDENT 3.5 -.sp -.EX -# sysctl kernel.perf_event_max_stack= -.EE -.UNINDENT -.UNINDENT -.TP -.B Return -The non\-negative copied \fIbuf\fP length equal to or less than -\fIsize\fP on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_load_hdr_opt(struct bpf_sock_ops *\fP\fIskops\fP\fB, void *\fP\fIsearchby_res\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Load header option. Support reading a particular TCP header -option for bpf program (\fBBPF_PROG_TYPE_SOCK_OPS\fP). -.sp -If \fIflags\fP is 0, it will search the option from the -\fIskops\fP\fB\->skb_data\fP\&. The comment in \fBstruct bpf_sock_ops\fP -has details on what skb_data contains under different -\fIskops\fP\fB\->op\fP\&. -.sp -The first byte of the \fIsearchby_res\fP specifies the -kind that it wants to search. -.sp -If the searching kind is an experimental kind -(i.e. 253 or 254 according to RFC6994). It also -needs to specify the \(dqmagic\(dq which is either -2 bytes or 4 bytes. It then also needs to -specify the size of the magic by using -the 2nd byte which is \(dqkind\-length\(dq of a TCP -header option and the \(dqkind\-length\(dq also -includes the first 2 bytes \(dqkind\(dq and \(dqkind\-length\(dq -itself as a normal TCP header option also does. -.sp -For example, to search experimental kind 254 with -2 byte magic 0xeB9F, the searchby_res should be -[ 254, 4, 0xeB, 0x9F, 0, 0, .... 0 ]. -.sp -To search for the standard window scale option (3), -the \fIsearchby_res\fP should be [ 3, 0, 0, .... 0 ]. -Note, kind\-length must be 0 for regular option. -.sp -Searching for No\-Op (0) and End\-of\-Option\-List (1) are -not supported. -.sp -\fIlen\fP must be at least 2 bytes which is the minimal size -of a header option. -.sp -Supported flags: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_LOAD_HDR_OPT_TCP_SYN\fP to search from the -saved_syn packet or the just\-received syn packet. -.UNINDENT -.TP -.B Return -> 0 when found, the header option is copied to \fIsearchby_res\fP\&. -The return value is the total length copied. On failure, a -negative error code is returned: -.sp -\fB\-EINVAL\fP if a parameter is invalid. -.sp -\fB\-ENOMSG\fP if the option is not found. -.sp -\fB\-ENOENT\fP if no syn packet is available when -\fBBPF_LOAD_HDR_OPT_TCP_SYN\fP is used. -.sp -\fB\-ENOSPC\fP if there is not enough space. Only \fIlen\fP number of -bytes are copied. -.sp -\fB\-EFAULT\fP on failure to parse the header options in the -packet. -.sp -\fB\-EPERM\fP if the helper cannot be used under the current -\fIskops\fP\fB\->op\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_store_hdr_opt(struct bpf_sock_ops *\fP\fIskops\fP\fB, const void *\fP\fIfrom\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Store header option. The data will be copied -from buffer \fIfrom\fP with length \fIlen\fP to the TCP header. -.sp -The buffer \fIfrom\fP should have the whole option that -includes the kind, kind\-length, and the actual -option data. The \fIlen\fP must be at least kind\-length -long. The kind\-length does not have to be 4 byte -aligned. The kernel will take care of the padding -and setting the 4 bytes aligned value to th\->doff. -.sp -This helper will check for duplicated option -by searching the same option in the outgoing skb. -.sp -This helper can only be called during -\fBBPF_SOCK_OPS_WRITE_HDR_OPT_CB\fP\&. -.TP -.B Return -0 on success, or negative error in case of failure: -.sp -\fB\-EINVAL\fP If param is invalid. -.sp -\fB\-ENOSPC\fP if there is not enough space in the header. -Nothing has been written -.sp -\fB\-EEXIST\fP if the option already exists. -.sp -\fB\-EFAULT\fP on failure to parse the existing header options. -.sp -\fB\-EPERM\fP if the helper cannot be used under the current -\fIskops\fP\fB\->op\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_reserve_hdr_opt(struct bpf_sock_ops *\fP\fIskops\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Reserve \fIlen\fP bytes for the bpf header option. The -space will be used by \fBbpf_store_hdr_opt\fP() later in -\fBBPF_SOCK_OPS_WRITE_HDR_OPT_CB\fP\&. -.sp -If \fBbpf_reserve_hdr_opt\fP() is called multiple times, -the total number of bytes will be reserved. -.sp -This helper can only be called during -\fBBPF_SOCK_OPS_HDR_OPT_LEN_CB\fP\&. -.TP -.B Return -0 on success, or negative error in case of failure: -.sp -\fB\-EINVAL\fP if a parameter is invalid. -.sp -\fB\-ENOSPC\fP if there is not enough space in the header. -.sp -\fB\-EPERM\fP if the helper cannot be used under the current -\fIskops\fP\fB\->op\fP\&. -.UNINDENT -.TP -.B \fBvoid *bpf_inode_storage_get(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIinode\fP\fB, void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get a bpf_local_storage from an \fIinode\fP\&. -.sp -Logically, it could be thought of as getting the value from -a \fImap\fP with \fIinode\fP as the \fBkey\fP\&. From this -perspective, the usage is not much different from -\fBbpf_map_lookup_elem\fP(\fImap\fP, \fB&\fP\fIinode\fP) except this -helper enforces the key must be an inode and the map must also -be a \fBBPF_MAP_TYPE_INODE_STORAGE\fP\&. -.sp -Underneath, the value is stored locally at \fIinode\fP instead of -the \fImap\fP\&. The \fImap\fP is used as the bpf\-local\-storage -\(dqtype\(dq. The bpf\-local\-storage \(dqtype\(dq (i.e. the \fImap\fP) is -searched against all bpf_local_storage residing at \fIinode\fP\&. -.sp -An optional \fIflags\fP (\fBBPF_LOCAL_STORAGE_GET_F_CREATE\fP) can be -used such that a new bpf_local_storage will be -created if one does not exist. \fIvalue\fP can be used -together with \fBBPF_LOCAL_STORAGE_GET_F_CREATE\fP to specify -the initial value of a bpf_local_storage. If \fIvalue\fP is -\fBNULL\fP, the new bpf_local_storage will be zero initialized. -.TP -.B Return -A bpf_local_storage pointer is returned on success. -.sp -\fBNULL\fP if not found or there was an error in adding -a new bpf_local_storage. -.UNINDENT -.TP -.B \fBint bpf_inode_storage_delete(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIinode\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Delete a bpf_local_storage from an \fIinode\fP\&. -.TP -.B Return -0 on success. -.sp -\fB\-ENOENT\fP if the bpf_local_storage cannot be found. -.UNINDENT -.TP -.B \fBlong bpf_d_path(struct path *\fP\fIpath\fP\fB, char *\fP\fIbuf\fP\fB, u32\fP \fIsz\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Return full path for given \fBstruct path\fP object, which -needs to be the kernel BTF \fIpath\fP object. The path is -returned in the provided buffer \fIbuf\fP of size \fIsz\fP and -is zero terminated. -.TP -.B Return -On success, the strictly positive length of the string, -including the trailing NUL character. On error, a negative -value. -.UNINDENT -.TP -.B \fBlong bpf_copy_from_user(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIuser_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Read \fIsize\fP bytes from user space address \fIuser_ptr\fP and store -the data in \fIdst\fP\&. This is a wrapper of \fBcopy_from_user\fP(). -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_snprintf_btf(char *\fP\fIstr\fP\fB, u32\fP \fIstr_size\fP\fB, struct btf_ptr *\fP\fIptr\fP\fB, u32\fP \fIbtf_ptr_size\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Use BTF to store a string representation of \fIptr\fP\->ptr in \fIstr\fP, -using \fIptr\fP\->type_id. This value should specify the type -that \fIptr\fP\->ptr points to. LLVM __builtin_btf_type_id(type, 1) -can be used to look up vmlinux BTF type ids. Traversing the -data structure using BTF, the type information and values are -stored in the first \fIstr_size\fP \- 1 bytes of \fIstr\fP\&. Safe copy of -the pointer data is carried out to avoid kernel crashes during -operation. Smaller types can use string space on the stack; -larger programs can use map data to store the string -representation. -.sp -The string can be subsequently shared with userspace via -bpf_perf_event_output() or ring buffer interfaces. -bpf_trace_printk() is to be avoided as it places too small -a limit on string size to be useful. -.sp -\fIflags\fP is a combination of -.INDENT 7.0 -.TP -.B \fBBTF_F_COMPACT\fP -no formatting around type information -.TP -.B \fBBTF_F_NONAME\fP -no struct/union member names/types -.TP -.B \fBBTF_F_PTR_RAW\fP -show raw (unobfuscated) pointer values; -equivalent to printk specifier %px. -.TP -.B \fBBTF_F_ZERO\fP -show zero\-valued struct/union members; they -are not displayed by default -.UNINDENT -.TP -.B Return -The number of bytes that were written (or would have been -written if output had to be truncated due to string size), -or a negative error in cases of failure. -.UNINDENT -.TP -.B \fBlong bpf_seq_printf_btf(struct seq_file *\fP\fIm\fP\fB, struct btf_ptr *\fP\fIptr\fP\fB, u32\fP \fIptr_size\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Use BTF to write to seq_write a string representation of -\fIptr\fP\->ptr, using \fIptr\fP\->type_id as per bpf_snprintf_btf(). -\fIflags\fP are identical to those used for bpf_snprintf_btf. -.TP -.B Return -0 on success or a negative error in case of failure. -.UNINDENT -.TP -.B \fBu64 bpf_skb_cgroup_classid(struct sk_buff *\fP\fIskb\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -See \fBbpf_get_cgroup_classid\fP() for the main description. -This helper differs from \fBbpf_get_cgroup_classid\fP() in that -the cgroup v1 net_cls class is retrieved only from the \fIskb\fP\(aqs -associated socket instead of the current process. -.TP -.B Return -The id is returned or 0 in case the id could not be retrieved. -.UNINDENT -.TP -.B \fBlong bpf_redirect_neigh(u32\fP \fIifindex\fP\fB, struct bpf_redir_neigh *\fP\fIparams\fP\fB, int\fP \fIplen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Redirect the packet to another net device of index \fIifindex\fP -and fill in L2 addresses from neighboring subsystem. This helper -is somewhat similar to \fBbpf_redirect\fP(), except that it -populates L2 addresses as well, meaning, internally, the helper -relies on the neighbor lookup for the L2 address of the nexthop. -.sp -The helper will perform a FIB lookup based on the skb\(aqs -networking header to get the address of the next hop, unless -this is supplied by the caller in the \fIparams\fP argument. The -\fIplen\fP argument indicates the len of \fIparams\fP and should be set -to 0 if \fIparams\fP is NULL. -.sp -The \fIflags\fP argument is reserved and must be 0. The helper is -currently only supported for tc BPF program types, and enabled -for IPv4 and IPv6 protocols. -.TP -.B Return -The helper returns \fBTC_ACT_REDIRECT\fP on success or -\fBTC_ACT_SHOT\fP on error. -.UNINDENT -.TP -.B \fBvoid *bpf_per_cpu_ptr(const void *\fP\fIpercpu_ptr\fP\fB, u32\fP \fIcpu\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Take a pointer to a percpu ksym, \fIpercpu_ptr\fP, and return a -pointer to the percpu kernel variable on \fIcpu\fP\&. A ksym is an -extern variable decorated with \(aq__ksym\(aq. For ksym, there is a -global var (either static or global) defined of the same name -in the kernel. The ksym is percpu if the global var is percpu. -The returned pointer points to the global percpu var on \fIcpu\fP\&. -.sp -bpf_per_cpu_ptr() has the same semantic as per_cpu_ptr() in the -kernel, except that bpf_per_cpu_ptr() may return NULL. This -happens if \fIcpu\fP is larger than nr_cpu_ids. The caller of -bpf_per_cpu_ptr() must check the returned value. -.TP -.B Return -A pointer pointing to the kernel percpu variable on \fIcpu\fP, or -NULL, if \fIcpu\fP is invalid. -.UNINDENT -.TP -.B \fBvoid *bpf_this_cpu_ptr(const void *\fP\fIpercpu_ptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Take a pointer to a percpu ksym, \fIpercpu_ptr\fP, and return a -pointer to the percpu kernel variable on this cpu. See the -description of \(aqksym\(aq in \fBbpf_per_cpu_ptr\fP(). -.sp -bpf_this_cpu_ptr() has the same semantic as this_cpu_ptr() in -the kernel. Different from \fBbpf_per_cpu_ptr\fP(), it would -never return NULL. -.TP -.B Return -A pointer pointing to the kernel percpu variable on this cpu. -.UNINDENT -.TP -.B \fBlong bpf_redirect_peer(u32\fP \fIifindex\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Redirect the packet to another net device of index \fIifindex\fP\&. -This helper is somewhat similar to \fBbpf_redirect\fP(), except -that the redirection happens to the \fIifindex\fP\(aq peer device and -the netns switch takes place from ingress to ingress without -going through the CPU\(aqs backlog queue. -.sp -The \fIflags\fP argument is reserved and must be 0. The helper is -currently only supported for tc BPF program types at the ingress -hook and for veth device types. The peer device must reside in a -different network namespace. -.TP -.B Return -The helper returns \fBTC_ACT_REDIRECT\fP on success or -\fBTC_ACT_SHOT\fP on error. -.UNINDENT -.TP -.B \fBvoid *bpf_task_storage_get(struct bpf_map *\fP\fImap\fP\fB, struct task_struct *\fP\fItask\fP\fB, void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get a bpf_local_storage from the \fItask\fP\&. -.sp -Logically, it could be thought of as getting the value from -a \fImap\fP with \fItask\fP as the \fBkey\fP\&. From this -perspective, the usage is not much different from -\fBbpf_map_lookup_elem\fP(\fImap\fP, \fB&\fP\fItask\fP) except this -helper enforces the key must be a task_struct and the map must also -be a \fBBPF_MAP_TYPE_TASK_STORAGE\fP\&. -.sp -Underneath, the value is stored locally at \fItask\fP instead of -the \fImap\fP\&. The \fImap\fP is used as the bpf\-local\-storage -\(dqtype\(dq. The bpf\-local\-storage \(dqtype\(dq (i.e. the \fImap\fP) is -searched against all bpf_local_storage residing at \fItask\fP\&. -.sp -An optional \fIflags\fP (\fBBPF_LOCAL_STORAGE_GET_F_CREATE\fP) can be -used such that a new bpf_local_storage will be -created if one does not exist. \fIvalue\fP can be used -together with \fBBPF_LOCAL_STORAGE_GET_F_CREATE\fP to specify -the initial value of a bpf_local_storage. If \fIvalue\fP is -\fBNULL\fP, the new bpf_local_storage will be zero initialized. -.TP -.B Return -A bpf_local_storage pointer is returned on success. -.sp -\fBNULL\fP if not found or there was an error in adding -a new bpf_local_storage. -.UNINDENT -.TP -.B \fBlong bpf_task_storage_delete(struct bpf_map *\fP\fImap\fP\fB, struct task_struct *\fP\fItask\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Delete a bpf_local_storage from a \fItask\fP\&. -.TP -.B Return -0 on success. -.sp -\fB\-ENOENT\fP if the bpf_local_storage cannot be found. -.UNINDENT -.TP -.B \fBstruct task_struct *bpf_get_current_task_btf(void)\fP -.INDENT 7.0 -.TP -.B Description -Return a BTF pointer to the \(dqcurrent\(dq task. -This pointer can also be used in helpers that accept an -\fIARG_PTR_TO_BTF_ID\fP of type \fItask_struct\fP\&. -.TP -.B Return -Pointer to the current task. -.UNINDENT -.TP -.B \fBlong bpf_bprm_opts_set(struct linux_binprm *\fP\fIbprm\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Set or clear certain options on \fIbprm\fP: -.sp -\fBBPF_F_BPRM_SECUREEXEC\fP Set the secureexec bit -which sets the \fBAT_SECURE\fP auxv for glibc. The bit -is cleared if the flag is not specified. -.TP -.B Return -\fB\-EINVAL\fP if invalid \fIflags\fP are passed, zero otherwise. -.UNINDENT -.TP -.B \fBu64 bpf_ktime_get_coarse_ns(void)\fP -.INDENT 7.0 -.TP -.B Description -Return a coarse\-grained version of the time elapsed since -system boot, in nanoseconds. Does not include time the system -was suspended. -.sp -See: \fBclock_gettime\fP(\fBCLOCK_MONOTONIC_COARSE\fP) -.TP -.B Return -Current \fIktime\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_ima_inode_hash(struct inode *\fP\fIinode\fP\fB, void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Returns the stored IMA hash of the \fIinode\fP (if it\(aqs available). -If the hash is larger than \fIsize\fP, then only \fIsize\fP -bytes will be copied to \fIdst\fP -.TP -.B Return -The \fBhash_algo\fP is returned on success, -\fB\-EOPNOTSUP\fP if IMA is disabled or \fB\-EINVAL\fP if -invalid arguments are passed. -.UNINDENT -.TP -.B \fBstruct socket *bpf_sock_from_file(struct file *\fP\fIfile\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -If the given file represents a socket, returns the associated -socket. -.TP -.B Return -A pointer to a struct socket on success or NULL if the file is -not a socket. -.UNINDENT -.TP -.B \fBlong bpf_check_mtu(void *\fP\fIctx\fP\fB, u32\fP \fIifindex\fP\fB, u32 *\fP\fImtu_len\fP\fB, s32\fP \fIlen_diff\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Check packet size against exceeding MTU of net device (based -on \fIifindex\fP). This helper will likely be used in combination -with helpers that adjust/change the packet size. -.sp -The argument \fIlen_diff\fP can be used for querying with a planned -size change. This allows to check MTU prior to changing packet -ctx. Providing a \fIlen_diff\fP adjustment that is larger than the -actual packet size (resulting in negative packet size) will in -principle not exceed the MTU, which is why it is not considered -a failure. Other BPF helpers are needed for performing the -planned size change; therefore the responsibility for catching -a negative packet size belongs in those helpers. -.sp -Specifying \fIifindex\fP zero means the MTU check is performed -against the current net device. This is practical if this isn\(aqt -used prior to redirect. -.sp -On input \fImtu_len\fP must be a valid pointer, else verifier will -reject BPF program. If the value \fImtu_len\fP is initialized to -zero then the ctx packet size is use. When value \fImtu_len\fP is -provided as input this specify the L3 length that the MTU check -is done against. Remember XDP and TC length operate at L2, but -this value is L3 as this correlate to MTU and IP\-header tot_len -values which are L3 (similar behavior as bpf_fib_lookup). -.sp -The Linux kernel route table can configure MTUs on a more -specific per route level, which is not provided by this helper. -For route level MTU checks use the \fBbpf_fib_lookup\fP() -helper. -.sp -\fIctx\fP is either \fBstruct xdp_md\fP for XDP programs or -\fBstruct sk_buff\fP for tc cls_act programs. -.sp -The \fIflags\fP argument can be a combination of one or more of the -following values: -.INDENT 7.0 -.TP -.B \fBBPF_MTU_CHK_SEGS\fP -This flag will only works for \fIctx\fP \fBstruct sk_buff\fP\&. -If packet context contains extra packet segment buffers -(often knows as GSO skb), then MTU check is harder to -check at this point, because in transmit path it is -possible for the skb packet to get re\-segmented -(depending on net device features). This could still be -a MTU violation, so this flag enables performing MTU -check against segments, with a different violation -return code to tell it apart. Check cannot use len_diff. -.UNINDENT -.sp -On return \fImtu_len\fP pointer contains the MTU value of the net -device. Remember the net device configured MTU is the L3 size, -which is returned here and XDP and TC length operate at L2. -Helper take this into account for you, but remember when using -MTU value in your BPF\-code. -.TP -.B Return -.INDENT 7.0 -.IP \(bu 2 -0 on success, and populate MTU value in \fImtu_len\fP pointer. -.IP \(bu 2 -< 0 if any input argument is invalid (\fImtu_len\fP not updated) -.UNINDENT -.sp -MTU violations return positive values, but also populate MTU -value in \fImtu_len\fP pointer, as this can be needed for -implementing PMTU handing: -.INDENT 7.0 -.IP \(bu 2 -\fBBPF_MTU_CHK_RET_FRAG_NEEDED\fP -.IP \(bu 2 -\fBBPF_MTU_CHK_RET_SEGS_TOOBIG\fP -.UNINDENT -.UNINDENT -.TP -.B \fBlong bpf_for_each_map_elem(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIcallback_fn\fP\fB, void *\fP\fIcallback_ctx\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For each element in \fBmap\fP, call \fBcallback_fn\fP function with -\fBmap\fP, \fBcallback_ctx\fP and other map\-specific parameters. -The \fBcallback_fn\fP should be a static function and -the \fBcallback_ctx\fP should be a pointer to the stack. -The \fBflags\fP is used to control certain aspects of the helper. -Currently, the \fBflags\fP must be 0. -.sp -The following are a list of supported map types and their -respective expected callback signatures: -.sp -BPF_MAP_TYPE_HASH, BPF_MAP_TYPE_PERCPU_HASH, -BPF_MAP_TYPE_LRU_HASH, BPF_MAP_TYPE_LRU_PERCPU_HASH, -BPF_MAP_TYPE_ARRAY, BPF_MAP_TYPE_PERCPU_ARRAY -.sp -long (*callback_fn)(struct bpf_map *map, const void *key, void *value, void *ctx); -.sp -For per_cpu maps, the map_value is the value on the cpu where the -bpf_prog is running. -.sp -If \fBcallback_fn\fP return 0, the helper will continue to the next -element. If return value is 1, the helper will skip the rest of -elements and return. Other return values are not used now. -.TP -.B Return -The number of traversed map elements for success, \fB\-EINVAL\fP for -invalid \fBflags\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_snprintf(char *\fP\fIstr\fP\fB, u32\fP \fIstr_size\fP\fB, const char *\fP\fIfmt\fP\fB, u64 *\fP\fIdata\fP\fB, u32\fP \fIdata_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Outputs a string into the \fBstr\fP buffer of size \fBstr_size\fP -based on a format string stored in a read\-only map pointed by -\fBfmt\fP\&. -.sp -Each format specifier in \fBfmt\fP corresponds to one u64 element -in the \fBdata\fP array. For strings and pointers where pointees -are accessed, only the pointer values are stored in the \fIdata\fP -array. The \fIdata_len\fP is the size of \fIdata\fP in bytes \- must be -a multiple of 8. -.sp -Formats \fB%s\fP and \fB%p{i,I}{4,6}\fP require to read kernel -memory. Reading kernel memory may fail due to either invalid -address or valid address but requiring a major memory fault. If -reading kernel memory fails, the string for \fB%s\fP will be an -empty string, and the ip address for \fB%p{i,I}{4,6}\fP will be 0. -Not returning error to bpf program is consistent with what -\fBbpf_trace_printk\fP() does for now. -.TP -.B Return -The strictly positive length of the formatted string, including -the trailing zero character. If the return value is greater than -\fBstr_size\fP, \fBstr\fP contains a truncated string, guaranteed to -be zero\-terminated except when \fBstr_size\fP is 0. -.sp -Or \fB\-EBUSY\fP if the per\-CPU memory copy buffer is busy. -.UNINDENT -.TP -.B \fBlong bpf_sys_bpf(u32\fP \fIcmd\fP\fB, void *\fP\fIattr\fP\fB, u32\fP \fIattr_size\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Execute bpf syscall with given arguments. -.TP -.B Return -A syscall result. -.UNINDENT -.TP -.B \fBlong bpf_btf_find_by_name_kind(char *\fP\fIname\fP\fB, int\fP \fIname_sz\fP\fB, u32\fP \fIkind\fP\fB, int\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Find BTF type with given name and kind in vmlinux BTF or in module\(aqs BTFs. -.TP -.B Return -Returns btf_id and btf_obj_fd in lower and upper 32 bits. -.UNINDENT -.TP -.B \fBlong bpf_sys_close(u32\fP \fIfd\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Execute close syscall for given FD. -.TP -.B Return -A syscall result. -.UNINDENT -.TP -.B \fBlong bpf_timer_init(struct bpf_timer *\fP\fItimer\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Initialize the timer. -First 4 bits of \fIflags\fP specify clockid. -Only CLOCK_MONOTONIC, CLOCK_REALTIME, CLOCK_BOOTTIME are allowed. -All other bits of \fIflags\fP are reserved. -The verifier will reject the program if \fItimer\fP is not from -the same \fImap\fP\&. -.TP -.B Return -0 on success. -\fB\-EBUSY\fP if \fItimer\fP is already initialized. -\fB\-EINVAL\fP if invalid \fIflags\fP are passed. -\fB\-EPERM\fP if \fItimer\fP is in a map that doesn\(aqt have any user references. -The user space should either hold a file descriptor to a map with timers -or pin such map in bpffs. When map is unpinned or file descriptor is -closed all timers in the map will be cancelled and freed. -.UNINDENT -.TP -.B \fBlong bpf_timer_set_callback(struct bpf_timer *\fP\fItimer\fP\fB, void *\fP\fIcallback_fn\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Configure the timer to call \fIcallback_fn\fP static function. -.TP -.B Return -0 on success. -\fB\-EINVAL\fP if \fItimer\fP was not initialized with bpf_timer_init() earlier. -\fB\-EPERM\fP if \fItimer\fP is in a map that doesn\(aqt have any user references. -The user space should either hold a file descriptor to a map with timers -or pin such map in bpffs. When map is unpinned or file descriptor is -closed all timers in the map will be cancelled and freed. -.UNINDENT -.TP -.B \fBlong bpf_timer_start(struct bpf_timer *\fP\fItimer\fP\fB, u64\fP \fInsecs\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Set timer expiration N nanoseconds from the current time. The -configured callback will be invoked in soft irq context on some cpu -and will not repeat unless another bpf_timer_start() is made. -In such case the next invocation can migrate to a different cpu. -Since struct bpf_timer is a field inside map element the map -owns the timer. The bpf_timer_set_callback() will increment refcnt -of BPF program to make sure that callback_fn code stays valid. -When user space reference to a map reaches zero all timers -in a map are cancelled and corresponding program\(aqs refcnts are -decremented. This is done to make sure that Ctrl\-C of a user -process doesn\(aqt leave any timers running. If map is pinned in -bpffs the callback_fn can re\-arm itself indefinitely. -bpf_map_update/delete_elem() helpers and user space sys_bpf commands -cancel and free the timer in the given map element. -The map can contain timers that invoke callback_fn\-s from different -programs. The same callback_fn can serve different timers from -different maps if key/value layout matches across maps. -Every bpf_timer_set_callback() can have different callback_fn. -.sp -\fIflags\fP can be one of: -.INDENT 7.0 -.TP -.B \fBBPF_F_TIMER_ABS\fP -Start the timer in absolute expire value instead of the -default relative one. -.TP -.B \fBBPF_F_TIMER_CPU_PIN\fP -Timer will be pinned to the CPU of the caller. -.UNINDENT -.TP -.B Return -0 on success. -\fB\-EINVAL\fP if \fItimer\fP was not initialized with bpf_timer_init() earlier -or invalid \fIflags\fP are passed. -.UNINDENT -.TP -.B \fBlong bpf_timer_cancel(struct bpf_timer *\fP\fItimer\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Cancel the timer and wait for callback_fn to finish if it was running. -.TP -.B Return -0 if the timer was not active. -1 if the timer was active. -\fB\-EINVAL\fP if \fItimer\fP was not initialized with bpf_timer_init() earlier. -\fB\-EDEADLK\fP if callback_fn tried to call bpf_timer_cancel() on its -own timer which would have led to a deadlock otherwise. -.UNINDENT -.TP -.B \fBu64 bpf_get_func_ip(void *\fP\fIctx\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get address of the traced function (for tracing and kprobe programs). -.sp -When called for kprobe program attached as uprobe it returns -probe address for both entry and return uprobe. -.TP -.B Return -Address of the traced function for kprobe. -0 for kprobes placed within the function (not at the entry). -Address of the probe for uprobe and return uprobe. -.UNINDENT -.TP -.B \fBu64 bpf_get_attach_cookie(void *\fP\fIctx\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get bpf_cookie value provided (optionally) during the program -attachment. It might be different for each individual -attachment, even if BPF program itself is the same. -Expects BPF program context \fIctx\fP as a first argument. -.INDENT 7.0 -.TP -.B Supported for the following program types: -.INDENT 7.0 -.IP \(bu 2 -kprobe/uprobe; -.IP \(bu 2 -tracepoint; -.IP \(bu 2 -perf_event. -.UNINDENT -.UNINDENT -.TP -.B Return -Value specified by user at BPF link creation/attachment time -or 0, if it was not specified. -.UNINDENT -.TP -.B \fBlong bpf_task_pt_regs(struct task_struct *\fP\fItask\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get the struct pt_regs associated with \fBtask\fP\&. -.TP -.B Return -A pointer to struct pt_regs. -.UNINDENT -.TP -.B \fBlong bpf_get_branch_snapshot(void *\fP\fIentries\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get branch trace from hardware engines like Intel LBR. The -hardware engine is stopped shortly after the helper is -called. Therefore, the user need to filter branch entries -based on the actual use case. To capture branch trace -before the trigger point of the BPF program, the helper -should be called at the beginning of the BPF program. -.sp -The data is stored as struct perf_branch_entry into output -buffer \fIentries\fP\&. \fIsize\fP is the size of \fIentries\fP in bytes. -\fIflags\fP is reserved for now and must be zero. -.TP -.B Return -On success, number of bytes written to \fIbuf\fP\&. On error, a -negative value. -.sp -\fB\-EINVAL\fP if \fIflags\fP is not zero. -.sp -\fB\-ENOENT\fP if architecture does not support branch records. -.UNINDENT -.TP -.B \fBlong bpf_trace_vprintk(const char *\fP\fIfmt\fP\fB, u32\fP \fIfmt_size\fP\fB, const void *\fP\fIdata\fP\fB, u32\fP \fIdata_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Behaves like \fBbpf_trace_printk\fP() helper, but takes an array of u64 -to format and can handle more format args as a result. -.sp -Arguments are to be used as in \fBbpf_seq_printf\fP() helper. -.TP -.B Return -The number of bytes written to the buffer, or a negative error -in case of failure. -.UNINDENT -.TP -.B \fBstruct unix_sock *bpf_skc_to_unix_sock(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Dynamically cast a \fIsk\fP pointer to a \fIunix_sock\fP pointer. -.TP -.B Return -\fIsk\fP if casting is valid, or \fBNULL\fP otherwise. -.UNINDENT -.TP -.B \fBlong bpf_kallsyms_lookup_name(const char *\fP\fIname\fP\fB, int\fP \fIname_sz\fP\fB, int\fP \fIflags\fP\fB, u64 *\fP\fIres\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get the address of a kernel symbol, returned in \fIres\fP\&. \fIres\fP is -set to 0 if the symbol is not found. -.TP -.B Return -On success, zero. On error, a negative value. -.sp -\fB\-EINVAL\fP if \fIflags\fP is not zero. -.sp -\fB\-EINVAL\fP if string \fIname\fP is not the same size as \fIname_sz\fP\&. -.sp -\fB\-ENOENT\fP if symbol is not found. -.sp -\fB\-EPERM\fP if caller does not have permission to obtain kernel address. -.UNINDENT -.TP -.B \fBlong bpf_find_vma(struct task_struct *\fP\fItask\fP\fB, u64\fP \fIaddr\fP\fB, void *\fP\fIcallback_fn\fP\fB, void *\fP\fIcallback_ctx\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Find vma of \fItask\fP that contains \fIaddr\fP, call \fIcallback_fn\fP -function with \fItask\fP, \fIvma\fP, and \fIcallback_ctx\fP\&. -The \fIcallback_fn\fP should be a static function and -the \fIcallback_ctx\fP should be a pointer to the stack. -The \fIflags\fP is used to control certain aspects of the helper. -Currently, the \fIflags\fP must be 0. -.sp -The expected callback signature is -.sp -long (*callback_fn)(struct task_struct *task, struct vm_area_struct *vma, void *callback_ctx); -.TP -.B Return -0 on success. -\fB\-ENOENT\fP if \fItask\->mm\fP is NULL, or no vma contains \fIaddr\fP\&. -\fB\-EBUSY\fP if failed to try lock mmap_lock. -\fB\-EINVAL\fP for invalid \fBflags\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_loop(u32\fP \fInr_loops\fP\fB, void *\fP\fIcallback_fn\fP\fB, void *\fP\fIcallback_ctx\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -For \fBnr_loops\fP, call \fBcallback_fn\fP function -with \fBcallback_ctx\fP as the context parameter. -The \fBcallback_fn\fP should be a static function and -the \fBcallback_ctx\fP should be a pointer to the stack. -The \fBflags\fP is used to control certain aspects of the helper. -Currently, the \fBflags\fP must be 0. Currently, nr_loops is -limited to 1 << 23 (~8 million) loops. -.sp -long (*callback_fn)(u32 index, void *ctx); -.sp -where \fBindex\fP is the current index in the loop. The index -is zero\-indexed. -.sp -If \fBcallback_fn\fP returns 0, the helper will continue to the next -loop. If return value is 1, the helper will skip the rest of -the loops and return. Other return values are not used now, -and will be rejected by the verifier. -.TP -.B Return -The number of loops performed, \fB\-EINVAL\fP for invalid \fBflags\fP, -\fB\-E2BIG\fP if \fBnr_loops\fP exceeds the maximum number of loops. -.UNINDENT -.TP -.B \fBlong bpf_strncmp(const char *\fP\fIs1\fP\fB, u32\fP \fIs1_sz\fP\fB, const char *\fP\fIs2\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Do strncmp() between \fBs1\fP and \fBs2\fP\&. \fBs1\fP doesn\(aqt need -to be null\-terminated and \fBs1_sz\fP is the maximum storage -size of \fBs1\fP\&. \fBs2\fP must be a read\-only string. -.TP -.B Return -An integer less than, equal to, or greater than zero -if the first \fBs1_sz\fP bytes of \fBs1\fP is found to be -less than, to match, or be greater than \fBs2\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_get_func_arg(void *\fP\fIctx\fP\fB, u32\fP \fIn\fP\fB, u64 *\fP\fIvalue\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get \fBn\fP\-th argument register (zero based) of the traced function (for tracing programs) -returned in \fBvalue\fP\&. -.TP -.B Return -0 on success. -\fB\-EINVAL\fP if n >= argument register count of traced function. -.UNINDENT -.TP -.B \fBlong bpf_get_func_ret(void *\fP\fIctx\fP\fB, u64 *\fP\fIvalue\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get return value of the traced function (for tracing programs) -in \fBvalue\fP\&. -.TP -.B Return -0 on success. -\fB\-EOPNOTSUPP\fP for tracing programs other than BPF_TRACE_FEXIT or BPF_MODIFY_RETURN. -.UNINDENT -.TP -.B \fBlong bpf_get_func_arg_cnt(void *\fP\fIctx\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get number of registers of the traced function (for tracing programs) where -function arguments are stored in these registers. -.TP -.B Return -The number of argument registers of the traced function. -.UNINDENT -.TP -.B \fBint bpf_get_retval(void)\fP -.INDENT 7.0 -.TP -.B Description -Get the BPF program\(aqs return value that will be returned to the upper layers. -.sp -This helper is currently supported by cgroup programs and only by the hooks -where BPF program\(aqs return value is returned to the userspace via errno. -.TP -.B Return -The BPF program\(aqs return value. -.UNINDENT -.TP -.B \fBint bpf_set_retval(int\fP \fIretval\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Set the BPF program\(aqs return value that will be returned to the upper layers. -.sp -This helper is currently supported by cgroup programs and only by the hooks -where BPF program\(aqs return value is returned to the userspace via errno. -.sp -Note that there is the following corner case where the program exports an error -via bpf_set_retval but signals success via \(aqreturn 1\(aq: -.INDENT 7.0 -.INDENT 3.5 -bpf_set_retval(\-EPERM); -return 1; -.UNINDENT -.UNINDENT -.sp -In this case, the BPF program\(aqs return value will use helper\(aqs \-EPERM. This -still holds true for cgroup/bind{4,6} which supports extra \(aqreturn 3\(aq success case. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBu64 bpf_xdp_get_buff_len(struct xdp_buff *\fP\fIxdp_md\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get the total size of a given xdp buff (linear and paged area) -.TP -.B Return -The total size of a given xdp buffer. -.UNINDENT -.TP -.B \fBlong bpf_xdp_load_bytes(struct xdp_buff *\fP\fIxdp_md\fP\fB, u32\fP \fIoffset\fP\fB, void *\fP\fIbuf\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -This helper is provided as an easy way to load data from a -xdp buffer. It can be used to load \fIlen\fP bytes from \fIoffset\fP from -the frame associated to \fIxdp_md\fP, into the buffer pointed by -\fIbuf\fP\&. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_xdp_store_bytes(struct xdp_buff *\fP\fIxdp_md\fP\fB, u32\fP \fIoffset\fP\fB, void *\fP\fIbuf\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Store \fIlen\fP bytes from buffer \fIbuf\fP into the frame -associated to \fIxdp_md\fP, at \fIoffset\fP\&. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBlong bpf_copy_from_user_task(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIuser_ptr\fP\fB, struct task_struct *\fP\fItsk\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Read \fIsize\fP bytes from user space address \fIuser_ptr\fP in \fItsk\fP\(aqs -address space, and stores the data in \fIdst\fP\&. \fIflags\fP is not -used yet and is provided for future extensibility. This helper -can only be used by sleepable programs. -.TP -.B Return -0 on success, or a negative error in case of failure. On error -\fIdst\fP buffer is zeroed out. -.UNINDENT -.TP -.B \fBlong bpf_skb_set_tstamp(struct sk_buff *\fP\fIskb\fP\fB, u64\fP \fItstamp\fP\fB, u32\fP \fItstamp_type\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Change the __sk_buff\->tstamp_type to \fItstamp_type\fP -and set \fItstamp\fP to the __sk_buff\->tstamp together. -.sp -If there is no need to change the __sk_buff\->tstamp_type, -the tstamp value can be directly written to __sk_buff\->tstamp -instead. -.sp -BPF_SKB_TSTAMP_DELIVERY_MONO is the only tstamp that -will be kept during bpf_redirect_*(). A non zero -\fItstamp\fP must be used with the BPF_SKB_TSTAMP_DELIVERY_MONO -\fItstamp_type\fP\&. -.sp -A BPF_SKB_TSTAMP_UNSPEC \fItstamp_type\fP can only be used -with a zero \fItstamp\fP\&. -.sp -Only IPv4 and IPv6 skb\->protocol are supported. -.sp -This function is most useful when it needs to set a -mono delivery time to __sk_buff\->tstamp and then -bpf_redirect_*() to the egress of an iface. For example, -changing the (rcv) timestamp in __sk_buff\->tstamp at -ingress to a mono delivery time and then bpf_redirect_*() -to \fI\%sch_fq@phy\-dev\fP\&. -.TP -.B Return -0 on success. -\fB\-EINVAL\fP for invalid input -\fB\-EOPNOTSUPP\fP for unsupported protocol -.UNINDENT -.TP -.B \fBlong bpf_ima_file_hash(struct file *\fP\fIfile\fP\fB, void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Returns a calculated IMA hash of the \fIfile\fP\&. -If the hash is larger than \fIsize\fP, then only \fIsize\fP -bytes will be copied to \fIdst\fP -.TP -.B Return -The \fBhash_algo\fP is returned on success, -\fB\-EOPNOTSUP\fP if the hash calculation failed or \fB\-EINVAL\fP if -invalid arguments are passed. -.UNINDENT -.TP -.B \fBvoid *bpf_kptr_xchg(void *\fP\fImap_value\fP\fB, void *\fP\fIptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Exchange kptr at pointer \fImap_value\fP with \fIptr\fP, and return the -old value. \fIptr\fP can be NULL, otherwise it must be a referenced -pointer which will be released when this helper is called. -.TP -.B Return -The old value of kptr (which can be NULL). The returned pointer -if not NULL, is a reference which must be released using its -corresponding release function, or moved into a BPF map before -program exit. -.UNINDENT -.TP -.B \fBvoid *bpf_map_lookup_percpu_elem(struct bpf_map *\fP\fImap\fP\fB, const void *\fP\fIkey\fP\fB, u32\fP \fIcpu\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Perform a lookup in \fIpercpu map\fP for an entry associated to -\fIkey\fP on \fIcpu\fP\&. -.TP -.B Return -Map value associated to \fIkey\fP on \fIcpu\fP, or \fBNULL\fP if no entry -was found or \fIcpu\fP is invalid. -.UNINDENT -.TP -.B \fBstruct mptcp_sock *bpf_skc_to_mptcp_sock(void *\fP\fIsk\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Dynamically cast a \fIsk\fP pointer to a \fImptcp_sock\fP pointer. -.TP -.B Return -\fIsk\fP if casting is valid, or \fBNULL\fP otherwise. -.UNINDENT -.TP -.B \fBlong bpf_dynptr_from_mem(void *\fP\fIdata\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB, struct bpf_dynptr *\fP\fIptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get a dynptr to local memory \fIdata\fP\&. -.sp -\fIdata\fP must be a ptr to a map value. -The maximum \fIsize\fP supported is DYNPTR_MAX_SIZE. -\fIflags\fP is currently unused. -.TP -.B Return -0 on success, \-E2BIG if the size exceeds DYNPTR_MAX_SIZE, -\-EINVAL if flags is not 0. -.UNINDENT -.TP -.B \fBlong bpf_ringbuf_reserve_dynptr(void *\fP\fIringbuf\fP\fB, u32\fP \fIsize\fP\fB, u64\fP \fIflags\fP\fB, struct bpf_dynptr *\fP\fIptr\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Reserve \fIsize\fP bytes of payload in a ring buffer \fIringbuf\fP -through the dynptr interface. \fIflags\fP must be 0. -.sp -Please note that a corresponding bpf_ringbuf_submit_dynptr or -bpf_ringbuf_discard_dynptr must be called on \fIptr\fP, even if the -reservation fails. This is enforced by the verifier. -.TP -.B Return -0 on success, or a negative error in case of failure. -.UNINDENT -.TP -.B \fBvoid bpf_ringbuf_submit_dynptr(struct bpf_dynptr *\fP\fIptr\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Submit reserved ring buffer sample, pointed to by \fIdata\fP, -through the dynptr interface. This is a no\-op if the dynptr is -invalid/null. -.sp -For more information on \fIflags\fP, please see -\(aqbpf_ringbuf_submit\(aq. -.TP -.B Return -Nothing. Always succeeds. -.UNINDENT -.TP -.B \fBvoid bpf_ringbuf_discard_dynptr(struct bpf_dynptr *\fP\fIptr\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Discard reserved ring buffer sample through the dynptr -interface. This is a no\-op if the dynptr is invalid/null. -.sp -For more information on \fIflags\fP, please see -\(aqbpf_ringbuf_discard\(aq. -.TP -.B Return -Nothing. Always succeeds. -.UNINDENT -.TP -.B \fBlong bpf_dynptr_read(void *\fP\fIdst\fP\fB, u32\fP \fIlen\fP\fB, const struct bpf_dynptr *\fP\fIsrc\fP\fB, u32\fP \fIoffset\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Read \fIlen\fP bytes from \fIsrc\fP into \fIdst\fP, starting from \fIoffset\fP -into \fIsrc\fP\&. -\fIflags\fP is currently unused. -.TP -.B Return -0 on success, \-E2BIG if \fIoffset\fP + \fIlen\fP exceeds the length -of \fIsrc\fP\(aqs data, \-EINVAL if \fIsrc\fP is an invalid dynptr or if -\fIflags\fP is not 0. -.UNINDENT -.TP -.B \fBlong bpf_dynptr_write(const struct bpf_dynptr *\fP\fIdst\fP\fB, u32\fP \fIoffset\fP\fB, void *\fP\fIsrc\fP\fB, u32\fP \fIlen\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Write \fIlen\fP bytes from \fIsrc\fP into \fIdst\fP, starting from \fIoffset\fP -into \fIdst\fP\&. -.sp -\fIflags\fP must be 0 except for skb\-type dynptrs. -.INDENT 7.0 -.TP -.B For skb\-type dynptrs: -.INDENT 7.0 -.IP \(bu 2 -All data slices of the dynptr are automatically -invalidated after \fBbpf_dynptr_write\fP(). This is -because writing may pull the skb and change the -underlying packet buffer. -.IP \(bu 2 -For \fIflags\fP, please see the flags accepted by -\fBbpf_skb_store_bytes\fP(). -.UNINDENT -.UNINDENT -.TP -.B Return -0 on success, \-E2BIG if \fIoffset\fP + \fIlen\fP exceeds the length -of \fIdst\fP\(aqs data, \-EINVAL if \fIdst\fP is an invalid dynptr or if \fIdst\fP -is a read\-only dynptr or if \fIflags\fP is not correct. For skb\-type dynptrs, -other errors correspond to errors returned by \fBbpf_skb_store_bytes\fP(). -.UNINDENT -.TP -.B \fBvoid *bpf_dynptr_data(const struct bpf_dynptr *\fP\fIptr\fP\fB, u32\fP \fIoffset\fP\fB, u32\fP \fIlen\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get a pointer to the underlying dynptr data. -.sp -\fIlen\fP must be a statically known value. The returned data slice -is invalidated whenever the dynptr is invalidated. -.sp -skb and xdp type dynptrs may not use bpf_dynptr_data. They should -instead use bpf_dynptr_slice and bpf_dynptr_slice_rdwr. -.TP -.B Return -Pointer to the underlying dynptr data, NULL if the dynptr is -read\-only, if the dynptr is invalid, or if the offset and length -is out of bounds. -.UNINDENT -.TP -.B \fBs64 bpf_tcp_raw_gen_syncookie_ipv4(struct iphdr *\fP\fIiph\fP\fB, struct tcphdr *\fP\fIth\fP\fB, u32\fP \fIth_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Try to issue a SYN cookie for the packet with corresponding -IPv4/TCP headers, \fIiph\fP and \fIth\fP, without depending on a -listening socket. -.sp -\fIiph\fP points to the IPv4 header. -.sp -\fIth\fP points to the start of the TCP header, while \fIth_len\fP -contains the length of the TCP header (at least -\fBsizeof\fP(\fBstruct tcphdr\fP)). -.TP -.B Return -On success, lower 32 bits hold the generated SYN cookie in -followed by 16 bits which hold the MSS value for that cookie, -and the top 16 bits are unused. -.sp -On failure, the returned value is one of the following: -.sp -\fB\-EINVAL\fP if \fIth_len\fP is invalid. -.UNINDENT -.TP -.B \fBs64 bpf_tcp_raw_gen_syncookie_ipv6(struct ipv6hdr *\fP\fIiph\fP\fB, struct tcphdr *\fP\fIth\fP\fB, u32\fP \fIth_len\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Try to issue a SYN cookie for the packet with corresponding -IPv6/TCP headers, \fIiph\fP and \fIth\fP, without depending on a -listening socket. -.sp -\fIiph\fP points to the IPv6 header. -.sp -\fIth\fP points to the start of the TCP header, while \fIth_len\fP -contains the length of the TCP header (at least -\fBsizeof\fP(\fBstruct tcphdr\fP)). -.TP -.B Return -On success, lower 32 bits hold the generated SYN cookie in -followed by 16 bits which hold the MSS value for that cookie, -and the top 16 bits are unused. -.sp -On failure, the returned value is one of the following: -.sp -\fB\-EINVAL\fP if \fIth_len\fP is invalid. -.sp -\fB\-EPROTONOSUPPORT\fP if CONFIG_IPV6 is not builtin. -.UNINDENT -.TP -.B \fBlong bpf_tcp_raw_check_syncookie_ipv4(struct iphdr *\fP\fIiph\fP\fB, struct tcphdr *\fP\fIth\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Check whether \fIiph\fP and \fIth\fP contain a valid SYN cookie ACK -without depending on a listening socket. -.sp -\fIiph\fP points to the IPv4 header. -.sp -\fIth\fP points to the TCP header. -.TP -.B Return -0 if \fIiph\fP and \fIth\fP are a valid SYN cookie ACK. -.sp -On failure, the returned value is one of the following: -.sp -\fB\-EACCES\fP if the SYN cookie is not valid. -.UNINDENT -.TP -.B \fBlong bpf_tcp_raw_check_syncookie_ipv6(struct ipv6hdr *\fP\fIiph\fP\fB, struct tcphdr *\fP\fIth\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Check whether \fIiph\fP and \fIth\fP contain a valid SYN cookie ACK -without depending on a listening socket. -.sp -\fIiph\fP points to the IPv6 header. -.sp -\fIth\fP points to the TCP header. -.TP -.B Return -0 if \fIiph\fP and \fIth\fP are a valid SYN cookie ACK. -.sp -On failure, the returned value is one of the following: -.sp -\fB\-EACCES\fP if the SYN cookie is not valid. -.sp -\fB\-EPROTONOSUPPORT\fP if CONFIG_IPV6 is not builtin. -.UNINDENT -.TP -.B \fBu64 bpf_ktime_get_tai_ns(void)\fP -.INDENT 7.0 -.TP -.B Description -A nonsettable system\-wide clock derived from wall\-clock time but -ignoring leap seconds. This clock does not experience -discontinuities and backwards jumps caused by NTP inserting leap -seconds as CLOCK_REALTIME does. -.sp -See: \fBclock_gettime\fP(\fBCLOCK_TAI\fP) -.TP -.B Return -Current \fIktime\fP\&. -.UNINDENT -.TP -.B \fBlong bpf_user_ringbuf_drain(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIcallback_fn\fP\fB, void *\fP\fIctx\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Drain samples from the specified user ring buffer, and invoke -the provided callback for each such sample: -.sp -long (*callback_fn)(const struct bpf_dynptr *dynptr, void *ctx); -.sp -If \fBcallback_fn\fP returns 0, the helper will continue to try -and drain the next sample, up to a maximum of -BPF_MAX_USER_RINGBUF_SAMPLES samples. If the return value is 1, -the helper will skip the rest of the samples and return. Other -return values are not used now, and will be rejected by the -verifier. -.TP -.B Return -The number of drained samples if no error was encountered while -draining samples, or 0 if no samples were present in the ring -buffer. If a user\-space producer was epoll\-waiting on this map, -and at least one sample was drained, they will receive an event -notification notifying them of available space in the ring -buffer. If the BPF_RB_NO_WAKEUP flag is passed to this -function, no wakeup notification will be sent. If the -BPF_RB_FORCE_WAKEUP flag is passed, a wakeup notification will -be sent even if no sample was drained. -.sp -On failure, the returned value is one of the following: -.sp -\fB\-EBUSY\fP if the ring buffer is contended, and another calling -context was concurrently draining the ring buffer. -.sp -\fB\-EINVAL\fP if user\-space is not properly tracking the ring -buffer due to the producer position not being aligned to 8 -bytes, a sample not being aligned to 8 bytes, or the producer -position not matching the advertised length of a sample. -.sp -\fB\-E2BIG\fP if user\-space has tried to publish a sample which is -larger than the size of the ring buffer, or which cannot fit -within a struct bpf_dynptr. -.UNINDENT -.TP -.B \fBvoid *bpf_cgrp_storage_get(struct bpf_map *\fP\fImap\fP\fB, struct cgroup *\fP\fIcgroup\fP\fB, void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Get a bpf_local_storage from the \fIcgroup\fP\&. -.sp -Logically, it could be thought of as getting the value from -a \fImap\fP with \fIcgroup\fP as the \fBkey\fP\&. From this -perspective, the usage is not much different from -\fBbpf_map_lookup_elem\fP(\fImap\fP, \fB&\fP\fIcgroup\fP) except this -helper enforces the key must be a cgroup struct and the map must also -be a \fBBPF_MAP_TYPE_CGRP_STORAGE\fP\&. -.sp -In reality, the local\-storage value is embedded directly inside of the -\fIcgroup\fP object itself, rather than being located in the -\fBBPF_MAP_TYPE_CGRP_STORAGE\fP map. When the local\-storage value is -queried for some \fImap\fP on a \fIcgroup\fP object, the kernel will perform an -O(n) iteration over all of the live local\-storage values for that -\fIcgroup\fP object until the local\-storage value for the \fImap\fP is found. -.sp -An optional \fIflags\fP (\fBBPF_LOCAL_STORAGE_GET_F_CREATE\fP) can be -used such that a new bpf_local_storage will be -created if one does not exist. \fIvalue\fP can be used -together with \fBBPF_LOCAL_STORAGE_GET_F_CREATE\fP to specify -the initial value of a bpf_local_storage. If \fIvalue\fP is -\fBNULL\fP, the new bpf_local_storage will be zero initialized. -.TP -.B Return -A bpf_local_storage pointer is returned on success. -.sp -\fBNULL\fP if not found or there was an error in adding -a new bpf_local_storage. -.UNINDENT -.TP -.B \fBlong bpf_cgrp_storage_delete(struct bpf_map *\fP\fImap\fP\fB, struct cgroup *\fP\fIcgroup\fP\fB)\fP -.INDENT 7.0 -.TP -.B Description -Delete a bpf_local_storage from a \fIcgroup\fP\&. -.TP -.B Return -0 on success. -.sp -\fB\-ENOENT\fP if the bpf_local_storage cannot be found. -.UNINDENT -.UNINDENT -.SH EXAMPLES -.sp -Example usage for most of the eBPF helpers listed in this manual page are -available within the Linux kernel sources, at the following locations: -.INDENT 0.0 -.IP \(bu 2 -\fIsamples/bpf/\fP -.IP \(bu 2 -\fItools/testing/selftests/bpf/\fP -.UNINDENT -.SH LICENSE -.sp -eBPF programs can have an associated license, passed along with the bytecode -instructions to the kernel when the programs are loaded. The format for that -string is identical to the one in use for kernel modules (Dual licenses, such -as \(dqDual BSD/GPL\(dq, may be used). Some helper functions are only accessible to -programs that are compatible with the GNU General Public License (GNU GPL). -.sp -In order to use such helpers, the eBPF program must be loaded with the correct -license string passed (via \fBattr\fP) to the \fBbpf\fP() system call, and this -generally translates into the C source code of the program containing a line -similar to the following: -.INDENT 0.0 -.INDENT 3.5 -.sp -.EX -char ____license[] __attribute__((section(\(dqlicense\(dq), used)) = \(dqGPL\(dq; -.EE -.UNINDENT -.UNINDENT -.SH IMPLEMENTATION -.sp -This manual page is an effort to document the existing eBPF helper functions. -But as of this writing, the BPF sub\-system is under heavy development. New eBPF -program or map types are added, along with new helper functions. Some helpers -are occasionally made available for additional program types. So in spite of -the efforts of the community, this page might not be up\-to\-date. If you want to -check by yourself what helper functions exist in your kernel, or what types of -programs they can support, here are some files among the kernel tree that you -may be interested in: -.INDENT 0.0 -.IP \(bu 2 -\fIinclude/uapi/linux/bpf.h\fP is the main BPF header. It contains the full list -of all helper functions, as well as many other BPF definitions including most -of the flags, structs or constants used by the helpers. -.IP \(bu 2 -\fInet/core/filter.c\fP contains the definition of most network\-related helper -functions, and the list of program types from which they can be used. -.IP \(bu 2 -\fIkernel/trace/bpf_trace.c\fP is the equivalent for most tracing program\-related -helpers. -.IP \(bu 2 -\fIkernel/bpf/verifier.c\fP contains the functions used to check that valid types -of eBPF maps are used with a given helper function. -.IP \(bu 2 -\fIkernel/bpf/\fP directory contains other files in which additional helpers are -defined (for cgroups, sockmaps, etc.). -.IP \(bu 2 -The bpftool utility can be used to probe the availability of helper functions -on the system (as well as supported program and map types, and a number of -other parameters). To do so, run \fBbpftool feature probe\fP (see -\fBbpftool\-feature\fP(8) for details). Add the \fBunprivileged\fP keyword to -list features available to unprivileged users. -.UNINDENT -.sp -Compatibility between helper functions and program types can generally be found -in the files where helper functions are defined. Look for the \fBstruct -bpf_func_proto\fP objects and for functions returning them: these functions -contain a list of helpers that a given program type can call. Note that the -\fBdefault:\fP label of the \fBswitch ... case\fP used to filter helpers can call -other functions, themselves allowing access to additional helpers. The -requirement for GPL license is also in those \fBstruct bpf_func_proto\fP\&. -.sp -Compatibility between helper functions and map types can be found in the -\fBcheck_map_func_compatibility\fP() function in file \fIkernel/bpf/verifier.c\fP\&. -.sp -Helper functions that invalidate the checks on \fBdata\fP and \fBdata_end\fP -pointers for network processing are listed in function -\fBbpf_helper_changes_pkt_data\fP() in file \fInet/core/filter.c\fP\&. -.SH SEE ALSO -.sp -\fBbpf\fP(2), -\fBbpftool\fP(8), -\fBcgroups\fP(7), -\fBip\fP(8), -\fBperf_event_open\fP(2), -\fBsendmsg\fP(2), -\fBsocket\fP(7), -\fBtc\-bpf\fP(8) -.\" Generated by docutils manpage writer. -. diff --git a/man7/capabilities.7 b/man7/capabilities.7 deleted file mode 100644 index ad087f9..0000000 --- a/man7/capabilities.7 +++ /dev/null @@ -1,1872 +0,0 @@ -.\" Copyright (c) 2002 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" 6 Aug 2002 - Initial Creation -.\" Modified 2003-05-23, Michael Kerrisk, -.\" Modified 2004-05-27, Michael Kerrisk, -.\" 2004-12-08, mtk Added O_NOATIME for CAP_FOWNER -.\" 2005-08-16, mtk, Added CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE -.\" 2008-07-15, Serge Hallyn -.\" Document file capabilities, per-process capability -.\" bounding set, changed semantics for CAP_SETPCAP, -.\" and other changes in Linux 2.6.2[45]. -.\" Add CAP_MAC_ADMIN, CAP_MAC_OVERRIDE, CAP_SETFCAP. -.\" 2008-07-15, mtk -.\" Add text describing circumstances in which CAP_SETPCAP -.\" (theoretically) permits a thread to change the -.\" capability sets of another thread. -.\" Add section describing rules for programmatically -.\" adjusting thread capability sets. -.\" Describe rationale for capability bounding set. -.\" Document "securebits" flags. -.\" Add text noting that if we set the effective flag for one file -.\" capability, then we must also set the effective flag for all -.\" other capabilities where the permitted or inheritable bit is set. -.\" 2011-09-07, mtk/Serge hallyn: Add CAP_SYSLOG -.\" -.TH Capabilities 7 2024-02-25 "Linux man-pages 6.7" -.SH NAME -capabilities \- overview of Linux capabilities -.SH DESCRIPTION -For the purpose of performing permission checks, -traditional UNIX implementations distinguish two categories of processes: -.I privileged -processes (whose effective user ID is 0, referred to as superuser or root), -and -.I unprivileged -processes (whose effective UID is nonzero). -Privileged processes bypass all kernel permission checks, -while unprivileged processes are subject to full permission -checking based on the process's credentials -(usually: effective UID, effective GID, and supplementary group list). -.P -Starting with Linux 2.2, Linux divides the privileges traditionally -associated with superuser into distinct units, known as -.IR capabilities , -which can be independently enabled and disabled. -Capabilities are a per-thread attribute. -.\" -.SS Capabilities list -The following list shows the capabilities implemented on Linux, -and the operations or behaviors that each capability permits: -.TP -.BR CAP_AUDIT_CONTROL " (since Linux 2.6.11)" -Enable and disable kernel auditing; change auditing filter rules; -retrieve auditing status and filtering rules. -.TP -.BR CAP_AUDIT_READ " (since Linux 3.16)" -.\" commit a29b694aa1739f9d76538e34ae25524f9c549d59 -.\" commit 3a101b8de0d39403b2c7e5c23fd0b005668acf48 -Allow reading the audit log via a multicast netlink socket. -.TP -.BR CAP_AUDIT_WRITE " (since Linux 2.6.11)" -Write records to kernel auditing log. -.\" FIXME Add FAN_ENABLE_AUDIT -.TP -.BR CAP_BLOCK_SUSPEND " (since Linux 3.5)" -Employ features that can block system suspend -.RB ( epoll (7) -.BR EPOLLWAKEUP , -.IR /proc/sys/wake_lock ). -.TP -.BR CAP_BPF " (since Linux 5.8)" -Employ privileged BPF operations; see -.BR bpf (2) -and -.BR bpf\-helpers (7). -.IP -This capability was added in Linux 5.8 to separate out -BPF functionality from the overloaded -.B CAP_SYS_ADMIN -capability. -.TP -.BR CAP_CHECKPOINT_RESTORE " (since Linux 5.9)" -.\" commit 124ea650d3072b005457faed69909221c2905a1f -.PD 0 -.RS -.IP \[bu] 3 -Update -.I /proc/sys/kernel/ns_last_pid -(see -.BR pid_namespaces (7)); -.IP \[bu] -employ the -.I set_tid -feature of -.BR clone3 (2); -.\" FIXME There is also some use case relating to -.\" prctl_set_mm_exe_file(); in the 5.9 sources, see -.\" prctl_set_mm_map(). -.IP \[bu] -read the contents of the symbolic links in -.IR /proc/ pid /map_files -for other processes. -.RE -.PD -.IP -This capability was added in Linux 5.9 to separate out -checkpoint/restore functionality from the overloaded -.B CAP_SYS_ADMIN -capability. -.TP -.B CAP_CHOWN -Make arbitrary changes to file UIDs and GIDs (see -.BR chown (2)). -.TP -.B CAP_DAC_OVERRIDE -Bypass file read, write, and execute permission checks. -(DAC is an abbreviation of "discretionary access control".) -.TP -.B CAP_DAC_READ_SEARCH -.PD 0 -.RS -.IP \[bu] 3 -Bypass file read permission checks and -directory read and execute permission checks; -.IP \[bu] -invoke -.BR open_by_handle_at (2); -.IP \[bu] -use the -.BR linkat (2) -.B AT_EMPTY_PATH -flag to create a link to a file referred to by a file descriptor. -.RE -.PD -.TP -.B CAP_FOWNER -.PD 0 -.RS -.IP \[bu] 3 -Bypass permission checks on operations that normally -require the filesystem UID of the process to match the UID of -the file (e.g., -.BR chmod (2), -.BR utime (2)), -excluding those operations covered by -.B CAP_DAC_OVERRIDE -and -.BR CAP_DAC_READ_SEARCH ; -.IP \[bu] -set inode flags (see -.BR ioctl_iflags (2)) -on arbitrary files; -.IP \[bu] -set Access Control Lists (ACLs) on arbitrary files; -.IP \[bu] -ignore directory sticky bit on file deletion; -.IP \[bu] -modify -.I user -extended attributes on sticky directory owned by any user; -.IP \[bu] -specify -.B O_NOATIME -for arbitrary files in -.BR open (2) -and -.BR fcntl (2). -.RE -.PD -.TP -.B CAP_FSETID -.PD 0 -.RS -.IP \[bu] 3 -Don't clear set-user-ID and set-group-ID mode -bits when a file is modified; -.IP \[bu] -set the set-group-ID bit for a file whose GID does not match -the filesystem or any of the supplementary GIDs of the calling process. -.RE -.PD -.TP -.B CAP_IPC_LOCK -.\" FIXME . As at Linux 3.2, there are some strange uses of this capability -.\" in other places; they probably should be replaced with something else. -.PD 0 -.RS -.IP \[bu] 3 -Lock memory -.RB ( mlock (2), -.BR mlockall (2), -.BR mmap (2), -.BR shmctl (2)); -.IP \[bu] -Allocate memory using huge pages -.RB ( memfd_create (2), -.BR mmap (2), -.BR shmctl (2)). -.RE -.PD -.TP -.B CAP_IPC_OWNER -Bypass permission checks for operations on System V IPC objects. -.TP -.B CAP_KILL -Bypass permission checks for sending signals (see -.BR kill (2)). -This includes use of the -.BR ioctl (2) -.B KDSIGACCEPT -operation. -.\" FIXME . CAP_KILL also has an effect for threads + setting child -.\" termination signal to other than SIGCHLD: without this -.\" capability, the termination signal reverts to SIGCHLD -.\" if the child does an exec(). What is the rationale -.\" for this? -.TP -.BR CAP_LEASE " (since Linux 2.4)" -Establish leases on arbitrary files (see -.BR fcntl (2)). -.TP -.B CAP_LINUX_IMMUTABLE -Set the -.B FS_APPEND_FL -and -.B FS_IMMUTABLE_FL -inode flags (see -.BR ioctl_iflags (2)). -.TP -.BR CAP_MAC_ADMIN " (since Linux 2.6.25)" -Allow MAC configuration or state changes. -Implemented for the Smack Linux Security Module (LSM). -.TP -.BR CAP_MAC_OVERRIDE " (since Linux 2.6.25)" -Override Mandatory Access Control (MAC). -Implemented for the Smack LSM. -.TP -.BR CAP_MKNOD " (since Linux 2.4)" -Create special files using -.BR mknod (2). -.TP -.B CAP_NET_ADMIN -Perform various network-related operations: -.PD 0 -.RS -.IP \[bu] 3 -interface configuration; -.IP \[bu] -administration of IP firewall, masquerading, and accounting; -.IP \[bu] -modify routing tables; -.IP \[bu] -bind to any address for transparent proxying; -.IP \[bu] -set type-of-service (TOS); -.IP \[bu] -clear driver statistics; -.IP \[bu] -set promiscuous mode; -.IP \[bu] -enabling multicasting; -.IP \[bu] -use -.BR setsockopt (2) -to set the following socket options: -.BR SO_DEBUG , -.BR SO_MARK , -.B SO_PRIORITY -(for a priority outside the range 0 to 6), -.BR SO_RCVBUFFORCE , -and -.BR SO_SNDBUFFORCE . -.RE -.PD -.TP -.B CAP_NET_BIND_SERVICE -Bind a socket to Internet domain privileged ports -(port numbers less than 1024). -.TP -.B CAP_NET_BROADCAST -(Unused) Make socket broadcasts, and listen to multicasts. -.\" FIXME Since Linux 4.2, there are use cases for netlink sockets -.\" commit 59324cf35aba5336b611074028777838a963d03b -.TP -.B CAP_NET_RAW -.PD 0 -.RS -.IP \[bu] 3 -Use RAW and PACKET sockets; -.IP \[bu] -bind to any address for transparent proxying. -.RE -.PD -.\" Also various IP options and setsockopt(SO_BINDTODEVICE) -.TP -.BR CAP_PERFMON " (since Linux 5.8)" -Employ various performance-monitoring mechanisms, including: -.RS -.IP \[bu] 3 -.PD 0 -call -.BR perf_event_open (2); -.IP \[bu] -employ various BPF operations that have performance implications. -.RE -.PD -.IP -This capability was added in Linux 5.8 to separate out -performance monitoring functionality from the overloaded -.B CAP_SYS_ADMIN -capability. -See also the kernel source file -.IR Documentation/admin\-guide/perf\-security.rst . -.TP -.B CAP_SETGID -.RS -.PD 0 -.IP \[bu] 3 -Make arbitrary manipulations of process GIDs and supplementary GID list; -.IP \[bu] -forge GID when passing socket credentials via UNIX domain sockets; -.IP \[bu] -write a group ID mapping in a user namespace (see -.BR user_namespaces (7)). -.PD -.RE -.TP -.BR CAP_SETFCAP " (since Linux 2.6.24)" -Set arbitrary capabilities on a file. -.IP -.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18 -Since Linux 5.12, this capability is -also needed to map user ID 0 in a new user namespace; see -.BR user_namespaces (7) -for details. -.TP -.B CAP_SETPCAP -If file capabilities are supported (i.e., since Linux 2.6.24): -add any capability from the calling thread's bounding set -to its inheritable set; -drop capabilities from the bounding set (via -.BR prctl (2) -.BR PR_CAPBSET_DROP ); -make changes to the -.I securebits -flags. -.IP -If file capabilities are not supported (i.e., before Linux 2.6.24): -grant or remove any capability in the -caller's permitted capability set to or from any other process. -(This property of -.B CAP_SETPCAP -is not available when the kernel is configured to support -file capabilities, since -.B CAP_SETPCAP -has entirely different semantics for such kernels.) -.TP -.B CAP_SETUID -.RS -.PD 0 -.IP \[bu] 3 -Make arbitrary manipulations of process UIDs -.RB ( setuid (2), -.BR setreuid (2), -.BR setresuid (2), -.BR setfsuid (2)); -.IP \[bu] -forge UID when passing socket credentials via UNIX domain sockets; -.IP \[bu] -write a user ID mapping in a user namespace (see -.BR user_namespaces (7)). -.PD -.RE -.\" FIXME CAP_SETUID also an effect in exec(); document this. -.TP -.B CAP_SYS_ADMIN -.IR Note : -this capability is overloaded; see -.I Notes to kernel developers -below. -.IP -.PD 0 -.RS -.IP \[bu] 3 -Perform a range of system administration operations including: -.BR quotactl (2), -.BR mount (2), -.BR umount (2), -.BR pivot_root (2), -.BR swapon (2), -.BR swapoff (2), -.BR sethostname (2), -and -.BR setdomainname (2); -.IP \[bu] -perform privileged -.BR syslog (2) -operations (since Linux 2.6.37, -.B CAP_SYSLOG -should be used to permit such operations); -.IP \[bu] -perform -.B VM86_REQUEST_IRQ -.BR vm86 (2) -command; -.IP \[bu] -access the same checkpoint/restore functionality that is governed by -.B CAP_CHECKPOINT_RESTORE -(but the latter, weaker capability is preferred for accessing -that functionality). -.IP \[bu] -perform the same BPF operations as are governed by -.B CAP_BPF -(but the latter, weaker capability is preferred for accessing -that functionality). -.IP \[bu] -employ the same performance monitoring mechanisms as are governed by -.B CAP_PERFMON -(but the latter, weaker capability is preferred for accessing -that functionality). -.IP \[bu] -perform -.B IPC_SET -and -.B IPC_RMID -operations on arbitrary System V IPC objects; -.IP \[bu] -override -.B RLIMIT_NPROC -resource limit; -.IP \[bu] -perform operations on -.I trusted -and -.I security -extended attributes (see -.BR xattr (7)); -.IP \[bu] -use -.BR lookup_dcookie (2); -.IP \[bu] -use -.BR ioprio_set (2) -to assign -.B IOPRIO_CLASS_RT -and (before Linux 2.6.25) -.B IOPRIO_CLASS_IDLE -I/O scheduling classes; -.IP \[bu] -forge PID when passing socket credentials via UNIX domain sockets; -.IP \[bu] -exceed -.IR /proc/sys/fs/file\-max , -the system-wide limit on the number of open files, -in system calls that open files (e.g., -.BR accept (2), -.BR execve (2), -.BR open (2), -.BR pipe (2)); -.IP \[bu] -employ -.B CLONE_* -flags that create new namespaces with -.BR clone (2) -and -.BR unshare (2) -(but, since Linux 3.8, -creating user namespaces does not require any capability); -.IP \[bu] -access privileged -.I perf -event information; -.IP \[bu] -call -.BR setns (2) -(requires -.B CAP_SYS_ADMIN -in the -.I target -namespace); -.IP \[bu] -call -.BR fanotify_init (2); -.IP \[bu] -perform privileged -.B KEYCTL_CHOWN -and -.B KEYCTL_SETPERM -.BR keyctl (2) -operations; -.IP \[bu] -perform -.BR madvise (2) -.B MADV_HWPOISON -operation; -.IP \[bu] -employ the -.B TIOCSTI -.BR ioctl (2) -to insert characters into the input queue of a terminal other than -the caller's controlling terminal; -.IP \[bu] -employ the obsolete -.BR nfsservctl (2) -system call; -.IP \[bu] -employ the obsolete -.BR bdflush (2) -system call; -.IP \[bu] -perform various privileged block-device -.BR ioctl (2) -operations; -.IP \[bu] -perform various privileged filesystem -.BR ioctl (2) -operations; -.IP \[bu] -perform privileged -.BR ioctl (2) -operations on the -.I /dev/random -device (see -.BR random (4)); -.IP \[bu] -install a -.BR seccomp (2) -filter without first having to set the -.I no_new_privs -thread attribute; -.IP \[bu] -modify allow/deny rules for device control groups; -.IP \[bu] -employ the -.BR ptrace (2) -.B PTRACE_SECCOMP_GET_FILTER -operation to dump tracee's seccomp filters; -.IP \[bu] -employ the -.BR ptrace (2) -.B PTRACE_SETOPTIONS -operation to suspend the tracee's seccomp protections (i.e., the -.B PTRACE_O_SUSPEND_SECCOMP -flag); -.IP \[bu] -perform administrative operations on many device drivers; -.IP \[bu] -modify autogroup nice values by writing to -.IR /proc/ pid /autogroup -(see -.BR sched (7)). -.RE -.PD -.TP -.B CAP_SYS_BOOT -Use -.BR reboot (2) -and -.BR kexec_load (2). -.TP -.B CAP_SYS_CHROOT -.RS -.PD 0 -.IP \[bu] 3 -Use -.BR chroot (2); -.IP \[bu] -change mount namespaces using -.BR setns (2). -.PD -.RE -.TP -.B CAP_SYS_MODULE -.RS -.PD 0 -.IP \[bu] 3 -Load and unload kernel modules -(see -.BR init_module (2) -and -.BR delete_module (2)); -.IP \[bu] -before Linux 2.6.25: -drop capabilities from the system-wide capability bounding set. -.PD -.RE -.TP -.B CAP_SYS_NICE -.PD 0 -.RS -.IP \[bu] 3 -Lower the process nice value -.RB ( nice (2), -.BR setpriority (2)) -and change the nice value for arbitrary processes; -.IP \[bu] -set real-time scheduling policies for calling process, -and set scheduling policies and priorities for arbitrary processes -.RB ( sched_setscheduler (2), -.BR sched_setparam (2), -.BR sched_setattr (2)); -.IP \[bu] -set CPU affinity for arbitrary processes -.RB ( sched_setaffinity (2)); -.IP \[bu] -set I/O scheduling class and priority for arbitrary processes -.RB ( ioprio_set (2)); -.IP \[bu] -apply -.BR migrate_pages (2) -to arbitrary processes and allow processes -to be migrated to arbitrary nodes; -.\" FIXME CAP_SYS_NICE also has the following effect for -.\" migrate_pages(2): -.\" do_migrate_pages(mm, &old, &new, -.\" capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); -.\" -.\" Document this. -.IP \[bu] -apply -.BR move_pages (2) -to arbitrary processes; -.IP \[bu] -use the -.B MPOL_MF_MOVE_ALL -flag with -.BR mbind (2) -and -.BR move_pages (2). -.RE -.PD -.TP -.B CAP_SYS_PACCT -Use -.BR acct (2). -.TP -.B CAP_SYS_PTRACE -.PD 0 -.RS -.IP \[bu] 3 -Trace arbitrary processes using -.BR ptrace (2); -.IP \[bu] -apply -.BR get_robust_list (2) -to arbitrary processes; -.IP \[bu] -transfer data to or from the memory of arbitrary processes using -.BR process_vm_readv (2) -and -.BR process_vm_writev (2); -.IP \[bu] -inspect processes using -.BR kcmp (2). -.RE -.PD -.TP -.B CAP_SYS_RAWIO -.PD 0 -.RS -.IP \[bu] 3 -Perform I/O port operations -.RB ( iopl (2) -and -.BR ioperm (2)); -.IP \[bu] -access -.IR /proc/kcore ; -.IP \[bu] -employ the -.B FIBMAP -.BR ioctl (2) -operation; -.IP \[bu] -open devices for accessing x86 model-specific registers (MSRs, see -.BR msr (4)); -.IP \[bu] -update -.IR /proc/sys/vm/mmap_min_addr ; -.IP \[bu] -create memory mappings at addresses below the value specified by -.IR /proc/sys/vm/mmap_min_addr ; -.IP \[bu] -map files in -.IR /proc/bus/pci ; -.IP \[bu] -open -.I /dev/mem -and -.IR /dev/kmem ; -.IP \[bu] -perform various SCSI device commands; -.IP \[bu] -perform certain operations on -.BR hpsa (4) -and -.BR cciss (4) -devices; -.IP \[bu] -perform a range of device-specific operations on other devices. -.RE -.PD -.TP -.B CAP_SYS_RESOURCE -.PD 0 -.RS -.IP \[bu] 3 -Use reserved space on ext2 filesystems; -.IP \[bu] -make -.BR ioctl (2) -calls controlling ext3 journaling; -.IP \[bu] -override disk quota limits; -.IP \[bu] -increase resource limits (see -.BR setrlimit (2)); -.IP \[bu] -override -.B RLIMIT_NPROC -resource limit; -.IP \[bu] -override maximum number of consoles on console allocation; -.IP \[bu] -override maximum number of keymaps; -.IP \[bu] -allow more than 64hz interrupts from the real-time clock; -.IP \[bu] -raise -.I msg_qbytes -limit for a System V message queue above the limit in -.I /proc/sys/kernel/msgmnb -(see -.BR msgop (2) -and -.BR msgctl (2)); -.IP \[bu] -allow the -.B RLIMIT_NOFILE -resource limit on the number of "in-flight" file descriptors -to be bypassed when passing file descriptors to another process -via a UNIX domain socket (see -.BR unix (7)); -.IP \[bu] -override the -.I /proc/sys/fs/pipe\-size\-max -limit when setting the capacity of a pipe using the -.B F_SETPIPE_SZ -.BR fcntl (2) -command; -.IP \[bu] -use -.B F_SETPIPE_SZ -to increase the capacity of a pipe above the limit specified by -.IR /proc/sys/fs/pipe\-max\-size ; -.IP \[bu] -override -.IR /proc/sys/fs/mqueue/queues_max , -.IR /proc/sys/fs/mqueue/msg_max , -and -.I /proc/sys/fs/mqueue/msgsize_max -limits when creating POSIX message queues (see -.BR mq_overview (7)); -.IP \[bu] -employ the -.BR prctl (2) -.B PR_SET_MM -operation; -.IP \[bu] -set -.IR /proc/ pid /oom_score_adj -to a value lower than the value last set by a process with -.BR CAP_SYS_RESOURCE . -.RE -.PD -.TP -.B CAP_SYS_TIME -Set system clock -.RB ( settimeofday (2), -.BR stime (2), -.BR adjtimex (2)); -set real-time (hardware) clock. -.TP -.B CAP_SYS_TTY_CONFIG -Use -.BR vhangup (2); -employ various privileged -.BR ioctl (2) -operations on virtual terminals. -.TP -.BR CAP_SYSLOG " (since Linux 2.6.37)" -.RS -.PD 0 -.IP \[bu] 3 -Perform privileged -.BR syslog (2) -operations. -See -.BR syslog (2) -for information on which operations require privilege. -.IP \[bu] -View kernel addresses exposed via -.I /proc -and other interfaces when -.I /proc/sys/kernel/kptr_restrict -has the value 1. -(See the discussion of the -.I kptr_restrict -in -.BR proc (5).) -.PD -.RE -.TP -.BR CAP_WAKE_ALARM " (since Linux 3.0)" -Trigger something that will wake up the system (set -.B CLOCK_REALTIME_ALARM -and -.B CLOCK_BOOTTIME_ALARM -timers). -.\" -.SS Past and current implementation -A full implementation of capabilities requires that: -.IP \[bu] 3 -For all privileged operations, -the kernel must check whether the thread has the required -capability in its effective set. -.IP \[bu] -The kernel must provide system calls allowing a thread's capability sets to -be changed and retrieved. -.IP \[bu] -The filesystem must support attaching capabilities to an executable file, -so that a process gains those capabilities when the file is executed. -.P -Before Linux 2.6.24, only the first two of these requirements are met; -since Linux 2.6.24, all three requirements are met. -.\" -.SS Notes to kernel developers -When adding a new kernel feature that should be governed by a capability, -consider the following points. -.IP \[bu] 3 -The goal of capabilities is divide the power of superuser into pieces, -such that if a program that has one or more capabilities is compromised, -its power to do damage to the system would be less than the same program -running with root privilege. -.IP \[bu] -You have the choice of either creating a new capability for your new feature, -or associating the feature with one of the existing capabilities. -In order to keep the set of capabilities to a manageable size, -the latter option is preferable, -unless there are compelling reasons to take the former option. -(There is also a technical limit: -the size of capability sets is currently limited to 64 bits.) -.IP \[bu] -To determine which existing capability might best be associated -with your new feature, review the list of capabilities above in order -to find a "silo" into which your new feature best fits. -One approach to take is to determine if there are other features -requiring capabilities that will always be used along with the new feature. -If the new feature is useless without these other features, -you should use the same capability as the other features. -.IP \[bu] -.I Don't -choose -.B CAP_SYS_ADMIN -if you can possibly avoid it! -A vast proportion of existing capability checks are associated -with this capability (see the partial list above). -It can plausibly be called "the new root", -since on the one hand, it confers a wide range of powers, -and on the other hand, -its broad scope means that this is the capability -that is required by many privileged programs. -Don't make the problem worse. -The only new features that should be associated with -.B CAP_SYS_ADMIN -are ones that -.I closely -match existing uses in that silo. -.IP \[bu] -If you have determined that it really is necessary to create -a new capability for your feature, -don't make or name it as a "single-use" capability. -Thus, for example, the addition of the highly specific -.B CAP_SYS_PACCT -was probably a mistake. -Instead, try to identify and name your new capability as a broader -silo into which other related future use cases might fit. -.\" -.SS Thread capability sets -Each thread has the following capability sets containing zero or more -of the above capabilities: -.TP -.I Permitted -This is a limiting superset for the effective -capabilities that the thread may assume. -It is also a limiting superset for the capabilities that -may be added to the inheritable set by a thread that does not have the -.B CAP_SETPCAP -capability in its effective set. -.IP -If a thread drops a capability from its permitted set, -it can never reacquire that capability (unless it -.BR execve (2)s -either a set-user-ID-root program, or -a program whose associated file capabilities grant that capability). -.TP -.I Inheritable -This is a set of capabilities preserved across an -.BR execve (2). -Inheritable capabilities remain inheritable when executing any program, -and inheritable capabilities are added to the permitted set when executing -a program that has the corresponding bits set in the file inheritable set. -.IP -Because inheritable capabilities are not generally preserved across -.BR execve (2) -when running as a non-root user, applications that wish to run helper -programs with elevated capabilities should consider using -ambient capabilities, described below. -.TP -.I Effective -This is the set of capabilities used by the kernel to -perform permission checks for the thread. -.TP -.IR Bounding " (per-thread since Linux 2.6.25)" -The capability bounding set is a mechanism that can be used -to limit the capabilities that are gained during -.BR execve (2). -.IP -Since Linux 2.6.25, this is a per-thread capability set. -In older kernels, the capability bounding set was a system wide attribute -shared by all threads on the system. -.IP -For more details, see -.I Capability bounding set -below. -.TP -.IR Ambient " (since Linux 4.3)" -.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08 -This is a set of capabilities that are preserved across an -.BR execve (2) -of a program that is not privileged. -The ambient capability set obeys the invariant that no capability -can ever be ambient if it is not both permitted and inheritable. -.IP -The ambient capability set can be directly modified using -.BR prctl (2). -Ambient capabilities are automatically lowered if either of -the corresponding permitted or inheritable capabilities is lowered. -.IP -Executing a program that changes UID or GID due to the -set-user-ID or set-group-ID bits or executing a program that has -any file capabilities set will clear the ambient set. -Ambient capabilities are added to the permitted set and -assigned to the effective set when -.BR execve (2) -is called. -If ambient capabilities cause a process's permitted and effective -capabilities to increase during an -.BR execve (2), -this does not trigger the secure-execution mode described in -.BR ld.so (8). -.P -A child created via -.BR fork (2) -inherits copies of its parent's capability sets. -For details on how -.BR execve (2) -affects capabilities, see -.I Transformation of capabilities during execve() -below. -.P -Using -.BR capset (2), -a thread may manipulate its own capability sets; see -.I Programmatically adjusting capability sets -below. -.P -Since Linux 3.2, the file -.I /proc/sys/kernel/cap_last_cap -.\" commit 73efc0394e148d0e15583e13712637831f926720 -exposes the numerical value of the highest capability -supported by the running kernel; -this can be used to determine the highest bit -that may be set in a capability set. -.\" -.SS File capabilities -Since Linux 2.6.24, the kernel supports -associating capability sets with an executable file using -.BR setcap (8). -The file capability sets are stored in an extended attribute (see -.BR setxattr (2) -and -.BR xattr (7)) -named -.IR "security.capability" . -Writing to this extended attribute requires the -.B CAP_SETFCAP -capability. -The file capability sets, -in conjunction with the capability sets of the thread, -determine the capabilities of a thread after an -.BR execve (2). -.P -The three file capability sets are: -.TP -.IR Permitted " (formerly known as " forced ): -These capabilities are automatically permitted to the thread, -regardless of the thread's inheritable capabilities. -.TP -.IR Inheritable " (formerly known as " allowed ): -This set is ANDed with the thread's inheritable set to determine which -inheritable capabilities are enabled in the permitted set of -the thread after the -.BR execve (2). -.TP -.IR Effective : -This is not a set, but rather just a single bit. -If this bit is set, then during an -.BR execve (2) -all of the new permitted capabilities for the thread are -also raised in the effective set. -If this bit is not set, then after an -.BR execve (2), -none of the new permitted capabilities is in the new effective set. -.IP -Enabling the file effective capability bit implies -that any file permitted or inheritable capability that causes a -thread to acquire the corresponding permitted capability during an -.BR execve (2) -(see -.I Transformation of capabilities during execve() -below) will also acquire that -capability in its effective set. -Therefore, when assigning capabilities to a file -.RB ( setcap (8), -.BR cap_set_file (3), -.BR cap_set_fd (3)), -if we specify the effective flag as being enabled for any capability, -then the effective flag must also be specified as enabled -for all other capabilities for which the corresponding permitted or -inheritable flag is enabled. -.\" -.SS File capability extended attribute versioning -To allow extensibility, -the kernel supports a scheme to encode a version number inside the -.I security.capability -extended attribute that is used to implement file capabilities. -These version numbers are internal to the implementation, -and not directly visible to user-space applications. -To date, the following versions are supported: -.TP -.B VFS_CAP_REVISION_1 -This was the original file capability implementation, -which supported 32-bit masks for file capabilities. -.TP -.BR VFS_CAP_REVISION_2 " (since Linux 2.6.25)" -.\" commit e338d263a76af78fe8f38a72131188b58fceb591 -This version allows for file capability masks that are 64 bits in size, -and was necessary as the number of supported capabilities grew beyond 32. -The kernel transparently continues to support the execution of files -that have 32-bit version 1 capability masks, -but when adding capabilities to files that did not previously -have capabilities, or modifying the capabilities of existing files, -it automatically uses the version 2 scheme -(or possibly the version 3 scheme, as described below). -.TP -.BR VFS_CAP_REVISION_3 " (since Linux 4.14)" -.\" commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 -Version 3 file capabilities are provided -to support namespaced file capabilities (described below). -.IP -As with version 2 file capabilities, -version 3 capability masks are 64 bits in size. -But in addition, the root user ID of namespace is encoded in the -.I security.capability -extended attribute. -(A namespace's root user ID is the value that user ID 0 -inside that namespace maps to in the initial user namespace.) -.IP -Version 3 file capabilities are designed to coexist -with version 2 capabilities; -that is, on a modern Linux system, -there may be some files with version 2 capabilities -while others have version 3 capabilities. -.P -Before Linux 4.14, -the only kind of file capability extended attribute -that could be attached to a file was a -.B VFS_CAP_REVISION_2 -attribute. -Since Linux 4.14, -the version of the -.I security.capability -extended attribute that is attached to a file -depends on the circumstances in which the attribute was created. -.P -Starting with Linux 4.14, a -.I security.capability -extended attribute is automatically created as (or converted to) -a version 3 -.RB ( VFS_CAP_REVISION_3 ) -attribute if both of the following are true: -.IP \[bu] 3 -The thread writing the attribute resides in a noninitial user namespace. -(More precisely: the thread resides in a user namespace other -than the one from which the underlying filesystem was mounted.) -.IP \[bu] -The thread has the -.B CAP_SETFCAP -capability over the file inode, -meaning that (a) the thread has the -.B CAP_SETFCAP -capability in its own user namespace; -and (b) the UID and GID of the file inode have mappings in -the writer's user namespace. -.P -When a -.B VFS_CAP_REVISION_3 -.I security.capability -extended attribute is created, the root user ID of the creating thread's -user namespace is saved in the extended attribute. -.P -By contrast, creating or modifying a -.I security.capability -extended attribute from a privileged -.RB ( CAP_SETFCAP ) -thread that resides in the -namespace where the underlying filesystem was mounted -(this normally means the initial user namespace) -automatically results in the creation of a version 2 -.RB ( VFS_CAP_REVISION_2 ) -attribute. -.P -Note that the creation of a version 3 -.I security.capability -extended attribute is automatic. -That is to say, when a user-space application writes -.RB ( setxattr (2)) -a -.I security.capability -attribute in the version 2 format, -the kernel will automatically create a version 3 attribute -if the attribute is created in the circumstances described above. -Correspondingly, when a version 3 -.I security.capability -attribute is retrieved -.RB ( getxattr (2)) -by a process that resides inside a user namespace that was created by the -root user ID (or a descendant of that user namespace), -the returned attribute is (automatically) -simplified to appear as a version 2 attribute -(i.e., the returned value is the size of a version 2 attribute and does -not include the root user ID). -These automatic translations mean that no changes are required to -user-space tools (e.g., -.BR setcap (1) -and -.BR getcap (1)) -in order for those tools to be used to create and retrieve version 3 -.I security.capability -attributes. -.P -Note that a file can have either a version 2 or a version 3 -.I security.capability -extended attribute associated with it, but not both: -creation or modification of the -.I security.capability -extended attribute will automatically modify the version -according to the circumstances in which the extended attribute is -created or modified. -.\" -.SS Transformation of capabilities during execve() -During an -.BR execve (2), -the kernel calculates the new capabilities of -the process using the following algorithm: -.P -.in +4n -.EX -P'(ambient) = (file is privileged) ? 0 : P(ambient) -\& -P'(permitted) = (P(inheritable) & F(inheritable)) | - (F(permitted) & P(bounding)) | P'(ambient) -\& -P'(effective) = F(effective) ? P'(permitted) : P'(ambient) -\& -P'(inheritable) = P(inheritable) [i.e., unchanged] -\& -P'(bounding) = P(bounding) [i.e., unchanged] -.EE -.in -.P -where: -.RS 4 -.TP -P() -denotes the value of a thread capability set before the -.BR execve (2) -.TP -P'() -denotes the value of a thread capability set after the -.BR execve (2) -.TP -F() -denotes a file capability set -.RE -.P -Note the following details relating to the above capability -transformation rules: -.IP \[bu] 3 -The ambient capability set is present only since Linux 4.3. -When determining the transformation of the ambient set during -.BR execve (2), -a privileged file is one that has capabilities or -has the set-user-ID or set-group-ID bit set. -.IP \[bu] -Prior to Linux 2.6.25, -the bounding set was a system-wide attribute shared by all threads. -That system-wide value was employed to calculate the new permitted set during -.BR execve (2) -in the same manner as shown above for -.IR P(bounding) . -.P -.IR Note : -during the capability transitions described above, -file capabilities may be ignored (treated as empty) for the same reasons -that the set-user-ID and set-group-ID bits are ignored; see -.BR execve (2). -File capabilities are similarly ignored if the kernel was booted with the -.I no_file_caps -option. -.P -.IR Note : -according to the rules above, -if a process with nonzero user IDs performs an -.BR execve (2) -then any capabilities that are present in -its permitted and effective sets will be cleared. -For the treatment of capabilities when a process with a -user ID of zero performs an -.BR execve (2), -see -.I Capabilities and execution of programs by root -below. -.\" -.SS Safety checking for capability-dumb binaries -A capability-dumb binary is an application that has been -marked to have file capabilities, but has not been converted to use the -.BR libcap (3) -API to manipulate its capabilities. -(In other words, this is a traditional set-user-ID-root program -that has been switched to use file capabilities, -but whose code has not been modified to understand capabilities.) -For such applications, -the effective capability bit is set on the file, -so that the file permitted capabilities are automatically -enabled in the process effective set when executing the file. -The kernel recognizes a file which has the effective capability bit set -as capability-dumb for the purpose of the check described here. -.P -When executing a capability-dumb binary, -the kernel checks if the process obtained all permitted capabilities -that were specified in the file permitted set, -after the capability transformations described above have been performed. -(The typical reason why this might -.I not -occur is that the capability bounding set masked out some -of the capabilities in the file permitted set.) -If the process did not obtain the full set of -file permitted capabilities, then -.BR execve (2) -fails with the error -.BR EPERM . -This prevents possible security risks that could arise when -a capability-dumb application is executed with less privilege than it needs. -Note that, by definition, -the application could not itself recognize this problem, -since it does not employ the -.BR libcap (3) -API. -.\" -.SS Capabilities and execution of programs by root -.\" See cap_bprm_set_creds(), bprm_caps_from_vfs_cap() and -.\" handle_privileged_root() in security/commoncap.c (Linux 5.0 source) -In order to mirror traditional UNIX semantics, -the kernel performs special treatment of file capabilities when -a process with UID 0 (root) executes a program and -when a set-user-ID-root program is executed. -.P -After having performed any changes to the process effective ID that -were triggered by the set-user-ID mode bit of the binary\[em]e.g., -switching the effective user ID to 0 (root) because -a set-user-ID-root program was executed\[em]the -kernel calculates the file capability sets as follows: -.IP (1) 5 -If the real or effective user ID of the process is 0 (root), -then the file inheritable and permitted sets are ignored; -instead they are notionally considered to be all ones -(i.e., all capabilities enabled). -(There is one exception to this behavior, described in -.I Set-user-ID-root programs that have file capabilities -below.) -.IP (2) -If the effective user ID of the process is 0 (root) or -the file effective bit is in fact enabled, -then the file effective bit is notionally defined to be one (enabled). -.P -These notional values for the file's capability sets are then used -as described above to calculate the transformation of the process's -capabilities during -.BR execve (2). -.P -Thus, when a process with nonzero UIDs -.BR execve (2)s -a set-user-ID-root program that does not have capabilities attached, -or when a process whose real and effective UIDs are zero -.BR execve (2)s -a program, the calculation of the process's new -permitted capabilities simplifies to: -.P -.in +4n -.EX -P'(permitted) = P(inheritable) | P(bounding) -\& -P'(effective) = P'(permitted) -.EE -.in -.P -Consequently, the process gains all capabilities in its permitted and -effective capability sets, -except those masked out by the capability bounding set. -(In the calculation of P'(permitted), -the P'(ambient) term can be simplified away because it is by -definition a proper subset of P(inheritable).) -.P -The special treatments of user ID 0 (root) described in this subsection -can be disabled using the securebits mechanism described below. -.\" -.\" -.SS Set-user-ID-root programs that have file capabilities -There is one exception to the behavior described in -.I Capabilities and execution of programs by root -above. -If (a) the binary that is being executed has capabilities attached and -(b) the real user ID of the process is -.I not -0 (root) and -(c) the effective user ID of the process -.I is -0 (root), then the file capability bits are honored -(i.e., they are not notionally considered to be all ones). -The usual way in which this situation can arise is when executing -a set-UID-root program that also has file capabilities. -When such a program is executed, -the process gains just the capabilities granted by the program -(i.e., not all capabilities, -as would occur when executing a set-user-ID-root program -that does not have any associated file capabilities). -.P -Note that one can assign empty capability sets to a program file, -and thus it is possible to create a set-user-ID-root program that -changes the effective and saved set-user-ID of the process -that executes the program to 0, -but confers no capabilities to that process. -.\" -.SS Capability bounding set -The capability bounding set is a security mechanism that can be used -to limit the capabilities that can be gained during an -.BR execve (2). -The bounding set is used in the following ways: -.IP \[bu] 3 -During an -.BR execve (2), -the capability bounding set is ANDed with the file permitted -capability set, and the result of this operation is assigned to the -thread's permitted capability set. -The capability bounding set thus places a limit on the permitted -capabilities that may be granted by an executable file. -.IP \[bu] -(Since Linux 2.6.25) -The capability bounding set acts as a limiting superset for -the capabilities that a thread can add to its inheritable set using -.BR capset (2). -This means that if a capability is not in the bounding set, -then a thread can't add this capability to its -inheritable set, even if it was in its permitted capabilities, -and thereby cannot have this capability preserved in its -permitted set when it -.BR execve (2)s -a file that has the capability in its inheritable set. -.P -Note that the bounding set masks the file permitted capabilities, -but not the inheritable capabilities. -If a thread maintains a capability in its inheritable set -that is not in its bounding set, -then it can still gain that capability in its permitted set -by executing a file that has the capability in its inheritable set. -.P -Depending on the kernel version, the capability bounding set is either -a system-wide attribute, or a per-process attribute. -.P -.B "Capability bounding set from Linux 2.6.25 onward" -.P -From Linux 2.6.25, the -.I "capability bounding set" -is a per-thread attribute. -(The system-wide capability bounding set described below no longer exists.) -.P -The bounding set is inherited at -.BR fork (2) -from the thread's parent, and is preserved across an -.BR execve (2). -.P -A thread may remove capabilities from its capability bounding set using the -.BR prctl (2) -.B PR_CAPBSET_DROP -operation, provided it has the -.B CAP_SETPCAP -capability. -Once a capability has been dropped from the bounding set, -it cannot be restored to that set. -A thread can determine if a capability is in its bounding set using the -.BR prctl (2) -.B PR_CAPBSET_READ -operation. -.P -Removing capabilities from the bounding set is supported only if file -capabilities are compiled into the kernel. -Before Linux 2.6.33, -file capabilities were an optional feature configurable via the -.B CONFIG_SECURITY_FILE_CAPABILITIES -option. -Since Linux 2.6.33, -.\" commit b3a222e52e4d4be77cc4520a57af1a4a0d8222d1 -the configuration option has been removed -and file capabilities are always part of the kernel. -When file capabilities are compiled into the kernel, the -.B init -process (the ancestor of all processes) begins with a full bounding set. -If file capabilities are not compiled into the kernel, then -.B init -begins with a full bounding set minus -.BR CAP_SETPCAP , -because this capability has a different meaning when there are -no file capabilities. -.P -Removing a capability from the bounding set does not remove it -from the thread's inheritable set. -However it does prevent the capability from being added -back into the thread's inheritable set in the future. -.P -.B "Capability bounding set prior to Linux 2.6.25" -.P -Before Linux 2.6.25, the capability bounding set is a system-wide -attribute that affects all threads on the system. -The bounding set is accessible via the file -.IR /proc/sys/kernel/cap\-bound . -(Confusingly, this bit mask parameter is expressed as a -signed decimal number in -.IR /proc/sys/kernel/cap\-bound .) -.P -Only the -.B init -process may set capabilities in the capability bounding set; -other than that, the superuser (more precisely: a process with the -.B CAP_SYS_MODULE -capability) may only clear capabilities from this set. -.P -On a standard system the capability bounding set always masks out the -.B CAP_SETPCAP -capability. -To remove this restriction (dangerous!), modify the definition of -.B CAP_INIT_EFF_SET -in -.I include/linux/capability.h -and rebuild the kernel. -.P -The system-wide capability bounding set feature was added -to Linux 2.2.11. -.\" -.\" -.\" -.SS Effect of user ID changes on capabilities -To preserve the traditional semantics for transitions between -0 and nonzero user IDs, -the kernel makes the following changes to a thread's capability -sets on changes to the thread's real, effective, saved set, -and filesystem user IDs (using -.BR setuid (2), -.BR setresuid (2), -or similar): -.IP \[bu] 3 -If one or more of the real, effective, or saved set user IDs -was previously 0, and as a result of the UID changes all of these IDs -have a nonzero value, -then all capabilities are cleared from the permitted, effective, and ambient -capability sets. -.IP \[bu] -If the effective user ID is changed from 0 to nonzero, -then all capabilities are cleared from the effective set. -.IP \[bu] -If the effective user ID is changed from nonzero to 0, -then the permitted set is copied to the effective set. -.IP \[bu] -If the filesystem user ID is changed from 0 to nonzero (see -.BR setfsuid (2)), -then the following capabilities are cleared from the effective set: -.BR CAP_CHOWN , -.BR CAP_DAC_OVERRIDE , -.BR CAP_DAC_READ_SEARCH , -.BR CAP_FOWNER , -.BR CAP_FSETID , -.B CAP_LINUX_IMMUTABLE -(since Linux 2.6.30), -.BR CAP_MAC_OVERRIDE , -and -.B CAP_MKNOD -(since Linux 2.6.30). -If the filesystem UID is changed from nonzero to 0, -then any of these capabilities that are enabled in the permitted set -are enabled in the effective set. -.P -If a thread that has a 0 value for one or more of its user IDs wants -to prevent its permitted capability set being cleared when it resets -all of its user IDs to nonzero values, it can do so using the -.B SECBIT_KEEP_CAPS -securebits flag described below. -.\" -.SS Programmatically adjusting capability sets -A thread can retrieve and change its permitted, effective, and inheritable -capability sets using the -.BR capget (2) -and -.BR capset (2) -system calls. -However, the use of -.BR cap_get_proc (3) -and -.BR cap_set_proc (3), -both provided in the -.I libcap -package, -is preferred for this purpose. -The following rules govern changes to the thread capability sets: -.IP \[bu] 3 -If the caller does not have the -.B CAP_SETPCAP -capability, -the new inheritable set must be a subset of the combination -of the existing inheritable and permitted sets. -.IP \[bu] -(Since Linux 2.6.25) -The new inheritable set must be a subset of the combination of the -existing inheritable set and the capability bounding set. -.IP \[bu] -The new permitted set must be a subset of the existing permitted set -(i.e., it is not possible to acquire permitted capabilities -that the thread does not currently have). -.IP \[bu] -The new effective set must be a subset of the new permitted set. -.SS The securebits flags: establishing a capabilities-only environment -.\" For some background: -.\" see http://lwn.net/Articles/280279/ and -.\" http://article.gmane.org/gmane.linux.kernel.lsm/5476/ -Starting with Linux 2.6.26, -and with a kernel in which file capabilities are enabled, -Linux implements a set of per-thread -.I securebits -flags that can be used to disable special handling of capabilities for UID 0 -.RI ( root ). -These flags are as follows: -.TP -.B SECBIT_KEEP_CAPS -Setting this flag allows a thread that has one or more 0 UIDs to retain -capabilities in its permitted set -when it switches all of its UIDs to nonzero values. -If this flag is not set, -then such a UID switch causes the thread to lose all permitted capabilities. -This flag is always cleared on an -.BR execve (2). -.IP -Note that even with the -.B SECBIT_KEEP_CAPS -flag set, the effective capabilities of a thread are cleared when it -switches its effective UID to a nonzero value. -However, -if the thread has set this flag and its effective UID is already nonzero, -and the thread subsequently switches all other UIDs to nonzero values, -then the effective capabilities will not be cleared. -.IP -The setting of the -.B SECBIT_KEEP_CAPS -flag is ignored if the -.B SECBIT_NO_SETUID_FIXUP -flag is set. -(The latter flag provides a superset of the effect of the former flag.) -.IP -This flag provides the same functionality as the older -.BR prctl (2) -.B PR_SET_KEEPCAPS -operation. -.TP -.B SECBIT_NO_SETUID_FIXUP -Setting this flag stops the kernel from adjusting the process's -permitted, effective, and ambient capability sets when -the thread's effective and filesystem UIDs are switched between -zero and nonzero values. -See -.I Effect of user ID changes on capabilities -above. -.TP -.B SECBIT_NOROOT -If this bit is set, then the kernel does not grant capabilities -when a set-user-ID-root program is executed, or when a process with -an effective or real UID of 0 calls -.BR execve (2). -(See -.I Capabilities and execution of programs by root -above.) -.TP -.B SECBIT_NO_CAP_AMBIENT_RAISE -Setting this flag disallows raising ambient capabilities via the -.BR prctl (2) -.B PR_CAP_AMBIENT_RAISE -operation. -.P -Each of the above "base" flags has a companion "locked" flag. -Setting any of the "locked" flags is irreversible, -and has the effect of preventing further changes to the -corresponding "base" flag. -The locked flags are: -.BR SECBIT_KEEP_CAPS_LOCKED , -.BR SECBIT_NO_SETUID_FIXUP_LOCKED , -.BR SECBIT_NOROOT_LOCKED , -and -.BR SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED . -.P -The -.I securebits -flags can be modified and retrieved using the -.BR prctl (2) -.B PR_SET_SECUREBITS -and -.B PR_GET_SECUREBITS -operations. -The -.B CAP_SETPCAP -capability is required to modify the flags. -Note that the -.B SECBIT_* -constants are available only after including the -.I -header file. -.P -The -.I securebits -flags are inherited by child processes. -During an -.BR execve (2), -all of the flags are preserved, except -.B SECBIT_KEEP_CAPS -which is always cleared. -.P -An application can use the following call to lock itself, -and all of its descendants, -into an environment where the only way of gaining capabilities -is by executing a program with associated file capabilities: -.P -.in +4n -.EX -prctl(PR_SET_SECUREBITS, - /* SECBIT_KEEP_CAPS off */ - SECBIT_KEEP_CAPS_LOCKED | - SECBIT_NO_SETUID_FIXUP | - SECBIT_NO_SETUID_FIXUP_LOCKED | - SECBIT_NOROOT | - SECBIT_NOROOT_LOCKED); - /* Setting/locking SECBIT_NO_CAP_AMBIENT_RAISE - is not required */ -.EE -.in -.\" -.\" -.SS Per-user-namespace \[dq]set-user-ID-root\[dq] programs -A set-user-ID program whose UID matches the UID that -created a user namespace will confer capabilities -in the process's permitted and effective sets -when executed by any process inside that namespace -or any descendant user namespace. -.P -The rules about the transformation of the process's capabilities during the -.BR execve (2) -are exactly as described in -.I Transformation of capabilities during execve() -and -.I Capabilities and execution of programs by root -above, -with the difference that, in the latter subsection, "root" -is the UID of the creator of the user namespace. -.\" -.\" -.SS Namespaced file capabilities -.\" commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 -Traditional (i.e., version 2) file capabilities associate -only a set of capability masks with a binary executable file. -When a process executes a binary with such capabilities, -it gains the associated capabilities (within its user namespace) -as per the rules described in -.I Transformation of capabilities during execve() -above. -.P -Because version 2 file capabilities confer capabilities to -the executing process regardless of which user namespace it resides in, -only privileged processes are permitted to associate capabilities with a file. -Here, "privileged" means a process that has the -.B CAP_SETFCAP -capability in the user namespace where the filesystem was mounted -(normally the initial user namespace). -This limitation renders file capabilities useless for certain use cases. -For example, in user-namespaced containers, -it can be desirable to be able to create a binary that -confers capabilities only to processes executed inside that container, -but not to processes that are executed outside the container. -.P -Linux 4.14 added so-called namespaced file capabilities -to support such use cases. -Namespaced file capabilities are recorded as version 3 (i.e., -.BR VFS_CAP_REVISION_3 ) -.I security.capability -extended attributes. -Such an attribute is automatically created in the circumstances described -in -.I File capability extended attribute versioning -above. -When a version 3 -.I security.capability -extended attribute is created, -the kernel records not just the capability masks in the extended attribute, -but also the namespace root user ID. -.P -As with a binary that has -.B VFS_CAP_REVISION_2 -file capabilities, a binary with -.B VFS_CAP_REVISION_3 -file capabilities confers capabilities to a process during -.BR execve (). -However, capabilities are conferred only if the binary is executed by -a process that resides in a user namespace whose -UID 0 maps to the root user ID that is saved in the extended attribute, -or when executed by a process that resides in a descendant of such a namespace. -.\" -.\" -.SS Interaction with user namespaces -For further information on the interaction of -capabilities and user namespaces, see -.BR user_namespaces (7). -.SH STANDARDS -No standards govern capabilities, but the Linux capability implementation -is based on the withdrawn -.UR https://archive.org\:/details\:/posix_1003.1e\-990310 -POSIX.1e draft standard -.UE . -.SH NOTES -When attempting to -.BR strace (1) -binaries that have capabilities (or set-user-ID-root binaries), -you may find the -.I \-u -option useful. -Something like: -.P -.in +4n -.EX -$ \fBsudo strace \-o trace.log \-u ceci ./myprivprog\fP -.EE -.in -.P -From Linux 2.5.27 to Linux 2.6.26, -.\" commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27 removed -.\" CONFIG_SECURITY_CAPABILITIES -capabilities were an optional kernel component, -and could be enabled/disabled via the -.B CONFIG_SECURITY_CAPABILITIES -kernel configuration option. -.P -The -.IR /proc/ pid /task/TID/status -file can be used to view the capability sets of a thread. -The -.IR /proc/ pid /status -file shows the capability sets of a process's main thread. -Before Linux 3.8, nonexistent capabilities were shown as being -enabled (1) in these sets. -Since Linux 3.8, -.\" 7b9a7ec565505699f503b4fcf61500dceb36e744 -all nonexistent capabilities (above -.BR CAP_LAST_CAP ) -are shown as disabled (0). -.P -The -.I libcap -package provides a suite of routines for setting and -getting capabilities that is more comfortable and less likely -to change than the interface provided by -.BR capset (2) -and -.BR capget (2). -This package also provides the -.BR setcap (8) -and -.BR getcap (8) -programs. -It can be found at -.br -.UR https://git.kernel.org\:/pub\:/scm\:/libs\:/libcap\:/libcap.git\:/refs/ -.UE . -.P -Before Linux 2.6.24, and from Linux 2.6.24 to Linux 2.6.32 if -file capabilities are not enabled, a thread with the -.B CAP_SETPCAP -capability can manipulate the capabilities of threads other than itself. -However, this is only theoretically possible, -since no thread ever has -.B CAP_SETPCAP -in either of these cases: -.IP \[bu] 3 -In the pre-2.6.25 implementation the system-wide capability bounding set, -.IR /proc/sys/kernel/cap\-bound , -always masks out the -.B CAP_SETPCAP -capability, and this can not be changed -without modifying the kernel source and rebuilding the kernel. -.IP \[bu] -If file capabilities are disabled (i.e., the kernel -.B CONFIG_SECURITY_FILE_CAPABILITIES -option is disabled), then -.B init -starts out with the -.B CAP_SETPCAP -capability removed from its per-process bounding -set, and that bounding set is inherited by all other processes -created on the system. -.SH SEE ALSO -.BR capsh (1), -.BR setpriv (1), -.BR prctl (2), -.BR setfsuid (2), -.BR cap_clear (3), -.BR cap_copy_ext (3), -.BR cap_from_text (3), -.BR cap_get_file (3), -.BR cap_get_proc (3), -.BR cap_init (3), -.BR capgetp (3), -.BR capsetp (3), -.BR libcap (3), -.BR proc (5), -.BR credentials (7), -.BR pthreads (7), -.BR user_namespaces (7), -.BR captest (8), \" from libcap-ng -.BR filecap (8), \" from libcap-ng -.BR getcap (8), -.BR getpcaps (8), -.BR netcap (8), \" from libcap-ng -.BR pscap (8), \" from libcap-ng -.BR setcap (8) -.P -.I include/linux/capability.h -in the Linux kernel source tree diff --git a/man7/cgroup_namespaces.7 b/man7/cgroup_namespaces.7 deleted file mode 100644 index f5c73ab..0000000 --- a/man7/cgroup_namespaces.7 +++ /dev/null @@ -1,248 +0,0 @@ -.\" Copyright (c) 2016 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH cgroup_namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -cgroup_namespaces \- overview of Linux cgroup namespaces -.SH DESCRIPTION -For an overview of namespaces, see -.BR namespaces (7). -.P -Cgroup namespaces virtualize the view of a process's cgroups (see -.BR cgroups (7)) -as seen via -.IR /proc/ pid /cgroup -and -.IR /proc/ pid /mountinfo . -.P -Each cgroup namespace has its own set of cgroup root directories. -These root directories are the base points for the relative -locations displayed in the corresponding records in the -.IR /proc/ pid /cgroup -file. -When a process creates a new cgroup namespace using -.BR clone (2) -or -.BR unshare (2) -with the -.B CLONE_NEWCGROUP -flag, its current -cgroups directories become the cgroup root directories -of the new namespace. -(This applies both for the cgroups version 1 hierarchies -and the cgroups version 2 unified hierarchy.) -.P -When reading the cgroup memberships of a "target" process from -.IR /proc/ pid /cgroup , -the pathname shown in the third field of each record will be -relative to the reading process's root directory -for the corresponding cgroup hierarchy. -If the cgroup directory of the target process lies outside -the root directory of the reading process's cgroup namespace, -then the pathname will show -.I ../ -entries for each ancestor level in the cgroup hierarchy. -.P -The following shell session demonstrates the effect of creating -a new cgroup namespace. -.P -First, (as superuser) in a shell in the initial cgroup namespace, -we create a child cgroup in the -.I freezer -hierarchy, and place a process in that cgroup that we will -use as part of the demonstration below: -.P -.in +4n -.EX -# \fBmkdir \-p /sys/fs/cgroup/freezer/sub2\fP -# \fBsleep 10000 &\fP # Create a process that lives for a while -[1] 20124 -# \fBecho 20124 > /sys/fs/cgroup/freezer/sub2/cgroup.procs\fP -.EE -.in -.P -We then create another child cgroup in the -.I freezer -hierarchy and put the shell into that cgroup: -.P -.in +4n -.EX -# \fBmkdir \-p /sys/fs/cgroup/freezer/sub\fP -# \fBecho $$\fP # Show PID of this shell -30655 -# \fBecho 30655 > /sys/fs/cgroup/freezer/sub/cgroup.procs\fP -# \fBcat /proc/self/cgroup | grep freezer\fP -7:freezer:/sub -.EE -.in -.P -Next, we use -.BR unshare (1) -to create a process running a new shell in new cgroup and mount namespaces: -.P -.in +4n -.EX -# \fBPS1="sh2# " unshare \-Cm bash\fP -.EE -.in -.P -From the new shell started by -.BR unshare (1), -we then inspect the -.IR /proc/ pid /cgroup -files of, respectively, the new shell, -a process that is in the initial cgroup namespace -.RI ( init , -with PID 1), and the process in the sibling cgroup -.RI ( sub2 ): -.P -.in +4n -.EX -sh2# \fBcat /proc/self/cgroup | grep freezer\fP -7:freezer:/ -sh2# \fBcat /proc/1/cgroup | grep freezer\fP -7:freezer:/.. -sh2# \fBcat /proc/20124/cgroup | grep freezer\fP -7:freezer:/../sub2 -.EE -.in -.P -From the output of the first command, -we see that the freezer cgroup membership of the new shell -(which is in the same cgroup as the initial shell) -is shown defined relative to the freezer cgroup root directory -that was established when the new cgroup namespace was created. -(In absolute terms, -the new shell is in the -.I /sub -freezer cgroup, -and the root directory of the freezer cgroup hierarchy -in the new cgroup namespace is also -.IR /sub . -Thus, the new shell's cgroup membership is displayed as \[aq]/\[aq].) -.P -However, when we look in -.I /proc/self/mountinfo -we see the following anomaly: -.P -.in +4n -.EX -sh2# \fBcat /proc/self/mountinfo | grep freezer\fP -155 145 0:32 /.. /sys/fs/cgroup/freezer ... -.EE -.in -.P -The fourth field of this line -.RI ( /.. ) -should show the -directory in the cgroup filesystem which forms the root of this mount. -Since by the definition of cgroup namespaces, the process's current -freezer cgroup directory became its root freezer cgroup directory, -we should see \[aq]/\[aq] in this field. -The problem here is that we are seeing a mount entry for the cgroup -filesystem corresponding to the initial cgroup namespace -(whose cgroup filesystem is indeed rooted at the parent directory of -.IR sub ). -To fix this problem, we must remount the freezer cgroup filesystem -from the new shell (i.e., perform the mount from a process that is in the -new cgroup namespace), after which we see the expected results: -.P -.in +4n -.EX -sh2# \fBmount \-\-make\-rslave /\fP # Don\[aq]t propagate mount events - # to other namespaces -sh2# \fBumount /sys/fs/cgroup/freezer\fP -sh2# \fBmount \-t cgroup \-o freezer freezer /sys/fs/cgroup/freezer\fP -sh2# \fBcat /proc/self/mountinfo | grep freezer\fP -155 145 0:32 / /sys/fs/cgroup/freezer rw,relatime ... -.EE -.in -.\" -.SH STANDARDS -Linux. -.SH NOTES -Use of cgroup namespaces requires a kernel that is configured with the -.B CONFIG_CGROUPS -option. -.P -The virtualization provided by cgroup namespaces serves a number of purposes: -.IP \[bu] 3 -It prevents information leaks whereby cgroup directory paths outside of -a container would otherwise be visible to processes in the container. -Such leakages could, for example, -reveal information about the container framework -to containerized applications. -.IP \[bu] -It eases tasks such as container migration. -The virtualization provided by cgroup namespaces -allows containers to be isolated from knowledge of -the pathnames of ancestor cgroups. -Without such isolation, the full cgroup pathnames (displayed in -.IR /proc/self/cgroups ) -would need to be replicated on the target system when migrating a container; -those pathnames would also need to be unique, -so that they don't conflict with other pathnames on the target system. -.IP \[bu] -It allows better confinement of containerized processes, -because it is possible to mount the container's cgroup filesystems such that -the container processes can't gain access to ancestor cgroup directories. -Consider, for example, the following scenario: -.RS -.IP \[bu] 3 -We have a cgroup directory, -.IR /cg/1 , -that is owned by user ID 9000. -.IP \[bu] -We have a process, -.IR X , -also owned by user ID 9000, -that is namespaced under the cgroup -.I /cg/1/2 -(i.e., -.I X -was placed in a new cgroup namespace via -.BR clone (2) -or -.BR unshare (2) -with the -.B CLONE_NEWCGROUP -flag). -.RE -.IP -In the absence of cgroup namespacing, because the cgroup directory -.I /cg/1 -is owned (and writable) by UID 9000 and process -.I X -is also owned by user ID 9000, process -.I X -would be able to modify the contents of cgroups files -(i.e., change cgroup settings) not only in -.I /cg/1/2 -but also in the ancestor cgroup directory -.IR /cg/1 . -Namespacing process -.I X -under the cgroup directory -.IR /cg/1/2 , -in combination with suitable mount operations -for the cgroup filesystem (as shown above), -prevents it modifying files in -.IR /cg/1 , -since it cannot even see the contents of that directory -(or of further removed cgroup ancestor directories). -Combined with correct enforcement of hierarchical limits, -this prevents process -.I X -from escaping the limits imposed by ancestor cgroups. -.SH SEE ALSO -.BR unshare (1), -.BR clone (2), -.BR setns (2), -.BR unshare (2), -.BR proc (5), -.BR cgroups (7), -.BR credentials (7), -.BR namespaces (7), -.BR user_namespaces (7) diff --git a/man7/cgroups.7 b/man7/cgroups.7 deleted file mode 100644 index e2c3ec2..0000000 --- a/man7/cgroups.7 +++ /dev/null @@ -1,1914 +0,0 @@ -.\" Copyright (C) 2015 Serge Hallyn -.\" and Copyright (C) 2016, 2017 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH cgroups 7 2024-03-05 "Linux man-pages 6.7" -.SH NAME -cgroups \- Linux control groups -.SH DESCRIPTION -Control groups, usually referred to as cgroups, -are a Linux kernel feature which allow processes to -be organized into hierarchical groups whose usage of -various types of resources can then be limited and monitored. -The kernel's cgroup interface is provided through -a pseudo-filesystem called cgroupfs. -Grouping is implemented in the core cgroup kernel code, -while resource tracking and limits are implemented in -a set of per-resource-type subsystems (memory, CPU, and so on). -.\" -.SS Terminology -A -.I cgroup -is a collection of processes that are bound to a set of -limits or parameters defined via the cgroup filesystem. -.P -A -.I subsystem -is a kernel component that modifies the behavior of -the processes in a cgroup. -Various subsystems have been implemented, making it possible to do things -such as limiting the amount of CPU time and memory available to a cgroup, -accounting for the CPU time used by a cgroup, -and freezing and resuming execution of the processes in a cgroup. -Subsystems are sometimes also known as -.I resource controllers -(or simply, controllers). -.P -The cgroups for a controller are arranged in a -.IR hierarchy . -This hierarchy is defined by creating, removing, and -renaming subdirectories within the cgroup filesystem. -At each level of the hierarchy, attributes (e.g., limits) can be defined. -The limits, control, and accounting provided by cgroups generally have -effect throughout the subhierarchy underneath the cgroup where the -attributes are defined. -Thus, for example, the limits placed on -a cgroup at a higher level in the hierarchy cannot be exceeded -by descendant cgroups. -.\" -.SS Cgroups version 1 and version 2 -The initial release of the cgroups implementation was in Linux 2.6.24. -Over time, various cgroup controllers have been added -to allow the management of various types of resources. -However, the development of these controllers was largely uncoordinated, -with the result that many inconsistencies arose between controllers -and management of the cgroup hierarchies became rather complex. -A longer description of these problems can be found in the kernel -source file -.I Documentation/admin\-guide/cgroup\-v2.rst -(or -.I Documentation/cgroup\-v2.txt -in Linux 4.17 and earlier). -.P -Because of the problems with the initial cgroups implementation -(cgroups version 1), -starting in Linux 3.10, work began on a new, -orthogonal implementation to remedy these problems. -Initially marked experimental, and hidden behind the -.I "\-o\ __DEVEL__sane_behavior" -mount option, the new version (cgroups version 2) -was eventually made official with the release of Linux 4.5. -Differences between the two versions are described in the text below. -The file -.IR cgroup.sane_behavior , -present in cgroups v1, is a relic of this mount option. -The file always reports "0" and is only retained for backward compatibility. -.P -Although cgroups v2 is intended as a replacement for cgroups v1, -the older system continues to exist -(and for compatibility reasons is unlikely to be removed). -Currently, cgroups v2 implements only a subset of the controllers -available in cgroups v1. -The two systems are implemented so that both v1 controllers and -v2 controllers can be mounted on the same system. -Thus, for example, it is possible to use those controllers -that are supported under version 2, -while also using version 1 controllers -where version 2 does not yet support those controllers. -The only restriction here is that a controller can't be simultaneously -employed in both a cgroups v1 hierarchy and in the cgroups v2 hierarchy. -.\" -.SH CGROUPS VERSION 1 -Under cgroups v1, each controller may be mounted against a separate -cgroup filesystem that provides its own hierarchical organization of the -processes on the system. -It is also possible to comount multiple (or even all) cgroups v1 controllers -against the same cgroup filesystem, meaning that the comounted controllers -manage the same hierarchical organization of processes. -.P -For each mounted hierarchy, -the directory tree mirrors the control group hierarchy. -Each control group is represented by a directory, with each of its child -control cgroups represented as a child directory. -For instance, -.I /user/joe/1.session -represents control group -.IR 1.session , -which is a child of cgroup -.IR joe , -which is a child of -.IR /user . -Under each cgroup directory is a set of files which can be read or -written to, reflecting resource limits and a few general cgroup -properties. -.\" -.SS Tasks (threads) versus processes -In cgroups v1, a distinction is drawn between -.I processes -and -.IR tasks . -In this view, a process can consist of multiple tasks -(more commonly called threads, from a user-space perspective, -and called such in the remainder of this man page). -In cgroups v1, it is possible to independently manipulate -the cgroup memberships of the threads in a process. -.P -The cgroups v1 ability to split threads across different cgroups -caused problems in some cases. -For example, it made no sense for the -.I memory -controller, -since all of the threads of a process share a single address space. -Because of these problems, -the ability to independently manipulate the cgroup memberships -of the threads in a process was removed in the initial cgroups v2 -implementation, and subsequently restored in a more limited form -(see the discussion of "thread mode" below). -.\" -.SS Mounting v1 controllers -The use of cgroups requires a kernel built with the -.B CONFIG_CGROUP -option. -In addition, each of the v1 controllers has an associated -configuration option that must be set in order to employ that controller. -.P -In order to use a v1 controller, -it must be mounted against a cgroup filesystem. -The usual place for such mounts is under a -.BR tmpfs (5) -filesystem mounted at -.IR /sys/fs/cgroup . -Thus, one might mount the -.I cpu -controller as follows: -.P -.in +4n -.EX -mount \-t cgroup \-o cpu none /sys/fs/cgroup/cpu -.EE -.in -.P -It is possible to comount multiple controllers against the same hierarchy. -For example, here the -.I cpu -and -.I cpuacct -controllers are comounted against a single hierarchy: -.P -.in +4n -.EX -mount \-t cgroup \-o cpu,cpuacct none /sys/fs/cgroup/cpu,cpuacct -.EE -.in -.P -Comounting controllers has the effect that a process is in the same cgroup for -all of the comounted controllers. -Separately mounting controllers allows a process to -be in cgroup -.I /foo1 -for one controller while being in -.I /foo2/foo3 -for another. -.P -It is possible to comount all v1 controllers against the same hierarchy: -.P -.in +4n -.EX -mount \-t cgroup \-o all cgroup /sys/fs/cgroup -.EE -.in -.P -(One can achieve the same result by omitting -.IR "\-o all" , -since it is the default if no controllers are explicitly specified.) -.P -It is not possible to mount the same controller -against multiple cgroup hierarchies. -For example, it is not possible to mount both the -.I cpu -and -.I cpuacct -controllers against one hierarchy, and to mount the -.I cpu -controller alone against another hierarchy. -It is possible to create multiple mount with exactly -the same set of comounted controllers. -However, in this case all that results is multiple mount points -providing a view of the same hierarchy. -.P -Note that on many systems, the v1 controllers are automatically mounted under -.IR /sys/fs/cgroup ; -in particular, -.BR systemd (1) -automatically creates such mounts. -.\" -.SS Unmounting v1 controllers -A mounted cgroup filesystem can be unmounted using the -.BR umount (8) -command, as in the following example: -.P -.in +4n -.EX -umount /sys/fs/cgroup/pids -.EE -.in -.P -.IR "But note well" : -a cgroup filesystem is unmounted only if it is not busy, -that is, it has no child cgroups. -If this is not the case, then the only effect of the -.BR umount (8) -is to make the mount invisible. -Thus, to ensure that the mount is really removed, -one must first remove all child cgroups, -which in turn can be done only after all member processes -have been moved from those cgroups to the root cgroup. -.\" -.SS Cgroups version 1 controllers -Each of the cgroups version 1 controllers is governed -by a kernel configuration option (listed below). -Additionally, the availability of the cgroups feature is governed by the -.B CONFIG_CGROUPS -kernel configuration option. -.TP -.IR cpu " (since Linux 2.6.24; " \fBCONFIG_CGROUP_SCHED\fP ) -Cgroups can be guaranteed a minimum number of "CPU shares" -when a system is busy. -This does not limit a cgroup's CPU usage if the CPUs are not busy. -For further information, see -.I Documentation/scheduler/sched\-design\-CFS.rst -(or -.I Documentation/scheduler/sched\-design\-CFS.txt -in Linux 5.2 and earlier). -.IP -In Linux 3.2, -this controller was extended to provide CPU "bandwidth" control. -If the kernel is configured with -.BR CONFIG_CFS_BANDWIDTH , -then within each scheduling period -(defined via a file in the cgroup directory), it is possible to define -an upper limit on the CPU time allocated to the processes in a cgroup. -This upper limit applies even if there is no other competition for the CPU. -Further information can be found in the kernel source file -.I Documentation/scheduler/sched\-bwc.rst -(or -.I Documentation/scheduler/sched\-bwc.txt -in Linux 5.2 and earlier). -.TP -.IR cpuacct " (since Linux 2.6.24; " \fBCONFIG_CGROUP_CPUACCT\fP ) -This provides accounting for CPU usage by groups of processes. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/cpuacct.rst -(or -.I Documentation/cgroup\-v1/cpuacct.txt -in Linux 5.2 and earlier). -.TP -.IR cpuset " (since Linux 2.6.24; " \fBCONFIG_CPUSETS\fP ) -This cgroup can be used to bind the processes in a cgroup to -a specified set of CPUs and NUMA nodes. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/cpusets.rst -(or -.I Documentation/cgroup\-v1/cpusets.txt -in Linux 5.2 and earlier). -. -.TP -.IR memory " (since Linux 2.6.25; " \fBCONFIG_MEMCG\fP ) -The memory controller supports reporting and limiting of process memory, kernel -memory, and swap used by cgroups. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/memory.rst -(or -.I Documentation/cgroup\-v1/memory.txt -in Linux 5.2 and earlier). -.TP -.IR devices " (since Linux 2.6.26; " \fBCONFIG_CGROUP_DEVICE\fP ) -This supports controlling which processes may create (mknod) devices as -well as open them for reading or writing. -The policies may be specified as allow-lists and deny-lists. -Hierarchy is enforced, so new rules must not -violate existing rules for the target or ancestor cgroups. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/devices.rst -(or -.I Documentation/cgroup\-v1/devices.txt -in Linux 5.2 and earlier). -.TP -.IR freezer " (since Linux 2.6.28; " \fBCONFIG_CGROUP_FREEZER\fP ) -The -.I freezer -cgroup can suspend and restore (resume) all processes in a cgroup. -Freezing a cgroup -.I /A -also causes its children, for example, processes in -.IR /A/B , -to be frozen. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/freezer\-subsystem.rst -(or -.I Documentation/cgroup\-v1/freezer\-subsystem.txt -in Linux 5.2 and earlier). -.TP -.IR net_cls " (since Linux 2.6.29; " \fBCONFIG_CGROUP_NET_CLASSID\fP ) -This places a classid, specified for the cgroup, on network packets -created by a cgroup. -These classids can then be used in firewall rules, -as well as used to shape traffic using -.BR tc (8). -This applies only to packets -leaving the cgroup, not to traffic arriving at the cgroup. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/net_cls.rst -(or -.I Documentation/cgroup\-v1/net_cls.txt -in Linux 5.2 and earlier). -.TP -.IR blkio " (since Linux 2.6.33; " \fBCONFIG_BLK_CGROUP\fP ) -The -.I blkio -cgroup controls and limits access to specified block devices by -applying IO control in the form of throttling and upper limits against leaf -nodes and intermediate nodes in the storage hierarchy. -.IP -Two policies are available. -The first is a proportional-weight time-based division -of disk implemented with CFQ. -This is in effect for leaf nodes using CFQ. -The second is a throttling policy which specifies -upper I/O rate limits on a device. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/blkio\-controller.rst -(or -.I Documentation/cgroup\-v1/blkio\-controller.txt -in Linux 5.2 and earlier). -.TP -.IR perf_event " (since Linux 2.6.39; " \fBCONFIG_CGROUP_PERF\fP ) -This controller allows -.I perf -monitoring of the set of processes grouped in a cgroup. -.IP -Further information can be found in the kernel source files -.TP -.IR net_prio " (since Linux 3.3; " \fBCONFIG_CGROUP_NET_PRIO\fP ) -This allows priorities to be specified, per network interface, for cgroups. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/net_prio.rst -(or -.I Documentation/cgroup\-v1/net_prio.txt -in Linux 5.2 and earlier). -.TP -.IR hugetlb " (since Linux 3.5; " \fBCONFIG_CGROUP_HUGETLB\fP ) -This supports limiting the use of huge pages by cgroups. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/hugetlb.rst -(or -.I Documentation/cgroup\-v1/hugetlb.txt -in Linux 5.2 and earlier). -.TP -.IR pids " (since Linux 4.3; " \fBCONFIG_CGROUP_PIDS\fP ) -This controller permits limiting the number of process that may be created -in a cgroup (and its descendants). -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/pids.rst -(or -.I Documentation/cgroup\-v1/pids.txt -in Linux 5.2 and earlier). -.TP -.IR rdma " (since Linux 4.11; " \fBCONFIG_CGROUP_RDMA\fP ) -The RDMA controller permits limiting the use of -RDMA/IB-specific resources per cgroup. -.IP -Further information can be found in the kernel source file -.I Documentation/admin\-guide/cgroup\-v1/rdma.rst -(or -.I Documentation/cgroup\-v1/rdma.txt -in Linux 5.2 and earlier). -.\" -.SS Creating cgroups and moving processes -A cgroup filesystem initially contains a single root cgroup, '/', -which all processes belong to. -A new cgroup is created by creating a directory in the cgroup filesystem: -.P -.in +4n -.EX -mkdir /sys/fs/cgroup/cpu/cg1 -.EE -.in -.P -This creates a new empty cgroup. -.P -A process may be moved to this cgroup by writing its PID into the cgroup's -.I cgroup.procs -file: -.P -.in +4n -.EX -echo $$ > /sys/fs/cgroup/cpu/cg1/cgroup.procs -.EE -.in -.P -Only one PID at a time should be written to this file. -.P -Writing the value 0 to a -.I cgroup.procs -file causes the writing process to be moved to the corresponding cgroup. -.P -When writing a PID into the -.IR cgroup.procs , -all threads in the process are moved into the new cgroup at once. -.P -Within a hierarchy, a process can be a member of exactly one cgroup. -Writing a process's PID to a -.I cgroup.procs -file automatically removes it from the cgroup of -which it was previously a member. -.P -The -.I cgroup.procs -file can be read to obtain a list of the processes that are -members of a cgroup. -The returned list of PIDs is not guaranteed to be in order. -Nor is it guaranteed to be free of duplicates. -(For example, a PID may be recycled while reading from the list.) -.P -In cgroups v1, an individual thread can be moved to -another cgroup by writing its thread ID -(i.e., the kernel thread ID returned by -.BR clone (2) -and -.BR gettid (2)) -to the -.I tasks -file in a cgroup directory. -This file can be read to discover the set of threads -that are members of the cgroup. -.\" -.SS Removing cgroups -To remove a cgroup, -it must first have no child cgroups and contain no (nonzombie) processes. -So long as that is the case, one can simply -remove the corresponding directory pathname. -Note that files in a cgroup directory cannot and need not be -removed. -.\" -.SS Cgroups v1 release notification -Two files can be used to determine whether the kernel provides -notifications when a cgroup becomes empty. -A cgroup is considered to be empty when it contains no child -cgroups and no member processes. -.P -A special file in the root directory of each cgroup hierarchy, -.IR release_agent , -can be used to register the pathname of a program that may be invoked when -a cgroup in the hierarchy becomes empty. -The pathname of the newly empty cgroup (relative to the cgroup mount point) -is provided as the sole command-line argument when the -.I release_agent -program is invoked. -The -.I release_agent -program might remove the cgroup directory, -or perhaps repopulate it with a process. -.P -The default value of the -.I release_agent -file is empty, meaning that no release agent is invoked. -.P -The content of the -.I release_agent -file can also be specified via a mount option when the -cgroup filesystem is mounted: -.P -.in +4n -.EX -mount \-o release_agent=pathname ... -.EE -.in -.P -Whether or not the -.I release_agent -program is invoked when a particular cgroup becomes empty is determined -by the value in the -.I notify_on_release -file in the corresponding cgroup directory. -If this file contains the value 0, then the -.I release_agent -program is not invoked. -If it contains the value 1, the -.I release_agent -program is invoked. -The default value for this file in the root cgroup is 0. -At the time when a new cgroup is created, -the value in this file is inherited from the corresponding file -in the parent cgroup. -.\" -.SS Cgroup v1 named hierarchies -In cgroups v1, -it is possible to mount a cgroup hierarchy that has no attached controllers: -.P -.in +4n -.EX -mount \-t cgroup \-o none,name=somename none /some/mount/point -.EE -.in -.P -Multiple instances of such hierarchies can be mounted; -each hierarchy must have a unique name. -The only purpose of such hierarchies is to track processes. -(See the discussion of release notification below.) -An example of this is the -.I name=systemd -cgroup hierarchy that is used by -.BR systemd (1) -to track services and user sessions. -.P -Since Linux 5.0, the -.I cgroup_no_v1 -kernel boot option (described below) can be used to disable cgroup v1 -named hierarchies, by specifying -.IR cgroup_no_v1=named . -.\" -.SH CGROUPS VERSION 2 -In cgroups v2, -all mounted controllers reside in a single unified hierarchy. -While (different) controllers may be simultaneously -mounted under the v1 and v2 hierarchies, -it is not possible to mount the same controller simultaneously -under both the v1 and the v2 hierarchies. -.P -The new behaviors in cgroups v2 are summarized here, -and in some cases elaborated in the following subsections. -.IP \[bu] 3 -Cgroups v2 provides a unified hierarchy against -which all controllers are mounted. -.IP \[bu] -"Internal" processes are not permitted. -With the exception of the root cgroup, processes may reside -only in leaf nodes (cgroups that do not themselves contain child cgroups). -The details are somewhat more subtle than this, and are described below. -.IP \[bu] -Active cgroups must be specified via the files -.I cgroup.controllers -and -.IR cgroup.subtree_control . -.IP \[bu] -The -.I tasks -file has been removed. -In addition, the -.I cgroup.clone_children -file that is employed by the -.I cpuset -controller has been removed. -.IP \[bu] -An improved mechanism for notification of empty cgroups is provided by the -.I cgroup.events -file. -.P -For more changes, see the -.I Documentation/admin\-guide/cgroup\-v2.rst -file in the kernel source -(or -.I Documentation/cgroup\-v2.txt -in Linux 4.17 and earlier). -. -.P -Some of the new behaviors listed above saw subsequent modification with -the addition in Linux 4.14 of "thread mode" (described below). -.\" -.SS Cgroups v2 unified hierarchy -In cgroups v1, the ability to mount different controllers -against different hierarchies was intended to allow great flexibility -for application design. -In practice, though, -the flexibility turned out to be less useful than expected, -and in many cases added complexity. -Therefore, in cgroups v2, -all available controllers are mounted against a single hierarchy. -The available controllers are automatically mounted, -meaning that it is not necessary (or possible) to specify the controllers -when mounting the cgroup v2 filesystem using a command such as the following: -.P -.in +4n -.EX -mount \-t cgroup2 none /mnt/cgroup2 -.EE -.in -.P -A cgroup v2 controller is available only if it is not currently in use -via a mount against a cgroup v1 hierarchy. -Or, to put things another way, it is not possible to employ -the same controller against both a v1 hierarchy and the unified v2 hierarchy. -This means that it may be necessary first to unmount a v1 controller -(as described above) before that controller is available in v2. -Since -.BR systemd (1) -makes heavy use of some v1 controllers by default, -it can in some cases be simpler to boot the system with -selected v1 controllers disabled. -To do this, specify the -.I cgroup_no_v1=list -option on the kernel boot command line; -.I list -is a comma-separated list of the names of the controllers to disable, -or the word -.I all -to disable all v1 controllers. -(This situation is correctly handled by -.BR systemd (1), -which falls back to operating without the specified controllers.) -.P -Note that on many modern systems, -.BR systemd (1) -automatically mounts the -.I cgroup2 -filesystem at -.I /sys/fs/cgroup/unified -during the boot process. -.\" -.SS Cgroups v2 mount options -The following options -.RI ( mount\~\-o ) -can be specified when mounting the group v2 filesystem: -.TP -.IR nsdelegate " (since Linux 4.15)" -Treat cgroup namespaces as delegation boundaries. -For details, see below. -.TP -.IR memory_localevents " (since Linux 5.2)" -.\" commit 9852ae3fe5293264f01c49f2571ef7688f7823ce -The -.I memory.events -should show statistics only for the cgroup itself, -and not for any descendant cgroups. -This was the behavior before Linux 5.2. -Starting in Linux 5.2, -the default behavior is to include statistics for descendant cgroups in -.IR memory.events , -and this mount option can be used to revert to the legacy behavior. -This option is system wide and can be set on mount or -modified through remount only from the initial mount namespace; -it is silently ignored in noninitial namespaces. -.\" -.SS Cgroups v2 controllers -The following controllers, documented in the kernel source file -.I Documentation/admin\-guide/cgroup\-v2.rst -(or -.I Documentation/cgroup\-v2.txt -in Linux 4.17 and earlier), -are supported in cgroups version 2: -.TP -.IR cpu " (since Linux 4.15)" -This is the successor to the version 1 -.I cpu -and -.I cpuacct -controllers. -.TP -.IR cpuset " (since Linux 5.0)" -This is the successor of the version 1 -.I cpuset -controller. -.TP -.IR freezer " (since Linux 5.2)" -.\" commit 76f969e8948d82e78e1bc4beb6b9465908e74873 -This is the successor of the version 1 -.I freezer -controller. -.TP -.IR hugetlb " (since Linux 5.6)" -This is the successor of the version 1 -.I hugetlb -controller. -.TP -.IR io " (since Linux 4.5)" -This is the successor of the version 1 -.I blkio -controller. -.TP -.IR memory " (since Linux 4.5)" -This is the successor of the version 1 -.I memory -controller. -.TP -.IR perf_event " (since Linux 4.11)" -This is the same as the version 1 -.I perf_event -controller. -.TP -.IR pids " (since Linux 4.5)" -This is the same as the version 1 -.I pids -controller. -.TP -.IR rdma " (since Linux 4.11)" -This is the same as the version 1 -.I rdma -controller. -.P -There is no direct equivalent of the -.I net_cls -and -.I net_prio -controllers from cgroups version 1. -Instead, support has been added to -.BR iptables (8) -to allow eBPF filters that hook on cgroup v2 pathnames to make decisions -about network traffic on a per-cgroup basis. -.P -The v2 -.I devices -controller provides no interface files; -instead, device control is gated by attaching an eBPF -.RB ( BPF_CGROUP_DEVICE ) -program to a v2 cgroup. -.\" -.SS Cgroups v2 subtree control -Each cgroup in the v2 hierarchy contains the following two files: -.TP -.I cgroup.controllers -This read-only file exposes a list of the controllers that are -.I available -in this cgroup. -The contents of this file match the contents of the -.I cgroup.subtree_control -file in the parent cgroup. -.TP -.I cgroup.subtree_control -This is a list of controllers that are -.I active -.RI ( enabled ) -in the cgroup. -The set of controllers in this file is a subset of the set in the -.I cgroup.controllers -of this cgroup. -The set of active controllers is modified by writing strings to this file -containing space-delimited controller names, -each preceded by '+' (to enable a controller) -or '\-' (to disable a controller), as in the following example: -.IP -.in +4n -.EX -echo \[aq]+pids \-memory\[aq] > x/y/cgroup.subtree_control -.EE -.in -.IP -An attempt to enable a controller -that is not present in -.I cgroup.controllers -leads to an -.B ENOENT -error when writing to the -.I cgroup.subtree_control -file. -.P -Because the list of controllers in -.I cgroup.subtree_control -is a subset of those -.IR cgroup.controllers , -a controller that has been disabled in one cgroup in the hierarchy -can never be re-enabled in the subtree below that cgroup. -.P -A cgroup's -.I cgroup.subtree_control -file determines the set of controllers that are exercised in the -.I child -cgroups. -When a controller (e.g., -.IR pids ) -is present in the -.I cgroup.subtree_control -file of a parent cgroup, -then the corresponding controller-interface files (e.g., -.IR pids.max ) -are automatically created in the children of that cgroup -and can be used to exert resource control in the child cgroups. -.\" -.SS Cgroups v2 \[dq]no internal processes\[dq] rule -Cgroups v2 enforces a so-called "no internal processes" rule. -Roughly speaking, this rule means that, -with the exception of the root cgroup, processes may reside -only in leaf nodes (cgroups that do not themselves contain child cgroups). -This avoids the need to decide how to partition resources between -processes which are members of cgroup A and processes in child cgroups of A. -.P -For instance, if cgroup -.I /cg1/cg2 -exists, then a process may reside in -.IR /cg1/cg2 , -but not in -.IR /cg1 . -This is to avoid an ambiguity in cgroups v1 -with respect to the delegation of resources between processes in -.I /cg1 -and its child cgroups. -The recommended approach in cgroups v2 is to create a subdirectory called -.I leaf -for any nonleaf cgroup which should contain processes, but no child cgroups. -Thus, processes which previously would have gone into -.I /cg1 -would now go into -.IR /cg1/leaf . -This has the advantage of making explicit -the relationship between processes in -.I /cg1/leaf -and -.IR /cg1 's -other children. -.P -The "no internal processes" rule is in fact more subtle than stated above. -More precisely, the rule is that a (nonroot) cgroup can't both -(1) have member processes, and -(2) distribute resources into child cgroups\[em]that is, have a nonempty -.I cgroup.subtree_control -file. -Thus, it -.I is -possible for a cgroup to have both member processes and child cgroups, -but before controllers can be enabled for that cgroup, -the member processes must be moved out of the cgroup -(e.g., perhaps into the child cgroups). -.P -With the Linux 4.14 addition of "thread mode" (described below), -the "no internal processes" rule has been relaxed in some cases. -.\" -.SS Cgroups v2 cgroup.events file -Each nonroot cgroup in the v2 hierarchy contains a read-only file, -.IR cgroup.events , -whose contents are key-value pairs -(delimited by newline characters, with the key and value separated by spaces) -providing state information about the cgroup: -.P -.in +4n -.EX -$ \fBcat mygrp/cgroup.events\fP -populated 1 -frozen 0 -.EE -.in -.P -The following keys may appear in this file: -.TP -.I populated -The value of this key is either 1, -if this cgroup or any of its descendants has member processes, -or otherwise 0. -.TP -.IR frozen " (since Linux 5.2)" -.\" commit 76f969e8948d82e78e1bc4beb6b9465908e7487 -The value of this key is 1 if this cgroup is currently frozen, -or 0 if it is not. -.P -The -.I cgroup.events -file can be monitored, in order to receive notification when the value of -one of its keys changes. -Such monitoring can be done using -.BR inotify (7), -which notifies changes as -.B IN_MODIFY -events, or -.BR poll (2), -which notifies changes by returning the -.B POLLPRI -and -.B POLLERR -bits in the -.I revents -field. -.\" -.SS Cgroup v2 release notification -Cgroups v2 provides a new mechanism for obtaining notification -when a cgroup becomes empty. -The cgroups v1 -.I release_agent -and -.I notify_on_release -files are removed, and replaced by the -.I populated -key in the -.I cgroup.events -file. -This key either has the value 0, -meaning that the cgroup (and its descendants) -contain no (nonzombie) member processes, -or 1, meaning that the cgroup (or one of its descendants) -contains member processes. -.P -The cgroups v2 release-notification mechanism -offers the following advantages over the cgroups v1 -.I release_agent -mechanism: -.IP \[bu] 3 -It allows for cheaper notification, -since a single process can monitor multiple -.I cgroup.events -files (using the techniques described earlier). -By contrast, the cgroups v1 mechanism requires the expense of creating -a process for each notification. -.IP \[bu] -Notification for different cgroup subhierarchies can be delegated -to different processes. -By contrast, the cgroups v1 mechanism allows only one release agent -for an entire hierarchy. -.\" -.SS Cgroups v2 cgroup.stat file -.\" commit ec39225cca42c05ac36853d11d28f877fde5c42e -Each cgroup in the v2 hierarchy contains a read-only -.I cgroup.stat -file (first introduced in Linux 4.14) -that consists of lines containing key-value pairs. -The following keys currently appear in this file: -.TP -.I nr_descendants -This is the total number of visible (i.e., living) descendant cgroups -underneath this cgroup. -.TP -.I nr_dying_descendants -This is the total number of dying descendant cgroups -underneath this cgroup. -A cgroup enters the dying state after being deleted. -It remains in that state for an undefined period -(which will depend on system load) -while resources are freed before the cgroup is destroyed. -Note that the presence of some cgroups in the dying state is normal, -and is not indicative of any problem. -.IP -A process can't be made a member of a dying cgroup, -and a dying cgroup can't be brought back to life. -.\" -.SS Limiting the number of descendant cgroups -Each cgroup in the v2 hierarchy contains the following files, -which can be used to view and set limits on the number -of descendant cgroups under that cgroup: -.TP -.IR cgroup.max.depth " (since Linux 4.14)" -.\" commit 1a926e0bbab83bae8207d05a533173425e0496d1 -This file defines a limit on the depth of nesting of descendant cgroups. -A value of 0 in this file means that no descendant cgroups can be created. -An attempt to create a descendant whose nesting level exceeds -the limit fails -.RI ( mkdir (2) -fails with the error -.BR EAGAIN ). -.IP -Writing the string -.I \[dq]max\[dq] -to this file means that no limit is imposed. -The default value in this file is -.IR \[dq]max\[dq] . -.TP -.IR cgroup.max.descendants " (since Linux 4.14)" -.\" commit 1a926e0bbab83bae8207d05a533173425e0496d1 -This file defines a limit on the number of live descendant cgroups that -this cgroup may have. -An attempt to create more descendants than allowed by the limit fails -.RI ( mkdir (2) -fails with the error -.BR EAGAIN ). -.IP -Writing the string -.I \[dq]max\[dq] -to this file means that no limit is imposed. -The default value in this file is -.IR \[dq]max\[dq] . -.\" -.SH CGROUPS DELEGATION: DELEGATING A HIERARCHY TO A LESS PRIVILEGED USER -In the context of cgroups, -delegation means passing management of some subtree -of the cgroup hierarchy to a nonprivileged user. -Cgroups v1 provides support for delegation based on file permissions -in the cgroup hierarchy but with less strict containment rules than v2 -(as noted below). -Cgroups v2 supports delegation with containment by explicit design. -The focus of the discussion in this section is on delegation in cgroups v2, -with some differences for cgroups v1 noted along the way. -.P -Some terminology is required in order to describe delegation. -A -.I delegater -is a privileged user (i.e., root) who owns a parent cgroup. -A -.I delegatee -is a nonprivileged user who will be granted the permissions needed -to manage some subhierarchy under that parent cgroup, -known as the -.IR "delegated subtree" . -.P -To perform delegation, -the delegater makes certain directories and files writable by the delegatee, -typically by changing the ownership of the objects to be the user ID -of the delegatee. -Assuming that we want to delegate the hierarchy rooted at (say) -.I /dlgt_grp -and that there are not yet any child cgroups under that cgroup, -the ownership of the following is changed to the user ID of the delegatee: -.TP -.I /dlgt_grp -Changing the ownership of the root of the subtree means that any new -cgroups created under the subtree (and the files they contain) -will also be owned by the delegatee. -.TP -.I /dlgt_grp/cgroup.procs -Changing the ownership of this file means that the delegatee -can move processes into the root of the delegated subtree. -.TP -.IR /dlgt_grp/cgroup.subtree_control " (cgroups v2 only)" -Changing the ownership of this file means that the delegatee -can enable controllers (that are present in -.IR /dlgt_grp/cgroup.controllers ) -in order to further redistribute resources at lower levels in the subtree. -(As an alternative to changing the ownership of this file, -the delegater might instead add selected controllers to this file.) -.TP -.IR /dlgt_grp/cgroup.threads " (cgroups v2 only)" -Changing the ownership of this file is necessary if a threaded subtree -is being delegated (see the description of "thread mode", below). -This permits the delegatee to write thread IDs to the file. -(The ownership of this file can also be changed when delegating -a domain subtree, but currently this serves no purpose, -since, as described below, it is not possible to move a thread between -domain cgroups by writing its thread ID to the -.I cgroup.threads -file.) -.IP -In cgroups v1, the corresponding file that should instead be delegated is the -.I tasks -file. -.P -The delegater should -.I not -change the ownership of any of the controller interfaces files (e.g., -.IR pids.max , -.IR memory.high ) -in -.IR dlgt_grp . -Those files are used from the next level above the delegated subtree -in order to distribute resources into the subtree, -and the delegatee should not have permission to change -the resources that are distributed into the delegated subtree. -.P -See also the discussion of the -.I /sys/kernel/cgroup/delegate -file in NOTES for information about further delegatable files in cgroups v2. -.P -After the aforementioned steps have been performed, -the delegatee can create child cgroups within the delegated subtree -(the cgroup subdirectories and the files they contain -will be owned by the delegatee) -and move processes between cgroups in the subtree. -If some controllers are present in -.IR dlgt_grp/cgroup.subtree_control , -or the ownership of that file was passed to the delegatee, -the delegatee can also control the further redistribution -of the corresponding resources into the delegated subtree. -.\" -.SS Cgroups v2 delegation: nsdelegate and cgroup namespaces -Starting with Linux 4.13, -.\" commit 5136f6365ce3eace5a926e10f16ed2a233db5ba9 -there is a second way to perform cgroup delegation in the cgroups v2 hierarchy. -This is done by mounting or remounting the cgroup v2 filesystem with the -.I nsdelegate -mount option. -For example, if the cgroup v2 filesystem has already been mounted, -we can remount it with the -.I nsdelegate -option as follows: -.P -.in +4n -.EX -mount \-t cgroup2 \-o remount,nsdelegate \e - none /sys/fs/cgroup/unified -.EE -.in -.\" -.\" Alternatively, we could boot the kernel with the options: -.\" -.\" cgroup_no_v1=all systemd.legacy_systemd_cgroup_controller -.\" -.\" The effect of the latter option is to prevent systemd from employing -.\" its "hybrid" cgroup mode, where it tries to make use of cgroups v2. -.P -The effect of this mount option is to cause cgroup namespaces -to automatically become delegation boundaries. -More specifically, -the following restrictions apply for processes inside the cgroup namespace: -.IP \[bu] 3 -Writes to controller interface files in the root directory of the namespace -will fail with the error -.BR EPERM . -Processes inside the cgroup namespace can still write to delegatable -files in the root directory of the cgroup namespace such as -.I cgroup.procs -and -.IR cgroup.subtree_control , -and can create subhierarchy underneath the root directory. -.IP \[bu] -Attempts to migrate processes across the namespace boundary are denied -(with the error -.BR ENOENT ). -Processes inside the cgroup namespace can still -(subject to the containment rules described below) -move processes between cgroups -.I within -the subhierarchy under the namespace root. -.P -The ability to define cgroup namespaces as delegation boundaries -makes cgroup namespaces more useful. -To understand why, suppose that we already have one cgroup hierarchy -that has been delegated to a nonprivileged user, -.IR cecilia , -using the older delegation technique described above. -Suppose further that -.I cecilia -wanted to further delegate a subhierarchy -under the existing delegated hierarchy. -(For example, the delegated hierarchy might be associated with -an unprivileged container run by -.IR cecilia .) -Even if a cgroup namespace was employed, -because both hierarchies are owned by the unprivileged user -.IR cecilia , -the following illegitimate actions could be performed: -.IP \[bu] 3 -A process in the inferior hierarchy could change the -resource controller settings in the root directory of that hierarchy. -(These resource controller settings are intended to allow control to -be exercised from the -.I parent -cgroup; -a process inside the child cgroup should not be allowed to modify them.) -.IP \[bu] -A process inside the inferior hierarchy could move processes -into and out of the inferior hierarchy if the cgroups in the -superior hierarchy were somehow visible. -.P -Employing the -.I nsdelegate -mount option prevents both of these possibilities. -.P -The -.I nsdelegate -mount option only has an effect when performed in -the initial mount namespace; -in other mount namespaces, the option is silently ignored. -.P -.IR Note : -On some systems, -.BR systemd (1) -automatically mounts the cgroup v2 filesystem. -In order to experiment with the -.I nsdelegate -operation, it may be useful to boot the kernel with -the following command-line options: -.P -.in +4n -.EX -cgroup_no_v1=all systemd.legacy_systemd_cgroup_controller -.EE -.in -.P -These options cause the kernel to boot with the cgroups v1 controllers -disabled (meaning that the controllers are available in the v2 hierarchy), -and tells -.BR systemd (1) -not to mount and use the cgroup v2 hierarchy, -so that the v2 hierarchy can be manually mounted -with the desired options after boot-up. -.\" -.SS Cgroup delegation containment rules -Some delegation -.I containment rules -ensure that the delegatee can move processes between cgroups within the -delegated subtree, -but can't move processes from outside the delegated subtree into -the subtree or vice versa. -A nonprivileged process (i.e., the delegatee) can write the PID of -a "target" process into a -.I cgroup.procs -file only if all of the following are true: -.IP \[bu] 3 -The writer has write permission on the -.I cgroup.procs -file in the destination cgroup. -.IP \[bu] -The writer has write permission on the -.I cgroup.procs -file in the nearest common ancestor of the source and destination cgroups. -Note that in some cases, -the nearest common ancestor may be the source or destination cgroup itself. -This requirement is not enforced for cgroups v1 hierarchies, -with the consequence that containment in v1 is less strict than in v2. -(For example, in cgroups v1 the user that owns two distinct -delegated subhierarchies can move a process between the hierarchies.) -.IP \[bu] -If the cgroup v2 filesystem was mounted with the -.I nsdelegate -option, the writer must be able to see the source and destination cgroups -from its cgroup namespace. -.IP \[bu] -In cgroups v1: -the effective UID of the writer (i.e., the delegatee) matches the -real user ID or the saved set-user-ID of the target process. -Before Linux 4.11, -.\" commit 576dd464505fc53d501bb94569db76f220104d28 -this requirement also applied in cgroups v2 -(This was a historical requirement inherited from cgroups v1 -that was later deemed unnecessary, -since the other rules suffice for containment in cgroups v2.) -.P -.IR Note : -one consequence of these delegation containment rules is that the -unprivileged delegatee can't place the first process into -the delegated subtree; -instead, the delegater must place the first process -(a process owned by the delegatee) into the delegated subtree. -.\" -.SH CGROUPS VERSION 2 THREAD MODE -Among the restrictions imposed by cgroups v2 that were not present -in cgroups v1 are the following: -.IP \[bu] 3 -.IR "No thread-granularity control" : -all of the threads of a process must be in the same cgroup. -.IP \[bu] -.IR "No internal processes" : -a cgroup can't both have member processes and -exercise controllers on child cgroups. -.P -Both of these restrictions were added because -the lack of these restrictions had caused problems -in cgroups v1. -In particular, the cgroups v1 ability to allow thread-level granularity -for cgroup membership made no sense for some controllers. -(A notable example was the -.I memory -controller: since threads share an address space, -it made no sense to split threads across different -.I memory -cgroups.) -.P -Notwithstanding the initial design decision in cgroups v2, -there were use cases for certain controllers, notably the -.I cpu -controller, -for which thread-level granularity of control was meaningful and useful. -To accommodate such use cases, Linux 4.14 added -.I "thread mode" -for cgroups v2. -.P -Thread mode allows the following: -.IP \[bu] 3 -The creation of -.I threaded subtrees -in which the threads of a process may -be spread across cgroups inside the tree. -(A threaded subtree may contain multiple multithreaded processes.) -.IP \[bu] -The concept of -.IR "threaded controllers" , -which can distribute resources across the cgroups in a threaded subtree. -.IP \[bu] -A relaxation of the "no internal processes rule", -so that, within a threaded subtree, -a cgroup can both contain member threads and -exercise resource control over child cgroups. -.P -With the addition of thread mode, -each nonroot cgroup now contains a new file, -.IR cgroup.type , -that exposes, and in some circumstances can be used to change, -the "type" of a cgroup. -This file contains one of the following type values: -.TP -.I domain -This is a normal v2 cgroup that provides process-granularity control. -If a process is a member of this cgroup, -then all threads of the process are (by definition) in the same cgroup. -This is the default cgroup type, -and provides the same behavior that was provided for -cgroups in the initial cgroups v2 implementation. -.TP -.I threaded -This cgroup is a member of a threaded subtree. -Threads can be added to this cgroup, -and controllers can be enabled for the cgroup. -.TP -.I domain threaded -This is a domain cgroup that serves as the root of a threaded subtree. -This cgroup type is also known as "threaded root". -.TP -.I domain invalid -This is a cgroup inside a threaded subtree -that is in an "invalid" state. -Processes can't be added to the cgroup, -and controllers can't be enabled for the cgroup. -The only thing that can be done with this cgroup (other than deleting it) -is to convert it to a -.I threaded -cgroup by writing the string -.I \[dq]threaded\[dq] -to the -.I cgroup.type -file. -.IP -The rationale for the existence of this "interim" type -during the creation of a threaded subtree -(rather than the kernel simply immediately converting all cgroups -under the threaded root to the type -.IR threaded ) -is to allow for -possible future extensions to the thread mode model -.\" -.SS Threaded versus domain controllers -With the addition of threads mode, -cgroups v2 now distinguishes two types of resource controllers: -.IP \[bu] 3 -.I Threaded -.\" In the kernel source, look for ".threaded[ \t]*= true" in -.\" initializations of struct cgroup_subsys -controllers: these controllers support thread-granularity for -resource control and can be enabled inside threaded subtrees, -with the result that the corresponding controller-interface files -appear inside the cgroups in the threaded subtree. -As at Linux 4.19, the following controllers are threaded: -.IR cpu , -.IR perf_event , -and -.IR pids . -.IP \[bu] -.I Domain -controllers: these controllers support only process granularity -for resource control. -From the perspective of a domain controller, -all threads of a process are always in the same cgroup. -Domain controllers can't be enabled inside a threaded subtree. -.\" -.SS Creating a threaded subtree -There are two pathways that lead to the creation of a threaded subtree. -The first pathway proceeds as follows: -.IP (1) 5 -We write the string -.I \[dq]threaded\[dq] -to the -.I cgroup.type -file of a cgroup -.I y/z -that currently has the type -.IR domain . -This has the following effects: -.RS -.IP \[bu] 3 -The type of the cgroup -.I y/z -becomes -.IR threaded . -.IP \[bu] -The type of the parent cgroup, -.IR y , -becomes -.IR "domain threaded" . -The parent cgroup is the root of a threaded subtree -(also known as the "threaded root"). -.IP \[bu] -All other cgroups under -.I y -that were not already of type -.I threaded -(because they were inside already existing threaded subtrees -under the new threaded root) -are converted to type -.IR "domain invalid" . -Any subsequently created cgroups under -.I y -will also have the type -.IR "domain invalid" . -.RE -.IP (2) -We write the string -.I \[dq]threaded\[dq] -to each of the -.I domain invalid -cgroups under -.IR y , -in order to convert them to the type -.IR threaded . -As a consequence of this step, all threads under the threaded root -now have the type -.I threaded -and the threaded subtree is now fully usable. -The requirement to write -.I \[dq]threaded\[dq] -to each of these cgroups is somewhat cumbersome, -but allows for possible future extensions to the thread-mode model. -.P -The second way of creating a threaded subtree is as follows: -.IP (1) 5 -In an existing cgroup, -.IR z , -that currently has the type -.IR domain , -we (1.1) enable one or more threaded controllers and -(1.2) make a process a member of -.IR z . -(These two steps can be done in either order.) -This has the following consequences: -.RS -.IP \[bu] 3 -The type of -.I z -becomes -.IR "domain threaded" . -.IP \[bu] -All of the descendant cgroups of -.I z -that were not already of type -.I threaded -are converted to type -.IR "domain invalid" . -.RE -.IP (2) -As before, we make the threaded subtree usable by writing the string -.I \[dq]threaded\[dq] -to each of the -.I domain invalid -cgroups under -.IR z , -in order to convert them to the type -.IR threaded . -.P -One of the consequences of the above pathways to creating a threaded subtree -is that the threaded root cgroup can be a parent only to -.I threaded -(and -.IR "domain invalid" ) -cgroups. -The threaded root cgroup can't be a parent of a -.I domain -cgroups, and a -.I threaded -cgroup -can't have a sibling that is a -.I domain -cgroup. -.\" -.SS Using a threaded subtree -Within a threaded subtree, threaded controllers can be enabled -in each subgroup whose type has been changed to -.IR threaded ; -upon doing so, the corresponding controller interface files -appear in the children of that cgroup. -.P -A process can be moved into a threaded subtree by writing its PID to the -.I cgroup.procs -file in one of the cgroups inside the tree. -This has the effect of making all of the threads -in the process members of the corresponding cgroup -and makes the process a member of the threaded subtree. -The threads of the process can then be spread across -the threaded subtree by writing their thread IDs (see -.BR gettid (2)) -to the -.I cgroup.threads -files in different cgroups inside the subtree. -The threads of a process must all reside in the same threaded subtree. -.P -As with writing to -.IR cgroup.procs , -some containment rules apply when writing to the -.I cgroup.threads -file: -.IP \[bu] 3 -The writer must have write permission on the -cgroup.threads -file in the destination cgroup. -.IP \[bu] -The writer must have write permission on the -.I cgroup.procs -file in the common ancestor of the source and destination cgroups. -(In some cases, -the common ancestor may be the source or destination cgroup itself.) -.IP \[bu] -The source and destination cgroups must be in the same threaded subtree. -(Outside a threaded subtree, an attempt to move a thread by writing -its thread ID to the -.I cgroup.threads -file in a different -.I domain -cgroup fails with the error -.BR EOPNOTSUPP .) -.P -The -.I cgroup.threads -file is present in each cgroup (including -.I domain -cgroups) and can be read in order to discover the set of threads -that is present in the cgroup. -The set of thread IDs obtained when reading this file -is not guaranteed to be ordered or free of duplicates. -.P -The -.I cgroup.procs -file in the threaded root shows the PIDs of all processes -that are members of the threaded subtree. -The -.I cgroup.procs -files in the other cgroups in the subtree are not readable. -.P -Domain controllers can't be enabled in a threaded subtree; -no controller-interface files appear inside the cgroups underneath the -threaded root. -From the point of view of a domain controller, -threaded subtrees are invisible: -a multithreaded process inside a threaded subtree appears to a domain -controller as a process that resides in the threaded root cgroup. -.P -Within a threaded subtree, the "no internal processes" rule does not apply: -a cgroup can both contain member processes (or thread) -and exercise controllers on child cgroups. -.\" -.SS Rules for writing to cgroup.type and creating threaded subtrees -A number of rules apply when writing to the -.I cgroup.type -file: -.IP \[bu] 3 -Only the string -.I \[dq]threaded\[dq] -may be written. -In other words, the only explicit transition that is possible is to convert a -.I domain -cgroup to type -.IR threaded . -.IP \[bu] -The effect of writing -.I \[dq]threaded\[dq] -depends on the current value in -.IR cgroup.type , -as follows: -.RS -.IP \[bu] 3 -.I domain -or -.IR "domain threaded" : -start the creation of a threaded subtree -(whose root is the parent of this cgroup) via -the first of the pathways described above; -.IP \[bu] -.IR "domain\ invalid" : -convert this cgroup (which is inside a threaded subtree) to a usable (i.e., -.IR threaded ) -state; -.IP \[bu] -.IR threaded : -no effect (a "no-op"). -.RE -.IP \[bu] -We can't write to a -.I cgroup.type -file if the parent's type is -.IR "domain invalid" . -In other words, the cgroups of a threaded subtree must be converted to the -.I threaded -state in a top-down manner. -.P -There are also some constraints that must be satisfied -in order to create a threaded subtree rooted at the cgroup -.IR x : -.IP \[bu] 3 -There can be no member processes in the descendant cgroups of -.IR x . -(The cgroup -.I x -can itself have member processes.) -.IP \[bu] -No domain controllers may be enabled in -.IR x 's -.I cgroup.subtree_control -file. -.P -If any of the above constraints is violated, then an attempt to write -.I \[dq]threaded\[dq] -to a -.I cgroup.type -file fails with the error -.BR ENOTSUP . -.\" -.SS The \[dq]domain threaded\[dq] cgroup type -According to the pathways described above, -the type of a cgroup can change to -.I domain threaded -in either of the following cases: -.IP \[bu] 3 -The string -.I \[dq]threaded\[dq] -is written to a child cgroup. -.IP \[bu] -A threaded controller is enabled inside the cgroup and -a process is made a member of the cgroup. -.P -A -.I domain threaded -cgroup, -.IR x , -can revert to the type -.I domain -if the above conditions no longer hold true\[em]that is, if all -.I threaded -child cgroups of -.I x -are removed and either -.I x -no longer has threaded controllers enabled or -no longer has member processes. -.P -When a -.I domain threaded -cgroup -.I x -reverts to the type -.IR domain : -.IP \[bu] 3 -All -.I domain invalid -descendants of -.I x -that are not in lower-level threaded subtrees revert to the type -.IR domain . -.IP \[bu] -The root cgroups in any lower-level threaded subtrees revert to the type -.IR "domain threaded" . -.\" -.SS Exceptions for the root cgroup -The root cgroup of the v2 hierarchy is treated exceptionally: -it can be the parent of both -.I domain -and -.I threaded -cgroups. -If the string -.I \[dq]threaded\[dq] -is written to the -.I cgroup.type -file of one of the children of the root cgroup, then -.IP \[bu] 3 -The type of that cgroup becomes -.IR threaded . -.IP \[bu] -The type of any descendants of that cgroup that -are not part of lower-level threaded subtrees changes to -.IR "domain invalid" . -.P -Note that in this case, there is no cgroup whose type becomes -.IR "domain threaded" . -(Notionally, the root cgroup can be considered as the threaded root -for the cgroup whose type was changed to -.IR threaded .) -.P -The aim of this exceptional treatment for the root cgroup is to -allow a threaded cgroup that employs the -.I cpu -controller to be placed as high as possible in the hierarchy, -so as to minimize the (small) cost of traversing the cgroup hierarchy. -.\" -.SS The cgroups v2 \[dq]cpu\[dq] controller and realtime threads -As at Linux 4.19, the cgroups v2 -.I cpu -controller does not support control of realtime threads -(specifically threads scheduled under any of the policies -.BR SCHED_FIFO , -.BR SCHED_RR , -described -.BR SCHED_DEADLINE ; -see -.BR sched (7)). -Therefore, the -.I cpu -controller can be enabled in the root cgroup only -if all realtime threads are in the root cgroup. -(If there are realtime threads in nonroot cgroups, then a -.BR write (2) -of the string -.I \[dq]+cpu\[dq] -to the -.I cgroup.subtree_control -file fails with the error -.BR EINVAL .) -.P -On some systems, -.BR systemd (1) -places certain realtime threads in nonroot cgroups in the v2 hierarchy. -On such systems, -these threads must first be moved to the root cgroup before the -.I cpu -controller can be enabled. -.\" -.SH ERRORS -The following errors can occur for -.BR mount (2): -.TP -.B EBUSY -An attempt to mount a cgroup version 1 filesystem specified neither the -.I name= -option (to mount a named hierarchy) nor a controller name (or -.IR all ). -.SH NOTES -A child process created via -.BR fork (2) -inherits its parent's cgroup memberships. -A process's cgroup memberships are preserved across -.BR execve (2). -.P -The -.BR clone3 (2) -.B CLONE_INTO_CGROUP -flag can be used to create a child process that begins its life in -a different version 2 cgroup from the parent process. -.\" -.SS /proc files -.TP -.IR /proc/cgroups " (since Linux 2.6.24)" -This file contains information about the controllers -that are compiled into the kernel. -An example of the contents of this file (reformatted for readability) -is the following: -.IP -.in +4n -.EX -#subsys_name hierarchy num_cgroups enabled -cpuset 4 1 1 -cpu 8 1 1 -cpuacct 8 1 1 -blkio 6 1 1 -memory 3 1 1 -devices 10 84 1 -freezer 7 1 1 -net_cls 9 1 1 -perf_event 5 1 1 -net_prio 9 1 1 -hugetlb 0 1 0 -pids 2 1 1 -.EE -.in -.IP -The fields in this file are, from left to right: -.RS -.IP [1] 5 -The name of the controller. -.IP [2] -The unique ID of the cgroup hierarchy on which this controller is mounted. -If multiple cgroups v1 controllers are bound to the same hierarchy, -then each will show the same hierarchy ID in this field. -The value in this field will be 0 if: -.RS -.IP \[bu] 3 -the controller is not mounted on a cgroups v1 hierarchy; -.IP \[bu] -the controller is bound to the cgroups v2 single unified hierarchy; or -.IP \[bu] -the controller is disabled (see below). -.RE -.IP [3] -The number of control groups in this hierarchy using this controller. -.IP [4] -This field contains the value 1 if this controller is enabled, -or 0 if it has been disabled (via the -.I cgroup_disable -kernel command-line boot parameter). -.RE -.TP -.IR /proc/ pid /cgroup " (since Linux 2.6.24)" -This file describes control groups to which the process -with the corresponding PID belongs. -The displayed information differs for -cgroups version 1 and version 2 hierarchies. -.IP -For each cgroup hierarchy of which the process is a member, -there is one entry containing three colon-separated fields: -.IP -.in +4n -.EX -hierarchy\-ID:controller\-list:cgroup\-path -.EE -.in -.IP -For example: -.IP -.in +4n -.EX -5:cpuacct,cpu,cpuset:/daemons -.EE -.in -.IP -The colon-separated fields are, from left to right: -.RS -.IP [1] 5 -For cgroups version 1 hierarchies, -this field contains a unique hierarchy ID number -that can be matched to a hierarchy ID in -.IR /proc/cgroups . -For the cgroups version 2 hierarchy, this field contains the value 0. -.IP [2] -For cgroups version 1 hierarchies, -this field contains a comma-separated list of the controllers -bound to the hierarchy. -For the cgroups version 2 hierarchy, this field is empty. -.IP [3] -This field contains the pathname of the control group in the hierarchy -to which the process belongs. -This pathname is relative to the mount point of the hierarchy. -.RE -.\" -.SS /sys/kernel/cgroup files -.TP -.IR /sys/kernel/cgroup/delegate " (since Linux 4.15)" -.\" commit 01ee6cfb1483fe57c9cbd8e73817dfbf9bacffd3 -This file exports a list of the cgroups v2 files -(one per line) that are delegatable -(i.e., whose ownership should be changed to the user ID of the delegatee). -In the future, the set of delegatable files may change or grow, -and this file provides a way for the kernel to inform -user-space applications of which files must be delegated. -As at Linux 4.15, one sees the following when inspecting this file: -.IP -.in +4n -.EX -$ \fBcat /sys/kernel/cgroup/delegate\fP -cgroup.procs -cgroup.subtree_control -cgroup.threads -.EE -.in -.TP -.IR /sys/kernel/cgroup/features " (since Linux 4.15)" -.\" commit 5f2e673405b742be64e7c3604ed4ed3ac14f35ce -Over time, the set of cgroups v2 features that are provided by the -kernel may change or grow, -or some features may not be enabled by default. -This file provides a way for user-space applications to discover what -features the running kernel supports and has enabled. -Features are listed one per line: -.IP -.in +4n -.EX -$ \fBcat /sys/kernel/cgroup/features\fP -nsdelegate -memory_localevents -.EE -.in -.IP -The entries that can appear in this file are: -.RS -.TP -.IR memory_localevents " (since Linux 5.2)" -The kernel supports the -.I memory_localevents -mount option. -.TP -.IR nsdelegate " (since Linux 4.15)" -The kernel supports the -.I nsdelegate -mount option. -.TP -.IR memory_recursiveprot " (since Linux 5.7)" -.\" commit 8a931f801340c2be10552c7b5622d5f4852f3a36 -The kernel supports the -.I memory_recursiveprot -mount option. -.RE -.SH SEE ALSO -.BR prlimit (1), -.BR systemd (1), -.BR systemd\-cgls (1), -.BR systemd\-cgtop (1), -.BR clone (2), -.BR ioprio_set (2), -.BR perf_event_open (2), -.BR setrlimit (2), -.BR cgroup_namespaces (7), -.BR cpuset (7), -.BR namespaces (7), -.BR sched (7), -.BR user_namespaces (7) -.P -The kernel source file -.IR Documentation/admin\-guide/cgroup\-v2.rst . diff --git a/man7/charsets.7 b/man7/charsets.7 deleted file mode 100644 index eb9f8f8..0000000 --- a/man7/charsets.7 +++ /dev/null @@ -1,335 +0,0 @@ -.\" Copyright (c) 1996 Eric S. Raymond -.\" and Copyright (c) Andries Brouwer -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" This is combined from many sources, including notes by aeb and -.\" research by esr. Portions derive from a writeup by Roman Czyborra. -.\" -.\" Changes also by David Starner . -.\" -.TH charsets 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -charsets \- character set standards and internationalization -.SH DESCRIPTION -This manual page gives an overview on different character set standards -and how they were used on Linux before Unicode became ubiquitous. -Some of this information is still helpful for people working with legacy -systems and documents. -.P -Standards discussed include such as -ASCII, GB 2312, ISO/IEC\~8859, JIS, KOI8-R, KS, and Unicode. -.P -The primary emphasis is on character sets that were actually used by -locale character sets, not the myriad others that could be found in data -from other systems. -.SS ASCII -ASCII (American Standard Code For Information Interchange) is the original -7-bit character set, originally designed for American English. -Also known as US-ASCII. -It is currently described by the ISO/IEC\~646:1991 IRV -(International Reference Version) standard. -.P -Various ASCII variants replacing the dollar sign with other currency -symbols and replacing punctuation with non-English alphabetic -characters to cover German, French, Spanish, and others in 7 bits -emerged. -All are deprecated; -glibc does not support locales whose character sets are not true -supersets of ASCII. -.P -As Unicode, when using UTF-8, is ASCII-compatible, plain ASCII text -still renders properly on modern UTF-8 using systems. -.SS ISO/IEC\~8859 -ISO/IEC\~8859 is a series of 15 8-bit character sets, all of which have ASCII -in their low (7-bit) half, invisible control characters in positions -128 to 159, and 96 fixed-width graphics in positions 160\[en]255. -.P -Of these, the most important is ISO/IEC\~8859-1 -("Latin Alphabet No. 1" / Latin-1). -It was widely adopted and supported by different systems, -and is gradually being replaced with Unicode. -The ISO/IEC\~8859-1 characters are also the first 256 characters of Unicode. -.P -Console support for the other ISO/IEC\~8859 character sets is available under -Linux through user-mode utilities (such as -.BR setfont (8)) -that modify keyboard bindings and the EGA graphics -table and employ the "user mapping" font table in the console -driver. -.P -Here are brief descriptions of each character set: -.TP -ISO/IEC\~8859-1 (Latin-1) -Latin-1 covers many European languages such as Albanian, Basque, -Danish, English, Faroese, Galician, Icelandic, Irish, Italian, -Norwegian, Portuguese, Spanish, and Swedish. -The lack of the ligatures -Dutch IJ/ij, -French œ, -and „German“ quotation marks -was considered tolerable. -.TP -ISO/IEC\~8859-2 (Latin-2) -Latin-2 supports many Latin-written Central and East European -languages such as Bosnian, Croatian, Czech, German, Hungarian, Polish, -Slovak, and Slovene. -Replacing Romanian ș/ț with ş/ţ -was considered tolerable. -.TP -ISO/IEC\~8859-3 (Latin-3) -Latin-3 was designed to cover of Esperanto, Maltese, and Turkish, but -ISO/IEC\~8859-9 later superseded it for Turkish. -.TP -ISO/IEC\~8859-4 (Latin-4) -Latin-4 introduced letters for North European languages such as -Estonian, Latvian, and Lithuanian, but was superseded by ISO/IEC\~8859-10 and -ISO/IEC\~8859-13. -.TP -ISO/IEC\~8859-5 -Cyrillic letters supporting Bulgarian, Byelorussian, Macedonian, -Russian, Serbian, and (almost completely) Ukrainian. -It was never widely used, see the discussion of KOI8-R/KOI8-U below. -.TP -ISO/IEC\~8859-6 -Was created for Arabic. -The ISO/IEC\~8859-6 glyph table is a fixed font of separate -letter forms, but a proper display engine should combine these -using the proper initial, medial, and final forms. -.TP -ISO/IEC\~8859-7 -Was created for Modern Greek in 1987, updated in 2003. -.TP -ISO/IEC\~8859-8 -Supports Modern Hebrew without niqud (punctuation signs). -Niqud and full-fledged Biblical Hebrew were outside the scope of this -character set. -.TP -ISO/IEC\~8859-9 (Latin-5) -This is a variant of Latin-1 that replaces Icelandic letters with -Turkish ones. -.TP -ISO/IEC\~8859-10 (Latin-6) -Latin-6 added the Inuit (Greenlandic) and Sami (Lappish) letters that were -missing in Latin-4 to cover the entire Nordic area. -.TP -ISO/IEC\~8859-11 -Supports the Thai alphabet and is nearly identical to the TIS-620 -standard. -.TP -ISO/IEC\~8859-12 -This character set does not exist. -.TP -ISO/IEC\~8859-13 (Latin-7) -Supports the Baltic Rim languages; in particular, it includes Latvian -characters not found in Latin-4. -.TP -ISO/IEC\~8859-14 (Latin-8) -This is the Celtic character set, covering Old Irish, Manx, Gaelic, -Welsh, Cornish, and Breton. -.TP -ISO/IEC\~8859-15 (Latin-9) -Latin-9 is similar to the widely used Latin-1 but replaces some less -common symbols with the Euro sign and French and Finnish letters that -were missing in Latin-1. -.TP -ISO/IEC\~8859-16 (Latin-10) -This character set covers many Southeast European languages, -and most importantly supports Romanian more completely than Latin-2. -.SS KOI8-R / KOI8-U -KOI8-R is a non-ISO character set popular in Russia before Unicode. -The lower half is ASCII; -the upper is a Cyrillic character set somewhat better designed than -ISO/IEC\~8859-5. -KOI8-U, based on KOI8-R, has better support for Ukrainian. -Neither of these sets are ISO/IEC\~2022 compatible, -unlike the ISO/IEC\~8859 series. -.P -Console support for KOI8-R is available under Linux through user-mode -utilities that modify keyboard bindings and the EGA graphics table, -and employ the "user mapping" font table in the console driver. -.SS GB 2312 -GB 2312 is a mainland Chinese national standard character set used -to express simplified Chinese. -Just like JIS X 0208, characters are -mapped into a 94x94 two-byte matrix used to construct EUC-CN. -EUC-CN -is the most important encoding for Linux and includes ASCII and -GB 2312. -Note that EUC-CN is often called as GB, GB 2312, or CN-GB. -.SS Big5 -Big5 was a popular character set in Taiwan to express traditional -Chinese. -(Big5 is both a character set and an encoding.) -It is a superset of ASCII. -Non-ASCII characters are expressed in two bytes. -Bytes 0xa1\[en]0xfe are used as leading bytes for two-byte characters. -Big5 and its extension were widely used in Taiwan and Hong Kong. -It is not ISO/IEC\~2022 compliant. -.\" Thanks to Tomohiro KUBOTA for the following sections about -.\" national standards. -.SS JIS X 0208 -JIS X 0208 is a Japanese national standard character set. -Though there are some more Japanese national standard character sets (like -JIS X 0201, JIS X 0212, and JIS X 0213), this is the most important one. -Characters are mapped into a 94x94 two-byte matrix, -whose each byte is in the range 0x21\[en]0x7e. -Note that JIS X 0208 is a character set, not an encoding. -This means that JIS X 0208 -itself is not used for expressing text data. -JIS X 0208 is used -as a component to construct encodings such as EUC-JP, Shift_JIS, -and ISO/IEC\~2022-JP. -EUC-JP is the most important encoding for Linux -and includes ASCII and JIS X 0208. -In EUC-JP, JIS X 0208 -characters are expressed in two bytes, each of which is the -JIS X 0208 code plus 0x80. -.SS KS X 1001 -KS X 1001 is a Korean national standard character set. -Just as -JIS X 0208, characters are mapped into a 94x94 two-byte matrix. -KS X 1001 is used like JIS X 0208, as a component -to construct encodings such as EUC-KR, Johab, and ISO/IEC\~2022-KR. -EUC-KR is the most important encoding for Linux and includes -ASCII and KS X 1001. -KS C 5601 is an older name for KS X 1001. -.SS ISO/IEC\~2022 and ISO/IEC\~4873 -The ISO/IEC\~2022 and ISO/IEC\~4873 standards describe a font-control model -based on VT100 practice. -This model is (partially) supported -by the Linux kernel and by -.BR xterm (1). -Several ISO/IEC\~2022-based character encodings have been defined, -especially for Japanese. -.P -There are 4 graphic character sets, called G0, G1, G2, and G3, -and one of them is the current character set for codes with -high bit zero (initially G0), and one of them is the current -character set for codes with high bit one (initially G1). -Each graphic character set has 94 or 96 characters, and is -essentially a 7-bit character set. -It uses codes either -040\[en]0177 (041\[en]0176) or 0240\[en]0377 (0241\[en]0376). -G0 always has size 94 and uses codes 041\[en]0176. -.P -Switching between character sets is done using the shift functions -\fB\[ha]N\fP (SO or LS1), \fB\[ha]O\fP (SI or LS0), ESC n (LS2), ESC o (LS3), -ESC N (SS2), ESC O (SS3), ESC \[ti] (LS1R), ESC } (LS2R), ESC | (LS3R). -The function LS\fIn\fP makes character set G\fIn\fP the current one -for codes with high bit zero. -The function LS\fIn\fPR makes character set G\fIn\fP the current one -for codes with high bit one. -The function SS\fIn\fP makes character set G\fIn\fP (\fIn\fP=2 or 3) -the current one for the next character only (regardless of the value -of its high order bit). -.P -A 94-character set is designated as G\fIn\fP character set -by an escape sequence ESC ( xx (for G0), ESC ) xx (for G1), -ESC * xx (for G2), ESC + xx (for G3), where xx is a symbol -or a pair of symbols found in the ISO/IEC\~2375 International -Register of Coded Character Sets. -For example, ESC ( @ selects the ISO/IEC\~646 character set as G0, -ESC ( A selects the UK standard character set (with pound -instead of number sign), ESC ( B selects ASCII (with dollar -instead of currency sign), ESC ( M selects a character set -for African languages, ESC ( ! A selects the Cuban character -set, and so on. -.P -A 96-character set is designated as G\fIn\fP character set -by an escape sequence ESC \- xx (for G1), ESC . xx (for G2) -or ESC / xx (for G3). -For example, ESC \- G selects the Hebrew alphabet as G1. -.P -A multibyte character set is designated as G\fIn\fP character set -by an escape sequence ESC $ xx or ESC $ ( xx (for G0), -ESC $ ) xx (for G1), ESC $ * xx (for G2), ESC $ + xx (for G3). -For example, ESC $ ( C selects the Korean character set for G0. -The Japanese character set selected by ESC $ B has a more -recent version selected by ESC & @ ESC $ B. -.P -ISO/IEC\~4873 stipulates a narrower use of character sets, where G0 -is fixed (always ASCII), so that G1, G2, and G3 -can be invoked only for codes with the high order bit set. -In particular, \fB\[ha]N\fP and \fB\[ha]O\fP are not used anymore, ESC ( xx -can be used only with xx=B, and ESC ) xx, ESC * xx, ESC + xx -are equivalent to ESC \- xx, ESC . xx, ESC / xx, respectively. -.SS TIS-620 -TIS-620 is a Thai national standard character set and a superset -of ASCII. -In the same fashion as the ISO/IEC\~8859 series, Thai characters are mapped into -0xa1\[en]0xfe. -.SS Unicode -Unicode (ISO/IEC 10646) is a standard which aims to unambiguously represent -every character in every human language. -Unicode's structure permits 20.1 bits to encode every character. -Since most computers don't include 20.1-bit integers, Unicode is -usually encoded as 32-bit integers internally and either a series of -16-bit integers (UTF-16) (needing two 16-bit integers only when -encoding certain rare characters) or a series of 8-bit bytes (UTF-8). -.P -Linux represents Unicode using the 8-bit Unicode Transformation Format -(UTF-8). -UTF-8 is a variable length encoding of Unicode. -It uses 1 -byte to code 7 bits, 2 bytes for 11 bits, 3 bytes for 16 bits, 4 bytes -for 21 bits, 5 bytes for 26 bits, 6 bytes for 31 bits. -.P -Let 0,1,x stand for a zero, one, or arbitrary bit. -A byte 0xxxxxxx -stands for the Unicode 00000000 0xxxxxxx which codes the same symbol -as the ASCII 0xxxxxxx. -Thus, ASCII goes unchanged into UTF-8, and -people using only ASCII do not notice any change: not in code, and not -in file size. -.P -A byte 110xxxxx is the start of a 2-byte code, and 110xxxxx 10yyyyyy -is assembled into 00000xxx xxyyyyyy. -A byte 1110xxxx is the start -of a 3-byte code, and 1110xxxx 10yyyyyy 10zzzzzz is assembled -into xxxxyyyy yyzzzzzz. -(When UTF-8 is used to code the 31-bit ISO/IEC 10646 -then this progression continues up to 6-byte codes.) -.P -For most texts in ISO/IEC\~8859 character sets, this means that the -characters outside of ASCII are now coded with two bytes. -This tends -to expand ordinary text files by only one or two percent. -For Russian -or Greek texts, this expands ordinary text files by 100%, since text in -those languages is mostly outside of ASCII. -For Japanese users this means -that the 16-bit codes now in common use will take three bytes. -While there are algorithmic conversions from some character sets -(especially ISO/IEC\~8859-1) to Unicode, general conversion requires -carrying around conversion tables, which can be quite large for 16-bit -codes. -.P -Note that UTF-8 is self-synchronizing: -10xxxxxx is a tail, -any other byte is the head of a code. -Note that the only way ASCII bytes occur in a UTF-8 stream, -is as themselves. -In particular, -there are no embedded NULs (\[aq]\e0\[aq]) or \[aq]/\[aq]s -that form part of some larger code. -.P -Since ASCII, and, in particular, NUL and \[aq]/\[aq], are unchanged, the -kernel does not notice that UTF-8 is being used. -It does not care at -all what the bytes it is handling stand for. -.P -Rendering of Unicode data streams is typically handled through -"subfont" tables which map a subset of Unicode to glyphs. -Internally -the kernel uses Unicode to describe the subfont loaded in video RAM. -This means that in the Linux console in UTF-8 mode, one can use a character -set with 512 different symbols. -This is not enough for Japanese, Chinese, and -Korean, but it is enough for most other purposes. -.SH SEE ALSO -.BR iconv (1), -.BR ascii (7), -.BR iso_8859\-1 (7), -.BR unicode (7), -.BR utf\-8 (7) diff --git a/man7/complex.7 b/man7/complex.7 deleted file mode 100644 index a61551e..0000000 --- a/man7/complex.7 +++ /dev/null @@ -1,83 +0,0 @@ -.\" Copyright 2002 Walter Harms (walter.harms@informatik.uni-oldenburg.de) -.\" -.\" SPDX-License-Identifier: GPL-1.0-or-later -.\" -.TH complex 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -complex \- basics of complex mathematics -.SH LIBRARY -Math library -.RI ( libm ", " \-lm ) -.SH SYNOPSIS -.nf -.B #include -.fi -.SH DESCRIPTION -Complex numbers are numbers of the form z = a+b*i, where a and b are -real numbers and i = sqrt(\-1), so that i*i = \-1. -.P -There are other ways to represent that number. -The pair (a,b) of real -numbers may be viewed as a point in the plane, given by X- and -Y-coordinates. -This same point may also be described by giving -the pair of real numbers (r,phi), where r is the distance to the origin O, -and phi the angle between the X-axis and the line Oz. -Now -z = r*exp(i*phi) = r*(cos(phi)+i*sin(phi)). -.P -The basic operations are defined on z = a+b*i and w = c+d*i as: -.TP -.B addition: z+w = (a+c) + (b+d)*i -.TP -.B multiplication: z*w = (a*c \- b*d) + (a*d + b*c)*i -.TP -.B division: z/w = ((a*c + b*d)/(c*c + d*d)) + ((b*c \- a*d)/(c*c + d*d))*i -.P -Nearly all math function have a complex counterpart but there are -some complex-only functions. -.SH EXAMPLES -Your C-compiler can work with complex numbers if it supports the C99 standard. -The imaginary unit is represented by I. -.P -.EX -/* check that exp(i * pi) == \-1 */ -#include /* for atan */ -#include -#include -\& -int -main(void) -{ - double pi = 4 * atan(1.0); - double complex z = cexp(I * pi); - printf("%f + %f * i\en", creal(z), cimag(z)); -} -.EE -.SH SEE ALSO -.BR cabs (3), -.BR cacos (3), -.BR cacosh (3), -.BR carg (3), -.BR casin (3), -.BR casinh (3), -.BR catan (3), -.BR catanh (3), -.BR ccos (3), -.BR ccosh (3), -.BR cerf (3), -.BR cexp (3), -.BR cexp2 (3), -.BR cimag (3), -.BR clog (3), -.BR clog10 (3), -.BR clog2 (3), -.BR conj (3), -.BR cpow (3), -.BR cproj (3), -.BR creal (3), -.BR csin (3), -.BR csinh (3), -.BR csqrt (3), -.BR ctan (3), -.BR ctanh (3) diff --git a/man7/cp1251.7 b/man7/cp1251.7 deleted file mode 100644 index 6668ad7..0000000 --- a/man7/cp1251.7 +++ /dev/null @@ -1,166 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH cp1251 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -cp1251 \- CP\ 1251 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The Windows Code Pages include several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -CP\ 1251 encodes the -characters used in Cyrillic scripts. -.SS CP\ 1251 characters -The following table displays the characters in CP\ 1251 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -200 128 80 Ђ CYRILLIC CAPITAL LETTER DJE -201 129 81 Ѓ CYRILLIC CAPITAL LETTER GJE -202 130 82 ‚ SINGLE LOW-9 QUOTATION MARK -203 131 83 ѓ CYRILLIC SMALL LETTER GJE -204 132 84 „ DOUBLE LOW-9 QUOTATION MARK -205 133 85 … HORIZONTAL ELLIPSIS -206 134 86 † DAGGER -207 135 87 ‡ DOUBLE DAGGER -210 136 88 € EURO SIGN -211 137 89 ‰ PER MILLE SIGN -212 138 8A Љ CYRILLIC CAPITAL LETTER LJE -213 139 8B ‹ SINGLE LEFT-POINTING ANGLE QUOTATION MARK -214 140 8C Њ CYRILLIC CAPITAL LETTER NJE -215 141 8D Ќ CYRILLIC CAPITAL LETTER KJE -216 142 8E Ћ CYRILLIC CAPITAL LETTER TSHE -217 143 8F Џ CYRILLIC CAPITAL LETTER DZHE -220 144 90 ђ CYRILLIC SMALL LETTER DJE -221 145 91 ‘ LEFT SINGLE QUOTATION MARK -222 146 92 ’ RIGHT SINGLE QUOTATION MARK -223 147 93 “ LEFT DOUBLE QUOTATION MARK -224 148 94 ” RIGHT DOUBLE QUOTATION MARK -225 149 95 • BULLET -226 150 96 – EN DASH -227 151 97 — EM DASH -230 152 98 UNDEFINED -231 153 99 ™ TRADE MARK SIGN -232 154 9A љ CYRILLIC SMALL LETTER LJE -233 155 9B › SINGLE RIGHT-POINTING ANGLE QUOTATION MARK -234 156 9C њ CYRILLIC SMALL LETTER NJE -235 157 9D ќ CYRILLIC SMALL LETTER KJE -236 158 9E ћ CYRILLIC SMALL LETTER TSHE -237 159 9F џ CYRILLIC SMALL LETTER DZHE -240 160 A0   NO-BREAK SPACE -241 161 A1 Ў CYRILLIC CAPITAL LETTER SHORT U -242 162 A2 ў CYRILLIC SMALL LETTER SHORT U -243 163 A3 Ј CYRILLIC CAPITAL LETTER JE -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 Ґ CYRILLIC CAPITAL LETTER GHE WITH UPTURN -246 166 A6 ¦ BROKEN BAR -247 167 A7 § SECTION SIGN -250 168 A8 Ё CYRILLIC CAPITAL LETTER IO -251 169 A9 © COPYRIGHT SIGN -252 170 AA Є CYRILLIC CAPITAL LETTER UKRAINIAN IE -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF Ї CYRILLIC CAPITAL LETTER YI -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 І T{ -CYRILLIC CAPITAL LETTER -.br -BYELORUSSIAN-UKRAINIAN I -T} -263 179 B3 і CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I -264 180 B4 ґ CYRILLIC SMALL LETTER GHE WITH UPTURN -265 181 B5 µ MICRO SIGN -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ё CYRILLIC SMALL LETTER IO -271 185 B9 № NUMERO SIGN -272 186 BA є CYRILLIC SMALL LETTER UKRAINIAN IE -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC ј CYRILLIC SMALL LETTER JE -275 189 BD Ѕ CYRILLIC CAPITAL LETTER DZE -276 190 BE ѕ CYRILLIC SMALL LETTER DZE -277 191 BF ї CYRILLIC SMALL LETTER YI -300 192 C0 А CYRILLIC CAPITAL LETTER A -301 193 C1 Б CYRILLIC CAPITAL LETTER BE -302 194 C2 В CYRILLIC CAPITAL LETTER VE -303 195 C3 Г CYRILLIC CAPITAL LETTER GHE -304 196 C4 Д CYRILLIC CAPITAL LETTER DE -305 197 C5 Е CYRILLIC CAPITAL LETTER IE -306 198 C6 Ж CYRILLIC CAPITAL LETTER ZHE -307 199 C7 З CYRILLIC CAPITAL LETTER ZE -310 200 C8 И CYRILLIC CAPITAL LETTER I -311 201 C9 Й CYRILLIC CAPITAL LETTER SHORT I -312 202 CA К CYRILLIC CAPITAL LETTER KA -313 203 CB Л CYRILLIC CAPITAL LETTER EL -314 204 CC М CYRILLIC CAPITAL LETTER EM -315 205 CD Н CYRILLIC CAPITAL LETTER EN -316 206 CE О CYRILLIC CAPITAL LETTER O -317 207 CF П CYRILLIC CAPITAL LETTER PE -320 208 D0 Р CYRILLIC CAPITAL LETTER ER -321 209 D1 С CYRILLIC CAPITAL LETTER ES -322 210 D2 Т CYRILLIC CAPITAL LETTER TE -323 211 D3 У CYRILLIC CAPITAL LETTER U -324 212 D4 Ф CYRILLIC CAPITAL LETTER EF -325 213 D5 Х CYRILLIC CAPITAL LETTER HA -326 214 D6 Ц CYRILLIC CAPITAL LETTER TSE -327 215 D7 Ч CYRILLIC CAPITAL LETTER CHE -330 216 D8 Ш CYRILLIC CAPITAL LETTER SHA -331 217 D9 Щ CYRILLIC CAPITAL LETTER SHCHA -332 218 DA Ъ CYRILLIC CAPITAL LETTER HARD SIGN -333 219 DB Ы CYRILLIC CAPITAL LETTER YERU -334 220 DC Ь CYRILLIC CAPITAL LETTER SOFT SIGN -335 221 DD Э CYRILLIC CAPITAL LETTER E -336 222 DE Ю CYRILLIC CAPITAL LETTER YU -337 223 DF Я CYRILLIC CAPITAL LETTER YA -340 224 E0 а CYRILLIC SMALL LETTER A -341 225 E1 б CYRILLIC SMALL LETTER BE -342 226 E2 в CYRILLIC SMALL LETTER VE -343 227 E3 г CYRILLIC SMALL LETTER GHE -344 228 E4 д CYRILLIC SMALL LETTER DE -345 229 E5 е CYRILLIC SMALL LETTER IE -346 230 E6 ж CYRILLIC SMALL LETTER ZHE -347 231 E7 з CYRILLIC SMALL LETTER ZE -350 232 E8 и CYRILLIC SMALL LETTER I -351 233 E9 й CYRILLIC SMALL LETTER SHORT I -352 234 EA к CYRILLIC SMALL LETTER KA -353 235 EB л CYRILLIC SMALL LETTER EL -354 236 EC м CYRILLIC SMALL LETTER EM -355 237 ED н CYRILLIC SMALL LETTER EN -356 238 EE о CYRILLIC SMALL LETTER O -357 239 EF п CYRILLIC SMALL LETTER PE -360 240 F0 р CYRILLIC SMALL LETTER ER -361 241 F1 с CYRILLIC SMALL LETTER ES -362 242 F2 т CYRILLIC SMALL LETTER TE -363 243 F3 у CYRILLIC SMALL LETTER U -364 244 F4 ф CYRILLIC SMALL LETTER EF -365 245 F5 х CYRILLIC SMALL LETTER HA -366 246 F6 ц CYRILLIC SMALL LETTER TSE -367 247 F7 ч CYRILLIC SMALL LETTER CHE -370 248 F8 ш CYRILLIC SMALL LETTER SHA -371 249 F9 щ CYRILLIC SMALL LETTER SHCHA -372 250 FA ъ CYRILLIC SMALL LETTER HARD SIGN -373 251 FB ы CYRILLIC SMALL LETTER YERU -374 252 FC ь CYRILLIC SMALL LETTER SOFT SIGN -375 253 FD э CYRILLIC SMALL LETTER E -376 254 FE ю CYRILLIC SMALL LETTER YU -377 255 FF я CYRILLIC SMALL LETTER YA -.TE -.SH NOTES -CP\ 1251 is also known as Windows Cyrillic. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR cp1252 (7), -.BR iso_8859\-5 (7), -.BR koi8\-r (7), -.BR koi8\-u (7), -.BR utf\-8 (7) diff --git a/man7/cp1252.7 b/man7/cp1252.7 deleted file mode 100644 index 6630434..0000000 --- a/man7/cp1252.7 +++ /dev/null @@ -1,156 +0,0 @@ -'\" t -.\" Copyright 2014 (C) Marko Myllynen -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH cp1252 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -cp1252 \- CP\ 1252 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The Windows Code Pages include several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -CP\ 1252 encodes the -characters used in many West European languages. -.SS CP\ 1252 characters -The following table displays the characters in CP\ 1252 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -200 128 80 € EURO SIGN -202 130 82 ‚ SINGLE LOW-9 QUOTATION MARK -203 131 83 ƒ LATIN SMALL LETTER F WITH HOOK -204 132 84 „ DOUBLE LOW-9 QUOTATION MARK -205 133 85 … HORIZONTAL ELLIPSIS -206 134 86 † DAGGER -207 135 87 ‡ DOUBLE DAGGER -210 136 88 ˆ MODIFIER LETTER CIRCUMFLEX ACCENT -211 137 89 ‰ PER MILLE SIGN -212 138 8A Š LATIN CAPITAL LETTER S WITH CARON -213 139 8B ‹ SINGLE LEFT-POINTING ANGLE QUOTATION MARK -214 140 8C Œ LATIN CAPITAL LIGATURE OE -216 142 8E Ž LATIN CAPITAL LETTER Z WITH CARON -221 145 91 ‘ LEFT SINGLE QUOTATION MARK -222 146 92 ’ RIGHT SINGLE QUOTATION MARK -223 147 93 “ LEFT DOUBLE QUOTATION MARK -224 148 94 ” RIGHT DOUBLE QUOTATION MARK -225 149 95 • BULLET -226 150 96 – EN DASH -227 151 97 — EM DASH -230 152 98 ˜ SMALL TILDE -231 153 99 ™ TRADE MARK SIGN -232 154 9A š LATIN SMALL LETTER S WITH CARON -233 155 9B › SINGLE RIGHT-POINTING ANGLE QUOTATION MARK -234 156 9C œ LATIN SMALL LIGATURE OE -236 158 9E ž LATIN SMALL LETTER Z WITH CARON -237 159 9F Ÿ LATIN CAPITAL LETTER Y WITH DIAERESIS -240 160 A0   NO-BREAK SPACE -241 161 A1 ¡ INVERTED EXCLAMATION MARK -242 162 A2 ¢ CENT SIGN -243 163 A3 £ POUND SIGN -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 ¥ YEN SIGN -246 166 A6 ¦ BROKEN BAR -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 © COPYRIGHT SIGN -252 170 AA ª FEMININE ORDINAL INDICATOR -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF ¯ MACRON -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 ´ ACUTE ACCENT -265 181 B5 µ MICRO SIGN -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ¸ CEDILLA -271 185 B9 ¹ SUPERSCRIPT ONE -272 186 BA º MASCULINE ORDINAL INDICATOR -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC ¼ VULGAR FRACTION ONE QUARTER -275 189 BD ½ VULGAR FRACTION ONE HALF -276 190 BE ¾ VULGAR FRACTION THREE QUARTERS -277 191 BF ¿ INVERTED QUESTION MARK -300 192 C0 À LATIN CAPITAL LETTER A WITH GRAVE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 à LATIN CAPITAL LETTER A WITH TILDE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 È LATIN CAPITAL LETTER E WITH GRAVE -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ê LATIN CAPITAL LETTER E WITH CIRCUMFLEX -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ì LATIN CAPITAL LETTER I WITH GRAVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -320 208 D0 Ð LATIN CAPITAL LETTER ETH -321 209 D1 Ñ LATIN CAPITAL LETTER N WITH TILDE -322 210 D2 Ò LATIN CAPITAL LETTER O WITH GRAVE -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ø LATIN CAPITAL LETTER O WITH STROKE -331 217 D9 Ù LATIN CAPITAL LETTER U WITH GRAVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ý LATIN CAPITAL LETTER Y WITH ACUTE -336 222 DE Þ LATIN CAPITAL LETTER THORN -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 à LATIN SMALL LETTER A WITH GRAVE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ã LATIN SMALL LETTER A WITH TILDE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 è LATIN SMALL LETTER E WITH GRAVE -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ê LATIN SMALL LETTER E WITH CIRCUMFLEX -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ì LATIN SMALL LETTER I WITH GRAVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -360 240 F0 ð LATIN SMALL LETTER ETH -361 241 F1 ñ LATIN SMALL LETTER N WITH TILDE -362 242 F2 ò LATIN SMALL LETTER O WITH GRAVE -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ø LATIN SMALL LETTER O WITH STROKE -371 249 F9 ù LATIN SMALL LETTER U WITH GRAVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ý LATIN SMALL LETTER Y WITH ACUTE -376 254 FE þ LATIN SMALL LETTER THORN -377 255 FF ÿ LATIN SMALL LETTER Y WITH DIAERESIS -.TE -.SH NOTES -CP\ 1252 is also known as Windows-1252. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR cp1251 (7), -.BR iso_8859\-1 (7), -.BR iso_8859\-15 (7), -.BR utf\-8 (7) diff --git a/man7/cpuset.7 b/man7/cpuset.7 deleted file mode 100644 index 2db2bfc..0000000 --- a/man7/cpuset.7 +++ /dev/null @@ -1,1504 +0,0 @@ -.\" Copyright (c) 2008 Silicon Graphics, Inc. -.\" -.\" Author: Paul Jackson (http://oss.sgi.com/projects/cpusets) -.\" -.\" SPDX-License-Identifier: GPL-2.0-only -.\" -.TH cpuset 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -cpuset \- confine processes to processor and memory node subsets -.SH DESCRIPTION -The cpuset filesystem is a pseudo-filesystem interface -to the kernel cpuset mechanism, -which is used to control the processor placement -and memory placement of processes. -It is commonly mounted at -.IR /dev/cpuset . -.P -On systems with kernels compiled with built in support for cpusets, -all processes are attached to a cpuset, and cpusets are always present. -If a system supports cpusets, then it will have the entry -.B nodev cpuset -in the file -.IR /proc/filesystems . -By mounting the cpuset filesystem (see the -.B EXAMPLES -section below), -the administrator can configure the cpusets on a system -to control the processor and memory placement of processes -on that system. -By default, if the cpuset configuration -on a system is not modified or if the cpuset filesystem -is not even mounted, then the cpuset mechanism, -though present, has no effect on the system's behavior. -.P -A cpuset defines a list of CPUs and memory nodes. -.P -The CPUs of a system include all the logical processing -units on which a process can execute, including, if present, -multiple processor cores within a package and Hyper-Threads -within a processor core. -Memory nodes include all distinct -banks of main memory; small and SMP systems typically have -just one memory node that contains all the system's main memory, -while NUMA (non-uniform memory access) systems have multiple memory nodes. -.P -Cpusets are represented as directories in a hierarchical -pseudo-filesystem, where the top directory in the hierarchy -.RI ( /dev/cpuset ) -represents the entire system (all online CPUs and memory nodes) -and any cpuset that is the child (descendant) of -another parent cpuset contains a subset of that parent's -CPUs and memory nodes. -The directories and files representing cpusets have normal -filesystem permissions. -.P -Every process in the system belongs to exactly one cpuset. -A process is confined to run only on the CPUs in -the cpuset it belongs to, and to allocate memory only -on the memory nodes in that cpuset. -When a process -.BR fork (2)s, -the child process is placed in the same cpuset as its parent. -With sufficient privilege, a process may be moved from one -cpuset to another and the allowed CPUs and memory nodes -of an existing cpuset may be changed. -.P -When the system begins booting, a single cpuset is -defined that includes all CPUs and memory nodes on the -system, and all processes are in that cpuset. -During the boot process, or later during normal system operation, -other cpusets may be created, as subdirectories of this top cpuset, -under the control of the system administrator, -and processes may be placed in these other cpusets. -.P -Cpusets are integrated with the -.BR sched_setaffinity (2) -scheduling affinity mechanism and the -.BR mbind (2) -and -.BR set_mempolicy (2) -memory-placement mechanisms in the kernel. -Neither of these mechanisms let a process make use -of a CPU or memory node that is not allowed by that process's cpuset. -If changes to a process's cpuset placement conflict with these -other mechanisms, then cpuset placement is enforced -even if it means overriding these other mechanisms. -The kernel accomplishes this overriding by silently -restricting the CPUs and memory nodes requested by -these other mechanisms to those allowed by the -invoking process's cpuset. -This can result in these -other calls returning an error, if for example, such -a call ends up requesting an empty set of CPUs or -memory nodes, after that request is restricted to -the invoking process's cpuset. -.P -Typically, a cpuset is used to manage -the CPU and memory-node confinement for a set of -cooperating processes such as a batch scheduler job, and these -other mechanisms are used to manage the placement of -individual processes or memory regions within that set or job. -.SH FILES -Each directory below -.I /dev/cpuset -represents a cpuset and contains a fixed set of pseudo-files -describing the state of that cpuset. -.P -New cpusets are created using the -.BR mkdir (2) -system call or the -.BR mkdir (1) -command. -The properties of a cpuset, such as its flags, allowed -CPUs and memory nodes, and attached processes, are queried and modified -by reading or writing to the appropriate file in that cpuset's directory, -as listed below. -.P -The pseudo-files in each cpuset directory are automatically created when -the cpuset is created, as a result of the -.BR mkdir (2) -invocation. -It is not possible to directly add or remove these pseudo-files. -.P -A cpuset directory that contains no child cpuset directories, -and has no attached processes, can be removed using -.BR rmdir (2) -or -.BR rmdir (1). -It is not necessary, or possible, -to remove the pseudo-files inside the directory before removing it. -.P -The pseudo-files in each cpuset directory are -small text files that may be read and -written using traditional shell utilities such as -.BR cat (1), -and -.BR echo (1), -or from a program by using file I/O library functions or system calls, -such as -.BR open (2), -.BR read (2), -.BR write (2), -and -.BR close (2). -.P -The pseudo-files in a cpuset directory represent internal kernel -state and do not have any persistent image on disk. -Each of these per-cpuset files is listed and described below. -.\" ====================== tasks ====================== -.TP -.I tasks -List of the process IDs (PIDs) of the processes in that cpuset. -The list is formatted as a series of ASCII -decimal numbers, each followed by a newline. -A process may be added to a cpuset (automatically removing -it from the cpuset that previously contained it) by writing its -PID to that cpuset's -.I tasks -file (with or without a trailing newline). -.IP -.B Warning: -only one PID may be written to the -.I tasks -file at a time. -If a string is written that contains more -than one PID, only the first one will be used. -.\" =================== notify_on_release =================== -.TP -.I notify_on_release -Flag (0 or 1). -If set (1), that cpuset will receive special handling -after it is released, that is, after all processes cease using -it (i.e., terminate or are moved to a different cpuset) -and all child cpuset directories have been removed. -See the \fBNotify On Release\fR section, below. -.\" ====================== cpus ====================== -.TP -.I cpuset.cpus -List of the physical numbers of the CPUs on which processes -in that cpuset are allowed to execute. -See \fBList Format\fR below for a description of the -format of -.IR cpus . -.IP -The CPUs allowed to a cpuset may be changed by -writing a new list to its -.I cpus -file. -.\" ==================== cpu_exclusive ==================== -.TP -.I cpuset.cpu_exclusive -Flag (0 or 1). -If set (1), the cpuset has exclusive use of -its CPUs (no sibling or cousin cpuset may overlap CPUs). -By default, this is off (0). -Newly created cpusets also initially default this to off (0). -.IP -Two cpusets are -.I sibling -cpusets if they share the same parent cpuset in the -.I /dev/cpuset -hierarchy. -Two cpusets are -.I cousin -cpusets if neither is the ancestor of the other. -Regardless of the -.I cpu_exclusive -setting, if one cpuset is the ancestor of another, -and if both of these cpusets have nonempty -.IR cpus , -then their -.I cpus -must overlap, because the -.I cpus -of any cpuset are always a subset of the -.I cpus -of its parent cpuset. -.\" ====================== mems ====================== -.TP -.I cpuset.mems -List of memory nodes on which processes in this cpuset are -allowed to allocate memory. -See \fBList Format\fR below for a description of the -format of -.IR mems . -.\" ==================== mem_exclusive ==================== -.TP -.I cpuset.mem_exclusive -Flag (0 or 1). -If set (1), the cpuset has exclusive use of -its memory nodes (no sibling or cousin may overlap). -Also if set (1), the cpuset is a \fBHardwall\fR cpuset (see below). -By default, this is off (0). -Newly created cpusets also initially default this to off (0). -.IP -Regardless of the -.I mem_exclusive -setting, if one cpuset is the ancestor of another, -then their memory nodes must overlap, because the memory -nodes of any cpuset are always a subset of the memory nodes -of that cpuset's parent cpuset. -.\" ==================== mem_hardwall ==================== -.TP -.IR cpuset.mem_hardwall " (since Linux 2.6.26)" -Flag (0 or 1). -If set (1), the cpuset is a \fBHardwall\fR cpuset (see below). -Unlike \fBmem_exclusive\fR, -there is no constraint on whether cpusets -marked \fBmem_hardwall\fR may have overlapping -memory nodes with sibling or cousin cpusets. -By default, this is off (0). -Newly created cpusets also initially default this to off (0). -.\" ==================== memory_migrate ==================== -.TP -.IR cpuset.memory_migrate " (since Linux 2.6.16)" -Flag (0 or 1). -If set (1), then memory migration is enabled. -By default, this is off (0). -See the \fBMemory Migration\fR section, below. -.\" ==================== memory_pressure ==================== -.TP -.IR cpuset.memory_pressure " (since Linux 2.6.16)" -A measure of how much memory pressure the processes in this -cpuset are causing. -See the \fBMemory Pressure\fR section, below. -Unless -.I memory_pressure_enabled -is enabled, always has value zero (0). -This file is read-only. -See the -.B WARNINGS -section, below. -.\" ================= memory_pressure_enabled ================= -.TP -.IR cpuset.memory_pressure_enabled " (since Linux 2.6.16)" -Flag (0 or 1). -This file is present only in the root cpuset, normally -.IR /dev/cpuset . -If set (1), the -.I memory_pressure -calculations are enabled for all cpusets in the system. -By default, this is off (0). -See the -\fBMemory Pressure\fR section, below. -.\" ================== memory_spread_page ================== -.TP -.IR cpuset.memory_spread_page " (since Linux 2.6.17)" -Flag (0 or 1). -If set (1), pages in the kernel page cache -(filesystem buffers) are uniformly spread across the cpuset. -By default, this is off (0) in the top cpuset, -and inherited from the parent cpuset in -newly created cpusets. -See the \fBMemory Spread\fR section, below. -.\" ================== memory_spread_slab ================== -.TP -.IR cpuset.memory_spread_slab " (since Linux 2.6.17)" -Flag (0 or 1). -If set (1), the kernel slab caches -for file I/O (directory and inode structures) are -uniformly spread across the cpuset. -By default, is off (0) in the top cpuset, -and inherited from the parent cpuset in -newly created cpusets. -See the \fBMemory Spread\fR section, below. -.\" ================== sched_load_balance ================== -.TP -.IR cpuset.sched_load_balance " (since Linux 2.6.24)" -Flag (0 or 1). -If set (1, the default) the kernel will -automatically load balance processes in that cpuset over -the allowed CPUs in that cpuset. -If cleared (0) the -kernel will avoid load balancing processes in this cpuset, -.I unless -some other cpuset with overlapping CPUs has its -.I sched_load_balance -flag set. -See \fBScheduler Load Balancing\fR, below, for further details. -.\" ================== sched_relax_domain_level ================== -.TP -.IR cpuset.sched_relax_domain_level " (since Linux 2.6.26)" -Integer, between \-1 and a small positive value. -The -.I sched_relax_domain_level -controls the width of the range of CPUs over which the kernel scheduler -performs immediate rebalancing of runnable tasks across CPUs. -If -.I sched_load_balance -is disabled, then the setting of -.I sched_relax_domain_level -does not matter, as no such load balancing is done. -If -.I sched_load_balance -is enabled, then the higher the value of the -.IR sched_relax_domain_level , -the wider -the range of CPUs over which immediate load balancing is attempted. -See \fBScheduler Relax Domain Level\fR, below, for further details. -.\" ================== proc cpuset ================== -.P -In addition to the above pseudo-files in each directory below -.IR /dev/cpuset , -each process has a pseudo-file, -.IR /proc/ pid /cpuset , -that displays the path of the process's cpuset directory -relative to the root of the cpuset filesystem. -.\" ================== proc status ================== -.P -Also the -.IR /proc/ pid /status -file for each process has four added lines, -displaying the process's -.I Cpus_allowed -(on which CPUs it may be scheduled) and -.I Mems_allowed -(on which memory nodes it may obtain memory), -in the two formats \fBMask Format\fR and \fBList Format\fR (see below) -as shown in the following example: -.P -.in +4n -.EX -Cpus_allowed: ffffffff,ffffffff,ffffffff,ffffffff -Cpus_allowed_list: 0\-127 -Mems_allowed: ffffffff,ffffffff -Mems_allowed_list: 0\-63 -.EE -.in -.P -The "allowed" fields were added in Linux 2.6.24; -the "allowed_list" fields were added in Linux 2.6.26. -.\" ================== EXTENDED CAPABILITIES ================== -.SH EXTENDED CAPABILITIES -In addition to controlling which -.I cpus -and -.I mems -a process is allowed to use, cpusets provide the following -extended capabilities. -.\" ================== Exclusive Cpusets ================== -.SS Exclusive cpusets -If a cpuset is marked -.I cpu_exclusive -or -.IR mem_exclusive , -no other cpuset, other than a direct ancestor or descendant, -may share any of the same CPUs or memory nodes. -.P -A cpuset that is -.I mem_exclusive -restricts kernel allocations for -buffer cache pages and other internal kernel data pages -commonly shared by the kernel across -multiple users. -All cpusets, whether -.I mem_exclusive -or not, restrict allocations of memory for user space. -This enables configuring a -system so that several independent jobs can share common kernel data, -while isolating each job's user allocation in -its own cpuset. -To do this, construct a large -.I mem_exclusive -cpuset to hold all the jobs, and construct child, -.RI non- mem_exclusive -cpusets for each individual job. -Only a small amount of kernel memory, -such as requests from interrupt handlers, is allowed to be -placed on memory nodes -outside even a -.I mem_exclusive -cpuset. -.\" ================== Hardwall ================== -.SS Hardwall -A cpuset that has -.I mem_exclusive -or -.I mem_hardwall -set is a -.I hardwall -cpuset. -A -.I hardwall -cpuset restricts kernel allocations for page, buffer, -and other data commonly shared by the kernel across multiple users. -All cpusets, whether -.I hardwall -or not, restrict allocations of memory for user space. -.P -This enables configuring a system so that several independent -jobs can share common kernel data, such as filesystem pages, -while isolating each job's user allocation in its own cpuset. -To do this, construct a large -.I hardwall -cpuset to hold -all the jobs, and construct child cpusets for each individual -job which are not -.I hardwall -cpusets. -.P -Only a small amount of kernel memory, such as requests from -interrupt handlers, is allowed to be taken outside even a -.I hardwall -cpuset. -.\" ================== Notify On Release ================== -.SS Notify on release -If the -.I notify_on_release -flag is enabled (1) in a cpuset, -then whenever the last process in the cpuset leaves -(exits or attaches to some other cpuset) -and the last child cpuset of that cpuset is removed, -the kernel will run the command -.IR /sbin/cpuset_release_agent , -supplying the pathname (relative to the mount point of the -cpuset filesystem) of the abandoned cpuset. -This enables automatic removal of abandoned cpusets. -.P -The default value of -.I notify_on_release -in the root cpuset at system boot is disabled (0). -The default value of other cpusets at creation -is the current value of their parent's -.I notify_on_release -setting. -.P -The command -.I /sbin/cpuset_release_agent -is invoked, with the name -.RI ( /dev/cpuset -relative path) -of the to-be-released cpuset in -.IR argv[1] . -.P -The usual contents of the command -.I /sbin/cpuset_release_agent -is simply the shell script: -.P -.in +4n -.EX -#!/bin/sh -rmdir /dev/cpuset/$1 -.EE -.in -.P -As with other flag values below, this flag can -be changed by writing an ASCII -number 0 or 1 (with optional trailing newline) -into the file, to clear or set the flag, respectively. -.\" ================== Memory Pressure ================== -.SS Memory pressure -The -.I memory_pressure -of a cpuset provides a simple per-cpuset running average of -the rate that the processes in a cpuset are attempting to free up in-use -memory on the nodes of the cpuset to satisfy additional memory requests. -.P -This enables batch managers that are monitoring jobs running in dedicated -cpusets to efficiently detect what level of memory pressure that job -is causing. -.P -This is useful both on tightly managed systems running a wide mix of -submitted jobs, which may choose to terminate or reprioritize jobs that -are trying to use more memory than allowed on the nodes assigned them, -and with tightly coupled, long-running, massively parallel scientific -computing jobs that will dramatically fail to meet required performance -goals if they start to use more memory than allowed to them. -.P -This mechanism provides a very economical way for the batch manager -to monitor a cpuset for signs of memory pressure. -It's up to the batch manager or other user code to decide -what action to take if it detects signs of memory pressure. -.P -Unless memory pressure calculation is enabled by setting the pseudo-file -.IR /dev/cpuset/cpuset.memory_pressure_enabled , -it is not computed for any cpuset, and reads from any -.I memory_pressure -always return zero, as represented by the ASCII string "0\en". -See the \fBWARNINGS\fR section, below. -.P -A per-cpuset, running average is employed for the following reasons: -.IP \[bu] 3 -Because this meter is per-cpuset rather than per-process or per virtual -memory region, the system load imposed by a batch scheduler monitoring -this metric is sharply reduced on large systems, because a scan of -the tasklist can be avoided on each set of queries. -.IP \[bu] -Because this meter is a running average rather than an accumulating -counter, a batch scheduler can detect memory pressure with a -single read, instead of having to read and accumulate results -for a period of time. -.IP \[bu] -Because this meter is per-cpuset rather than per-process, -the batch scheduler can obtain the key information\[em]memory -pressure in a cpuset\[em]with a single read, rather than having to -query and accumulate results over all the (dynamically changing) -set of processes in the cpuset. -.P -The -.I memory_pressure -of a cpuset is calculated using a per-cpuset simple digital filter -that is kept within the kernel. -For each cpuset, this filter tracks -the recent rate at which processes attached to that cpuset enter the -kernel direct reclaim code. -.P -The kernel direct reclaim code is entered whenever a process has to -satisfy a memory page request by first finding some other page to -repurpose, due to lack of any readily available already free pages. -Dirty filesystem pages are repurposed by first writing them -to disk. -Unmodified filesystem buffer pages are repurposed -by simply dropping them, though if that page is needed again, it -will have to be reread from disk. -.P -The -.I cpuset.memory_pressure -file provides an integer number representing the recent (half-life of -10 seconds) rate of entries to the direct reclaim code caused by any -process in the cpuset, in units of reclaims attempted per second, -times 1000. -.\" ================== Memory Spread ================== -.SS Memory spread -There are two Boolean flag files per cpuset that control where the -kernel allocates pages for the filesystem buffers and related -in-kernel data structures. -They are called -.I cpuset.memory_spread_page -and -.IR cpuset.memory_spread_slab . -.P -If the per-cpuset Boolean flag file -.I cpuset.memory_spread_page -is set, then -the kernel will spread the filesystem buffers (page cache) evenly -over all the nodes that the faulting process is allowed to use, instead -of preferring to put those pages on the node where the process is running. -.P -If the per-cpuset Boolean flag file -.I cpuset.memory_spread_slab -is set, -then the kernel will spread some filesystem-related slab caches, -such as those for inodes and directory entries, evenly over all the nodes -that the faulting process is allowed to use, instead of preferring to -put those pages on the node where the process is running. -.P -The setting of these flags does not affect the data segment -(see -.BR brk (2)) -or stack segment pages of a process. -.P -By default, both kinds of memory spreading are off and the kernel -prefers to allocate memory pages on the node local to where the -requesting process is running. -If that node is not allowed by the -process's NUMA memory policy or cpuset configuration or if there are -insufficient free memory pages on that node, then the kernel looks -for the nearest node that is allowed and has sufficient free memory. -.P -When new cpusets are created, they inherit the memory spread settings -of their parent. -.P -Setting memory spreading causes allocations for the affected page or -slab caches to ignore the process's NUMA memory policy and be spread -instead. -However, the effect of these changes in memory placement -caused by cpuset-specified memory spreading is hidden from the -.BR mbind (2) -or -.BR set_mempolicy (2) -calls. -These two NUMA memory policy calls always appear to behave as if -no cpuset-specified memory spreading is in effect, even if it is. -If cpuset memory spreading is subsequently turned off, the NUMA -memory policy most recently specified by these calls is automatically -reapplied. -.P -Both -.I cpuset.memory_spread_page -and -.I cpuset.memory_spread_slab -are Boolean flag files. -By default, they contain "0", meaning that the feature is off -for that cpuset. -If a "1" is written to that file, that turns the named feature on. -.P -Cpuset-specified memory spreading behaves similarly to what is known -(in other contexts) as round-robin or interleave memory placement. -.P -Cpuset-specified memory spreading can provide substantial performance -improvements for jobs that: -.IP \[bu] 3 -need to place thread-local data on -memory nodes close to the CPUs which are running the threads that most -frequently access that data; but also -.IP \[bu] -need to access large filesystem data sets that must to be spread -across the several nodes in the job's cpuset in order to fit. -.P -Without this policy, -the memory allocation across the nodes in the job's cpuset -can become very uneven, -especially for jobs that might have just a single -thread initializing or reading in the data set. -.\" ================== Memory Migration ================== -.SS Memory migration -Normally, under the default setting (disabled) of -.IR cpuset.memory_migrate , -once a page is allocated (given a physical page -of main memory), then that page stays on whatever node it -was allocated, so long as it remains allocated, even if the -cpuset's memory-placement policy -.I mems -subsequently changes. -.P -When memory migration is enabled in a cpuset, if the -.I mems -setting of the cpuset is changed, then any memory page in use by any -process in the cpuset that is on a memory node that is no longer -allowed will be migrated to a memory node that is allowed. -.P -Furthermore, if a process is moved into a cpuset with -.I memory_migrate -enabled, any memory pages it uses that were on memory nodes allowed -in its previous cpuset, but which are not allowed in its new cpuset, -will be migrated to a memory node allowed in the new cpuset. -.P -The relative placement of a migrated page within -the cpuset is preserved during these migration operations if possible. -For example, -if the page was on the second valid node of the prior cpuset, -then the page will be placed on the second valid node of the new cpuset, -if possible. -.\" ================== Scheduler Load Balancing ================== -.SS Scheduler load balancing -The kernel scheduler automatically load balances processes. -If one CPU is underutilized, -the kernel will look for processes on other more -overloaded CPUs and move those processes to the underutilized CPU, -within the constraints of such placement mechanisms as cpusets and -.BR sched_setaffinity (2). -.P -The algorithmic cost of load balancing and its impact on key shared -kernel data structures such as the process list increases more than -linearly with the number of CPUs being balanced. -For example, it -costs more to load balance across one large set of CPUs than it does -to balance across two smaller sets of CPUs, each of half the size -of the larger set. -(The precise relationship between the number of CPUs being balanced -and the cost of load balancing depends -on implementation details of the kernel process scheduler, which is -subject to change over time, as improved kernel scheduler algorithms -are implemented.) -.P -The per-cpuset flag -.I sched_load_balance -provides a mechanism to suppress this automatic scheduler load -balancing in cases where it is not needed and suppressing it would have -worthwhile performance benefits. -.P -By default, load balancing is done across all CPUs, except those -marked isolated using the kernel boot time "isolcpus=" argument. -(See \fBScheduler Relax Domain Level\fR, below, to change this default.) -.P -This default load balancing across all CPUs is not well suited to -the following two situations: -.IP \[bu] 3 -On large systems, load balancing across many CPUs is expensive. -If the system is managed using cpusets to place independent jobs -on separate sets of CPUs, full load balancing is unnecessary. -.IP \[bu] -Systems supporting real-time on some CPUs need to minimize -system overhead on those CPUs, including avoiding process load -balancing if that is not needed. -.P -When the per-cpuset flag -.I sched_load_balance -is enabled (the default setting), -it requests load balancing across -all the CPUs in that cpuset's allowed CPUs, -ensuring that load balancing can move a process (not otherwise pinned, -as by -.BR sched_setaffinity (2)) -from any CPU in that cpuset to any other. -.P -When the per-cpuset flag -.I sched_load_balance -is disabled, then the -scheduler will avoid load balancing across the CPUs in that cpuset, -\fIexcept\fR in so far as is necessary because some overlapping cpuset -has -.I sched_load_balance -enabled. -.P -So, for example, if the top cpuset has the flag -.I sched_load_balance -enabled, then the scheduler will load balance across all -CPUs, and the setting of the -.I sched_load_balance -flag in other cpusets has no effect, -as we're already fully load balancing. -.P -Therefore in the above two situations, the flag -.I sched_load_balance -should be disabled in the top cpuset, and only some of the smaller, -child cpusets would have this flag enabled. -.P -When doing this, you don't usually want to leave any unpinned processes in -the top cpuset that might use nontrivial amounts of CPU, as such processes -may be artificially constrained to some subset of CPUs, depending on -the particulars of this flag setting in descendant cpusets. -Even if such a process could use spare CPU cycles in some other CPUs, -the kernel scheduler might not consider the possibility of -load balancing that process to the underused CPU. -.P -Of course, processes pinned to a particular CPU can be left in a cpuset -that disables -.I sched_load_balance -as those processes aren't going anywhere else anyway. -.\" ================== Scheduler Relax Domain Level ================== -.SS Scheduler relax domain level -The kernel scheduler performs immediate load balancing whenever -a CPU becomes free or another task becomes runnable. -This load -balancing works to ensure that as many CPUs as possible are usefully -employed running tasks. -The kernel also performs periodic load -balancing off the software clock described in -.BR time (7). -The setting of -.I sched_relax_domain_level -applies only to immediate load balancing. -Regardless of the -.I sched_relax_domain_level -setting, periodic load balancing is attempted over all CPUs -(unless disabled by turning off -.IR sched_load_balance .) -In any case, of course, tasks will be scheduled to run only on -CPUs allowed by their cpuset, as modified by -.BR sched_setaffinity (2) -system calls. -.P -On small systems, such as those with just a few CPUs, immediate load -balancing is useful to improve system interactivity and to minimize -wasteful idle CPU cycles. -But on large systems, attempting immediate -load balancing across a large number of CPUs can be more costly than -it is worth, depending on the particular performance characteristics -of the job mix and the hardware. -.P -The exact meaning of the small integer values of -.I sched_relax_domain_level -will depend on internal -implementation details of the kernel scheduler code and on the -non-uniform architecture of the hardware. -Both of these will evolve -over time and vary by system architecture and kernel version. -.P -As of this writing, when this capability was introduced in Linux -2.6.26, on certain popular architectures, the positive values of -.I sched_relax_domain_level -have the following meanings. -.P -.PD 0 -.TP -.B 1 -Perform immediate load balancing across Hyper-Thread -siblings on the same core. -.TP -.B 2 -Perform immediate load balancing across other cores in the same package. -.TP -.B 3 -Perform immediate load balancing across other CPUs -on the same node or blade. -.TP -.B 4 -Perform immediate load balancing across over several -(implementation detail) nodes [On NUMA systems]. -.TP -.B 5 -Perform immediate load balancing across over all CPUs -in system [On NUMA systems]. -.PD -.P -The -.I sched_relax_domain_level -value of zero (0) always means -don't perform immediate load balancing, -hence that load balancing is done only periodically, -not immediately when a CPU becomes available or another task becomes -runnable. -.P -The -.I sched_relax_domain_level -value of minus one (\-1) -always means use the system default value. -The system default value can vary by architecture and kernel version. -This system default value can be changed by kernel -boot-time "relax_domain_level=" argument. -.P -In the case of multiple overlapping cpusets which have conflicting -.I sched_relax_domain_level -values, then the highest such value -applies to all CPUs in any of the overlapping cpusets. -In such cases, -.B \-1 -is the lowest value, -overridden by any other value, -and -.B 0 -is the next lowest value. -.SH FORMATS -The following formats are used to represent sets of -CPUs and memory nodes. -.\" ================== Mask Format ================== -.SS Mask format -The \fBMask Format\fR is used to represent CPU and memory-node bit masks -in the -.IR /proc/ pid /status -file. -.P -This format displays each 32-bit -word in hexadecimal (using ASCII characters "0" - "9" and "a" - "f"); -words are filled with leading zeros, if required. -For masks longer than one word, a comma separator is used between words. -Words are displayed in big-endian -order, which has the most significant bit first. -The hex digits within a word are also in big-endian order. -.P -The number of 32-bit words displayed is the minimum number needed to -display all bits of the bit mask, based on the size of the bit mask. -.P -Examples of the \fBMask Format\fR: -.P -.in +4n -.EX -00000001 # just bit 0 set -40000000,00000000,00000000 # just bit 94 set -00000001,00000000,00000000 # just bit 64 set -000000ff,00000000 # bits 32\-39 set -00000000,000e3862 # 1,5,6,11\-13,17\-19 set -.EE -.in -.P -A mask with bits 0, 1, 2, 4, 8, 16, 32, and 64 set displays as: -.P -.in +4n -.EX -00000001,00000001,00010117 -.EE -.in -.P -The first "1" is for bit 64, the -second for bit 32, the third for bit 16, the fourth for bit 8, the -fifth for bit 4, and the "7" is for bits 2, 1, and 0. -.\" ================== List Format ================== -.SS List format -The \fBList Format\fR for -.I cpus -and -.I mems -is a comma-separated list of CPU or memory-node -numbers and ranges of numbers, in ASCII decimal. -.P -Examples of the \fBList Format\fR: -.P -.in +4n -.EX -0\-4,9 # bits 0, 1, 2, 3, 4, and 9 set -0\-2,7,12\-14 # bits 0, 1, 2, 7, 12, 13, and 14 set -.EE -.in -.\" ================== RULES ================== -.SH RULES -The following rules apply to each cpuset: -.IP \[bu] 3 -Its CPUs and memory nodes must be a (possibly equal) -subset of its parent's. -.IP \[bu] -It can be marked -.I cpu_exclusive -only if its parent is. -.IP \[bu] -It can be marked -.I mem_exclusive -only if its parent is. -.IP \[bu] -If it is -.IR cpu_exclusive , -its CPUs may not overlap any sibling. -.IP \[bu] -If it is -.IR mem_exclusive , -its memory nodes may not overlap any sibling. -.\" ================== PERMISSIONS ================== -.SH PERMISSIONS -The permissions of a cpuset are determined by the permissions -of the directories and pseudo-files in the cpuset filesystem, -normally mounted at -.IR /dev/cpuset . -.P -For instance, a process can put itself in some other cpuset (than -its current one) if it can write the -.I tasks -file for that cpuset. -This requires execute permission on the encompassing directories -and write permission on the -.I tasks -file. -.P -An additional constraint is applied to requests to place some -other process in a cpuset. -One process may not attach another to -a cpuset unless it would have permission to send that process -a signal (see -.BR kill (2)). -.P -A process may create a child cpuset if it can access and write the -parent cpuset directory. -It can modify the CPUs or memory nodes -in a cpuset if it can access that cpuset's directory (execute -permissions on the each of the parent directories) and write the -corresponding -.I cpus -or -.I mems -file. -.P -There is one minor difference between the manner in which these -permissions are evaluated and the manner in which normal filesystem -operation permissions are evaluated. -The kernel interprets -relative pathnames starting at a process's current working directory. -Even if one is operating on a cpuset file, relative pathnames -are interpreted relative to the process's current working directory, -not relative to the process's current cpuset. -The only ways that -cpuset paths relative to a process's current cpuset can be used are -if either the process's current working directory is its cpuset -(it first did a -.B cd -or -.BR chdir (2) -to its cpuset directory beneath -.IR /dev/cpuset , -which is a bit unusual) -or if some user code converts the relative cpuset path to a -full filesystem path. -.P -In theory, this means that user code should specify cpusets -using absolute pathnames, which requires knowing the mount point of -the cpuset filesystem (usually, but not necessarily, -.IR /dev/cpuset ). -In practice, all user level code that this author is aware of -simply assumes that if the cpuset filesystem is mounted, then -it is mounted at -.IR /dev/cpuset . -Furthermore, it is common practice for carefully written -user code to verify the presence of the pseudo-file -.I /dev/cpuset/tasks -in order to verify that the cpuset pseudo-filesystem -is currently mounted. -.\" ================== WARNINGS ================== -.SH WARNINGS -.SS Enabling memory_pressure -By default, the per-cpuset file -.I cpuset.memory_pressure -always contains zero (0). -Unless this feature is enabled by writing "1" to the pseudo-file -.IR /dev/cpuset/cpuset.memory_pressure_enabled , -the kernel does -not compute per-cpuset -.IR memory_pressure . -.SS Using the echo command -When using the -.B echo -command at the shell prompt to change the values of cpuset files, -beware that the built-in -.B echo -command in some shells does not display an error message if the -.BR write (2) -system call fails. -.\" Gack! csh(1)'s echo does this -For example, if the command: -.P -.in +4n -.EX -echo 19 > cpuset.mems -.EE -.in -.P -failed because memory node 19 was not allowed (perhaps -the current system does not have a memory node 19), then the -.B echo -command might not display any error. -It is better to use the -.B /bin/echo -external command to change cpuset file settings, as this -command will display -.BR write (2) -errors, as in the example: -.P -.in +4n -.EX -/bin/echo 19 > cpuset.mems -/bin/echo: write error: Invalid argument -.EE -.in -.\" ================== EXCEPTIONS ================== -.SH EXCEPTIONS -.SS Memory placement -Not all allocations of system memory are constrained by cpusets, -for the following reasons. -.P -If hot-plug functionality is used to remove all the CPUs that are -currently assigned to a cpuset, then the kernel will automatically -update the -.I cpus_allowed -of all processes attached to CPUs in that cpuset -to allow all CPUs. -When memory hot-plug functionality for removing -memory nodes is available, a similar exception is expected to apply -there as well. -In general, the kernel prefers to violate cpuset placement, -rather than starving a process that has had all its allowed CPUs or -memory nodes taken offline. -User code should reconfigure cpusets to refer only to online CPUs -and memory nodes when using hot-plug to add or remove such resources. -.P -A few kernel-critical, internal memory-allocation requests, marked -GFP_ATOMIC, must be satisfied immediately. -The kernel may drop some -request or malfunction if one of these allocations fail. -If such a request cannot be satisfied within the current process's cpuset, -then we relax the cpuset, and look for memory anywhere we can find it. -It's better to violate the cpuset than stress the kernel. -.P -Allocations of memory requested by kernel drivers while processing -an interrupt lack any relevant process context, and are not confined -by cpusets. -.SS Renaming cpusets -You can use the -.BR rename (2) -system call to rename cpusets. -Only simple renaming is supported; that is, changing the name of a cpuset -directory is permitted, but moving a directory into -a different directory is not permitted. -.\" ================== ERRORS ================== -.SH ERRORS -The Linux kernel implementation of cpusets sets -.I errno -to specify the reason for a failed system call affecting cpusets. -.P -The possible -.I errno -settings and their meaning when set on -a failed cpuset call are as listed below. -.TP -.B E2BIG -Attempted a -.BR write (2) -on a special cpuset file -with a length larger than some kernel-determined upper -limit on the length of such writes. -.TP -.B EACCES -Attempted to -.BR write (2) -the process ID (PID) of a process to a cpuset -.I tasks -file when one lacks permission to move that process. -.TP -.B EACCES -Attempted to add, using -.BR write (2), -a CPU or memory node to a cpuset, when that CPU or memory node was -not already in its parent. -.TP -.B EACCES -Attempted to set, using -.BR write (2), -.I cpuset.cpu_exclusive -or -.I cpuset.mem_exclusive -on a cpuset whose parent lacks the same setting. -.TP -.B EACCES -Attempted to -.BR write (2) -a -.I cpuset.memory_pressure -file. -.TP -.B EACCES -Attempted to create a file in a cpuset directory. -.TP -.B EBUSY -Attempted to remove, using -.BR rmdir (2), -a cpuset with attached processes. -.TP -.B EBUSY -Attempted to remove, using -.BR rmdir (2), -a cpuset with child cpusets. -.TP -.B EBUSY -Attempted to remove -a CPU or memory node from a cpuset -that is also in a child of that cpuset. -.TP -.B EEXIST -Attempted to create, using -.BR mkdir (2), -a cpuset that already exists. -.TP -.B EEXIST -Attempted to -.BR rename (2) -a cpuset to a name that already exists. -.TP -.B EFAULT -Attempted to -.BR read (2) -or -.BR write (2) -a cpuset file using -a buffer that is outside the writing processes accessible address space. -.TP -.B EINVAL -Attempted to change a cpuset, using -.BR write (2), -in a way that would violate a -.I cpu_exclusive -or -.I mem_exclusive -attribute of that cpuset or any of its siblings. -.TP -.B EINVAL -Attempted to -.BR write (2) -an empty -.I cpuset.cpus -or -.I cpuset.mems -list to a cpuset which has attached processes or child cpusets. -.TP -.B EINVAL -Attempted to -.BR write (2) -a -.I cpuset.cpus -or -.I cpuset.mems -list which included a range with the second number smaller than -the first number. -.TP -.B EINVAL -Attempted to -.BR write (2) -a -.I cpuset.cpus -or -.I cpuset.mems -list which included an invalid character in the string. -.TP -.B EINVAL -Attempted to -.BR write (2) -a list to a -.I cpuset.cpus -file that did not include any online CPUs. -.TP -.B EINVAL -Attempted to -.BR write (2) -a list to a -.I cpuset.mems -file that did not include any online memory nodes. -.TP -.B EINVAL -Attempted to -.BR write (2) -a list to a -.I cpuset.mems -file that included a node that held no memory. -.TP -.B EIO -Attempted to -.BR write (2) -a string to a cpuset -.I tasks -file that -does not begin with an ASCII decimal integer. -.TP -.B EIO -Attempted to -.BR rename (2) -a cpuset into a different directory. -.TP -.B ENAMETOOLONG -Attempted to -.BR read (2) -a -.IR /proc/ pid /cpuset -file for a cpuset path that is longer than the kernel page size. -.TP -.B ENAMETOOLONG -Attempted to create, using -.BR mkdir (2), -a cpuset whose base directory name is longer than 255 characters. -.TP -.B ENAMETOOLONG -Attempted to create, using -.BR mkdir (2), -a cpuset whose full pathname, -including the mount point (typically "/dev/cpuset/") prefix, -is longer than 4095 characters. -.TP -.B ENODEV -The cpuset was removed by another process at the same time as a -.BR write (2) -was attempted on one of the pseudo-files in the cpuset directory. -.TP -.B ENOENT -Attempted to create, using -.BR mkdir (2), -a cpuset in a parent cpuset that doesn't exist. -.TP -.B ENOENT -Attempted to -.BR access (2) -or -.BR open (2) -a nonexistent file in a cpuset directory. -.TP -.B ENOMEM -Insufficient memory is available within the kernel; can occur -on a variety of system calls affecting cpusets, but only if the -system is extremely short of memory. -.TP -.B ENOSPC -Attempted to -.BR write (2) -the process ID (PID) -of a process to a cpuset -.I tasks -file when the cpuset had an empty -.I cpuset.cpus -or empty -.I cpuset.mems -setting. -.TP -.B ENOSPC -Attempted to -.BR write (2) -an empty -.I cpuset.cpus -or -.I cpuset.mems -setting to a cpuset that -has tasks attached. -.TP -.B ENOTDIR -Attempted to -.BR rename (2) -a nonexistent cpuset. -.TP -.B EPERM -Attempted to remove a file from a cpuset directory. -.TP -.B ERANGE -Specified a -.I cpuset.cpus -or -.I cpuset.mems -list to the kernel which included a number too large for the kernel -to set in its bit masks. -.TP -.B ESRCH -Attempted to -.BR write (2) -the process ID (PID) of a nonexistent process to a cpuset -.I tasks -file. -.\" ================== VERSIONS ================== -.SH VERSIONS -Cpusets appeared in Linux 2.6.12. -.\" ================== NOTES ================== -.SH NOTES -Despite its name, the -.I pid -parameter is actually a thread ID, -and each thread in a threaded group can be attached to a different -cpuset. -The value returned from a call to -.BR gettid (2) -can be passed in the argument -.IR pid . -.\" ================== BUGS ================== -.SH BUGS -.I cpuset.memory_pressure -cpuset files can be opened -for writing, creation, or truncation, but then the -.BR write (2) -fails with -.I errno -set to -.BR EACCES , -and the creation and truncation options on -.BR open (2) -have no effect. -.\" ================== EXAMPLES ================== -.SH EXAMPLES -The following examples demonstrate querying and setting cpuset -options using shell commands. -.SS Creating and attaching to a cpuset. -To create a new cpuset and attach the current command shell to it, -the steps are: -.P -.PD 0 -.IP (1) 5 -mkdir /dev/cpuset (if not already done) -.IP (2) -mount \-t cpuset none /dev/cpuset (if not already done) -.IP (3) -Create the new cpuset using -.BR mkdir (1). -.IP (4) -Assign CPUs and memory nodes to the new cpuset. -.IP (5) -Attach the shell to the new cpuset. -.PD -.P -For example, the following sequence of commands will set up a cpuset -named "Charlie", containing just CPUs 2 and 3, and memory node 1, -and then attach the current shell to that cpuset. -.P -.in +4n -.EX -.RB "$" " mkdir /dev/cpuset" -.RB "$" " mount \-t cpuset cpuset /dev/cpuset" -.RB "$" " cd /dev/cpuset" -.RB "$" " mkdir Charlie" -.RB "$" " cd Charlie" -.RB "$" " /bin/echo 2\-3 > cpuset.cpus" -.RB "$" " /bin/echo 1 > cpuset.mems" -.RB "$" " /bin/echo $$ > tasks" -# The current shell is now running in cpuset Charlie -# The next line should display \[aq]/Charlie\[aq] -.RB "$" " cat /proc/self/cpuset" -.EE -.in -.\" -.SS Migrating a job to different memory nodes. -To migrate a job (the set of processes attached to a cpuset) -to different CPUs and memory nodes in the system, including moving -the memory pages currently allocated to that job, -perform the following steps. -.P -.PD 0 -.IP (1) 5 -Let's say we want to move the job in cpuset -.I alpha -(CPUs 4\[en]7 and memory nodes 2\[en]3) to a new cpuset -.I beta -(CPUs 16\[en]19 and memory nodes 8\[en]9). -.IP (2) -First create the new cpuset -.IR beta . -.IP (3) -Then allow CPUs 16\[en]19 and memory nodes 8\[en]9 in -.IR beta . -.IP (4) -Then enable -.I memory_migration -in -.IR beta . -.IP (5) -Then move each process from -.I alpha -to -.IR beta . -.PD -.P -The following sequence of commands accomplishes this. -.P -.in +4n -.EX -.RB "$" " cd /dev/cpuset" -.RB "$" " mkdir beta" -.RB "$" " cd beta" -.RB "$" " /bin/echo 16\-19 > cpuset.cpus" -.RB "$" " /bin/echo 8\-9 > cpuset.mems" -.RB "$" " /bin/echo 1 > cpuset.memory_migrate" -.RB "$" " while read i; do /bin/echo $i; done < ../alpha/tasks > tasks" -.EE -.in -.P -The above should move any processes in -.I alpha -to -.IR beta , -and any memory held by these processes on memory nodes 2\[en]3 to memory -nodes 8\[en]9, respectively. -.P -Notice that the last step of the above sequence did not do: -.P -.in +4n -.EX -.RB "$" " cp ../alpha/tasks tasks" -.EE -.in -.P -The -.I while -loop, rather than the seemingly easier use of the -.BR cp (1) -command, was necessary because -only one process PID at a time may be written to the -.I tasks -file. -.P -The same effect (writing one PID at a time) as the -.I while -loop can be accomplished more efficiently, in fewer keystrokes and in -syntax that works on any shell, but alas more obscurely, by using the -.B \-u -(unbuffered) option of -.BR sed (1): -.P -.in +4n -.EX -.RB "$" " sed \-un p < ../alpha/tasks > tasks" -.EE -.in -.\" ================== SEE ALSO ================== -.SH SEE ALSO -.BR taskset (1), -.BR get_mempolicy (2), -.BR getcpu (2), -.BR mbind (2), -.BR sched_getaffinity (2), -.BR sched_setaffinity (2), -.BR sched_setscheduler (2), -.BR set_mempolicy (2), -.BR CPU_SET (3), -.BR proc (5), -.BR cgroups (7), -.BR numa (7), -.BR sched (7), -.BR migratepages (8), -.BR numactl (8) -.P -.I Documentation/admin\-guide/cgroup\-v1/cpusets.rst -in the Linux kernel source tree -.\" commit 45ce80fb6b6f9594d1396d44dd7e7c02d596fef8 -(or -.I Documentation/cgroup\-v1/cpusets.txt -before Linux 4.18, and -.I Documentation/cpusets.txt -before Linux 2.6.29) diff --git a/man7/credentials.7 b/man7/credentials.7 deleted file mode 100644 index ddade68..0000000 --- a/man7/credentials.7 +++ /dev/null @@ -1,384 +0,0 @@ -.\" Copyright (c) 2007 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" 2007-06-13 Creation -.\" -.TH credentials 7 2023-11-19 "Linux man-pages 6.7" -.SH NAME -credentials \- process identifiers -.SH DESCRIPTION -.SS Process ID (PID) -Each process has a unique nonnegative integer identifier -that is assigned when the process is created using -.BR fork (2). -A process can obtain its PID using -.BR getpid (2). -A PID is represented using the type -.I pid_t -(defined in -.IR ). -.P -PIDs are used in a range of system calls to identify the process -affected by the call, for example: -.BR kill (2), -.BR ptrace (2), -.BR setpriority (2), -.\" .BR sched_rr_get_interval (2), -.\" .BR sched_getaffinity (2), -.\" .BR sched_setaffinity (2), -.\" .BR sched_getparam (2), -.\" .BR sched_setparam (2), -.\" .BR sched_setscheduler (2), -.\" .BR sched_getscheduler (2), -.BR setpgid (2), -.\" .BR getsid (2), -.BR setsid (2), -.BR sigqueue (3), -and -.BR waitpid (2). -.\" .BR waitid (2), -.\" .BR wait4 (2), -.P -A process's PID is preserved across an -.BR execve (2). -.SS Parent process ID (PPID) -A process's parent process ID identifies the process that created -this process using -.BR fork (2). -A process can obtain its PPID using -.BR getppid (2). -A PPID is represented using the type -.IR pid_t . -.P -A process's PPID is preserved across an -.BR execve (2). -.SS Process group ID and session ID -Each process has a session ID and a process group ID, -both represented using the type -.IR pid_t . -A process can obtain its session ID using -.BR getsid (2), -and its process group ID using -.BR getpgrp (2). -.P -A child created by -.BR fork (2) -inherits its parent's session ID and process group ID. -A process's session ID and process group ID are preserved across an -.BR execve (2). -.P -Sessions and process groups are abstractions devised to support shell -job control. -A process group (sometimes called a "job") is a collection of -processes that share the same process group ID; -the shell creates a new process group for the process(es) used -to execute single command or pipeline (e.g., the two processes -created to execute the command "ls\ |\ wc" are placed in the -same process group). -A process's group membership can be set using -.BR setpgid (2). -The process whose process ID is the same as its process group ID is the -\fIprocess group leader\fP for that group. -.P -A session is a collection of processes that share the same session ID. -All of the members of a process group also have the same session ID -(i.e., all of the members of a process group always belong to the -same session, so that sessions and process groups form a strict -two-level hierarchy of processes.) -A new session is created when a process calls -.BR setsid (2), -which creates a new session whose session ID is the same -as the PID of the process that called -.BR setsid (2). -The creator of the session is called the \fIsession leader\fP. -.P -All of the processes in a session share a -.IR "controlling terminal" . -The controlling terminal is established when the session leader -first opens a terminal (unless the -.B O_NOCTTY -flag is specified when calling -.BR open (2)). -A terminal may be the controlling terminal of at most one session. -.P -At most one of the jobs in a session may be the -.IR "foreground job" ; -other jobs in the session are -.IR "background jobs" . -Only the foreground job may read from the terminal; -when a process in the background attempts to read from the terminal, -its process group is sent a -.B SIGTTIN -signal, which suspends the job. -If the -.B TOSTOP -flag has been set for the terminal (see -.BR termios (3)), -then only the foreground job may write to the terminal; -writes from background jobs cause a -.B SIGTTOU -signal to be generated, which suspends the job. -When terminal keys that generate a signal (such as the -.I interrupt -key, normally control-C) -are pressed, the signal is sent to the processes in the foreground job. -.P -Various system calls and library functions -may operate on all members of a process group, -including -.BR kill (2), -.BR killpg (3), -.BR getpriority (2), -.BR setpriority (2), -.BR ioprio_get (2), -.BR ioprio_set (2), -.BR waitid (2), -and -.BR waitpid (2). -See also the discussion of the -.BR F_GETOWN , -.BR F_GETOWN_EX , -.BR F_SETOWN , -and -.B F_SETOWN_EX -operations in -.BR fcntl (2). -.SS User and group identifiers -Each process has various associated user and group IDs. -These IDs are integers, respectively represented using the types -.I uid_t -and -.I gid_t -(defined in -.IR ). -.P -On Linux, each process has the following user and group identifiers: -.IP \[bu] 3 -Real user ID and real group ID. -These IDs determine who owns the process. -A process can obtain its real user (group) ID using -.BR getuid (2) -.RB ( getgid (2)). -.IP \[bu] -Effective user ID and effective group ID. -These IDs are used by the kernel to determine the permissions -that the process will have when accessing shared resources such -as message queues, shared memory, and semaphores. -On most UNIX systems, these IDs also determine the -permissions when accessing files. -However, Linux uses the filesystem IDs described below -for this task. -A process can obtain its effective user (group) ID using -.BR geteuid (2) -.RB ( getegid (2)). -.IP \[bu] -Saved set-user-ID and saved set-group-ID. -These IDs are used in set-user-ID and set-group-ID programs to save -a copy of the corresponding effective IDs that were set when -the program was executed (see -.BR execve (2)). -A set-user-ID program can assume and drop privileges by -switching its effective user ID back and forth between the values -in its real user ID and saved set-user-ID. -This switching is done via calls to -.BR seteuid (2), -.BR setreuid (2), -or -.BR setresuid (2). -A set-group-ID program performs the analogous tasks using -.BR setegid (2), -.BR setregid (2), -or -.BR setresgid (2). -A process can obtain its saved set-user-ID (set-group-ID) using -.BR getresuid (2) -.RB ( getresgid (2)). -.IP \[bu] -Filesystem user ID and filesystem group ID (Linux-specific). -These IDs, in conjunction with the supplementary group IDs described -below, are used to determine permissions for accessing files; see -.BR path_resolution (7) -for details. -Whenever a process's effective user (group) ID is changed, -the kernel also automatically changes the filesystem user (group) ID -to the same value. -Consequently, the filesystem IDs normally have the same values -as the corresponding effective ID, and the semantics for file-permission -checks are thus the same on Linux as on other UNIX systems. -The filesystem IDs can be made to differ from the effective IDs -by calling -.BR setfsuid (2) -and -.BR setfsgid (2). -.IP \[bu] -Supplementary group IDs. -This is a set of additional group IDs that are used for permission -checks when accessing files and other shared resources. -Before Linux 2.6.4, -a process can be a member of up to 32 supplementary groups; -since Linux 2.6.4, -a process can be a member of up to 65536 supplementary groups. -The call -.I sysconf(_SC_NGROUPS_MAX) -can be used to determine the number of supplementary groups -of which a process may be a member. -.\" Since Linux 2.6.4, the limit is visible via the read-only file -.\" /proc/sys/kernel/ngroups_max. -.\" As at 2.6.22-rc2, this file is still read-only. -A process can obtain its set of supplementary group IDs using -.BR getgroups (2). -.P -A child process created by -.BR fork (2) -inherits copies of its parent's user and groups IDs. -During an -.BR execve (2), -a process's real user and group ID and supplementary -group IDs are preserved; -the effective and saved set IDs may be changed, as described in -.BR execve (2). -.P -Aside from the purposes noted above, -a process's user IDs are also employed in a number of other contexts: -.IP \[bu] 3 -when determining the permissions for sending signals (see -.BR kill (2)); -.IP \[bu] -when determining the permissions for setting -process-scheduling parameters (nice value, real time -scheduling policy and priority, CPU affinity, I/O priority) using -.BR setpriority (2), -.BR sched_setaffinity (2), -.BR sched_setscheduler (2), -.BR sched_setparam (2), -.BR sched_setattr (2), -and -.BR ioprio_set (2); -.IP \[bu] -when checking resource limits (see -.BR getrlimit (2)); -.IP \[bu] -when checking the limit on the number of inotify instances -that the process may create (see -.BR inotify (7)). -.\" -.SS Modifying process user and group IDs -Subject to rules described in the relevant manual pages, -a process can use the following APIs to modify its user and group IDs: -.TP -.BR setuid (2)\~(\c -.BR setgid (2)) -Modify the process's real (and possibly effective and saved-set) -user (group) IDs. -.TP -.BR seteuid (2)\~(\c -.BR setegid (2)) -Modify the process's effective user (group) ID. -.TP -.BR setfsuid (2)\~(\c -.BR setfsgid (2)) -Modify the process's filesystem user (group) ID. -.TP -.BR setreuid (2)\~(\c -.BR setregid (2)) -Modify the process's real and effective (and possibly saved-set) -user (group) IDs. -.TP -.BR setresuid (2)\~(\c -.BR setresgid (2)) -Modify the process's real, effective, and saved-set user (group) IDs. -.TP -.BR setgroups (2) -Modify the process's supplementary group list. -.P -Any changes to a process's effective user (group) ID -are automatically carried over to the process's -filesystem user (group) ID. -Changes to a process's effective user or group ID can also affect the -process "dumpable" attribute, as described in -.BR prctl (2). -.P -Changes to process user and group IDs can affect the capabilities -of the process, as described in -.BR capabilities (7). -.SH STANDARDS -Process IDs, parent process IDs, process group IDs, and session IDs -are specified in POSIX.1. -The real, effective, and saved set user and groups IDs, -and the supplementary group IDs, are specified in POSIX.1. -.P -The filesystem user and group IDs are a Linux extension. -.SH NOTES -Various fields in the -.IR /proc/ pid /status -file show the process credentials described above. -See -.BR proc (5) -for further information. -.P -The POSIX threads specification requires that -credentials are shared by all of the threads in a process. -However, at the kernel level, Linux maintains separate user and group -credentials for each thread. -The NPTL threading implementation does some work to ensure -that any change to user or group credentials -(e.g., calls to -.BR setuid (2), -.BR setresuid (2)) -is carried through to all of the POSIX threads in a process. -See -.BR nptl (7) -for further details. -.SH SEE ALSO -.BR bash (1), -.BR csh (1), -.BR groups (1), -.BR id (1), -.BR newgrp (1), -.BR ps (1), -.BR runuser (1), -.BR setpriv (1), -.BR sg (1), -.BR su (1), -.BR access (2), -.BR execve (2), -.BR faccessat (2), -.BR fork (2), -.BR getgroups (2), -.BR getpgrp (2), -.BR getpid (2), -.BR getppid (2), -.BR getsid (2), -.BR kill (2), -.BR setegid (2), -.BR seteuid (2), -.BR setfsgid (2), -.BR setfsuid (2), -.BR setgid (2), -.BR setgroups (2), -.BR setpgid (2), -.BR setresgid (2), -.BR setresuid (2), -.BR setsid (2), -.BR setuid (2), -.BR waitpid (2), -.BR euidaccess (3), -.BR initgroups (3), -.BR killpg (3), -.BR tcgetpgrp (3), -.BR tcgetsid (3), -.BR tcsetpgrp (3), -.BR group (5), -.BR passwd (5), -.BR shadow (5), -.BR capabilities (7), -.BR namespaces (7), -.BR path_resolution (7), -.BR pid_namespaces (7), -.BR pthreads (7), -.BR signal (7), -.BR system_data_types (7), -.BR unix (7), -.BR user_namespaces (7), -.BR sudo (8) diff --git a/man7/ddp.7 b/man7/ddp.7 deleted file mode 100644 index 2117aae..0000000 --- a/man7/ddp.7 +++ /dev/null @@ -1,245 +0,0 @@ -.\" This man page is Copyright (C) 1998 Alan Cox. -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" $Id: ddp.7,v 1.3 1999/05/13 11:33:22 freitag Exp $ -.\" -.TH ddp 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -ddp \- Linux AppleTalk protocol implementation -.SH SYNOPSIS -.nf -.B #include -.B #include -.P -.IB ddp_socket " = socket(AF_APPLETALK, SOCK_DGRAM, 0);" -.IB raw_socket " = socket(AF_APPLETALK, SOCK_RAW, " protocol ");" -.fi -.SH DESCRIPTION -Linux implements the AppleTalk protocols described in -.IR "Inside AppleTalk" . -Only the DDP layer and AARP are present in -the kernel. -They are designed to be used via the -.B netatalk -protocol -libraries. -This page documents the interface for those who wish or need to -use the DDP layer directly. -.P -The communication between AppleTalk and the user program works using a -BSD-compatible socket interface. -For more information on sockets, see -.BR socket (7). -.P -An AppleTalk socket is created by calling the -.BR socket (2) -function with a -.B AF_APPLETALK -socket family argument. -Valid socket types are -.B SOCK_DGRAM -to open a -.B ddp -socket or -.B SOCK_RAW -to open a -.B raw -socket. -.I protocol -is the AppleTalk protocol to be received or sent. -For -.B SOCK_RAW -you must specify -.BR ATPROTO_DDP . -.P -Raw sockets may be opened only by a process with effective user ID 0 -or when the process has the -.B CAP_NET_RAW -capability. -.SS Address format -An AppleTalk socket address is defined as a combination of a network number, -a node number, and a port number. -.P -.in +4n -.EX -struct at_addr { - unsigned short s_net; - unsigned char s_node; -}; -\& -struct sockaddr_atalk { - sa_family_t sat_family; /* address family */ - unsigned char sat_port; /* port */ - struct at_addr sat_addr; /* net/node */ -}; -.EE -.in -.P -.I sat_family -is always set to -.BR AF_APPLETALK . -.I sat_port -contains the port. -The port numbers below 129 are known as -.IR "reserved ports" . -Only processes with the effective user ID 0 or the -.B CAP_NET_BIND_SERVICE -capability may -.BR bind (2) -to these sockets. -.I sat_addr -is the host address. -The -.I net -member of -.I struct at_addr -contains the host network in network byte order. -The value of -.B AT_ANYNET -is a -wildcard and also implies \[lq]this network.\[rq] -The -.I node -member of -.I struct at_addr -contains the host node number. -The value of -.B AT_ANYNODE -is a -wildcard and also implies \[lq]this node.\[rq] The value of -.B ATADDR_BCAST -is a link -local broadcast address. -.\" FIXME . this doesn't make sense [johnl] -.SS Socket options -No protocol-specific socket options are supported. -.SS /proc interfaces -IP supports a set of -.I /proc -interfaces to configure some global AppleTalk parameters. -The parameters can be accessed by reading or writing files in the directory -.IR /proc/sys/net/atalk/ . -.TP -.I aarp\-expiry\-time -The time interval (in seconds) before an AARP cache entry expires. -.TP -.I aarp\-resolve\-time -The time interval (in seconds) before an AARP cache entry is resolved. -.TP -.I aarp\-retransmit\-limit -The number of retransmissions of an AARP query before the node is declared -dead. -.TP -.I aarp\-tick\-time -The timer rate (in seconds) for the timer driving AARP. -.P -The default values match the specification and should never need to be -changed. -.SS Ioctls -All ioctls described in -.BR socket (7) -apply to DDP. -.\" FIXME . Add a section about multicasting -.SH ERRORS -.TP -.B EACCES -The user tried to execute an operation without the necessary permissions. -These include sending to a broadcast address without -having the broadcast flag set, -and trying to bind to a reserved port without effective user ID 0 or -.BR CAP_NET_BIND_SERVICE . -.TP -.B EADDRINUSE -Tried to bind to an address already in use. -.TP -.B EADDRNOTAVAIL -A nonexistent interface was requested or the requested source address was -not local. -.TP -.B EAGAIN -Operation on a nonblocking socket would block. -.TP -.B EALREADY -A connection operation on a nonblocking socket is already in progress. -.TP -.B ECONNABORTED -A connection was closed during an -.BR accept (2). -.TP -.B EHOSTUNREACH -No routing table entry matches the destination address. -.TP -.B EINVAL -Invalid argument passed. -.TP -.B EISCONN -.BR connect (2) -was called on an already connected socket. -.TP -.B EMSGSIZE -Datagram is bigger than the DDP MTU. -.TP -.B ENODEV -Network device not available or not capable of sending IP. -.TP -.B ENOENT -.B SIOCGSTAMP -was called on a socket where no packet arrived. -.TP -.BR ENOMEM " and " ENOBUFS -Not enough memory available. -.TP -.B ENOPKG -A kernel subsystem was not configured. -.TP -.BR ENOPROTOOPT " and " EOPNOTSUPP -Invalid socket option passed. -.TP -.B ENOTCONN -The operation is defined only on a connected socket, but the socket wasn't -connected. -.TP -.B EPERM -User doesn't have permission to set high priority, -make a configuration change, -or send signals to the requested process or group. -.TP -.B EPIPE -The connection was unexpectedly closed or shut down by the other end. -.TP -.B ESOCKTNOSUPPORT -The socket was unconfigured, or an unknown socket type was requested. -.SH VERSIONS -AppleTalk is supported by Linux 2.0 or higher. -The -.I /proc -interfaces exist since Linux 2.2. -.SH NOTES -Be very careful with the -.B SO_BROADCAST -option; it is not privileged in Linux. -It is easy to overload the network -with careless sending to broadcast addresses. -.SS Compatibility -The basic AppleTalk socket interface is compatible with -.B netatalk -on BSD-derived systems. -Many BSD systems fail to check -.B SO_BROADCAST -when sending broadcast frames; this can lead to compatibility problems. -.P -The -raw -socket mode is unique to Linux and exists to support the alternative CAP -package and AppleTalk monitoring tools more easily. -.SH BUGS -There are too many inconsistent error values. -.P -The ioctls used to configure routing tables, devices, -AARP tables, and other devices are not yet described. -.SH SEE ALSO -.BR recvmsg (2), -.BR sendmsg (2), -.BR capabilities (7), -.BR socket (7) diff --git a/man7/environ.7 b/man7/environ.7 deleted file mode 100644 index cb7a839..0000000 --- a/man7/environ.7 +++ /dev/null @@ -1,354 +0,0 @@ -.\" Copyright (c) 1993 Michael Haardt (michael@moria.de), -.\" Fri Apr 2 11:32:09 MET DST 1993 -.\" and Andries Brouwer (aeb@cwi.nl), Fri Feb 14 21:47:50 1997. -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Modified Sun Jul 25 10:45:30 1993 by Rik Faith (faith@cs.unc.edu) -.\" Modified Sun Jul 21 21:25:26 1996 by Andries Brouwer (aeb@cwi.nl) -.\" Modified Mon Oct 21 17:47:19 1996 by Eric S. Raymond (esr@thyrsus.com) -.\" Modified Wed Aug 27 20:28:58 1997 by Nicolás Lichtmaier (nick@debian.org) -.\" Modified Mon Sep 21 00:00:26 1998 by Andries Brouwer (aeb@cwi.nl) -.\" Modified Wed Jan 24 06:37:24 2001 by Eric S. Raymond (esr@thyrsus.com) -.\" Modified Thu Dec 13 23:53:27 2001 by Martin Schulze -.\" -.TH environ 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -environ \- user environment -.SH SYNOPSIS -.nf -.BI "extern char **" environ ; -.fi -.SH DESCRIPTION -The variable -.I environ -points to an array of pointers to strings called the "environment". -The last pointer in this array has the value NULL. -This array of strings is made available to the process by the -.BR execve (2) -call when a new program is started. -When a child process is created via -.BR fork (2), -it inherits a -.I copy -of its parent's environment. -.P -By convention, the strings in -.I environ -have the form "\fIname\fP\fB=\fP\fIvalue\fP". -The name is case-sensitive and may not contain -the character "\fB=\fP". -The value can be anything that can be represented as a string. -The name and the value may not contain an embedded null byte (\[aq]\e0\[aq]), -since this is assumed to terminate the string. -.P -Environment variables may be placed in the shell's environment by the -.I export -command in -.BR sh (1), -or by the -.I setenv -command if you use -.BR csh (1). -.P -The initial environment of the shell is populated in various ways, -such as definitions from -.I /etc/environment -that are processed by -.BR pam_env (8) -for all users at login time (on systems that employ -.BR pam (8)). -In addition, various shell initialization scripts, such as the system-wide -.I /etc/profile -script and per-user initializations script may include commands -that add variables to the shell's environment; -see the manual page of your preferred shell for details. -.P -Bourne-style shells support the syntax -.P -.in +4n -.EX -NAME=value command -.EE -.in -.P -to create an environment variable definition only in the scope -of the process that executes -.IR command . -Multiple variable definitions, separated by white space, may precede -.IR command . -.P -Arguments may also be placed in the -environment at the point of an -.BR exec (3). -A C program can manipulate its environment using the functions -.BR getenv (3), -.BR putenv (3), -.BR setenv (3), -and -.BR unsetenv (3). -.P -What follows is a list of environment variables typically seen on a -system. -This list is incomplete and includes only common variables seen -by average users in their day-to-day routine. -Environment variables specific to a particular program or library function -are documented in the ENVIRONMENT section of the appropriate manual page. -.TP -.B USER -The name of the logged-in user (used by some BSD-derived programs). -Set at login time, see section NOTES below. -.TP -.B LOGNAME -The name of the logged-in user (used by some System-V derived programs). -Set at login time, see section NOTES below. -.TP -.B HOME -A user's login directory. -Set at login time, see section NOTES below. -.TP -.B LANG -The name of a locale to use for locale categories when not overridden -by -.B LC_ALL -or more specific environment variables such as -.BR LC_COLLATE , -.BR LC_CTYPE , -.BR LC_MESSAGES , -.BR LC_MONETARY , -.BR LC_NUMERIC , -and -.B LC_TIME -(see -.BR locale (7) -for further details of the -.B LC_* -environment variables). -.TP -.B PATH -The sequence of directory prefixes that -.BR sh (1) -and many other -programs employ when searching for an executable file that is specified -as a simple filename (i.a., a pathname that contains no slashes). -The prefixes are separated by colons (\fB:\fP). -The list of prefixes is searched from beginning to end, -by checking the pathname formed by concatenating -a prefix, a slash, and the filename, -until a file with execute permission is found. -.IP -As a legacy feature, a zero-length prefix -(specified as two adjacent colons, or an initial or terminating colon) -is interpreted to mean the current working directory. -However, use of this feature is deprecated, -and POSIX notes that a conforming application shall use -an explicit pathname (e.g., -.IR . ) -to specify the current working directory. -.IP -Analogously to -.BR PATH , -one has -.B CDPATH -used by some shells to find the target -of a change directory command, -.B MANPATH -used by -.BR man (1) -to find manual pages, and so on. -.TP -.B PWD -Absolute path to the current working directory; -required to be partially canonical (no -.I .\& -or -.I ..\& -components). -.TP -.B SHELL -The absolute pathname of the user's login shell. -Set at login time, see section NOTES below. -.TP -.B TERM -The terminal type for which output is to be prepared. -.TP -.B PAGER -The user's preferred utility to display text files. -Any string acceptable as a command-string operand to the -.I sh\ \-c -command shall be valid. -If -.B PAGER -is null or is not set, -then applications that launch a pager will default to a program such as -.BR less (1) -or -.BR more (1). -.TP -.BR EDITOR / VISUAL -The user's preferred utility to edit text files. -Any string acceptable as a command_string operand to the -.I sh\ \-c -command shall be valid. -.\" .TP -.\" .B BROWSER -.\" The user's preferred utility to browse URLs. Sequence of colon-separated -.\" browser commands. See http://www.catb.org/\[ti]esr/BROWSER/ . -.P -Note that the behavior of many programs and library routines is -influenced by the presence or value of certain environment variables. -Examples include the following: -.IP \[bu] 3 -The variables -.BR LANG ", " LANGUAGE ", " NLSPATH ", " LOCPATH , -.BR LC_ALL ", " LC_MESSAGES , -and so on influence locale handling; see -.BR catopen (3), -.BR gettext (3), -and -.BR locale (7). -.IP \[bu] -.B TMPDIR -influences the path prefix of names created by -.BR tempnam (3) -and other routines, and the temporary directory used by -.BR sort (1) -and other programs. -.IP \[bu] -.BR LD_LIBRARY_PATH ", " LD_PRELOAD , -and other -.B LD_* -variables influence the behavior of the dynamic loader/linker. -See also -.BR ld.so (8). -.IP \[bu] -.B POSIXLY_CORRECT -makes certain programs and library routines follow -the prescriptions of POSIX. -.IP \[bu] -The behavior of -.BR malloc (3) -is influenced by -.B MALLOC_* -variables. -.IP \[bu] -The variable -.B HOSTALIASES -gives the name of a file containing aliases -to be used with -.BR gethostbyname (3). -.IP \[bu] -.BR TZ " and " TZDIR -give timezone information used by -.BR tzset (3) -and through that by functions like -.BR ctime (3), -.BR localtime (3), -.BR mktime (3), -.BR strftime (3). -See also -.BR tzselect (8). -.IP \[bu] -.B TERMCAP -gives information on how to address a given terminal -(or gives the name of a file containing such information). -.IP \[bu] -.BR COLUMNS " and " LINES -tell applications about the window size, possibly overriding the actual size. -.IP \[bu] -.BR PRINTER " or " LPDEST -may specify the desired printer to use. -See -.BR lpr (1). -.SH NOTES -Historically and by standard, -.I environ -must be declared in the user program. -However, as a (nonstandard) programmer convenience, -.I environ -is declared in the header file -.I -if the -.B _GNU_SOURCE -feature test macro is defined (see -.BR feature_test_macros (7)). -.P -The -.BR prctl (2) -.B PR_SET_MM_ENV_START -and -.B PR_SET_MM_ENV_END -operations can be used to control the location of the process's environment. -.P -The -.BR HOME , -.BR LOGNAME , -.BR SHELL , -and -.B USER -variables are set when the user is changed via a -session management interface, typically by a program such as -.BR login (1) -from a user database (such as -.BR passwd (5)). -(Switching to the root user using -.BR su (1) -may result in a mixed environment where -.B LOGNAME -and -.B USER -are retained from old user; see the -.BR su (1) -manual page.) -.SH BUGS -Clearly there is a security risk here. -Many a system command has been -tricked into mischief by a user who specified unusual values for -.BR IFS " or " LD_LIBRARY_PATH . -.P -There is also the risk of name space pollution. -Programs like -.I make -and -.I autoconf -allow overriding of default utility names from the -environment with similarly named variables in all caps. -Thus one uses -.B CC -to select the desired C compiler (and similarly -.BR MAKE , -.BR AR , -.BR AS , -.BR FC , -.BR LD , -.BR LEX , -.BR RM , -.BR YACC , -etc.). -However, in some traditional uses such an environment variable -gives options for the program instead of a pathname. -Thus, one has -.B MORE -and -.BR LESS . -Such usage is considered mistaken, and to be avoided in new -programs. -.SH SEE ALSO -.BR bash (1), -.BR csh (1), -.BR env (1), -.BR login (1), -.BR printenv (1), -.BR sh (1), -.BR su (1), -.BR tcsh (1), -.BR execve (2), -.BR clearenv (3), -.BR exec (3), -.BR getenv (3), -.BR putenv (3), -.BR setenv (3), -.BR unsetenv (3), -.BR locale (7), -.BR ld.so (8), -.BR pam_env (8) diff --git a/man7/epoll.7 b/man7/epoll.7 deleted file mode 100644 index a93bc0b..0000000 --- a/man7/epoll.7 +++ /dev/null @@ -1,610 +0,0 @@ -.\" Copyright (C) 2003 Davide Libenzi -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Davide Libenzi -.\" -.TH epoll 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -epoll \- I/O event notification facility -.SH SYNOPSIS -.nf -.B #include -.fi -.SH DESCRIPTION -The -.B epoll -API performs a similar task to -.BR poll (2): -monitoring multiple file descriptors to see if I/O is possible on any of them. -The -.B epoll -API can be used either as an edge-triggered or a level-triggered -interface and scales well to large numbers of watched file descriptors. -.P -The central concept of the -.B epoll -API is the -.B epoll -.IR instance , -an in-kernel data structure which, from a user-space perspective, -can be considered as a container for two lists: -.IP \[bu] 3 -The -.I interest -list (sometimes also called the -.B epoll -set): the set of file descriptors that the process has registered -an interest in monitoring. -.IP \[bu] -The -.I ready -list: the set of file descriptors that are "ready" for I/O. -The ready list is a subset of -(or, more precisely, a set of references to) -the file descriptors in the interest list. -The ready list is dynamically populated -by the kernel as a result of I/O activity on those file descriptors. -.P -The following system calls are provided to -create and manage an -.B epoll -instance: -.IP \[bu] 3 -.BR epoll_create (2) -creates a new -.B epoll -instance and returns a file descriptor referring to that instance. -(The more recent -.BR epoll_create1 (2) -extends the functionality of -.BR epoll_create (2).) -.IP \[bu] -Interest in particular file descriptors is then registered via -.BR epoll_ctl (2), -which adds items to the interest list of the -.B epoll -instance. -.IP \[bu] -.BR epoll_wait (2) -waits for I/O events, -blocking the calling thread if no events are currently available. -(This system call can be thought of as fetching items from -the ready list of the -.B epoll -instance.) -.\" -.SS Level-triggered and edge-triggered -The -.B epoll -event distribution interface is able to behave both as edge-triggered -(ET) and as level-triggered (LT). -The difference between the two mechanisms -can be described as follows. -Suppose that -this scenario happens: -.IP (1) 5 -The file descriptor that represents the read side of a pipe -.RI ( rfd ) -is registered on the -.B epoll -instance. -.IP (2) -A pipe writer writes 2\ kB of data on the write side of the pipe. -.IP (3) -A call to -.BR epoll_wait (2) -is done that will return -.I rfd -as a ready file descriptor. -.IP (4) -The pipe reader reads 1\ kB of data from -.IR rfd . -.IP (5) -A call to -.BR epoll_wait (2) -is done. -.P -If the -.I rfd -file descriptor has been added to the -.B epoll -interface using the -.B EPOLLET -(edge-triggered) -flag, the call to -.BR epoll_wait (2) -done in step -.B 5 -will probably hang despite the available data still present in the file -input buffer; -meanwhile the remote peer might be expecting a response based on the -data it already sent. -The reason for this is that edge-triggered mode -delivers events only when changes occur on the monitored file descriptor. -So, in step -.B 5 -the caller might end up waiting for some data that is already present inside -the input buffer. -In the above example, an event on -.I rfd -will be generated because of the write done in -.B 2 -and the event is consumed in -.BR 3 . -Since the read operation done in -.B 4 -does not consume the whole buffer data, the call to -.BR epoll_wait (2) -done in step -.B 5 -might block indefinitely. -.P -An application that employs the -.B EPOLLET -flag should use nonblocking file descriptors to avoid having a blocking -read or write starve a task that is handling multiple file descriptors. -The suggested way to use -.B epoll -as an edge-triggered -.RB ( EPOLLET ) -interface is as follows: -.IP (1) 5 -with nonblocking file descriptors; and -.IP (2) -by waiting for an event only after -.BR read (2) -or -.BR write (2) -return -.BR EAGAIN . -.P -By contrast, when used as a level-triggered interface -(the default, when -.B EPOLLET -is not specified), -.B epoll -is simply a faster -.BR poll (2), -and can be used wherever the latter is used since it shares the -same semantics. -.P -Since even with edge-triggered -.BR epoll , -multiple events can be generated upon receipt of multiple chunks of data, -the caller has the option to specify the -.B EPOLLONESHOT -flag, to tell -.B epoll -to disable the associated file descriptor after the receipt of an event with -.BR epoll_wait (2). -When the -.B EPOLLONESHOT -flag is specified, -it is the caller's responsibility to rearm the file descriptor using -.BR epoll_ctl (2) -with -.BR EPOLL_CTL_MOD . -.P -If multiple threads -(or processes, if child processes have inherited the -.B epoll -file descriptor across -.BR fork (2)) -are blocked in -.BR epoll_wait (2) -waiting on the same epoll file descriptor and a file descriptor -in the interest list that is marked for edge-triggered -.RB ( EPOLLET ) -notification becomes ready, -just one of the threads (or processes) is awoken from -.BR epoll_wait (2). -This provides a useful optimization for avoiding "thundering herd" wake-ups -in some scenarios. -.\" -.SS Interaction with autosleep -If the system is in -.B autosleep -mode via -.I /sys/power/autosleep -and an event happens which wakes the device from sleep, the device -driver will keep the device awake only until that event is queued. -To keep the device awake until the event has been processed, -it is necessary to use the -.BR epoll_ctl (2) -.B EPOLLWAKEUP -flag. -.P -When the -.B EPOLLWAKEUP -flag is set in the -.B events -field for a -.IR "struct epoll_event" , -the system will be kept awake from the moment the event is queued, -through the -.BR epoll_wait (2) -call which returns the event until the subsequent -.BR epoll_wait (2) -call. -If the event should keep the system awake beyond that time, -then a separate -.I wake_lock -should be taken before the second -.BR epoll_wait (2) -call. -.SS /proc interfaces -The following interfaces can be used to limit the amount of -kernel memory consumed by epoll: -.\" Following was added in Linux 2.6.28, but them removed in Linux 2.6.29 -.\" .TP -.\" .IR /proc/sys/fs/epoll/max_user_instances " (since Linux 2.6.28)" -.\" This specifies an upper limit on the number of epoll instances -.\" that can be created per real user ID. -.TP -.IR /proc/sys/fs/epoll/max_user_watches " (since Linux 2.6.28)" -This specifies a limit on the total number of -file descriptors that a user can register across -all epoll instances on the system. -The limit is per real user ID. -Each registered file descriptor costs roughly 90 bytes on a 32-bit kernel, -and roughly 160 bytes on a 64-bit kernel. -Currently, -.\" Linux 2.6.29 (in Linux 2.6.28, the default was 1/32 of lowmem) -the default value for -.I max_user_watches -is 1/25 (4%) of the available low memory, -divided by the registration cost in bytes. -.SS Example for suggested usage -While the usage of -.B epoll -when employed as a level-triggered interface does have the same -semantics as -.BR poll (2), -the edge-triggered usage requires more clarification to avoid stalls -in the application event loop. -In this example, listener is a -nonblocking socket on which -.BR listen (2) -has been called. -The function -.I do_use_fd() -uses the new ready file descriptor until -.B EAGAIN -is returned by either -.BR read (2) -or -.BR write (2). -An event-driven state machine application should, after having received -.BR EAGAIN , -record its current state so that at the next call to -.I do_use_fd() -it will continue to -.BR read (2) -or -.BR write (2) -from where it stopped before. -.P -.in +4n -.EX -#define MAX_EVENTS 10 -struct epoll_event ev, events[MAX_EVENTS]; -int listen_sock, conn_sock, nfds, epollfd; -\& -/* Code to set up listening socket, \[aq]listen_sock\[aq], - (socket(), bind(), listen()) omitted. */ -\& -epollfd = epoll_create1(0); -if (epollfd == \-1) { - perror("epoll_create1"); - exit(EXIT_FAILURE); -} -\& -ev.events = EPOLLIN; -ev.data.fd = listen_sock; -if (epoll_ctl(epollfd, EPOLL_CTL_ADD, listen_sock, &ev) == \-1) { - perror("epoll_ctl: listen_sock"); - exit(EXIT_FAILURE); -} -\& -for (;;) { - nfds = epoll_wait(epollfd, events, MAX_EVENTS, \-1); - if (nfds == \-1) { - perror("epoll_wait"); - exit(EXIT_FAILURE); - } -\& - for (n = 0; n < nfds; ++n) { - if (events[n].data.fd == listen_sock) { - conn_sock = accept(listen_sock, - (struct sockaddr *) &addr, &addrlen); - if (conn_sock == \-1) { - perror("accept"); - exit(EXIT_FAILURE); - } - setnonblocking(conn_sock); - ev.events = EPOLLIN | EPOLLET; - ev.data.fd = conn_sock; - if (epoll_ctl(epollfd, EPOLL_CTL_ADD, conn_sock, - &ev) == \-1) { - perror("epoll_ctl: conn_sock"); - exit(EXIT_FAILURE); - } - } else { - do_use_fd(events[n].data.fd); - } - } -} -.EE -.in -.P -When used as an edge-triggered interface, for performance reasons, it is -possible to add the file descriptor inside the -.B epoll -interface -.RB ( EPOLL_CTL_ADD ) -once by specifying -.RB ( EPOLLIN | EPOLLOUT ). -This allows you to avoid -continuously switching between -.B EPOLLIN -and -.B EPOLLOUT -calling -.BR epoll_ctl (2) -with -.BR EPOLL_CTL_MOD . -.SS Questions and answers -.IP \[bu] 3 -What is the key used to distinguish the file descriptors registered in an -interest list? -.IP -The key is the combination of the file descriptor number and -the open file description -(also known as an "open file handle", -the kernel's internal representation of an open file). -.IP \[bu] -What happens if you register the same file descriptor on an -.B epoll -instance twice? -.IP -You will probably get -.BR EEXIST . -However, it is possible to add a duplicate -.RB ( dup (2), -.BR dup2 (2), -.BR fcntl (2) -.BR F_DUPFD ) -file descriptor to the same -.B epoll -instance. -.\" But a file descriptor duplicated by fork(2) can't be added to the -.\" set, because the [file *, fd] pair is already in the epoll set. -.\" That is a somewhat ugly inconsistency. On the one hand, a child process -.\" cannot add the duplicate file descriptor to the epoll set. (In every -.\" other case that I can think of, file descriptors duplicated by fork have -.\" similar semantics to file descriptors duplicated by dup() and friends.) On -.\" the other hand, the very fact that the child has a duplicate of the -.\" file descriptor means that even if the parent closes its file descriptor, -.\" then epoll_wait() in the parent will continue to receive notifications for -.\" that file descriptor because of the duplicated file descriptor in the child. -.\" -.\" See http://thread.gmane.org/gmane.linux.kernel/596462/ -.\" "epoll design problems with common fork/exec patterns" -.\" -.\" mtk, Feb 2008 -This can be a useful technique for filtering events, -if the duplicate file descriptors are registered with different -.I events -masks. -.IP \[bu] -Can two -.B epoll -instances wait for the same file descriptor? -If so, are events reported to both -.B epoll -file descriptors? -.IP -Yes, and events would be reported to both. -However, careful programming may be needed to do this correctly. -.IP \[bu] -Is the -.B epoll -file descriptor itself poll/epoll/selectable? -.IP -Yes. -If an -.B epoll -file descriptor has events waiting, then it will -indicate as being readable. -.IP \[bu] -What happens if one attempts to put an -.B epoll -file descriptor into its own file descriptor set? -.IP -The -.BR epoll_ctl (2) -call fails -.RB ( EINVAL ). -However, you can add an -.B epoll -file descriptor inside another -.B epoll -file descriptor set. -.IP \[bu] -Can I send an -.B epoll -file descriptor over a UNIX domain socket to another process? -.IP -Yes, but it does not make sense to do this, since the receiving process -would not have copies of the file descriptors in the interest list. -.IP \[bu] -Will closing a file descriptor cause it to be removed from all -.B epoll -interest lists? -.IP -Yes, but be aware of the following point. -A file descriptor is a reference to an open file description (see -.BR open (2)). -Whenever a file descriptor is duplicated via -.BR dup (2), -.BR dup2 (2), -.BR fcntl (2) -.BR F_DUPFD , -or -.BR fork (2), -a new file descriptor referring to the same open file description is -created. -An open file description continues to exist until all -file descriptors referring to it have been closed. -.IP -A file descriptor is removed from an -interest list only after all the file descriptors referring to the underlying -open file description have been closed. -This means that even after a file descriptor that is part of an -interest list has been closed, -events may be reported for that file descriptor if other file -descriptors referring to the same underlying file description remain open. -To prevent this happening, -the file descriptor must be explicitly removed from the interest list (using -.BR epoll_ctl (2) -.BR EPOLL_CTL_DEL ) -before it is duplicated. -Alternatively, -the application must ensure that all file descriptors are closed -(which may be difficult if file descriptors were duplicated -behind the scenes by library functions that used -.BR dup (2) -or -.BR fork (2)). -.IP \[bu] -If more than one event occurs between -.BR epoll_wait (2) -calls, are they combined or reported separately? -.IP -They will be combined. -.IP \[bu] -Does an operation on a file descriptor affect the -already collected but not yet reported events? -.IP -You can do two operations on an existing file descriptor. -Remove would be meaningless for -this case. -Modify will reread available I/O. -.IP \[bu] -Do I need to continuously read/write a file descriptor -until -.B EAGAIN -when using the -.B EPOLLET -flag (edge-triggered behavior)? -.IP -Receiving an event from -.BR epoll_wait (2) -should suggest to you that such -file descriptor is ready for the requested I/O operation. -You must consider it ready until the next (nonblocking) -read/write yields -.BR EAGAIN . -When and how you will use the file descriptor is entirely up to you. -.IP -For packet/token-oriented files (e.g., datagram socket, -terminal in canonical mode), -the only way to detect the end of the read/write I/O space -is to continue to read/write until -.BR EAGAIN . -.IP -For stream-oriented files (e.g., pipe, FIFO, stream socket), the -condition that the read/write I/O space is exhausted can also be detected by -checking the amount of data read from / written to the target file -descriptor. -For example, if you call -.BR read (2) -by asking to read a certain amount of data and -.BR read (2) -returns a lower number of bytes, you -can be sure of having exhausted the read I/O space for the file -descriptor. -The same is true when writing using -.BR write (2). -(Avoid this latter technique if you cannot guarantee that -the monitored file descriptor always refers to a stream-oriented file.) -.SS Possible pitfalls and ways to avoid them -.IP \[bu] 3 -.B Starvation (edge-triggered) -.IP -If there is a large amount of I/O space, -it is possible that by trying to drain -it the other files will not get processed causing starvation. -(This problem is not specific to -.BR epoll .) -.IP -The solution is to maintain a ready list -and mark the file descriptor as ready -in its associated data structure, thereby allowing the application to -remember which files need to be processed but still round robin amongst -all the ready files. -This also supports ignoring subsequent events you -receive for file descriptors that are already ready. -.IP \[bu] -.B If using an event cache... -.IP -If you use an event cache or store all the file descriptors returned from -.BR epoll_wait (2), -then make sure to provide a way to mark -its closure dynamically (i.e., caused by -a previous event's processing). -Suppose you receive 100 events from -.BR epoll_wait (2), -and in event #47 a condition causes event #13 to be closed. -If you remove the structure and -.BR close (2) -the file descriptor for event #13, then your -event cache might still say there are events waiting for that -file descriptor causing confusion. -.IP -One solution for this is to call, during the processing of event 47, -.BR epoll_ctl ( EPOLL_CTL_DEL ) -to delete file descriptor 13 and -.BR close (2), -then mark its associated -data structure as removed and link it to a cleanup list. -If you find another -event for file descriptor 13 in your batch processing, -you will discover the file descriptor had been -previously removed and there will be no confusion. -.SH VERSIONS -Some other systems provide similar mechanisms; -for example, -FreeBSD has -.IR kqueue , -and Solaris has -.IR /dev/poll . -.SH STANDARDS -Linux. -.SH HISTORY -Linux 2.5.44. -.\" Its interface should be finalized in Linux 2.5.66. -glibc 2.3.2. -.SH NOTES -The set of file descriptors that is being monitored via -an epoll file descriptor can be viewed via the entry for -the epoll file descriptor in the process's -.IR /proc/ pid /fdinfo -directory. -See -.BR proc (5) -for further details. -.P -The -.BR kcmp (2) -.B KCMP_EPOLL_TFD -operation can be used to test whether a file descriptor -is present in an epoll instance. -.SH SEE ALSO -.BR epoll_create (2), -.BR epoll_create1 (2), -.BR epoll_ctl (2), -.BR epoll_wait (2), -.BR poll (2), -.BR select (2) diff --git a/man7/fanotify.7 b/man7/fanotify.7 deleted file mode 100644 index b0b5121..0000000 --- a/man7/fanotify.7 +++ /dev/null @@ -1,1456 +0,0 @@ -.\" Copyright (C) 2013, Heinrich Schuchardt -.\" and Copyright (C) 2014, Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.TH fanotify 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -fanotify \- monitoring filesystem events -.SH DESCRIPTION -The fanotify API provides notification and interception of -filesystem events. -Use cases include virus scanning and hierarchical storage management. -In the original fanotify API, only a limited set of events was supported. -In particular, there was no support for create, delete, and move events. -The support for those events was added in Linux 5.1. -(See -.BR inotify (7) -for details of an API that did notify those events pre Linux 5.1.) -.P -Additional capabilities compared to the -.BR inotify (7) -API include the ability to monitor all of the objects -in a mounted filesystem, -the ability to make access permission decisions, and the -possibility to read or modify files before access by other applications. -.P -The following system calls are used with this API: -.BR fanotify_init (2), -.BR fanotify_mark (2), -.BR read (2), -.BR write (2), -and -.BR close (2). -.SS fanotify_init(), fanotify_mark(), and notification groups -The -.BR fanotify_init (2) -system call creates and initializes an fanotify notification group -and returns a file descriptor referring to it. -.P -An fanotify notification group is a kernel-internal object that holds -a list of files, directories, filesystems, and mounts for which -events shall be created. -.P -For each entry in an fanotify notification group, two bit masks exist: the -.I mark -mask and the -.I ignore -mask. -The mark mask defines file activities for which an event shall be created. -The ignore mask defines activities for which no event shall be generated. -Having these two types of masks permits a filesystem, mount, or -directory to be marked for receiving events, while at the same time -ignoring events for specific objects under a mount or directory. -.P -The -.BR fanotify_mark (2) -system call adds a file, directory, filesystem, or mount to a -notification group and specifies which events -shall be reported (or ignored), or removes or modifies such an entry. -.P -A possible usage of the ignore mask is for a file cache. -Events of interest for a file cache are modification of a file and closing -of the same. -Hence, the cached directory or mount is to be marked to receive these -events. -After receiving the first event informing that a file has been modified, -the corresponding cache entry will be invalidated. -No further modification events for this file are of interest until the file -is closed. -Hence, the modify event can be added to the ignore mask. -Upon receiving the close event, the modify event can be removed from the -ignore mask and the file cache entry can be updated. -.P -The entries in the fanotify notification groups refer to files and -directories via their inode number and to mounts via their mount ID. -If files or directories are renamed or moved within the same mount, -the respective entries survive. -If files or directories are deleted or moved to another mount or if -filesystems or mounts are unmounted, the corresponding entries are deleted. -.SS The event queue -As events occur on the filesystem objects monitored by a notification group, -the fanotify system generates events that are collected in a queue. -These events can then be read (using -.BR read (2) -or similar) -from the fanotify file descriptor -returned by -.BR fanotify_init (2). -.P -Two types of events are generated: -.I notification -events and -.I permission -events. -Notification events are merely informative and require no action to be taken -by the receiving application with one exception: if a valid file descriptor -is provided within a generic event, the file descriptor must be closed. -Permission events are requests to the receiving application to decide -whether permission for a file access shall be granted. -For these events, the recipient must write a response which decides whether -access is granted or not. -.P -An event is removed from the event queue of the fanotify group -when it has been read. -Permission events that have been read are kept in an internal list of the -fanotify group until either a permission decision has been taken by -writing to the fanotify file descriptor or the fanotify file descriptor -is closed. -.SS Reading fanotify events -Calling -.BR read (2) -for the file descriptor returned by -.BR fanotify_init (2) -blocks (if the flag -.B FAN_NONBLOCK -is not specified in the call to -.BR fanotify_init (2)) -until either a file event occurs or the call is interrupted by a signal -(see -.BR signal (7)). -.P -After a successful -.BR read (2), -the read buffer contains one or more of the following structures: -.P -.in +4n -.EX -struct fanotify_event_metadata { - __u32 event_len; - __u8 vers; - __u8 reserved; - __u16 metadata_len; - __aligned_u64 mask; - __s32 fd; - __s32 pid; -}; -.EE -.in -.P -Information records are -supplemental pieces of information that -may be provided alongside the generic -.I fanotify_event_metadata -structure. -The -.I flags -passed to -.BR fanotify_init (2) -have influence over the type of information records that -may be returned for an event. -For example, -if a notification group is initialized with -.B FAN_REPORT_FID -or -.BR FAN_REPORT_DIR_FID , -then event listeners should also expect to receive a -.I fanotify_event_info_fid -structure alongside the -.I fanotify_event_metadata -structure, -whereby file handles are used to -identify filesystem objects -rather than file descriptors. -Information records may also be stacked, -meaning that using the various -.B FAN_REPORT_* -flags in conjunction with one another is supported. -In such cases, -multiple information records can be returned for an event -alongside the generic -.I fanotify_event_metadata -structure. -For example, -if a notification group is initialized with -.B FAN_REPORT_TARGET_FID -and -.BR FAN_REPORT_PIDFD , -then an event listener should expect to receive up to two -.I fanotify_event_info_fid -information records and one -.I fanotify_event_info_pidfd -information record alongside the generic -.I fanotify_event_metadata -structure. -Importantly, -fanotify provides no guarantee around -the ordering of information records -when a notification group is initialized with a -stacked based configuration. -Each information record has a nested structure of type -.IR fanotify_event_info_header . -It is imperative for event listeners to inspect the -.I info_type -field of this structure in order to -determine the type of information record that -had been received for a given event. -.P -In cases where an fanotify group -identifies filesystem objects by file handles, -event listeners should also expect to -receive one or more of the below -information record objects alongside the generic -.I fanotify_event_metadata -structure within the read buffer: -.P -.in +4n -.EX -struct fanotify_event_info_fid { - struct fanotify_event_info_header hdr; - __kernel_fsid_t fsid; - unsigned char handle[]; -}; -.EE -.in -.P -In cases where an fanotify group is initialized with -.BR FAN_REPORT_PIDFD , -event listeners should expect to receive the below -information record object alongside the generic -.I fanotify_event_metadata -structure within the read buffer: -.P -.in +4n -.EX -struct fanotify_event_info_pidfd { - struct fanotify_event_info_header hdr; - __s32 pidfd; -}; -.EE -.in -.P -In case of a -.B FAN_FS_ERROR -event, -an additional information record describing the error that occurred -is returned alongside the generic -.I fanotify_event_metadata -structure within the read buffer. -This structure is defined as follows: -.P -.in +4n -.EX -struct fanotify_event_info_error { - struct fanotify_event_info_header hdr; - __s32 error; - __u32 error_count; -}; -.EE -.in -.P -All information records contain a nested structure of type -.IR fanotify_event_info_header . -This structure holds meta-information about the information record -that may have been returned alongside the generic -.I fanotify_event_metadata -structure. -This structure is defined as follows: -.P -.in +4n -.EX -struct fanotify_event_info_header { - __u8 info_type; - __u8 pad; - __u16 len; -}; -.EE -.in -.P -For performance reasons, it is recommended to use a large -buffer size (for example, 4096 bytes), -so that multiple events can be retrieved by a single -.BR read (2). -.P -The return value of -.BR read (2) -is the number of bytes placed in the buffer, -or \-1 in case of an error (but see BUGS). -.P -The fields of the -.I fanotify_event_metadata -structure are as follows: -.TP -.I event_len -This is the length of the data for the current event and the offset -to the next event in the buffer. -Unless the group identifies filesystem objects by file handles, the value of -.I event_len -is always -.BR FAN_EVENT_METADATA_LEN . -For a group that identifies filesystem objects by file handles, -.I event_len -also includes the variable length file identifier records. -.TP -.I vers -This field holds a version number for the structure. -It must be compared to -.B FANOTIFY_METADATA_VERSION -to verify that the structures returned at run time match -the structures defined at compile time. -In case of a mismatch, the application should abandon trying to use the -fanotify file descriptor. -.TP -.I reserved -This field is not used. -.TP -.I metadata_len -This is the length of the structure. -The field was introduced to facilitate the implementation of -optional headers per event type. -No such optional headers exist in the current implementation. -.TP -.I mask -This is a bit mask describing the event (see below). -.TP -.I fd -This is an open file descriptor for the object being accessed, or -.B FAN_NOFD -if a queue overflow occurred. -With an fanotify group that identifies filesystem objects by file handles, -applications should expect this value to be set to -.B FAN_NOFD -for each event that is received. -The file descriptor can be used to access the contents -of the monitored file or directory. -The reading application is responsible for closing this file descriptor. -.IP -When calling -.BR fanotify_init (2), -the caller may specify (via the -.I event_f_flags -argument) various file status flags that are to be set -on the open file description that corresponds to this file descriptor. -In addition, the (kernel-internal) -.B FMODE_NONOTIFY -file status flag is set on the open file description. -This flag suppresses fanotify event generation. -Hence, when the receiver of the fanotify event accesses the notified file or -directory using this file descriptor, no additional events will be created. -.TP -.I pid -If flag -.B FAN_REPORT_TID -was set in -.BR fanotify_init (2), -this is the TID of the thread that caused the event. -Otherwise, this the PID of the process that caused the event. -.P -A program listening to fanotify events can compare this PID -to the PID returned by -.BR getpid (2), -to determine whether the event is caused by the listener itself, -or is due to a file access by another process. -.P -The bit mask in -.I mask -indicates which events have occurred for a single filesystem object. -Multiple bits may be set in this mask, -if more than one event occurred for the monitored filesystem object. -In particular, -consecutive events for the same filesystem object and originating from the -same process may be merged into a single event, with the exception that two -permission events are never merged into one queue entry. -.P -The bits that may appear in -.I mask -are as follows: -.TP -.B FAN_ACCESS -A file or a directory (but see BUGS) was accessed (read). -.TP -.B FAN_OPEN -A file or a directory was opened. -.TP -.B FAN_OPEN_EXEC -A file was opened with the intent to be executed. -See NOTES in -.BR fanotify_mark (2) -for additional details. -.TP -.B FAN_ATTRIB -A file or directory metadata was changed. -.TP -.B FAN_CREATE -A child file or directory was created in a watched parent. -.TP -.B FAN_DELETE -A child file or directory was deleted in a watched parent. -.TP -.B FAN_DELETE_SELF -A watched file or directory was deleted. -.TP -.B FAN_FS_ERROR -A filesystem error was detected. -.TP -.B FAN_RENAME -A file or directory has been moved to or from a watched parent directory. -.TP -.B FAN_MOVED_FROM -A file or directory has been moved from a watched parent directory. -.TP -.B FAN_MOVED_TO -A file or directory has been moved to a watched parent directory. -.TP -.B FAN_MOVE_SELF -A watched file or directory was moved. -.TP -.B FAN_MODIFY -A file was modified. -.TP -.B FAN_CLOSE_WRITE -A file that was opened for writing -.RB ( O_WRONLY -or -.BR O_RDWR ) -was closed. -.TP -.B FAN_CLOSE_NOWRITE -A file or directory that was opened read-only -.RB ( O_RDONLY ) -was closed. -.TP -.B FAN_Q_OVERFLOW -The event queue exceeded the limit on number of events. -This limit can be overridden by specifying the -.B FAN_UNLIMITED_QUEUE -flag when calling -.BR fanotify_init (2). -.TP -.B FAN_ACCESS_PERM -An application wants to read a file or directory, for example using -.BR read (2) -or -.BR readdir (2). -The reader must write a response (as described below) -that determines whether the permission to -access the filesystem object shall be granted. -.TP -.B FAN_OPEN_PERM -An application wants to open a file or directory. -The reader must write a response that determines whether the permission to -open the filesystem object shall be granted. -.TP -.B FAN_OPEN_EXEC_PERM -An application wants to open a file for execution. -The reader must write a response that determines whether the permission to -open the filesystem object for execution shall be granted. -See NOTES in -.BR fanotify_mark (2) -for additional details. -.P -To check for any close event, the following bit mask may be used: -.TP -.B FAN_CLOSE -A file was closed. -This is a synonym for: -.IP -.in +4n -.EX -FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE -.EE -.in -.P -To check for any move event, the following bit mask may be used: -.TP -.B FAN_MOVE -A file or directory was moved. -This is a synonym for: -.IP -.in +4n -.EX -FAN_MOVED_FROM | FAN_MOVED_TO -.EE -.in -.P -The following bits may appear in -.I mask -only in conjunction with other event type bits: -.TP -.B FAN_ONDIR -The events described in the -.I mask -have occurred on a directory object. -Reporting events on directories requires setting this flag in the mark mask. -See -.BR fanotify_mark (2) -for additional details. -The -.B FAN_ONDIR -flag is reported in an event mask only if the fanotify group identifies -filesystem objects by file handles. -.P -Information records that are supplied alongside the generic -.I fanotify_event_metadata -structure will always contain a nested structure of type -.IR fanotify_event_info_header . -The fields of the -.I fanotify_event_info_header -are as follows: -.TP -.I info_type -A unique integer value representing -the type of information record object received for an event. -The value of this field can be set to one of the following: -.BR FAN_EVENT_INFO_TYPE_FID , -.BR FAN_EVENT_INFO_TYPE_DFID , -.BR FAN_EVENT_INFO_TYPE_DFID_NAME , -or -.BR FAN_EVENT_INFO_TYPE_PIDFD . -The value set for this field -is dependent on the flags that have been supplied to -.BR fanotify_init (2). -Refer to the field details of each information record object type below -to understand the different cases in which the -.I info_type -values can be set. -.TP -.I pad -This field is currently not used by any information record object type -and therefore is set to zero. -.TP -.I len -The value of -.I len -is set to the size of the information record object, -including the -.IR fanotify_event_info_header . -The total size of all additional information records -is not expected to be larger than -.RI ( event_len -\- -.IR metadata_len ). -.P -The fields of the -.I fanotify_event_info_fid -structure are as follows: -.TP -.I hdr -This is a structure of type -.IR fanotify_event_info_header . -For example, when an fanotify file descriptor is created using -.BR FAN_REPORT_FID , -a single information record is expected to be attached to the event with -.I info_type -field value of -.BR FAN_EVENT_INFO_TYPE_FID . -When an fanotify file descriptor is created using the combination of -.B FAN_REPORT_FID -and -.BR FAN_REPORT_DIR_FID , -there may be two information records attached to the event: -one with -.I info_type -field value of -.BR FAN_EVENT_INFO_TYPE_DFID , -identifying a parent directory object, and one with -.I info_type -field value of -.BR FAN_EVENT_INFO_TYPE_FID , -identifying a child object. -Note that for the directory entry modification events -.BR FAN_CREATE , -.BR FAN_DELETE , -.BR FAN_MOVE , -and -.BR FAN_RENAME , -an information record identifying the created/deleted/moved child object -is reported only if an fanotify group was initialized with the flag -.BR FAN_REPORT_TARGET_FID . -.TP -.I fsid -This is a unique identifier of the filesystem containing the object -associated with the event. -It is a structure of type -.I __kernel_fsid_t -and contains the same value as -.I f_fsid -when calling -.BR statfs (2). -.TP -.I handle -This field contains a variable-length structure of type -.IR "struct file_handle" . -It is an opaque handle that corresponds to a specified object on a -filesystem as returned by -.BR name_to_handle_at (2). -It can be used to uniquely identify a file on a filesystem and can be -passed as an argument to -.BR open_by_handle_at (2). -If the value of -.I info_type -field is -.BR FAN_EVENT_INFO_TYPE_DFID_NAME , -the file handle is followed by a null terminated string that identifies the -created/deleted/moved directory entry name. -For other events such as -.BR FAN_OPEN , -.BR FAN_ATTRIB , -.BR FAN_DELETE_SELF , -and -.BR FAN_MOVE_SELF , -if the value of -.I info_type -field is -.BR FAN_EVENT_INFO_TYPE_FID , -the -.I handle -identifies the object correlated to the event. -If the value of -.I info_type -field is -.BR FAN_EVENT_INFO_TYPE_DFID , -the -.I handle -identifies the directory object correlated to the event or the parent directory -of a non-directory object correlated to the event. -If the value of -.I info_type -field is -.BR FAN_EVENT_INFO_TYPE_DFID_NAME , -the -.I handle -identifies the same directory object that would be reported with -.B FAN_EVENT_INFO_TYPE_DFID -and the file handle is followed by a null terminated string that identifies the -name of a directory entry in that directory, or '.' to identify the directory -object itself. -.P -The fields of the -.I fanotify_event_info_pidfd -structure are as follows: -.TP -.I hdr -This is a structure of type -.IR fanotify_event_info_header . -When an fanotify group is initialized using -.BR FAN_REPORT_PIDFD , -the -.I info_type -field value of the -.I fanotify_event_info_header -is set to -.BR FAN_EVENT_INFO_TYPE_PIDFD . -.TP -.I pidfd -This is a process file descriptor that refers to -the process responsible for generating the event. -The returned process file descriptor is no different from -one which could be obtained manually if -.BR pidfd_open (2) -were to be called on -.IR fanotify_event_metadata.pid . -In the instance that an error is encountered during pidfd creation, -one of two possible error types represented by -a negative integer value may be returned in this -.I pidfd -field. -In cases where -the process responsible for generating the event -has terminated prior to -the event listener being able to -read events from the notification queue, -.B FAN_NOPIDFD -is returned. -The pidfd creation for an event is only performed at the time the -events are read from the notification queue. -All other possible pidfd creation failures are represented by -.BR FAN_EPIDFD . -Once the event listener has dealt with an event -and the pidfd is no longer required, -the pidfd should be closed via -.BR close (2). -.P -The fields of the -.I fanotify_event_info_error -structure are as follows: -.TP -.I hdr -This is a structure of type -.IR fanotify_event_info_header . -The -.I info_type -field is set to -.BR FAN_EVENT_INFO_TYPE_ERROR . -.TP -.I error -Identifies the type of error that occurred. -.TP -.I error_count -This is a counter of the number of errors suppressed -since the last error was read. -.P -The following macros are provided to iterate over a buffer containing -fanotify event metadata returned by a -.BR read (2) -from an fanotify file descriptor: -.TP -.B FAN_EVENT_OK(meta, len) -This macro checks the remaining length -.I len -of the buffer -.I meta -against the length of the metadata structure and the -.I event_len -field of the first metadata structure in the buffer. -.TP -.B FAN_EVENT_NEXT(meta, len) -This macro uses the length indicated in the -.I event_len -field of the metadata structure pointed to by -.I meta -to calculate the address of the next metadata structure that follows -.IR meta . -.I len -is the number of bytes of metadata that currently remain in the buffer. -The macro returns a pointer to the next metadata structure that follows -.IR meta , -and reduces -.I len -by the number of bytes in the metadata structure that -has been skipped over (i.e., it subtracts -.I meta\->event_len -from -.IR len ). -.P -In addition, there is: -.TP -.B FAN_EVENT_METADATA_LEN -This macro returns the size (in bytes) of the structure -.IR fanotify_event_metadata . -This is the minimum size (and currently the only size) of any event metadata. -.\" -.SS Monitoring an fanotify file descriptor for events -When an fanotify event occurs, the fanotify file descriptor indicates as -readable when passed to -.BR epoll (7), -.BR poll (2), -or -.BR select (2). -.SS Dealing with permission events -For permission events, the application must -.BR write (2) -a structure of the following form to the -fanotify file descriptor: -.P -.in +4n -.EX -struct fanotify_response { - __s32 fd; - __u32 response; -}; -.EE -.in -.P -The fields of this structure are as follows: -.TP -.I fd -This is the file descriptor from the structure -.IR fanotify_event_metadata . -.TP -.I response -This field indicates whether or not the permission is to be granted. -Its value must be either -.B FAN_ALLOW -to allow the file operation or -.B FAN_DENY -to deny the file operation. -.P -If access is denied, the requesting application call will receive an -.B EPERM -error. -Additionally, if the notification group has been created with the -.B FAN_ENABLE_AUDIT -flag, then the -.B FAN_AUDIT -flag can be set in the -.I response -field. -In that case, the audit subsystem will log information about the access -decision to the audit logs. -.\" -.SS Monitoring filesystems for errors -A single -.B FAN_FS_ERROR -event is stored per filesystem at once. -Extra error messages are suppressed and accounted for in the -.I error_count -field of the existing -.B FAN_FS_ERROR -event record, -but details about the errors are lost. -.P -Errors reported by -.B FAN_FS_ERROR -are generic -.I errno -values, -but not all kinds of error types are reported by all filesystems. -.P -Errors not directly related to a file (i.e. super block corruption) -are reported with an invalid -.IR handle . -For these errors, the -.I handle -will have the field -.I handle_type -set to -.BR FILEID_INVALID , -and the handle buffer size set to -.BR 0 . -.\" -.SS Closing the fanotify file descriptor -When all file descriptors referring to the fanotify notification group are -closed, the fanotify group is released and its resources -are freed for reuse by the kernel. -Upon -.BR close (2), -outstanding permission events will be set to allowed. -.SS /proc interfaces -The file -.IR /proc/ pid /fdinfo/ fd -contains information about fanotify marks for file descriptor -.I fd -of process -.IR pid . -See -.BR proc (5) -for details. -.P -Since Linux 5.13, -.\" commit 5b8fea65d197f408bb00b251c70d842826d6b70b -the following interfaces can be used to control the amount of -kernel resources consumed by fanotify: -.TP -.I /proc/sys/fs/fanotify/max_queued_events -The value in this file is used when an application calls -.BR fanotify_init (2) -to set an upper limit on the number of events that can be -queued to the corresponding fanotify group. -Events in excess of this limit are dropped, but an -.B FAN_Q_OVERFLOW -event is always generated. -Prior to Linux kernel 5.13, -.\" commit 5b8fea65d197f408bb00b251c70d842826d6b70b -the hardcoded limit was 16384 events. -.TP -.I /proc/sys/fs/fanotify/max_user_group -This specifies an upper limit on the number of fanotify groups -that can be created per real user ID. -Prior to Linux kernel 5.13, -.\" commit 5b8fea65d197f408bb00b251c70d842826d6b70b -the hardcoded limit was 128 groups per user. -.TP -.I /proc/sys/fs/fanotify/max_user_marks -This specifies an upper limit on the number of fanotify marks -that can be created per real user ID. -Prior to Linux kernel 5.13, -.\" commit 5b8fea65d197f408bb00b251c70d842826d6b70b -the hardcoded limit was 8192 marks per group (not per user). -.SH ERRORS -In addition to the usual errors for -.BR read (2), -the following errors can occur when reading from the -fanotify file descriptor: -.TP -.B EINVAL -The buffer is too small to hold the event. -.TP -.B EMFILE -The per-process limit on the number of open files has been reached. -See the description of -.B RLIMIT_NOFILE -in -.BR getrlimit (2). -.TP -.B ENFILE -The system-wide limit on the total number of open files has been reached. -See -.I /proc/sys/fs/file\-max -in -.BR proc (5). -.TP -.B ETXTBSY -This error is returned by -.BR read (2) -if -.B O_RDWR -or -.B O_WRONLY -was specified in the -.I event_f_flags -argument when calling -.BR fanotify_init (2) -and an event occurred for a monitored file that is currently being executed. -.P -In addition to the usual errors for -.BR write (2), -the following errors can occur when writing to the fanotify file descriptor: -.TP -.B EINVAL -Fanotify access permissions are not enabled in the kernel configuration -or the value of -.I response -in the response structure is not valid. -.TP -.B ENOENT -The file descriptor -.I fd -in the response structure is not valid. -This may occur when a response for the permission event has already been -written. -.SH STANDARDS -Linux. -.SH HISTORY -The fanotify API was introduced in Linux 2.6.36 and -enabled in Linux 2.6.37. -fdinfo support was added in Linux 3.8. -.SH NOTES -The fanotify API is available only if the kernel was built with the -.B CONFIG_FANOTIFY -configuration option enabled. -In addition, fanotify permission handling is available only if the -.B CONFIG_FANOTIFY_ACCESS_PERMISSIONS -configuration option is enabled. -.SS Limitations and caveats -Fanotify reports only events that a user-space program triggers through the -filesystem API. -As a result, -it does not catch remote events that occur on network filesystems. -.P -The fanotify API does not report file accesses and modifications that -may occur because of -.BR mmap (2), -.BR msync (2), -and -.BR munmap (2). -.P -Events for directories are created only if the directory itself is opened, -read, and closed. -Adding, removing, or changing children of a marked directory does not create -events for the monitored directory itself. -.P -Fanotify monitoring of directories is not recursive: -to monitor subdirectories under a directory, -additional marks must be created. -The -.B FAN_CREATE -event can be used for detecting when a subdirectory has been created under -a marked directory. -An additional mark must then be set on the newly created subdirectory. -This approach is racy, because it can lose events that occurred inside the -newly created subdirectory, before a mark is added on that subdirectory. -Monitoring mounts offers the capability to monitor a whole directory tree -in a race-free manner. -Monitoring filesystems offers the capability to monitor changes made from -any mount of a filesystem instance in a race-free manner. -.P -The event queue can overflow. -In this case, events are lost. -.SH BUGS -Before Linux 3.19, -.BR fallocate (2) -did not generate fanotify events. -Since Linux 3.19, -.\" commit 820c12d5d6c0890bc93dd63893924a13041fdc35 -calls to -.BR fallocate (2) -generate -.B FAN_MODIFY -events. -.P -As of Linux 3.17, -the following bugs exist: -.IP \[bu] 3 -On Linux, a filesystem object may be accessible through multiple paths, -for example, a part of a filesystem may be remounted using the -.I \-\-bind -option of -.BR mount (8). -A listener that marked a mount will be notified only of events that were -triggered for a filesystem object using the same mount. -Any other event will pass unnoticed. -.IP \[bu] -.\" FIXME . A patch was proposed. -When an event is generated, -no check is made to see whether the user ID of the -receiving process has authorization to read or write the file -before passing a file descriptor for that file. -This poses a security risk, when the -.B CAP_SYS_ADMIN -capability is set for programs executed by unprivileged users. -.IP \[bu] -If a call to -.BR read (2) -processes multiple events from the fanotify queue and an error occurs, -the return value will be the total length of the events successfully -copied to the user-space buffer before the error occurred. -The return value will not be \-1, and -.I errno -will not be set. -Thus, the reading application has no way to detect the error. -.SH EXAMPLES -The two example programs below demonstrate the usage of the fanotify API. -.SS Example program: fanotify_example.c -The first program is an example of fanotify being -used with its event object information passed in the form of a file -descriptor. -The program marks the mount passed as a command-line argument and -waits for events of type -.B FAN_OPEN_PERM -and -.BR FAN_CLOSE_WRITE . -When a permission event occurs, a -.B FAN_ALLOW -response is given. -.P -The following shell session shows an example of -running this program. -This session involved editing the file -.IR /home/user/temp/notes . -Before the file was opened, a -.B FAN_OPEN_PERM -event occurred. -After the file was closed, a -.B FAN_CLOSE_WRITE -event occurred. -Execution of the program ends when the user presses the ENTER key. -.P -.in +4n -.EX -# \fB./fanotify_example /home\fP -Press enter key to terminate. -Listening for events. -FAN_OPEN_PERM: File /home/user/temp/notes -FAN_CLOSE_WRITE: File /home/user/temp/notes -\& -Listening for events stopped. -.EE -.in -.SS Program source: fanotify_example.c -\& -.EX -#define _GNU_SOURCE /* Needed to get O_LARGEFILE definition */ -#include -#include -#include -#include -#include -#include -#include -#include -\& -/* Read all available fanotify events from the file descriptor \[aq]fd\[aq]. */ -\& -static void -handle_events(int fd) -{ - const struct fanotify_event_metadata *metadata; - struct fanotify_event_metadata buf[200]; - ssize_t len; - char path[PATH_MAX]; - ssize_t path_len; - char procfd_path[PATH_MAX]; - struct fanotify_response response; -\& - /* Loop while events can be read from fanotify file descriptor. */ -\& - for (;;) { -\& - /* Read some events. */ -\& - len = read(fd, buf, sizeof(buf)); - if (len == \-1 && errno != EAGAIN) { - perror("read"); - exit(EXIT_FAILURE); - } -\& - /* Check if end of available data reached. */ -\& - if (len <= 0) - break; -\& - /* Point to the first event in the buffer. */ -\& - metadata = buf; -\& - /* Loop over all events in the buffer. */ -\& - while (FAN_EVENT_OK(metadata, len)) { -\& - /* Check that run\-time and compile\-time structures match. */ -\& - if (metadata\->vers != FANOTIFY_METADATA_VERSION) { - fprintf(stderr, - "Mismatch of fanotify metadata version.\en"); - exit(EXIT_FAILURE); - } -\& - /* metadata\->fd contains either FAN_NOFD, indicating a - queue overflow, or a file descriptor (a nonnegative - integer). Here, we simply ignore queue overflow. */ -\& - if (metadata\->fd >= 0) { -\& - /* Handle open permission event. */ -\& - if (metadata\->mask & FAN_OPEN_PERM) { - printf("FAN_OPEN_PERM: "); -\& - /* Allow file to be opened. */ -\& - response.fd = metadata\->fd; - response.response = FAN_ALLOW; - write(fd, &response, sizeof(response)); - } -\& - /* Handle closing of writable file event. */ -\& - if (metadata\->mask & FAN_CLOSE_WRITE) - printf("FAN_CLOSE_WRITE: "); -\& - /* Retrieve and print pathname of the accessed file. */ -\& - snprintf(procfd_path, sizeof(procfd_path), - "/proc/self/fd/%d", metadata\->fd); - path_len = readlink(procfd_path, path, - sizeof(path) \- 1); - if (path_len == \-1) { - perror("readlink"); - exit(EXIT_FAILURE); - } -\& - path[path_len] = \[aq]\e0\[aq]; - printf("File %s\en", path); -\& - /* Close the file descriptor of the event. */ -\& - close(metadata\->fd); - } -\& - /* Advance to next event. */ -\& - metadata = FAN_EVENT_NEXT(metadata, len); - } - } -} -\& -int -main(int argc, char *argv[]) -{ - char buf; - int fd, poll_num; - nfds_t nfds; - struct pollfd fds[2]; -\& - /* Check mount point is supplied. */ -\& - if (argc != 2) { - fprintf(stderr, "Usage: %s MOUNT\en", argv[0]); - exit(EXIT_FAILURE); - } -\& - printf("Press enter key to terminate.\en"); -\& - /* Create the file descriptor for accessing the fanotify API. */ -\& - fd = fanotify_init(FAN_CLOEXEC | FAN_CLASS_CONTENT | FAN_NONBLOCK, - O_RDONLY | O_LARGEFILE); - if (fd == \-1) { - perror("fanotify_init"); - exit(EXIT_FAILURE); - } -\& - /* Mark the mount for: - \- permission events before opening files - \- notification events after closing a write\-enabled - file descriptor. */ -\& - if (fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_MOUNT, - FAN_OPEN_PERM | FAN_CLOSE_WRITE, AT_FDCWD, - argv[1]) == \-1) { - perror("fanotify_mark"); - exit(EXIT_FAILURE); - } -\& - /* Prepare for polling. */ -\& - nfds = 2; -\& - fds[0].fd = STDIN_FILENO; /* Console input */ - fds[0].events = POLLIN; -\& - fds[1].fd = fd; /* Fanotify input */ - fds[1].events = POLLIN; -\& - /* This is the loop to wait for incoming events. */ -\& - printf("Listening for events.\en"); -\& - while (1) { - poll_num = poll(fds, nfds, \-1); - if (poll_num == \-1) { - if (errno == EINTR) /* Interrupted by a signal */ - continue; /* Restart poll() */ -\& - perror("poll"); /* Unexpected error */ - exit(EXIT_FAILURE); - } -\& - if (poll_num > 0) { - if (fds[0].revents & POLLIN) { -\& - /* Console input is available: empty stdin and quit. */ -\& - while (read(STDIN_FILENO, &buf, 1) > 0 && buf != \[aq]\en\[aq]) - continue; - break; - } -\& - if (fds[1].revents & POLLIN) { -\& - /* Fanotify events are available. */ -\& - handle_events(fd); - } - } - } -\& - printf("Listening for events stopped.\en"); - exit(EXIT_SUCCESS); -} -.EE -.\" -.SS Example program: fanotify_fid.c -The second program is an example of fanotify being used with a group that -identifies objects by file handles. -The program marks the filesystem object that is passed as -a command-line argument -and waits until an event of type -.B FAN_CREATE -has occurred. -The event mask indicates which type of filesystem object\[em]either -a file or a directory\[em]was created. -Once all events have been read from the buffer and processed accordingly, -the program simply terminates. -.P -The following shell sessions show two different invocations of -this program, with different actions performed on a watched object. -.P -The first session shows a mark being placed on -.IR /home/user . -This is followed by the creation of a regular file, -.IR /home/user/testfile.txt . -This results in a -.B FAN_CREATE -event being generated and reported against the file's parent watched -directory object and with the created file name. -Program execution ends once all events captured within the buffer have -been processed. -.P -.in +4n -.EX -# \fB./fanotify_fid /home/user\fP -Listening for events. -FAN_CREATE (file created): - Directory /home/user has been modified. - Entry \[aq]testfile.txt\[aq] is not a subdirectory. -All events processed successfully. Program exiting. -\& -$ \fBtouch /home/user/testfile.txt\fP # In another terminal -.EE -.in -.P -The second session shows a mark being placed on -.IR /home/user . -This is followed by the creation of a directory, -.IR /home/user/testdir . -This specific action results in a -.B FAN_CREATE -event being generated and is reported with the -.B FAN_ONDIR -flag set and with the created directory name. -.P -.in +4n -.EX -# \fB./fanotify_fid /home/user\fP -Listening for events. -FAN_CREATE | FAN_ONDIR (subdirectory created): - Directory /home/user has been modified. - Entry \[aq]testdir\[aq] is a subdirectory. -All events processed successfully. Program exiting. -\& -$ \fBmkdir \-p /home/user/testdir\fP # In another terminal -.EE -.in -.SS Program source: fanotify_fid.c -\& -.EX -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -\& -#define BUF_SIZE 256 -\& -int -main(int argc, char *argv[]) -{ - int fd, ret, event_fd, mount_fd; - ssize_t len, path_len; - char path[PATH_MAX]; - char procfd_path[PATH_MAX]; - char events_buf[BUF_SIZE]; - struct file_handle *file_handle; - struct fanotify_event_metadata *metadata; - struct fanotify_event_info_fid *fid; - const char *file_name; - struct stat sb; -\& - if (argc != 2) { - fprintf(stderr, "Invalid number of command line arguments.\en"); - exit(EXIT_FAILURE); - } -\& - mount_fd = open(argv[1], O_DIRECTORY | O_RDONLY); - if (mount_fd == \-1) { - perror(argv[1]); - exit(EXIT_FAILURE); - } -\& - /* Create an fanotify file descriptor with FAN_REPORT_DFID_NAME as - a flag so that program can receive fid events with directory - entry name. */ -\& - fd = fanotify_init(FAN_CLASS_NOTIF | FAN_REPORT_DFID_NAME, 0); - if (fd == \-1) { - perror("fanotify_init"); - exit(EXIT_FAILURE); - } -\& - /* Place a mark on the filesystem object supplied in argv[1]. */ -\& - ret = fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_ONLYDIR, - FAN_CREATE | FAN_ONDIR, - AT_FDCWD, argv[1]); - if (ret == \-1) { - perror("fanotify_mark"); - exit(EXIT_FAILURE); - } -\& - printf("Listening for events.\en"); -\& - /* Read events from the event queue into a buffer. */ -\& - len = read(fd, events_buf, sizeof(events_buf)); - if (len == \-1 && errno != EAGAIN) { - perror("read"); - exit(EXIT_FAILURE); - } -\& - /* Process all events within the buffer. */ -\& - for (metadata = (struct fanotify_event_metadata *) events_buf; - FAN_EVENT_OK(metadata, len); - metadata = FAN_EVENT_NEXT(metadata, len)) { - fid = (struct fanotify_event_info_fid *) (metadata + 1); - file_handle = (struct file_handle *) fid\->handle; -\& - /* Ensure that the event info is of the correct type. */ -\& - if (fid\->hdr.info_type == FAN_EVENT_INFO_TYPE_FID || - fid\->hdr.info_type == FAN_EVENT_INFO_TYPE_DFID) { - file_name = NULL; - } else if (fid\->hdr.info_type == FAN_EVENT_INFO_TYPE_DFID_NAME) { - file_name = file_handle\->f_handle + - file_handle\->handle_bytes; - } else { - fprintf(stderr, "Received unexpected event info type.\en"); - exit(EXIT_FAILURE); - } -\& - if (metadata\->mask == FAN_CREATE) - printf("FAN_CREATE (file created):\en"); -\& - if (metadata\->mask == (FAN_CREATE | FAN_ONDIR)) - printf("FAN_CREATE | FAN_ONDIR (subdirectory created):\en"); -\& - /* metadata\->fd is set to FAN_NOFD when the group identifies - objects by file handles. To obtain a file descriptor for - the file object corresponding to an event you can use the - struct file_handle that\[aq]s provided within the - fanotify_event_info_fid in conjunction with the - open_by_handle_at(2) system call. A check for ESTALE is - done to accommodate for the situation where the file handle - for the object was deleted prior to this system call. */ -\& - event_fd = open_by_handle_at(mount_fd, file_handle, O_RDONLY); - if (event_fd == \-1) { - if (errno == ESTALE) { - printf("File handle is no longer valid. " - "File has been deleted\en"); - continue; - } else { - perror("open_by_handle_at"); - exit(EXIT_FAILURE); - } - } -\& - snprintf(procfd_path, sizeof(procfd_path), "/proc/self/fd/%d", - event_fd); -\& - /* Retrieve and print the path of the modified dentry. */ -\& - path_len = readlink(procfd_path, path, sizeof(path) \- 1); - if (path_len == \-1) { - perror("readlink"); - exit(EXIT_FAILURE); - } -\& - path[path_len] = \[aq]\e0\[aq]; - printf("\etDirectory \[aq]%s\[aq] has been modified.\en", path); -\& - if (file_name) { - ret = fstatat(event_fd, file_name, &sb, 0); - if (ret == \-1) { - if (errno != ENOENT) { - perror("fstatat"); - exit(EXIT_FAILURE); - } - printf("\etEntry \[aq]%s\[aq] does not exist.\en", file_name); - } else if ((sb.st_mode & S_IFMT) == S_IFDIR) { - printf("\etEntry \[aq]%s\[aq] is a subdirectory.\en", file_name); - } else { - printf("\etEntry \[aq]%s\[aq] is not a subdirectory.\en", - file_name); - } - } -\& - /* Close associated file descriptor for this event. */ -\& - close(event_fd); - } -\& - printf("All events processed successfully. Program exiting.\en"); - exit(EXIT_SUCCESS); -} -.EE -.SH SEE ALSO -.ad l -.BR fanotify_init (2), -.BR fanotify_mark (2), -.BR inotify (7) diff --git a/man7/feature_test_macros.7 b/man7/feature_test_macros.7 deleted file mode 100644 index ee414dd..0000000 --- a/man7/feature_test_macros.7 +++ /dev/null @@ -1,937 +0,0 @@ -.\" This manpage is Copyright (C) 2006, Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH feature_test_macros 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -feature_test_macros \- feature test macros -.SH DESCRIPTION -Feature test macros allow the programmer to control the definitions that -are exposed by system header files when a program is compiled. -.P -.B NOTE: -In order to be effective, a feature test macro -.IR "must be defined before including any header files" . -This can be done either in the compilation command -.RI ( "cc \-DMACRO=value" ) -or by defining the macro within the source code before -including any headers. -The requirement that the macro must be defined before including any -header file exists because header files may freely include one another. -Thus, for example, in the following lines, defining the -.B _GNU_SOURCE -macro may have no effect because the header -.I -itself includes -.I -(POSIX explicitly allows this): -.P -.in +4n -.EX -#include -#define _GNU_SOURCE -#include -.EE -.in -.P -Some feature test macros are useful for creating portable applications, -by preventing nonstandard definitions from being exposed. -Other macros can be used to expose nonstandard definitions that -are not exposed by default. -.P -The precise effects of each of the feature test macros described below -can be ascertained by inspecting the -.I -header file. -.BR Note : -applications do -.I not -need to directly include -.IR ; -indeed, doing so is actively discouraged. -See NOTES. -.SS Specification of feature test macro requirements in manual pages -When a function requires that a feature test macro is defined, -the manual page SYNOPSIS typically includes a note of the following form -(this example from the -.BR acct (2) -manual page): -.P -.RS -.B #include -.P -.BI "int acct(const char *" filename ); -.P -.RS -4 -.EX -Feature Test Macro Requirements for glibc (see -.BR feature_test_macros (7)): -.EE -.RE -.P -.BR acct (): -_BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE < 500) -.RE -.P -The -.B || -means that in order to obtain the declaration of -.BR acct (2) -from -.IR , -.I either -of the following macro -definitions must be made before including any header files: -.P -.in +4n -.EX -#define _BSD_SOURCE -#define _XOPEN_SOURCE /* or any value < 500 */ -.EE -.in -.P -Alternatively, equivalent definitions can be included in the -compilation command: -.P -.in +4n -.EX -cc \-D_BSD_SOURCE -cc \-D_XOPEN_SOURCE # Or any value < 500 -.EE -.in -.P -Note that, as described below, -.BR "some feature test macros are defined by default" , -so that it may not always be necessary to -explicitly specify the feature test macro(s) shown in the -SYNOPSIS. -.P -In a few cases, manual pages use a shorthand for expressing the -feature test macro requirements (this example from -.BR readahead (2)): -.P -.RS +4 -.EX -.B #define _GNU_SOURCE -.B #define _FILE_OFFSET_BITS 64 -.B #include -.P -.BI "ssize_t readahead(int " fd ", off_t *" offset ", size_t " count ); -.EE -.RE -.P -This format is employed when the feature test macros ensure -that the proper function declarations are visible, -and the macros are not defined by default. -.SS Feature test macros understood by glibc -The paragraphs below explain how feature test macros are handled -in glibc 2.\fIx\fP, -.I x -> 0. -.P -First, though, a summary of a few details for the impatient: -.IP \[bu] 3 -The macros that you most likely need to use in modern source code are -.B _POSIX_C_SOURCE -(for definitions from various versions of POSIX.1), -.B _XOPEN_SOURCE -(for definitions from various versions of SUS), -.B _GNU_SOURCE -(for GNU and/or Linux specific stuff), and -.B _DEFAULT_SOURCE -(to get definitions that would normally be provided by default). -.IP \[bu] -Certain macros are defined with default values. -Thus, although one or more macros may be indicated as being -required in the SYNOPSIS of a man page, -it may not be necessary to define them explicitly. -Full details of the defaults are given later in this man page. -.IP \[bu] -Defining -.B _XOPEN_SOURCE -with a value of 600 or greater produces the same effects as defining -.B _POSIX_C_SOURCE -with a value of 200112L or greater. -Where one sees -.IP -.in +4n -.EX -_POSIX_C_SOURCE >= 200112L -.EE -.in -.IP -in the feature test macro requirements in the SYNOPSIS of a man page, -it is implicit that the following has the same effect: -.IP -.in +4n -.EX -_XOPEN_SOURCE >= 600 -.EE -.in -.IP \[bu] -Defining -.B _XOPEN_SOURCE -with a value of 700 or greater produces the same effects as defining -.B _POSIX_C_SOURCE -with a value of 200809L or greater. -Where one sees -.IP -.in +4n -.EX -_POSIX_C_SOURCE >= 200809L -.EE -.in -.IP -in the feature test macro requirements in the SYNOPSIS of a man page, -it is implicit that the following has the same effect: -.IP -.in +4n -.EX -_XOPEN_SOURCE >= 700 -.EE -.in -.\" The details in glibc 2.0 are simpler, but combining a -.\" a description of them with the details in later glibc versions -.\" would make for a complicated description. -.P -glibc understands the following feature test macros: -.TP -.B __STRICT_ANSI__ -ISO Standard C. -This macro is implicitly defined by -.BR gcc (1) -when invoked with, for example, the -.I \-std=c99 -or -.I \-ansi -flag. -.TP -.B _POSIX_C_SOURCE -Defining this macro causes header files to expose definitions as follows: -.RS -.IP \[bu] 3 -The value 1 exposes definitions conforming to POSIX.1-1990 and -ISO C (1990). -.IP \[bu] -The value 2 or greater additionally exposes -definitions for POSIX.2-1992. -.IP \[bu] -The value 199309L or greater additionally exposes -definitions for POSIX.1b (real-time extensions). -.\" 199506L functionality is available only since glibc 2.1 -.IP \[bu] -The value 199506L or greater additionally exposes -definitions for POSIX.1c (threads). -.IP \[bu] -(Since glibc 2.3.3) -The value 200112L or greater additionally exposes definitions corresponding -to the POSIX.1-2001 base specification (excluding the XSI extension). -This value also causes C95 (since glibc 2.12) and -C99 (since glibc 2.10) features to be exposed -(in other words, the equivalent of defining -.BR _ISOC99_SOURCE ). -.IP \[bu] -(Since glibc 2.10) -The value 200809L or greater additionally exposes definitions corresponding -to the POSIX.1-2008 base specification (excluding the XSI extension). -.RE -.TP -.B _POSIX_SOURCE -Defining this obsolete macro with any value is equivalent to defining -.B _POSIX_C_SOURCE -with the value 1. -.IP -Since this macro is obsolete, -its usage is generally not documented when discussing -feature test macro requirements in the man pages. -.TP -.B _XOPEN_SOURCE -Defining this macro causes header files to expose definitions as follows: -.RS -.IP \[bu] 3 -Defining with any value exposes -definitions conforming to POSIX.1, POSIX.2, and XPG4. -.IP \[bu] -The value 500 or greater additionally exposes -definitions for SUSv2 (UNIX 98). -.IP \[bu] -(Since glibc 2.2) The value 600 or greater additionally exposes -definitions for SUSv3 (UNIX 03; i.e., the POSIX.1-2001 base specification -plus the XSI extension) and C99 definitions. -.IP \[bu] -(Since glibc 2.10) The value 700 or greater additionally exposes -definitions for SUSv4 (i.e., the POSIX.1-2008 base specification -plus the XSI extension). -.RE -.IP -If -.B __STRICT_ANSI__ -is not defined, or -.B _XOPEN_SOURCE -is defined with a value greater than or equal to 500 -.I and -neither -.B _POSIX_SOURCE -nor -.B _POSIX_C_SOURCE -is explicitly defined, then -the following macros are implicitly defined: -.RS -.IP \[bu] 3 -.B _POSIX_SOURCE -is defined with the value 1. -.IP \[bu] -.B _POSIX_C_SOURCE -is defined, according to the value of -.BR _XOPEN_SOURCE : -.RS -.TP -.BR _XOPEN_SOURCE " < 500" -.B _POSIX_C_SOURCE -is defined with the value 2. -.TP -.RB "500 <= " _XOPEN_SOURCE " < 600" -.B _POSIX_C_SOURCE -is defined with the value 199506L. -.TP -.RB "600 <= " _XOPEN_SOURCE " < 700" -.B _POSIX_C_SOURCE -is defined with the value 200112L. -.TP -.RB "700 <= " _XOPEN_SOURCE " (since glibc 2.10)" -.B _POSIX_C_SOURCE -is defined with the value 200809L. -.RE -.RE -.IP -In addition, defining -.B _XOPEN_SOURCE -with a value of 500 or greater produces the same effects as defining -.BR _XOPEN_SOURCE_EXTENDED . -.TP -.B _XOPEN_SOURCE_EXTENDED -If this macro is defined, -.I and -.B _XOPEN_SOURCE -is defined, then expose definitions corresponding to the XPG4v2 -(SUSv1) UNIX extensions (UNIX 95). -Defining -.B _XOPEN_SOURCE -with a value of 500 or more also produces the same effect as defining -.BR _XOPEN_SOURCE_EXTENDED . -Use of -.B _XOPEN_SOURCE_EXTENDED -in new source code should be avoided. -.IP -Since defining -.B _XOPEN_SOURCE -with a value of 500 or more has the same effect as defining -.BR _XOPEN_SOURCE_EXTENDED , -the latter (obsolete) feature test macro is generally not described in the -SYNOPSIS in man pages. -.TP -.BR _ISOC99_SOURCE " (since glibc 2.1.3)" -Exposes declarations consistent with the ISO C99 standard. -.IP -Earlier glibc 2.1.x versions recognized an equivalent macro named -.B _ISOC9X_SOURCE -(because the C99 standard had not then been finalized). -Although the use of this macro is obsolete, glibc continues -to recognize it for backward compatibility. -.IP -Defining -.B _ISOC99_SOURCE -also exposes ISO C (1990) Amendment 1 ("C95") definitions. -(The primary change in C95 was support for international character sets.) -.IP -Invoking the C compiler with the option -.I \-std=c99 -produces the same effects as defining this macro. -.TP -.BR _ISOC11_SOURCE " (since glibc 2.16)" -Exposes declarations consistent with the ISO C11 standard. -Defining this macro also enables C99 and C95 features (like -.BR _ISOC99_SOURCE ). -.IP -Invoking the C compiler with the option -.I \-std=c11 -produces the same effects as defining this macro. -.TP -.B _LARGEFILE64_SOURCE -Expose definitions for the alternative API specified by the -LFS (Large File Summit) as a "transitional extension" to the -Single UNIX Specification. -(See -.UR http:\:/\:/opengroup.org\:/platform\:/lfs.html -.UE .) -The alternative API consists of a set of new objects -(i.e., functions and types) whose names are suffixed with "64" -(e.g., -.I off64_t -versus -.IR off_t , -.BR lseek64 () -versus -.BR lseek (), -etc.). -New programs should not employ this macro; instead -.I _FILE_OFFSET_BITS=64 -should be employed. -.TP -.B _LARGEFILE_SOURCE -This macro was historically used to expose certain functions (specifically -.BR fseeko (3) -and -.BR ftello (3)) -that address limitations of earlier APIs -.RB ( fseek (3) -and -.BR ftell (3)) -that use -.I long -for file offsets. -This macro is implicitly defined if -.B _XOPEN_SOURCE -is defined with a value greater than or equal to 500. -New programs should not employ this macro; -defining -.B _XOPEN_SOURCE -as just described or defining -.B _FILE_OFFSET_BITS -with the value 64 is the preferred mechanism to achieve the same result. -.TP -.B _FILE_OFFSET_BITS -Defining this macro with the value 64 -automatically converts references to 32-bit functions and data types -related to file I/O and filesystem operations into references to -their 64-bit counterparts. -This is useful for performing I/O on large files (> 2 Gigabytes) -on 32-bit systems. -It is also useful when calling functions like -.BR copy_file_range (2) -that were added more recently and that come only in 64-bit flavors. -(Defining this macro permits correctly written programs to use -large files with only a recompilation being required.) -.IP -64-bit systems naturally permit file sizes greater than 2 Gigabytes, -and on those systems this macro has no effect. -.TP -.B _TIME_BITS -Defining this macro with the value 64 -changes the width of -.BR time_t (3type) -to 64-bit which allows handling of timestamps beyond -2038. -It is closely related to -.B _FILE_OFFSET_BITS -and depending on implementation, may require it set. -This macro is available as of glibc 2.34. -.TP -.BR _BSD_SOURCE " (deprecated since glibc 2.20)" -Defining this macro with any value causes header files to expose -BSD-derived definitions. -.IP -In glibc versions up to and including 2.18, -defining this macro also causes BSD definitions to be preferred in -some situations where standards conflict, unless one or more of -.BR _SVID_SOURCE , -.BR _POSIX_SOURCE , -.BR _POSIX_C_SOURCE , -.BR _XOPEN_SOURCE , -.BR _XOPEN_SOURCE_EXTENDED , -or -.B _GNU_SOURCE -is defined, in which case BSD definitions are disfavored. -Since glibc 2.19, -.B _BSD_SOURCE -no longer causes BSD definitions to be preferred in case of conflicts. -.IP -Since glibc 2.20, this macro is deprecated. -.\" commit c941736c92fa3a319221f65f6755659b2a5e0a20 -.\" commit 498afc54dfee41d33ba519f496e96480badace8e -.\" commit acd7f096d79c181866d56d4aaf3b043e741f1e2c -It now has the same effect as defining -.BR _DEFAULT_SOURCE , -but generates a compile-time warning (unless -.B _DEFAULT_SOURCE -.\" commit ade40b10ff5fa59a318cf55b9d8414b758e8df78 -is also defined). -Use -.B _DEFAULT_SOURCE -instead. -To allow code that requires -.B _BSD_SOURCE -in glibc 2.19 and earlier and -.B _DEFAULT_SOURCE -in glibc 2.20 and later to compile without warnings, define -.I both -.B _BSD_SOURCE -and -.BR _DEFAULT_SOURCE . -.TP -.BR _SVID_SOURCE " (deprecated since glibc 2.20)" -Defining this macro with any value causes header files to expose -System V-derived definitions. -(SVID == System V Interface Definition; see -.BR standards (7).) -.IP -Since glibc 2.20, this macro is deprecated in the same fashion as -.BR _BSD_SOURCE . -.TP -.BR _DEFAULT_SOURCE " (since glibc 2.19)" -This macro can be defined to ensure that the "default" -definitions are provided even when the defaults would otherwise -be disabled, -as happens when individual macros are explicitly defined, -or the compiler is invoked in one of its "standard" modes (e.g., -.IR cc\~\-std=c99 ). -Defining -.B _DEFAULT_SOURCE -without defining other individual macros -or invoking the compiler in one of its "standard" modes has no effect. -.IP -The "default" definitions comprise those required by POSIX.1-2008 and ISO C99, -as well as various definitions originally derived from BSD and System V. -On glibc 2.19 and earlier, these defaults were approximately equivalent -to explicitly defining the following: -.IP -.in +4n -.EX -cc \-D_BSD_SOURCE \-D_SVID_SOURCE \-D_POSIX_C_SOURCE=200809 -.EE -.in -.TP -.BR _ATFILE_SOURCE " (since glibc 2.4)" -Defining this macro with any value causes header files to expose -declarations of a range of functions with the suffix "at"; -see -.BR openat (2). -Since glibc 2.10, this macro is also implicitly defined if -.B _POSIX_C_SOURCE -is defined with a value greater than or equal to 200809L. -.TP -.B _GNU_SOURCE -Defining this macro (with any value) implicitly defines -.BR _ATFILE_SOURCE , -.BR _LARGEFILE64_SOURCE , -.BR _ISOC99_SOURCE , -.BR _XOPEN_SOURCE_EXTENDED , -.BR _POSIX_SOURCE , -.B _POSIX_C_SOURCE -with the value 200809L -(200112L before glibc 2.10; -199506L before glibc 2.5; -199309L before glibc 2.1) -and -.B _XOPEN_SOURCE -with the value 700 -(600 before glibc 2.10; -500 before glibc 2.2). -In addition, various GNU-specific extensions are also exposed. -.IP -Since glibc 2.19, defining -.B _GNU_SOURCE -also has the effect of implicitly defining -.BR _DEFAULT_SOURCE . -Before glibc 2.20, defining -.B _GNU_SOURCE -also had the effect of implicitly defining -.B _BSD_SOURCE -and -.BR _SVID_SOURCE . -.TP -.B _REENTRANT -Historically, on various C libraries -it was necessary to define this macro in all -multithreaded code. -.\" Zack Weinberg -.\" There did once exist C libraries where it was necessary. The ones -.\" I remember were proprietary Unix vendor libcs from the mid-1990s -.\" You would get completely unlocked stdio without _REENTRANT. -(Some C libraries may still require this.) -In glibc, -this macro also exposed definitions of certain reentrant functions. -.IP -However, glibc has been thread-safe by default for many years; -since glibc 2.3, the only effect of defining -.B _REENTRANT -has been to enable one or two of the same declarations that -are also enabled by defining -.B _POSIX_C_SOURCE -with a value of 199606L or greater. -.IP -.B _REENTRANT -is now obsolete. -In glibc 2.25 and later, defining -.B _REENTRANT -is equivalent to defining -.B _POSIX_C_SOURCE -with the value 199606L. -If a higher POSIX conformance level is -selected by any other means (such as -.B _POSIX_C_SOURCE -itself, -.BR _XOPEN_SOURCE , -.BR _DEFAULT_SOURCE , -or -.BR _GNU_SOURCE ), -then defining -.B _REENTRANT -has no effect. -.IP -This macro is automatically defined if one compiles with -.IR cc\~\-pthread . -.TP -.B _THREAD_SAFE -Synonym for the (deprecated) -.BR _REENTRANT , -provided for compatibility with some other implementations. -.TP -.BR _FORTIFY_SOURCE " (since glibc 2.3.4)" -.\" For more detail, see: -.\" http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html -.\" [PATCH] Object size checking to prevent (some) buffer overflows -.\" * From: Jakub Jelinek -.\" * To: gcc-patches at gcc dot gnu dot org -.\" * Date: Tue, 21 Sep 2004 04:16:40 -0400 -Defining this macro causes some lightweight checks to be performed -to detect some buffer overflow errors when employing -various string and memory manipulation functions (for example, -.BR memcpy (3), -.BR memset (3), -.BR stpcpy (3), -.BR strcpy (3), -.BR strncpy (3), -.BR strcat (3), -.BR strncat (3), -.BR sprintf (3), -.BR snprintf (3), -.BR vsprintf (3), -.BR vsnprintf (3), -.BR gets (3), -and wide character variants thereof). -For some functions, argument consistency is checked; -for example, a check is made that -.BR open (2) -has been supplied with a -.I mode -argument when the specified flags include -.BR O_CREAT . -Not all problems are detected, just some common cases. -.\" Look for __USE_FORTIFY_LEVEL in the header files -.IP -If -.B _FORTIFY_SOURCE -is set to 1, with compiler optimization level 1 -.RI ( "gcc\ \-O1" ) -and above, checks that shouldn't change the behavior of -conforming programs are performed. -With -.B _FORTIFY_SOURCE -set to 2, some more checking is added, but -some conforming programs might fail. -.\" For example, given the following code -.\" int d; -.\" char buf[1000], buf[1000]; -.\" strcpy(fmt, "Hello world\n%n"); -.\" snprintf(buf, sizeof(buf), fmt, &d); -.\" -.\" Compiling with "gcc -D_FORTIFY_SOURCE=2 -O1" and then running will -.\" cause the following diagnostic at run time at the snprintf() call -.\" -.\" *** %n in writable segment detected *** -.\" Aborted (core dumped) -.\" -.IP -Some of the checks can be performed at compile time -(via macros logic implemented in header files), -and result in compiler warnings; -other checks take place at run time, -and result in a run-time error if the check fails. -.IP -With -.B _FORTIFY_SOURCE -set to 3, additional checking is added to intercept -some function calls used with an argument of variable size -where the compiler can deduce an upper bound for its value. -For example, a program where -.BR malloc (3)'s -size argument is variable -can now be fortified. -.IP -Use of this macro requires compiler support, available since -gcc 4.0 and clang 2.6. -Use of -.B _FORTIFY_SOURCE -set to 3 requires gcc 12.0 or later, or clang 9.0 or later, -in conjunction with glibc 2.33 or later. -.\" glibc is not an absolute requirement (gcc has libssp; NetBSD/newlib -.\" and Darwin each have their own implementation), but let's keep it -.\" simple. -.SS Default definitions, implicit definitions, and combining definitions -If no feature test macros are explicitly defined, -then the following feature test macros are defined by default: -.B _BSD_SOURCE -(in glibc 2.19 and earlier), -.B _SVID_SOURCE -(in glibc 2.19 and earlier), -.B _DEFAULT_SOURCE -(since glibc 2.19), -.BR _POSIX_SOURCE , -and -.BR _POSIX_C_SOURCE =200809L -(200112L before glibc 2.10; -199506L before glibc 2.4; -199309L before glibc 2.1). -.P -If any of -.BR __STRICT_ANSI__ , -.BR _ISOC99_SOURCE , -.B _ISOC11_SOURCE -(since glibc 2.18), -.BR _POSIX_SOURCE , -.BR _POSIX_C_SOURCE , -.BR _XOPEN_SOURCE , -.B _XOPEN_SOURCE_EXTENDED -(in glibc 2.11 and earlier), -.B _BSD_SOURCE -(in glibc 2.19 and earlier), -or -.B _SVID_SOURCE -(in glibc 2.19 and earlier) -is explicitly defined, then -.BR _BSD_SOURCE , -.BR _SVID_SOURCE , -and -.B _DEFAULT_SOURCE -are not defined by default. -.P -If -.B _POSIX_SOURCE -and -.B _POSIX_C_SOURCE -are not explicitly defined, -and either -.B __STRICT_ANSI__ -is not defined or -.B _XOPEN_SOURCE -is defined with a value of 500 or more, then -.IP \[bu] 3 -.B _POSIX_SOURCE -is defined with the value 1; and -.IP \[bu] -.B _POSIX_C_SOURCE -is defined with one of the following values: -.RS -.IP \[bu] 3 -2, -if -.B _XOPEN_SOURCE -is defined with a value less than 500; -.IP \[bu] -199506L, -if -.B _XOPEN_SOURCE -is defined with a value greater than or equal to 500 and less than 600; -or -.IP \[bu] -(since glibc 2.4) 200112L, -if -.B _XOPEN_SOURCE -is defined with a value greater than or equal to 600 and less than 700. -.IP \[bu] -(Since glibc 2.10) -200809L, -if -.B _XOPEN_SOURCE -is defined with a value greater than or equal to 700. -.IP \[bu] -Older versions of glibc do not know about the values -200112L and 200809L for -.BR _POSIX_C_SOURCE , -and the setting of this macro will depend on the glibc version. -.IP \[bu] -If -.B _XOPEN_SOURCE -is undefined, then the setting of -.B _POSIX_C_SOURCE -depends on the glibc version: -199506L, before glibc 2.4; -200112L, since glibc 2.4 to glibc 2.9; and -200809L, since glibc 2.10. -.RE -.P -Multiple macros can be defined; the results are additive. -.SH STANDARDS -POSIX.1 specifies -.BR _POSIX_C_SOURCE , -.BR _POSIX_SOURCE , -and -.BR _XOPEN_SOURCE . -.P -.B _FILE_OFFSET_BITS -is not specified by any standard, -but is employed on some other implementations. -.P -.BR _BSD_SOURCE , -.BR _SVID_SOURCE , -.BR _DEFAULT_SOURCE , -.BR _ATFILE_SOURCE , -.BR _GNU_SOURCE , -.BR _FORTIFY_SOURCE , -.BR _REENTRANT , -and -.B _THREAD_SAFE -are specific to glibc. -.SH HISTORY -.B _XOPEN_SOURCE_EXTENDED -was specified by XPG4v2 (aka SUSv1), but is not present in SUSv2 and later. -.SH NOTES -.I -is a Linux/glibc-specific header file. -Other systems have an analogous file, but typically with a different name. -This header file is automatically included by other header files as -required: it is not necessary to explicitly include it in order to -employ feature test macros. -.P -According to which of the above feature test macros are defined, -.I -internally defines various other macros that are checked by -other glibc header files. -These macros have names prefixed by two underscores (e.g., -.BR __USE_MISC ). -Programs should -.I never -define these macros directly: -instead, the appropriate feature test macro(s) from the -list above should be employed. -.SH EXAMPLES -The program below can be used to explore how the various -feature test macros are set depending on the glibc version -and what feature test macros are explicitly set. -The following shell session, on a system with glibc 2.10, -shows some examples of what we would see: -.P -.in +4n -.EX -$ \fBcc ftm.c\fP -$ \fB./a.out\fP -_POSIX_SOURCE defined -_POSIX_C_SOURCE defined: 200809L -_BSD_SOURCE defined -_SVID_SOURCE defined -_ATFILE_SOURCE defined -$ \fBcc \-D_XOPEN_SOURCE=500 ftm.c\fP -$ \fB./a.out\fP -_POSIX_SOURCE defined -_POSIX_C_SOURCE defined: 199506L -_XOPEN_SOURCE defined: 500 -$ \fBcc \-D_GNU_SOURCE ftm.c\fP -$ \fB./a.out\fP -_POSIX_SOURCE defined -_POSIX_C_SOURCE defined: 200809L -_ISOC99_SOURCE defined -_XOPEN_SOURCE defined: 700 -_XOPEN_SOURCE_EXTENDED defined -_LARGEFILE64_SOURCE defined -_BSD_SOURCE defined -_SVID_SOURCE defined -_ATFILE_SOURCE defined -_GNU_SOURCE defined -.EE -.in -.SS Program source -\& -.EX -/* ftm.c */ -\& -#include -#include -#include -#include -\& -int -main(int argc, char *argv[]) -{ -#ifdef _POSIX_SOURCE - printf("_POSIX_SOURCE defined\en"); -#endif -\& -#ifdef _POSIX_C_SOURCE - printf("_POSIX_C_SOURCE defined: %jdL\en", - (intmax_t) _POSIX_C_SOURCE); -#endif -\& -#ifdef _ISOC99_SOURCE - printf("_ISOC99_SOURCE defined\en"); -#endif -\& -#ifdef _ISOC11_SOURCE - printf("_ISOC11_SOURCE defined\en"); -#endif -\& -#ifdef _XOPEN_SOURCE - printf("_XOPEN_SOURCE defined: %d\en", _XOPEN_SOURCE); -#endif -\& -#ifdef _XOPEN_SOURCE_EXTENDED - printf("_XOPEN_SOURCE_EXTENDED defined\en"); -#endif -\& -#ifdef _LARGEFILE64_SOURCE - printf("_LARGEFILE64_SOURCE defined\en"); -#endif -\& -#ifdef _FILE_OFFSET_BITS - printf("_FILE_OFFSET_BITS defined: %d\en", _FILE_OFFSET_BITS); -#endif -\& -#ifdef _TIME_BITS - printf("_TIME_BITS defined: %d\en", _TIME_BITS); -#endif -\& -#ifdef _BSD_SOURCE - printf("_BSD_SOURCE defined\en"); -#endif -\& -#ifdef _SVID_SOURCE - printf("_SVID_SOURCE defined\en"); -#endif -\& -#ifdef _DEFAULT_SOURCE - printf("_DEFAULT_SOURCE defined\en"); -#endif -\& -#ifdef _ATFILE_SOURCE - printf("_ATFILE_SOURCE defined\en"); -#endif -\& -#ifdef _GNU_SOURCE - printf("_GNU_SOURCE defined\en"); -#endif -\& -#ifdef _REENTRANT - printf("_REENTRANT defined\en"); -#endif -\& -#ifdef _THREAD_SAFE - printf("_THREAD_SAFE defined\en"); -#endif -\& -#ifdef _FORTIFY_SOURCE - printf("_FORTIFY_SOURCE defined\en"); -#endif -\& - exit(EXIT_SUCCESS); -} -.EE -.SH SEE ALSO -.BR libc (7), -.BR standards (7), -.BR system_data_types (7) -.P -The section "Feature Test Macros" under -.IR "info libc" . -.\" But beware: the info libc document is out of date (Jul 07, mtk) -.P -.I /usr/include/features.h diff --git a/man7/fifo.7 b/man7/fifo.7 deleted file mode 100644 index 6241a43..0000000 --- a/man7/fifo.7 +++ /dev/null @@ -1,70 +0,0 @@ -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Claus Fischer. -.\" -.\" 990620 - page created - aeb@cwi.nl -.\" -.TH fifo 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -fifo \- first-in first-out special file, named pipe -.SH DESCRIPTION -A FIFO special file (a named pipe) is similar to a pipe, -except that it is accessed as part of the filesystem. -It can be opened by multiple processes for reading or -writing. -When processes are exchanging data via the FIFO, -the kernel passes all data internally without writing it -to the filesystem. -Thus, the FIFO special file has no -contents on the filesystem; the filesystem entry merely -serves as a reference point so that processes can access -the pipe using a name in the filesystem. -.P -The kernel maintains exactly one pipe object for each -FIFO special file that is opened by at least one process. -The FIFO must be opened on both ends (reading and writing) -before data can be passed. -Normally, opening the FIFO blocks -until the other end is opened also. -.P -A process can open a FIFO in nonblocking mode. -In this -case, opening for read-only succeeds even if no one has -opened on the write side yet and opening for write-only -fails with -.B ENXIO -(no such device or address) unless the other -end has already been opened. -.P -Under Linux, opening a FIFO for read and write will succeed -both in blocking and nonblocking mode. -POSIX leaves this -behavior undefined. -This can be used to open a FIFO for -writing while there are no readers available. -A process -that uses both ends of the connection in order to communicate -with itself should be very careful to avoid deadlocks. -.SH NOTES -For details of the semantics of I/O on FIFOs, see -.BR pipe (7). -.P -When a process tries to write to a FIFO that is not opened -for read on the other side, the process is sent a -.B SIGPIPE -signal. -.P -FIFO special files can be created by -.BR mkfifo (3), -and are indicated by -.I ls\~\-l -with the file type \[aq]p\[aq]. -.SH SEE ALSO -.BR mkfifo (1), -.BR open (2), -.BR pipe (2), -.BR sigaction (2), -.BR signal (2), -.BR socketpair (2), -.BR mkfifo (3), -.BR pipe (7) diff --git a/man7/futex.7 b/man7/futex.7 deleted file mode 100644 index 52af91f..0000000 --- a/man7/futex.7 +++ /dev/null @@ -1,121 +0,0 @@ -.\" This manpage has been automatically generated by docbook2man -.\" from a DocBook document. This tool can be found at: -.\" -.\" Please send any bug reports, improvements, comments, patches, -.\" etc. to Steve Cheng . -.\" -.\" SPDX-License-Identifier: MIT -.\" -.TH futex 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -futex \- fast user-space locking -.SH SYNOPSIS -.nf -.B #include -.fi -.SH DESCRIPTION -The Linux kernel provides futexes ("Fast user-space mutexes") -as a building block for fast user-space -locking and semaphores. -Futexes are very basic and lend themselves well for building higher-level -locking abstractions such as -mutexes, condition variables, read-write locks, barriers, and semaphores. -.P -Most programmers will in fact not be using futexes directly but will -instead rely on system libraries built on them, -such as the Native POSIX Thread Library (NPTL) (see -.BR pthreads (7)). -.P -A futex is identified by a piece of memory which can be -shared between processes or threads. -In these different processes, the futex need not have identical addresses. -In its bare form, a futex has semaphore semantics; -it is a counter that can be incremented and decremented atomically; -processes can wait for the value to become positive. -.P -Futex operation occurs entirely in user space for the noncontended case. -The kernel is involved only to arbitrate the contended case. -As any sane design will strive for noncontention, -futexes are also optimized for this situation. -.P -In its bare form, a futex is an aligned integer which is -touched only by atomic assembler instructions. -This integer is four bytes long on all platforms. -Processes can share this integer using -.BR mmap (2), -via shared memory segments, or because they share memory space, -in which case the application is commonly called multithreaded. -.SS Semantics -Any futex operation starts in user space, -but it may be necessary to communicate with the kernel using the -.BR futex (2) -system call. -.P -To "up" a futex, execute the proper assembler instructions that -will cause the host CPU to atomically increment the integer. -Afterward, check if it has in fact changed from 0 to 1, in which case -there were no waiters and the operation is done. -This is the noncontended case which is fast and should be common. -.P -In the contended case, the atomic increment changed the counter -from \-1 (or some other negative number). -If this is detected, there are waiters. -User space should now set the counter to 1 and instruct the -kernel to wake up any waiters using the -.B FUTEX_WAKE -operation. -.P -Waiting on a futex, to "down" it, is the reverse operation. -Atomically decrement the counter and check if it changed to 0, -in which case the operation is done and the futex was uncontended. -In all other circumstances, the process should set the counter to \-1 -and request that the kernel wait for another process to up the futex. -This is done using the -.B FUTEX_WAIT -operation. -.P -The -.BR futex (2) -system call can optionally be passed a timeout specifying how long -the kernel should -wait for the futex to be upped. -In this case, semantics are more complex and the programmer is referred -to -.BR futex (2) -for -more details. -The same holds for asynchronous futex waiting. -.SH VERSIONS -Initial futex support was merged in Linux 2.5.7 -but with different semantics from those described above. -Current semantics are available from Linux 2.5.40 onward. -.SH NOTES -To reiterate, bare futexes are not intended as an easy-to-use -abstraction for end users. -Implementors are expected to be assembly literate and to have read -the sources of the futex user-space library referenced -below. -.P -This man page illustrates the most common use of the -.BR futex (2) -primitives; it is by no means the only one. -.\" .SH AUTHORS -.\" .P -.\" Futexes were designed and worked on by Hubertus Franke -.\" (IBM Thomas J. Watson Research Center), -.\" Matthew Kirkwood, Ingo Molnar (Red Hat) and -.\" Rusty Russell (IBM Linux Technology Center). -.\" This page written by bert hubert. -.SH SEE ALSO -.BR clone (2), -.BR futex (2), -.BR get_robust_list (2), -.BR set_robust_list (2), -.BR set_tid_address (2), -.BR pthreads (7) -.P -.I Fuss, Futexes and Furwocks: Fast Userlevel Locking in Linux -(proceedings of the Ottawa Linux Symposium 2002), -futex example library, futex-*.tar.bz2 -.UR https://mirrors.kernel.org\:/pub\:/linux\:/kernel\:/people\:/rusty/ -.UE . diff --git a/man7/glibc.7 b/man7/glibc.7 deleted file mode 100644 index 0d1ed26..0000000 --- a/man7/glibc.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/libc.7 diff --git a/man7/glob.7 b/man7/glob.7 deleted file mode 100644 index 0130c80..0000000 --- a/man7/glob.7 +++ /dev/null @@ -1,205 +0,0 @@ -.\" Copyright (c) 1998 Andries Brouwer -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" 2003-08-24 fix for / by John Kristoff + joey -.\" -.TH glob 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -glob \- globbing pathnames -.SH DESCRIPTION -Long ago, in UNIX\ V6, there was a program -.I /etc/glob -that would expand wildcard patterns. -Soon afterward this became a shell built-in. -.P -These days there is also a library routine -.BR glob (3) -that will perform this function for a user program. -.P -The rules are as follows (POSIX.2, 3.13). -.SS Wildcard matching -A string is a wildcard pattern if it contains one of the -characters \[aq]?\[aq], \[aq]*\[aq], or \[aq][\[aq]. -Globbing is the operation -that expands a wildcard pattern into the list of pathnames -matching the pattern. -Matching is defined by: -.P -A \[aq]?\[aq] (not between brackets) matches any single character. -.P -A \[aq]*\[aq] (not between brackets) matches any string, -including the empty string. -.P -.B "Character classes" -.P -An expression "\fI[...]\fP" where the first character after the -leading \[aq][\[aq] is not an \[aq]!\[aq] matches a single character, -namely any of the characters enclosed by the brackets. -The string enclosed by the brackets cannot be empty; -therefore \[aq]]\[aq] can be allowed between the brackets, provided -that it is the first character. -(Thus, "\fI[][!]\fP" matches the -three characters \[aq][\[aq], \[aq]]\[aq], and \[aq]!\[aq].) -.P -.B Ranges -.P -There is one special convention: -two characters separated by \[aq]\-\[aq] denote a range. -(Thus, -"\fI[A\-Fa\-f0\-9]\fP" is equivalent to "\fI[ABCDEFabcdef0123456789]\fP".) -One may include \[aq]\-\[aq] in its literal meaning -by making it the first or last character between the brackets. -(Thus, -"\fI[]\-]\fP" matches just the two characters \[aq]]\[aq] and \[aq]\-\[aq], -and "\fI[\-\-0]\fP" matches the -three characters \[aq]\-\[aq], \[aq].\[aq], and \[aq]0\[aq], -since \[aq]/\[aq] cannot be matched.) -.P -.B Complementation -.P -An expression "\fI[!...]\fP" matches a single character, namely -any character that is not matched by the expression obtained -by removing the first \[aq]!\[aq] from it. -(Thus, "\fI[!]a\-]\fP" matches any -single character except \[aq]]\[aq], \[aq]a\[aq], and \[aq]\-\[aq].) -.P -One can remove the special meaning of \[aq]?\[aq], \[aq]*\[aq], and \[aq][\[aq] -by preceding them by a backslash, -or, -in case this is part of a shell command line, -enclosing them in quotes. -Between brackets these characters stand for themselves. -Thus, "\fI[[?*\e]\fP" matches the -four characters \[aq][\[aq], \[aq]?\[aq], \[aq]*\[aq], and \[aq]\e\[aq]. -.SS Pathnames -Globbing is applied on each of the components of a pathname -separately. -A \[aq]/\[aq] in a pathname cannot be matched by a \[aq]?\[aq] or \[aq]*\[aq] -wildcard, or by a range like "\fI[.\-0]\fP". -A range containing an explicit \[aq]/\[aq] character is syntactically incorrect. -(POSIX requires that syntactically incorrect patterns are left unchanged.) -.P -If a filename starts with a \[aq].\[aq], -this character must be matched explicitly. -(Thus, \fIrm\ *\fP will not remove .profile, and \fItar\ c\ *\fP will not -archive all your files; \fItar\ c\ .\fP is better.) -.SS Empty lists -The nice and simple rule given above: "expand a wildcard pattern -into the list of matching pathnames" was the original UNIX -definition. -It allowed one to have patterns that expand into -an empty list, as in -.P -.nf - xv \-wait 0 *.gif *.jpg -.fi -.P -where perhaps no *.gif files are present (and this is not -an error). -However, POSIX requires that a wildcard pattern is left -unchanged when it is syntactically incorrect, or the list of -matching pathnames is empty. -With -.I bash -one can force the classical behavior using this command: -.P -.in +4n -.EX -shopt \-s nullglob -.EE -.in -.\" In Bash v1, by setting allow_null_glob_expansion=true -.P -(Similar problems occur elsewhere. -For example, where old scripts have -.P -.in +4n -.EX -rm \`find . \-name "*\[ti]"\` -.EE -.in -.P -new scripts require -.P -.in +4n -.EX -rm \-f nosuchfile \`find . \-name "*\[ti]"\` -.EE -.in -.P -to avoid error messages from -.I rm -called with an empty argument list.) -.SH NOTES -.SS Regular expressions -Note that wildcard patterns are not regular expressions, -although they are a bit similar. -First of all, they match -filenames, rather than text, and secondly, the conventions -are not the same: for example, in a regular expression \[aq]*\[aq] means zero or -more copies of the preceding thing. -.P -Now that regular expressions have bracket expressions where -the negation is indicated by a \[aq]\[ha]\[aq], POSIX has declared the -effect of a wildcard pattern "\fI[\[ha]...]\fP" to be undefined. -.SS Character classes and internationalization -Of course ranges were originally meant to be ASCII ranges, -so that "\fI[\ \-%]\fP" stands for "\fI[\ !"#$%]\fP" and "\fI[a\-z]\fP" stands -for "any lowercase letter". -Some UNIX implementations generalized this so that a range X\-Y -stands for the set of characters with code between the codes for -X and for Y. -However, this requires the user to know the -character coding in use on the local system, and moreover, is -not convenient if the collating sequence for the local alphabet -differs from the ordering of the character codes. -Therefore, POSIX extended the bracket notation greatly, -both for wildcard patterns and for regular expressions. -In the above we saw three types of items that can occur in a bracket -expression: namely (i) the negation, (ii) explicit single characters, -and (iii) ranges. -POSIX specifies ranges in an internationally -more useful way and adds three more types: -.P -(iii) Ranges X\-Y comprise all characters that fall between X -and Y (inclusive) in the current collating sequence as defined -by the -.B LC_COLLATE -category in the current locale. -.P -(iv) Named character classes, like -.P -.nf -[:alnum:] [:alpha:] [:blank:] [:cntrl:] -[:digit:] [:graph:] [:lower:] [:print:] -[:punct:] [:space:] [:upper:] [:xdigit:] -.fi -.P -so that one can say "\fI[[:lower:]]\fP" instead of "\fI[a\-z]\fP", and have -things work in Denmark, too, where there are three letters past \[aq]z\[aq] -in the alphabet. -These character classes are defined by the -.B LC_CTYPE -category -in the current locale. -.P -(v) Collating symbols, like "\fI[.ch.]\fP" or "\fI[.a-acute.]\fP", -where the string between "\fI[.\fP" and "\fI.]\fP" is a collating -element defined for the current locale. -Note that this may -be a multicharacter element. -.P -(vi) Equivalence class expressions, like "\fI[=a=]\fP", -where the string between "\fI[=\fP" and "\fI=]\fP" is any collating -element from its equivalence class, as defined for the -current locale. -For example, "\fI[[=a=]]\fP" might be equivalent -to "\fI[a\('a\(`a\(:a\(^a]\fP", that is, -to "\fI[a[.a-acute.][.a-grave.][.a-umlaut.][.a-circumflex.]]\fP". -.SH SEE ALSO -.BR sh (1), -.BR fnmatch (3), -.BR glob (3), -.BR locale (7), -.BR regex (7) diff --git a/man7/hier.7 b/man7/hier.7 deleted file mode 100644 index 497e0f5..0000000 --- a/man7/hier.7 +++ /dev/null @@ -1,654 +0,0 @@ -.\" Copyright (c) 1993 by Thomas Koenig (ig25@rz.uni-karlsruhe.de) -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" Modified Sun Jul 25 11:05:58 1993 by Rik Faith (faith@cs.unc.edu) -.\" Modified Sat Feb 10 16:18:03 1996 by Urs Thuermann (urs@isnogud.escape.de) -.\" Modified Mon Jun 16 20:02:00 1997 by Nicolás Lichtmaier -.\" Modified Mon Feb 6 16:41:00 1999 by Nicolás Lichtmaier -.\" Modified Tue Feb 8 16:46:45 2000 by Chris Pepper -.\" Modified Fri Sep 7 20:32:45 2001 by Tammy Fox -.TH hier 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -hier \- description of the filesystem hierarchy -.SH DESCRIPTION -A typical Linux system has, among others, the following directories: -.TP -.I / -This is the root directory. -This is where the whole tree starts. -.TP -.I /bin -This directory contains executable programs which are needed in -single user mode and to bring the system up or repair it. -.TP -.I /boot -Contains static files for the boot loader. -This directory holds only -the files which are needed during the boot process. -The map installer -and configuration files should go to -.I /sbin -and -.IR /etc . -The operating system kernel (initrd for example) must be located in either -.I / -or -.IR /boot . -.TP -.I /dev -Special or device files, which refer to physical devices. -See -.BR mknod (1). -.TP -.I /etc -Contains configuration files which are local to the machine. -Some -larger software packages, like X11, can have their own subdirectories -below -.IR /etc . -Site-wide configuration files may be placed here or in -.IR /usr/etc . -Nevertheless, programs should always look for these files in -.I /etc -and you may have links for these files to -.IR /usr/etc . -.TP -.I /etc/opt -Host-specific configuration files for add-on applications installed -in -.IR /opt . -.TP -.I /etc/sgml -This directory contains the configuration files for SGML (optional). -.TP -.I /etc/skel -When a new user account is created, files from this directory are -usually copied into the user's home directory. -.TP -.I /etc/X11 -Configuration files for the X11 window system (optional). -.TP -.I /etc/xml -This directory contains the configuration files for XML (optional). -.TP -.I /home -On machines with home directories for users, these are usually beneath -this directory, directly or not. -The structure of this directory -depends on local administration decisions (optional). -.TP -.I /lib -This directory should hold those shared libraries that are necessary -to boot the system and to run the commands in the root filesystem. -.TP -.I /lib -These directories are variants of -.I /lib -on system which support more than one binary format requiring separate -libraries (optional). -.TP -.I /lib/modules -Loadable kernel modules (optional). -.TP -.I /lost+found -This directory contains items lost in the filesystem. -These items are usually chunks of files mangled as a consequence of -a faulty disk or a system crash. -.TP -.I /media -This directory contains mount points for removable media such as CD -and DVD disks or USB sticks. -On systems where more than one device exists -for mounting a certain type of media, -mount directories can be created by appending a digit -to the name of those available above starting with '0', -but the unqualified name must also exist. -.TP -.I /media/floppy[1\-9] -Floppy drive (optional). -.TP -.I /media/cdrom[1\-9] -CD-ROM drive (optional). -.TP -.I /media/cdrecorder[1\-9] -CD writer (optional). -.TP -.I /media/zip[1\-9] -Zip drive (optional). -.TP -.I /media/usb[1\-9] -USB drive (optional). -.TP -.I /mnt -This directory is a mount point for a temporarily mounted filesystem. -In some distributions, -.I /mnt -contains subdirectories intended to be used as mount points for several -temporary filesystems. -.TP -.I /opt -This directory should contain add-on packages that contain static files. -.TP -.I /proc -This is a mount point for the -.I proc -filesystem, which provides information about running processes and -the kernel. -This pseudo-filesystem is described in more detail in -.BR proc (5). -.TP -.I /root -This directory is usually the home directory for the root user (optional). -.TP -.I /run -This directory contains information which -describes the system since it was booted. -Once this purpose was served by -.I /var/run -and programs may continue to use it. -.TP -.I /sbin -Like -.IR /bin , -this directory holds commands needed to boot the system, but which are -usually not executed by normal users. -.TP -.I /srv -This directory contains site-specific data that is served by this system. -.TP -.I /sys -This is a mount point for the sysfs filesystem, which provides information -about the kernel like -.IR /proc , -but better structured, following the formalism of kobject infrastructure. -.TP -.I /tmp -This directory contains temporary files which may be deleted with no -notice, such as by a regular job or at system boot up. -.TP -.I /usr -This directory is usually mounted from a separate partition. -It should hold only shareable, read-only data, so that it can be mounted -by various machines running Linux. -.TP -.I /usr/X11R6 -The X\-Window system, version 11 release 6 (present in FHS 2.3, removed -in FHS 3.0). -.TP -.I /usr/X11R6/bin -Binaries which belong to the X\-Window system; often, there is a -symbolic link from the more traditional -.I /usr/bin/X11 -to here. -.TP -.I /usr/X11R6/lib -Data files associated with the X\-Window system. -.TP -.I /usr/X11R6/lib/X11 -These contain miscellaneous files needed to run X; Often, there is a -symbolic link from -.I /usr/lib/X11 -to this directory. -.TP -.I /usr/X11R6/include/X11 -Contains include files needed for compiling programs using the X11 -window system. -Often, there is a symbolic link from -.I /usr/include/X11 -to this directory. -.TP -.I /usr/bin -This is the primary directory for executable programs. -Most programs -executed by normal users which are not needed for booting or for -repairing the system and which are not installed locally should be -placed in this directory. -.TP -.I /usr/bin/mh -Commands for the MH mail handling system (optional). -.TP -.I /usr/bin/X11 -This is the traditional place to look for X11 executables; on Linux, it -usually is a symbolic link to -.IR /usr/X11R6/bin . -.TP -.I /usr/dict -Replaced by -.IR /usr/share/dict . -.TP -.I /usr/doc -Replaced by -.IR /usr/share/doc . -.TP -.I /usr/etc -Site-wide configuration files to be shared between several machines -may be stored in this directory. -However, commands should always -reference those files using the -.I /etc -directory. -Links from files in -.I /etc -should point to the appropriate files in -.IR /usr/etc . -.TP -.I /usr/games -Binaries for games and educational programs (optional). -.TP -.I /usr/include -Include files for the C compiler. -.TP -.I /usr/include/bsd -BSD compatibility include files (optional). -.TP -.I /usr/include/X11 -Include files for the C compiler and the X\-Window system. -This is -usually a symbolic link to -.IR /usr/X11R6/include/X11 . -.TP -.I /usr/include/asm -Include files which declare some assembler functions. -This used to be a -symbolic link to -.IR /usr/src/linux/include/asm . -.TP -.I /usr/include/linux -This contains information which may change from system release to -system release and used to be a symbolic link to -.I /usr/src/linux/include/linux -to get at operating-system-specific information. -.IP -(Note that one should have include files there that work correctly with -the current libc and in user space. -However, Linux kernel source is not -designed to be used with user programs and does not know anything -about the libc you are using. -It is very likely that things will break -if you let -.I /usr/include/asm -and -.I /usr/include/linux -point at a random kernel tree. -Debian systems don't do this -and use headers from a known good kernel -version, provided in the libc*\-dev package.) -.TP -.I /usr/include/g++ -Include files to use with the GNU C++ compiler. -.TP -.I /usr/lib -Object libraries, including dynamic libraries, plus some executables -which usually are not invoked directly. -More complicated programs may -have whole subdirectories there. -.TP -.I /usr/libexec -Directory contains binaries for internal use only and they are not meant -to be executed directly by users shell or scripts. -.TP -.I /usr/lib -These directories are variants of -.I /usr/lib -on system which support more than one binary format requiring separate -libraries, except that the symbolic link -.IR /usr/lib qual /X11 -is not required (optional). -.TP -.I /usr/lib/X11 -The usual place for data files associated with X programs, and -configuration files for the X system itself. -On Linux, it usually is -a symbolic link to -.IR /usr/X11R6/lib/X11 . -.TP -.I /usr/lib/gcc\-lib -contains executables and include files for the GNU C compiler, -.BR gcc (1). -.TP -.I /usr/lib/groff -Files for the GNU groff document formatting system. -.TP -.I /usr/lib/uucp -Files for -.BR uucp (1). -.TP -.I /usr/local -This is where programs which are local to the site typically go. -.TP -.I /usr/local/bin -Binaries for programs local to the site. -.TP -.I /usr/local/doc -Local documentation. -.TP -.I /usr/local/etc -Configuration files associated with locally installed programs. -.TP -.I /usr/local/games -Binaries for locally installed games. -.TP -.I /usr/local/lib -Files associated with locally installed programs. -.TP -.I /usr/local/lib -These directories are variants of -.I /usr/local/lib -on system which support more than one binary format requiring separate -libraries (optional). -.TP -.I /usr/local/include -Header files for the local C compiler. -.TP -.I /usr/local/info -Info pages associated with locally installed programs. -.TP -.I /usr/local/man -Man pages associated with locally installed programs. -.TP -.I /usr/local/sbin -Locally installed programs for system administration. -.TP -.I /usr/local/share -Local application data that can be shared among different architectures -of the same OS. -.TP -.I /usr/local/src -Source code for locally installed software. -.TP -.I /usr/man -Replaced by -.IR /usr/share/man . -.TP -.I /usr/sbin -This directory contains program binaries for system administration -which are not essential for the boot process, for mounting -.IR /usr , -or for system repair. -.TP -.I /usr/share -This directory contains subdirectories with specific application data, that -can be shared among different architectures of the same OS. -Often one finds stuff here that used to live in -.I /usr/doc -or -.I /usr/lib -or -.IR /usr/man . -.TP -.I /usr/share/color -Contains color management information, like International Color Consortium (ICC) -Color profiles (optional). -.TP -.I /usr/share/dict -Contains the word lists used by spell checkers (optional). -.TP -.I /usr/share/dict/words -List of English words (optional). -.TP -.I /usr/share/doc -Documentation about installed programs (optional). -.TP -.I /usr/share/games -Static data files for games in -.I /usr/games -(optional). -.TP -.I /usr/share/info -Info pages go here (optional). -.TP -.I /usr/share/locale -Locale information goes here (optional). -.TP -.I /usr/share/man -Manual pages go here in subdirectories according to the man page sections. -.TP -.IR /usr/share/man/ locale /man[1\-9] -These directories contain manual pages for the -specific locale in source code form. -Systems which use a unique language and code set for all manual pages -may omit the substring. -.TP -.I /usr/share/misc -Miscellaneous data that can be shared among different architectures of the -same OS. -.TP -.I /usr/share/nls -The message catalogs for native language support go here (optional). -.TP -.I /usr/share/ppd -Postscript Printer Definition (PPD) files (optional). -.TP -.I /usr/share/sgml -Files for SGML (optional). -.TP -.I /usr/share/sgml/docbook -DocBook DTD (optional). -.TP -.I /usr/share/sgml/tei -TEI DTD (optional). -.TP -.I /usr/share/sgml/html -HTML DTD (optional). -.TP -.I /usr/share/sgml/mathml -MathML DTD (optional). -.TP -.I /usr/share/terminfo -The database for terminfo (optional). -.TP -.I /usr/share/tmac -Troff macros that are not distributed with groff (optional). -.TP -.I /usr/share/xml -Files for XML (optional). -.TP -.I /usr/share/xml/docbook -DocBook DTD (optional). -.TP -.I /usr/share/xml/xhtml -XHTML DTD (optional). -.TP -.I /usr/share/xml/mathml -MathML DTD (optional). -.TP -.I /usr/share/zoneinfo -Files for timezone information (optional). -.TP -.I /usr/src -Source files for different parts of the system, included with some packages -for reference purposes. -Don't work here with your own projects, as files -below /usr should be read-only except when installing software (optional). -.TP -.I /usr/src/linux -This was the traditional place for the kernel source. -Some distributions put here the source for the default kernel they ship. -You should probably use another directory when building your own kernel. -.TP -.I /usr/tmp -Obsolete. -This should be a link -to -.IR /var/tmp . -This link is present only for compatibility reasons and shouldn't be used. -.TP -.I /var -This directory contains files which may change in size, such as spool -and log files. -.TP -.I /var/account -Process accounting logs (optional). -.TP -.I /var/adm -This directory is superseded by -.I /var/log -and should be a symbolic link to -.IR /var/log . -.TP -.I /var/backups -Reserved for historical reasons. -.TP -.I /var/cache -Data cached for programs. -.TP -.I /var/cache/fonts -Locally generated fonts (optional). -.TP -.I /var/cache/man -Locally formatted man pages (optional). -.TP -.I /var/cache/www -WWW proxy or cache data (optional). -.TP -.I /var/cache/ -Package specific cache data (optional). -.TP -.IR /var/catman/cat[1\-9] " or " /var/cache/man/cat[1\-9] -These directories contain preformatted manual pages according to their -man page section. -(The use of preformatted manual pages is deprecated.) -.TP -.I /var/crash -System crash dumps (optional). -.TP -.I /var/cron -Reserved for historical reasons. -.TP -.I /var/games -Variable game data (optional). -.TP -.I /var/lib -Variable state information for programs. -.TP -.I /var/lib/color -Variable files containing color management information (optional). -.TP -.I /var/lib/hwclock -State directory for hwclock (optional). -.TP -.I /var/lib/misc -Miscellaneous state data. -.TP -.I /var/lib/xdm -X display manager variable data (optional). -.TP -.I /var/lib/ -Editor backup files and state (optional). -.TP -.I /var/lib/ -These directories must be used for all distribution packaging support. -.TP -.I /var/lib/ -State data for packages and subsystems (optional). -.TP -.I /var/lib/ -Packaging support files (optional). -.TP -.I /var/local -Variable data for -.IR /usr/local . -.TP -.I /var/lock -Lock files are placed in this directory. -The naming convention for -device lock files is -.I LCK.. -where -.I -is the device's name in the filesystem. -The format used is that of HDU UUCP lock files, that is, lock files -contain a PID as a 10-byte ASCII decimal number, followed by a newline -character. -.TP -.I /var/log -Miscellaneous log files. -.TP -.I /var/opt -Variable data for -.IR /opt . -.TP -.I /var/mail -Users' mailboxes. -Replaces -.IR /var/spool/mail . -.TP -.I /var/msgs -Reserved for historical reasons. -.TP -.I /var/preserve -Reserved for historical reasons. -.TP -.I /var/run -Run-time variable files, like files holding process identifiers (PIDs) -and logged user information -.IR (utmp) . -Files in this directory are usually cleared when the system boots. -.TP -.I /var/spool -Spooled (or queued) files for various programs. -.TP -.I /var/spool/at -Spooled jobs for -.BR at (1). -.TP -.I /var/spool/cron -Spooled jobs for -.BR cron (8). -.TP -.I /var/spool/lpd -Spooled files for printing (optional). -.TP -.I /var/spool/lpd/printer -Spools for a specific printer (optional). -.TP -.I /var/spool/mail -Replaced by -.IR /var/mail . -.TP -.I /var/spool/mqueue -Queued outgoing mail (optional). -.TP -.I /var/spool/news -Spool directory for news (optional). -.TP -.I /var/spool/rwho -Spooled files for -.BR rwhod (8) -(optional). -.TP -.I /var/spool/smail -Spooled files for the -.BR smail (1) -mail delivery program. -.TP -.I /var/spool/uucp -Spooled files for -.BR uucp (1) -(optional). -.TP -.I /var/tmp -Like -.IR /tmp , -this directory holds temporary files stored for an unspecified duration. -.TP -.I /var/yp -Database files for NIS, -formerly known as the Sun Yellow Pages (YP). -.SH STANDARDS -.UR https://refspecs.linuxfoundation.org/fhs.shtml -The Filesystem Hierarchy Standard (FHS), Version 3.0 -.UE , -published March 19, 2015 -.SH BUGS -This list is not exhaustive; -different distributions and systems may be configured differently. -.SH SEE ALSO -.BR find (1), -.BR ln (1), -.BR proc (5), -.BR file\-hierarchy (7), -.BR mount (8) -.P -The Filesystem Hierarchy Standard diff --git a/man7/hostname.7 b/man7/hostname.7 deleted file mode 100644 index 58d00d1..0000000 --- a/man7/hostname.7 +++ /dev/null @@ -1,97 +0,0 @@ -.\" Copyright (c) 1987, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" SPDX-License-Identifier: BSD-4-Clause-UC -.\" -.\" @(#)hostname.7 8.2 (Berkeley) 12/30/93 -.\" $FreeBSD: src/share/man/man7/hostname.7,v 1.7 2004/07/03 18:29:23 ru Exp $ -.\" -.\" 2008-06-11, mtk, Taken from FreeBSD 6.2 and modified for Linux. -.\" -.TH hostname 7 2023-11-11 "Linux man-pages 6.7" -.SH NAME -hostname \- hostname resolution description -.SH DESCRIPTION -Hostnames are domains, where a domain is a hierarchical, dot-separated -list of subdomains; for example, the machine "monet", in the "example" -subdomain of the "com" domain would be represented as "monet.example.com". -.P -Each element of the hostname must be from 1 to 63 characters long and the -entire hostname, including the dots, can be at most 253 characters long. -Valid characters for hostnames are -.BR ASCII (7) -letters from -.I a -to -.IR z , -the digits from -.I 0 -to -.IR 9 , -and the hyphen (\-). -A hostname may not start with a hyphen. -.P -Hostnames are often used with network client and server programs, -which must generally translate the name to an address for use. -(This task is generally performed by either -.BR getaddrinfo (3) -or the obsolete -.BR gethostbyname (3).) -.P -Hostnames are resolved by the NSS framework in glibc according -to the -.B hosts -configuration in -.BR nsswitch.conf (5). -The DNS-based name resolver -(in the -.B dns -NSS service module) resolves them in the following fashion. -.P -If the name consists of a single component, that is, contains no dot, -and if the environment variable -.B HOSTALIASES -is set to the name of a file, -that file is searched for any string matching the input hostname. -The file should consist of lines made up of two white-space separated strings, -the first of which is the hostname alias, -and the second of which is the complete hostname -to be substituted for that alias. -If a case-insensitive match is found between the hostname to be resolved -and the first field of a line in the file, the substituted name is looked -up with no further processing. -.P -If the input name ends with a trailing dot, -the trailing dot is removed, -and the remaining name is looked up with no further processing. -.P -If the input name does not end with a trailing dot, it is looked up -by searching through a list of domains until a match is found. -The default search list includes first the local domain, -then its parent domains with at least 2 name components (longest first). -For example, -in the domain cs.example.com, the name lithium.cchem will be checked first -as lithium.cchem.cs.example and then as lithium.cchem.example.com. -lithium.cchem.com will not be tried, as there is only one component -remaining from the local domain. -The search path can be changed from the default -by a system-wide configuration file (see -.BR resolver (5)). -.SH SEE ALSO -.BR getaddrinfo (3), -.BR gethostbyname (3), -.BR nsswitch.conf (5), -.BR resolver (5), -.BR mailaddr (7), -.BR named (8) -.P -.UR http://www.ietf.org\:/rfc\:/rfc1123.txt -IETF RFC\ 1123 -.UE -.P -.UR http://www.ietf.org\:/rfc\:/rfc1178.txt -IETF RFC\ 1178 -.UE -.\" .SH HISTORY -.\" Hostname appeared in -.\" 4.2BSD. diff --git a/man7/icmp.7 b/man7/icmp.7 deleted file mode 100644 index 3969fe2..0000000 --- a/man7/icmp.7 +++ /dev/null @@ -1,196 +0,0 @@ -'\" t -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" -.\" $Id: icmp.7,v 1.6 2000/08/14 08:03:45 ak Exp $ -.\" -.TH icmp 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -icmp \- Linux IPv4 ICMP kernel module. -.SH DESCRIPTION -This kernel protocol module implements the Internet Control -Message Protocol defined in RFC\ 792. -It is used to signal error conditions and for diagnosis. -The user doesn't interact directly with this module; -instead it communicates with the other protocols in the kernel -and these pass the ICMP errors to the application layers. -The kernel ICMP module also answers ICMP requests. -.P -A user protocol may receive ICMP packets for all local sockets by opening -a raw socket with the protocol -.BR IPPROTO_ICMP . -See -.BR raw (7) -for more information. -The types of ICMP packets passed to the socket can be filtered using the -.B ICMP_FILTER -socket option. -ICMP packets are always processed by the kernel too, even -when passed to a user socket. -.P -Linux limits the rate of ICMP error packets to each destination. -.B ICMP_REDIRECT -and -.B ICMP_DEST_UNREACH -are also limited by the destination route of the incoming packets. -.SS /proc interfaces -ICMP supports a set of -.I /proc -interfaces to configure some global IP parameters. -The parameters can be accessed by reading or writing files in the directory -.IR /proc/sys/net/ipv4/ . -Most of these parameters are rate limitations for specific ICMP types. -Linux 2.2 uses a token bucket filter to limit ICMPs. -.\" FIXME . better description needed -The value is the timeout in jiffies until the token bucket filter is -cleared after a burst. -A jiffy is a system dependent unit, usually 10ms on i386 and -about 1ms on alpha and ia64. -.TP -.IR icmp_destunreach_rate " (Linux 2.2 to Linux 2.4.9)" -.\" Precisely: from Linux 2.1.102 -Maximum rate to send ICMP Destination Unreachable packets. -This limits the rate at which packets are sent to any individual -route or destination. -The limit does not affect sending of -.B ICMP_FRAG_NEEDED -packets needed for path MTU discovery. -.TP -.IR icmp_echo_ignore_all " (since Linux 2.2)" -.\" Precisely: 2.1.68 -If this value is nonzero, Linux will ignore all -.B ICMP_ECHO -requests. -.TP -.IR icmp_echo_ignore_broadcasts " (since Linux 2.2)" -.\" Precisely: from Linux 2.1.68 -If this value is nonzero, Linux will ignore all -.B ICMP_ECHO -packets sent to broadcast addresses. -.TP -.IR icmp_echoreply_rate " (Linux 2.2 to Linux 2.4.9)" -.\" Precisely: from Linux 2.1.102 -Maximum rate for sending -.B ICMP_ECHOREPLY -packets in response to -.B ICMP_ECHOREQUEST -packets. -.TP -.IR icmp_errors_use_inbound_ifaddr " (Boolean; default: disabled; since Linux 2.6.12)" -.\" The following taken from Linux 2.6.28-rc4 Documentation/networking/ip-sysctl.txt -If disabled, ICMP error messages are sent with the primary address of -the exiting interface. -.IP -If enabled, the message will be sent with the primary address of -the interface that received the packet that caused the ICMP error. -This is the behavior that many network administrators will expect from -a router. -And it can make debugging complicated network layouts much easier. -.IP -Note that if no primary address exists for the interface selected, -then the primary address of the first non-loopback interface that -has one will be used regardless of this setting. -.TP -.IR icmp_ignore_bogus_error_responses " (Boolean; default: disabled; since Linux 2.2)" -.\" precisely: since Linux 2.1.32 -.\" The following taken from Linux 2.6.28-rc4 Documentation/networking/ip-sysctl.txt -Some routers violate RFC1122 by sending bogus responses to broadcast frames. -Such violations are normally logged via a kernel warning. -If this parameter is enabled, the kernel will not give such warnings, -which will avoid log file clutter. -.TP -.IR icmp_paramprob_rate " (Linux 2.2 to Linux 2.4.9)" -.\" Precisely: from Linux 2.1.102 -Maximum rate for sending -.B ICMP_PARAMETERPROB -packets. -These packets are sent when a packet arrives with an invalid IP header. -.TP -.IR icmp_ratelimit " (integer; default: 1000; since Linux 2.4.10)" -.\" The following taken from Linux 2.6.28-rc4 Documentation/networking/ip-sysctl.txt -Limit the maximum rates for sending ICMP packets whose type matches -.I icmp_ratemask -(see below) to specific targets. -0 to disable any limiting, -otherwise the minimum space between responses in milliseconds. -.TP -.IR icmp_ratemask " (integer; default: see below; since Linux 2.4.10)" -.\" The following taken from Linux 2.6.28-rc4 Documentation/networking/ip-sysctl.txt -Mask made of ICMP types for which rates are being limited. -.IP -Significant bits: IHGFEDCBA9876543210 -.br -Default mask: 0000001100000011000 (0x1818) -.IP -Bit definitions (see the Linux kernel source file -.IR include/linux/icmp.h ): -.RS 12 -.TS -l l. -0 Echo Reply -3 Destination Unreachable * -4 Source Quench * -5 Redirect -8 Echo Request -B Time Exceeded * -C Parameter Problem * -D Timestamp Request -E Timestamp Reply -F Info Request -G Info Reply -H Address Mask Request -I Address Mask Reply -.TE -.RE -.P -The bits marked with an asterisk are rate limited by default -(see the default mask above). -.TP -.IR icmp_timeexceed_rate " (Linux 2.2 to Linux 2.4.9)" -Maximum rate for sending -.B ICMP_TIME_EXCEEDED -packets. -These packets are -sent to prevent loops when a packet has crossed too many hops. -.TP -.IR ping_group_range " (two integers; default: see below; since Linux 2.6.39)" -Range of the group IDs (minimum and maximum group IDs, inclusive) -that are allowed to create ICMP Echo sockets. -The default is "1 0", which -means no group is allowed to create ICMP Echo sockets. -.SH VERSIONS -Support for the -.B ICMP_ADDRESS -request was removed in Linux 2.2. -.P -Support for -.B ICMP_SOURCE_QUENCH -was removed in Linux 2.2. -.SH NOTES -As many other implementations don't support -.B IPPROTO_ICMP -raw sockets, this feature -should not be relied on in portable programs. -.\" not really true ATM -.\" .P -.\" Linux ICMP should be compliant to RFC 1122. -.P -.B ICMP_REDIRECT -packets are not sent when Linux is not acting as a router. -They are also accepted only from the old gateway defined in the -routing table and the redirect routes are expired after some time. -.P -The 64-bit timestamp returned by -.B ICMP_TIMESTAMP -is in milliseconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC). -.P -Linux ICMP internally uses a raw socket to send ICMPs. -This raw socket may appear in -.BR netstat (8) -output with a zero inode. -.SH SEE ALSO -.BR ip (7), -.BR rdisc (8) -.P -RFC\ 792 for a description of the ICMP protocol. diff --git a/man7/inode.7 b/man7/inode.7 deleted file mode 100644 index 7054fe8..0000000 --- a/man7/inode.7 +++ /dev/null @@ -1,480 +0,0 @@ -'\" t -.\" Copyright (c) 2017 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH inode 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -inode \- file inode information -.SH DESCRIPTION -Each file has an inode containing metadata about the file. -An application can retrieve this metadata using -.BR stat (2) -(or related calls), which returns a -.I stat -structure, or -.BR statx (2), -which returns a -.I statx -structure. -.P -The following is a list of the information typically found in, -or associated with, the file inode, -with the names of the corresponding structure fields returned by -.BR stat (2) -and -.BR statx (2): -.TP -Device where inode resides -\fIstat.st_dev\fP; \fIstatx.stx_dev_minor\fP and \fIstatx.stx_dev_major\fP -.IP -Each inode (as well as the associated file) resides in a filesystem -that is hosted on a device. -That device is identified by the combination of its major ID -(which identifies the general class of device) -and minor ID (which identifies a specific instance in the general class). -.TP -Inode number -\fIstat.st_ino\fP; \fIstatx.stx_ino\fP -.IP -Each file in a filesystem has a unique inode number. -Inode numbers are guaranteed to be unique only within a filesystem -(i.e., the same inode numbers may be used by different filesystems, -which is the reason that hard links may not cross filesystem boundaries). -This field contains the file's inode number. -.TP -File type and mode -\fIstat.st_mode\fP; \fIstatx.stx_mode\fP -.IP -See the discussion of file type and mode, below. -.TP -Link count -\fIstat.st_nlink\fP; \fIstatx.stx_nlink\fP -.IP -This field contains the number of hard links to the file. -Additional links to an existing file are created using -.BR link (2). -.TP -User ID -\fIstat.st_uid\fP; \fIstatx.stx_uid\fP -.IP -This field records the user ID of the owner of the file. -For newly created files, -the file user ID is the effective user ID of the creating process. -The user ID of a file can be changed using -.BR chown (2). -.TP -Group ID -\fIstat.st_gid\fP; \fIstatx.stx_gid\fP -.IP -The inode records the ID of the group owner of the file. -For newly created files, -the file group ID is either the group ID of the parent directory or -the effective group ID of the creating process, -depending on whether or not the set-group-ID bit -is set on the parent directory (see below). -The group ID of a file can be changed using -.BR chown (2). -.TP -Device represented by this inode -\fIstat.st_rdev\fP; \fIstatx.stx_rdev_minor\fP and \fIstatx.stx_rdev_major\fP -.IP -If this file (inode) represents a device, -then the inode records the major and minor ID of that device. -.TP -File size -\fIstat.st_size\fP; \fIstatx.stx_size\fP -.IP -This field gives the size of the file (if it is a regular -file or a symbolic link) in bytes. -The size of a symbolic link is the length of the pathname -it contains, without a terminating null byte. -.TP -Preferred block size for I/O -\fIstat.st_blksize\fP; \fIstatx.stx_blksize\fP -.IP -This field gives the "preferred" blocksize for efficient filesystem I/O. -(Writing to a file in smaller chunks may cause -an inefficient read-modify-rewrite.) -.TP -Number of blocks allocated to the file -\fIstat.st_blocks\fP; \fIstatx.stx_blocks\fP -.IP -This field indicates the number of blocks allocated to the file, -512-byte units, -(This may be smaller than -.IR st_size /512 -when the file has holes.) -.IP -The POSIX.1 standard notes -.\" Rationale for sys/stat.h in POSIX.1-2008 -that the unit for the -.I st_blocks -member of the -.I stat -structure is not defined by the standard. -On many implementations it is 512 bytes; -on a few systems, a different unit is used, such as 1024. -Furthermore, the unit may differ on a per-filesystem basis. -.TP -Last access timestamp (atime) -\fIstat.st_atime\fP; \fIstatx.stx_atime\fP -.IP -This is the file's last access timestamp. -It is changed by file accesses, for example, by -.BR execve (2), -.BR mknod (2), -.BR pipe (2), -.BR utime (2), -and -.BR read (2) -(of more than zero bytes). -Other interfaces, such as -.BR mmap (2), -may or may not update the atime timestamp -.IP -Some filesystem types allow mounting in such a way that file -and/or directory accesses do not cause an update of the atime timestamp. -(See -.IR noatime , -.IR nodiratime , -and -.I relatime -in -.BR mount (8), -and related information in -.BR mount (2).) -In addition, the atime timestamp -is not updated if a file is opened with the -.B O_NOATIME -flag; see -.BR open (2). -.TP -File creation (birth) timestamp (btime) -(not returned in the \fIstat\fP structure); \fIstatx.stx_btime\fP -.IP -The file's creation timestamp. -This is set on file creation and not changed subsequently. -.IP -The btime timestamp was not historically present on UNIX systems -and is not currently supported by most Linux filesystems. -.\" FIXME Is it supported on ext4 and XFS? -.TP -Last modification timestamp (mtime) -\fIstat.st_mtime\fP; \fIstatx.stx_mtime\fP -.IP -This is the file's last modification timestamp. -It is changed by file modifications, for example, by -.BR mknod (2), -.BR truncate (2), -.BR utime (2), -and -.BR write (2) -(of more than zero bytes). -Moreover, the mtime timestamp -of a directory is changed by the creation or deletion of files -in that directory. -The mtime timestamp is -.I not -changed for changes in owner, group, hard link count, or mode. -.TP -Last status change timestamp (ctime) -\fIstat.st_ctime\fP; \fIstatx.stx_ctime\fP -.IP -This is the file's last status change timestamp. -It is changed by writing or by setting inode information -(i.e., owner, group, link count, mode, etc.). -.P -The timestamp fields report time measured with a zero point at the -.IR Epoch , -1970-01-01 00:00:00 +0000, UTC (see -.BR time (7)). -.P -Nanosecond timestamps are supported on XFS, JFS, Btrfs, and -ext4 (since Linux 2.6.23). -.\" commit ef7f38359ea8b3e9c7f2cae9a4d4935f55ca9e80 -Nanosecond timestamps are not supported in ext2, ext3, and Reiserfs. -In order to return timestamps with nanosecond precision, -the timestamp fields in the -.I stat -and -.I statx -structures are defined as structures that include a nanosecond component. -See -.BR stat (2) -and -.BR statx (2) -for details. -On filesystems that do not support subsecond timestamps, -the nanosecond fields in the -.I stat -and -.I statx -structures are returned with the value 0. -.\" -.SS The file type and mode -The -.I stat.st_mode -field (for -.BR statx (2), -the -.I statx.stx_mode -field) contains the file type and mode. -.P -POSIX refers to the -.I stat.st_mode -bits corresponding to the mask -.B S_IFMT -(see below) as the -.IR "file type" , -the 12 bits corresponding to the mask 07777 as the -.I file mode bits -and the least significant 9 bits (0777) as the -.IR "file permission bits" . -.P -The following mask values are defined for the file type: -.in +4n -.TS -lB l l. -S_IFMT 0170000 bit mask for the file type bit field - -S_IFSOCK 0140000 socket -S_IFLNK 0120000 symbolic link -S_IFREG 0100000 regular file -S_IFBLK 0060000 block device -S_IFDIR 0040000 directory -S_IFCHR 0020000 character device -S_IFIFO 0010000 FIFO -.TE -.in -.P -Thus, to test for a regular file (for example), one could write: -.P -.in +4n -.EX -stat(pathname, &sb); -if ((sb.st_mode & S_IFMT) == S_IFREG) { - /* Handle regular file */ -} -.EE -.in -.P -Because tests of the above form are common, additional -macros are defined by POSIX to allow the test of the file type in -.I st_mode -to be written more concisely: -.RS 4 -.TP 1.2i -.BR S_ISREG (m) -is it a regular file? -.TP -.BR S_ISDIR (m) -directory? -.TP -.BR S_ISCHR (m) -character device? -.TP -.BR S_ISBLK (m) -block device? -.TP -.BR S_ISFIFO (m) -FIFO (named pipe)? -.TP -.BR S_ISLNK (m) -symbolic link? (Not in POSIX.1-1996.) -.TP -.BR S_ISSOCK (m) -socket? (Not in POSIX.1-1996.) -.RE -.P -The preceding code snippet could thus be rewritten as: -.P -.in +4n -.EX -stat(pathname, &sb); -if (S_ISREG(sb.st_mode)) { - /* Handle regular file */ -} -.EE -.in -.P -The definitions of most of the above file type test macros -are provided if any of the following feature test macros is defined: -.B _BSD_SOURCE -(in glibc 2.19 and earlier), -.B _SVID_SOURCE -(in glibc 2.19 and earlier), -or -.B _DEFAULT_SOURCE -(in glibc 2.20 and later). -In addition, definitions of all of the above macros except -.B S_IFSOCK -and -.BR S_ISSOCK () -are provided if -.B _XOPEN_SOURCE -is defined. -.P -The definition of -.B S_IFSOCK -can also be exposed either by defining -.B _XOPEN_SOURCE -with a value of 500 or greater or (since glibc 2.24) by defining both -.B _XOPEN_SOURCE -and -.BR _XOPEN_SOURCE_EXTENDED . -.P -The definition of -.BR S_ISSOCK () -is exposed if any of the following feature test macros is defined: -.B _BSD_SOURCE -(in glibc 2.19 and earlier), -.B _DEFAULT_SOURCE -(in glibc 2.20 and later), -.B _XOPEN_SOURCE -with a value of 500 or greater, -.B _POSIX_C_SOURCE -with a value of 200112L or greater, or (since glibc 2.24) by defining both -.B _XOPEN_SOURCE -and -.BR _XOPEN_SOURCE_EXTENDED . -.P -The following mask values are defined for -the file mode component of the -.I st_mode -field: -.in +4n -.TS -lB l lx. -S_ISUID 04000 T{ -set-user-ID bit (see \fBexecve\fP(2)) -T} -S_ISGID 02000 T{ -set-group-ID bit (see below) -T} -S_ISVTX 01000 T{ -sticky bit (see below) -T} - -S_IRWXU 00700 T{ -owner has read, write, and execute permission -T} -S_IRUSR 00400 T{ -owner has read permission -T} -S_IWUSR 00200 T{ -owner has write permission -T} -S_IXUSR 00100 T{ -owner has execute permission -T} - -S_IRWXG 00070 T{ -group has read, write, and execute permission -T} -S_IRGRP 00040 T{ -group has read permission -T} -S_IWGRP 00020 T{ -group has write permission -T} -S_IXGRP 00010 T{ -group has execute permission -T} - -S_IRWXO 00007 T{ -others (not in group) have read, write, and execute permission -T} -S_IROTH 00004 T{ -others have read permission -T} -S_IWOTH 00002 T{ -others have write permission -T} -S_IXOTH 00001 T{ -others have execute permission -T} -.TE -.in -.P -The set-group-ID bit -.RB ( S_ISGID ) -has several special uses. -For a directory, it indicates that BSD semantics are to be used -for that directory: files created there inherit their group ID from -the directory, not from the effective group ID of the creating process, -and directories created there will also get the -.B S_ISGID -bit set. -For an executable file, the set-group-ID bit causes the effective group ID -of a process that executes the file to change as described in -.BR execve (2). -For a file that does not have the group execution bit -.RB ( S_IXGRP ) -set, -the set-group-ID bit indicates mandatory file/record locking. -.P -The sticky bit -.RB ( S_ISVTX ) -on a directory means that a file -in that directory can be renamed or deleted only by the owner -of the file, by the owner of the directory, and by a privileged -process. -.SH STANDARDS -POSIX.1-2008. -.SH HISTORY -POSIX.1-2001. -.P -POSIX.1-1990 did not describe the -.BR S_IFMT , -.BR S_IFSOCK , -.BR S_IFLNK , -.BR S_IFREG , -.BR S_IFBLK , -.BR S_IFDIR , -.BR S_IFCHR , -.BR S_IFIFO , -and -.B S_ISVTX -constants, but instead specified the use of -the macros -.BR S_ISDIR () -and so on. -.P -The -.BR S_ISLNK () -and -.BR S_ISSOCK () -macros were not in -POSIX.1-1996; -the former is from SVID 4, the latter from SUSv2. -.P -UNIX\ V7 (and later systems) had -.BR S_IREAD , -.BR S_IWRITE , -.BR S_IEXEC , -and -where POSIX -prescribes the synonyms -.BR S_IRUSR , -.BR S_IWUSR , -and -.BR S_IXUSR . -.SH NOTES -For pseudofiles that are autogenerated by the kernel, the file size -(\fIstat.st_size\fP; \fIstatx.stx_size\fP) -reported by the kernel is not accurate. -For example, the value 0 is returned for many files under the -.I /proc -directory, -while various files under -.I /sys -report a size of 4096 bytes, even though the file content is smaller. -For such files, one should simply try to read as many bytes as possible -(and append \[aq]\e0\[aq] to the returned buffer -if it is to be interpreted as a string). -.SH SEE ALSO -.BR stat (1), -.BR stat (2), -.BR statx (2), -.BR symlink (7) diff --git a/man7/inotify.7 b/man7/inotify.7 deleted file mode 100644 index 51faaaa..0000000 --- a/man7/inotify.7 +++ /dev/null @@ -1,1100 +0,0 @@ -.\" Copyright (C) 2006, 2014 Michael Kerrisk -.\" Copyright (C) 2014 Heinrich Schuchardt -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH inotify 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -inotify \- monitoring filesystem events -.SH DESCRIPTION -The -.I inotify -API provides a mechanism for monitoring filesystem events. -Inotify can be used to monitor individual files, -or to monitor directories. -When a directory is monitored, inotify will return events -for the directory itself, and for files inside the directory. -.P -The following system calls are used with this API: -.IP \[bu] 3 -.BR inotify_init (2) -creates an inotify instance and returns a file descriptor -referring to the inotify instance. -The more recent -.BR inotify_init1 (2) -is like -.BR inotify_init (2), -but has a -.I flags -argument that provides access to some extra functionality. -.IP \[bu] -.BR inotify_add_watch (2) -manipulates the "watch list" associated with an inotify instance. -Each item ("watch") in the watch list specifies the pathname of -a file or directory, -along with some set of events that the kernel should monitor for the -file referred to by that pathname. -.BR inotify_add_watch (2) -either creates a new watch item, or modifies an existing watch. -Each watch has a unique "watch descriptor", an integer -returned by -.BR inotify_add_watch (2) -when the watch is created. -.IP \[bu] -When events occur for monitored files and directories, -those events are made available to the application as structured data that -can be read from the inotify file descriptor using -.BR read (2) -(see below). -.IP \[bu] -.BR inotify_rm_watch (2) -removes an item from an inotify watch list. -.IP \[bu] -When all file descriptors referring to an inotify -instance have been closed (using -.BR close (2)), -the underlying object and its resources are -freed for reuse by the kernel; -all associated watches are automatically freed. -.P -With careful programming, -an application can use inotify to efficiently monitor and cache -the state of a set of filesystem objects. -However, robust applications should allow for the fact that bugs -in the monitoring logic or races of the kind described below -may leave the cache inconsistent with the filesystem state. -It is probably wise to do some consistency checking, -and rebuild the cache when inconsistencies are detected. -.SS Reading events from an inotify file descriptor -To determine what events have occurred, an application -.BR read (2)s -from the inotify file descriptor. -If no events have so far occurred, then, -assuming a blocking file descriptor, -.BR read (2) -will block until at least one event occurs -(unless interrupted by a signal, -in which case the call fails with the error -.BR EINTR ; -see -.BR signal (7)). -.P -Each successful -.BR read (2) -returns a buffer containing one or more of the following structures: -.P -.in +4n -.EX -struct inotify_event { - int wd; /* Watch descriptor */ -.\" FIXME . The type of the 'wd' field should probably be "int32_t". -.\" I submitted a patch to fix this. See the LKML thread -.\" "[patch] Fix type errors in inotify interfaces", 18 Nov 2008 -.\" glibc bug filed: https://www.sourceware.org/bugzilla/show_bug.cgi?id=7040 - uint32_t mask; /* Mask describing event */ - uint32_t cookie; /* Unique cookie associating related - events (for rename(2)) */ - uint32_t len; /* Size of \fIname\fP field */ - char name[]; /* Optional null\-terminated name */ -}; -.EE -.in -.P -.I wd -identifies the watch for which this event occurs. -It is one of the watch descriptors returned by a previous call to -.BR inotify_add_watch (2). -.P -.I mask -contains bits that describe the event that occurred (see below). -.P -.I cookie -is a unique integer that connects related events. -Currently, this is used only for rename events, and -allows the resulting pair of -.B IN_MOVED_FROM -and -.B IN_MOVED_TO -events to be connected by the application. -For all other event types, -.I cookie -is set to 0. -.P -The -.I name -field is present only when an event is returned -for a file inside a watched directory; -it identifies the filename within the watched directory. -This filename is null-terminated, -and may include further null bytes (\[aq]\e0\[aq]) -to align subsequent reads to a suitable address boundary. -.P -The -.I len -field counts all of the bytes in -.IR name , -including the null bytes; -the length of each -.I inotify_event -structure is thus -.IR "sizeof(struct inotify_event)+len" . -.P -The behavior when the buffer given to -.BR read (2) -is too small to return information about the next event depends -on the kernel version: before Linux 2.6.21, -.BR read (2) -returns 0; since Linux 2.6.21, -.BR read (2) -fails with the error -.BR EINVAL . -Specifying a buffer of size -.P -.in +4n -.EX -sizeof(struct inotify_event) + NAME_MAX + 1 -.EE -.in -.P -will be sufficient to read at least one event. -.SS inotify events -The -.BR inotify_add_watch (2) -.I mask -argument and the -.I mask -field of the -.I inotify_event -structure returned when -.BR read (2)ing -an inotify file descriptor are both bit masks identifying -inotify events. -The following bits can be specified in -.I mask -when calling -.BR inotify_add_watch (2) -and may be returned in the -.I mask -field returned by -.BR read (2): -.RS 4 -.TP -.BR IN_ACCESS " (+)" -File was accessed (e.g., -.BR read (2), -.BR execve (2)). -.TP -.BR IN_ATTRIB " (*)" -Metadata changed\[em]for example, permissions (e.g., -.BR chmod (2)), -timestamps (e.g., -.BR utimensat (2)), -extended attributes -.RB ( setxattr (2)), -link count (since Linux 2.6.25; e.g., -.\" FIXME . -.\" Events do not occur for link count changes on a file inside a monitored -.\" directory. This differs from other metadata changes for files inside -.\" a monitored directory. -for the target of -.BR link (2) -and for -.BR unlink (2)), -and user/group ID (e.g., -.BR chown (2)). -.TP -.BR IN_CLOSE_WRITE " (+)" -File opened for writing was closed. -.TP -.BR IN_CLOSE_NOWRITE " (*)" -File or directory not opened for writing was closed. -.TP -.BR IN_CREATE " (+)" -File/directory created in watched directory (e.g., -.BR open (2) -.BR O_CREAT , -.BR mkdir (2), -.BR link (2), -.BR symlink (2), -.BR bind (2) -on a UNIX domain socket). -.TP -.BR IN_DELETE " (+)" -File/directory deleted from watched directory. -.TP -.B IN_DELETE_SELF -Watched file/directory was itself deleted. -(This event also occurs if an object is moved to another filesystem, -since -.BR mv (1) -in effect copies the file to the other filesystem and -then deletes it from the original filesystem.) -In addition, an -.B IN_IGNORED -event will subsequently be generated for the watch descriptor. -.TP -.BR IN_MODIFY " (+)" -File was modified (e.g., -.BR write (2), -.BR truncate (2)). -.TP -.B IN_MOVE_SELF -Watched file/directory was itself moved. -.TP -.BR IN_MOVED_FROM " (+)" -Generated for the directory containing the old filename -when a file is renamed. -.TP -.BR IN_MOVED_TO " (+)" -Generated for the directory containing the new filename -when a file is renamed. -.TP -.BR IN_OPEN " (*)" -File or directory was opened. -.RE -.P -Inotify monitoring is inode-based: when monitoring a file -(but not when monitoring the directory containing a file), -an event can be generated for activity on any link to the file -(in the same or a different directory). -.P -When monitoring a directory: -.IP \[bu] 3 -the events marked above with an asterisk (*) can occur both -for the directory itself and for objects inside the directory; and -.IP \[bu] -the events marked with a plus sign (+) occur only for objects -inside the directory (not for the directory itself). -.P -.IR Note : -when monitoring a directory, -events are not generated for the files inside the directory -when the events are performed via a pathname (i.e., a link) -that lies outside the monitored directory. -.P -When events are generated for objects inside a watched directory, the -.I name -field in the returned -.I inotify_event -structure identifies the name of the file within the directory. -.P -The -.B IN_ALL_EVENTS -macro is defined as a bit mask of all of the above events. -This macro can be used as the -.I mask -argument when calling -.BR inotify_add_watch (2). -.P -Two additional convenience macros are defined: -.RS 4 -.TP -.B IN_MOVE -Equates to -.BR "IN_MOVED_FROM | IN_MOVED_TO" . -.TP -.B IN_CLOSE -Equates to -.BR "IN_CLOSE_WRITE | IN_CLOSE_NOWRITE" . -.RE -.P -The following further bits can be specified in -.I mask -when calling -.BR inotify_add_watch (2): -.RS 4 -.TP -.BR IN_DONT_FOLLOW " (since Linux 2.6.15)" -Don't dereference -.I pathname -if it is a symbolic link. -.TP -.BR IN_EXCL_UNLINK " (since Linux 2.6.36)" -.\" commit 8c1934c8d70b22ca8333b216aec6c7d09fdbd6a6 -By default, when watching events on the children of a directory, -events are generated for children even after they have been unlinked -from the directory. -This can result in large numbers of uninteresting events for -some applications (e.g., if watching -.IR /tmp , -in which many applications create temporary files whose -names are immediately unlinked). -Specifying -.B IN_EXCL_UNLINK -changes the default behavior, -so that events are not generated for children after -they have been unlinked from the watched directory. -.TP -.B IN_MASK_ADD -If a watch instance already exists for the filesystem object corresponding to -.IR pathname , -add (OR) the events in -.I mask -to the watch mask (instead of replacing the mask); -the error -.B EINVAL -results if -.B IN_MASK_CREATE -is also specified. -.TP -.B IN_ONESHOT -Monitor the filesystem object corresponding to -.I pathname -for one event, then remove from -watch list. -.TP -.BR IN_ONLYDIR " (since Linux 2.6.15)" -Watch -.I pathname -only if it is a directory; -the error -.B ENOTDIR -results if -.I pathname -is not a directory. -Using this flag provides an application with a race-free way of -ensuring that the monitored object is a directory. -.TP -.BR IN_MASK_CREATE " (since Linux 4.18)" -Watch -.I pathname -only if it does not already have a watch associated with it; -the error -.B EEXIST -results if -.I pathname -is already being watched. -.IP -Using this flag provides an application with a way of ensuring -that new watches do not modify existing ones. -This is useful because multiple paths may refer to the same inode, -and multiple calls to -.BR inotify_add_watch (2) -without this flag may clobber existing watch masks. -.RE -.P -The following bits may be set in the -.I mask -field returned by -.BR read (2): -.RS 4 -.TP -.B IN_IGNORED -Watch was removed explicitly -.RB ( inotify_rm_watch (2)) -or automatically (file was deleted, or filesystem was unmounted). -See also BUGS. -.TP -.B IN_ISDIR -Subject of this event is a directory. -.TP -.B IN_Q_OVERFLOW -Event queue overflowed -.RI ( wd -is \-1 for this event). -.TP -.B IN_UNMOUNT -Filesystem containing watched object was unmounted. -In addition, an -.B IN_IGNORED -event will subsequently be generated for the watch descriptor. -.RE -.SS Examples -Suppose an application is watching the directory -.I dir -and the file -.I dir/myfile -for all events. -The examples below show some events that will be generated -for these two objects. -.RS 4 -.TP -fd = open("dir/myfile", O_RDWR); -Generates -.B IN_OPEN -events for both -.I dir -and -.IR dir/myfile . -.TP -read(fd, buf, count); -Generates -.B IN_ACCESS -events for both -.I dir -and -.IR dir/myfile . -.TP -write(fd, buf, count); -Generates -.B IN_MODIFY -events for both -.I dir -and -.IR dir/myfile . -.TP -fchmod(fd, mode); -Generates -.B IN_ATTRIB -events for both -.I dir -and -.IR dir/myfile . -.TP -close(fd); -Generates -.B IN_CLOSE_WRITE -events for both -.I dir -and -.IR dir/myfile . -.RE -.P -Suppose an application is watching the directories -.I dir1 -and -.IR dir2 , -and the file -.IR dir1/myfile . -The following examples show some events that may be generated. -.RS 4 -.TP -link("dir1/myfile", "dir2/new"); -Generates an -.B IN_ATTRIB -event for -.I myfile -and an -.B IN_CREATE -event for -.IR dir2 . -.TP -rename("dir1/myfile", "dir2/myfile"); -Generates an -.B IN_MOVED_FROM -event for -.IR dir1 , -an -.B IN_MOVED_TO -event for -.IR dir2 , -and an -.B IN_MOVE_SELF -event for -.IR myfile . -The -.B IN_MOVED_FROM -and -.B IN_MOVED_TO -events will have the same -.I cookie -value. -.RE -.P -Suppose that -.I dir1/xx -and -.I dir2/yy -are (the only) links to the same file, and an application is watching -.IR dir1 , -.IR dir2 , -.IR dir1/xx , -and -.IR dir2/yy . -Executing the following calls in the order given below will generate -the following events: -.RS 4 -.TP -unlink("dir2/yy"); -Generates an -.B IN_ATTRIB -event for -.I xx -(because its link count changes) -and an -.B IN_DELETE -event for -.IR dir2 . -.TP -unlink("dir1/xx"); -Generates -.BR IN_ATTRIB , -.BR IN_DELETE_SELF , -and -.B IN_IGNORED -events for -.IR xx , -and an -.B IN_DELETE -event for -.IR dir1 . -.RE -.P -Suppose an application is watching the directory -.I dir -and (the empty) directory -.IR dir/subdir . -The following examples show some events that may be generated. -.RS 4 -.TP -mkdir("dir/new", mode); -Generates an -.B "IN_CREATE | IN_ISDIR" -event for -.IR dir . -.TP -rmdir("dir/subdir"); -Generates -.B IN_DELETE_SELF -and -.B IN_IGNORED -events for -.IR subdir , -and an -.B "IN_DELETE | IN_ISDIR" -event for -.IR dir . -.RE -.SS /proc interfaces -The following interfaces can be used to limit the amount of -kernel memory consumed by inotify: -.TP -.I /proc/sys/fs/inotify/max_queued_events -The value in this file is used when an application calls -.BR inotify_init (2) -to set an upper limit on the number of events that can be -queued to the corresponding inotify instance. -Events in excess of this limit are dropped, but an -.B IN_Q_OVERFLOW -event is always generated. -.TP -.I /proc/sys/fs/inotify/max_user_instances -This specifies an upper limit on the number of inotify instances -that can be created per real user ID. -.TP -.I /proc/sys/fs/inotify/max_user_watches -This specifies an upper limit on the number of watches -that can be created per real user ID. -.SH STANDARDS -Linux. -.SH HISTORY -Inotify was merged into Linux 2.6.13. -The required library interfaces were added in glibc 2.4. -.RB ( IN_DONT_FOLLOW , -.BR IN_MASK_ADD , -and -.B IN_ONLYDIR -were added in glibc 2.5.) -.SH NOTES -Inotify file descriptors can be monitored using -.BR select (2), -.BR poll (2), -and -.BR epoll (7). -When an event is available, the file descriptor indicates as readable. -.P -Since Linux 2.6.25, -signal-driven I/O notification is available for inotify file descriptors; -see the discussion of -.B F_SETFL -(for setting the -.B O_ASYNC -flag), -.BR F_SETOWN , -and -.B F_SETSIG -in -.BR fcntl (2). -The -.I siginfo_t -structure (described in -.BR sigaction (2)) -that is passed to the signal handler has the following fields set: -.I si_fd -is set to the inotify file descriptor number; -.I si_signo -is set to the signal number; -.I si_code -is set to -.BR POLL_IN ; -and -.B POLLIN -is set in -.IR si_band . -.P -If successive output inotify events produced on the -inotify file descriptor are identical (same -.IR wd , -.IR mask , -.IR cookie , -and -.IR name ), -then they are coalesced into a single event if the -older event has not yet been read (but see BUGS). -This reduces the amount of kernel memory required for the event queue, -but also means that an application can't use inotify to reliably count -file events. -.P -The events returned by reading from an inotify file descriptor -form an ordered queue. -Thus, for example, it is guaranteed that when renaming from -one directory to another, events will be produced in the -correct order on the inotify file descriptor. -.P -The set of watch descriptors that is being monitored via -an inotify file descriptor can be viewed via the entry for -the inotify file descriptor in the process's -.IR /proc/ pid /fdinfo -directory. -See -.BR proc (5) -for further details. -The -.B FIONREAD -.BR ioctl (2) -returns the number of bytes available to read from an -inotify file descriptor. -.SS Limitations and caveats -The inotify API provides no information about the user or process that -triggered the inotify event. -In particular, there is no easy -way for a process that is monitoring events via inotify -to distinguish events that it triggers -itself from those that are triggered by other processes. -.P -Inotify reports only events that a user-space program triggers through -the filesystem API. -As a result, it does not catch remote events that occur -on network filesystems. -(Applications must fall back to polling the filesystem -to catch such events.) -Furthermore, various pseudo-filesystems such as -.IR /proc , -.IR /sys , -and -.I /dev/pts -are not monitorable with inotify. -.P -The inotify API does not report file accesses and modifications that -may occur because of -.BR mmap (2), -.BR msync (2), -and -.BR munmap (2). -.P -The inotify API identifies affected files by filename. -However, by the time an application processes an inotify event, -the filename may already have been deleted or renamed. -.P -The inotify API identifies events via watch descriptors. -It is the application's responsibility to cache a mapping -(if one is needed) between watch descriptors and pathnames. -Be aware that directory renamings may affect multiple cached pathnames. -.P -Inotify monitoring of directories is not recursive: -to monitor subdirectories under a directory, -additional watches must be created. -This can take a significant amount time for large directory trees. -.P -If monitoring an entire directory subtree, -and a new subdirectory is created in that tree or an existing directory -is renamed into that tree, -be aware that by the time you create a watch for the new subdirectory, -new files (and subdirectories) may already exist inside the subdirectory. -Therefore, you may want to scan the contents of the subdirectory -immediately after adding the watch (and, if desired, -recursively add watches for any subdirectories that it contains). -.P -Note that the event queue can overflow. -In this case, events are lost. -Robust applications should handle the possibility of -lost events gracefully. -For example, it may be necessary to rebuild part or all of -the application cache. -(One simple, but possibly expensive, -approach is to close the inotify file descriptor, empty the cache, -create a new inotify file descriptor, -and then re-create watches and cache entries -for the objects to be monitored.) -.P -If a filesystem is mounted on top of a monitored directory, -no event is generated, and no events are generated -for objects immediately under the new mount point. -If the filesystem is subsequently unmounted, -events will subsequently be generated for the directory and -the objects it contains. -.\" -.SS Dealing with rename() events -As noted above, the -.B IN_MOVED_FROM -and -.B IN_MOVED_TO -event pair that is generated by -.BR rename (2) -can be matched up via their shared cookie value. -However, the task of matching has some challenges. -.P -These two events are usually consecutive in the event stream available -when reading from the inotify file descriptor. -However, this is not guaranteed. -If multiple processes are triggering events for monitored objects, -then (on rare occasions) an arbitrary number of -other events may appear between the -.B IN_MOVED_FROM -and -.B IN_MOVED_TO -events. -Furthermore, it is not guaranteed that the event pair is atomically -inserted into the queue: there may be a brief interval where the -.B IN_MOVED_FROM -has appeared, but the -.B IN_MOVED_TO -has not. -.P -Matching up the -.B IN_MOVED_FROM -and -.B IN_MOVED_TO -event pair generated by -.BR rename (2) -is thus inherently racy. -(Don't forget that if an object is renamed outside of a monitored directory, -there may not even be an -.B IN_MOVED_TO -event.) -Heuristic approaches (e.g., assume the events are always consecutive) -can be used to ensure a match in most cases, -but will inevitably miss some cases, -causing the application to perceive the -.B IN_MOVED_FROM -and -.B IN_MOVED_TO -events as being unrelated. -If watch descriptors are destroyed and re-created as a result, -then those watch descriptors will be inconsistent with -the watch descriptors in any pending events. -(Re-creating the inotify file descriptor and rebuilding the cache may -be useful to deal with this scenario.) -.P -Applications should also allow for the possibility that the -.B IN_MOVED_FROM -event was the last event that could fit in the buffer -returned by the current call to -.BR read (2), -and the accompanying -.B IN_MOVED_TO -event might be fetched only on the next -.BR read (2), -which should be done with a (small) timeout to allow for the fact that -insertion of the -.BR IN_MOVED_FROM + IN_MOVED_TO -event pair is not atomic, -and also the possibility that there may not be any -.B IN_MOVED_TO -event. -.SH BUGS -Before Linux 3.19, -.BR fallocate (2) -did not create any inotify events. -Since Linux 3.19, -.\" commit 820c12d5d6c0890bc93dd63893924a13041fdc35 -calls to -.BR fallocate (2) -generate -.B IN_MODIFY -events. -.P -.\" FIXME . kernel commit 611da04f7a31b2208e838be55a42c7a1310ae321 -.\" implies that unmount events were buggy since Linux 2.6.11 to Linux 2.6.36 -.\" -Before Linux 2.6.16, the -.B IN_ONESHOT -.I mask -flag does not work. -.P -As originally designed and implemented, the -.B IN_ONESHOT -flag did not cause an -.B IN_IGNORED -event to be generated when the watch was dropped after one event. -However, as an unintended effect of other changes, -since Linux 2.6.36, an -.B IN_IGNORED -event is generated in this case. -.P -Before Linux 2.6.25, -.\" commit 1c17d18e3775485bf1e0ce79575eb637a94494a2 -the kernel code that was intended to coalesce successive identical events -(i.e., the two most recent events could potentially be coalesced -if the older had not yet been read) -instead checked if the most recent event could be coalesced with the -.I oldest -unread event. -.P -When a watch descriptor is removed by calling -.BR inotify_rm_watch (2) -(or because a watch file is deleted or the filesystem -that contains it is unmounted), -any pending unread events for that watch descriptor remain available to read. -As watch descriptors are subsequently allocated with -.BR inotify_add_watch (2), -the kernel cycles through the range of possible watch descriptors (1 to -.BR INT_MAX ) -incrementally. -When allocating a free watch descriptor, no check is made to see whether that -watch descriptor number has any pending unread events in the inotify queue. -Thus, it can happen that a watch descriptor is reallocated even -when pending unread events exist for a previous incarnation of -that watch descriptor number, with the result that the application -might then read those events and interpret them as belonging to -the file associated with the newly recycled watch descriptor. -In practice, the likelihood of hitting this bug may be extremely low, -since it requires that an application cycle through -.B INT_MAX -watch descriptors, -release a watch descriptor while leaving unread events for that -watch descriptor in the queue, -and then recycle that watch descriptor. -For this reason, and because there have been no reports -of the bug occurring in real-world applications, -as of Linux 3.15, -.\" FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=77111 -no kernel changes have yet been made to eliminate this possible bug. -.SH EXAMPLES -The following program demonstrates the usage of the inotify API. -It marks the directories passed as a command-line arguments -and waits for events of type -.BR IN_OPEN , -.BR IN_CLOSE_NOWRITE , -and -.BR IN_CLOSE_WRITE . -.P -The following output was recorded while editing the file -.I /home/user/temp/foo -and listing directory -.IR /tmp . -Before the file and the directory were opened, -.B IN_OPEN -events occurred. -After the file was closed, an -.B IN_CLOSE_WRITE -event occurred. -After the directory was closed, an -.B IN_CLOSE_NOWRITE -event occurred. -Execution of the program ended when the user pressed the ENTER key. -.SS Example output -.in +4n -.EX -$ \fB./a.out /tmp /home/user/temp\fP -Press enter key to terminate. -Listening for events. -IN_OPEN: /home/user/temp/foo [file] -IN_CLOSE_WRITE: /home/user/temp/foo [file] -IN_OPEN: /tmp/ [directory] -IN_CLOSE_NOWRITE: /tmp/ [directory] -\& -Listening for events stopped. -.EE -.in -.SS Program source -\& -.EX -#include -#include -#include -#include -#include -#include -#include -\& -/* Read all available inotify events from the file descriptor \[aq]fd\[aq]. - wd is the table of watch descriptors for the directories in argv. - argc is the length of wd and argv. - argv is the list of watched directories. - Entry 0 of wd and argv is unused. */ -\& -static void -handle_events(int fd, int *wd, int argc, char* argv[]) -{ - /* Some systems cannot read integer variables if they are not - properly aligned. On other systems, incorrect alignment may - decrease performance. Hence, the buffer used for reading from - the inotify file descriptor should have the same alignment as - struct inotify_event. */ -\& - char buf[4096] - __attribute__ ((aligned(__alignof__(struct inotify_event)))); - const struct inotify_event *event; - ssize_t len; -\& - /* Loop while events can be read from inotify file descriptor. */ -\& - for (;;) { -\& - /* Read some events. */ -\& - len = read(fd, buf, sizeof(buf)); - if (len == \-1 && errno != EAGAIN) { - perror("read"); - exit(EXIT_FAILURE); - } -\& - /* If the nonblocking read() found no events to read, then - it returns \-1 with errno set to EAGAIN. In that case, - we exit the loop. */ -\& - if (len <= 0) - break; -\& - /* Loop over all events in the buffer. */ -\& - for (char *ptr = buf; ptr < buf + len; - ptr += sizeof(struct inotify_event) + event\->len) { -\& - event = (const struct inotify_event *) ptr; -\& - /* Print event type. */ -\& - if (event\->mask & IN_OPEN) - printf("IN_OPEN: "); - if (event\->mask & IN_CLOSE_NOWRITE) - printf("IN_CLOSE_NOWRITE: "); - if (event\->mask & IN_CLOSE_WRITE) - printf("IN_CLOSE_WRITE: "); -\& - /* Print the name of the watched directory. */ -\& - for (size_t i = 1; i < argc; ++i) { - if (wd[i] == event\->wd) { - printf("%s/", argv[i]); - break; - } - } -\& - /* Print the name of the file. */ -\& - if (event\->len) - printf("%s", event\->name); -\& - /* Print type of filesystem object. */ -\& - if (event\->mask & IN_ISDIR) - printf(" [directory]\en"); - else - printf(" [file]\en"); - } - } -} -\& -int -main(int argc, char* argv[]) -{ - char buf; - int fd, i, poll_num; - int *wd; - nfds_t nfds; - struct pollfd fds[2]; -\& - if (argc < 2) { - printf("Usage: %s PATH [PATH ...]\en", argv[0]); - exit(EXIT_FAILURE); - } -\& - printf("Press ENTER key to terminate.\en"); -\& - /* Create the file descriptor for accessing the inotify API. */ -\& - fd = inotify_init1(IN_NONBLOCK); - if (fd == \-1) { - perror("inotify_init1"); - exit(EXIT_FAILURE); - } -\& - /* Allocate memory for watch descriptors. */ -\& - wd = calloc(argc, sizeof(int)); - if (wd == NULL) { - perror("calloc"); - exit(EXIT_FAILURE); - } -\& - /* Mark directories for events - \- file was opened - \- file was closed */ -\& - for (i = 1; i < argc; i++) { - wd[i] = inotify_add_watch(fd, argv[i], - IN_OPEN | IN_CLOSE); - if (wd[i] == \-1) { - fprintf(stderr, "Cannot watch \[aq]%s\[aq]: %s\en", - argv[i], strerror(errno)); - exit(EXIT_FAILURE); - } - } -\& - /* Prepare for polling. */ -\& - nfds = 2; -\& - fds[0].fd = STDIN_FILENO; /* Console input */ - fds[0].events = POLLIN; -\& - fds[1].fd = fd; /* Inotify input */ - fds[1].events = POLLIN; -\& - /* Wait for events and/or terminal input. */ -\& - printf("Listening for events.\en"); - while (1) { - poll_num = poll(fds, nfds, \-1); - if (poll_num == \-1) { - if (errno == EINTR) - continue; - perror("poll"); - exit(EXIT_FAILURE); - } -\& - if (poll_num > 0) { -\& - if (fds[0].revents & POLLIN) { -\& - /* Console input is available. Empty stdin and quit. */ -\& - while (read(STDIN_FILENO, &buf, 1) > 0 && buf != \[aq]\en\[aq]) - continue; - break; - } -\& - if (fds[1].revents & POLLIN) { -\& - /* Inotify events are available. */ -\& - handle_events(fd, wd, argc, argv); - } - } - } -\& - printf("Listening for events stopped.\en"); -\& - /* Close inotify file descriptor. */ -\& - close(fd); -\& - free(wd); - exit(EXIT_SUCCESS); -} -.EE -.SH SEE ALSO -.BR inotifywait (1), -.BR inotifywatch (1), -.BR inotify_add_watch (2), -.BR inotify_init (2), -.BR inotify_init1 (2), -.BR inotify_rm_watch (2), -.BR read (2), -.BR stat (2), -.BR fanotify (7) -.P -.I Documentation/filesystems/inotify.txt -in the Linux kernel source tree diff --git a/man7/intro.7 b/man7/intro.7 deleted file mode 100644 index 98c8ed9..0000000 --- a/man7/intro.7 +++ /dev/null @@ -1,23 +0,0 @@ -.\" Copyright (c) 1993 Michael Haardt -.\" (michael@moria.de), Fri Apr 2 11:32:09 MET DST -.\" 1993 -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Modified by Thomas Koenig (ig25@rz.uni-karlsruhe.de) 24 Apr 1993 -.\" Modified Sat Jul 24 17:28:08 1993 by Rik Faith (faith@cs.unc.edu) -.TH intro 7 2022-10-30 "Linux man-pages 6.7" -.SH NAME -intro \- introduction to overview and miscellany section -.SH DESCRIPTION -Section 7 of the manual provides overviews on various topics, and -describes conventions and protocols, -character set standards, the standard filesystem layout, -and miscellaneous other things. -.SH NOTES -.SS Authors and copyright conditions -Look at the header of the manual page source for the author(s) and copyright -conditions. -Note that these can be different from page to page! -.SH SEE ALSO -.BR standards (7) diff --git a/man7/ip.7 b/man7/ip.7 deleted file mode 100644 index 34e2ff8..0000000 --- a/man7/ip.7 +++ /dev/null @@ -1,1541 +0,0 @@ -'\" t -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" -.\" $Id: ip.7,v 1.19 2000/12/20 18:10:31 ak Exp $ -.\" -.\" FIXME The following socket options are yet to be documented -.\" -.\" IP_XFRM_POLICY (2.5.48) -.\" Needs CAP_NET_ADMIN -.\" -.\" IP_IPSEC_POLICY (2.5.47) -.\" Needs CAP_NET_ADMIN -.\" -.\" IP_MINTTL (2.6.34) -.\" commit d218d11133d888f9745802146a50255a4781d37a -.\" Author: Stephen Hemminger -.\" -.\" MCAST_JOIN_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_BLOCK_SOURCE (2.4.22 / 2.6) -.\" -.\" MCAST_UNBLOCK_SOURCE (2.4.22 / 2.6) -.\" -.\" MCAST_LEAVE_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_JOIN_SOURCE_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_LEAVE_SOURCE_GROUP (2.4.22 / 2.6) -.\" -.\" MCAST_MSFILTER (2.4.22 / 2.6) -.\" -.\" IP_UNICAST_IF (3.4) -.\" commit 76e21053b5bf33a07c76f99d27a74238310e3c71 -.\" Author: Erich E. Hoover -.\" -.TH ip 7 2024-03-17 "Linux man-pages 6.7" -.SH NAME -ip \- Linux IPv4 protocol implementation -.SH SYNOPSIS -.nf -.B #include -.\" .B #include -- does not exist anymore -.\" .B #include -- never include -.B #include -.B #include \fR/* superset of previous */ -.P -.IB tcp_socket " = socket(AF_INET, SOCK_STREAM, 0);" -.IB udp_socket " = socket(AF_INET, SOCK_DGRAM, 0);" -.IB raw_socket " = socket(AF_INET, SOCK_RAW, " protocol ");" -.fi -.SH DESCRIPTION -Linux implements the Internet Protocol, version 4, -described in RFC\ 791 and RFC\ 1122. -.B ip -contains a level 2 multicasting implementation conforming to RFC\ 1112. -It also contains an IP router including a packet filter. -.P -The programming interface is BSD-sockets compatible. -For more information on sockets, see -.BR socket (7). -.P -An IP socket is created using -.BR socket (2): -.P -.in +4n -.EX -socket(AF_INET, socket_type, protocol); -.EE -.in -.P -Valid socket types include -.B SOCK_STREAM -to open a stream socket, -.B SOCK_DGRAM -to open a datagram socket, and -.B SOCK_RAW -to open a -.BR raw (7) -socket to access the IP protocol directly. -.P -.I protocol -is the IP protocol in the IP header to be received or sent. -Valid values for -.I protocol -include: -.IP \[bu] 3 -0 and -.B IPPROTO_TCP -for -.BR tcp (7) -stream sockets; -.IP \[bu] -0 and -.B IPPROTO_UDP -for -.BR udp (7) -datagram sockets; -.IP \[bu] -.B IPPROTO_SCTP -for -.BR sctp (7) -stream sockets; and -.IP \[bu] -.B IPPROTO_UDPLITE -for -.BR udplite (7) -datagram sockets. -.P -For -.B SOCK_RAW -you may specify a valid IANA IP protocol defined in -RFC\ 1700 assigned numbers. -.P -When a process wants to receive new incoming packets or connections, it -should bind a socket to a local interface address using -.BR bind (2). -In this case, only one IP socket may be bound to any given local -(address, port) pair. -When -.B INADDR_ANY -is specified in the bind call, the socket will be bound to -.I all -local interfaces. -When -.BR listen (2) -is called on an unbound socket, the socket is automatically bound -to a random free port with the local address set to -.BR INADDR_ANY . -When -.BR connect (2) -is called on an unbound socket, the socket is automatically bound -to a random free port or to a usable shared port with the local address -set to -.BR INADDR_ANY . -.P -A TCP local socket address that has been bound is unavailable for -some time after closing, unless the -.B SO_REUSEADDR -flag has been set. -Care should be taken when using this flag as it makes TCP less reliable. -.SS Address format -An IP socket address is defined as a combination of an IP interface -address and a 16-bit port number. -The basic IP protocol does not supply port numbers, they -are implemented by higher level protocols like -.BR udp (7) -and -.BR tcp (7). -On raw sockets -.I sin_port -is set to the IP protocol. -.P -.in +4n -.EX -struct sockaddr_in { - sa_family_t sin_family; /* address family: AF_INET */ - in_port_t sin_port; /* port in network byte order */ - struct in_addr sin_addr; /* internet address */ -}; -\& -/* Internet address */ -struct in_addr { - uint32_t s_addr; /* address in network byte order */ -}; -.EE -.in -.P -.I sin_family -is always set to -.BR AF_INET . -This is required; in Linux 2.2 most networking functions return -.B EINVAL -when this setting is missing. -.I sin_port -contains the port in network byte order. -The port numbers below 1024 are called -.I privileged ports -(or sometimes: -.IR "reserved ports" ). -Only a privileged process -(on Linux: a process that has the -.B CAP_NET_BIND_SERVICE -capability in the user namespace governing its network namespace) may -.BR bind (2) -to these sockets. -Note that the raw IPv4 protocol as such has no concept of a -port, they are implemented only by higher protocols like -.BR tcp (7) -and -.BR udp (7). -.P -.I sin_addr -is the IP host address. -The -.I s_addr -member of -.I struct in_addr -contains the host interface address in network byte order. -.I in_addr -should be assigned one of the -.B INADDR_* -values -(e.g., -.BR INADDR_LOOPBACK ) -using -.BR htonl (3) -or set using the -.BR inet_aton (3), -.BR inet_addr (3), -.BR inet_makeaddr (3) -library functions or directly with the name resolver (see -.BR gethostbyname (3)). -.P -IPv4 addresses are divided into unicast, broadcast, -and multicast addresses. -Unicast addresses specify a single interface of a host, -broadcast addresses specify all hosts on a network, and multicast -addresses address all hosts in a multicast group. -Datagrams to broadcast addresses can be sent or received only when the -.B SO_BROADCAST -socket flag is set. -In the current implementation, connection-oriented sockets are allowed -to use only unicast addresses. -.\" Leave a loophole for XTP @) -.P -Note that the address and the port are always stored in -network byte order. -In particular, this means that you need to call -.BR htons (3) -on the number that is assigned to a port. -All address/port manipulation -functions in the standard library work in network byte order. -.SS Special and reserved addresses -There are several special addresses: -.TP -.BR INADDR_LOOPBACK " (127.0.0.1)" -always refers to the local host via the loopback device; -.TP -.BR INADDR_ANY " (0.0.0.0)" -means any address for socket binding; -.TP -.BR INADDR_BROADCAST " (255.255.255.255)" -has the same effect on -.BR bind (2) -as -.B INADDR_ANY -for historical reasons. -A packet addressed to -.B INADDR_BROADCAST -through a socket which has -.B SO_BROADCAST -set will be broadcast to all hosts on the local network segment, -as long as the link is broadcast-capable. -.TP -Highest-numbered address -.TQ -Lowest-numbered address -On any locally-attached non-point-to-point IP subnet -with a link type that supports broadcasts, -the highest-numbered address -(e.g., the .255 address on a subnet with netmask 255.255.255.0) -is designated as a broadcast address. -It cannot usefully be assigned to an individual interface, -and can only be addressed with a socket on which the -.B SO_BROADCAST -option has been set. -Internet standards have historically -also reserved the lowest-numbered address -(e.g., the .0 address on a subnet with netmask 255.255.255.0) -for broadcast, though they call it "obsolete" for this purpose. -(Some sources also refer to this as the "network address.") -Since Linux 5.14, -.\" commit 58fee5fc83658aaacf60246aeab738946a9ba516 -it is treated as an ordinary unicast address -and can be assigned to an interface. -.P -Internet standards have traditionally also reserved various addresses -for particular uses, though Linux no longer treats -some of these specially. -.TP -[0.0.0.1, 0.255.255.255] -.TQ -[240.0.0.0, 255.255.255.254] -Addresses in these ranges (0/8 and 240/4) are reserved globally. -Since Linux 5.3 -.\" commit 96125bf9985a75db00496dd2bc9249b777d2b19b -and Linux 2.6.25, -.\" commit 1e637c74b0f84eaca02b914c0b8c6f67276e9697 -respectively, -the 0/8 and 240/4 addresses, other than -.B INADDR_ANY -and -.BR INADDR_BROADCAST , -are treated as ordinary unicast addresses. -Systems that follow the traditional behaviors may not -interoperate with these historically reserved addresses. -.TP -[127.0.0.1, 127.255.255.254] -Addresses in this range (127/8) are treated as loopback addresses -akin to the standardized local loopback address -.B INADDR_LOOPBACK -(127.0.0.1); -.TP -[224.0.0.0, 239.255.255.255] -Addresses in this range (224/4) are dedicated to multicast use. -.SS Socket options -IP supports some protocol-specific socket options that can be set with -.BR setsockopt (2) -and read with -.BR getsockopt (2). -The socket option level for IP is -.BR IPPROTO_IP . -.\" or SOL_IP on Linux -A boolean integer flag is zero when it is false, otherwise true. -.P -When an invalid socket option is specified, -.BR getsockopt (2) -and -.BR setsockopt (2) -fail with the error -.BR ENOPROTOOPT . -.TP -.BR IP_ADD_MEMBERSHIP " (since Linux 1.2)" -Join a multicast group. -Argument is an -.I ip_mreqn -structure. -.IP -.in +4n -.EX -struct ip_mreqn { - struct in_addr imr_multiaddr; /* IP multicast group - address */ - struct in_addr imr_address; /* IP address of local - interface */ - int imr_ifindex; /* interface index */ -}; -.EE -.in -.IP -.I imr_multiaddr -contains the address of the multicast group the application -wants to join or leave. -It must be a valid multicast address -.\" (i.e., within the 224.0.0.0-239.255.255.255 range) -(or -.BR setsockopt (2) -fails with the error -.BR EINVAL ). -.I imr_address -is the address of the local interface with which the system -should join the multicast group; if it is equal to -.BR INADDR_ANY , -an appropriate interface is chosen by the system. -.I imr_ifindex -is the interface index of the interface that should join/leave the -.I imr_multiaddr -group, or 0 to indicate any interface. -.IP -The -.I ip_mreqn -structure is available only since Linux 2.2. -For compatibility, the old -.I ip_mreq -structure (present since Linux 1.2) is still supported; -it differs from -.I ip_mreqn -only by not including the -.I imr_ifindex -field. -(The kernel determines which structure is being passed based -on the size passed in -.IR optlen .) -.IP -.B IP_ADD_MEMBERSHIP -is valid only for -.BR setsockopt (2). -.\" -.TP -.BR IP_ADD_SOURCE_MEMBERSHIP " (since Linux 2.4.22 / Linux 2.5.68)" -Join a multicast group and allow receiving data only -from a specified source. -Argument is an -.I ip_mreq_source -structure. -.IP -.in +4n -.EX -struct ip_mreq_source { - struct in_addr imr_multiaddr; /* IP multicast group - address */ - struct in_addr imr_interface; /* IP address of local - interface */ - struct in_addr imr_sourceaddr; /* IP address of - multicast source */ -}; -.EE -.in -.IP -The -.I ip_mreq_source -structure is similar to -.I ip_mreqn -described under -.BR IP_ADD_MEMBERSHIP . -The -.I imr_multiaddr -field contains the address of the multicast group the application -wants to join or leave. -The -.I imr_interface -field is the address of the local interface with which -the system should join the multicast group. -Finally, the -.I imr_sourceaddr -field contains the address of the source the -application wants to receive data from. -.IP -This option can be used multiple times to allow -receiving data from more than one source. -.TP -.BR IP_BIND_ADDRESS_NO_PORT " (since Linux 4.2)" -.\" commit 90c337da1524863838658078ec34241f45d8394d -Inform the kernel to not reserve an ephemeral port when using -.BR bind (2) -with a port number of 0. -The port will later be automatically chosen at -.BR connect (2) -time, -in a way that allows sharing a source port as long as the 4-tuple is unique. -.TP -.BR IP_BLOCK_SOURCE " (since Linux 2.4.22 / 2.5.68)" -Stop receiving multicast data from a specific source in a given group. -This is valid only after the application has subscribed -to the multicast group using either -.B IP_ADD_MEMBERSHIP -or -.BR IP_ADD_SOURCE_MEMBERSHIP . -.IP -Argument is an -.I ip_mreq_source -structure as described under -.BR IP_ADD_SOURCE_MEMBERSHIP . -.TP -.BR IP_DROP_MEMBERSHIP " (since Linux 1.2)" -Leave a multicast group. -Argument is an -.I ip_mreqn -or -.I ip_mreq -structure similar to -.BR IP_ADD_MEMBERSHIP . -.TP -.BR IP_DROP_SOURCE_MEMBERSHIP " (since Linux 2.4.22 / 2.5.68)" -Leave a source-specific group\[em]that is, stop receiving data from -a given multicast group that come from a given source. -If the application has subscribed to multiple sources within -the same group, data from the remaining sources will still be delivered. -To stop receiving data from all sources at once, use -.BR IP_DROP_MEMBERSHIP . -.IP -Argument is an -.I ip_mreq_source -structure as described under -.BR IP_ADD_SOURCE_MEMBERSHIP . -.TP -.BR IP_FREEBIND " (since Linux 2.4)" -.\" Precisely: since Linux 2.4.0-test10 -If enabled, this boolean option allows binding to an IP address -that is nonlocal or does not (yet) exist. -This permits listening on a socket, -without requiring the underlying network interface or the -specified dynamic IP address to be up at the time that -the application is trying to bind to it. -This option is the per-socket equivalent of the -.I ip_nonlocal_bind -.I /proc -interface described below. -.TP -.BR IP_HDRINCL " (since Linux 2.0)" -If enabled, -the user supplies an IP header in front of the user data. -Valid only for -.B SOCK_RAW -sockets; see -.BR raw (7) -for more information. -When this flag is enabled, the values set by -.BR IP_OPTIONS , -.BR IP_TTL , -and -.B IP_TOS -are ignored. -.TP -.BR IP_LOCAL_PORT_RANGE " (since Linux 6.3)" -Set or get the per-socket default local port range. -This option can be used to clamp down the global local port range, -defined by the -.I ip_local_port_range -.I /proc -interface described below, for a given socket. -.IP -The option takes an -.I uint32_t -value with -the high 16 bits set to the upper range bound, -and the low 16 bits set to the lower range bound. -Range bounds are inclusive. -The 16-bit values should be in host byte order. -.IP -The lower bound has to be less than the upper bound -when both bounds are not zero. -Otherwise, setting the option fails with EINVAL. -.IP -If either bound is outside of the global local port range, or is zero, -then that bound has no effect. -.IP -To reset the setting, -pass zero as both the upper and the lower bound. -.TP -.BR IP_MSFILTER " (since Linux 2.4.22 / 2.5.68)" -This option provides access to the advanced full-state filtering API. -Argument is an -.I ip_msfilter -structure. -.IP -.in +4n -.EX -struct ip_msfilter { - struct in_addr imsf_multiaddr; /* IP multicast group - address */ - struct in_addr imsf_interface; /* IP address of local - interface */ - uint32_t imsf_fmode; /* Filter\-mode */ -\& - uint32_t imsf_numsrc; /* Number of sources in - the following array */ - struct in_addr imsf_slist[1]; /* Array of source - addresses */ -}; -.EE -.in -.IP -There are two macros, -.B MCAST_INCLUDE -and -.BR MCAST_EXCLUDE , -which can be used to specify the filtering mode. -Additionally, the -.BR IP_MSFILTER_SIZE (n) -macro exists to determine how much memory is needed to store -.I ip_msfilter -structure with -.I n -sources in the source list. -.IP -For the full description of multicast source filtering -refer to RFC 3376. -.TP -.BR IP_MTU " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.124 -Retrieve the current known path MTU of the current socket. -Returns an integer. -.IP -.B IP_MTU -is valid only for -.BR getsockopt (2) -and can be employed only when the socket has been connected. -.TP -.BR IP_MTU_DISCOVER " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.124 -Set or receive the Path MTU Discovery setting for a socket. -When enabled, Linux will perform Path MTU Discovery -as defined in RFC\ 1191 on -.B SOCK_STREAM -sockets. -For -.RB non- SOCK_STREAM -sockets, -.B IP_PMTUDISC_DO -forces the don't-fragment flag to be set on all outgoing packets. -It is the user's responsibility to packetize the data -in MTU-sized chunks and to do the retransmits if necessary. -The kernel will reject (with -.BR EMSGSIZE ) -datagrams that are bigger than the known path MTU. -.B IP_PMTUDISC_WANT -will fragment a datagram if needed according to the path MTU, -or will set the don't-fragment flag otherwise. -.IP -The system-wide default can be toggled between -.B IP_PMTUDISC_WANT -and -.B IP_PMTUDISC_DONT -by writing (respectively, zero and nonzero values) to the -.I /proc/sys/net/ipv4/ip_no_pmtu_disc -file. -.TS -tab(:); -c l -l l. -Path MTU discovery value:Meaning -IP_PMTUDISC_WANT:Use per-route settings. -IP_PMTUDISC_DONT:Never do Path MTU Discovery. -IP_PMTUDISC_DO:Always do Path MTU Discovery. -IP_PMTUDISC_PROBE:Set DF but ignore Path MTU. -.TE -.IP -When PMTU discovery is enabled, the kernel automatically keeps track of -the path MTU per destination host. -When it is connected to a specific peer with -.BR connect (2), -the currently known path MTU can be retrieved conveniently using the -.B IP_MTU -socket option (e.g., after an -.B EMSGSIZE -error occurred). -The path MTU may change over time. -For connectionless sockets with many destinations, -the new MTU for a given destination can also be accessed using the -error queue (see -.BR IP_RECVERR ). -A new error will be queued for every incoming MTU update. -.IP -While MTU discovery is in progress, initial packets from datagram sockets -may be dropped. -Applications using UDP should be aware of this and not -take it into account for their packet retransmit strategy. -.IP -To bootstrap the path MTU discovery process on unconnected sockets, it -is possible to start with a big datagram size -(headers up to 64 kilobytes long) and let it shrink by updates of the path MTU. -.IP -To get an initial estimate of the -path MTU, connect a datagram socket to the destination address using -.BR connect (2) -and retrieve the MTU by calling -.BR getsockopt (2) -with the -.B IP_MTU -option. -.IP -It is possible to implement RFC 4821 MTU probing with -.B SOCK_DGRAM -or -.B SOCK_RAW -sockets by setting a value of -.B IP_PMTUDISC_PROBE -(available since Linux 2.6.22). -This is also particularly useful for diagnostic tools such as -.BR tracepath (8) -that wish to deliberately send probe packets larger than -the observed Path MTU. -.TP -.BR IP_MULTICAST_ALL " (since Linux 2.6.31)" -This option can be used to modify the delivery policy of multicast messages. -The argument is a boolean integer (defaults to 1). -If set to 1, -the socket will receive messages from all the groups that have been joined -globally on the whole system. -Otherwise, it will deliver messages only from -the groups that have been explicitly joined (for example via the -.B IP_ADD_MEMBERSHIP -option) on this particular socket. -.TP -.BR IP_MULTICAST_IF " (since Linux 1.2)" -Set the local device for a multicast socket. -The argument for -.BR setsockopt (2) -is an -.I ip_mreqn -or -.\" net: IP_MULTICAST_IF setsockopt now recognizes struct mreq -.\" Commit: 3a084ddb4bf299a6e898a9a07c89f3917f0713f7 -(since Linux 3.5) -.I ip_mreq -structure similar to -.BR IP_ADD_MEMBERSHIP , -or an -.I in_addr -structure. -(The kernel determines which structure is being passed based -on the size passed in -.IR optlen .) -For -.BR getsockopt (2), -the argument is an -.I in_addr -structure. -.TP -.BR IP_MULTICAST_LOOP " (since Linux 1.2)" -Set or read a boolean integer argument that determines whether -sent multicast packets should be looped back to the local sockets. -.TP -.BR IP_MULTICAST_TTL " (since Linux 1.2)" -Set or read the time-to-live value of outgoing multicast packets for this -socket. -It is very important for multicast packets to set the smallest TTL possible. -The default is 1 which means that multicast packets don't leave the local -network unless the user program explicitly requests it. -Argument is an integer. -.TP -.BR IP_NODEFRAG " (since Linux 2.6.36)" -If enabled (argument is nonzero), -the reassembly of outgoing packets is disabled in the netfilter layer. -The argument is an integer. -.IP -This option is valid only for -.B SOCK_RAW -sockets. -.TP -.BR IP_OPTIONS " (since Linux 2.0)" -.\" Precisely: since Linux 1.3.30 -Set or get the IP options to be sent with every packet from this socket. -The arguments are a pointer to a memory buffer containing the options -and the option length. -The -.BR setsockopt (2) -call sets the IP options associated with a socket. -The maximum option size for IPv4 is 40 bytes. -See RFC\ 791 for the allowed options. -When the initial connection request packet for a -.B SOCK_STREAM -socket contains IP options, the IP options will be set automatically -to the options from the initial packet with routing headers reversed. -Incoming packets are not allowed to change options after the connection -is established. -The processing of all incoming source routing options -is disabled by default and can be enabled by using the -.I accept_source_route -.I /proc -interface. -Other options like timestamps are still handled. -For datagram sockets, IP options can be set only by the local user. -Calling -.BR getsockopt (2) -with -.B IP_OPTIONS -puts the current IP options used for sending into the supplied buffer. -.TP -.BR IP_PASSSEC " (since Linux 2.6.17)" -.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c -If labeled IPSEC or NetLabel is configured on the sending and receiving -hosts, this option enables receiving of the security context of the peer -socket in an ancillary message of type -.B SCM_SECURITY -retrieved using -.BR recvmsg (2). -This option is supported only for UDP sockets; for TCP or SCTP sockets, -see the description of the -.B SO_PEERSEC -option below. -.IP -The value given as an argument to -.BR setsockopt (2) -and returned as the result of -.BR getsockopt (2) -is an integer boolean flag. -.IP -The security context returned in the -.B SCM_SECURITY -ancillary message -is of the same format as the one described under the -.B SO_PEERSEC -option below. -.IP -Note: the reuse of the -.B SCM_SECURITY -message type for the -.B IP_PASSSEC -socket option was likely a mistake, since other IP control messages use -their own numbering scheme in the IP namespace and often use the -socket option value as the message type. -There is no conflict currently since the IP option with the same value as -.B SCM_SECURITY -is -.B IP_HDRINCL -and this is never used for a control message type. -.TP -.BR IP_PKTINFO " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -Pass an -.B IP_PKTINFO -ancillary message that contains a -.I pktinfo -structure that supplies some information about the incoming packet. -This works only for datagram oriented sockets. -The argument is a flag that tells the socket whether the -.B IP_PKTINFO -message should be passed or not. -The message itself can be sent/retrieved -only as a control message with a packet using -.BR recvmsg (2) -or -.BR sendmsg (2). -.IP -.in +4n -.EX -struct in_pktinfo { - unsigned int ipi_ifindex; /* Interface index */ - struct in_addr ipi_spec_dst; /* Local address */ - struct in_addr ipi_addr; /* Header Destination - address */ -}; -.EE -.in -.IP -.I ipi_ifindex -is the unique index of the interface the packet was received on. -.I ipi_spec_dst -is the local address of the packet and -.I ipi_addr -is the destination address in the packet header. -If -.B IP_PKTINFO -is passed to -.BR sendmsg (2) -and -.\" This field is grossly misnamed -.I ipi_spec_dst -is not zero, then it is used as the local source address for the routing -table lookup and for setting up IP source route options. -When -.I ipi_ifindex -is not zero, the primary local address of the interface specified by the -index overwrites -.I ipi_spec_dst -for the routing table lookup. -.IP -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVERR " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Enable extended reliable error message passing. -When enabled on a datagram socket, all -generated errors will be queued in a per-socket error queue. -When the user receives an error from a socket operation, -the errors can be received by calling -.BR recvmsg (2) -with the -.B MSG_ERRQUEUE -flag set. -The -.I sock_extended_err -structure describing the error will be passed in an ancillary message with -the type -.B IP_RECVERR -and the level -.BR IPPROTO_IP . -.\" or SOL_IP on Linux -This is useful for reliable error handling on unconnected sockets. -The received data portion of the error queue contains the error packet. -.IP -The -.B IP_RECVERR -control message contains a -.I sock_extended_err -structure: -.IP -.in +4n -.EX -#define SO_EE_ORIGIN_NONE 0 -#define SO_EE_ORIGIN_LOCAL 1 -#define SO_EE_ORIGIN_ICMP 2 -#define SO_EE_ORIGIN_ICMP6 3 -\& -struct sock_extended_err { - uint32_t ee_errno; /* error number */ - uint8_t ee_origin; /* where the error originated */ - uint8_t ee_type; /* type */ - uint8_t ee_code; /* code */ - uint8_t ee_pad; - uint32_t ee_info; /* additional information */ - uint32_t ee_data; /* other data */ - /* More data may follow */ -}; -\& -struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *); -.EE -.in -.IP -.I ee_errno -contains the -.I errno -number of the queued error. -.I ee_origin -is the origin code of where the error originated. -The other fields are protocol-specific. -The macro -.B SO_EE_OFFENDER -returns a pointer to the address of the network object -where the error originated from given a pointer to the ancillary message. -If this address is not known, the -.I sa_family -member of the -.I sockaddr -contains -.B AF_UNSPEC -and the other fields of the -.I sockaddr -are undefined. -.IP -IP uses the -.I sock_extended_err -structure as follows: -.I ee_origin -is set to -.B SO_EE_ORIGIN_ICMP -for errors received as an ICMP packet, or -.B SO_EE_ORIGIN_LOCAL -for locally generated errors. -Unknown values should be ignored. -.I ee_type -and -.I ee_code -are set from the type and code fields of the ICMP header. -.I ee_info -contains the discovered MTU for -.B EMSGSIZE -errors. -The message also contains the -.I sockaddr_in of the node -caused the error, which can be accessed with the -.B SO_EE_OFFENDER -macro. -The -.I sin_family -field of the -.B SO_EE_OFFENDER -address is -.B AF_UNSPEC -when the source was unknown. -When the error originated from the network, all IP options -.RB ( IP_OPTIONS ", " IP_TTL , -etc.) enabled on the socket and contained in the -error packet are passed as control messages. -The payload of the packet causing the error is returned as normal payload. -.\" FIXME . Is it a good idea to document that? It is a dubious feature. -.\" On -.\" .B SOCK_STREAM -.\" sockets, -.\" .B IP_RECVERR -.\" has slightly different semantics. Instead of -.\" saving the errors for the next timeout, it passes all incoming -.\" errors immediately to the user. -.\" This might be useful for very short-lived TCP connections which -.\" need fast error handling. Use this option with care: -.\" it makes TCP unreliable -.\" by not allowing it to recover properly from routing -.\" shifts and other normal -.\" conditions and breaks the protocol specification. -Note that TCP has no error queue; -.B MSG_ERRQUEUE -is not permitted on -.B SOCK_STREAM -sockets. -.B IP_RECVERR -is valid for TCP, but all errors are returned by socket function return or -.B SO_ERROR -only. -.IP -For raw sockets, -.B IP_RECVERR -enables passing of all received ICMP errors to the -application, otherwise errors are reported only on connected sockets -.IP -It sets or retrieves an integer boolean flag. -.B IP_RECVERR -defaults to off. -.TP -.BR IP_RECVOPTS " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Pass all incoming IP options to the user in a -.B IP_OPTIONS -control message. -The routing header and other options are already filled in -for the local host. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVORIGDSTADDR " (since Linux 2.6.29)" -.\" commit e8b2dfe9b4501ed0047459b2756ba26e5a940a69 -This boolean option enables the -.B IP_ORIGDSTADDR -ancillary message in -.BR recvmsg (2), -in which the kernel returns the original destination address -of the datagram being received. -The ancillary message contains a -.IR "struct sockaddr_in" . -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVTOS " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -If enabled, the -.B IP_TOS -ancillary message is passed with incoming packets. -It contains a byte which specifies the Type of Service/Precedence -field of the packet header. -Expects a boolean integer flag. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RECVTTL " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -When this flag is set, pass a -.B IP_TTL -control message with the time-to-live -field of the received packet as a 32 bit integer. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_RETOPTS " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Identical to -.BR IP_RECVOPTS , -but returns raw unprocessed options with timestamp and route record -options not filled in for this hop. -Not supported for -.B SOCK_STREAM -sockets. -.TP -.BR IP_ROUTER_ALERT " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -Pass all to-be forwarded packets with the -IP Router Alert option set to this socket. -Valid only for raw sockets. -This is useful, for instance, for user-space RSVP daemons. -The tapped packets are not forwarded by the kernel; it is -the user's responsibility to send them out again. -Socket binding is ignored, -such packets are filtered only by protocol. -Expects an integer flag. -.TP -.BR IP_TOS " (since Linux 1.0)" -Set or receive the Type-Of-Service (TOS) field that is sent -with every IP packet originating from this socket. -It is used to prioritize packets on the network. -TOS is a byte. -There are some standard TOS flags defined: -.B IPTOS_LOWDELAY -to minimize delays for interactive traffic, -.B IPTOS_THROUGHPUT -to optimize throughput, -.B IPTOS_RELIABILITY -to optimize for reliability, -.B IPTOS_MINCOST -should be used for "filler data" where slow transmission doesn't matter. -At most one of these TOS values can be specified. -Other bits are invalid and shall be cleared. -Linux sends -.B IPTOS_LOWDELAY -datagrams first by default, -but the exact behavior depends on the configured queueing discipline. -.\" FIXME elaborate on this -Some high-priority levels may require superuser privileges (the -.B CAP_NET_ADMIN -capability). -.\" The priority can also be set in a protocol-independent way by the -.\" .RB ( SOL_SOCKET ", " SO_PRIORITY ) -.\" socket option (see -.\" .BR socket (7)). -.TP -.BR IP_TRANSPARENT " (since Linux 2.6.24)" -.\" commit f5715aea4564f233767ea1d944b2637a5fd7cd2e -.\" This patch introduces the IP_TRANSPARENT socket option: enabling that -.\" will make the IPv4 routing omit the non-local source address check on -.\" output. Setting IP_TRANSPARENT requires NET_ADMIN capability. -.\" http://lwn.net/Articles/252545/ -Setting this boolean option enables transparent proxying on this socket. -This socket option allows -the calling application to bind to a nonlocal IP address and operate -both as a client and a server with the foreign address as the local endpoint. -NOTE: this requires that routing be set up in a way that -packets going to the foreign address are routed through the TProxy box -(i.e., the system hosting the application that employs the -.B IP_TRANSPARENT -socket option). -Enabling this socket option requires superuser privileges -(the -.B CAP_NET_ADMIN -capability). -.IP -TProxy redirection with the iptables TPROXY target also requires that -this option be set on the redirected socket. -.TP -.BR IP_TTL " (since Linux 1.0)" -Set or retrieve the current time-to-live field that is used in every packet -sent from this socket. -.TP -.BR IP_UNBLOCK_SOURCE " (since Linux 2.4.22 / 2.5.68)" -Unblock previously blocked multicast source. -Returns -.B EADDRNOTAVAIL -when given source is not being blocked. -.IP -Argument is an -.I ip_mreq_source -structure as described under -.BR IP_ADD_SOURCE_MEMBERSHIP . -.TP -.BR SO_PEERSEC " (since Linux 2.6.17)" -If labeled IPSEC or NetLabel is configured on both the sending and -receiving hosts, this read-only socket option returns the security -context of the peer socket connected to this socket. -By default, -this will be the same as the security context of the process that created -the peer socket unless overridden by the policy or by a process with -the required permissions. -.IP -The argument to -.BR getsockopt (2) -is a pointer to a buffer of the specified length in bytes -into which the security context string will be copied. -If the buffer length is less than the length of the security -context string, then -.BR getsockopt (2) -returns \-1, sets -.I errno -to -.BR ERANGE , -and returns the required length via -.IR optlen . -The caller should allocate at least -.B NAME_MAX -bytes for the buffer initially, although this is not guaranteed -to be sufficient. -Resizing the buffer to the returned length -and retrying may be necessary. -.IP -The security context string may include a terminating null character -in the returned length, but is not guaranteed to do so: a security -context "foo" might be represented as either {'f','o','o'} of length 3 -or {'f','o','o','\\0'} of length 4, which are considered to be -interchangeable. -The string is printable, does not contain non-terminating null characters, -and is in an unspecified encoding (in particular, it -is not guaranteed to be ASCII or UTF-8). -.IP -The use of this option for sockets in the -.B AF_INET -address family is supported since Linux 2.6.17 -.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c -for TCP sockets, and since Linux 4.17 -.\" commit d452930fd3b9031e59abfeddb2fa383f1403d61a -for SCTP sockets. -.IP -For SELinux, NetLabel conveys only the MLS portion of the security -context of the peer across the wire, defaulting the rest of the -security context to the values defined in the policy for the -netmsg initial security identifier (SID). -However, NetLabel can -be configured to pass full security contexts over loopback. -Labeled IPSEC always passes full security contexts as part of establishing -the security association (SA) and looks them up based on the association -for each packet. -.\" -.SS /proc interfaces -The IP protocol -supports a set of -.I /proc -interfaces to configure some global parameters. -The parameters can be accessed by reading or writing files in the directory -.IR /proc/sys/net/ipv4/ . -.\" FIXME As at 2.6.12, 14 Jun 2005, the following are undocumented: -.\" ip_queue_maxlen -.\" ip_conntrack_max -Interfaces described as -.I Boolean -take an integer value, with a nonzero value ("true") meaning that -the corresponding option is enabled, and a zero value ("false") -meaning that the option is disabled. -.\" -.TP -.IR ip_always_defrag " (Boolean; since Linux 2.2.13)" -[New with Linux 2.2.13; in earlier kernel versions this feature -was controlled at compile time by the -.B CONFIG_IP_ALWAYS_DEFRAG -option; this option is not present in Linux 2.4.x and later] -.IP -When this boolean flag is enabled (not equal 0), incoming fragments -(parts of IP packets -that arose when some host between origin and destination decided -that the packets were too large and cut them into pieces) will be -reassembled (defragmented) before being processed, even if they are -about to be forwarded. -.IP -Enable only if running either a firewall that is the sole link -to your network or a transparent proxy; never ever use it for a -normal router or host. -Otherwise, fragmented communication can be disturbed -if the fragments travel over different links. -Defragmentation also has a large memory and CPU time cost. -.IP -This is automagically turned on when masquerading or transparent -proxying are configured. -.\" -.TP -.IR ip_autoconfig " (since Linux 2.2 to Linux 2.6.17)" -.\" Precisely: since Linux 2.1.68 -.\" FIXME document ip_autoconfig -Not documented. -.\" -.TP -.IR ip_default_ttl " (integer; default: 64; since Linux 2.2)" -.\" Precisely: since Linux 2.1.15 -Set the default time-to-live value of outgoing packets. -This can be changed per socket with the -.B IP_TTL -option. -.\" -.TP -.IR ip_dynaddr " (Boolean; default: disabled; since Linux 2.0.31)" -Enable dynamic socket address and masquerading entry rewriting on interface -address change. -This is useful for dialup interface with changing IP addresses. -0 means no rewriting, 1 turns it on and 2 enables verbose mode. -.\" -.TP -.IR ip_forward " (Boolean; default: disabled; since Linux 1.2)" -Enable IP forwarding with a boolean flag. -IP forwarding can be also set on a per-interface basis. -.\" -.TP -.IR ip_local_port_range " (since Linux 2.2)" -.\" Precisely: since Linux 2.1.68 -This file contains two integers that define the default local port range -allocated to sockets that are not explicitly bound to a port number\[em]that -is, the range used for -.IR "ephemeral ports" . -An ephemeral port is allocated to a socket in the following circumstances: -.RS -.IP \[bu] 3 -the port number in a socket address is specified as 0 when calling -.BR bind (2); -.IP \[bu] -.BR listen (2) -is called on a stream socket that was not previously bound; -.IP \[bu] -.BR connect (2) -was called on a socket that was not previously bound; -.IP \[bu] -.BR sendto (2) -is called on a datagram socket that was not previously bound. -.RE -.IP -Allocation of ephemeral ports starts with the first number in -.I ip_local_port_range -and ends with the second number. -If the range of ephemeral ports is exhausted, -then the relevant system call returns an error (but see BUGS). -.IP -Note that the port range in -.I ip_local_port_range -should not conflict with the ports used by masquerading -(although the case is handled). -Also, arbitrary choices may cause problems with some firewall packet -filters that make assumptions about the local ports in use. -The first number should be at least greater than 1024, -or better, greater than 4096, to avoid clashes -with well known ports and to minimize firewall problems. -.\" -.TP -.IR ip_no_pmtu_disc " (Boolean; default: disabled; since Linux 2.2)" -.\" Precisely: 2.1.15 -If enabled, don't do Path MTU Discovery for TCP sockets by default. -Path MTU discovery may fail if misconfigured firewalls (that drop -all ICMP packets) or misconfigured interfaces (e.g., a point-to-point -link where the both ends don't agree on the MTU) are on the path. -It is better to fix the broken routers on the path than to turn off -Path MTU Discovery globally, because not doing it incurs a high cost -to the network. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR ip_nonlocal_bind " (Boolean; default: disabled; since Linux 2.4)" -.\" Precisely: patch-2.4.0-test10 -If set, allows processes to -.BR bind (2) -to nonlocal IP addresses, -which can be quite useful, but may break some applications. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR ip6frag_time " (integer; default: 30)" -Time in seconds to keep an IPv6 fragment in memory. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR ip6frag_secret_interval " (integer; default: 600)" -Regeneration interval (in seconds) of the hash secret (or lifetime -for the hash secret) for IPv6 fragments. -.TP -.IR ipfrag_high_thresh " (integer)" -.TQ -.IR ipfrag_low_thresh " (integer)" -If the amount of queued IP fragments reaches -.IR ipfrag_high_thresh , -the queue is pruned down to -.IR ipfrag_low_thresh . -Contains an integer with the number of bytes. -.TP -.I neigh/* -See -.BR arp (7). -.\" FIXME Document the conf/*/* interfaces -.\" -.\" FIXME Document the route/* interfaces -.SS Ioctls -All ioctls described in -.BR socket (7) -apply to -.BR ip . -.P -Ioctls to configure generic device parameters are described in -.BR netdevice (7). -.\" FIXME Add a discussion of multicasting -.SH ERRORS -.\" FIXME document all errors. -.\" We should really fix the kernels to give more uniform -.\" error returns (ENOMEM vs ENOBUFS, EPERM vs EACCES etc.) -.TP -.B EACCES -The user tried to execute an operation without the necessary permissions. -These include: -sending a packet to a broadcast address without having the -.B SO_BROADCAST -flag set; -sending a packet via a -.I prohibit -route; -modifying firewall settings without superuser privileges (the -.B CAP_NET_ADMIN -capability); -binding to a privileged port without superuser privileges (the -.B CAP_NET_BIND_SERVICE -capability). -.TP -.B EADDRINUSE -Tried to bind to an address already in use. -.TP -.B EADDRNOTAVAIL -A nonexistent interface was requested or the requested source -address was not local. -.TP -.B EAGAIN -Operation on a nonblocking socket would block. -.TP -.B EALREADY -A connection operation on a nonblocking socket is already in progress. -.TP -.B ECONNABORTED -A connection was closed during an -.BR accept (2). -.TP -.B EHOSTUNREACH -No valid routing table entry matches the destination address. -This error can be caused by an ICMP message from a remote router or -for the local routing table. -.TP -.B EINVAL -Invalid argument passed. -For send operations this can be caused by sending to a -.I blackhole -route. -.TP -.B EISCONN -.BR connect (2) -was called on an already connected socket. -.TP -.B EMSGSIZE -Datagram is bigger than an MTU on the path and it cannot be fragmented. -.TP -.B ENOBUFS -.TQ -.B ENOMEM -Not enough free memory. -This often means that the memory allocation is limited by the socket -buffer limits, not by the system memory, but this is not 100% consistent. -.TP -.B ENOENT -.B SIOCGSTAMP -was called on a socket where no packet arrived. -.TP -.B ENOPKG -A kernel subsystem was not configured. -.TP -.BR ENOPROTOOPT " and " EOPNOTSUPP -Invalid socket option passed. -.TP -.B ENOTCONN -The operation is defined only on a connected socket, but the socket wasn't -connected. -.TP -.B EPERM -User doesn't have permission to set high priority, change configuration, -or send signals to the requested process or group. -.TP -.B EPIPE -The connection was unexpectedly closed or shut down by the other end. -.TP -.B ESOCKTNOSUPPORT -The socket is not configured or an unknown socket type was requested. -.P -Other errors may be generated by the overlaying protocols; see -.BR tcp (7), -.BR raw (7), -.BR udp (7), -and -.BR socket (7). -.SH NOTES -.BR IP_FREEBIND , -.BR IP_MSFILTER , -.BR IP_MTU , -.BR IP_MTU_DISCOVER , -.BR IP_RECVORIGDSTADDR , -.BR IP_PASSSEC , -.BR IP_PKTINFO , -.BR IP_RECVERR , -.BR IP_ROUTER_ALERT , -and -.B IP_TRANSPARENT -are Linux-specific. -.\" IP_XFRM_POLICY is Linux-specific -.\" IP_IPSEC_POLICY is a nonstandard extension, also present on some BSDs -.P -Be very careful with the -.B SO_BROADCAST -option \- it is not privileged in Linux. -It is easy to overload the network -with careless broadcasts. -For new application protocols -it is better to use a multicast group instead of broadcasting. -Broadcasting is discouraged. -See RFC 6762 for an example of a protocol (mDNS) -using the more modern multicast approach -to communicating with an open-ended -group of hosts on the local network. -.P -Some other BSD sockets implementations provide -.B IP_RCVDSTADDR -and -.B IP_RECVIF -socket options to get the destination address and the interface of -received datagrams. -Linux has the more general -.B IP_PKTINFO -for the same task. -.P -Some BSD sockets implementations also provide an -.B IP_RECVTTL -option, but an ancillary message with type -.B IP_RECVTTL -is passed with the incoming packet. -This is different from the -.B IP_TTL -option used in Linux. -.P -Using the -.B SOL_IP -socket options level isn't portable; BSD-based stacks use the -.B IPPROTO_IP -level. -.P -.B INADDR_ANY -(0.0.0.0) and -.B INADDR_BROADCAST -(255.255.255.255) are byte-order-neutral. -This means -.BR htonl (3) -has no effect on them. -.SS Compatibility -For compatibility with Linux 2.0, the obsolete -.BI "socket(AF_INET, SOCK_PACKET, " protocol ) -syntax is still supported to open a -.BR packet (7) -socket. -This is deprecated and should be replaced by -.BI "socket(AF_PACKET, SOCK_RAW, " protocol ) -instead. -The main difference is the new -.I sockaddr_ll -address structure for generic link layer information instead of the old -.BR sockaddr_pkt . -.SH BUGS -There are too many inconsistent error values. -.P -The error used to diagnose exhaustion of the ephemeral port range differs -across the various system calls -.RB ( connect (2), -.BR bind (2), -.BR listen (2), -.BR sendto (2)) -that can assign ephemeral ports. -.P -The ioctls to configure IP-specific interface options and ARP tables are -not described. -.\" .P -.\" Some versions of glibc forget to declare -.\" .IR in_pktinfo . -.\" Workaround currently is to copy it into your program from this man page. -.P -Receiving the original destination address with -.B MSG_ERRQUEUE -in -.I msg_name -by -.BR recvmsg (2) -does not work in some Linux 2.2 kernels. -.\" .SH AUTHORS -.\" This man page was written by Andi Kleen. -.SH SEE ALSO -.BR recvmsg (2), -.BR sendmsg (2), -.BR byteorder (3), -.BR capabilities (7), -.BR icmp (7), -.BR ipv6 (7), -.BR netdevice (7), -.BR netlink (7), -.BR raw (7), -.BR socket (7), -.BR tcp (7), -.BR udp (7), -.BR ip (8) -.P -The kernel source file -.IR Documentation/networking/ip\-sysctl.txt . -.P -RFC\ 791 for the original IP specification. -RFC\ 1122 for the IPv4 host requirements. -RFC\ 1812 for the IPv4 router requirements. diff --git a/man7/ipc_namespaces.7 b/man7/ipc_namespaces.7 deleted file mode 100644 index fe17ae1..0000000 --- a/man7/ipc_namespaces.7 +++ /dev/null @@ -1,66 +0,0 @@ -.\" Copyright (c) 2019 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH ipc_namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -ipc_namespaces \- overview of Linux IPC namespaces -.SH DESCRIPTION -IPC namespaces isolate certain IPC resources, -namely, System V IPC objects (see -.BR sysvipc (7)) -and (since Linux 2.6.30) -.\" commit 7eafd7c74c3f2e67c27621b987b28397110d643f -.\" https://lwn.net/Articles/312232/ -POSIX message queues (see -.BR mq_overview (7)). -The common characteristic of these IPC mechanisms is that IPC -objects are identified by mechanisms other than filesystem -pathnames. -.P -Each IPC namespace has its own set of System V IPC identifiers and -its own POSIX message queue filesystem. -Objects created in an IPC namespace are visible to all other processes -that are members of that namespace, -but are not visible to processes in other IPC namespaces. -.P -The following -.I /proc -interfaces are distinct in each IPC namespace: -.IP \[bu] 3 -The POSIX message queue interfaces in -.IR /proc/sys/fs/mqueue . -.IP \[bu] -The System V IPC interfaces in -.IR /proc/sys/kernel , -namely: -.IR msgmax , -.IR msgmnb , -.IR msgmni , -.IR sem , -.IR shmall , -.IR shmmax , -.IR shmmni , -and -.IR shm_rmid_forced . -.IP \[bu] -The System V IPC interfaces in -.IR /proc/sysvipc . -.P -When an IPC namespace is destroyed -(i.e., when the last process that is a member of the namespace terminates), -all IPC objects in the namespace are automatically destroyed. -.P -Use of IPC namespaces requires a kernel that is configured with the -.B CONFIG_IPC_NS -option. -.SH SEE ALSO -.BR nsenter (1), -.BR unshare (1), -.BR clone (2), -.BR setns (2), -.BR unshare (2), -.BR mq_overview (7), -.BR namespaces (7), -.BR sysvipc (7) diff --git a/man7/ipv6.7 b/man7/ipv6.7 deleted file mode 100644 index 18acdc9..0000000 --- a/man7/ipv6.7 +++ /dev/null @@ -1,416 +0,0 @@ -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 2000 Andi Kleen . -.\" -.\" $Id: ipv6.7,v 1.3 2000/12/20 18:10:31 ak Exp $ -.\" -.\" The following socket options are undocumented -.\" All of the following are from: -.\" commit 333fad5364d6b457c8d837f7d05802d2aaf8a961 -.\" Author: YOSHIFUJI Hideaki -.\" Support several new sockopt / ancillary data in Advanced API (RFC3542). -.\" IPV6_2292PKTINFO (2.6.14) -.\" Formerly IPV6_PKTINFO -.\" IPV6_2292HOPOPTS (2.6.14) -.\" Formerly IPV6_HOPOPTS, which is documented -.\" IPV6_2292DSTOPTS (2.6.14) -.\" Formerly IPV6_DSTOPTS, which is documented -.\" IPV6_2292RTHDR (2.6.14) -.\" Formerly IPV6_RTHDR, which is documented -.\" IPV6_2292PKTOPTIONS (2.6.14) -.\" Formerly IPV6_PKTOPTIONS -.\" IPV6_2292HOPLIMIT (2.6.14) -.\" Formerly IPV6_HOPLIMIT, which is documented -.\" -.\" IPV6_RECVHOPLIMIT (2.6.14) -.\" IPV6_RECVHOPOPTS (2.6.14) -.\" IPV6_RTHDRDSTOPTS (2.6.14) -.\" IPV6_RECVRTHDR (2.6.14) -.\" IPV6_RECVDSTOPTS (2.6.14) -.\" -.\" IPV6_RECVPATHMTU (Linux 2.6.35, flag value added in Linux 2.6.14) -.\" commit 793b14731686595a741d9f47726ad8b9a235385a -.\" Author: Brian Haley -.\" IPV6_PATHMTU (Linux 2.6.35, flag value added in Linux 2.6.14) -.\" commit 793b14731686595a741d9f47726ad8b9a235385a -.\" Author: Brian Haley -.\" IPV6_DONTFRAG (Linux 2.6.35, flag value added in Linux 2.6.14) -.\" commit 793b14731686595a741d9f47726ad8b9a235385a -.\" Author: Brian Haley -.\" commit 4b340ae20d0e2366792abe70f46629e576adaf5e -.\" Author: Brian Haley -.\" -.\" IPV6_RECVTCLASS (Linux 2.6.14) -.\" commit 41a1f8ea4fbfcdc4232f023732584aae2220de31 -.\" Author: YOSHIFUJI Hideaki -.\" Based on patch from David L Stevens -.\" -.\" IPV6_CHECKSUM (Linux 2.2) -.\" IPV6_NEXTHOP (Linux 2.2) -.\" IPV6_JOIN_ANYCAST (Linux 2.4.21 / Linux 2.6) -.\" IPV6_LEAVE_ANYCAST (Linux 2.4.21 / Linux 2.6) -.\" IPV6_FLOWLABEL_MGR (Linux 2.2.7 / Linux 2.4) -.\" IPV6_FLOWINFO_SEND (Linux 2.2.7 / Linux 2.4) -.\" IPV6_IPSEC_POLICY (Linux 2.6) -.\" IPV6_XFRM_POLICY (Linux 2.6) -.\" IPV6_TCLASS (Linux 2.6) -.\" -.\" IPV6_ADDR_PREFERENCES (Linux 2.6.26) -.\" commit 7cbca67c073263c179f605bdbbdc565ab29d801d -.\" Author: YOSHIFUJI Hideaki -.\" IPV6_MINHOPCOUNT (Linux 2.6.35) -.\" commit e802af9cabb011f09b9c19a82faef3dd315f27eb -.\" Author: Stephen Hemminger -.\" IPV6_ORIGDSTADDR (Linux 2.6.37) -.\" Actually a CMSG rather than a sockopt? -.\" In header file, we have IPV6_RECVORIGDSTADDR == IPV6_ORIGDSTADDR -.\" commit 6c46862280c5f55eda7750391bc65cd7e08c7535 -.\" Author: Balazs Scheidler -.\" IPV6_RECVORIGDSTADDR (Linux 2.6.37) -.\" commit 6c46862280c5f55eda7750391bc65cd7e08c7535 -.\" Author: Balazs Scheidler -.\" Support for IPV6_RECVORIGDSTADDR sockopt for UDP sockets -.\" were contributed by Harry Mason. -.\" IPV6_TRANSPARENT (Linux 2.6.37) -.\" commit 6c46862280c5f55eda7750391bc65cd7e08c7535 -.\" Author: Balazs Scheidler -.\" IPV6_UNICAST_IF (Linux 3.4) -.\" commit c4062dfc425e94290ac427a98d6b4721dd2bc91f -.\" Author: Erich E. Hoover -.\" -.TH ipv6 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -ipv6 \- Linux IPv6 protocol implementation -.SH SYNOPSIS -.nf -.B #include -.B #include -.P -.IB tcp6_socket " = socket(AF_INET6, SOCK_STREAM, 0);" -.IB raw6_socket " = socket(AF_INET6, SOCK_RAW, " protocol ");" -.IB udp6_socket " = socket(AF_INET6, SOCK_DGRAM, " protocol ");" -.fi -.SH DESCRIPTION -Linux 2.2 optionally implements the Internet Protocol, version 6. -This man page contains a description of the IPv6 basic API as -implemented by the Linux kernel and glibc 2.1. -The interface -is based on the BSD sockets interface; see -.BR socket (7). -.P -The IPv6 API aims to be mostly compatible with the -IPv4 API (see -.BR ip (7)). -Only differences are described in this man page. -.P -To bind an -.B AF_INET6 -socket to any process, the local address should be copied from the -.I in6addr_any -variable which has -.I in6_addr -type. -In static initializations, -.B IN6ADDR_ANY_INIT -may also be used, which expands to a constant expression. -Both of them are in network byte order. -.P -The IPv6 loopback address (::1) is available in the global -.I in6addr_loopback -variable. -For initializations, -.B IN6ADDR_LOOPBACK_INIT -should be used. -.P -IPv4 connections can be handled with the v6 API by using the -v4-mapped-on-v6 address type; -thus a program needs to support only this API type to -support both protocols. -This is handled transparently by the address -handling functions in the C library. -.P -IPv4 and IPv6 share the local port space. -When you get an IPv4 connection -or packet to an IPv6 socket, -its source address will be mapped to v6. -.SS Address format -.in +4n -.EX -struct sockaddr_in6 { - sa_family_t sin6_family; /* AF_INET6 */ - in_port_t sin6_port; /* port number */ - uint32_t sin6_flowinfo; /* IPv6 flow information */ - struct in6_addr sin6_addr; /* IPv6 address */ - uint32_t sin6_scope_id; /* Scope ID (new in Linux 2.4) */ -}; -\& -struct in6_addr { - unsigned char s6_addr[16]; /* IPv6 address */ -}; -.EE -.in -.P -.I sin6_family -is always set to -.BR AF_INET6 ; -.I sin6_port -is the protocol port (see -.I sin_port -in -.BR ip (7)); -.I sin6_flowinfo -is the IPv6 flow identifier; -.I sin6_addr -is the 128-bit IPv6 address. -.I sin6_scope_id -is an ID depending on the scope of the address. -It is new in Linux 2.4. -Linux supports it only for link-local addresses, in that case -.I sin6_scope_id -contains the interface index (see -.BR netdevice (7)) -.P -IPv6 supports several address types: unicast to address a single -host, multicast to address a group of hosts, -anycast to address the nearest member of a group of hosts -(not implemented in Linux), IPv4-on-IPv6 to -address an IPv4 host, and other reserved address types. -.P -The address notation for IPv6 is a group of 8 4-digit hexadecimal -numbers, separated with a \[aq]:\[aq]. -\&"::" stands for a string of 0 bits. -Special addresses are ::1 for loopback and ::FFFF: -for IPv4-mapped-on-IPv6. -.P -The port space of IPv6 is shared with IPv4. -.SS Socket options -IPv6 supports some protocol-specific socket options that can be set with -.BR setsockopt (2) -and read with -.BR getsockopt (2). -The socket option level for IPv6 is -.BR IPPROTO_IPV6 . -A boolean integer flag is zero when it is false, otherwise true. -.TP -.B IPV6_ADDRFORM -Turn an -.B AF_INET6 -socket into a socket of a different address family. -Only -.B AF_INET -is currently supported for that. -It is allowed only for IPv6 sockets -that are connected and bound to a v4-mapped-on-v6 address. -The argument is a pointer to an integer containing -.BR AF_INET . -This is useful to pass v4-mapped sockets as file descriptors to -programs that don't know how to deal with the IPv6 API. -.TP -.B IPV6_ADD_MEMBERSHIP, IPV6_DROP_MEMBERSHIP -Control membership in multicast groups. -Argument is a pointer to a -.IR "struct ipv6_mreq" . -.TP -.B IPV6_MTU -.BR getsockopt (): -Retrieve the current known path MTU of the current socket. -Valid only when the socket has been connected. -Returns an integer. -.IP -.BR setsockopt (): -Set the MTU to be used for the socket. -The MTU is limited by the device -MTU or the path MTU when path MTU discovery is enabled. -Argument is a pointer to integer. -.TP -.B IPV6_MTU_DISCOVER -Control path-MTU discovery on the socket. -See -.B IP_MTU_DISCOVER -in -.BR ip (7) -for details. -.TP -.B IPV6_MULTICAST_HOPS -Set the multicast hop limit for the socket. -Argument is a pointer to an -integer. -\-1 in the value means use the route default, otherwise it should be -between 0 and 255. -.TP -.B IPV6_MULTICAST_IF -Set the device for outgoing multicast packets on the socket. -This is allowed only for -.B SOCK_DGRAM -and -.B SOCK_RAW -socket. -The argument is a pointer to an interface index (see -.BR netdevice (7)) -in an integer. -.TP -.B IPV6_MULTICAST_LOOP -Control whether the socket sees multicast packets that it has send itself. -Argument is a pointer to boolean. -.TP -.BR IPV6_RECVPKTINFO " (since Linux 2.6.14)" -Set delivery of the -.B IPV6_PKTINFO -control message on incoming datagrams. -Such control messages contain a -.IR "struct in6_pktinfo" , -as per RFC 3542. -Allowed only for -.B SOCK_DGRAM -or -.B SOCK_RAW -sockets. -Argument is a pointer to a boolean value in an integer. -.TP -.B \%IPV6_RTHDR, \%IPV6_AUTHHDR, \%IPV6_DSTOPTS, \%IPV6_HOPOPTS, \ -\%IPV6_FLOWINFO, \%IPV6_HOPLIMIT -Set delivery of control messages for incoming datagrams containing -extension headers from the received packet. -.B IPV6_RTHDR -delivers the routing header, -.B IPV6_AUTHHDR -delivers the authentication header, -.B IPV6_DSTOPTS -delivers the destination options, -.B IPV6_HOPOPTS -delivers the hop options, -.B IPV6_FLOWINFO -delivers an integer containing the flow ID, -.B IPV6_HOPLIMIT -delivers an integer containing the hop count of the packet. -The control messages have the same type as the socket option. -All these header options can also be set for outgoing packets -by putting the appropriate control message into the control buffer of -.BR sendmsg (2). -Allowed only for -.B SOCK_DGRAM -or -.B SOCK_RAW -sockets. -Argument is a pointer to a boolean value. -.TP -.B IPV6_RECVERR -Control receiving of asynchronous error options. -See -.B IP_RECVERR -in -.BR ip (7) -for details. -Argument is a pointer to boolean. -.TP -.B IPV6_ROUTER_ALERT -Pass forwarded packets containing a router alert hop-by-hop option to -this socket. -Allowed only for -.B SOCK_RAW -sockets. -The tapped packets are not forwarded by the kernel, it is the -user's responsibility to send them out again. -Argument is a pointer to an integer. -A positive integer indicates a router alert option value to intercept. -Packets carrying a router alert option with a value field containing -this integer will be delivered to the socket. -A negative integer disables delivery of packets with router alert options -to this socket. -.TP -.B IPV6_UNICAST_HOPS -Set the unicast hop limit for the socket. -Argument is a pointer to an integer. -\-1 in the value means use the route default, -otherwise it should be between 0 and 255. -.TP -.BR IPV6_V6ONLY " (since Linux 2.4.21 and 2.6)" -.\" See RFC 3493 -If this flag is set to true (nonzero), then the socket is restricted -to sending and receiving IPv6 packets only. -In this case, an IPv4 and an IPv6 application can bind -to a single port at the same time. -.IP -If this flag is set to false (zero), -then the socket can be used to send and receive packets -to and from an IPv6 address or an IPv4-mapped IPv6 address. -.IP -The argument is a pointer to a boolean value in an integer. -.IP -The default value for this flag is defined by the contents of the file -.IR /proc/sys/net/ipv6/bindv6only . -The default value for that file is 0 (false). -.\" FLOWLABEL_MGR, FLOWINFO_SEND -.SH ERRORS -.TP -.B ENODEV -The user tried to -.BR bind (2) -to a link-local IPv6 address, but the -.I sin6_scope_id -in the supplied -.I sockaddr_in6 -structure is not a valid -interface index. -.SH VERSIONS -Linux 2.4 will break binary compatibility for the -.I sockaddr_in6 -for 64-bit -hosts by changing the alignment of -.I in6_addr -and adding an additional -.I sin6_scope_id -field. -The kernel interfaces stay compatible, but a program including -.I sockaddr_in6 -or -.I in6_addr -into other structures may not be. -This is not -a problem for 32-bit hosts like i386. -.P -The -.I sin6_flowinfo -field is new in Linux 2.4. -It is transparently passed/read by the kernel -when the passed address length contains it. -Some programs that pass a longer address buffer and then -check the outgoing address length may break. -.SH NOTES -The -.I sockaddr_in6 -structure is bigger than the generic -.IR sockaddr . -Programs that assume that all address types can be stored safely in a -.I struct sockaddr -need to be changed to use -.I struct sockaddr_storage -for that instead. -.P -.BR SOL_IP , -.BR SOL_IPV6 , -.BR SOL_ICMPV6 , -and other -.B SOL_* -socket options are nonportable variants of -.BR IPPROTO_* . -See also -.BR ip (7). -.SH BUGS -The IPv6 extended API as in RFC\ 2292 is currently only partly -implemented; -although the 2.2 kernel has near complete support for receiving options, -the macros for generating IPv6 options are missing in glibc 2.1. -.P -IPSec support for EH and AH headers is missing. -.P -Flow label management is not complete and not documented here. -.P -This man page is not complete. -.SH SEE ALSO -.BR cmsg (3), -.BR ip (7) -.P -RFC\ 2553: IPv6 BASIC API; -Linux tries to be compliant to this. -RFC\ 2460: IPv6 specification. diff --git a/man7/iso-8859-1.7 b/man7/iso-8859-1.7 deleted file mode 100644 index 1969dfb..0000000 --- a/man7/iso-8859-1.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-1.7 diff --git a/man7/iso-8859-10.7 b/man7/iso-8859-10.7 deleted file mode 100644 index 9b4658f..0000000 --- a/man7/iso-8859-10.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-10.7 diff --git a/man7/iso-8859-11.7 b/man7/iso-8859-11.7 deleted file mode 100644 index cbd4cfe..0000000 --- a/man7/iso-8859-11.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-11.7 diff --git a/man7/iso-8859-13.7 b/man7/iso-8859-13.7 deleted file mode 100644 index 8ad2335..0000000 --- a/man7/iso-8859-13.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-13.7 diff --git a/man7/iso-8859-14.7 b/man7/iso-8859-14.7 deleted file mode 100644 index 4aa555d..0000000 --- a/man7/iso-8859-14.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-14.7 diff --git a/man7/iso-8859-15.7 b/man7/iso-8859-15.7 deleted file mode 100644 index a4095d7..0000000 --- a/man7/iso-8859-15.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-15.7 diff --git a/man7/iso-8859-16.7 b/man7/iso-8859-16.7 deleted file mode 100644 index b9c8e91..0000000 --- a/man7/iso-8859-16.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-16.7 diff --git a/man7/iso-8859-2.7 b/man7/iso-8859-2.7 deleted file mode 100644 index da36668..0000000 --- a/man7/iso-8859-2.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-2.7 diff --git a/man7/iso-8859-3.7 b/man7/iso-8859-3.7 deleted file mode 100644 index 75e42ce..0000000 --- a/man7/iso-8859-3.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-3.7 diff --git a/man7/iso-8859-4.7 b/man7/iso-8859-4.7 deleted file mode 100644 index 15a829e..0000000 --- a/man7/iso-8859-4.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-4.7 diff --git a/man7/iso-8859-5.7 b/man7/iso-8859-5.7 deleted file mode 100644 index 1f20320..0000000 --- a/man7/iso-8859-5.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-5.7 diff --git a/man7/iso-8859-6.7 b/man7/iso-8859-6.7 deleted file mode 100644 index edcafdf..0000000 --- a/man7/iso-8859-6.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-6.7 diff --git a/man7/iso-8859-7.7 b/man7/iso-8859-7.7 deleted file mode 100644 index 951384c..0000000 --- a/man7/iso-8859-7.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-7.7 diff --git a/man7/iso-8859-8.7 b/man7/iso-8859-8.7 deleted file mode 100644 index 07cf216..0000000 --- a/man7/iso-8859-8.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-8.7 diff --git a/man7/iso-8859-9.7 b/man7/iso-8859-9.7 deleted file mode 100644 index 0fcc7d4..0000000 --- a/man7/iso-8859-9.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-9.7 diff --git a/man7/iso_8859-1.7 b/man7/iso_8859-1.7 deleted file mode 100644 index 18e1bdc..0000000 --- a/man7/iso_8859-1.7 +++ /dev/null @@ -1,150 +0,0 @@ -'\" t -.\" Copyright 1993-1995 Daniel Quinlan (quinlan@yggdrasil.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Slightly rearranged, aeb, 950713 -.\" Updated, dpo, 990531 -.TH ISO_8859-1 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-1 \- ISO/IEC\~8859-1 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-1 encodes the -characters used in many West European languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-1 characters -The following table displays the characters in ISO/IEC\~8859-1 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 ¡ INVERTED EXCLAMATION MARK -242 162 A2 ¢ CENT SIGN -243 163 A3 £ POUND SIGN -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 ¥ YEN SIGN -246 166 A6 ¦ BROKEN BAR -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 © COPYRIGHT SIGN -252 170 AA ª FEMININE ORDINAL INDICATOR -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF ¯ MACRON -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 ´ ACUTE ACCENT -265 181 B5 µ MICRO SIGN -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ¸ CEDILLA -271 185 B9 ¹ SUPERSCRIPT ONE -272 186 BA º MASCULINE ORDINAL INDICATOR -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC ¼ VULGAR FRACTION ONE QUARTER -275 189 BD ½ VULGAR FRACTION ONE HALF -276 190 BE ¾ VULGAR FRACTION THREE QUARTERS -277 191 BF ¿ INVERTED QUESTION MARK -300 192 C0 À LATIN CAPITAL LETTER A WITH GRAVE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 à LATIN CAPITAL LETTER A WITH TILDE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 È LATIN CAPITAL LETTER E WITH GRAVE -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ê LATIN CAPITAL LETTER E WITH CIRCUMFLEX -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ì LATIN CAPITAL LETTER I WITH GRAVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -320 208 D0 Ð LATIN CAPITAL LETTER ETH -321 209 D1 Ñ LATIN CAPITAL LETTER N WITH TILDE -322 210 D2 Ò LATIN CAPITAL LETTER O WITH GRAVE -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ø LATIN CAPITAL LETTER O WITH STROKE -331 217 D9 Ù LATIN CAPITAL LETTER U WITH GRAVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ý LATIN CAPITAL LETTER Y WITH ACUTE -336 222 DE Þ LATIN CAPITAL LETTER THORN -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 à LATIN SMALL LETTER A WITH GRAVE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ã LATIN SMALL LETTER A WITH TILDE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 è LATIN SMALL LETTER E WITH GRAVE -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ê LATIN SMALL LETTER E WITH CIRCUMFLEX -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ì LATIN SMALL LETTER I WITH GRAVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -360 240 F0 ð LATIN SMALL LETTER ETH -361 241 F1 ñ LATIN SMALL LETTER N WITH TILDE -362 242 F2 ò LATIN SMALL LETTER O WITH GRAVE -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ø LATIN SMALL LETTER O WITH STROKE -371 249 F9 ù LATIN SMALL LETTER U WITH GRAVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ý LATIN SMALL LETTER Y WITH ACUTE -376 254 FE þ LATIN SMALL LETTER THORN -377 255 FF ÿ LATIN SMALL LETTER Y WITH DIAERESIS -.TE -.SH NOTES -ISO/IEC\~8859-1 is also known as Latin-1. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR cp1252 (7), -.BR iso_8859\-15 (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-10.7 b/man7/iso_8859-10.7 deleted file mode 100644 index 79ee5f3..0000000 --- a/man7/iso_8859-10.7 +++ /dev/null @@ -1,146 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-10 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-10 \- ISO/IEC\~8859-10 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-10 encodes the -characters used in Nordic languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-10 characters -The following table displays the characters in ISO/IEC\~8859-10 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 Ą LATIN CAPITAL LETTER A WITH OGONEK -242 162 A2 Ē LATIN CAPITAL LETTER E WITH MACRON -243 163 A3 Ģ LATIN CAPITAL LETTER G WITH CEDILLA -244 164 A4 Ī LATIN CAPITAL LETTER I WITH MACRON -245 165 A5 Ĩ LATIN CAPITAL LETTER I WITH TILDE -246 166 A6 Ķ LATIN CAPITAL LETTER K WITH CEDILLA -247 167 A7 § SECTION SIGN -250 168 A8 Ļ LATIN CAPITAL LETTER L WITH CEDILLA -251 169 A9 Đ LATIN CAPITAL LETTER D WITH STROKE -252 170 AA Š LATIN CAPITAL LETTER S WITH CARON -253 171 AB Ŧ LATIN CAPITAL LETTER T WITH STROKE -254 172 AC Ž LATIN CAPITAL LETTER Z WITH CARON -255 173 AD ­ SOFT HYPHEN -256 174 AE Ū LATIN CAPITAL LETTER U WITH MACRON -257 175 AF Ŋ LATIN CAPITAL LETTER ENG -260 176 B0 ° DEGREE SIGN -261 177 B1 ą LATIN SMALL LETTER A WITH OGONEK -262 178 B2 ē LATIN SMALL LETTER E WITH MACRON -263 179 B3 ģ LATIN SMALL LETTER G WITH CEDILLA -264 180 B4 ī LATIN SMALL LETTER I WITH MACRON -265 181 B5 ĩ LATIN SMALL LETTER I WITH TILDE -266 182 B6 ķ LATIN SMALL LETTER K WITH CEDILLA -267 183 B7 · MIDDLE DOT -270 184 B8 ļ LATIN SMALL LETTER L WITH CEDILLA -271 185 B9 đ LATIN SMALL LETTER D WITH STROKE -272 186 BA š LATIN SMALL LETTER S WITH CARON -273 187 BB ŧ LATIN SMALL LETTER T WITH STROKE -274 188 BC ž LATIN SMALL LETTER Z WITH CARON -275 189 BD ― HORIZONTAL BAR -276 190 BE ū LATIN SMALL LETTER U WITH MACRON -277 191 BF ŋ LATIN SMALL LETTER ENG -300 192 C0 Ā LATIN CAPITAL LETTER A WITH MACRON -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 à LATIN CAPITAL LETTER A WITH TILDE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Į LATIN CAPITAL LETTER I WITH OGONEK -310 200 C8 Č LATIN CAPITAL LETTER C WITH CARON -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ę LATIN CAPITAL LETTER E WITH OGONEK -312 202 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ė LATIN CAPITAL LETTER E WITH DOT ABOVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -320 208 D0 Ð LATIN CAPITAL LETTER ETH -321 209 D1 Ņ LATIN CAPITAL LETTER N WITH CEDILLA -322 210 D2 Ō LATIN CAPITAL LETTER O WITH MACRON -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 Ũ LATIN CAPITAL LETTER U WITH TILDE -330 216 D8 Ø LATIN CAPITAL LETTER O WITH STROKE -331 217 D9 Ų LATIN CAPITAL LETTER U WITH OGONEK -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ý LATIN CAPITAL LETTER Y WITH ACUTE -336 222 DE Þ LATIN CAPITAL LETTER THORN -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 ā LATIN SMALL LETTER A WITH MACRON -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ã LATIN SMALL LETTER A WITH TILDE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 į LATIN SMALL LETTER I WITH OGONEK -350 232 E8 č LATIN SMALL LETTER C WITH CARON -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ę LATIN SMALL LETTER E WITH OGONEK -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ė LATIN SMALL LETTER E WITH DOT ABOVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -360 240 F0 ð LATIN SMALL LETTER ETH -361 241 F1 ņ LATIN SMALL LETTER N WITH CEDILLA -362 242 F2 ō LATIN SMALL LETTER O WITH MACRON -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ũ LATIN SMALL LETTER U WITH TILDE -370 248 F8 ø LATIN SMALL LETTER O WITH STROKE -371 249 F9 ų LATIN SMALL LETTER U WITH OGONEK -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ý LATIN SMALL LETTER Y WITH ACUTE -376 254 FE þ LATIN SMALL LETTER THORN -377 255 FF ĸ LATIN SMALL LETTER KRA -.TE -.SH NOTES -ISO/IEC\~8859-10 is also known as Latin-6. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-11.7 b/man7/iso_8859-11.7 deleted file mode 100644 index f7dc9b4..0000000 --- a/man7/iso_8859-11.7 +++ /dev/null @@ -1,143 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\"Thanomsub Noppaburana made valuable suggestions. -.\" -.TH ISO_8859-11 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-11 \- ISO/IEC\~8859-11 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-11 encodes the -characters used in the Thai language. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-11 characters -The following table displays the characters in ISO/IEC\~8859-11 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 ก THAI CHARACTER KO KAI -242 162 A2 ข THAI CHARACTER KHO KHAI -243 163 A3 ฃ THAI CHARACTER KHO KHUAT -244 164 A4 ค THAI CHARACTER KHO KHWAI -245 165 A5 ฅ THAI CHARACTER KHO KHON -246 166 A6 ฆ THAI CHARACTER KHO RAKHANG -247 167 A7 ง THAI CHARACTER NGO NGU -250 168 A8 จ THAI CHARACTER CHO CHAN -251 169 A9 ฉ THAI CHARACTER CHO CHING -252 170 AA ช THAI CHARACTER CHO CHANG -253 171 AB ซ THAI CHARACTER SO SO -254 172 AC ฌ THAI CHARACTER CHO CHOE -255 173 AD ญ THAI CHARACTER YO YING -256 174 AE ฎ THAI CHARACTER DO CHADA -257 175 AF ฏ THAI CHARACTER TO PATAK -260 176 B0 ฐ THAI CHARACTER THO THAN -261 177 B1 ฑ THAI CHARACTER THO NANGMONTHO -262 178 B2 ฒ THAI CHARACTER THO PHUTHAO -263 179 B3 ณ THAI CHARACTER NO NEN -264 180 B4 ด THAI CHARACTER DO DEK -265 181 B5 ต THAI CHARACTER TO TAO -266 182 B6 ถ THAI CHARACTER THO THUNG -267 183 B7 ท THAI CHARACTER THO THAHAN -270 184 B8 ธ THAI CHARACTER THO THONG -271 185 B9 น THAI CHARACTER NO NU -272 186 BA บ THAI CHARACTER BO BAIMAI -273 187 BB ป THAI CHARACTER PO PLA -274 188 BC ผ THAI CHARACTER PHO PHUNG -275 189 BD ฝ THAI CHARACTER FO FA -276 190 BE พ THAI CHARACTER PHO PHAN -277 191 BF ฟ THAI CHARACTER FO FAN -300 192 C0 ภ THAI CHARACTER PHO SAMPHAO -301 193 C1 ม THAI CHARACTER MO MA -302 194 C2 ย THAI CHARACTER YO YAK -303 195 C3 ร THAI CHARACTER RO RUA -304 196 C4 ฤ THAI CHARACTER RU -305 197 C5 ล THAI CHARACTER LO LING -306 198 C6 ฦ THAI CHARACTER LU -307 199 C7 ว THAI CHARACTER WO WAEN -310 200 C8 ศ THAI CHARACTER SO SALA -311 201 C9 ษ THAI CHARACTER SO RUSI -312 202 CA ส THAI CHARACTER SO SUA -313 203 CB ห THAI CHARACTER HO HIP -314 204 CC ฬ THAI CHARACTER LO CHULA -315 205 CD อ THAI CHARACTER O ANG -316 206 CE ฮ THAI CHARACTER HO NOKHUK -317 207 CF ฯ THAI CHARACTER PAIYANNOI -320 208 D0 ะ THAI CHARACTER SARA A -321 209 D1 ั THAI CHARACTER MAI HAN-AKAT -322 210 D2 า THAI CHARACTER SARA AA -323 211 D3 ำ THAI CHARACTER SARA AM -324 212 D4 ิ THAI CHARACTER SARA I -325 213 D5 ี THAI CHARACTER SARA II -326 214 D6 ึ THAI CHARACTER SARA UE -327 215 D7 ื THAI CHARACTER SARA UEE -330 216 D8 ุ THAI CHARACTER SARA U -331 217 D9 ู THAI CHARACTER SARA UU -332 218 DA ฺ THAI CHARACTER PHINTHU -337 223 DF ฿ THAI CURRENCY SYMBOL BAHT -340 224 E0 เ THAI CHARACTER SARA E -341 225 E1 แ THAI CHARACTER SARA AE -342 226 E2 โ THAI CHARACTER SARA O -343 227 E3 ใ THAI CHARACTER SARA AI MAIMUAN -344 228 E4 ไ THAI CHARACTER SARA AI MAIMALAI -345 229 E5 ๅ THAI CHARACTER LAKKHANGYAO -346 230 E6 ๆ THAI CHARACTER MAIYAMOK -347 231 E7 ็ THAI CHARACTER MAITAIKHU -350 232 E8 ่ THAI CHARACTER MAI EK -351 233 E9 ้ THAI CHARACTER MAI THO -352 234 EA ๊ THAI CHARACTER MAI TRI -353 235 EB ๋ THAI CHARACTER MAI CHATTAWA -354 236 EC ์ THAI CHARACTER THANTHAKHAT -355 237 ED ํ THAI CHARACTER NIKHAHIT -356 238 EE ๎ THAI CHARACTER YAMAKKAN -357 239 EF ๏ THAI CHARACTER FONGMAN -360 240 F0 ๐ THAI DIGIT ZERO -361 241 F1 ๑ THAI DIGIT ONE -362 242 F2 ๒ THAI DIGIT TWO -363 243 F3 ๓ THAI DIGIT THREE -364 244 F4 ๔ THAI DIGIT FOUR -365 245 F5 ๕ THAI DIGIT FIVE -366 246 F6 ๖ THAI DIGIT SIX -367 247 F7 ๗ THAI DIGIT SEVEN -370 248 F8 ๘ THAI DIGIT EIGHT -371 249 F9 ๙ THAI DIGIT NINE -372 250 FA ๚ THAI CHARACTER ANGKHANKHU -373 251 FB ๛ THAI CHARACTER KHOMUT -.TE -.SH NOTES -ISO/IEC\~8859-11 is the same as TIS (Thai Industrial Standard) 620-2253, -commonly known as TIS-620, except for the character in position A0: -ISO/IEC\~8859-11 defines this as NO-BREAK SPACE, -while TIS-620 leaves it undefined. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-13.7 b/man7/iso_8859-13.7 deleted file mode 100644 index 62561bf..0000000 --- a/man7/iso_8859-13.7 +++ /dev/null @@ -1,146 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-13 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-13 \- ISO/IEC\~8859-13 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-13 encodes the -characters used in Baltic Rim languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-13 characters -The following table displays the characters in ISO/IEC\~8859-13 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 ” RIGHT DOUBLE QUOTATION MARK -242 162 A2 ¢ CENT SIGN -243 163 A3 £ POUND SIGN -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 „ DOUBLE LOW-9 QUOTATION MARK -246 166 A6 ¦ BROKEN BAR -247 167 A7 § SECTION SIGN -250 168 A8 Ø LATIN CAPITAL LETTER O WITH STROKE -251 169 A9 © COPYRIGHT SIGN -252 170 AA Ŗ LATIN CAPITAL LETTER R WITH CEDILLA -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF Æ LATIN CAPITAL LETTER AE -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 “ LEFT DOUBLE QUOTATION MARK -265 181 B5 µ MICRO SIGN -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ø LATIN SMALL LETTER O WITH STROKE -271 185 B9 ¹ SUPERSCRIPT ONE -272 186 BA ŗ LATIN SMALL LETTER R WITH CEDILLA -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC ¼ VULGAR FRACTION ONE QUARTER -275 189 BD ½ VULGAR FRACTION ONE HALF -276 190 BE ¾ VULGAR FRACTION THREE QUARTERS -277 191 BF æ LATIN SMALL LETTER AE -300 192 C0 Ą LATIN CAPITAL LETTER A WITH OGONEK -301 193 C1 Į LATIN CAPITAL LETTER I WITH OGONEK -302 194 C2 Ā LATIN CAPITAL LETTER A WITH MACRON -303 195 C3 Ć LATIN CAPITAL LETTER C WITH ACUTE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Ę LATIN CAPITAL LETTER E WITH OGONEK -307 199 C7 Ē LATIN CAPITAL LETTER E WITH MACRON -310 200 C8 Č LATIN CAPITAL LETTER C WITH CARON -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ź LATIN CAPITAL LETTER Z WITH ACUTE -313 203 CB Ė LATIN CAPITAL LETTER E WITH DOT ABOVE -314 204 CC Ģ LATIN CAPITAL LETTER G WITH CEDILLA -315 205 CD Ķ LATIN CAPITAL LETTER K WITH CEDILLA -316 206 CE Ī LATIN CAPITAL LETTER I WITH MACRON -317 207 CF Ļ LATIN CAPITAL LETTER L WITH CEDILLA -320 208 D0 Š LATIN CAPITAL LETTER S WITH CARON -321 209 D1 Ń LATIN CAPITAL LETTER N WITH ACUTE -322 210 D2 Ņ LATIN CAPITAL LETTER N WITH CEDILLA -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ō LATIN CAPITAL LETTER O WITH MACRON -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ų LATIN CAPITAL LETTER U WITH OGONEK -331 217 D9 Ł LATIN CAPITAL LETTER L WITH STROKE -332 218 DA Ś LATIN CAPITAL LETTER S WITH ACUTE -333 219 DB Ū LATIN CAPITAL LETTER U WITH MACRON -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ż LATIN CAPITAL LETTER Z WITH DOT ABOVE -336 222 DE Ž LATIN CAPITAL LETTER Z WITH CARON -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 ą LATIN SMALL LETTER A WITH OGONEK -341 225 E1 į LATIN SMALL LETTER I WITH OGONEK -342 226 E2 ā LATIN SMALL LETTER A WITH MACRON -343 227 E3 ć LATIN SMALL LETTER C WITH ACUTE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 ę LATIN SMALL LETTER E WITH OGONEK -347 231 E7 ē LATIN SMALL LETTER E WITH MACRON -350 232 E8 č LATIN SMALL LETTER C WITH CARON -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ź LATIN SMALL LETTER Z WITH ACUTE -353 235 EB ė LATIN SMALL LETTER E WITH DOT ABOVE -354 236 EC ģ LATIN SMALL LETTER G WITH CEDILLA -355 237 ED ķ LATIN SMALL LETTER K WITH CEDILLA -356 238 EE ī LATIN SMALL LETTER I WITH MACRON -357 239 EF ļ LATIN SMALL LETTER L WITH CEDILLA -360 240 F0 š LATIN SMALL LETTER S WITH CARON -361 241 F1 ń LATIN SMALL LETTER N WITH ACUTE -362 242 F2 ņ LATIN SMALL LETTER N WITH CEDILLA -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ō LATIN SMALL LETTER O WITH MACRON -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ų LATIN SMALL LETTER U WITH OGONEK -371 249 F9 ł LATIN SMALL LETTER L WITH STROKE -372 250 FA ś LATIN SMALL LETTER S WITH ACUTE -373 251 FB ū LATIN SMALL LETTER U WITH MACRON -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ż LATIN SMALL LETTER Z WITH DOT ABOVE -376 254 FE ž LATIN SMALL LETTER Z WITH CARON -377 255 FF ’ RIGHT SINGLE QUOTATION MARK -.TE -.SH NOTES -ISO/IEC\~8859-13 is also known as Latin-7. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-14.7 b/man7/iso_8859-14.7 deleted file mode 100644 index 6c1f6ee..0000000 --- a/man7/iso_8859-14.7 +++ /dev/null @@ -1,146 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-14 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-14 \- ISO/IEC\~8859-14 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-14 encodes the -characters used in Celtic languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-14 characters -The following table displays the characters in ISO/IEC\~8859-14 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 Ḃ LATIN CAPITAL LETTER B WITH DOT ABOVE -242 162 A2 ḃ LATIN SMALL LETTER B WITH DOT ABOVE -243 163 A3 £ POUND SIGN -244 164 A4 Ċ LATIN CAPITAL LETTER C WITH DOT ABOVE -245 165 A5 ċ LATIN SMALL LETTER C WITH DOT ABOVE -246 166 A6 Ḋ LATIN CAPITAL LETTER D WITH DOT ABOVE -247 167 A7 § SECTION SIGN -250 168 A8 Ẁ LATIN CAPITAL LETTER W WITH GRAVE -251 169 A9 © COPYRIGHT SIGN -252 170 AA Ẃ LATIN CAPITAL LETTER W WITH ACUTE -253 171 AB ḋ LATIN SMALL LETTER D WITH DOT ABOVE -254 172 AC Ỳ LATIN CAPITAL LETTER Y WITH GRAVE -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF Ÿ LATIN CAPITAL LETTER Y WITH DIAERESIS -260 176 B0 Ḟ LATIN CAPITAL LETTER F WITH DOT ABOVE -261 177 B1 ḟ LATIN SMALL LETTER F WITH DOT ABOVE -262 178 B2 Ġ LATIN CAPITAL LETTER G WITH DOT ABOVE -263 179 B3 ġ LATIN SMALL LETTER G WITH DOT ABOVE -264 180 B4 Ṁ LATIN CAPITAL LETTER M WITH DOT ABOVE -265 181 B5 ṁ LATIN SMALL LETTER M WITH DOT ABOVE -266 182 B6 ¶ PILCROW SIGN -267 183 B7 Ṗ LATIN CAPITAL LETTER P WITH DOT ABOVE -270 184 B8 ẁ LATIN SMALL LETTER W WITH GRAVE -271 185 B9 ṗ LATIN SMALL LETTER P WITH DOT ABOVE -272 186 BA ẃ LATIN SMALL LETTER W WITH ACUTE -273 187 BB Ṡ LATIN CAPITAL LETTER S WITH DOT ABOVE -274 188 BC ỳ LATIN SMALL LETTER Y WITH GRAVE -275 189 BD Ẅ LATIN CAPITAL LETTER W WITH DIAERESIS -276 190 BE ẅ LATIN SMALL LETTER W WITH DIAERESIS -277 191 BF ṡ LATIN SMALL LETTER S WITH DOT ABOVE -300 192 C0 À LATIN CAPITAL LETTER A WITH GRAVE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 à LATIN CAPITAL LETTER A WITH TILDE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 È LATIN CAPITAL LETTER E WITH GRAVE -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ê LATIN CAPITAL LETTER E WITH CIRCUMFLEX -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ì LATIN CAPITAL LETTER I WITH GRAVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -320 208 D0 Ŵ LATIN CAPITAL LETTER W WITH CIRCUMFLEX -321 209 D1 Ñ LATIN CAPITAL LETTER N WITH TILDE -322 210 D2 Ò LATIN CAPITAL LETTER O WITH GRAVE -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 Ṫ LATIN CAPITAL LETTER T WITH DOT ABOVE -330 216 D8 Ø LATIN CAPITAL LETTER O WITH STROKE -331 217 D9 Ù LATIN CAPITAL LETTER U WITH GRAVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ý LATIN CAPITAL LETTER Y WITH ACUTE -336 222 DE Ŷ LATIN CAPITAL LETTER Y WITH CIRCUMFLEX -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 à LATIN SMALL LETTER A WITH GRAVE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ã LATIN SMALL LETTER A WITH TILDE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 è LATIN SMALL LETTER E WITH GRAVE -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ê LATIN SMALL LETTER E WITH CIRCUMFLEX -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ì LATIN SMALL LETTER I WITH GRAVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -360 240 F0 ŵ LATIN SMALL LETTER W WITH CIRCUMFLEX -361 241 F1 ñ LATIN SMALL LETTER N WITH TILDE -362 242 F2 ò LATIN SMALL LETTER O WITH GRAVE -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ṫ LATIN SMALL LETTER T WITH DOT ABOVE -370 248 F8 ø LATIN SMALL LETTER O WITH STROKE -371 249 F9 ù LATIN SMALL LETTER U WITH GRAVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ý LATIN SMALL LETTER Y WITH ACUTE -376 254 FE ŷ LATIN SMALL LETTER Y WITH CIRCUMFLEX -377 255 FF ÿ LATIN SMALL LETTER Y WITH DIAERESIS -.TE -.SH NOTES -ISO/IEC\~8859-14 is also known as Latin-8. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-15.7 b/man7/iso_8859-15.7 deleted file mode 100644 index fb6d681..0000000 --- a/man7/iso_8859-15.7 +++ /dev/null @@ -1,149 +0,0 @@ -'\" t -.\" Copyright 1993-1995 Daniel Quinlan (quinlan@yggdrasil.com) -.\" Copyright 1999 Dimitri Papadopoulos (dpo@club-internet.fr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-15 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-15 \- ISO/IEC\~8859-15 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-15 encodes the -characters used in many West European languages and adds the Euro sign. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-15 characters -The following table displays the characters in ISO/IEC\~8859-15 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 ¡ INVERTED EXCLAMATION MARK -242 162 A2 ¢ CENT SIGN -243 163 A3 £ POUND SIGN -244 164 A4 € EURO SIGN -245 165 A5 ¥ YEN SIGN -246 166 A6 Š LATIN CAPITAL LETTER S WITH CARON -247 167 A7 § SECTION SIGN -250 168 A8 š LATIN SMALL LETTER S WITH CARON -251 169 A9 © COPYRIGHT SIGN -252 170 AA ª FEMININE ORDINAL INDICATOR -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF ¯ MACRON -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 Ž LATIN CAPITAL LETTER Z WITH CARON -265 181 B5 µ MICRO SIGN -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ž LATIN SMALL LETTER Z WITH CARON -271 185 B9 ¹ SUPERSCRIPT ONE -272 186 BA º MASCULINE ORDINAL INDICATOR -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC Œ LATIN CAPITAL LIGATURE OE -275 189 BD œ LATIN SMALL LIGATURE OE -276 190 BE Ÿ LATIN CAPITAL LETTER Y WITH DIAERESIS -277 191 BF ¿ INVERTED QUESTION MARK -300 192 C0 À LATIN CAPITAL LETTER A WITH GRAVE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 à LATIN CAPITAL LETTER A WITH TILDE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 È LATIN CAPITAL LETTER E WITH GRAVE -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ê LATIN CAPITAL LETTER E WITH CIRCUMFLEX -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ì LATIN CAPITAL LETTER I WITH GRAVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -320 208 D0 Ð LATIN CAPITAL LETTER ETH -321 209 D1 Ñ LATIN CAPITAL LETTER N WITH TILDE -322 210 D2 Ò LATIN CAPITAL LETTER O WITH GRAVE -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ø LATIN CAPITAL LETTER O WITH STROKE -331 217 D9 Ù LATIN CAPITAL LETTER U WITH GRAVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ý LATIN CAPITAL LETTER Y WITH ACUTE -336 222 DE Þ LATIN CAPITAL LETTER THORN -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 à LATIN SMALL LETTER A WITH GRAVE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ã LATIN SMALL LETTER A WITH TILDE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 è LATIN SMALL LETTER E WITH GRAVE -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ê LATIN SMALL LETTER E WITH CIRCUMFLEX -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ì LATIN SMALL LETTER I WITH GRAVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -360 240 F0 ð LATIN SMALL LETTER ETH -361 241 F1 ñ LATIN SMALL LETTER N WITH TILDE -362 242 F2 ò LATIN SMALL LETTER O WITH GRAVE -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ø LATIN SMALL LETTER O WITH STROKE -371 249 F9 ù LATIN SMALL LETTER U WITH GRAVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ý LATIN SMALL LETTER Y WITH ACUTE -376 254 FE þ LATIN SMALL LETTER THORN -377 255 FF ÿ LATIN SMALL LETTER Y WITH DIAERESIS -.TE -.SH NOTES -ISO/IEC\~8859-15 is also known as Latin-9 (or sometimes as Latin-0). -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR cp1252 (7), -.BR iso_8859\-1 (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-16.7 b/man7/iso_8859-16.7 deleted file mode 100644 index 9e3fdd3..0000000 --- a/man7/iso_8859-16.7 +++ /dev/null @@ -1,147 +0,0 @@ -'\" t -.\" Copyright 2002 Ionel Mugurel Ciobîcă (IMCiobica@netscape.net) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-16 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-16 \- ISO/IEC\~8859-16 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-16 encodes the -Latin characters used in Southeast European languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-16 characters -The following table displays the characters in ISO/IEC\~8859-16 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 Ą LATIN CAPITAL LETTER A WITH OGONEK -242 162 A2 ą LATIN SMALL LETTER A WITH OGONEK -243 163 A3 Ł LATIN CAPITAL LETTER L WITH STROKE -244 164 A4 € EURO SIGN -245 165 A5 „ DOUBLE LOW-9 QUOTATION MARK -246 166 A6 Š LATIN CAPITAL LETTER S WITH CARON -247 167 A7 § SECTION SIGN -250 168 A8 š LATIN SMALL LETTER S WITH CARON -251 169 A9 © COPYRIGHT SIGN -252 170 AA Ș LATIN CAPITAL LETTER S WITH COMMA BELOW -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC Ź LATIN CAPITAL LETTER Z WITH ACUTE -255 173 AD ­ SOFT HYPHEN -256 174 AE ź LATIN SMALL LETTER Z WITH ACUTE -257 175 AF Ż LATIN CAPITAL LETTER Z WITH DOT ABOVE -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 Č LATIN CAPITAL LETTER C WITH CARON -263 179 B3 ł LATIN SMALL LETTER L WITH STROKE -264 180 B4 Ž LATIN CAPITAL LETTER Z WITH CARON -265 181 B5 ” LEFT DOUBLE QUOTATION MARK -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ž LATIN SMALL LETTER Z WITH CARON -271 185 B9 č LATIN SMALL LETTER C WITH CARON -272 186 BA ș LATIN SMALL LETTER S WITH COMMA BELOW -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC Œ LATIN CAPITAL LIGATURE OE -275 189 BD œ LATIN SMALL LIGATURE OE -276 190 BE Ÿ LATIN CAPITAL LETTER Y WITH DIAERESIS -277 191 BF ż LATIN SMALL LETTER Z WITH DOT ABOVE -300 192 C0 À LATIN CAPITAL LETTER A WITH GRAVE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 Ă LATIN CAPITAL LETTER A WITH BREVE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Ć LATIN CAPITAL LETTER C WITH ACUTE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 È LATIN CAPITAL LETTER E WITH GRAVE -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ê LATIN CAPITAL LETTER E WITH CIRCUMFLEX -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ì LATIN CAPITAL LETTER I WITH GRAVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -320 208 D0 Đ LATIN CAPITAL LETTER D WITH STROKE -321 209 D1 Ń LATIN CAPITAL LETTER N WITH ACUTE -322 210 D2 Ò LATIN CAPITAL LETTER O WITH GRAVE -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Ő LATIN CAPITAL LETTER O WITH DOUBLE ACUTE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 Ś LATIN CAPITAL LETTER S WITH ACUTE -330 216 D8 Ű LATIN CAPITAL LETTER U WITH DOUBLE ACUTE -331 217 D9 Ù LATIN CAPITAL LETTER U WITH GRAVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ę LATIN CAPITAL LETTER E WITH OGONEK -336 222 DE Ț LATIN CAPITAL LETTER T WITH COMMA BELOW -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 à LATIN SMALL LETTER A WITH GRAVE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ă LATIN SMALL LETTER A WITH BREVE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 ć LATIN SMALL LETTER C WITH ACUTE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 è LATIN SMALL LETTER E WITH GRAVE -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ê LATIN SMALL LETTER E WITH CIRCUMFLEX -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ì LATIN SMALL LETTER I WITH GRAVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -360 240 F0 đ LATIN SMALL LETTER D WITH STROKE -361 241 F1 ń LATIN SMALL LETTER N WITH ACUTE -362 242 F2 ò LATIN SMALL LETTER O WITH GRAVE -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 ő LATIN SMALL LETTER O WITH DOUBLE ACUTE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ś LATIN SMALL LETTER S WITH ACUTE -370 248 F8 ű LATIN SMALL LETTER U WITH DOUBLE ACUTE -371 249 F9 ù LATIN SMALL LETTER U WITH GRAVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ę LATIN SMALL LETTER E WITH OGONEK -376 254 FE ț LATIN SMALL LETTER T WITH COMMA BELOW -377 255 FF ÿ LATIN SMALL LETTER Y WITH DIAERESIS -.TE -.SH NOTES -ISO/IEC\~8859-16 is also known as Latin-10. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR iso_8859\-3 (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-2.7 b/man7/iso_8859-2.7 deleted file mode 100644 index 225fbaa..0000000 --- a/man7/iso_8859-2.7 +++ /dev/null @@ -1,151 +0,0 @@ -'\" t -.\" Copyright 1999 Roman Maurer (roman.maurer@hermes.si) -.\" Copyright 1993-1995 Daniel Quinlan (quinlan@yggdrasil.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Slightly rearranged, aeb, 950713 -.\" Updated, dpo, 990531 -.TH ISO_8859-2 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-2 \- ISO/IEC\~8859-2 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-2 encodes the -Latin characters used in many Central and East European languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-2 characters -The following table displays the characters in ISO/IEC\~8859-2 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 Ą LATIN CAPITAL LETTER A WITH OGONEK -242 162 A2 ˘ BREVE -243 163 A3 Ł LATIN CAPITAL LETTER L WITH STROKE -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 Ľ LATIN CAPITAL LETTER L WITH CARON -246 166 A6 Ś LATIN CAPITAL LETTER S WITH ACUTE -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 Š LATIN CAPITAL LETTER S WITH CARON -252 170 AA Ş LATIN CAPITAL LETTER S WITH CEDILLA -253 171 AB Ť LATIN CAPITAL LETTER T WITH CARON -254 172 AC Ź LATIN CAPITAL LETTER Z WITH ACUTE -255 173 AD ­ SOFT HYPHEN -256 174 AE Ž LATIN CAPITAL LETTER Z WITH CARON -257 175 AF Ż LATIN CAPITAL LETTER Z WITH DOT ABOVE -260 176 B0 ° DEGREE SIGN -261 177 B1 ą LATIN SMALL LETTER A WITH OGONEK -262 178 B2 ˛ OGONEK -263 179 B3 ł LATIN SMALL LETTER L WITH STROKE -264 180 B4 ´ ACUTE ACCENT -265 181 B5 ľ LATIN SMALL LETTER L WITH CARON -266 182 B6 ś LATIN SMALL LETTER S WITH ACUTE -267 183 B7 ˇ CARON -270 184 B8 ¸ CEDILLA -271 185 B9 š LATIN SMALL LETTER S WITH CARON -272 186 BA ş LATIN SMALL LETTER S WITH CEDILLA -273 187 BB ť LATIN SMALL LETTER T WITH CARON -274 188 BC ź LATIN SMALL LETTER Z WITH ACUTE -275 189 BD ˝ DOUBLE ACUTE ACCENT -276 190 BE ž LATIN SMALL LETTER Z WITH CARON -277 191 BF ż LATIN SMALL LETTER Z WITH DOT ABOVE -300 192 C0 Ŕ LATIN CAPITAL LETTER R WITH ACUTE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 Ă LATIN CAPITAL LETTER A WITH BREVE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Ĺ LATIN CAPITAL LETTER L WITH ACUTE -306 198 C6 Ć LATIN CAPITAL LETTER C WITH ACUTE -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 Č LATIN CAPITAL LETTER C WITH CARON -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ę LATIN CAPITAL LETTER E WITH OGONEK -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ě LATIN CAPITAL LETTER E WITH CARON -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ď LATIN CAPITAL LETTER D WITH CARON -320 208 D0 Đ LATIN CAPITAL LETTER D WITH STROKE -321 209 D1 Ń LATIN CAPITAL LETTER N WITH ACUTE -322 210 D2 Ň LATIN CAPITAL LETTER N WITH CARON -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Ő LATIN CAPITAL LETTER O WITH DOUBLE ACUTE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ř LATIN CAPITAL LETTER R WITH CARON -331 217 D9 Ů LATIN CAPITAL LETTER U WITH RING ABOVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Ű LATIN CAPITAL LETTER U WITH DOUBLE ACUTE -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ý LATIN CAPITAL LETTER Y WITH ACUTE -336 222 DE Ţ LATIN CAPITAL LETTER T WITH CEDILLA -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 ŕ LATIN SMALL LETTER R WITH ACUTE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ă LATIN SMALL LETTER A WITH BREVE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 ĺ LATIN SMALL LETTER L WITH ACUTE -346 230 E6 ć LATIN SMALL LETTER C WITH ACUTE -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 č LATIN SMALL LETTER C WITH CARON -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ę LATIN SMALL LETTER E WITH OGONEK -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ě LATIN SMALL LETTER E WITH CARON -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ď LATIN SMALL LETTER D WITH CARON -360 240 F0 đ LATIN SMALL LETTER D WITH STROKE -361 241 F1 ń LATIN SMALL LETTER N WITH ACUTE -362 242 F2 ň LATIN SMALL LETTER N WITH CARON -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 ő LATIN SMALL LETTER O WITH DOUBLE ACUTE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ř LATIN SMALL LETTER R WITH CARON -371 249 F9 ů LATIN SMALL LETTER U WITH RING ABOVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB ű LATIN SMALL LETTER U WITH DOUBLE ACUTE -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ý LATIN SMALL LETTER Y WITH ACUTE -376 254 FE ţ LATIN SMALL LETTER T WITH CEDILLA -377 255 FF ˙ DOT ABOVE -.TE -.SH NOTES -ISO/IEC\~8859-2 is also known as Latin-2. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR iso_8859\-1 (7), -.BR iso_8859\-16 (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-3.7 b/man7/iso_8859-3.7 deleted file mode 100644 index 29c9e59..0000000 --- a/man7/iso_8859-3.7 +++ /dev/null @@ -1,139 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-3 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-3 \- ISO/IEC\~8859-3 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-3 encodes the -characters used in certain Southeast European languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-3 characters -The following table displays the characters in ISO/IEC\~8859-3 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 Ħ LATIN CAPITAL LETTER H WITH STROKE -242 162 A2 ˘ BREVE -243 163 A3 £ POUND SIGN -244 164 A4 ¤ CURRENCY SIGN -246 166 A6 Ĥ LATIN CAPITAL LETTER H WITH CIRCUMFLEX -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 İ LATIN CAPITAL LETTER I WITH DOT ABOVE -252 170 AA Ş LATIN CAPITAL LETTER S WITH CEDILLA -253 171 AB Ğ LATIN CAPITAL LETTER G WITH BREVE -254 172 AC Ĵ LATIN CAPITAL LETTER J WITH CIRCUMFLEX -255 173 AD ­ SOFT HYPHEN -257 175 AF Ż LATIN CAPITAL LETTER Z WITH DOT ABOVE -260 176 B0 ° DEGREE SIGN -261 177 B1 ħ LATIN SMALL LETTER H WITH STROKE -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 ´ ACUTE ACCENT -265 181 B5 µ MICRO SIGN -266 182 B6 ĥ LATIN SMALL LETTER H WITH CIRCUMFLEX -267 183 B7 · MIDDLE DOT -270 184 B8 ¸ CEDILLA -271 185 B9 ı LATIN SMALL LETTER DOTLESS I -272 186 BA ş LATIN SMALL LETTER S WITH CEDILLA -273 187 BB ğ LATIN SMALL LETTER G WITH BREVE -274 188 BC ĵ LATIN SMALL LETTER J WITH CIRCUMFLEX -275 189 BD ½ VULGAR FRACTION ONE HALF -277 191 BF ż LATIN SMALL LETTER Z WITH DOT ABOVE -300 192 C0 À LATIN CAPITAL LETTER A WITH GRAVE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Ċ LATIN CAPITAL LETTER C WITH DOT ABOVE -306 198 C6 Ĉ LATIN CAPITAL LETTER C WITH CIRCUMFLEX -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 È LATIN CAPITAL LETTER E WITH GRAVE -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ê LATIN CAPITAL LETTER E WITH CIRCUMFLEX -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ì LATIN CAPITAL LETTER I WITH GRAVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -321 209 D1 Ñ LATIN CAPITAL LETTER N WITH TILDE -322 210 D2 Ò LATIN CAPITAL LETTER O WITH GRAVE -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Ġ LATIN CAPITAL LETTER G WITH DOT ABOVE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ĝ LATIN CAPITAL LETTER G WITH CIRCUMFLEX -331 217 D9 Ù LATIN CAPITAL LETTER U WITH GRAVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ŭ LATIN CAPITAL LETTER U WITH BREVE -336 222 DE Ŝ LATIN CAPITAL LETTER S WITH CIRCUMFLEX -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 à LATIN SMALL LETTER A WITH GRAVE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 ċ LATIN SMALL LETTER C WITH DOT ABOVE -346 230 E6 ĉ LATIN SMALL LETTER C WITH CIRCUMFLEX -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 è LATIN SMALL LETTER E WITH GRAVE -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ê LATIN SMALL LETTER E WITH CIRCUMFLEX -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ì LATIN SMALL LETTER I WITH GRAVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -361 241 F1 ñ LATIN SMALL LETTER N WITH TILDE -362 242 F2 ò LATIN SMALL LETTER O WITH GRAVE -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 ġ LATIN SMALL LETTER G WITH DOT ABOVE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ĝ LATIN SMALL LETTER G WITH CIRCUMFLEX -371 249 F9 ù LATIN SMALL LETTER U WITH GRAVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ŭ LATIN SMALL LETTER U WITH BREVE -376 254 FE ŝ LATIN SMALL LETTER S WITH CIRCUMFLEX -377 255 FF ˙ DOT ABOVE -.TE -.SH NOTES -ISO/IEC\~8859-3 is also known as Latin-3. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-4.7 b/man7/iso_8859-4.7 deleted file mode 100644 index d772f62..0000000 --- a/man7/iso_8859-4.7 +++ /dev/null @@ -1,146 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-4 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-4 \- ISO/IEC\~8859-4 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-4 encodes the -characters used in Scandinavian and Baltic languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-4 characters -The following table displays the characters in ISO/IEC\~8859-4 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 Ą LATIN CAPITAL LETTER A WITH OGONEK -242 162 A2 ĸ LATIN SMALL LETTER KRA (Greenlandic) -243 163 A3 Ŗ LATIN CAPITAL LETTER R WITH CEDILLA -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 Ĩ LATIN CAPITAL LETTER I WITH TILDE -246 166 A6 Ļ LATIN CAPITAL LETTER L WITH CEDILLA -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 Š LATIN CAPITAL LETTER S WITH CARON -252 170 AA Ē LATIN CAPITAL LETTER E WITH MACRON -253 171 AB Ģ LATIN CAPITAL LETTER G WITH CEDILLA -254 172 AC Ŧ LATIN CAPITAL LETTER T WITH STROKE -255 173 AD ­ SOFT HYPHEN -256 174 AE Ž LATIN CAPITAL LETTER Z WITH CARON -257 175 AF ¯ MACRON -260 176 B0 ° DEGREE SIGN -261 177 B1 ą LATIN SMALL LETTER A WITH OGONEK -262 178 B2 ˛ OGONEK -263 179 B3 ŗ LATIN SMALL LETTER R WITH CEDILLA -264 180 B4 ´ ACUTE ACCENT -265 181 B5 ĩ LATIN SMALL LETTER I WITH TILDE -266 182 B6 ļ LATIN SMALL LETTER L WITH CEDILLA -267 183 B7 ˇ CARON -270 184 B8 ¸ CEDILLA -271 185 B9 š LATIN SMALL LETTER S WITH CARON -272 186 BA ē LATIN SMALL LETTER E WITH MACRON -273 187 BB ģ LATIN SMALL LETTER G WITH CEDILLA -274 188 BC ŧ LATIN SMALL LETTER T WITH STROKE -275 189 BD Ŋ LATIN CAPITAL LETTER ENG -276 190 BE ž LATIN SMALL LETTER Z WITH CARON -277 191 BF ŋ LATIN SMALL LETTER ENG -300 192 C0 Ā LATIN CAPITAL LETTER A WITH MACRON -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 à LATIN CAPITAL LETTER A WITH TILDE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Į LATIN CAPITAL LETTER I WITH OGONEK -310 200 C8 Č LATIN CAPITAL LETTER C WITH CARON -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ę LATIN CAPITAL LETTER E WITH OGONEK -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ė LATIN CAPITAL LETTER E WITH DOT ABOVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ī LATIN CAPITAL LETTER I WITH MACRON -320 208 D0 Đ LATIN CAPITAL LETTER D WITH STROKE -321 209 D1 Ņ LATIN CAPITAL LETTER N WITH CEDILLA -322 210 D2 Ō LATIN CAPITAL LETTER O WITH MACRON -323 211 D3 Ķ LATIN CAPITAL LETTER K WITH CEDILLA -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ø LATIN CAPITAL LETTER O WITH STROKE -331 217 D9 Ų LATIN CAPITAL LETTER U WITH OGONEK -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD Ũ LATIN CAPITAL LETTER U WITH TILDE -336 222 DE Ū LATIN CAPITAL LETTER U WITH MACRON -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 ā LATIN SMALL LETTER A WITH MACRON -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ã LATIN SMALL LETTER A WITH TILDE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 į LATIN SMALL LETTER I WITH OGONEK -350 232 E8 č LATIN SMALL LETTER C WITH CARON -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ę LATIN SMALL LETTER E WITH OGONEK -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ė LATIN SMALL LETTER E WITH DOT ABOVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ī LATIN SMALL LETTER I WITH MACRON -360 240 F0 đ LATIN SMALL LETTER D WITH STROKE -361 241 F1 ņ LATIN SMALL LETTER N WITH CEDILLA -362 242 F2 ō LATIN SMALL LETTER O WITH MACRON -363 243 F3 ķ LATIN SMALL LETTER K WITH CEDILLA -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ø LATIN SMALL LETTER O WITH STROKE -371 249 F9 ų LATIN SMALL LETTER U WITH OGONEK -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ũ LATIN SMALL LETTER U WITH TILDE -376 254 FE ū LATIN SMALL LETTER U WITH MACRON -377 255 FF ˙ DOT ABOVE -.TE -.SH NOTES -ISO/IEC\~8859-4 is also known as Latin-4. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-5.7 b/man7/iso_8859-5.7 deleted file mode 100644 index 6100a1d..0000000 --- a/man7/iso_8859-5.7 +++ /dev/null @@ -1,151 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-5 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-5 \- ISO/IEC\~8859-5 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-5 encodes the -Cyrillic characters used in many East European languages. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-5 characters -The following table displays the characters in ISO/IEC\~8859-5 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 Ё CYRILLIC CAPITAL LETTER IO -242 162 A2 Ђ CYRILLIC CAPITAL LETTER DJE -243 163 A3 Ѓ CYRILLIC CAPITAL LETTER GJE -244 164 A4 Є CYRILLIC CAPITAL LETTER UKRAINIAN IE -245 165 A5 Ѕ CYRILLIC CAPITAL LETTER DZE -246 166 A6 І T{ -CYRILLIC CAPITAL LETTER -.br -BYELORUSSIAN-UKRAINIAN I -T} -247 167 A7 Ї CYRILLIC CAPITAL LETTER YI -250 168 A8 Ј CYRILLIC CAPITAL LETTER JE -251 169 A9 Љ CYRILLIC CAPITAL LETTER LJE -252 170 AA Њ CYRILLIC CAPITAL LETTER NJE -253 171 AB Ћ CYRILLIC CAPITAL LETTER TSHE -254 172 AC Ќ CYRILLIC CAPITAL LETTER KJE -255 173 AD ­ SOFT HYPHEN -256 174 AE Ў CYRILLIC CAPITAL LETTER SHORT U -257 175 AF Џ CYRILLIC CAPITAL LETTER DZHE -260 176 B0 А CYRILLIC CAPITAL LETTER A -261 177 B1 Б CYRILLIC CAPITAL LETTER BE -262 178 B2 В CYRILLIC CAPITAL LETTER VE -263 179 B3 Г CYRILLIC CAPITAL LETTER GHE -264 180 B4 Д CYRILLIC CAPITAL LETTER DE -265 181 B5 Е CYRILLIC CAPITAL LETTER IE -266 182 B6 Ж CYRILLIC CAPITAL LETTER ZHE -267 183 B7 З CYRILLIC CAPITAL LETTER ZE -270 184 B8 И CYRILLIC CAPITAL LETTER I -271 185 B9 Й CYRILLIC CAPITAL LETTER SHORT I -272 186 BA К CYRILLIC CAPITAL LETTER KA -273 187 BB Л CYRILLIC CAPITAL LETTER EL -274 188 BC М CYRILLIC CAPITAL LETTER EM -275 189 BD Н CYRILLIC CAPITAL LETTER EN -276 190 BE О CYRILLIC CAPITAL LETTER O -277 191 BF П CYRILLIC CAPITAL LETTER PE -300 192 C0 Р CYRILLIC CAPITAL LETTER ER -301 193 C1 С CYRILLIC CAPITAL LETTER ES -302 194 C2 Т CYRILLIC CAPITAL LETTER TE -303 195 C3 У CYRILLIC CAPITAL LETTER U -304 196 C4 Ф CYRILLIC CAPITAL LETTER EF -305 197 C5 Х CYRILLIC CAPITAL LETTER HA -306 198 C6 Ц CYRILLIC CAPITAL LETTER TSE -307 199 C7 Ч CYRILLIC CAPITAL LETTER CHE -310 200 C8 Ш CYRILLIC CAPITAL LETTER SHA -311 201 C9 Щ CYRILLIC CAPITAL LETTER SHCHA -312 202 CA Ъ CYRILLIC CAPITAL LETTER HARD SIGN -313 203 CB Ы CYRILLIC CAPITAL LETTER YERU -314 204 CC Ь CYRILLIC CAPITAL LETTER SOFT SIGN -315 205 CD Э CYRILLIC CAPITAL LETTER E -316 206 CE Ю CYRILLIC CAPITAL LETTER YU -317 207 CF Я CYRILLIC CAPITAL LETTER YA -320 208 D0 а CYRILLIC SMALL LETTER A -321 209 D1 б CYRILLIC SMALL LETTER BE -322 210 D2 в CYRILLIC SMALL LETTER VE -323 211 D3 г CYRILLIC SMALL LETTER GHE -324 212 D4 д CYRILLIC SMALL LETTER DE -325 213 D5 е CYRILLIC SMALL LETTER IE -326 214 D6 ж CYRILLIC SMALL LETTER ZHE -327 215 D7 з CYRILLIC SMALL LETTER ZE -330 216 D8 и CYRILLIC SMALL LETTER I -331 217 D9 й CYRILLIC SMALL LETTER SHORT I -332 218 DA к CYRILLIC SMALL LETTER KA -333 219 DB л CYRILLIC SMALL LETTER EL -334 220 DC м CYRILLIC SMALL LETTER EM -335 221 DD н CYRILLIC SMALL LETTER EN -336 222 DE о CYRILLIC SMALL LETTER O -337 223 DF п CYRILLIC SMALL LETTER PE -340 224 E0 р CYRILLIC SMALL LETTER ER -341 225 E1 с CYRILLIC SMALL LETTER ES -342 226 E2 т CYRILLIC SMALL LETTER TE -343 227 E3 у CYRILLIC SMALL LETTER U -344 228 E4 ф CYRILLIC SMALL LETTER EF -345 229 E5 х CYRILLIC SMALL LETTER HA -346 230 E6 ц CYRILLIC SMALL LETTER TSE -347 231 E7 ч CYRILLIC SMALL LETTER CHE -350 232 E8 ш CYRILLIC SMALL LETTER SHA -351 233 E9 щ CYRILLIC SMALL LETTER SHCHA -352 234 EA ъ CYRILLIC SMALL LETTER HARD SIGN -353 235 EB ы CYRILLIC SMALL LETTER YERU -354 236 EC ь CYRILLIC SMALL LETTER SOFT SIGN -355 237 ED э CYRILLIC SMALL LETTER E -356 238 EE ю CYRILLIC SMALL LETTER YU -357 239 EF я CYRILLIC SMALL LETTER YA -360 240 F0 № NUMERO SIGN -361 241 F1 ё CYRILLIC SMALL LETTER IO -362 242 F2 ђ CYRILLIC SMALL LETTER DJE -363 243 F3 ѓ CYRILLIC SMALL LETTER GJE -364 244 F4 є CYRILLIC SMALL LETTER UKRAINIAN IE -365 245 F5 ѕ CYRILLIC SMALL LETTER DZE -366 246 F6 і CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I -367 247 F7 ї CYRILLIC SMALL LETTER YI -370 248 F8 ј CYRILLIC SMALL LETTER JE -371 249 F9 љ CYRILLIC SMALL LETTER LJE -372 250 FA њ CYRILLIC SMALL LETTER NJE -373 251 FB ј CYRILLIC SMALL LETTER TSHE -374 252 FC ќ CYRILLIC SMALL LETTER KJE -375 253 FD § SECTION SIGN -376 254 FE ў CYRILLIC SMALL LETTER SHORT U -377 255 FF џ CYRILLIC SMALL LETTER DZHE -.TE -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR cp1251 (7), -.BR koi8\-r (7), -.BR koi8\-u (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-6.7 b/man7/iso_8859-6.7 deleted file mode 100644 index f1b4b5c..0000000 --- a/man7/iso_8859-6.7 +++ /dev/null @@ -1,104 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-6 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-6 -\- -ISO/IEC\~8859-6 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-6 encodes the -characters used in the Arabic language. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-6 characters -The following table displays the characters in ISO/IEC\~8859-6 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -244 164 A4 ¤ CURRENCY SIGN -254 172 AC ، ARABIC COMMA -255 173 AD ­ SOFT HYPHEN -273 187 BB ؛ ARABIC SEMICOLON -277 191 BF ؟ ARABIC QUESTION MARK -301 193 C1 ء ARABIC LETTER HAMZA -302 194 C2 آ ARABIC LETTER ALEF WITH MADDA ABOVE -303 195 C3 أ ARABIC LETTER ALEF WITH HAMZA ABOVE -304 196 C4 ؤ ARABIC LETTER WAW WITH HAMZA ABOVE -305 197 C5 إ ARABIC LETTER ALEF WITH HAMZA BELOW -306 198 C6 ئ ARABIC LETTER YEH WITH HAMZA ABOVE -307 199 C7 ا ARABIC LETTER ALEF -310 200 C8 ب ARABIC LETTER BEH -311 201 C9 ة ARABIC LETTER TEH MARBUTA -312 202 CA ت ARABIC LETTER TEH -313 203 CB ث ARABIC LETTER THEH -314 204 CC ج ARABIC LETTER JEEM -315 205 CD ح ARABIC LETTER HAH -316 206 CE خ ARABIC LETTER KHAH -317 207 CF د ARABIC LETTER DAL -320 208 D0 ذ ARABIC LETTER THAL -321 209 D1 ر ARABIC LETTER REH -322 210 D2 ز ARABIC LETTER ZAIN -323 211 D3 س ARABIC LETTER SEEN -324 212 D4 ش ARABIC LETTER SHEEN -325 213 D5 ص ARABIC LETTER SAD -326 214 D6 ض ARABIC LETTER DAD -327 215 D7 ط ARABIC LETTER TAH -330 216 D8 ظ ARABIC LETTER ZAH -331 217 D9 ع ARABIC LETTER AIN -332 218 DA غ ARABIC LETTER GHAIN -340 224 E0 ـ ARABIC TATWEEL -341 225 E1 ف ARABIC LETTER FEH -342 226 E2 ق ARABIC LETTER QAF -343 227 E3 ك ARABIC LETTER KAF -344 228 E4 ل ARABIC LETTER LAM -345 229 E5 م ARABIC LETTER MEEM -346 230 E6 ن ARABIC LETTER NOON -347 231 E7 ه ARABIC LETTER HEH -350 232 E8 و ARABIC LETTER WAW -351 233 E9 ى ARABIC LETTER ALEF MAKSURA -352 234 EA ي ARABIC LETTER YEH -353 235 EB ً ARABIC FATHATAN -354 236 EC ٌ ARABIC DAMMATAN -355 237 ED ٍ ARABIC KASRATAN -356 238 EE َ ARABIC FATHA -357 239 EF ُ ARABIC DAMMA -360 240 F0 ِ ARABIC KASRA -361 241 F1 ّ ARABIC SHADDA -362 242 F2 ْ ARABIC SUKUN -.TE -.SH NOTES -ISO/IEC\~8859-6 lacks the glyphs required for many related languages, -such as Urdu and Persian (Farsi). -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-7.7 b/man7/iso_8859-7.7 deleted file mode 100644 index 242359c..0000000 --- a/man7/iso_8859-7.7 +++ /dev/null @@ -1,150 +0,0 @@ -'\" t -.\" Copyright 1999 Dimitri Papadopoulos (dpo@club-internet.fr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-7 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-7 \- ISO/IEC\~8859-7 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-7 encodes the -characters used in modern monotonic Greek. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-7 characters -The following table displays the characters in ISO/IEC\~8859-7 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 ‘ LEFT SINGLE QUOTATION MARK -242 162 A2 ’ RIGHT SINGLE QUOTATION MARK -243 163 A3 £ POUND SIGN -244 164 A4 € EURO SIGN -245 165 A5 ₯ DRACHMA SIGN -246 166 A6 ¦ BROKEN BAR -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 © COPYRIGHT SIGN -252 170 AA ͺ GREEK YPOGEGRAMMENI -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -257 175 AF ― HORIZONTAL BAR -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 ΄ GREEK TONOS -265 181 B5 ΅ GREEK DIALYTIKA TONOS -266 182 B6 Ά GREEK CAPITAL LETTER ALPHA WITH TONOS -267 183 B7 · MIDDLE DOT -270 184 B8 Έ GREEK CAPITAL LETTER EPSILON WITH TONOS -271 185 B9 Ή GREEK CAPITAL LETTER ETA WITH TONOS -272 186 BA Ί GREEK CAPITAL LETTER IOTA WITH TONOS -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC Ό GREEK CAPITAL LETTER OMICRON WITH TONOS -275 189 BD ½ VULGAR FRACTION ONE HALF -276 190 BE Ύ GREEK CAPITAL LETTER UPSILON WITH TONOS -277 191 BF Ώ GREEK CAPITAL LETTER OMEGA WITH TONOS -300 192 C0 ΐ T{ -GREEK SMALL LETTER IOTA WITH -.br -DIALYTIKA AND TONOS -T} -301 193 C1 Α GREEK CAPITAL LETTER ALPHA -302 194 C2 Β GREEK CAPITAL LETTER BETA -303 195 C3 Γ GREEK CAPITAL LETTER GAMMA -304 196 C4 Δ GREEK CAPITAL LETTER DELTA -305 197 C5 Ε GREEK CAPITAL LETTER EPSILON -306 198 C6 Ζ GREEK CAPITAL LETTER ZETA -307 199 C7 Η GREEK CAPITAL LETTER ETA -310 200 C8 Θ GREEK CAPITAL LETTER THETA -311 201 C9 Ι GREEK CAPITAL LETTER IOTA -312 202 CA Κ GREEK CAPITAL LETTER KAPPA -313 203 CB Λ GREEK CAPITAL LETTER LAMBDA -314 204 CC Μ GREEK CAPITAL LETTER MU -315 205 CD Ν GREEK CAPITAL LETTER NU -316 206 CE Ξ GREEK CAPITAL LETTER XI -317 207 CF Ο GREEK CAPITAL LETTER OMICRON -320 208 D0 Π GREEK CAPITAL LETTER PI -321 209 D1 Ρ GREEK CAPITAL LETTER RHO -323 211 D3 Σ GREEK CAPITAL LETTER SIGMA -324 212 D4 Τ GREEK CAPITAL LETTER TAU -325 213 D5 Υ GREEK CAPITAL LETTER UPSILON -326 214 D6 Φ GREEK CAPITAL LETTER PHI -327 215 D7 Χ GREEK CAPITAL LETTER CHI -330 216 D8 Ψ GREEK CAPITAL LETTER PSI -331 217 D9 Ω GREEK CAPITAL LETTER OMEGA -332 218 DA Ϊ GREEK CAPITAL LETTER IOTA WITH DIALYTIKA -333 219 DB Ϋ GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA -334 220 DC ά GREEK SMALL LETTER ALPHA WITH TONOS -335 221 DD έ GREEK SMALL LETTER EPSILON WITH TONOS -336 222 DE ή GREEK SMALL LETTER ETA WITH TONOS -337 223 DF ί GREEK SMALL LETTER IOTA WITH TONOS -340 224 E0 ΰ T{ -GREEK SMALL LETTER UPSILON WITH -DIALYTIKA AND TONOS -T} -341 225 E1 α GREEK SMALL LETTER ALPHA -342 226 E2 β GREEK SMALL LETTER BETA -343 227 E3 γ GREEK SMALL LETTER GAMMA -344 228 E4 δ GREEK SMALL LETTER DELTA -345 229 E5 ε GREEK SMALL LETTER EPSILON -346 230 E6 ζ GREEK SMALL LETTER ZETA -347 231 E7 η GREEK SMALL LETTER ETA -350 232 E8 θ GREEK SMALL LETTER THETA -351 233 E9 ι GREEK SMALL LETTER IOTA -352 234 EA κ GREEK SMALL LETTER KAPPA -353 235 EB λ GREEK SMALL LETTER LAMBDA -354 236 EC μ GREEK SMALL LETTER MU -355 237 ED ν GREEK SMALL LETTER NU -356 238 EE ξ GREEK SMALL LETTER XI -357 239 EF ο GREEK SMALL LETTER OMICRON -360 240 F0 π GREEK SMALL LETTER PI -361 241 F1 ρ GREEK SMALL LETTER RHO -362 242 F2 ς GREEK SMALL LETTER FINAL SIGMA -363 243 F3 σ GREEK SMALL LETTER SIGMA -364 244 F4 τ GREEK SMALL LETTER TAU -365 245 F5 υ GREEK SMALL LETTER UPSILON -366 246 F6 φ GREEK SMALL LETTER PHI -367 247 F7 χ GREEK SMALL LETTER CHI -370 248 F8 ψ GREEK SMALL LETTER PSI -371 249 F9 ω GREEK SMALL LETTER OMEGA -372 250 FA ϊ GREEK SMALL LETTER IOTA WITH DIALYTIKA -373 251 FB ϋ GREEK SMALL LETTER UPSILON WITH DIALYTIKA -374 252 FC ό GREEK SMALL LETTER OMICRON WITH TONOS -375 253 FD ύ GREEK SMALL LETTER UPSILON WITH TONOS -376 254 FE ώ GREEK SMALL LETTER OMEGA WITH TONOS -.TE -.SH NOTES -ISO/IEC\~8859-7 was formerly known as ELOT-928 or ECMA-118:1986. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-8.7 b/man7/iso_8859-8.7 deleted file mode 100644 index 9fcc066..0000000 --- a/man7/iso_8859-8.7 +++ /dev/null @@ -1,114 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis (edimitro@tee.gr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Eli Zaretskii made valuable suggestions -.\" -.TH ISO_8859-8 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-8 \- ISO/IEC\~8859-8 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-8 encodes the -characters used in Modern Hebrew. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-8 characters -The following table displays the characters in ISO/IEC\~8859-8 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0 NO-BREAK SPACE -242 162 A2 ¢ CENT SIGN -243 163 A3 £ POUND SIGN -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 ¥ YEN SIGN -246 166 A6 ¦ BROKEN BAR -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 © COPYRIGHT SIGN -252 170 AA × MULTIPLICATION SIGN -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF ¯ MACRON -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 ´ ACUTE ACCENT -265 181 B5 µ MICRO SIGN -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ¸ CEDILLA -271 185 B9 ¹ SUPERSCRIPT ONE -272 186 BA ÷ DIVISION SIGN -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC ¼ VULGAR FRACTION ONE QUARTER -275 189 BD ½ VULGAR FRACTION ONE HALF -276 190 BE ¾ VULGAR FRACTION THREE QUARTERS -337 223 DF ‗ DOUBLE LOW LINE -340 224 E0 א HEBREW LETTER ALEF -341 225 E1 ב HEBREW LETTER BET -342 226 E2 ג HEBREW LETTER GIMEL -343 227 E3 ד HEBREW LETTER DALET -344 228 E4 ה HEBREW LETTER HE -345 229 E5 ו HEBREW LETTER VAV -346 230 E6 ז HEBREW LETTER ZAYIN -347 231 E7 ח HEBREW LETTER HET -350 232 E8 ט HEBREW LETTER TET -351 233 E9 י HEBREW LETTER YOD -352 234 EA ך HEBREW LETTER FINAL KAF -353 235 EB כ HEBREW LETTER KAF -354 236 EC ל HEBREW LETTER LAMED -355 237 ED ם HEBREW LETTER FINAL MEM -356 238 EE מ HEBREW LETTER MEM -357 239 EF ן HEBREW LETTER FINAL NUN -360 240 F0 נ HEBREW LETTER NUN -361 241 F1 ס HEBREW LETTER SAMEKH -362 242 F2 ע HEBREW LETTER AYIN -363 243 F3 ף HEBREW LETTER FINAL PE -364 244 F4 פ HEBREW LETTER PE -365 245 F5 ץ HEBREW LETTER FINAL TSADI -366 246 F6 צ HEBREW LETTER TSADI -367 247 F7 ק HEBREW LETTER QOF -370 248 F8 ר HEBREW LETTER RESH -371 249 F9 ש HEBREW LETTER SHIN -372 250 FA ת HEBREW LETTER TAV -375 253 FD ‎ LEFT-TO-RIGHT MARK -376 254 FE ‏ RIGHT-TO-LEFT MARK -.TE -.SH NOTES -ISO/IEC\~8859-8 was also known as ISO-IR-138. -ISO/IEC\~8859-8 includes neither short vowels nor diacritical marks, -and Yiddish is not provided for. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859-9.7 b/man7/iso_8859-9.7 deleted file mode 100644 index 4e630d7..0000000 --- a/man7/iso_8859-9.7 +++ /dev/null @@ -1,146 +0,0 @@ -'\" t -.\" Copyright 2002 Dimitri Papadopoulos (dpo@club-internet.fr) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH ISO_8859-9 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -iso_8859-9 \- ISO/IEC\~8859-9 character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -The ISO/IEC\~8859 standard includes several 8-bit extensions to the ASCII -character set (also known as ISO/IEC\~646-IRV). -ISO/IEC\~8859-9 encodes the -characters used in Turkish. -.SS ISO/IEC\~8859 alphabets -The full set of ISO/IEC\~8859 alphabets includes: -.TS -l l. -ISO/IEC\~8859-1 West European languages (Latin-1) -ISO/IEC\~8859-2 Central and East European languages (Latin-2) -ISO/IEC\~8859-3 Southeast European and miscellaneous languages (Latin-3) -ISO/IEC\~8859-4 Scandinavian/Baltic languages (Latin-4) -ISO/IEC\~8859-5 Latin/Cyrillic -ISO/IEC\~8859-6 Latin/Arabic -ISO/IEC\~8859-7 Latin/Greek -ISO/IEC\~8859-8 Latin/Hebrew -ISO/IEC\~8859-9 Latin-1 modification for Turkish (Latin-5) -ISO/IEC\~8859-10 Lappish/Nordic/Eskimo languages (Latin-6) -ISO/IEC\~8859-11 Latin/Thai -ISO/IEC\~8859-13 Baltic Rim languages (Latin-7) -ISO/IEC\~8859-14 Celtic (Latin-8) -ISO/IEC\~8859-15 West European languages (Latin-9) -ISO/IEC\~8859-16 Romanian (Latin-10) -.TE -.SS ISO/IEC\~8859-9 characters -The following table displays the characters in ISO/IEC\~8859-9 that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -240 160 A0   NO-BREAK SPACE -241 161 A1 ¡ INVERTED EXCLAMATION MARK -242 162 A2 ¢ CENT SIGN -243 163 A3 £ POUND SIGN -244 164 A4 ¤ CURRENCY SIGN -245 165 A5 ¥ YEN SIGN -246 166 A6 ¦ BROKEN BAR -247 167 A7 § SECTION SIGN -250 168 A8 ¨ DIAERESIS -251 169 A9 © COPYRIGHT SIGN -252 170 AA ª FEMININE ORDINAL INDICATOR -253 171 AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK -254 172 AC ¬ NOT SIGN -255 173 AD ­ SOFT HYPHEN -256 174 AE ® REGISTERED SIGN -257 175 AF ¯ MACRON -260 176 B0 ° DEGREE SIGN -261 177 B1 ± PLUS-MINUS SIGN -262 178 B2 ² SUPERSCRIPT TWO -263 179 B3 ³ SUPERSCRIPT THREE -264 180 B4 ´ ACUTE ACCENT -265 181 B5 µ MICRO SIGN -266 182 B6 ¶ PILCROW SIGN -267 183 B7 · MIDDLE DOT -270 184 B8 ¸ CEDILLA -271 185 B9 ¹ SUPERSCRIPT ONE -272 186 BA º MASCULINE ORDINAL INDICATOR -273 187 BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK -274 188 BC ¼ VULGAR FRACTION ONE QUARTER -275 189 BD ½ VULGAR FRACTION ONE HALF -276 190 BE ¾ VULGAR FRACTION THREE QUARTERS -277 191 BF ¿ INVERTED QUESTION MARK -300 192 C0 À LATIN CAPITAL LETTER A WITH GRAVE -301 193 C1 Á LATIN CAPITAL LETTER A WITH ACUTE -302 194 C2  LATIN CAPITAL LETTER A WITH CIRCUMFLEX -303 195 C3 à LATIN CAPITAL LETTER A WITH TILDE -304 196 C4 Ä LATIN CAPITAL LETTER A WITH DIAERESIS -305 197 C5 Å LATIN CAPITAL LETTER A WITH RING ABOVE -306 198 C6 Æ LATIN CAPITAL LETTER AE -307 199 C7 Ç LATIN CAPITAL LETTER C WITH CEDILLA -310 200 C8 È LATIN CAPITAL LETTER E WITH GRAVE -311 201 C9 É LATIN CAPITAL LETTER E WITH ACUTE -312 202 CA Ê LATIN CAPITAL LETTER E WITH CIRCUMFLEX -313 203 CB Ë LATIN CAPITAL LETTER E WITH DIAERESIS -314 204 CC Ì LATIN CAPITAL LETTER I WITH GRAVE -315 205 CD Í LATIN CAPITAL LETTER I WITH ACUTE -316 206 CE Î LATIN CAPITAL LETTER I WITH CIRCUMFLEX -317 207 CF Ï LATIN CAPITAL LETTER I WITH DIAERESIS -320 208 D0 Ğ LATIN CAPITAL LETTER G WITH BREVE -321 209 D1 Ñ LATIN CAPITAL LETTER N WITH TILDE -322 210 D2 Ò LATIN CAPITAL LETTER O WITH GRAVE -323 211 D3 Ó LATIN CAPITAL LETTER O WITH ACUTE -324 212 D4 Ô LATIN CAPITAL LETTER O WITH CIRCUMFLEX -325 213 D5 Õ LATIN CAPITAL LETTER O WITH TILDE -326 214 D6 Ö LATIN CAPITAL LETTER O WITH DIAERESIS -327 215 D7 × MULTIPLICATION SIGN -330 216 D8 Ø LATIN CAPITAL LETTER O WITH STROKE -331 217 D9 Ù LATIN CAPITAL LETTER U WITH GRAVE -332 218 DA Ú LATIN CAPITAL LETTER U WITH ACUTE -333 219 DB Û LATIN CAPITAL LETTER U WITH CIRCUMFLEX -334 220 DC Ü LATIN CAPITAL LETTER U WITH DIAERESIS -335 221 DD İ LATIN CAPITAL LETTER I WITH DOT ABOVE -336 222 DE Ş LATIN CAPITAL LETTER S WITH CEDILLA -337 223 DF ß LATIN SMALL LETTER SHARP S -340 224 E0 à LATIN SMALL LETTER A WITH GRAVE -341 225 E1 á LATIN SMALL LETTER A WITH ACUTE -342 226 E2 â LATIN SMALL LETTER A WITH CIRCUMFLEX -343 227 E3 ã LATIN SMALL LETTER A WITH TILDE -344 228 E4 ä LATIN SMALL LETTER A WITH DIAERESIS -345 229 E5 å LATIN SMALL LETTER A WITH RING ABOVE -346 230 E6 æ LATIN SMALL LETTER AE -347 231 E7 ç LATIN SMALL LETTER C WITH CEDILLA -350 232 E8 è LATIN SMALL LETTER E WITH GRAVE -351 233 E9 é LATIN SMALL LETTER E WITH ACUTE -352 234 EA ê LATIN SMALL LETTER E WITH CIRCUMFLEX -353 235 EB ë LATIN SMALL LETTER E WITH DIAERESIS -354 236 EC ì LATIN SMALL LETTER I WITH GRAVE -355 237 ED í LATIN SMALL LETTER I WITH ACUTE -356 238 EE î LATIN SMALL LETTER I WITH CIRCUMFLEX -357 239 EF ï LATIN SMALL LETTER I WITH DIAERESIS -360 240 F0 ğ LATIN SMALL LETTER G WITH BREVE -361 241 F1 ñ LATIN SMALL LETTER N WITH TILDE -362 242 F2 ò LATIN SMALL LETTER O WITH GRAVE -363 243 F3 ó LATIN SMALL LETTER O WITH ACUTE -364 244 F4 ô LATIN SMALL LETTER O WITH CIRCUMFLEX -365 245 F5 õ LATIN SMALL LETTER O WITH TILDE -366 246 F6 ö LATIN SMALL LETTER O WITH DIAERESIS -367 247 F7 ÷ DIVISION SIGN -370 248 F8 ø LATIN SMALL LETTER O WITH STROKE -371 249 F9 ù LATIN SMALL LETTER U WITH GRAVE -372 250 FA ú LATIN SMALL LETTER U WITH ACUTE -373 251 FB û LATIN SMALL LETTER U WITH CIRCUMFLEX -374 252 FC ü LATIN SMALL LETTER U WITH DIAERESIS -375 253 FD ı LATIN SMALL LETTER DOTLESS I -376 254 FE ş LATIN SMALL LETTER S WITH CEDILLA -377 255 FF ÿ LATIN SMALL LETTER Y WITH DIAERESIS -.TE -.SH NOTES -ISO/IEC\~8859-9 is also known as Latin-5. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/iso_8859_1.7 b/man7/iso_8859_1.7 deleted file mode 100644 index 1969dfb..0000000 --- a/man7/iso_8859_1.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-1.7 diff --git a/man7/iso_8859_10.7 b/man7/iso_8859_10.7 deleted file mode 100644 index 9b4658f..0000000 --- a/man7/iso_8859_10.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-10.7 diff --git a/man7/iso_8859_11.7 b/man7/iso_8859_11.7 deleted file mode 100644 index cbd4cfe..0000000 --- a/man7/iso_8859_11.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-11.7 diff --git a/man7/iso_8859_13.7 b/man7/iso_8859_13.7 deleted file mode 100644 index 8ad2335..0000000 --- a/man7/iso_8859_13.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-13.7 diff --git a/man7/iso_8859_14.7 b/man7/iso_8859_14.7 deleted file mode 100644 index 4aa555d..0000000 --- a/man7/iso_8859_14.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-14.7 diff --git a/man7/iso_8859_15.7 b/man7/iso_8859_15.7 deleted file mode 100644 index a4095d7..0000000 --- a/man7/iso_8859_15.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-15.7 diff --git a/man7/iso_8859_16.7 b/man7/iso_8859_16.7 deleted file mode 100644 index b9c8e91..0000000 --- a/man7/iso_8859_16.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-16.7 diff --git a/man7/iso_8859_2.7 b/man7/iso_8859_2.7 deleted file mode 100644 index da36668..0000000 --- a/man7/iso_8859_2.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-2.7 diff --git a/man7/iso_8859_3.7 b/man7/iso_8859_3.7 deleted file mode 100644 index 75e42ce..0000000 --- a/man7/iso_8859_3.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-3.7 diff --git a/man7/iso_8859_4.7 b/man7/iso_8859_4.7 deleted file mode 100644 index 15a829e..0000000 --- a/man7/iso_8859_4.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-4.7 diff --git a/man7/iso_8859_5.7 b/man7/iso_8859_5.7 deleted file mode 100644 index 1f20320..0000000 --- a/man7/iso_8859_5.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-5.7 diff --git a/man7/iso_8859_6.7 b/man7/iso_8859_6.7 deleted file mode 100644 index edcafdf..0000000 --- a/man7/iso_8859_6.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-6.7 diff --git a/man7/iso_8859_7.7 b/man7/iso_8859_7.7 deleted file mode 100644 index 951384c..0000000 --- a/man7/iso_8859_7.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-7.7 diff --git a/man7/iso_8859_8.7 b/man7/iso_8859_8.7 deleted file mode 100644 index 07cf216..0000000 --- a/man7/iso_8859_8.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-8.7 diff --git a/man7/iso_8859_9.7 b/man7/iso_8859_9.7 deleted file mode 100644 index 0fcc7d4..0000000 --- a/man7/iso_8859_9.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-9.7 diff --git a/man7/kernel_lockdown.7 b/man7/kernel_lockdown.7 deleted file mode 100644 index cb8aa7c..0000000 --- a/man7/kernel_lockdown.7 +++ /dev/null @@ -1,109 +0,0 @@ -.\" -.\" Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH kernel_lockdown 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -kernel_lockdown \- kernel image access prevention feature -.SH DESCRIPTION -The Kernel Lockdown feature is designed to prevent both direct and indirect -access to a running kernel image, attempting to protect against unauthorized -modification of the kernel image and to prevent access to security and -cryptographic data located in kernel memory, whilst still permitting driver -modules to be loaded. -.P -If a prohibited or restricted feature is accessed or used, the kernel will emit -a message that looks like: -.P -.in +4n -.EX -Lockdown: X: Y is restricted, see man kernel_lockdown.7 -.EE -.in -.P -where X indicates the process name and Y indicates what is restricted. -.P -On an EFI-enabled x86 or arm64 machine, lockdown will be automatically enabled -if the system boots in EFI Secure Boot mode. -.\" -.SS Coverage -When lockdown is in effect, a number of features are disabled or have their -use restricted. -This includes special device files and kernel services that allow -direct access of the kernel image: -.P -.RS -/dev/mem -.br -/dev/kmem -.br -/dev/kcore -.br -/dev/ioports -.br -BPF -.br -kprobes -.RE -.P -and the ability to directly configure and control devices, so as to prevent -the use of a device to access or modify a kernel image: -.IP \[bu] 3 -The use of module parameters that directly specify hardware parameters to -drivers through the kernel command line or when loading a module. -.IP \[bu] -The use of direct PCI BAR access. -.IP \[bu] -The use of the ioperm and iopl instructions on x86. -.IP \[bu] -The use of the KD*IO console ioctls. -.IP \[bu] -The use of the TIOCSSERIAL serial ioctl. -.IP \[bu] -The alteration of MSR registers on x86. -.IP \[bu] -The replacement of the PCMCIA CIS. -.IP \[bu] -The overriding of ACPI tables. -.IP \[bu] -The use of ACPI error injection. -.IP \[bu] -The specification of the ACPI RDSP address. -.IP \[bu] -The use of ACPI custom methods. -.P -Certain facilities are restricted: -.IP \[bu] 3 -Only validly signed modules may be loaded (waived if the module file being -loaded is vouched for by IMA appraisal). -.IP \[bu] -Only validly signed binaries may be kexec'd (waived if the binary image file -to be executed is vouched for by IMA appraisal). -.IP \[bu] -Unencrypted hibernation/suspend to swap are disallowed as the kernel image is -saved to a medium that can then be accessed. -.IP \[bu] -Use of debugfs is not permitted as this allows a whole range of actions -including direct configuration of, access to and driving of hardware. -.IP \[bu] -IMA requires the addition of the "secure_boot" rules to the policy, -whether or not they are specified on the command line, -for both the built-in and custom policies in secure boot lockdown mode. -.SH VERSIONS -The Kernel Lockdown feature was added in Linux 5.4. -.SH NOTES -The Kernel Lockdown feature is enabled by CONFIG_SECURITY_LOCKDOWN_LSM. -The -.I lsm=lsm1,...,lsmN -command line parameter controls the sequence of the initialization of -Linux Security Modules. -It must contain the string -.I lockdown -to enable the Kernel Lockdown feature. -If the command line parameter is not specified, -the initialization falls back to the value of the deprecated -.I security= -command line parameter and further to the value of CONFIG_LSM. -.\" commit 000d388ed3bbed745f366ce71b2bb7c2ee70f449 diff --git a/man7/keyrings.7 b/man7/keyrings.7 deleted file mode 100644 index 879d1aa..0000000 --- a/man7/keyrings.7 +++ /dev/null @@ -1,901 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" and Copyright (C) 2016 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH keyrings 7 2024-02-25 "Linux man-pages 6.7" -.SH NAME -keyrings \- in-kernel key management and retention facility -.SH DESCRIPTION -The Linux key-management facility -is primarily a way for various kernel components -to retain or cache security data, -authentication keys, encryption keys, and other data in the kernel. -.P -System call interfaces are provided so that user-space programs can manage -those objects and also use the facility for their own purposes; see -.BR add_key (2), -.BR request_key (2), -and -.BR keyctl (2). -.P -A library and some user-space utilities are provided to allow access to the -facility. -See -.BR keyctl (1), -.BR keyctl (3), -and -.BR keyutils (7) -for more information. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Keys -A key has the following attributes: -.TP -Serial number (ID) -This is a unique integer handle by which a key is referred to in system calls. -The serial number is sometimes synonymously referred as the key ID. -Programmatically, key serial numbers are represented using the type -.IR key_serial_t . -.TP -Type -A key's type defines what sort of data can be held in the key, -how the proposed content of the key will be parsed, -and how the payload will be used. -.IP -There are a number of general-purpose types available, plus some specialist -types defined by specific kernel components. -.TP -Description (name) -The key description is a printable string that is used as the search term -for the key (in conjunction with the key type) as well as a display name. -During searches, the description may be partially matched or exactly matched. -.TP -Payload (data) -The payload is the actual content of a key. -This is usually set when a key is created, -but it is possible for the kernel to upcall to user space to finish the -instantiation of a key if that key wasn't already known to the kernel -when it was requested. -For further details, see -.BR request_key (2). -.IP -A key's payload can be read and updated if the key type supports it and if -suitable permission is granted to the caller. -.TP -Access rights -Much as files do, -each key has an owning user ID, an owning group ID, and a security label. -Each key also has a set of permissions, -though there are more than for a normal UNIX file, -and there is an additional category\[em]possessor\[em]beyond the usual user, -group, and other (see -.IR Possession , -below). -.IP -Note that keys are quota controlled, since they require unswappable kernel -memory. -The owning user ID specifies whose quota is to be debited. -.TP -Expiration time -Each key can have an expiration time set. -When that time is reached, -the key is marked as being expired and accesses to it fail with the error -.BR EKEYEXPIRED . -If not deleted, updated, or replaced, then, after a set amount of time, -an expired key is automatically removed (garbage collected) -along with all links to it, -and attempts to access the key fail with the error -.BR ENOKEY . -.TP -Reference count -Each key has a reference count. -Keys are referenced by keyrings, by currently active users, -and by a process's credentials. -When the reference count reaches zero, -the key is scheduled for garbage collection. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Key types -The kernel provides several basic types of key: -.TP -.I \[dq]keyring\[dq] -.\" Note that keyrings use different fields in struct key in order to store -.\" their data - index_key instead of type/description and name_link/keys -.\" instead of payload. -Keyrings are special keys which store a set of links -to other keys (including other keyrings), -analogous to a directory holding links to files. -The main purpose of a keyring is to prevent other keys from -being garbage collected because nothing refers to them. -.IP -Keyrings with descriptions (names) -that begin with a period (\[aq].\[aq]) are reserved to the implementation. -.TP -.I \[dq]user\[dq] -This is a general-purpose key type. -The key is kept entirely within kernel memory. -The payload may be read and updated by user-space applications. -.IP -The payload for keys of this type is a blob of arbitrary data -of up to 32,767 bytes. -.IP -The description may be any valid string, though it is preferred that it -start with a colon-delimited prefix representing the service -to which the key is of interest -(for instance -.IR \[dq]afs:mykey\[dq] ). -.TP -.IR \[dq]logon\[dq] " (since Linux 3.3)" -.\" commit 9f6ed2ca257fa8650b876377833e6f14e272848b -This key type is essentially the same as -.IR \[dq]user\[dq] , -but it does not provide reading (i.e., the -.BR keyctl (2) -.B KEYCTL_READ -operation), -meaning that the key payload is never visible from user space. -This is suitable for storing username-password pairs -that should not be readable from user space. -.IP -The description of a -.I \[dq]logon\[dq] -key -.I must -start with a non-empty colon-delimited prefix whose purpose -is to identify the service to which the key belongs. -(Note that this differs from keys of the -.I \[dq]user\[dq] -type, where the inclusion of a prefix is recommended but is not enforced.) -.TP -.IR \[dq]big_key\[dq] " (since Linux 3.13)" -.\" commit ab3c3587f8cda9083209a61dbe3a4407d3cada10 -This key type is similar to the -.I \[dq]user\[dq] -key type, but it may hold a payload of up to 1\ MiB in size. -This key type is useful for purposes such as holding Kerberos ticket caches. -.IP -The payload data may be stored in a tmpfs filesystem, -rather than in kernel memory, -if the data size exceeds the overhead of storing the data in the filesystem. -(Storing the data in a filesystem requires filesystem structures -to be allocated in the kernel. -The size of these structures determines the size threshold -above which the tmpfs storage method is used.) -Since Linux 4.8, -.\" commit 13100a72f40f5748a04017e0ab3df4cf27c809ef -the payload data is encrypted when stored in tmpfs, -thereby preventing it from being written unencrypted into swap space. -.P -There are more specialized key types available also, -but they aren't discussed here -because they aren't intended for normal user-space use. -.P -Key type names -that begin with a period (\[aq].\[aq]) are reserved to the implementation. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Keyrings -As previously mentioned, keyrings are a special type of key that contain -links to other keys (which may include other keyrings). -Keys may be linked to by multiple keyrings. -Keyrings may be considered as analogous to UNIX directories -where each directory contains a set of hard links to files. -.P -Various operations (system calls) may be applied only to keyrings: -.TP -Adding -A key may be added to a keyring by system calls that create keys. -This prevents the new key from being immediately deleted -when the system call releases its last reference to the key. -.TP -Linking -A link may be added to a keyring pointing to a key that is already known, -provided this does not create a self-referential cycle. -.TP -Unlinking -A link may be removed from a keyring. -When the last link to a key is removed, -that key will be scheduled for deletion by the garbage collector. -.TP -Clearing -All the links may be removed from a keyring. -.TP -Searching -A keyring may be considered the root of a tree or subtree in which keyrings -form the branches and non-keyrings the leaves. -This tree may be searched for a key matching -a particular type and description. -.P -See -.BR keyctl_clear (3), -.BR keyctl_link (3), -.BR keyctl_search (3), -and -.BR keyctl_unlink (3) -for more information. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Anchoring keys -To prevent a key from being garbage collected, -it must be anchored to keep its reference count elevated -when it is not in active use by the kernel. -.P -Keyrings are used to anchor other keys: -each link is a reference on a key. -Note that keyrings themselves are just keys and -are also subject to the same anchoring requirement to prevent -them being garbage collected. -.P -The kernel makes available a number of anchor keyrings. -Note that some of these keyrings will be created only when first accessed. -.TP -Process keyrings -Process credentials themselves reference keyrings with specific semantics. -These keyrings are pinned as long as the set of credentials exists, -which is usually as long as the process exists. -.IP -There are three keyrings with different inheritance/sharing rules: -the -.BR session\-keyring (7) -(inherited and shared by all child processes), -the -.BR process\-keyring (7) -(shared by all threads in a process) and -the -.BR thread\-keyring (7) -(specific to a particular thread). -.IP -As an alternative to using the actual keyring IDs, -in calls to -.BR add_key (2), -.BR keyctl (2), -and -.BR request_key (2), -the special keyring values -.BR KEY_SPEC_SESSION_KEYRING , -.BR KEY_SPEC_PROCESS_KEYRING , -and -.B KEY_SPEC_THREAD_KEYRING -can be used to refer to the caller's own instances of these keyrings. -.TP -User keyrings -Each UID known to the kernel has a record that contains two keyrings: the -.BR user\-keyring (7) -and the -.BR user\-session\-keyring (7). -These exist for as long as the UID record in the kernel exists. -.IP -As an alternative to using the actual keyring IDs, -in calls to -.BR add_key (2), -.BR keyctl (2), -and -.BR request_key (2), -the special keyring values -.B KEY_SPEC_USER_KEYRING -and -.B KEY_SPEC_USER_SESSION_KEYRING -can be used to refer to the caller's own instances of these keyrings. -.IP -A link to the user keyring is placed in a new session keyring by -.BR pam_keyinit (8) -when a new login session is initiated. -.TP -Persistent keyrings -There is a -.BR persistent\-keyring (7) -available to each UID known to the system. -It may persist beyond the life of the UID record previously mentioned, -but has an expiration time set such that it is automatically cleaned up -after a set time. -The persistent keyring permits, for example, -.BR cron (8) -scripts to use credentials that are left in the persistent keyring after -the user logs out. -.IP -Note that the expiration time of the persistent keyring -is reset every time the persistent key is requested. -.TP -Special keyrings -There are special keyrings owned by the kernel that can anchor keys -for special purposes. -An example of this is the \fIsystem keyring\fR used for holding -encryption keys for module signature verification. -.IP -These special keyrings are usually closed to direct alteration -by user space. -.P -An originally planned "group keyring", -for storing keys associated with each GID known to the kernel, -is not so far implemented, is unlikely to be implemented. -Nevertheless, the constant -.B KEY_SPEC_GROUP_KEYRING -has been defined for this keyring. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Possession -The concept of possession is important to understanding the keyrings -security model. -Whether a thread possesses a key is determined by the following rules: -.IP (1) 5 -Any key or keyring that does not grant -.I search -permission to the caller is ignored in all the following rules. -.IP (2) -A thread possesses its -.BR session\-keyring (7), -.BR process\-keyring (7), -and -.BR thread\-keyring (7) -directly because those keyrings are referred to by its credentials. -.IP (3) -If a keyring is possessed, then any key it links to is also possessed. -.IP (4) -If any key a keyring links to is itself a keyring, then rule (3) applies -recursively. -.IP (5) -If a process is upcalled from the kernel to instantiate a key (see -.BR request_key (2)), -then it also possesses the requester's keyrings as in -rule (1) as if it were the requester. -.P -Note that possession is not a fundamental property of a key, -but must rather be calculated each time the key is needed. -.P -Possession is designed to allow set-user-ID programs run from, say -a user's shell to access the user's keys. -Granting permissions to the key possessor while denying them -to the key owner and group allows the prevention of access to keys -on the basis of UID and GID matches. -.P -When it creates the session keyring, -.BR pam_keyinit (8) -adds a link to the -.BR user\-keyring (7), -thus making the user keyring and anything it contains possessed by default. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Access rights -Each key has the following security-related attributes: -.IP \[bu] 3 -The owning user ID -.IP \[bu] -The ID of a group that is permitted to access the key -.IP \[bu] -A security label -.IP \[bu] -A permissions mask -.P -The permissions mask contains four sets of rights. -The first three sets are mutually exclusive. -One and only one will be in force for a particular access check. -In order of descending priority, these three sets are: -.TP -.I user -The set specifies the rights granted -if the key's user ID matches the caller's filesystem user ID. -.TP -.I group -The set specifies the rights granted -if the user ID didn't match and the key's group ID matches the caller's -filesystem GID or one of the caller's supplementary group IDs. -.TP -.I other -The set specifies the rights granted -if neither the key's user ID nor group ID matched. -.P -The fourth set of rights is: -.TP -.I possessor -The set specifies the rights granted -if a key is determined to be possessed by the caller. -.P -The complete set of rights for a key is the union of whichever -of the first three sets is applicable plus the fourth set -if the key is possessed. -.P -The set of rights that may be granted in each of the four masks -is as follows: -.TP -.I view -The attributes of the key may be read. -This includes the type, -description, and access rights (excluding the security label). -.TP -.I read -For a key: the payload of the key may be read. -For a keyring: the list of serial numbers (keys) to -which the keyring has links may be read. -.TP -.I write -The payload of the key may be updated and the key may be revoked. -For a keyring, links may be added to or removed from the keyring, -and the keyring may be cleared completely (all links are removed), -.TP -.I search -For a key (or a keyring): the key may be found by a search. -For a keyring: keys and keyrings that are linked to by the -keyring may be searched. -.TP -.I link -Links may be created from keyrings to the key. -The initial link to a key that is established when the key is created -doesn't require this permission. -.TP -.I setattr -The ownership details and security label of the key may be changed, -the key's expiration time may be set, and the key may be revoked. -.P -In addition to access rights, any active Linux Security Module (LSM) may -prevent access to a key if its policy so dictates. -A key may be given a -security label or other attribute by the LSM; -this label is retrievable via -.BR keyctl_get_security (3). -.P -See -.BR keyctl_chown (3), -.BR keyctl_describe (3), -.BR keyctl_get_security (3), -.BR keyctl_setperm (3), -and -.BR selinux (8) -for more information. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Searching for keys -One of the key features of the Linux key-management facility -is the ability to find a key that a process is retaining. -The -.BR request_key (2) -system call is the primary point of -access for user-space applications to find a key. -(Internally, the kernel has something similar available -for use by internal components that make use of keys.) -.P -The search algorithm works as follows: -.IP (1) 5 -The process keyrings are searched in the following order: the -.BR thread\-keyring (7) -if it exists, the -.BR process\-keyring (7) -if it exists, and then either the -.BR session\-keyring (7) -if it exists or the -.BR user\-session\-keyring (7) -if that exists. -.IP (2) -If the caller was a process that was invoked by the -.BR request_key (2) -upcall mechanism, then the keyrings of the original caller of -.BR request_key (2) -will be searched as well. -.IP (3) -The search of a keyring tree is in breadth-first order: -each keyring is searched first for a match, -then the keyrings referred to by that keyring are searched. -.IP (4) -If a matching key is found that is valid, -then the search terminates and that key is returned. -.IP (5) -If a matching key is found that has an error state attached, -that error state is noted and the search continues. -.IP (6) -If no valid matching key is found, -then the first noted error state is returned; otherwise, an -.B ENOKEY -error is returned. -.P -It is also possible to search a specific keyring, in which case only steps -(3) to (6) apply. -.P -See -.BR request_key (2) -and -.BR keyctl_search (3) -for more information. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS On-demand key creation -If a key cannot be found, -.BR request_key (2) -will, if given a -.I callout_info -argument, create a new key and then upcall to user space to -instantiate the key. -This allows keys to be created on an as-needed basis. -.P -Typically, -this will involve the kernel creating a new process that executes the -.BR request\-key (8) -program, which will then execute the appropriate handler based on its -configuration. -.P -The handler is passed a special authorization key that allows it -and only it to instantiate the new key. -This is also used to permit searches performed by the -handler program to also search the requester's keyrings. -.P -See -.BR request_key (2), -.BR keyctl_assume_authority (3), -.BR keyctl_instantiate (3), -.BR keyctl_negate (3), -.BR keyctl_reject (3), -.BR request\-key (8), -and -.BR request\-key.conf (5) -for more information. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS /proc files -The kernel provides various -.I /proc -files that expose information about keys or define limits on key usage. -.TP -.IR /proc/keys " (since Linux 2.6.10)" -This file exposes a list of the keys for which the reading thread has -.I view -permission, providing various information about each key. -The thread need not possess the key for it to be visible in this file. -.\" David Howells, Dec 2016 linux-man@: -.\" This [The thread need not possess the key for it to be visible in -.\" this file.] is correct. See proc_keys_show() in security/keys/proc.c: -.\" -.\" rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW); -.\" if (rc < 0) -.\" return 0; -.\" -.\"Possibly it shouldn't be, but for now it is. -.\" -.IP -The only keys included in the list are those that grant -.I view -permission to the reading process -(regardless of whether or not it possesses them). -LSM security checks are still performed, -and may filter out further keys that the process is not authorized to view. -.IP -An example of the data that one might see in this file -(with the columns numbered for easy reference below) -is the following: -.IP -.EX - (1) (2) (3)(4) (5) (6) (7) (8) (9) -009a2028 I\-\-Q\-\-\- 1 perm 3f010000 1000 1000 user krb_ccache:primary: 12 -1806c4ba I\-\-Q\-\-\- 1 perm 3f010000 1000 1000 keyring _pid: 2 -25d3a08f I\-\-Q\-\-\- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 -28576bd8 I\-\-Q\-\-\- 3 perm 3f010000 1000 1000 keyring _krb: 1 -2c546d21 I\-\-Q\-\-\- 190 perm 3f030000 1000 1000 keyring _ses: 2 -30a4e0be I\-\-\-\-\-\- 4 2d 1f030000 1000 65534 keyring _persistent.1000: 1 -32100fab I\-\-Q\-\-\- 4 perm 1f3f0000 1000 65534 keyring _uid.1000: 2 -32a387ea I\-\-Q\-\-\- 1 perm 3f010000 1000 1000 keyring _pid: 2 -3ce56aea I\-\-Q\-\-\- 5 perm 3f030000 1000 1000 keyring _ses: 1 -.EE -.IP -The fields shown in each line of this file are as follows: -.RS -.TP -ID (1) -The ID (serial number) of the key, expressed in hexadecimal. -.TP -Flags (2) -A set of flags describing the state of the key: -.RS -.TP -I -.\" KEY_FLAG_INSTANTIATED -The key has been instantiated. -.TP -R -.\" KEY_FLAG_REVOKED -The key has been revoked. -.TP -D -.\" KEY_FLAG_DEAD -The key is dead (i.e., the key type has been unregistered). -.\" unregister_key_type() in the kernel source -(A key may be briefly in this state during garbage collection.) -.TP -Q -.\" KEY_FLAG_IN_QUOTA -The key contributes to the user's quota. -.TP -U -.\" KEY_FLAG_USER_CONSTRUCT -The key is under construction via a callback to user space; -see -.BR request\-key (2). -.TP -N -.\" KEY_FLAG_NEGATIVE -The key is negatively instantiated. -.TP -i -.\" KEY_FLAG_INVALIDATED -The key has been invalidated. -.RE -.TP -Usage (3) -This is a count of the number of kernel credential -structures that are pinning the key -(approximately: the number of threads and open file references -that refer to this key). -.TP -Timeout (4) -The amount of time until the key will expire, -expressed in human-readable form (weeks, days, hours, minutes, and seconds). -The string -.I perm -here means that the key is permanent (no timeout). -The string -.I expd -means that the key has already expired, -but has not yet been garbage collected. -.TP -Permissions (5) -The key permissions, expressed as four hexadecimal bytes containing, -from left to right, the possessor, user, group, and other permissions. -Within each byte, the permission bits are as follows: -.IP -.PD 0 -.RS 12 -.TP -0x01 -.I view -.TP -0x02 -.I read -.TP -0x04 -.I write -.TP -0x08 -.I search -.TP -0x10 -.I link -.TP -0x20 -.I setattr -.RE -.PD -.TP -UID (6) -The user ID of the key owner. -.TP -GID (7) -The group ID of the key. -The value \-1 here means that the key has no group ID; -this can occur in certain circumstances for keys created by the kernel. -.TP -Type (8) -The key type (user, keyring, etc.) -.TP -Description (9) -The key description (name). -This field contains descriptive information about the key. -For most key types, it has the form -.IP -.in +4n -.EX -name[: extra\-info] -.EE -.in -.IP -The -.I name -subfield is the key's description (name). -The optional -.I extra\-info -field provides some further information about the key. -The information that appears here depends on the key type, as follows: -.RS -.TP -.IR \[dq]user\[dq] " and " \[dq]logon\[dq] -The size in bytes of the key payload (expressed in decimal). -.TP -.I \[dq]keyring\[dq] -The number of keys linked to the keyring, -or the string -.I empty -if there are no keys linked to the keyring. -.TP -.I \[dq]big_key\[dq] -The payload size in bytes, followed either by the string -.IR [file] , -if the key payload exceeds the threshold that means that the -payload is stored in a (swappable) -.BR tmpfs (5) -filesystem, -or otherwise the string -.IR [buff] , -indicating that the key is small enough to reside in kernel memory. -.RE -.IP -For the -.I \[dq].request_key_auth\[dq] -key type -(authorization key; see -.BR request_key (2)), -the description field has the form shown in the following example: -.IP -.in +4n -.EX -key:c9a9b19 pid:28880 ci:10 -.EE -.in -.IP -The three subfields are as follows: -.RS -.TP -.I key -The hexadecimal ID of the key being instantiated in the requesting program. -.TP -.I pid -The PID of the requesting program. -.TP -.I ci -The length of the callout data with which the requested key should -be instantiated -(i.e., the length of the payload associated with the authorization key). -.RE -.RE -.TP -.IR /proc/key\-users " (since Linux 2.6.10)" -This file lists various information for each user ID that -has at least one key on the system. -An example of the data that one might see in this file is the following: -.IP -.in +4n -.EX - 0: 10 9/9 2/1000000 22/25000000 - 42: 9 9/9 8/200 106/20000 -1000: 11 11/11 10/200 271/20000 -.EE -.in -.IP -The fields shown in each line are as follows: -.RS -.TP -.I uid -The user ID. -.TP -.I usage -This is a kernel-internal usage count for the kernel structure -used to record key users. -.TP -.IR nkeys / nikeys -The total number of keys owned by the user, -and the number of those keys that have been instantiated. -.TP -.IR qnkeys / maxkeys -The number of keys owned by the user, -and the maximum number of keys that the user may own. -.TP -.IR qnbytes / maxbytes -The number of bytes consumed in payloads of the keys owned by this user, -and the upper limit on the number of bytes in key payloads for that user. -.RE -.TP -.IR /proc/sys/kernel/keys/gc_delay " (since Linux 2.6.32)" -.\" commit 5d135440faf7db8d566de0c6fab36b16cf9cfc3b -The value in this file specifies the interval, in seconds, -after which revoked and expired keys will be garbage collected. -The purpose of having such an interval is so that there is a window -of time where user space can see an error (respectively -.B EKEYREVOKED -and -.BR EKEYEXPIRED ) -that indicates what happened to the key. -.IP -The default value in this file is 300 (i.e., 5 minutes). -.TP -.IR /proc/sys/kernel/keys/persistent_keyring_expiry " (since Linux 3.13)" -.\" commit f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e -This file defines an interval, in seconds, -to which the persistent keyring's expiration timer is reset -each time the keyring is accessed (via -.BR keyctl_get_persistent (3) -or the -.BR keyctl (2) -.B KEYCTL_GET_PERSISTENT -operation.) -.IP -The default value in this file is 259200 (i.e., 3 days). -.P -The following files (which are writable by privileged processes) -are used to enforce quotas on the number of keys -and number of bytes of data that can be stored in key payloads: -.TP -.IR /proc/sys/kernel/keys/maxbytes " (since Linux 2.6.26)" -.\" commit 0b77f5bfb45c13e1e5142374f9d6ca75292252a4 -.\" Previously: KEYQUOTA_MAX_BYTES 10000 -This is the maximum number of bytes of data that a nonroot user -can hold in the payloads of the keys owned by the user. -.IP -The default value in this file is 20,000. -.TP -.IR /proc/sys/kernel/keys/maxkeys " (since Linux 2.6.26)" -.\" commit 0b77f5bfb45c13e1e5142374f9d6ca75292252a4 -.\" Previously: KEYQUOTA_MAX_KEYS 100 -This is the maximum number of keys that a nonroot user may own. -.IP -The default value in this file is 200. -.TP -.IR /proc/sys/kernel/keys/root_maxbytes " (since Linux 2.6.26)" -This is the maximum number of bytes of data that the root user -(UID 0 in the root user namespace) -can hold in the payloads of the keys owned by root. -.IP -.\"738c5d190f6540539a04baf36ce21d46b5da04bd -The default value in this file is 25,000,000 (20,000 before Linux 3.17). -.\" commit 0b77f5bfb45c13e1e5142374f9d6ca75292252a4 -.TP -.IR /proc/sys/kernel/keys/root_maxkeys " (since Linux 2.6.26)" -.\" commit 0b77f5bfb45c13e1e5142374f9d6ca75292252a4 -This is the maximum number of keys that the root user -(UID 0 in the root user namespace) -may own. -.IP -.\"738c5d190f6540539a04baf36ce21d46b5da04bd -The default value in this file is 1,000,000 (200 before Linux 3.17). -.P -With respect to keyrings, -note that each link in a keyring consumes 4 bytes of the keyring payload. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SS Users -The Linux key-management facility has a number of users and usages, -but is not limited to those that already exist. -.P -In-kernel users of this facility include: -.TP -Network filesystems - DNS -The kernel uses the upcall mechanism provided by the keys to upcall to -user space to do DNS lookups and then to cache the results. -.TP -AF_RXRPC and kAFS - Authentication -The AF_RXRPC network protocol and the in-kernel AFS filesystem -use keys to store the ticket needed to do secured or encrypted traffic. -These are then looked up by -network operations on AF_RXRPC and filesystem operations on kAFS. -.TP -NFS - User ID mapping -The NFS filesystem uses keys to store mappings of -foreign user IDs to local user IDs. -.TP -CIFS - Password -The CIFS filesystem uses keys to store passwords for accessing remote shares. -.TP -Module verification -The kernel build process can be made to cryptographically sign modules. -That signature is then checked when a module is loaded. -.P -User-space users of this facility include: -.TP -Kerberos key storage -The MIT Kerberos 5 facility (libkrb5) can use keys to store authentication -tokens which can be made to be automatically cleaned up a set time after -the user last uses them, -but until then permits them to hang around after the user -has logged out so that -.BR cron (8) -scripts can use them. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR add_key (2), -.BR keyctl (2), -.BR request_key (2), -.BR keyctl (3), -.BR keyutils (7), -.BR persistent\-keyring (7), -.BR process\-keyring (7), -.BR session\-keyring (7), -.BR thread\-keyring (7), -.BR user\-keyring (7), -.BR user\-session\-keyring (7), -.BR pam_keyinit (8), -.BR request\-key (8) -.P -The kernel source files -.I Documentation/crypto/asymmetric\-keys.txt -and under -.I Documentation/security/keys -(or, before Linux 4.13, in the file -.IR Documentation/security/keys.txt ). diff --git a/man7/koi8-r.7 b/man7/koi8-r.7 deleted file mode 100644 index 5239cb5..0000000 --- a/man7/koi8-r.7 +++ /dev/null @@ -1,169 +0,0 @@ -'\" t -.\" Copyright 2001 Alexey Mahotkin -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH KOI8-R 7 2022-12-15 "Linux man-pages 6.7" -.SH NAME -koi8-r \- Russian character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -RFC\ 1489 defines an 8-bit character set, KOI8-R. -KOI8-R encodes the -characters used in Russian. -.SS KOI8-R characters -The following table displays the characters in KOI8-R that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -200 128 80 ─ BOX DRAWINGS LIGHT HORIZONTAL -201 129 81 │ BOX DRAWINGS LIGHT VERTICAL -202 130 82 ┌ BOX DRAWINGS LIGHT DOWN AND RIGHT -203 131 83 ┐ BOX DRAWINGS LIGHT DOWN AND LEFT -204 132 84 └ BOX DRAWINGS LIGHT UP AND RIGHT -205 133 85 ┘ BOX DRAWINGS LIGHT UP AND LEFT -206 134 86 ├ BOX DRAWINGS LIGHT VERTICAL AND RIGHT -207 135 87 ┤ BOX DRAWINGS LIGHT VERTICAL AND LEFT -210 136 88 ┬ BOX DRAWINGS LIGHT DOWN AND HORIZONTAL -211 137 89 ┴ BOX DRAWINGS LIGHT UP AND HORIZONTAL -212 138 8A ┼ BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL -213 139 8B ▀ UPPER HALF BLOCK -214 140 8C ▄ LOWER HALF BLOCK -215 141 8D █ FULL BLOCK -216 142 8E ▌ LEFT HALF BLOCK -217 143 8F ▐ RIGHT HALF BLOCK -220 144 90 ░ LIGHT SHADE -221 145 91 ▒ MEDIUM SHADE -222 146 92 ▓ DARK SHADE -223 147 93 ⌠ TOP HALF INTEGRAL -224 148 94 ■ BLACK SQUARE -225 149 95 ∙ BULLET OPERATOR -226 150 96 √ SQUARE ROOT -227 151 97 ≈ ALMOST EQUAL TO -230 152 98 ≤ LESS-THAN OR EQUAL TO -231 153 99 ≥ GREATER-THAN OR EQUAL TO -232 154 9A   NO-BREAK SPACE -233 155 9B ⌡ BOTTOM HALF INTEGRAL -234 156 9C ° DEGREE SIGN -235 157 9D ² SUPERSCRIPT TWO -236 158 9E · MIDDLE DOT -237 159 9F ÷ DIVISION SIGN -240 160 A0 ═ BOX DRAWINGS DOUBLE HORIZONTAL -241 161 A1 ║ BOX DRAWINGS DOUBLE VERTICAL -242 162 A2 ╒ BOX DRAWINGS DOWN SINGLE AND RIGHT DOUBLE -243 163 A3 ё CYRILLIC SMALL LETTER IO -244 164 A4 ╓ BOX DRAWINGS DOWN DOUBLE AND RIGHT SINGLE -245 165 A5 ╔ BOX DRAWINGS DOUBLE DOWN AND RIGHT -246 166 A6 ╕ BOX DRAWINGS DOWN SINGLE AND LEFT DOUBLE -247 167 A7 ╖ BOX DRAWINGS DOWN DOUBLE AND LEFT SINGLE -250 168 A8 ╗ BOX DRAWINGS DOUBLE DOWN AND LEFT -251 169 A9 ╘ BOX DRAWINGS UP SINGLE AND RIGHT DOUBLE -252 170 AA ╙ BOX DRAWINGS UP DOUBLE AND RIGHT SINGLE -253 171 AB ╚ BOX DRAWINGS DOUBLE UP AND RIGHT -254 172 AC ╛ BOX DRAWINGS UP SINGLE AND LEFT DOUBLE -255 173 AD ╜ BOX DRAWINGS UP DOUBLE AND LEFT SINGLE -256 174 AE ╝ BOX DRAWINGS DOUBLE UP AND LEFT -257 175 AF ╞ BOX DRAWINGS VERTICAL SINGLE AND RIGHT DOUBLE -260 176 B0 ╟ BOX DRAWINGS VERTICAL DOUBLE AND RIGHT SINGLE -261 177 B1 ╠ BOX DRAWINGS DOUBLE VERTICAL AND RIGHT -262 178 B2 ╡ BOX DRAWINGS VERTICAL SINGLE AND LEFT DOUBLE -263 179 B3 Ё CYRILLIC CAPITAL LETTER IO -264 180 B4 ╢ BOX DRAWINGS VERTICAL DOUBLE AND LEFT SINGLE -265 181 B5 ╣ BOX DRAWINGS DOUBLE VERTICAL AND LEFT -266 182 B6 ╤ BOX DRAWINGS DOWN SINGLE AND HORIZONTAL DOUBLE -267 183 B7 ╥ BOX DRAWINGS DOWN DOUBLE AND HORIZONTAL SINGLE -270 184 B8 ╦ BOX DRAWINGS DOUBLE DOWN AND HORIZONTAL -271 185 B9 ╧ BOX DRAWINGS UP SINGLE AND HORIZONTAL DOUBLE -272 186 BA ╨ BOX DRAWINGS UP DOUBLE AND HORIZONTAL SINGLE -273 187 BB ╩ BOX DRAWINGS DOUBLE UP AND HORIZONTAL -274 188 BC ╪ T{ -BOX DRAWINGS VERTICAL SINGLE -.br -AND HORIZONTAL DOUBLE -T} -275 189 BD ╫ T{ -BOX DRAWINGS VERTICAL DOUBLE -.br -AND HORIZONTAL SINGLE -T} -276 190 BE ╬ BOX DRAWINGS DOUBLE VERTICAL AND HORIZONTAL -277 191 BF © COPYRIGHT SIGN -300 192 C0 ю CYRILLIC SMALL LETTER YU -301 193 C1 а CYRILLIC SMALL LETTER A -302 194 C2 б CYRILLIC SMALL LETTER BE -303 195 C3 ц CYRILLIC SMALL LETTER TSE -304 196 C4 д CYRILLIC SMALL LETTER DE -305 197 C5 е CYRILLIC SMALL LETTER IE -306 198 C6 ф CYRILLIC SMALL LETTER EF -307 199 C7 г CYRILLIC SMALL LETTER GHE -310 200 C8 х CYRILLIC SMALL LETTER HA -311 201 C9 и CYRILLIC SMALL LETTER I -312 202 CA й CYRILLIC SMALL LETTER SHORT I -313 203 CB к CYRILLIC SMALL LETTER KA -314 204 CC л CYRILLIC SMALL LETTER EL -315 205 CD м CYRILLIC SMALL LETTER EM -316 206 CE н CYRILLIC SMALL LETTER EN -317 207 CF о CYRILLIC SMALL LETTER O -320 208 D0 п CYRILLIC SMALL LETTER PE -321 209 D1 я CYRILLIC SMALL LETTER YA -322 210 D2 р CYRILLIC SMALL LETTER ER -323 211 D3 с CYRILLIC SMALL LETTER ES -324 212 D4 т CYRILLIC SMALL LETTER TE -325 213 D5 у CYRILLIC SMALL LETTER U -326 214 D6 ж CYRILLIC SMALL LETTER ZHE -327 215 D7 в CYRILLIC SMALL LETTER VE -330 216 D8 ь CYRILLIC SMALL LETTER SOFT SIGN -331 217 D9 ы CYRILLIC SMALL LETTER YERU -332 218 DA з CYRILLIC SMALL LETTER ZE -333 219 DB ш CYRILLIC SMALL LETTER SHA -334 220 DC э CYRILLIC SMALL LETTER E -335 221 DD щ CYRILLIC SMALL LETTER SHCHA -336 222 DE ч CYRILLIC SMALL LETTER CHE -337 223 DF ъ CYRILLIC SMALL LETTER HARD SIGN -340 224 E0 Ю CYRILLIC CAPITAL LETTER YU -341 225 E1 А CYRILLIC CAPITAL LETTER A -342 226 E2 Б CYRILLIC CAPITAL LETTER BE -343 227 E3 Ц CYRILLIC CAPITAL LETTER TSE -344 228 E4 Д CYRILLIC CAPITAL LETTER DE -345 229 E5 Е CYRILLIC CAPITAL LETTER IE -346 230 E6 Ф CYRILLIC CAPITAL LETTER EF -347 231 E7 Г CYRILLIC CAPITAL LETTER GHE -350 232 E8 Х CYRILLIC CAPITAL LETTER HA -351 233 E9 И CYRILLIC CAPITAL LETTER I -352 234 EA Й CYRILLIC CAPITAL LETTER SHORT I -353 235 EB К CYRILLIC CAPITAL LETTER KA -354 236 EC Л CYRILLIC CAPITAL LETTER EL -355 237 ED М CYRILLIC CAPITAL LETTER EM -356 238 EE Н CYRILLIC CAPITAL LETTER EN -357 239 EF О CYRILLIC CAPITAL LETTER O -360 240 F0 П CYRILLIC CAPITAL LETTER PE -361 241 F1 Я CYRILLIC CAPITAL LETTER YA -362 242 F2 Р CYRILLIC CAPITAL LETTER ER -363 243 F3 С CYRILLIC CAPITAL LETTER ES -364 244 F4 Т CYRILLIC CAPITAL LETTER TE -365 245 F5 У CYRILLIC CAPITAL LETTER U -366 246 F6 Ж CYRILLIC CAPITAL LETTER ZHE -367 247 F7 В CYRILLIC CAPITAL LETTER VE -370 248 F8 Ь CYRILLIC CAPITAL LETTER SOFT SIGN -371 249 F9 Ы CYRILLIC CAPITAL LETTER YERU -372 250 FA З CYRILLIC CAPITAL LETTER ZE -373 251 FB Ш CYRILLIC CAPITAL LETTER SHA -374 252 FC Э CYRILLIC CAPITAL LETTER E -375 253 FD Щ CYRILLIC CAPITAL LETTER SHCHA -376 254 FE Ч CYRILLIC CAPITAL LETTER CHE -377 255 FF Ъ CYRILLIC CAPITAL LETTER HARD SIGN -.TE -.SH NOTES -The differences with KOI8-U are in the hex positions -A4, A6, A7, AD, B4, B6, B7, and BD. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR cp1251 (7), -.BR iso_8859\-5 (7), -.BR koi8\-u (7), -.BR utf\-8 (7) diff --git a/man7/koi8-u.7 b/man7/koi8-u.7 deleted file mode 100644 index 00dec19..0000000 --- a/man7/koi8-u.7 +++ /dev/null @@ -1,175 +0,0 @@ -'\" t -.\" Copyright 2009 Lefteris Dimitroulakis -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" 2009-01-15, mtk, Some edits -.\" -.TH KOI8-U 7 2022-12-15 "Linux man-pages 6.7" -.SH NAME -koi8-u \- Ukrainian character set encoded in octal, decimal, -and hexadecimal -.SH DESCRIPTION -RFC\ 2310 defines an 8-bit character set, KOI8-U. -KOI8-U encodes the -characters used in Ukrainian and Byelorussian. -.SS KOI8-U characters -The following table displays the characters in KOI8-U that -are printable and unlisted in the -.BR ascii (7) -manual page. -.TS -l l l c lp-1. -Oct Dec Hex Char Description -_ -200 128 80 ─ BOX DRAWINGS LIGHT HORIZONTAL -201 129 81 │ BOX DRAWINGS LIGHT VERTICAL -202 130 82 ┌ BOX DRAWINGS LIGHT DOWN AND RIGHT -203 131 83 ┐ BOX DRAWINGS LIGHT DOWN AND LEFT -204 132 84 └ BOX DRAWINGS LIGHT UP AND RIGHT -205 133 85 ┘ BOX DRAWINGS LIGHT UP AND LEFT -206 134 86 ├ BOX DRAWINGS LIGHT VERTICAL AND RIGHT -207 135 87 ┤ BOX DRAWINGS LIGHT VERTICAL AND LEFT -210 136 88 ┬ BOX DRAWINGS LIGHT DOWN AND HORIZONTAL -211 137 89 ┴ BOX DRAWINGS LIGHT UP AND HORIZONTAL -212 138 8A ┼ BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL -213 139 8B ▀ UPPER HALF BLOCK -214 140 8C ▄ LOWER HALF BLOCK -215 141 8D █ FULL BLOCK -216 142 8E ▌ LEFT HALF BLOCK -217 143 8F ▐ RIGHT HALF BLOCK -220 144 90 ░ LIGHT SHADE -221 145 91 ▒ MEDIUM SHADE -222 146 92 ▓ DARK SHADE -223 147 93 ⌠ TOP HALF INTEGRAL -224 148 94 ■ BLACK SQUARE -225 149 95 ∙ BULLET OPERATOR -226 150 96 √ SQUARE ROOT -227 151 97 ≈ ALMOST EQUAL TO -230 152 98 ≤ LESS-THAN OR EQUAL TO -231 153 99 ≥ GREATER-THAN OR EQUAL TO -232 154 9A   NO-BREAK SPACE -233 155 9B ⌡ BOTTOM HALF INTEGRAL -234 156 9C ° DEGREE SIGN -235 157 9D ² SUPERSCRIPT TWO -236 158 9E · MIDDLE DOT -237 159 9F ÷ DIVISION SIGN -240 160 A0 ═ BOX DRAWINGS DOUBLE HORIZONTAL -241 161 A1 ║ BOX DRAWINGS DOUBLE VERTICAL -242 162 A2 ╒ BOX DRAWINGS DOWN SINGLE AND RIGHT DOUBLE -243 163 A3 ё CYRILLIC SMALL LETTER IO -244 164 A4 є CYRILLIC SMALL LETTER UKRAINIAN IE -245 165 A5 ╔ BOX DRAWINGS DOUBLE DOWN AND RIGHT -246 166 A6 і T{ -CYRILLIC SMALL LETTER -.br -BYELORUSSIAN-UKRAINIAN I -T} -247 167 A7 ї CYRILLIC SMALL LETTER YI (Ukrainian) -250 168 A8 ╗ BOX DRAWINGS DOUBLE DOWN AND LEFT -251 169 A9 ╘ BOX DRAWINGS UP SINGLE AND RIGHT DOUBLE -252 170 AA ╙ BOX DRAWINGS UP DOUBLE AND RIGHT SINGLE -253 171 AB ╚ BOX DRAWINGS DOUBLE UP AND RIGHT -254 172 AC ╛ BOX DRAWINGS UP SINGLE AND LEFT DOUBLE -255 173 AD ґ CYRILLIC SMALL LETTER GHE WITH UPTURN -256 174 AE ╝ BOX DRAWINGS DOUBLE UP AND LEFT -257 175 AF ╞ BOX DRAWINGS VERTICAL SINGLE AND RIGHT DOUBLE -260 176 B0 ╟ BOX DRAWINGS VERTICAL DOUBLE AND RIGHT SINGLE -261 177 B1 ╠ BOX DRAWINGS DOUBLE VERTICAL AND RIGHT -262 178 B2 ╡ BOX DRAWINGS VERTICAL SINGLE AND LEFT DOUBLE -263 179 B3 Ё CYRILLIC CAPITAL LETTER IO -264 180 B4 Є CYRILLIC CAPITAL LETTER UKRAINIAN IE -265 181 B5 ╣ BOX DRAWINGS DOUBLE VERTICAL AND LEFT -266 182 B6 І T{ -CYRILLIC CAPITAL LETTER -.br -BYELORUSSIAN-UKRAINIAN I -T} -267 183 B7 Ї CYRILLIC CAPITAL LETTER YI (Ukrainian) -270 184 B8 ╦ BOX DRAWINGS DOUBLE DOWN AND HORIZONTAL -271 185 B9 ╧ BOX DRAWINGS UP SINGLE AND HORIZONTAL DOUBLE -272 186 BA ╨ BOX DRAWINGS UP DOUBLE AND HORIZONTAL SINGLE -273 187 BB ╩ BOX DRAWINGS DOUBLE UP AND HORIZONTAL -274 188 BC ╪ T{ -BOX DRAWINGS VERTICAL SINGLE -.br -AND HORIZONTAL DOUBLE -T} -275 189 BD Ґ CYRILLIC CAPITAL LETTER GHE WITH UPTURN -276 190 BE ╬ BOX DRAWINGS DOUBLE VERTICAL AND HORIZONTAL -277 191 BF © COPYRIGHT SIGN -300 192 C0 ю CYRILLIC SMALL LETTER YU -301 193 C1 а CYRILLIC SMALL LETTER A -302 194 C2 б CYRILLIC SMALL LETTER BE -303 195 C3 ц CYRILLIC SMALL LETTER TSE -304 196 C4 д CYRILLIC SMALL LETTER DE -305 197 C5 е CYRILLIC SMALL LETTER IE -306 198 C6 ф CYRILLIC SMALL LETTER EF -307 199 C7 г CYRILLIC SMALL LETTER GHE -310 200 C8 х CYRILLIC SMALL LETTER HA -311 201 C9 и CYRILLIC SMALL LETTER I -312 202 CA й CYRILLIC SMALL LETTER SHORT I -313 203 CB к CYRILLIC SMALL LETTER KA -314 204 CC л CYRILLIC SMALL LETTER EL -315 205 CD м CYRILLIC SMALL LETTER EM -316 206 CE н CYRILLIC SMALL LETTER EN -317 207 CF о CYRILLIC SMALL LETTER O -320 208 D0 п CYRILLIC SMALL LETTER PE -321 209 D1 я CYRILLIC SMALL LETTER YA -322 210 D2 р CYRILLIC SMALL LETTER ER -323 211 D3 с CYRILLIC SMALL LETTER ES -324 212 D4 т CYRILLIC SMALL LETTER TE -325 213 D5 у CYRILLIC SMALL LETTER U -326 214 D6 ж CYRILLIC SMALL LETTER ZHE -327 215 D7 в CYRILLIC SMALL LETTER VE -330 216 D8 ь CYRILLIC SMALL LETTER SOFT SIGN -331 217 D9 ы CYRILLIC SMALL LETTER YERU -332 218 DA з CYRILLIC SMALL LETTER ZE -333 219 DB ш CYRILLIC SMALL LETTER SHA -334 220 DC э CYRILLIC SMALL LETTER E -335 221 DD щ CYRILLIC SMALL LETTER SHCHA -336 222 DE ч CYRILLIC SMALL LETTER CHE -337 223 DF ъ CYRILLIC SMALL LETTER HARD SIGN -340 224 E0 Ю CYRILLIC CAPITAL LETTER YU -341 225 E1 А CYRILLIC CAPITAL LETTER A -342 226 E2 Б CYRILLIC CAPITAL LETTER BE -343 227 E3 Ц CYRILLIC CAPITAL LETTER TSE -344 228 E4 Д CYRILLIC CAPITAL LETTER DE -345 229 E5 Е CYRILLIC CAPITAL LETTER IE -346 230 E6 Ф CYRILLIC CAPITAL LETTER EF -347 231 E7 Г CYRILLIC CAPITAL LETTER GHE -350 232 E8 Х CYRILLIC CAPITAL LETTER HA -351 233 E9 И CYRILLIC CAPITAL LETTER I -352 234 EA Й CYRILLIC CAPITAL LETTER SHORT I -353 235 EB К CYRILLIC CAPITAL LETTER KA -354 236 EC Л CYRILLIC CAPITAL LETTER EL -355 237 ED М CYRILLIC CAPITAL LETTER EM -356 238 EE Н CYRILLIC CAPITAL LETTER EN -357 239 EF О CYRILLIC CAPITAL LETTER O -360 240 F0 П CYRILLIC CAPITAL LETTER PE -361 241 F1 Я CYRILLIC CAPITAL LETTER YA -362 242 F2 Р CYRILLIC CAPITAL LETTER ER -363 243 F3 С CYRILLIC CAPITAL LETTER ES -364 244 F4 Т CYRILLIC CAPITAL LETTER TE -365 245 F5 У CYRILLIC CAPITAL LETTER U -366 246 F6 Ж CYRILLIC CAPITAL LETTER ZHE -367 247 F7 В CYRILLIC CAPITAL LETTER VE -370 248 F8 Ь CYRILLIC CAPITAL LETTER SOFT SIGN -371 249 F9 Ы CYRILLIC CAPITAL LETTER YERU -372 250 FA З CYRILLIC CAPITAL LETTER ZE -373 251 FB Ш CYRILLIC CAPITAL LETTER SHA -374 252 FC Э CYRILLIC CAPITAL LETTER E -375 253 FD Щ CYRILLIC CAPITAL LETTER SHCHA -376 254 FE Ч CYRILLIC CAPITAL LETTER CHE -377 255 FF Ъ CYRILLIC CAPITAL LETTER HARD SIGN -.TE -.SH NOTES -The differences from KOI8-R are in the hex positions -A4, A6, A7, AD, B4, B6, B7, and BD. -.SH SEE ALSO -.BR ascii (7), -.BR charsets (7), -.BR cp1251 (7), -.BR iso_8859\-5 (7), -.BR koi8\-r (7), -.BR utf\-8 (7) diff --git a/man7/landlock.7 b/man7/landlock.7 deleted file mode 100644 index 3df7d7b..0000000 --- a/man7/landlock.7 +++ /dev/null @@ -1,585 +0,0 @@ -'\" t -.\" Copyright © 2017-2020 Mickaël Salaün -.\" Copyright © 2019-2020 ANSSI -.\" Copyright © 2021 Microsoft Corporation -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH Landlock 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -Landlock \- unprivileged access-control -.SH DESCRIPTION -Landlock is an access-control system that enables any processes to -securely restrict themselves and their future children. -Because Landlock is a stackable Linux Security Module (LSM), -it makes it possible to create safe security sandboxes -as new security layers in addition to -the existing system-wide access-controls. -This kind of sandbox is expected to help mitigate -the security impact of bugs, -and unexpected or malicious behaviors in applications. -.P -A Landlock security policy is a set of access rights -(e.g., open a file in read-only, make a directory, etc.) -tied to a file hierarchy. -Such policy can be configured and enforced by processes for themselves -using three system calls: -.IP \[bu] 3 -.BR landlock_create_ruleset (2) -creates a new ruleset; -.IP \[bu] -.BR landlock_add_rule (2) -adds a new rule to a ruleset; -.IP \[bu] -.BR landlock_restrict_self (2) -enforces a ruleset on the calling thread. -.P -To be able to use these system calls, -the running kernel must support Landlock and -it must be enabled at boot time. -.\" -.SS Landlock rules -A Landlock rule describes an action on an object. -An object is currently a file hierarchy, -and the related filesystem actions are defined with access rights (see -.BR landlock_add_rule (2)). -A set of rules is aggregated in a ruleset, -which can then restrict the thread enforcing it, -and its future children. -.\" -.SS Filesystem actions -These flags enable to restrict a sandboxed process to a -set of actions on files and directories. -Files or directories opened before the sandboxing -are not subject to these restrictions. -See -.BR landlock_add_rule (2) -and -.BR landlock_create_ruleset (2) -for more context. -.P -A file can only receive these access rights: -.TP -.B LANDLOCK_ACCESS_FS_EXECUTE -Execute a file. -.TP -.B LANDLOCK_ACCESS_FS_WRITE_FILE -Open a file with write access. -.IP -When opening files for writing, -you will often additionally need the -.B LANDLOCK_ACCESS_FS_TRUNCATE -right. -In many cases, -these system calls truncate existing files when overwriting them -(e.g., -.BR creat (2)). -.TP -.B LANDLOCK_ACCESS_FS_READ_FILE -Open a file with read access. -.TP -.B LANDLOCK_ACCESS_FS_TRUNCATE -Truncate a file with -.BR truncate (2), -.BR ftruncate (2), -.BR creat (2), -or -.BR open (2) -with -.BR O_TRUNC . -Whether an opened file can be truncated with -.BR ftruncate (2) -is determined during -.BR open (2), -in the same way as read and write permissions are checked during -.BR open (2) -using -.B LANDLOCK_ACCESS_FS_READ_FILE -and -.BR LANDLOCK_ACCESS_FS_WRITE_FILE . -This access right is available since the third version of the Landlock ABI. -.P -A directory can receive access rights related to files or directories. -The following access right is applied to the directory itself, -and the directories beneath it: -.TP -.B LANDLOCK_ACCESS_FS_READ_DIR -Open a directory or list its content. -.P -However, -the following access rights only apply to the content of a directory, -not the directory itself: -.TP -.B LANDLOCK_ACCESS_FS_REMOVE_DIR -Remove an empty directory or rename one. -.TP -.B LANDLOCK_ACCESS_FS_REMOVE_FILE -Unlink (or rename) a file. -.TP -.B LANDLOCK_ACCESS_FS_MAKE_CHAR -Create (or rename or link) a character device. -.TP -.B LANDLOCK_ACCESS_FS_MAKE_DIR -Create (or rename) a directory. -.TP -.B LANDLOCK_ACCESS_FS_MAKE_REG -Create (or rename or link) a regular file. -.TP -.B LANDLOCK_ACCESS_FS_MAKE_SOCK -Create (or rename or link) a UNIX domain socket. -.TP -.B LANDLOCK_ACCESS_FS_MAKE_FIFO -Create (or rename or link) a named pipe. -.TP -.B LANDLOCK_ACCESS_FS_MAKE_BLOCK -Create (or rename or link) a block device. -.TP -.B LANDLOCK_ACCESS_FS_MAKE_SYM -Create (or rename or link) a symbolic link. -.TP -.B LANDLOCK_ACCESS_FS_REFER -Link or rename a file from or to a different directory -(i.e., reparent a file hierarchy). -.IP -This access right is available since the second version of the Landlock ABI. -.IP -This is the only access right which is denied by default by any ruleset, -even if the right is not specified as handled at ruleset creation time. -The only way to make a ruleset grant this right -is to explicitly allow it for a specific directory -by adding a matching rule to the ruleset. -.IP -In particular, when using the first Landlock ABI version, -Landlock will always deny attempts to reparent files -between different directories. -.IP -In addition to the source and destination directories having the -.B LANDLOCK_ACCESS_FS_REFER -access right, -the attempted link or rename operation must meet the following constraints: -.RS -.IP \[bu] 3 -The reparented file may not gain more access rights in the destination directory -than it previously had in the source directory. -If this is attempted, the operation results in an -.B EXDEV -error. -.IP \[bu] -When linking or renaming, the -.BI LANDLOCK_ACCESS_FS_MAKE_ * -right for the respective file type must be granted -for the destination directory. -Otherwise, the operation results in an -.B EACCES -error. -.IP \[bu] -When renaming, the -.BI LANDLOCK_ACCESS_FS_REMOVE_ * -right for the respective file type must be granted -for the source directory. -Otherwise, the operation results in an -.B EACCES -error. -.RE -.IP -If multiple requirements are not met, the -.B EACCES -error code takes precedence over -.BR EXDEV . -.\" -.SS Layers of file path access rights -Each time a thread enforces a ruleset on itself, -it updates its Landlock domain with a new layer of policy. -Indeed, this complementary policy is composed with the -potentially other rulesets already restricting this thread. -A sandboxed thread can then safely add more constraints to itself with a -new enforced ruleset. -.P -One policy layer grants access to a file path -if at least one of its rules encountered on the path grants the access. -A sandboxed thread can only access a file path -if all its enforced policy layers grant the access -as well as all the other system access controls -(e.g., filesystem DAC, other LSM policies, etc.). -.\" -.SS Bind mounts and OverlayFS -Landlock enables restricting access to file hierarchies, -which means that these access rights can be propagated with bind mounts -(cf. -.BR mount_namespaces (7)) -but not with OverlayFS. -.P -A bind mount mirrors a source file hierarchy to a destination. -The destination hierarchy is then composed of the exact same files, -on which Landlock rules can be tied, -either via the source or the destination path. -These rules restrict access when they are encountered on a path, -which means that they can restrict access to -multiple file hierarchies at the same time, -whether these hierarchies are the result of bind mounts or not. -.P -An OverlayFS mount point consists of upper and lower layers. -These layers are combined in a merge directory, result of the mount point. -This merge hierarchy may include files from the upper and lower layers, -but modifications performed on the merge hierarchy -only reflect on the upper layer. -From a Landlock policy point of view, -each of the OverlayFS layers and merge hierarchies is standalone and -contains its own set of files and directories, -which is different from a bind mount. -A policy restricting an OverlayFS layer will not restrict -the resulted merged hierarchy, and vice versa. -Landlock users should then only think about file hierarchies they want to -allow access to, regardless of the underlying filesystem. -.\" -.SS Inheritance -Every new thread resulting from a -.BR clone (2) -inherits Landlock domain restrictions from its parent. -This is similar to the -.BR seccomp (2) -inheritance or any other LSM dealing with tasks' -.BR credentials (7). -For instance, one process's thread may apply Landlock rules to itself, -but they will not be automatically applied to other sibling threads -(unlike POSIX thread credential changes, cf. -.BR nptl (7)). -.P -When a thread sandboxes itself, -we have the guarantee that the related security policy -will stay enforced on all this thread's descendants. -This allows creating standalone and modular security policies -per application, -which will automatically be composed between themselves -according to their run-time parent policies. -.\" -.SS Ptrace restrictions -A sandboxed process has less privileges than a non-sandboxed process and -must then be subject to additional restrictions -when manipulating another process. -To be allowed to use -.BR ptrace (2) -and related syscalls on a target process, -a sandboxed process should have a subset of the target process rules, -which means the tracee must be in a sub-domain of the tracer. -.\" -.SS Truncating files -The operations covered by -.B LANDLOCK_ACCESS_FS_WRITE_FILE -and -.B LANDLOCK_ACCESS_FS_TRUNCATE -both change the contents of a file and sometimes overlap in -non-intuitive ways. -It is recommended to always specify both of these together. -.P -A particularly surprising example is -.BR creat (2). -The name suggests that this system call requires -the rights to create and write files. -However, it also requires the truncate right -if an existing file under the same name is already present. -.P -It should also be noted that truncating files does not require the -.B LANDLOCK_ACCESS_FS_WRITE_FILE -right. -Apart from the -.BR truncate (2) -system call, this can also be done through -.BR open (2) -with the flags -.IR "O_RDONLY\ |\ O_TRUNC" . -.P -When opening a file, the availability of the -.B LANDLOCK_ACCESS_FS_TRUNCATE -right is associated with the newly created file descriptor -and will be used for subsequent truncation attempts using -.BR ftruncate (2). -The behavior is similar to opening a file for reading or writing, -where permissions are checked during -.BR open (2), -but not during the subsequent -.BR read (2) -and -.BR write (2) -calls. -.P -As a consequence, -it is possible to have multiple open file descriptors for the same file, -where one grants the right to truncate the file and the other does not. -It is also possible to pass such file descriptors between processes, -keeping their Landlock properties, -even when these processes do not have an enforced Landlock ruleset. -.SH VERSIONS -Landlock was introduced in Linux 5.13. -.P -To determine which Landlock features are available, -users should query the Landlock ABI version: -.TS -box; -ntb| ntb| lbx -nt| nt| lbx. -ABI Kernel Newly introduced access rights -_ _ _ -1 5.13 LANDLOCK_ACCESS_FS_EXECUTE -\^ \^ LANDLOCK_ACCESS_FS_WRITE_FILE -\^ \^ LANDLOCK_ACCESS_FS_READ_FILE -\^ \^ LANDLOCK_ACCESS_FS_READ_DIR -\^ \^ LANDLOCK_ACCESS_FS_REMOVE_DIR -\^ \^ LANDLOCK_ACCESS_FS_REMOVE_FILE -\^ \^ LANDLOCK_ACCESS_FS_MAKE_CHAR -\^ \^ LANDLOCK_ACCESS_FS_MAKE_DIR -\^ \^ LANDLOCK_ACCESS_FS_MAKE_REG -\^ \^ LANDLOCK_ACCESS_FS_MAKE_SOCK -\^ \^ LANDLOCK_ACCESS_FS_MAKE_FIFO -\^ \^ LANDLOCK_ACCESS_FS_MAKE_BLOCK -\^ \^ LANDLOCK_ACCESS_FS_MAKE_SYM -_ _ _ -2 5.19 LANDLOCK_ACCESS_FS_REFER -_ _ _ -3 6.2 LANDLOCK_ACCESS_FS_TRUNCATE -.TE -.P -Users should use the Landlock ABI version rather than the kernel version -to determine which features are available. -The mainline kernel versions listed here are only included for orientation. -Kernels from other sources may contain backported features, -and their version numbers may not match. -.P -To query the running kernel's Landlock ABI version, -programs may pass the -.B LANDLOCK_CREATE_RULESET_VERSION -flag to -.BR landlock_create_ruleset (2). -.P -When building fallback mechanisms for compatibility with older kernels, -users are advised to consider the special semantics of the -.B LANDLOCK_ACCESS_FS_REFER -access right: -In ABI v1, -linking and moving of files between different directories is always forbidden, -so programs relying on such operations are only compatible -with Landlock ABI v2 and higher. -.SH NOTES -Landlock is enabled by -.BR CONFIG_SECURITY_LANDLOCK . -The -.I lsm=lsm1,...,lsmN -command line parameter controls the sequence of the initialization of -Linux Security Modules. -It must contain the string -.I landlock -to enable Landlock. -If the command line parameter is not specified, -the initialization falls back to the value of the deprecated -.I security= -command line parameter and further to the value of -.BR CONFIG_LSM . -We can check that Landlock is enabled by looking for -.I landlock: Up and running. -in kernel logs. -.SH CAVEATS -It is currently not possible to restrict some file-related actions -accessible through these system call families: -.BR chdir (2), -.BR stat (2), -.BR flock (2), -.BR chmod (2), -.BR chown (2), -.BR setxattr (2), -.BR utime (2), -.BR ioctl (2), -.BR fcntl (2), -.BR access (2). -Future Landlock evolutions will enable to restrict them. -.SH EXAMPLES -We first need to create the ruleset that will contain our rules. -.P -For this example, -the ruleset will contain rules that only allow read actions, -but write actions will be denied. -The ruleset then needs to handle both of these kinds of actions. -See the -.B DESCRIPTION -section for the description of filesystem actions. -.P -.in +4n -.EX -struct landlock_ruleset_attr attr = {0}; -int ruleset_fd; -\& -attr.handled_access_fs = - LANDLOCK_ACCESS_FS_EXECUTE | - LANDLOCK_ACCESS_FS_WRITE_FILE | - LANDLOCK_ACCESS_FS_READ_FILE | - LANDLOCK_ACCESS_FS_READ_DIR | - LANDLOCK_ACCESS_FS_REMOVE_DIR | - LANDLOCK_ACCESS_FS_REMOVE_FILE | - LANDLOCK_ACCESS_FS_MAKE_CHAR | - LANDLOCK_ACCESS_FS_MAKE_DIR | - LANDLOCK_ACCESS_FS_MAKE_REG | - LANDLOCK_ACCESS_FS_MAKE_SOCK | - LANDLOCK_ACCESS_FS_MAKE_FIFO | - LANDLOCK_ACCESS_FS_MAKE_BLOCK | - LANDLOCK_ACCESS_FS_MAKE_SYM | - LANDLOCK_ACCESS_FS_REFER | - LANDLOCK_ACCESS_FS_TRUNCATE; -.EE -.in -.P -To be compatible with older Linux versions, -we detect the available Landlock ABI version, -and only use the available subset of access rights: -.P -.in +4n -.EX -/* - * Table of available file system access rights by ABI version, - * numbers hardcoded to keep the example short. - */ -__u64 landlock_fs_access_rights[] = { - (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */ - (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */ - (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */ -}; -\& -int abi = landlock_create_ruleset(NULL, 0, - LANDLOCK_CREATE_RULESET_VERSION); -if (abi == \-1) { - /* - * Kernel too old, not compiled with Landlock, - * or Landlock was not enabled at boot time. - */ - perror("Unable to use Landlock"); - return; /* Graceful fallback: Do nothing. */ -} -abi = MIN(abi, 3); -\& -/* Only use the available rights in the ruleset. */ -attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1]; -.EE -.in -.P -The available access rights for each ABI version are listed in the -.B VERSIONS -section. -.P -If our program needed to create hard links -or rename files between different directories -.RB ( LANDLOCK_ACCESS_FS_REFER ), -we would require the following change to the backwards compatibility logic: -Directory reparenting is not possible -in a process restricted with Landlock ABI version 1. -Therefore, -if the program needed to do file reparenting, -and if only Landlock ABI version 1 was available, -we could not restrict the process. -.P -Now that the ruleset attributes are determined, -we create the Landlock ruleset -and acquire a file descriptor as a handle to it, -using -.BR landlock_create_ruleset (2): -.P -.in +4n -.EX -ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0); -if (ruleset_fd == \-1) { - perror("Failed to create a ruleset"); - exit(EXIT_FAILURE); -} -.EE -.in -.P -We can now add a new rule to the ruleset through the ruleset's file descriptor. -The requested access rights must be a subset of the access rights -which were specified in -.I attr.handled_access_fs -at ruleset creation time. -.P -In this example, the rule will only allow reading the file hierarchy -.IR /usr . -Without another rule, write actions would then be denied by the ruleset. -To add -.I /usr -to the ruleset, we open it with the -.I O_PATH -flag and fill the -.I struct landlock_path_beneath_attr -with this file descriptor. -.P -.in +4n -.EX -struct landlock_path_beneath_attr path_beneath = {0}; -int err; -\& -path_beneath.allowed_access = - LANDLOCK_ACCESS_FS_EXECUTE | - LANDLOCK_ACCESS_FS_READ_FILE | - LANDLOCK_ACCESS_FS_READ_DIR; -\& -path_beneath.parent_fd = open("/usr", O_PATH | O_CLOEXEC); -if (path_beneath.parent_fd == \-1) { - perror("Failed to open file"); - close(ruleset_fd); - exit(EXIT_FAILURE); -} -err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, - &path_beneath, 0); -close(path_beneath.parent_fd); -if (err) { - perror("Failed to update ruleset"); - close(ruleset_fd); - exit(EXIT_FAILURE); -} -.EE -.in -.P -We now have a ruleset with one rule allowing read access to -.I /usr -while denying all other handled accesses for the filesystem. -The next step is to restrict the current thread from gaining more -privileges -(e.g., thanks to a set-user-ID binary). -.P -.in +4n -.EX -if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { - perror("Failed to restrict privileges"); - close(ruleset_fd); - exit(EXIT_FAILURE); -} -.EE -.in -.P -The current thread is now ready to sandbox itself with the ruleset. -.P -.in +4n -.EX -if (landlock_restrict_self(ruleset_fd, 0)) { - perror("Failed to enforce ruleset"); - close(ruleset_fd); - exit(EXIT_FAILURE); -} -close(ruleset_fd); -.EE -.in -.P -If the -.BR landlock_restrict_self (2) -system call succeeds, the current thread is now restricted and -this policy will be enforced on all its subsequently created children as well. -Once a thread is landlocked, there is no way to remove its security policy; -only adding more restrictions is allowed. -These threads are now in a new Landlock domain, -merge of their parent one (if any) with the new ruleset. -.P -Full working code can be found in -.UR https://git.kernel.org/\:pub/\:scm/\:linux/\:kernel/\:git/\:stable/\:linux.git/\:tree/\:samples/\:landlock/\:sandboxer.c -.UE -.SH SEE ALSO -.BR landlock_create_ruleset (2), -.BR landlock_add_rule (2), -.BR landlock_restrict_self (2) -.P -.UR https://landlock.io/ -.UE diff --git a/man7/latin1.7 b/man7/latin1.7 deleted file mode 100644 index 1969dfb..0000000 --- a/man7/latin1.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-1.7 diff --git a/man7/latin10.7 b/man7/latin10.7 deleted file mode 100644 index b9c8e91..0000000 --- a/man7/latin10.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-16.7 diff --git a/man7/latin2.7 b/man7/latin2.7 deleted file mode 100644 index da36668..0000000 --- a/man7/latin2.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-2.7 diff --git a/man7/latin3.7 b/man7/latin3.7 deleted file mode 100644 index 75e42ce..0000000 --- a/man7/latin3.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-3.7 diff --git a/man7/latin4.7 b/man7/latin4.7 deleted file mode 100644 index 15a829e..0000000 --- a/man7/latin4.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-4.7 diff --git a/man7/latin5.7 b/man7/latin5.7 deleted file mode 100644 index 0fcc7d4..0000000 --- a/man7/latin5.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-9.7 diff --git a/man7/latin6.7 b/man7/latin6.7 deleted file mode 100644 index 9b4658f..0000000 --- a/man7/latin6.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-10.7 diff --git a/man7/latin7.7 b/man7/latin7.7 deleted file mode 100644 index 8ad2335..0000000 --- a/man7/latin7.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-13.7 diff --git a/man7/latin8.7 b/man7/latin8.7 deleted file mode 100644 index 4aa555d..0000000 --- a/man7/latin8.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-14.7 diff --git a/man7/latin9.7 b/man7/latin9.7 deleted file mode 100644 index a4095d7..0000000 --- a/man7/latin9.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-15.7 diff --git a/man7/libc.7 b/man7/libc.7 deleted file mode 100644 index 5e906d1..0000000 --- a/man7/libc.7 +++ /dev/null @@ -1,115 +0,0 @@ -.\" Copyright (c) 2009 Linux Foundation, written by Michael Kerrisk -.\" -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH libc 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -libc \- overview of standard C libraries on Linux -.SH DESCRIPTION -The term \[lq]libc\[rq] is commonly used as a shorthand for -the \[lq]standard C library\[rq] -a library of standard functions that can be used by all C programs -(and sometimes by programs in other languages). -Because of some history -(see below), -use of the term \[lq]libc\[rq] -to refer to the standard C library is somewhat ambiguous on Linux. -.SS glibc -By far the most widely used C library on Linux is the -.UR http://www.gnu.org\:/software\:/libc/ -GNU C Library -.UE , -often referred to as -.IR glibc . -This is the C library that is nowadays used in all -major Linux distributions. -It is also the C library whose details are documented -in the relevant pages of the -.I man-pages -project -(primarily in Section 3 of the manual). -Documentation of glibc is also available in the glibc manual, -available via the command -.IR "info libc" . -Release 1.0 of glibc was made in September 1992. -(There were earlier 0.x releases.) -The next major release of glibc was 2.0, -at the beginning of 1997. -.P -The pathname -.I /lib/libc.so.6 -(or something similar) -is normally a symbolic link that -points to the location of the glibc library, -and executing this pathname will cause glibc to display -various information about the version installed on your system. -.SS Linux libc -In the early to mid 1990s, -there was for a while -.IR "Linux libc" , -a fork of glibc 1.x created by Linux developers who felt that glibc -development at the time was not sufficing for the needs of Linux. -Often, -this library was referred to (ambiguously) as just \[lq]libc\[rq]. -Linux libc released major versions 2, 3, 4, and 5, -as well as many minor versions of those releases. -Linux libc4 was the last version to use the a.out binary format, -and the first version to provide (primitive) shared library support. -Linux libc 5 was the first version to support the ELF binary format; -this version used the shared library soname -.IR libc.so.5 . -For a while, -Linux libc was the standard C library in many Linux distributions. -.P -However, -notwithstanding the original motivations of the Linux libc effort, -by the time glibc 2.0 was released -(in 1997), -it was clearly superior to Linux libc, -and all major Linux distributions that had been using Linux libc -soon switched back to glibc. -To avoid any confusion with Linux libc versions, -glibc 2.0 and later used the shared library soname -.IR libc.so.6 . -.P -Since the switch from Linux libc to glibc 2.0 occurred long ago, -.I man-pages -no longer takes care to document Linux libc details. -Nevertheless, -the history is visible in vestiges of information -about Linux libc that remain in a few manual pages, -in particular, -references to -.I libc4 -and -.IR libc5 . -.SS Other C libraries -There are various other less widely used C libraries for Linux. -These libraries are generally smaller than glibc, -both in terms of features and memory footprint, -and often intended for building small binaries, -perhaps targeted at development for embedded Linux systems. -Among such libraries are -.UR http://www\:.uclibc\:.org/ -.I uClibc -.UE , -.UR http://www\:.fefe\:.de/\:dietlibc/ -.I dietlibc -.UE , -and -.UR http://www\:.musl\-libc\:.org/ -.I "musl libc" -.UE . -Details of these libraries are covered by the -.I man-pages -project, -where they are known. -.SH SEE ALSO -.BR syscalls (2), -.BR getauxval (3), -.BR proc (5), -.BR feature_test_macros (7), -.BR man\-pages (7), -.BR standards (7), -.BR vdso (7) diff --git a/man7/locale.7 b/man7/locale.7 deleted file mode 100644 index 862a1d5..0000000 --- a/man7/locale.7 +++ /dev/null @@ -1,379 +0,0 @@ -.\" Copyright (c) 1993 by Thomas Koenig (ig25@rz.uni-karlsruhe.de) -.\" and Copyright (C) 2014 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" Modified Sat Jul 24 17:28:34 1993 by Rik Faith -.\" Modified Sun Jun 01 17:16:34 1997 by Jochen Hein -.\" -.\" Modified Thu Apr 25 00:43:19 2002 by Bruno Haible -.\" -.TH locale 7 2024-02-25 "Linux man-pages 6.7" -.SH NAME -locale \- description of multilanguage support -.SH SYNOPSIS -.nf -.B #include -.fi -.SH DESCRIPTION -A locale is a set of language and cultural rules. -These cover aspects -such as language for messages, different character sets, lexicographic -conventions, and so on. -A program needs to be able to determine its locale -and act accordingly to be portable to different cultures. -.P -The header -.I -declares data types, functions, and macros which are useful in this -task. -.P -The functions it declares are -.BR setlocale (3) -to set the current locale, and -.BR localeconv (3) -to get information about number formatting. -.P -There are different categories for locale information a program might -need; they are declared as macros. -Using them as the first argument -to the -.BR setlocale (3) -function, it is possible to set one of these to the desired locale: -.TP -.BR LC_ADDRESS " (GNU extension, since glibc 2.2)" -.\" See ISO/IEC Technical Report 14652 -Change settings that describe the formats (e.g., postal addresses) -used to describe locations and geography-related items. -Applications that need this information can use -.BR nl_langinfo (3) -to retrieve nonstandard elements, such as -.B _NL_ADDRESS_COUNTRY_NAME -(country name, in the language of the locale) -and -.B _NL_ADDRESS_LANG_NAME -(language name, in the language of the locale), -which return strings such as "Deutschland" and "Deutsch" -(for German-language locales). -(Other element names are listed in -.IR .) -.TP -.B LC_COLLATE -This category governs the collation rules used for -sorting and regular expressions, -including character equivalence classes and -multicharacter collating elements. -This locale category changes the behavior of the functions -.BR strcoll (3) -and -.BR strxfrm (3), -which are used to compare strings in the local alphabet. -For example, -the German sharp s is sorted as "ss". -.TP -.B LC_CTYPE -This category determines the interpretation of byte sequences as characters -(e.g., single versus multibyte characters), character classifications -(e.g., alphabetic or digit), and the behavior of character classes. -On glibc systems, this category also determines -the character transliteration rules for -.BR iconv (1) -and -.BR iconv (3). -It changes the behavior of the character handling and -classification functions, such as -.BR isupper (3) -and -.BR toupper (3), -and the multibyte character functions such as -.BR mblen (3) -or -.BR wctomb (3). -.TP -.BR LC_IDENTIFICATION " (GNU extension, since glibc 2.2)" -.\" See ISO/IEC Technical Report 14652 -Change settings that relate to the metadata for the locale. -Applications that need this information can use -.BR nl_langinfo (3) -to retrieve nonstandard elements, such as -.B _NL_IDENTIFICATION_TITLE -(title of this locale document) -and -.B _NL_IDENTIFICATION_TERRITORY -(geographical territory to which this locale document applies), -which might return strings such as "English locale for the USA" -and "USA". -(Other element names are listed in -.IR .) -.TP -.B LC_MONETARY -This category determines the formatting used for -monetary-related numeric values. -This changes the information returned by -.BR localeconv (3), -which describes the way numbers are usually printed, with details such -as decimal point versus decimal comma. -This information is internally -used by the function -.BR strfmon (3). -.TP -.B LC_MESSAGES -This category affects the language in which messages are displayed -and what an affirmative or negative answer looks like. -The GNU C library contains the -.BR gettext (3), -.BR ngettext (3), -and -.BR rpmatch (3) -functions to ease the use of this information. -The GNU gettext family of -functions also obey the environment variable -.B LANGUAGE -(containing a colon-separated list of locales) -if the category is set to a valid locale other than -.BR \[dq]C\[dq] . -This category also affects the behavior of -.BR catopen (3). -.TP -.BR LC_MEASUREMENT " (GNU extension, since glibc 2.2)" -Change the settings relating to the measurement system in the locale -(i.e., metric versus US customary units). -Applications can use -.BR nl_langinfo (3) -to retrieve the nonstandard -.B _NL_MEASUREMENT_MEASUREMENT -element, which returns a pointer to a character -that has the value 1 (metric) or 2 (US customary units). -.TP -.BR LC_NAME " (GNU extension, since glibc 2.2)" -.\" See ISO/IEC Technical Report 14652 -Change settings that describe the formats used to address persons. -Applications that need this information can use -.BR nl_langinfo (3) -to retrieve nonstandard elements, such as -.B _NL_NAME_NAME_MR -(general salutation for men) -and -.B _NL_NAME_NAME_MS -(general salutation for women) -elements, which return strings such as "Herr" and "Frau" -(for German-language locales). -(Other element names are listed in -.IR .) -.TP -.B LC_NUMERIC -This category determines the formatting rules used for nonmonetary -numeric values\[em]for example, -the thousands separator and the radix character -(a period in most English-speaking countries, -but a comma in many other regions). -It affects functions such as -.BR printf (3), -.BR scanf (3), -and -.BR strtod (3). -This information can also be read with the -.BR localeconv (3) -function. -.TP -.BR LC_PAPER " (GNU extension, since glibc 2.2)" -.\" See ISO/IEC Technical Report 14652 -Change the settings relating to the dimensions of the standard paper size -(e.g., US letter versus A4). -Applications that need the dimensions can obtain them by using -.BR nl_langinfo (3) -to retrieve the nonstandard -.B _NL_PAPER_WIDTH -and -.B _NL_PAPER_HEIGHT -elements, which return -.I int -values specifying the dimensions in millimeters. -.TP -.BR LC_TELEPHONE " (GNU extension, since glibc 2.2)" -.\" See ISO/IEC Technical Report 14652 -Change settings that describe the formats to be used with telephone services. -Applications that need this information can use -.BR nl_langinfo (3) -to retrieve nonstandard elements, such as -.B _NL_TELEPHONE_INT_PREFIX -(international prefix used to call numbers in this locale), -which returns a string such as "49" (for Germany). -(Other element names are listed in -.IR .) -.TP -.B LC_TIME -This category governs the formatting used for date and time values. -For example, most of Europe uses a 24-hour clock versus the -12-hour clock used in the United States. -The setting of this category affects the behavior of functions such as -.BR strftime (3) -and -.BR strptime (3). -.TP -.B LC_ALL -All of the above. -.P -If the second argument to -.BR setlocale (3) -is an empty string, -.IR \[dq]\[dq] , -for the default locale, it is determined using the following steps: -.IP (1) 5 -If there is a non-null environment variable -.BR LC_ALL , -the value of -.B LC_ALL -is used. -.IP (2) -If an environment variable with the same name as one of the categories -above exists and is non-null, its value is used for that category. -.IP (3) -If there is a non-null environment variable -.BR LANG , -the value of -.B LANG -is used. -.P -Values about local numeric formatting is made available in a -.I struct lconv -returned by the -.BR localeconv (3) -function, which has the following declaration: -.P -.in +4n -.EX -struct lconv { -\& - /* Numeric (nonmonetary) information */ -\& - char *decimal_point; /* Radix character */ - char *thousands_sep; /* Separator for digit groups to left - of radix character */ - char *grouping; /* Each element is the number of digits in - a group; elements with higher indices - are further left. An element with value - CHAR_MAX means that no further grouping - is done. An element with value 0 means - that the previous element is used for - all groups further left. */ -\& - /* Remaining fields are for monetary information */ -\& - char *int_curr_symbol; /* First three chars are a currency - symbol from ISO 4217. Fourth char - is the separator. Fifth char - is \[aq]\e0\[aq]. */ - char *currency_symbol; /* Local currency symbol */ - char *mon_decimal_point; /* Radix character */ - char *mon_thousands_sep; /* Like \fIthousands_sep\fP above */ - char *mon_grouping; /* Like \fIgrouping\fP above */ - char *positive_sign; /* Sign for positive values */ - char *negative_sign; /* Sign for negative values */ - char int_frac_digits; /* International fractional digits */ - char frac_digits; /* Local fractional digits */ - char p_cs_precedes; /* 1 if currency_symbol precedes a - positive value, 0 if succeeds */ - char p_sep_by_space; /* 1 if a space separates - currency_symbol from a positive - value */ - char n_cs_precedes; /* 1 if currency_symbol precedes a - negative value, 0 if succeeds */ - char n_sep_by_space; /* 1 if a space separates - currency_symbol from a negative - value */ - /* Positive and negative sign positions: - 0 Parentheses surround the quantity and currency_symbol. - 1 The sign string precedes the quantity and currency_symbol. - 2 The sign string succeeds the quantity and currency_symbol. - 3 The sign string immediately precedes the currency_symbol. - 4 The sign string immediately succeeds the currency_symbol. */ - char p_sign_posn; - char n_sign_posn; -}; -.EE -.in -.SS POSIX.1-2008 extensions to the locale API -POSIX.1-2008 standardized a number of extensions to the locale API, -based on implementations that first appeared in glibc 2.3. -These extensions are designed to address the problem that -the traditional locale APIs do not mix well with multithreaded applications -and with applications that must deal with multiple locales. -.P -The extensions take the form of new functions for creating and -manipulating locale objects -.RB ( newlocale (3), -.BR freelocale (3), -.BR duplocale (3), -and -.BR uselocale (3)) -and various new library functions with the suffix "_l" (e.g., -.BR toupper_l (3)) -that extend the traditional locale-dependent APIs (e.g., -.BR toupper (3)) -to allow the specification of a locale object that should apply when -executing the function. -.SH ENVIRONMENT -The following environment variable is used by -.BR newlocale (3) -and -.BR setlocale (3), -and thus affects all unprivileged localized programs: -.TP -.B LOCPATH -A list of pathnames, separated by colons (\[aq]:\[aq]), -that should be used to find locale data. -If this variable is set, -only the individual compiled locale data files from -.B LOCPATH -and the system default locale data path are used; -any available locale archives are not used (see -.BR localedef (1)). -The individual compiled locale data files are searched for under -subdirectories which depend on the currently used locale. -For example, when -.I en_GB.UTF\-8 -is used for a category, the following subdirectories are searched for, -in this order: -.IR en_GB.UTF\-8 , -.IR en_GB.utf8 , -.IR en_GB , -.IR en.UTF\-8 , -.IR en.utf8 , -and -.IR en . -.SH FILES -.TP -.I /usr/lib/locale/locale\-archive -Usual default locale archive location. -.TP -.I /usr/lib/locale -Usual default path for compiled individual locale files. -.SH STANDARDS -POSIX.1-2001. -.\" -.\" The GNU gettext functions are specified in LI18NUX2000. -.SH SEE ALSO -.BR iconv (1), -.BR locale (1), -.BR localedef (1), -.BR catopen (3), -.BR gettext (3), -.BR iconv (3), -.BR localeconv (3), -.BR mbstowcs (3), -.BR newlocale (3), -.BR ngettext (3), -.BR nl_langinfo (3), -.BR rpmatch (3), -.BR setlocale (3), -.BR strcoll (3), -.BR strfmon (3), -.BR strftime (3), -.BR strxfrm (3), -.BR uselocale (3), -.BR wcstombs (3), -.BR locale (5), -.BR charsets (7), -.BR unicode (7), -.BR utf\-8 (7) diff --git a/man7/mailaddr.7 b/man7/mailaddr.7 deleted file mode 100644 index f2da7da..0000000 --- a/man7/mailaddr.7 +++ /dev/null @@ -1,134 +0,0 @@ -.\" Copyright (c) 1983, 1987 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" @(#)mailaddr.7 6.5 (Berkeley) 2/14/89 -.\" -.\" Extensively rewritten by Arnt Gulbrandsen . My -.\" changes are placed under the same copyright as the original BSD page. -.\" -.\" Adjusted by Arnt Gulbrandsen in 2004 to -.\" account for changes since 1995. Route-addrs are now even less -.\" common, etc. Some minor wording improvements. Same copyright. -.\" -.\" %%%LICENSE_START(PERMISSIVE_MISC) -.\" Redistribution and use in source and binary forms are permitted -.\" provided that the above copyright notice and this paragraph are -.\" duplicated in all such forms and that any documentation, -.\" advertising materials, and other materials related to such -.\" distribution and use acknowledge that the software was developed -.\" by the University of California, Berkeley. The name of the -.\" University may not be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" %%%LICENSE_END -.\" -.TH mailaddr 7 2023-10-31 "Linux man-pages 6.7" -.UC 5 -.SH NAME -mailaddr \- mail addressing description -.SH DESCRIPTION -.nh -This manual page gives a brief introduction to SMTP mail addresses, -as used on the Internet. -These addresses are in the general format -.P -.in +4n -.EX -user@domain -.EE -.in -.P -where a domain is a hierarchical dot-separated list of subdomains. -These examples are valid forms of the same address: -.P -.in +4n -.EX -john.doe@monet.example.com -John Doe -john.doe@monet.example.com (John Doe) -.EE -.in -.P -The domain part ("monet.example.com") is a mail-accepting domain. -It can be a host and in the past it usually was, but it doesn't have to be. -The domain part is not case sensitive. -.P -The local part ("john.doe") is often a username, -but its meaning is defined by the local software. -Sometimes it is case sensitive, -although that is unusual. -If you see a local-part that looks like garbage, -it is usually because of a gateway between an internal e-mail -system and the net, here are some examples: -.P -.in +4n -.EX -"surname/admd=telemail/c=us/o=hp/prmd=hp"@some.where -USER%SOMETHING@some.where -machine!machine!name@some.where -I2461572@some.where -.EE -.in -.P -(These are, respectively, an X.400 gateway, a gateway to an arbitrary -internal mail system that lacks proper internet support, an UUCP -gateway, and the last one is just boring username policy.) -.P -The real-name part ("John Doe") can either be placed before -<>, or in () at the end. -(Strictly speaking the two aren't the same, -but the difference is beyond the scope of this page.) -The name may have to be quoted using "", for example, if it contains ".": -.P -.in +4n -.EX -"John Q. Doe" -.EE -.in -.SS Abbreviation -Some mail systems let users abbreviate the domain name. -For instance, -users at example.com may get away with "john.doe@monet" to -send mail to John Doe. -.I This behavior is deprecated. -Sometimes it works, but you should not depend on it. -.SS Route-addrs -In the past, sometimes one had to route a message through -several hosts to get it to its final destination. -Addresses which show these relays are termed "route-addrs". -These use the syntax: -.P -.in +4n -.EX -<@hosta,@hostb:user@hostc> -.EE -.in -.P -This specifies that the message should be sent to hosta, -from there to hostb, and finally to hostc. -Many hosts disregard route-addrs and send directly to hostc. -.P -Route-addrs are very unusual now. -They occur sometimes in old mail archives. -It is generally possible to ignore all but the "user@hostc" -part of the address to determine the actual address. -.SS Postmaster -Every site is required to have a user or user alias designated -"postmaster" to which problems with the mail system may be -addressed. -The "postmaster" address is not case sensitive. -.SH FILES -.I /etc/aliases -.br -.I \[ti]/.forward -.SH SEE ALSO -.BR mail (1), -.BR aliases (5), -.BR forward (5), -.BR sendmail (8) -.P -.UR http://www.ietf.org\:/rfc\:/rfc5322.txt -IETF RFC\ 5322 -.UE diff --git a/man7/man-pages.7 b/man7/man-pages.7 deleted file mode 100644 index c7eeb0a..0000000 --- a/man7/man-pages.7 +++ /dev/null @@ -1,1227 +0,0 @@ -'\" t -.\" (C) Copyright 1992-1999 Rickard E. Faith and David A. Wheeler -.\" (faith@cs.unc.edu and dwheeler@ida.org) -.\" and (C) Copyright 2007 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" 2007-05-30 created by mtk, using text from old man.7 plus -.\" rewrites and additional text. -.\" -.TH man-pages 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -man-pages \- conventions for writing Linux man pages -.SH SYNOPSIS -.B man -.RI [ section ] -.I title -.SH DESCRIPTION -This page describes the conventions that should be employed -when writing man pages for the Linux \fIman-pages\fP project, -which documents the user-space API provided by the Linux kernel -and the GNU C library. -The project thus provides most of the pages in Section 2, -many of the pages that appear in Sections 3, 4, and 7, -and a few of the pages that appear in Sections 1, 5, and 8 -of the man pages on a Linux system. -The conventions described on this page may also be useful -for authors writing man pages for other projects. -.SS Sections of the manual pages -The manual Sections are traditionally defined as follows: -.TP -.B 1 User commands (Programs) -Commands that can be executed by the user from within -a shell. -.TP -.B 2 System calls -Functions which wrap operations performed by the kernel. -.TP -.B 3 Library calls -All library functions excluding the system call wrappers -(Most of the -.I libc -functions). -.TP -.B 4 Special files (devices) -Files found in -.I /dev -which allow to access to devices through the kernel. -.TP -.B 5 File formats and configuration files -Describes various human-readable file formats and configuration files. -.TP -.B 6 Games -Games and funny little programs available on the system. -.TP -.B 7 Overview, conventions, and miscellaneous -Overviews or descriptions of various topics, conventions, and protocols, -character set standards, the standard filesystem layout, and miscellaneous -other things. -.TP -.B 8 System management commands -Commands like -.BR mount (8), -many of which only root can execute. -.\" .TP -.\" .B 9 Kernel routines -.\" This is an obsolete manual section. -.\" Once it was thought a good idea to document the Linux kernel here, -.\" but in fact very little has been documented, and the documentation -.\" that exists is outdated already. -.\" There are better sources of -.\" information for kernel developers. -.SS Macro package -New manual pages should be marked up using the -.B groff an.tmac -package described in -.BR man (7). -This choice is mainly for consistency: the vast majority of -existing Linux manual pages are marked up using these macros. -.SS Conventions for source file layout -Please limit source code line length to no more than about 75 characters -wherever possible. -This helps avoid line-wrapping in some mail clients when patches are -submitted inline. -.SS Title line -The first command in a man page should be a -.B TH -command: -.P -.RS -.B \&.TH -.I "title section date source manual-section" -.RE -.P -The arguments of the command are as follows: -.TP -.I title -The title of the man page, written in all caps (e.g., -.IR MAN-PAGES ). -.TP -.I section -The section number in which the man page should be placed (e.g., -.IR 7 ). -.TP -.I date -The date of the last nontrivial change that was made to the man page. -(Within the -.I man-pages -project, the necessary updates to these timestamps are handled -automatically by scripts, so there is no need to manually update -them as part of a patch.) -Dates should be written in the form YYYY-MM-DD. -.TP -.I source -The name and version of the project that provides the manual page -(not necessarily the package that provides the functionality). -.TP -.I manual-section -Normally, this should be empty, -since the default value will be good. -.\" -.SS Sections within a manual page -The list below shows conventional or suggested sections. -Most manual pages should include at least the -.B highlighted -sections. -Arrange a new manual page so that sections -are placed in the order shown in the list. -.P -.RS -.TS -l l. -\fBNAME\fP -LIBRARY [Normally only in Sections 2, 3] -\fBSYNOPSIS\fP -CONFIGURATION [Normally only in Section 4] -\fBDESCRIPTION\fP -OPTIONS [Normally only in Sections 1, 8] -EXIT STATUS [Normally only in Sections 1, 8] -RETURN VALUE [Normally only in Sections 2, 3] -.\" May 07: Few current man pages have an ERROR HANDLING section,,, -.\" ERROR HANDLING, -ERRORS [Typically only in Sections 2, 3] -.\" May 07: Almost no current man pages have a USAGE section,,, -.\" USAGE, -.\" DIAGNOSTICS, -.\" May 07: Almost no current man pages have a SECURITY section,,, -.\" SECURITY, -ENVIRONMENT -FILES -ATTRIBUTES [Normally only in Sections 2, 3] -VERSIONS [Normally only in Sections 2, 3] -STANDARDS -HISTORY -NOTES -CAVEATS -BUGS -EXAMPLES -.\" AUTHORS sections are discouraged -AUTHORS [Discouraged] -REPORTING BUGS [Not used in man-pages] -COPYRIGHT [Not used in man-pages] -\fBSEE ALSO\fP -.TE -.RE -.P -.IR "Where a traditional heading would apply" ", " "please use it" ; -this kind of consistency can make the information easier to understand. -If you must, you can create your own -headings if they make things easier to understand (this can -be especially useful for pages in Sections 4 and 5). -However, before doing this, consider whether you could use the -traditional headings, with some subsections (\fI.SS\fP) within -those sections. -.P -The following list elaborates on the contents of each of -the above sections. -.TP -.B NAME -The name of this manual page. -.IP -See -.BR man (7) -for important details of the line(s) that should follow the -\fB.SH NAME\fP command. -All words in this line (including the word immediately -following the "\e\-") should be in lowercase, -except where English or technical terminological convention -dictates otherwise. -.TP -.B LIBRARY -The library providing a symbol. -.IP -It shows the common name of the library, -and in parentheses, -the name of the library file -and, if needed, the linker flag needed to link a program against it: -.RI ( libfoo "[, " \-lfoo ]). -.TP -.B SYNOPSIS -A brief summary of the command or function's interface. -.IP -For commands, this shows the syntax of the command and its arguments -(including options); -boldface is used for as-is text and italics are used to -indicate replaceable arguments. -Brackets ([]) surround optional arguments, vertical bars (|) -separate choices, and ellipses (\&...) can be repeated. -For functions, it shows any required data declarations or -.B #include -directives, followed by the function declaration. -.IP -Where a feature test macro must be defined in order to obtain -the declaration of a function (or a variable) from a header file, -then the SYNOPSIS should indicate this, as described in -.BR feature_test_macros (7). -.\" FIXME . Say something here about compiler options -.TP -.B CONFIGURATION -Configuration details for a device. -.IP -This section normally appears only in Section 4 pages. -.TP -.B DESCRIPTION -An explanation of what the program, function, or format does. -.IP -Discuss how it interacts with files and standard input, and what it -produces on standard output or standard error. -Omit internals and implementation details unless they're critical for -understanding the interface. -Describe the usual case; -for information on command-line options of a program use the -.B OPTIONS -section. -.\" If there is some kind of input grammar or complex set of subcommands, -.\" consider describing them in a separate -.\" .B USAGE -.\" section (and just place an overview in the -.\" .B DESCRIPTION -.\" section). -.IP -When describing new behavior or new flags for -a system call or library function, -be careful to note the kernel or C library version -that introduced the change. -The preferred method of noting this information for flags is as part of a -.B .TP -list, in the following form (here, for a new system call flag): -.RS 16 -.TP -.BR XYZ_FLAG " (since Linux 3.7)" -Description of flag... -.RE -.IP -Including version information is especially useful to users -who are constrained to using older kernel or C library versions -(which is typical in embedded systems, for example). -.TP -.B OPTIONS -A description of the command-line options accepted by a -program and how they change its behavior. -.IP -This section should appear only for Section 1 and 8 manual pages. -.\" .TP -.\" .B USAGE -.\" describes the grammar of any sublanguage this implements. -.TP -.B EXIT STATUS -A list of the possible exit status values of a program and -the conditions that cause these values to be returned. -.IP -This section should appear only for Section 1 and 8 manual pages. -.TP -.B RETURN VALUE -For Section 2 and 3 pages, this section gives a -list of the values the library routine will return to the caller -and the conditions that cause these values to be returned. -.TP -.B ERRORS -For Section 2 and 3 manual pages, this is a list of the -values that may be placed in -.I errno -in the event of an error, along with information about the cause -of the errors. -.IP -Where several different conditions produce the same error, -the preferred approach is to create separate list entries -(with duplicate error names) for each of the conditions. -This makes the separate conditions clear, may make the list easier to read, -and allows metainformation -(e.g., kernel version number where the condition first became applicable) -to be more easily marked for each condition. -.IP -.IR "The error list should be in alphabetical order" . -.TP -.B ENVIRONMENT -A list of all environment variables that affect the program or function -and how they affect it. -.TP -.B FILES -A list of the files the program or function uses, such as -configuration files, startup files, -and files the program directly operates on. -.IP -Give the full pathname of these files, and use the installation -process to modify the directory part to match user preferences. -For many programs, the default installation location is in -.IR /usr/local , -so your base manual page should use -.I /usr/local -as the base. -.\" May 07: Almost no current man pages have a DIAGNOSTICS section; -.\" "RETURN VALUE" or "EXIT STATUS" is preferred. -.\" .TP -.\" .B DIAGNOSTICS -.\" gives an overview of the most common error messages and how to -.\" cope with them. -.\" You don't need to explain system error messages -.\" or fatal signals that can appear during execution of any program -.\" unless they're special in some way to the program. -.\" -.\" May 07: Almost no current man pages have a SECURITY section. -.\".TP -.\".B SECURITY -.\"discusses security issues and implications. -.\"Warn about configurations or environments that should be avoided, -.\"commands that may have security implications, and so on, especially -.\"if they aren't obvious. -.\"Discussing security in a separate section isn't necessary; -.\"if it's easier to understand, place security information in the -.\"other sections (such as the -.\" .B DESCRIPTION -.\" or -.\" .B USAGE -.\" section). -.\" However, please include security information somewhere! -.TP -.B ATTRIBUTES -A summary of various attributes of the function(s) documented on this page. -See -.BR attributes (7) -for further details. -.TP -.B VERSIONS -A summary of systems where the API performs differently, -or where there's a similar API. -.TP -.B STANDARDS -A description of any standards or conventions that relate to the function -or command described by the manual page. -.IP -The preferred terms to use for the various standards are listed as -headings in -.BR standards (7). -.IP -This section should note the current standards to which the API conforms to. -.IP -If the API is not governed by any standards but commonly -exists on other systems, note them. -If the call is Linux-specific or GNU-specific, note this. -If it's available in the BSDs, note that. -.IP -If this section consists of just a list of standards -(which it commonly does), -terminate the list with a period (\[aq].\[aq]). -.TP -.B HISTORY -A brief summary of the Linux kernel or glibc versions where a -system call or library function appeared, -or changed significantly in its operation. -.IP -As a general rule, every new interface should -include a HISTORY section in its manual page. -Unfortunately, -many existing manual pages don't include this information -(since there was no policy to do so when they were written). -Patches to remedy this are welcome, -but, from the perspective of programmers writing new code, -this information probably matters only in the case of kernel -interfaces that have been added in Linux 2.4 or later -(i.e., changes since Linux 2.2), -and library functions that have been added to glibc since glibc 2.1 -(i.e., changes since glibc 2.0). -.IP -The -.BR syscalls (2) -manual page also provides information about kernel versions -in which various system calls first appeared. -.P -Old versions of standards should be mentioned here, -rather than in STANDARDS, -for example, -SUS, SUSv2, and XPG, or the SVr4 and 4.xBSD implementation standards. -.TP -.B NOTES -Miscellaneous notes. -.IP -For Section 2 and 3 man pages you may find it useful to include -subsections (\fBSS\fP) named \fILinux Notes\fP and \fIglibc Notes\fP. -.IP -In Section 2, use the heading -.I "C library/kernel differences" -to mark off notes that describe the differences (if any) between -the C library wrapper function for a system call and -the raw system call interface provided by the kernel. -.TP -.B CAVEATS -Warnings about typical user misuse of an API, -that don't constitute an API bug or design defect. -.TP -.B BUGS -A list of limitations, known defects or inconveniences, -and other questionable activities. -.TP -.B EXAMPLES -One or more examples demonstrating how this function, file, or -command is used. -.IP -For details on writing example programs, -see \fIExample programs\fP below. -.TP -.B AUTHORS -A list of authors of the documentation or program. -.IP -\fBUse of an AUTHORS section is strongly discouraged\fP. -Generally, it is better not to clutter every page with a list -of (over time potentially numerous) authors; -if you write or significantly amend a page, -add a copyright notice as a comment in the source file. -If you are the author of a device driver and want to include -an address for reporting bugs, place this under the BUGS section. -.TP -.B REPORTING BUGS -The -.I man-pages -project doesn't use a REPORTING BUGS section in manual pages. -Information on reporting bugs is instead supplied in the -script-generated COLOPHON section. -However, various projects do use a REPORTING BUGS section. -It is recommended to place it near the foot of the page. -.TP -.B COPYRIGHT -The -.I man-pages -project doesn't use a COPYRIGHT section in manual pages. -Copyright information is instead maintained in the page source. -In pages where this section is present, -it is recommended to place it near the foot of the page, just above SEE ALSO. -.TP -.B SEE ALSO -A comma-separated list of related man pages, possibly followed by -other related pages or documents. -.IP -The list should be ordered by section number and -then alphabetically by name. -Do not terminate this list with a period. -.IP -Where the SEE ALSO list contains many long manual page names, -to improve the visual result of the output, it may be useful to employ the -.I .ad l -(don't right justify) -and -.I .nh -(don't hyphenate) -directives. -Hyphenation of individual page names can be prevented -by preceding words with the string "\e%". -.IP -Given the distributed, autonomous nature of FOSS projects -and their documentation, it is sometimes necessary\[em]and in many cases -desirable\[em]that the SEE ALSO section includes references to -manual pages provided by other projects. -.SH FORMATTING AND WORDING CONVENTIONS -The following subsections note some details for preferred formatting and -wording conventions in various sections of the pages in the -.I man-pages -project. -.SS SYNOPSIS -Wrap the function prototype(s) in a -.IR .nf / .fi -pair to prevent filling. -.P -In general, where more than one function prototype is shown in the SYNOPSIS, -the prototypes should -.I not -be separated by blank lines. -However, blank lines (achieved using -.IR .P ) -may be added in the following cases: -.IP \[bu] 3 -to separate long lists of function prototypes into related groups -(see for example -.BR list (3)); -.IP \[bu] -in other cases that may improve readability. -.P -In the SYNOPSIS, a long function prototype may need to be -continued over to the next line. -The continuation line is indented according to the following rules: -.IP (1) 5 -If there is a single such prototype that needs to be continued, -then align the continuation line so that when the page is -rendered on a fixed-width font device (e.g., on an xterm) the -continuation line starts just below the start of the argument -list in the line above. -(Exception: the indentation may be -adjusted if necessary to prevent a very long continuation line -or a further continuation line where the function prototype is -very long.) -As an example: -.IP -.in +4n -.nf -.BI "int tcsetattr(int " fd ", int " optional_actions , -.BI " const struct termios *" termios_p ); -.fi -.in -.IP (2) -But, where multiple functions in the SYNOPSIS require -continuation lines, and the function names have different -lengths, then align all continuation lines to start in the -same column. -This provides a nicer rendering in PDF output -(because the SYNOPSIS uses a variable width font where -spaces render narrower than most characters). -As an example: -.IP -.in +4n -.nf -.BI "int getopt(int " argc ", char * const " argv[] , -.BI " const char *" optstring ); -.BI "int getopt_long(int " argc ", char * const " argv[] , -.BI " const char *" optstring , -.BI " const struct option *" longopts ", int *" longindex ); -.fi -.in -.SS RETURN VALUE -The preferred wording to describe how -.I errno -is set is -.RI \[dq] errno -is set to indicate the error" -or similar. -.\" Before man-pages 5.11, many different wordings were used, which -.\" was confusing, and potentially made scripted edits more difficult. -This wording is consistent with the wording used in both POSIX.1 and FreeBSD. -.SS ATTRIBUTES -.\" See man-pages commit c466875ecd64ed3d3cd3e578406851b7dfb397bf -Note the following: -.IP \[bu] 3 -Wrap the table in this section in a -.IR ".ad\ l" / .ad -pair to disable text filling and a -.IR .nh / .hy -pair to disable hyphenation. -.IP \[bu] -Ensure that the table occupies the full page width through the use of an -.I lbx -description for one of the columns -(usually the first column, -though in some cases the last column if it contains a lot of text). -.IP \[bu] -Make free use of -.IR T{ / T} -macro pairs to allow table cells to be broken over multiple lines -(also bearing in mind that pages may sometimes be rendered to a -width of less than 80 columns). -.P -For examples of all of the above, see the source code of various pages. -.SH STYLE GUIDE -The following subsections describe the preferred style for the -.I man-pages -project. -For details not covered below, the Chicago Manual of Style -is usually a good source; -try also grepping for preexisting usage in the project source tree. -.SS Use of gender-neutral language -As far as possible, use gender-neutral language in the text of man -pages. -Use of "they" ("them", "themself", "their") as a gender-neutral singular -pronoun is acceptable. -.\" -.SS Formatting conventions for manual pages describing commands -For manual pages that describe a command (typically in Sections 1 and 8), -the arguments are always specified using italics, -.IR "even in the SYNOPSIS section" . -.P -The name of the command, and its options, should -always be formatted in bold. -.\" -.SS Formatting conventions for manual pages describing functions -For manual pages that describe functions (typically in Sections 2 and 3), -the arguments are always specified using italics, -.IR "even in the SYNOPSIS section" , -where the rest of the function is specified in bold: -.P -.BI " int myfunction(int " argc ", char **" argv ); -.P -Variable names should, like argument names, be specified in italics. -.P -Any reference to the subject of the current manual page -should be written with the name in bold followed by -a pair of parentheses in Roman (normal) font. -For example, in the -.BR fcntl (2) -man page, references to the subject of the page would be written as: -.BR fcntl (). -The preferred way to write this in the source file is: -.P -.EX - .BR fcntl () -.EE -.P -(Using this format, rather than the use of "\efB...\efP()" -makes it easier to write tools that parse man page source files.) -.\" -.SS Use semantic newlines -In the source of a manual page, -new sentences should be started on new lines, -long sentences should be split into lines at clause breaks -(commas, semicolons, colons, and so on), -and long clauses should be split at phrase boundaries. -This convention, sometimes known as "semantic newlines", -makes it easier to see the effect of patches, -which often operate at the level of -individual sentences, clauses, or phrases. -.\" -.SS Lists -There are different kinds of lists: -.TP -Tagged paragraphs -These are used for a list of tags and their descriptions. -When the tags are constants (either macros or numbers) -they are in bold. -Use the -.B .TP -macro. -.IP -An example is this "Tagged paragraphs" subsection is itself. -.TP -Ordered lists -Elements are preceded by a number in parentheses (1), (2). -These represent a set of steps that have an order. -.IP -When there are substeps, -they will be numbered like (4.2). -.TP -Positional lists -Elements are preceded by a number (index) in square brackets [4], [5]. -These represent fields in a set. -The first index will be: -.RS -.TP -.B 0 -When it represents fields of a C data structure, -to be consistent with arrays. -.PD 0 -.TP -.B 1 -When it represents fields of a file, -to be consistent with tools like -.BR cut (1). -.PD -.RE -.TP -Alternatives list -Elements are preceded by a letter in parentheses (a), (b). -These represent a set of (normally) exclusive alternatives. -.TP -Bullet lists -Elements are preceded by bullet symbols -.RB ( \e[bu] ). -Anything that doesn't fit elsewhere is -usually covered by this type of list. -.TP -Numbered notes -Not really a list, -but the syntax is identical to "positional lists". -.P -There should always be exactly -2 spaces between the list symbol and the elements. -This doesn't apply to "tagged paragraphs", -which use the default indentation rules. -.\" -.SS Formatting conventions (general) -Paragraphs should be separated by suitable markers (usually either -.I .P -or -.IR .IP ). -Do -.I not -separate paragraphs using blank lines, as this results in poor rendering -in some output formats (such as PostScript and PDF). -.P -Filenames (whether pathnames, or references to header files) -are always in italics (e.g., -.IR ), -except in the SYNOPSIS section, where included files are in bold (e.g., -.BR "#include " ). -When referring to a standard header file include, -specify the header file surrounded by angle brackets, -in the usual C way (e.g., -.IR ). -.P -Special macros, which are usually in uppercase, are in bold (e.g., -.BR MAXINT ). -Exception: don't boldface NULL. -.P -When enumerating a list of error codes, the codes are in bold (this list -usually uses the -.B \&.TP -macro). -.P -Complete commands should, if long, -be written as an indented line on their own, -with a blank line before and after the command, for example -.P -.in +4n -.EX -man 7 man\-pages -.EE -.in -.P -If the command is short, then it can be included inline in the text, -in italic format, for example, -.IR "man 7 man-pages" . -In this case, it may be worth using nonbreaking spaces -(\e[ti]) at suitable places in the command. -Command options should be written in italics (e.g., -.IR \-l ). -.P -Expressions, if not written on a separate indented line, should -be specified in italics. -Again, the use of nonbreaking spaces may be appropriate -if the expression is inlined with normal text. -.P -When showing example shell sessions, -user input should be formatted in bold, -for example -.P -.in +4n -.EX -$ \fBdate\fP -Thu Jul 7 13:01:27 CEST 2016 -.EE -.in -.P -Any reference to another man page -should be written with the name in bold, -.I always -followed by the section number, -formatted in Roman (normal) font, without any -separating spaces (e.g., -.BR intro (2)). -The preferred way to write this in the source file is: -.P -.EX - .BR intro (2) -.EE -.P -(Including the section number in cross references lets tools like -.BR man2html (1) -create properly hyperlinked pages.) -.P -Control characters should be written in bold face, -with no quotes; for example, -.BR \[ha]X . -.SS Spelling -Starting with release 2.59, -.I man-pages -follows American spelling conventions -(previously, there was a random mix of British and American spellings); -please write all new pages and patches according to these conventions. -.P -Aside from the well-known spelling differences, -there are a few other subtleties to watch for: -.IP \[bu] 3 -American English tends to use the forms "backward", "upward", "toward", -and so on -rather than the British forms "backwards", "upwards", "towards", and so on. -.IP \[bu] -Opinions are divided on "acknowledgement" vs "acknowledgment". -The latter is predominant, but not universal usage in American English. -POSIX and the BSD license use the former spelling. -In the Linux man-pages project, we use "acknowledgement". -.SS BSD version numbers -The classical scheme for writing BSD version numbers is -.IR x.yBSD , -where -.I x.y -is the version number (e.g., 4.2BSD). -Avoid forms such as -.IR "BSD 4.3" . -.SS Capitalization -In subsection ("SS") headings, -capitalize the first word in the heading, but otherwise use lowercase, -except where English usage (e.g., proper nouns) or programming -language requirements (e.g., identifier names) dictate otherwise. -For example: -.P -.in +4n -.EX -\&.SS Unicode under Linux -.EE -.in -.\" -.SS Indentation of structure definitions, shell session logs, and so on -When structure definitions, shell session logs, and so on are included -in running text, indent them by 4 spaces (i.e., a block enclosed by -.I ".in\ +4n" -and -.IR ".in" ), -format them using the -.I .EX -and -.I .EE -macros, and surround them with suitable paragraph markers (either -.I .P -or -.IR .IP ). -For example: -.P -.in +4n -.EX -\&.P -\&.in +4n -\&.EX -int -main(int argc, char *argv[]) -{ - return 0; -} -\&.EE -\&.in -\&.P -.EE -.in -.SS Preferred terms -The following table lists some preferred terms to use in man pages, -mainly to ensure consistency across pages. -.ad l -.TS -l l l ---- -l l ll. -Term Avoid using Notes - -bit mask bitmask -built-in builtin -Epoch epoch T{ -For the UNIX Epoch (00:00:00, 1 Jan 1970 UTC) -T} -filename file name -filesystem file system -hostname host name -inode i-node -lowercase lower case, lower-case -nonzero non-zero -pathname path name -pseudoterminal pseudo-terminal -privileged port T{ -reserved port, -system port -T} -real-time T{ -realtime, -real time -T} -run time runtime -saved set-group-ID T{ -saved group ID, -saved set-GID -T} -saved set-user-ID T{ -saved user ID, -saved set-UID -T} -set-group-ID set-GID, setgid -set-user-ID set-UID, setuid -superuser T{ -super user, -super-user -T} -superblock T{ -super block, -super-block -T} -symbolic link symlink -timestamp time stamp -timezone time zone -uppercase upper case, upper-case -usable useable -user space userspace -username user name -x86-64 x86_64 T{ -Except if referring to result of "uname\ \-m" or similar -T} -zeros zeroes -.TE -.P -See also the discussion -.I Hyphenation of attributive compounds -below. -.SS Terms to avoid -The following table lists some terms to avoid using in man pages, -along with some suggested alternatives, -mainly to ensure consistency across pages. -.ad l -.TS -l l l ---- -l l l. -Avoid Use instead Notes - -32bit 32-bit T{ -same for 8-bit, 16-bit, etc. -T} -current process calling process T{ -A common mistake made by kernel programmers when writing man pages -T} -manpage T{ -man page, manual page -T} -minus infinity negative infinity -non-root unprivileged user -non-superuser unprivileged user -nonprivileged unprivileged -OS operating system -plus infinity positive infinity -pty pseudoterminal -tty terminal -Unices UNIX systems -Unixes UNIX systems -.TE -.ad -.\" -.SS Trademarks -Use the correct spelling and case for trademarks. -The following is a list of the correct spellings of various -relevant trademarks that are sometimes misspelled: -.IP -.TS -l. -DG/UX -HP-UX -UNIX -UnixWare -.TE -.SS NULL, NUL, null pointer, and null byte -A -.I null pointer -is a pointer that points to nothing, -and is normally indicated by the constant -.IR NULL . -On the other hand, -.I NUL -is the -.IR "null byte" , -a byte with the value 0, represented in C via the character constant -.IR \[aq]\e0\[aq] . -.P -The preferred term for the pointer is "null pointer" or simply "NULL"; -avoid writing "NULL pointer". -.P -The preferred term for the byte is "null byte". -Avoid writing "NUL", since it is too easily confused with "NULL". -Avoid also the terms "zero byte" and "null character". -The byte that terminates a C string should be described -as "the terminating null byte"; -strings may be described as "null-terminated", -but avoid the use of "NUL-terminated". -.SS Hyperlinks -For hyperlinks, use the -.IR .UR / .UE -macro pair -(see -.BR groff_man (7)). -This produces proper hyperlinks that can be used in a web browser, -when rendering a page with, say: -.P -.in +4n -.EX -BROWSER=firefox man -H pagename -.EE -.in -.SS Use of e.g., i.e., etc., a.k.a., and similar -In general, the use of abbreviations such as "e.g.", "i.e.", "etc.", -"cf.", and "a.k.a." should be avoided, -in favor of suitable full wordings -("for example", "that is", "and so on", "compare to", "also known as"). -.P -The only place where such abbreviations may be acceptable is in -.I short -parenthetical asides (e.g., like this one). -.P -Always include periods in such abbreviations, as shown here. -In addition, "e.g." and "i.e." should always be followed by a comma. -.SS Em-dashes -The way to write an em-dash\[em]the glyph that appears -at either end of this subphrase\[em]in *roff is with the macro "\e[em]". -(On an ASCII terminal, an em-dash typically renders as two hyphens, -but in other typographical contexts it renders as a long dash.) -Em-dashes should be written -.I without -surrounding spaces. -.SS Hyphenation of attributive compounds -Compound terms should be hyphenated when used attributively -(i.e., to qualify a following noun). Some examples: -.IP -.TS -l. -32-bit value -command-line argument -floating-point number -run-time check -user-space function -wide-character string -.TE -.SS Hyphenation with multi, non, pre, re, sub, and so on -The general tendency in modern English is not to hyphenate -after prefixes such as "multi", "non", "pre", "re", "sub", and so on. -Manual pages should generally follow this rule when these prefixes are -used in natural English constructions with simple suffixes. -The following list gives some examples of the preferred forms: -.IP -.TS -l. -interprocess -multithreaded -multiprocess -nonblocking -nondefault -nonempty -noninteractive -nonnegative -nonportable -nonzero -preallocated -precreate -prerecorded -reestablished -reinitialize -rearm -reread -subcomponent -subdirectory -subsystem -.TE -.P -Hyphens should be retained when the prefixes are used in nonstandard -English words, with trademarks, proper nouns, acronyms, or compound terms. -Some examples: -.IP -.TS -l. -non-ASCII -non-English -non-NULL -non-real-time -.TE -.P -Finally, note that "re-create" and "recreate" are two different verbs, -and the former is probably what you want. -.\" -.SS Generating optimal glyphs -Where a real minus character is required (e.g., for numbers such as \-1, -for man page cross references such as -.BR utf\-8 (7), -or when writing options that have a leading dash, such as in -.IR "ls\ \-l"), -use the following form in the man page source: -.P -.in +4n -.EX -\e\- -.EE -.in -.P -This guideline applies also to code examples. -.P -The use of real minus signs serves the following purposes: -.\" https://lore.kernel.org/linux-man/20210121061158.5ul7226fgbrmodbt@localhost.localdomain/ -.IP \[bu] 3 -To provide better renderings on various targets other than -ASCII terminals, -notably in PDF and on Unicode/UTF\-8-capable terminals. -.IP \[bu] -To generate glyphs that when copied from rendered pages will -produce real minus signs when pasted into a terminal. -.P -To produce unslanted single quotes that render well in ASCII, UTF-8, and PDF, -use "\e[aq]" ("apostrophe quote"); for example -.P -.in +4n -.EX -\e[aq]C\e[aq] -.EE -.in -.P -where -.I C -is the quoted character. -This guideline applies also to character constants used in code examples. -.P -Where a proper caret (\[ha]) that renders well in both a terminal and PDF -is required, use "\\[ha]". -This is especially necessary in code samples, -to get a nicely rendered caret when rendering to PDF. -.P -Using a naked "\[ti]" character results in a poor rendering in PDF. -Instead use "\\[ti]". -This is especially necessary in code samples, -to get a nicely rendered tilde when rendering to PDF. -.\" -.SS Example programs and shell sessions -Manual pages may include example programs demonstrating how to -use a system call or library function. -However, note the following: -.IP \[bu] 3 -Example programs should be written in C. -.IP \[bu] -An example program is necessary and useful only if it demonstrates -something beyond what can easily be provided in a textual -description of the interface. -An example program that does nothing -other than call an interface usually serves little purpose. -.IP \[bu] -Example programs should ideally be short -(e.g., a good example can often be provided in less than 100 lines of code), -though in some cases longer programs may be necessary -to properly illustrate the use of an API. -.IP \[bu] -Expressive code is appreciated. -.IP \[bu] -Comments should included where helpful. -Complete sentences in free-standing comments should be -terminated by a period. -Periods should generally be omitted in "tag" comments -(i.e., comments that are placed on the same line of code); -such comments are in any case typically brief phrases -rather than complete sentences. -.IP \[bu] -Example programs should do error checking after system calls and -library function calls. -.IP \[bu] -Example programs should be complete, and compile without -warnings when compiled with \fIcc\ \-Wall\fP. -.IP \[bu] -Where possible and appropriate, example programs should allow -experimentation, by varying their behavior based on inputs -(ideally from command-line arguments, or alternatively, via -input read by the program). -.IP \[bu] -Example programs should be laid out according to Kernighan and -Ritchie style, with 4-space indents. -(Avoid the use of TAB characters in source code!) -The following command can be used to format your source code to -something close to the preferred style: -.IP -.in +4n -.EX -indent \-npro \-kr \-i4 \-ts4 \-sob \-l72 \-ss \-nut \-psl prog.c -.EE -.in -.IP \[bu] -For consistency, all example programs should terminate using either of: -.IP -.in +4n -.EX -exit(EXIT_SUCCESS); -exit(EXIT_FAILURE); -.EE -.in -.IP -Avoid using the following forms to terminate a program: -.IP -.in +4n -.EX -exit(0); -exit(1); -return n; -.EE -.in -.IP \[bu] -If there is extensive explanatory text before the -program source code, mark off the source code -with a subsection heading -.IR "Program source" , -as in: -.IP -.in +4n -.EX -\&.SS Program source -.EE -.in -.IP -Always do this if the explanatory text includes a shell session log. -.P -If you include a shell session log demonstrating the use of a program -or other system feature: -.IP \[bu] 3 -Place the session log above the source code listing. -.IP \[bu] -Indent the session log by four spaces. -.IP \[bu] -Boldface the user input text, -to distinguish it from output produced by the system. -.P -For some examples of what example programs should look like, see -.BR wait (2) -and -.BR pipe (2). -.SH EXAMPLES -For canonical examples of how man pages in the -.I man-pages -package should look, see -.BR pipe (2) -and -.BR fcntl (2). -.SH SEE ALSO -.BR man (1), -.BR man2html (1), -.BR attributes (7), -.BR groff (7), -.BR groff_man (7), -.BR man (7), -.BR mdoc (7) diff --git a/man7/man.7 b/man7/man.7 deleted file mode 100644 index f460f4a..0000000 --- a/man7/man.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/groff_man.7 diff --git a/man7/math_error.7 b/man7/math_error.7 deleted file mode 100644 index 6fdff9a..0000000 --- a/man7/math_error.7 +++ /dev/null @@ -1,246 +0,0 @@ -.\" Copyright (c) 2008, Linux Foundation, written by Michael Kerrisk -.\" -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH math_error 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -math_error \- detecting errors from mathematical functions -.SH SYNOPSIS -.nf -.B #include -.B #include -.B #include -.fi -.SH DESCRIPTION -When an error occurs, -most library functions indicate this fact by returning a special value -(e.g., \-1 or NULL). -Because they typically return a floating-point number, -the mathematical functions declared in -.I -indicate an error using other mechanisms. -There are two error-reporting mechanisms: -the older one sets -.IR errno ; -the newer one uses the floating-point exception mechanism (the use of -.BR feclearexcept (3) -and -.BR fetestexcept (3), -as outlined below) -described in -.BR fenv (3). -.P -A portable program that needs to check for an error from a mathematical -function should set -.I errno -to zero, and make the following call -.P -.in +4n -.EX -feclearexcept(FE_ALL_EXCEPT); -.EE -.in -.P -before calling a mathematical function. -.P -Upon return from the mathematical function, if -.I errno -is nonzero, or the following call (see -.BR fenv (3)) -returns nonzero -.P -.in +4n -.EX -fetestexcept(FE_INVALID | FE_DIVBYZERO | FE_OVERFLOW | - FE_UNDERFLOW); -.EE -.in -.P -.\" enum -.\" { -.\" FE_INVALID = 0x01, -.\" __FE_DENORM = 0x02, -.\" FE_DIVBYZERO = 0x04, -.\" FE_OVERFLOW = 0x08, -.\" FE_UNDERFLOW = 0x10, -.\" FE_INEXACT = 0x20 -.\" }; -then an error occurred in the mathematical function. -.P -The error conditions that can occur for mathematical functions -are described below. -.SS Domain error -A -.I domain error -occurs when a mathematical function is supplied with an argument whose -value falls outside the domain for which the function -is defined (e.g., giving a negative argument to -.BR log (3)). -When a domain error occurs, -math functions commonly return a NaN -(though some functions return a different value in this case); -.I errno -is set to -.BR EDOM , -and an "invalid" -.RB ( FE_INVALID ) -floating-point exception is raised. -.SS Pole error -A -.I pole error -occurs when the mathematical result of a function is an exact infinity -(e.g., the logarithm of 0 is negative infinity). -When a pole error occurs, -the function returns the (signed) value -.BR HUGE_VAL , -.BR HUGE_VALF , -or -.BR HUGE_VALL , -depending on whether the function result type is -.IR double , -.IR float , -or -.IR "long double" . -The sign of the result is that which is mathematically correct for -the function. -.I errno -is set to -.BR ERANGE , -and a "divide-by-zero" -.RB ( FE_DIVBYZERO ) -floating-point exception is raised. -.SS Range error -A -.I range error -occurs when the magnitude of the function result means that it -cannot be represented in the result type of the function. -The return value of the function depends on whether the range error -was an overflow or an underflow. -.P -A floating result -.I overflows -if the result is finite, -but is too large to represented in the result type. -When an overflow occurs, -the function returns the value -.BR HUGE_VAL , -.BR HUGE_VALF , -or -.BR HUGE_VALL , -depending on whether the function result type is -.IR double , -.IR float , -or -.IR "long double" . -.I errno -is set to -.BR ERANGE , -and an "overflow" -.RB ( FE_OVERFLOW ) -floating-point exception is raised. -.P -A floating result -.I underflows -if the result is too small to be represented in the result type. -If an underflow occurs, -a mathematical function typically returns 0.0 -(C99 says a function shall return "an implementation-defined value -whose magnitude is no greater than the smallest normalized -positive number in the specified type"). -.I errno -may be set to -.BR ERANGE , -and an "underflow" -.RB ( FE_UNDERFLOW ) -floating-point exception may be raised. -.P -Some functions deliver a range error if the supplied argument value, -or the correct function result, would be -.IR subnormal . -A subnormal value is one that is nonzero, -but with a magnitude that is so small that -it can't be presented in normalized form -(i.e., with a 1 in the most significant bit of the significand). -The representation of a subnormal number will contain one -or more leading zeros in the significand. -.SH NOTES -The -.I math_errhandling -identifier specified by C99 and POSIX.1 is not supported by glibc. -.\" See CONFORMANCE in the glibc 2.8 (and earlier) source. -This identifier is supposed to indicate which of the two -error-notification mechanisms -.RI ( errno , -exceptions retrievable via -.BR fetestexcept (3)) -is in use. -The standards require that at least one be in use, -but permit both to be available. -The current (glibc 2.8) situation under glibc is messy. -Most (but not all) functions raise exceptions on errors. -Some also set -.IR errno . -A few functions set -.IR errno , -but don't raise an exception. -A very few functions do neither. -See the individual manual pages for details. -.P -To avoid the complexities of using -.I errno -and -.BR fetestexcept (3) -for error checking, -it is often advised that one should instead check for bad argument -values before each call. -.\" http://www.securecoding.cert.org/confluence/display/seccode/FLP32-C.+Prevent+or+detect+domain+and+range+errors+in+math+functions -For example, the following code ensures that -.BR log (3)'s -argument is not a NaN and is not zero (a pole error) or -less than zero (a domain error): -.P -.in +4n -.EX -double x, r; -\& -if (isnan(x) || islessequal(x, 0)) { - /* Deal with NaN / pole error / domain error */ -} -\& -r = log(x); -.EE -.in -.P -The discussion on this page does not apply to the complex -mathematical functions (i.e., those declared by -.IR ), -which in general are not required to return errors by C99 -and POSIX.1. -.P -The -.BR gcc (1) -.I "\-fno\-math\-errno" -option causes the executable to employ implementations of some -mathematical functions that are faster than the standard -implementations, but do not set -.I errno -on error. -(The -.BR gcc (1) -.I "\-ffast\-math" -option also enables -.IR "\-fno\-math\-errno" .) -An error can still be tested for using -.BR fetestexcept (3). -.SH SEE ALSO -.BR gcc (1), -.BR errno (3), -.BR fenv (3), -.BR fpclassify (3), -.BR INFINITY (3), -.BR isgreater (3), -.BR matherr (3), -.BR nan (3) -.P -.I "info libc" diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7 deleted file mode 100644 index 475b44d..0000000 --- a/man7/mount_namespaces.7 +++ /dev/null @@ -1,1371 +0,0 @@ -'\" t -.\" Copyright (c) 2016, 2019, 2021 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH mount_namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -mount_namespaces \- overview of Linux mount namespaces -.SH DESCRIPTION -For an overview of namespaces, see -.BR namespaces (7). -.P -Mount namespaces provide isolation of the list of mounts seen -by the processes in each namespace instance. -Thus, the processes in each of the mount namespace instances -will see distinct single-directory hierarchies. -.P -The views provided by the -.IR /proc/ pid /mounts , -.IR /proc/ pid /mountinfo , -and -.IR /proc/ pid /mountstats -files (all described in -.BR proc (5)) -correspond to the mount namespace in which the process with the PID -.I pid -resides. -(All of the processes that reside in the same mount namespace -will see the same view in these files.) -.P -A new mount namespace is created using either -.BR clone (2) -or -.BR unshare (2) -with the -.B CLONE_NEWNS -flag. -When a new mount namespace is created, -its mount list is initialized as follows: -.IP \[bu] 3 -If the namespace is created using -.BR clone (2), -the mount list of the child's namespace is a copy -of the mount list in the parent process's mount namespace. -.IP \[bu] -If the namespace is created using -.BR unshare (2), -the mount list of the new namespace is a copy of -the mount list in the caller's previous mount namespace. -.P -Subsequent modifications to the mount list -.RB ( mount (2) -and -.BR umount (2)) -in either mount namespace will not (by default) affect the -mount list seen in the other namespace -(but see the following discussion of shared subtrees). -.\" -.SH SHARED SUBTREES -After the implementation of mount namespaces was completed, -experience showed that the isolation that they provided was, -in some cases, too great. -For example, in order to make a newly loaded optical disk -available in all mount namespaces, -a mount operation was required in each namespace. -For this use case, and others, -the shared subtree feature was introduced in Linux 2.6.15. -This feature allows for automatic, controlled propagation of -.BR mount (2) -and -.BR umount (2) -.I events -between namespaces -(or, more precisely, between the mounts that are members of a -.I peer group -that are propagating events to one another). -.P -Each mount is marked (via -.BR mount (2)) -as having one of the following -.IR "propagation types" : -.TP -.B MS_SHARED -This mount shares events with members of a peer group. -.BR mount (2) -and -.BR umount (2) -events immediately under this mount will propagate -to the other mounts that are members of the peer group. -.I Propagation -here means that the same -.BR mount (2) -or -.BR umount (2) -will automatically occur -under all of the other mounts in the peer group. -Conversely, -.BR mount (2) -and -.BR umount (2) -events that take place under -peer mounts will propagate to this mount. -.TP -.B MS_PRIVATE -This mount is private; it does not have a peer group. -.BR mount (2) -and -.BR umount (2) -events do not propagate into or out of this mount. -.TP -.B MS_SLAVE -.BR mount (2) -and -.BR umount (2) -events propagate into this mount from -a (master) shared peer group. -.BR mount (2) -and -.BR umount (2) -events under this mount do not propagate to any peer. -.IP -Note that a mount can be the slave of another peer group -while at the same time sharing -.BR mount (2) -and -.BR umount (2) -events -with a peer group of which it is a member. -(More precisely, one peer group can be the slave of another peer group.) -.TP -.B MS_UNBINDABLE -This is like a private mount, -and in addition this mount can't be bind mounted. -Attempts to bind mount this mount -.RB ( mount (2) -with the -.B MS_BIND -flag) will fail. -.IP -When a recursive bind mount -.RB ( mount (2) -with the -.B MS_BIND -and -.B MS_REC -flags) is performed on a directory subtree, -any bind mounts within the subtree are automatically pruned -(i.e., not replicated) -when replicating that subtree to produce the target subtree. -.P -For a discussion of the propagation type assigned to a new mount, -see NOTES. -.P -The propagation type is a per-mount-point setting; -some mounts may be marked as shared -(with each shared mount being a member of a distinct peer group), -while others are private -(or slaved or unbindable). -.P -Note that a mount's propagation type determines whether -.BR mount (2) -and -.BR umount (2) -of mounts -.I immediately under -the mount are propagated. -Thus, the propagation type does not affect propagation of events for -grandchildren and further removed descendant mounts. -What happens if the mount itself is unmounted is determined by -the propagation type that is in effect for the -.I parent -of the mount. -.P -Members are added to a -.I peer group -when a mount is marked as shared and either: -.IP (a) 5 -the mount is replicated during the creation of a new mount namespace; or -.IP (b) -a new bind mount is created from the mount. -.P -In both of these cases, the new mount joins the peer group -of which the existing mount is a member. -.P -A new peer group is also created when a child mount is created under -an existing mount that is marked as shared. -In this case, the new child mount is also marked as shared and -the resulting peer group consists of all the mounts -that are replicated under the peers of parent mounts. -.P -A mount ceases to be a member of a peer group when either -the mount is explicitly unmounted, -or when the mount is implicitly unmounted because a mount namespace is removed -(because it has no more member processes). -.P -The propagation type of the mounts in a mount namespace -can be discovered via the "optional fields" exposed in -.IR /proc/ pid /mountinfo . -(See -.BR proc (5) -for details of this file.) -The following tags can appear in the optional fields -for a record in that file: -.TP -.I shared:X -This mount is shared in peer group -.IR X . -Each peer group has a unique ID that is automatically -generated by the kernel, -and all mounts in the same peer group will show the same ID. -(These IDs are assigned starting from the value 1, -and may be recycled when a peer group ceases to have any members.) -.TP -.I master:X -This mount is a slave to shared peer group -.IR X . -.TP -.IR propagate_from:X " (since Linux 2.6.26)" -.\" commit 97e7e0f71d6d948c25f11f0a33878d9356d9579e -This mount is a slave and receives propagation from shared peer group -.IR X . -This tag will always appear in conjunction with a -.I master:X -tag. -Here, -.I X -is the closest dominant peer group under the process's root directory. -If -.I X -is the immediate master of the mount, -or if there is no dominant peer group under the same root, -then only the -.I master:X -field is present and not the -.I propagate_from:X -field. -For further details, see below. -.TP -.I unbindable -This is an unbindable mount. -.P -If none of the above tags is present, then this is a private mount. -.SS MS_SHARED and MS_PRIVATE example -Suppose that on a terminal in the initial mount namespace, -we mark one mount as shared and another as private, -and then view the mounts in -.IR /proc/self/mountinfo : -.P -.in +4n -.EX -sh1# \fBmount \-\-make\-shared /mntS\fP -sh1# \fBmount \-\-make\-private /mntP\fP -sh1# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -77 61 8:17 / /mntS rw,relatime shared:1 -83 61 8:15 / /mntP rw,relatime -.EE -.in -.P -From the -.I /proc/self/mountinfo -output, we see that -.I /mntS -is a shared mount in peer group 1, and that -.I /mntP -has no optional tags, indicating that it is a private mount. -The first two fields in each record in this file are the unique -ID for this mount, and the mount ID of the parent mount. -We can further inspect this file to see that the parent mount of -.I /mntS -and -.I /mntP -is the root directory, -.IR / , -which is mounted as private: -.P -.in +4n -.EX -sh1# \fBcat /proc/self/mountinfo | awk \[aq]$1 == 61\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -61 0 8:2 / / rw,relatime -.EE -.in -.P -On a second terminal, -we create a new mount namespace where we run a second shell -and inspect the mounts: -.P -.in +4n -.EX -$ \fBPS1=\[aq]sh2# \[aq] sudo unshare \-m \-\-propagation unchanged sh\fP -sh2# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -222 145 8:17 / /mntS rw,relatime shared:1 -225 145 8:15 / /mntP rw,relatime -.EE -.in -.P -The new mount namespace received a copy of the initial mount namespace's -mounts. -These new mounts maintain the same propagation types, -but have unique mount IDs. -(The -.I \-\-propagation\~unchanged -option prevents -.BR unshare (1) -from marking all mounts as private when creating a new mount namespace, -.\" Since util-linux 2.27 -which it does by default.) -.P -In the second terminal, we then create submounts under each of -.I /mntS -and -.I /mntP -and inspect the set-up: -.P -.in +4n -.EX -sh2# \fBmkdir /mntS/a\fP -sh2# \fBmount /dev/sdb6 /mntS/a\fP -sh2# \fBmkdir /mntP/b\fP -sh2# \fBmount /dev/sdb7 /mntP/b\fP -sh2# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -222 145 8:17 / /mntS rw,relatime shared:1 -225 145 8:15 / /mntP rw,relatime -178 222 8:22 / /mntS/a rw,relatime shared:2 -230 225 8:23 / /mntP/b rw,relatime -.EE -.in -.P -From the above, it can be seen that -.I /mntS/a -was created as shared (inheriting this setting from its parent mount) and -.I /mntP/b -was created as a private mount. -.P -Returning to the first terminal and inspecting the set-up, -we see that the new mount created under the shared mount -.I /mntS -propagated to its peer mount (in the initial mount namespace), -but the new mount created under the private mount -.I /mntP -did not propagate: -.P -.in +4n -.EX -sh1# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -77 61 8:17 / /mntS rw,relatime shared:1 -83 61 8:15 / /mntP rw,relatime -179 77 8:22 / /mntS/a rw,relatime shared:2 -.EE -.in -.\" -.SS MS_SLAVE example -Making a mount a slave allows it to receive propagated -.BR mount (2) -and -.BR umount (2) -events from a master shared peer group, -while preventing it from propagating events to that master. -This is useful if we want to (say) receive a mount event when -an optical disk is mounted in the master shared peer group -(in another mount namespace), -but want to prevent -.BR mount (2) -and -.BR umount (2) -events under the slave mount -from having side effects in other namespaces. -.P -We can demonstrate the effect of slaving by first marking -two mounts as shared in the initial mount namespace: -.P -.in +4n -.EX -sh1# \fBmount \-\-make\-shared /mntX\fP -sh1# \fBmount \-\-make\-shared /mntY\fP -sh1# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -132 83 8:23 / /mntX rw,relatime shared:1 -133 83 8:22 / /mntY rw,relatime shared:2 -.EE -.in -.P -On a second terminal, -we create a new mount namespace and inspect the mounts: -.P -.in +4n -.EX -sh2# \fBunshare \-m \-\-propagation unchanged sh\fP -sh2# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -168 167 8:23 / /mntX rw,relatime shared:1 -169 167 8:22 / /mntY rw,relatime shared:2 -.EE -.in -.P -In the new mount namespace, we then mark one of the mounts as a slave: -.P -.in +4n -.EX -sh2# \fBmount \-\-make\-slave /mntY\fP -sh2# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -168 167 8:23 / /mntX rw,relatime shared:1 -169 167 8:22 / /mntY rw,relatime master:2 -.EE -.in -.P -From the above output, we see that -.I /mntY -is now a slave mount that is receiving propagation events from -the shared peer group with the ID 2. -.P -Continuing in the new namespace, we create submounts under each of -.I /mntX -and -.IR /mntY : -.P -.in +4n -.EX -sh2# \fBmkdir /mntX/a\fP -sh2# \fBmount /dev/sda3 /mntX/a\fP -sh2# \fBmkdir /mntY/b\fP -sh2# \fBmount /dev/sda5 /mntY/b\fP -.EE -.in -.P -When we inspect the state of the mounts in the new mount namespace, -we see that -.I /mntX/a -was created as a new shared mount -(inheriting the "shared" setting from its parent mount) and -.I /mntY/b -was created as a private mount: -.P -.in +4n -.EX -sh2# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -168 167 8:23 / /mntX rw,relatime shared:1 -169 167 8:22 / /mntY rw,relatime master:2 -173 168 8:3 / /mntX/a rw,relatime shared:3 -175 169 8:5 / /mntY/b rw,relatime -.EE -.in -.P -Returning to the first terminal (in the initial mount namespace), -we see that the mount -.I /mntX/a -propagated to the peer (the shared -.IR /mntX ), -but the mount -.I /mntY/b -was not propagated: -.P -.in +4n -.EX -sh1# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -132 83 8:23 / /mntX rw,relatime shared:1 -133 83 8:22 / /mntY rw,relatime shared:2 -174 132 8:3 / /mntX/a rw,relatime shared:3 -.EE -.in -.P -Now we create a new mount under -.I /mntY -in the first shell: -.P -.in +4n -.EX -sh1# \fBmkdir /mntY/c\fP -sh1# \fBmount /dev/sda1 /mntY/c\fP -sh1# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -132 83 8:23 / /mntX rw,relatime shared:1 -133 83 8:22 / /mntY rw,relatime shared:2 -174 132 8:3 / /mntX/a rw,relatime shared:3 -178 133 8:1 / /mntY/c rw,relatime shared:4 -.EE -.in -.P -When we examine the mounts in the second mount namespace, -we see that in this case the new mount has been propagated -to the slave mount, -and that the new mount is itself a slave mount (to peer group 4): -.P -.in +4n -.EX -sh2# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -168 167 8:23 / /mntX rw,relatime shared:1 -169 167 8:22 / /mntY rw,relatime master:2 -173 168 8:3 / /mntX/a rw,relatime shared:3 -175 169 8:5 / /mntY/b rw,relatime -179 169 8:1 / /mntY/c rw,relatime master:4 -.EE -.in -.\" -.SS MS_UNBINDABLE example -One of the primary purposes of unbindable mounts is to avoid -the "mount explosion" problem when repeatedly performing bind mounts -of a higher-level subtree at a lower-level mount. -The problem is illustrated by the following shell session. -.P -Suppose we have a system with the following mounts: -.P -.in +4n -.EX -# \fBmount | awk \[aq]{print $1, $2, $3}\[aq]\fP -/dev/sda1 on / -/dev/sdb6 on /mntX -/dev/sdb7 on /mntY -.EE -.in -.P -Suppose furthermore that we wish to recursively bind mount -the root directory under several users' home directories. -We do this for the first user, and inspect the mounts: -.P -.in +4n -.EX -# \fBmount \-\-rbind / /home/cecilia/\fP -# \fBmount | awk \[aq]{print $1, $2, $3}\[aq]\fP -/dev/sda1 on / -/dev/sdb6 on /mntX -/dev/sdb7 on /mntY -/dev/sda1 on /home/cecilia -/dev/sdb6 on /home/cecilia/mntX -/dev/sdb7 on /home/cecilia/mntY -.EE -.in -.P -When we repeat this operation for the second user, -we start to see the explosion problem: -.P -.in +4n -.EX -# \fBmount \-\-rbind / /home/henry\fP -# \fBmount | awk \[aq]{print $1, $2, $3}\[aq]\fP -/dev/sda1 on / -/dev/sdb6 on /mntX -/dev/sdb7 on /mntY -/dev/sda1 on /home/cecilia -/dev/sdb6 on /home/cecilia/mntX -/dev/sdb7 on /home/cecilia/mntY -/dev/sda1 on /home/henry -/dev/sdb6 on /home/henry/mntX -/dev/sdb7 on /home/henry/mntY -/dev/sda1 on /home/henry/home/cecilia -/dev/sdb6 on /home/henry/home/cecilia/mntX -/dev/sdb7 on /home/henry/home/cecilia/mntY -.EE -.in -.P -Under -.IR /home/henry , -we have not only recursively added the -.I /mntX -and -.I /mntY -mounts, but also the recursive mounts of those directories under -.I /home/cecilia -that were created in the previous step. -Upon repeating the step for a third user, -it becomes obvious that the explosion is exponential in nature: -.P -.in +4n -.EX -# \fBmount \-\-rbind / /home/otto\fP -# \fBmount | awk \[aq]{print $1, $2, $3}\[aq]\fP -/dev/sda1 on / -/dev/sdb6 on /mntX -/dev/sdb7 on /mntY -/dev/sda1 on /home/cecilia -/dev/sdb6 on /home/cecilia/mntX -/dev/sdb7 on /home/cecilia/mntY -/dev/sda1 on /home/henry -/dev/sdb6 on /home/henry/mntX -/dev/sdb7 on /home/henry/mntY -/dev/sda1 on /home/henry/home/cecilia -/dev/sdb6 on /home/henry/home/cecilia/mntX -/dev/sdb7 on /home/henry/home/cecilia/mntY -/dev/sda1 on /home/otto -/dev/sdb6 on /home/otto/mntX -/dev/sdb7 on /home/otto/mntY -/dev/sda1 on /home/otto/home/cecilia -/dev/sdb6 on /home/otto/home/cecilia/mntX -/dev/sdb7 on /home/otto/home/cecilia/mntY -/dev/sda1 on /home/otto/home/henry -/dev/sdb6 on /home/otto/home/henry/mntX -/dev/sdb7 on /home/otto/home/henry/mntY -/dev/sda1 on /home/otto/home/henry/home/cecilia -/dev/sdb6 on /home/otto/home/henry/home/cecilia/mntX -/dev/sdb7 on /home/otto/home/henry/home/cecilia/mntY -.EE -.in -.P -The mount explosion problem in the above scenario can be avoided -by making each of the new mounts unbindable. -The effect of doing this is that recursive mounts of the root -directory will not replicate the unbindable mounts. -We make such a mount for the first user: -.P -.in +4n -.EX -# \fBmount \-\-rbind \-\-make\-unbindable / /home/cecilia\fP -.EE -.in -.P -Before going further, we show that unbindable mounts are indeed unbindable: -.P -.in +4n -.EX -# \fBmkdir /mntZ\fP -# \fBmount \-\-bind /home/cecilia /mntZ\fP -mount: wrong fs type, bad option, bad superblock on /home/cecilia, - missing codepage or helper program, or other error -\& - In some cases useful info is found in syslog \- try - dmesg | tail or so. -.EE -.in -.P -Now we create unbindable recursive bind mounts for the other two users: -.P -.in +4n -.EX -# \fBmount \-\-rbind \-\-make\-unbindable / /home/henry\fP -# \fBmount \-\-rbind \-\-make\-unbindable / /home/otto\fP -.EE -.in -.P -Upon examining the list of mounts, -we see there has been no explosion of mounts, -because the unbindable mounts were not replicated -under each user's directory: -.P -.in +4n -.EX -# \fBmount | awk \[aq]{print $1, $2, $3}\[aq]\fP -/dev/sda1 on / -/dev/sdb6 on /mntX -/dev/sdb7 on /mntY -/dev/sda1 on /home/cecilia -/dev/sdb6 on /home/cecilia/mntX -/dev/sdb7 on /home/cecilia/mntY -/dev/sda1 on /home/henry -/dev/sdb6 on /home/henry/mntX -/dev/sdb7 on /home/henry/mntY -/dev/sda1 on /home/otto -/dev/sdb6 on /home/otto/mntX -/dev/sdb7 on /home/otto/mntY -.EE -.in -.\" -.SS Propagation type transitions -The following table shows the effect that applying a new propagation type -(i.e., -.IR mount\~\-\-make\-xxxx ) -has on the existing propagation type of a mount. -The rows correspond to existing propagation types, -and the columns are the new propagation settings. -For reasons of space, "private" is abbreviated as "priv" and -"unbindable" as "unbind". -.TS -lb2 lb2 lb2 lb2 lb1 -lb | l l l l l. - make-shared make-slave make-priv make-unbind -_ -shared shared slave/priv [1] priv unbind -slave slave+shared slave [2] priv unbind -slave+shared slave+shared slave priv unbind -private shared priv [2] priv unbind -unbindable shared unbind [2] priv unbind -.TE -.P -Note the following details to the table: -.IP [1] 5 -If a shared mount is the only mount in its peer group, -making it a slave automatically makes it private. -.IP [2] -Slaving a nonshared mount has no effect on the mount. -.\" -.SS Bind (MS_BIND) semantics -Suppose that the following command is performed: -.P -.in +4n -.EX -mount \-\-bind A/a B/b -.EE -.in -.P -Here, -.I A -is the source mount, -.I B -is the destination mount, -.I a -is a subdirectory path under the mount point -.IR A , -and -.I b -is a subdirectory path under the mount point -.IR B . -The propagation type of the resulting mount, -.IR B/b , -depends on the propagation types of the mounts -.I A -and -.IR B , -and is summarized in the following table. -.P -.TS -lb2 lb1 lb2 lb2 lb2 lb0 -lb2 lb1 lb2 lb2 lb2 lb0 -lb lb | l l l l l. - source(A) - shared private slave unbind -_ -dest(B) shared shared shared slave+shared invalid - nonshared shared private slave invalid -.TE -.P -Note that a recursive bind of a subtree follows the same semantics -as for a bind operation on each mount in the subtree. -(Unbindable mounts are automatically pruned at the target mount point.) -.P -For further details, see -.I Documentation/filesystems/sharedsubtree.rst -in the kernel source tree. -.\" -.SS Move (MS_MOVE) semantics -Suppose that the following command is performed: -.P -.in +4n -.EX -mount \-\-move A B/b -.EE -.in -.P -Here, -.I A -is the source mount, -.I B -is the destination mount, and -.I b -is a subdirectory path under the mount point -.IR B . -The propagation type of the resulting mount, -.IR B/b , -depends on the propagation types of the mounts -.I A -and -.IR B , -and is summarized in the following table. -.P -.TS -lb2 lb1 lb2 lb2 lb2 lb0 -lb2 lb1 lb2 lb2 lb2 lb0 -lb lb | l l l l l. - source(A) - shared private slave unbind -_ -dest(B) shared shared shared slave+shared invalid - nonshared shared private slave unbindable -.TE -.P -Note: moving a mount that resides under a shared mount is invalid. -.P -For further details, see -.I Documentation/filesystems/sharedsubtree.rst -in the kernel source tree. -.\" -.SS Mount semantics -Suppose that we use the following command to create a mount: -.P -.in +4n -.EX -mount device B/b -.EE -.in -.P -Here, -.I B -is the destination mount, and -.I b -is a subdirectory path under the mount point -.IR B . -The propagation type of the resulting mount, -.IR B/b , -follows the same rules as for a bind mount, -where the propagation type of the source mount -is considered always to be private. -.\" -.SS Unmount semantics -Suppose that we use the following command to tear down a mount: -.P -.in +4n -.EX -umount A -.EE -.in -.P -Here, -.I A -is a mount on -.IR B/b , -where -.I B -is the parent mount and -.I b -is a subdirectory path under the mount point -.IR B . -If -.B B -is shared, then all most-recently-mounted mounts at -.I b -on mounts that receive propagation from mount -.I B -and do not have submounts under them are unmounted. -.\" -.SS The /proc/ pid /mountinfo "propagate_from" tag -The -.I propagate_from:X -tag is shown in the optional fields of a -.IR /proc/ pid /mountinfo -record in cases where a process can't see a slave's immediate master -(i.e., the pathname of the master is not reachable from -the filesystem root directory) -and so cannot determine the -chain of propagation between the mounts it can see. -.P -In the following example, we first create a two-link master-slave chain -between the mounts -.IR /mnt , -.IR /tmp/etc , -and -.IR /mnt/tmp/etc . -Then the -.BR chroot (1) -command is used to make the -.I /tmp/etc -mount point unreachable from the root directory, -creating a situation where the master of -.I /mnt/tmp/etc -is not reachable from the (new) root directory of the process. -.P -First, we bind mount the root directory onto -.I /mnt -and then bind mount -.I /proc -at -.I /mnt/proc -so that after the later -.BR chroot (1) -the -.BR proc (5) -filesystem remains visible at the correct location -in the chroot-ed environment. -.P -.in +4n -.EX -# \fBmkdir \-p /mnt/proc\fP -# \fBmount \-\-bind / /mnt\fP -# \fBmount \-\-bind /proc /mnt/proc\fP -.EE -.in -.P -Next, we ensure that the -.I /mnt -mount is a shared mount in a new peer group (with no peers): -.P -.in +4n -.EX -# \fBmount \-\-make\-private /mnt\fP # Isolate from any previous peer group -# \fBmount \-\-make\-shared /mnt\fP -# \fBcat /proc/self/mountinfo | grep \[aq]/mnt\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -239 61 8:2 / /mnt ... shared:102 -248 239 0:4 / /mnt/proc ... shared:5 -.EE -.in -.P -Next, we bind mount -.I /mnt/etc -onto -.IR /tmp/etc : -.P -.in +4n -.EX -# \fBmkdir \-p /tmp/etc\fP -# \fBmount \-\-bind /mnt/etc /tmp/etc\fP -# \fBcat /proc/self/mountinfo | egrep \[aq]/mnt|/tmp/\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -239 61 8:2 / /mnt ... shared:102 -248 239 0:4 / /mnt/proc ... shared:5 -267 40 8:2 /etc /tmp/etc ... shared:102 -.EE -.in -.P -Initially, these two mounts are in the same peer group, -but we then make the -.I /tmp/etc -a slave of -.IR /mnt/etc , -and then make -.I /tmp/etc -shared as well, -so that it can propagate events to the next slave in the chain: -.P -.in +4n -.EX -# \fBmount \-\-make\-slave /tmp/etc\fP -# \fBmount \-\-make\-shared /tmp/etc\fP -# \fBcat /proc/self/mountinfo | egrep \[aq]/mnt|/tmp/\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -239 61 8:2 / /mnt ... shared:102 -248 239 0:4 / /mnt/proc ... shared:5 -267 40 8:2 /etc /tmp/etc ... shared:105 master:102 -.EE -.in -.P -Then we bind mount -.I /tmp/etc -onto -.IR /mnt/tmp/etc . -Again, the two mounts are initially in the same peer group, -but we then make -.I /mnt/tmp/etc -a slave of -.IR /tmp/etc : -.P -.in +4n -.EX -# \fBmkdir \-p /mnt/tmp/etc\fP -# \fBmount \-\-bind /tmp/etc /mnt/tmp/etc\fP -# \fBmount \-\-make\-slave /mnt/tmp/etc\fP -# \fBcat /proc/self/mountinfo | egrep \[aq]/mnt|/tmp/\[aq] | sed \[aq]s/ \- .*//\[aq]\fP -239 61 8:2 / /mnt ... shared:102 -248 239 0:4 / /mnt/proc ... shared:5 -267 40 8:2 /etc /tmp/etc ... shared:105 master:102 -273 239 8:2 /etc /mnt/tmp/etc ... master:105 -.EE -.in -.P -From the above, we see that -.I /mnt -is the master of the slave -.IR /tmp/etc , -which in turn is the master of the slave -.IR /mnt/tmp/etc . -.P -We then -.BR chroot (1) -to the -.I /mnt -directory, which renders the mount with ID 267 unreachable -from the (new) root directory: -.P -.in +4n -.EX -# \fBchroot /mnt\fP -.EE -.in -.P -When we examine the state of the mounts inside the chroot-ed environment, -we see the following: -.P -.in +4n -.EX -# \fBcat /proc/self/mountinfo | sed \[aq]s/ \- .*//\[aq]\fP -239 61 8:2 / / ... shared:102 -248 239 0:4 / /proc ... shared:5 -273 239 8:2 /etc /tmp/etc ... master:105 propagate_from:102 -.EE -.in -.P -Above, we see that the mount with ID 273 -is a slave whose master is the peer group 105. -The mount point for that master is unreachable, and so a -.I propagate_from -tag is displayed, indicating that the closest dominant peer group -(i.e., the nearest reachable mount in the slave chain) -is the peer group with the ID 102 (corresponding to the -.I /mnt -mount point before the -.BR chroot (1) -was performed). -.\" -.SH STANDARDS -Linux. -.SH HISTORY -Linux 2.4.19. -.\" -.SH NOTES -The propagation type assigned to a new mount depends -on the propagation type of the parent mount. -If the mount has a parent (i.e., it is a non-root mount -point) and the propagation type of the parent is -.BR MS_SHARED , -then the propagation type of the new mount is also -.BR MS_SHARED . -Otherwise, the propagation type of the new mount is -.BR MS_PRIVATE . -.P -Notwithstanding the fact that the default propagation type -for new mount is in many cases -.BR MS_PRIVATE , -.B MS_SHARED -is typically more useful. -For this reason, -.BR systemd (1) -automatically remounts all mounts as -.B MS_SHARED -on system startup. -Thus, on most modern systems, the default propagation type is in practice -.BR MS_SHARED . -.P -Since, when one uses -.BR unshare (1) -to create a mount namespace, -the goal is commonly to provide full isolation of the mounts -in the new namespace, -.BR unshare (1) -(since -.I util\-linux -2.27) in turn reverses the step performed by -.BR systemd (1), -by making all mounts private in the new namespace. -That is, -.BR unshare (1) -performs the equivalent of the following in the new mount namespace: -.P -.in +4n -.EX -mount \-\-make\-rprivate / -.EE -.in -.P -To prevent this, one can use the -.I \-\-propagation\~unchanged -option to -.BR unshare (1). -.P -An application that creates a new mount namespace directly using -.BR clone (2) -or -.BR unshare (2) -may desire to prevent propagation of mount events to other mount namespaces -(as is done by -.BR unshare (1)). -This can be done by changing the propagation type of -mounts in the new namespace to either -.B MS_SLAVE -or -.BR MS_PRIVATE , -using a call such as the following: -.P -.in +4n -.EX -mount(NULL, "/", MS_SLAVE | MS_REC, NULL); -.EE -.in -.P -For a discussion of propagation types when moving mounts -.RB ( MS_MOVE ) -and creating bind mounts -.RB ( MS_BIND ), -see -.IR Documentation/filesystems/sharedsubtree.rst . -.\" -.\" ============================================================ -.\" -.SS Restrictions on mount namespaces -Note the following points with respect to mount namespaces: -.IP [1] 5 -Each mount namespace has an owner user namespace. -As explained above, when a new mount namespace is created, -its mount list is initialized as a copy of the mount list -of another mount namespace. -If the new namespace and the namespace from which the mount list -was copied are owned by different user namespaces, -then the new mount namespace is considered -.IR "less privileged" . -.IP [2] -When creating a less privileged mount namespace, -shared mounts are reduced to slave mounts. -This ensures that mappings performed in less -privileged mount namespaces will not propagate to more privileged -mount namespaces. -.IP [3] -Mounts that come as a single unit from a more privileged mount namespace are -locked together and may not be separated in a less privileged mount -namespace. -(The -.BR unshare (2) -.B CLONE_NEWNS -operation brings across all of the mounts from the original -mount namespace as a single unit, -and recursive mounts that propagate between -mount namespaces propagate as a single unit.) -.IP -In this context, "may not be separated" means that the mounts -are locked so that they may not be individually unmounted. -Consider the following example: -.IP -.in +4n -.EX -$ \fBsudo sh\fP -# \fBmount \-\-bind /dev/null /etc/shadow\fP -# \fBcat /etc/shadow\fP # Produces no output -.EE -.in -.IP -The above steps, performed in a more privileged mount namespace, -have created a bind mount that -obscures the contents of the shadow password file, -.IR /etc/shadow . -For security reasons, it should not be possible to -.BR umount (2) -that mount in a less privileged mount namespace, -since that would reveal the contents of -.IR /etc/shadow . -.IP -Suppose we now create a new mount namespace -owned by a new user namespace. -The new mount namespace will inherit copies of all of the mounts -from the previous mount namespace. -However, those mounts will be locked because the new mount namespace -is less privileged. -Consequently, an attempt to -.BR umount (2) -the mount fails as show -in the following step: -.IP -.in +4n -.EX -# \fBunshare \-\-user \-\-map\-root\-user \-\-mount \e\fP - \fBstrace \-o /tmp/log \e\fP - \fBumount /mnt/dir\fP -umount: /etc/shadow: not mounted. -# \fBgrep \[aq]\[ha]umount\[aq] /tmp/log\fP -umount2("/etc/shadow", 0) = \-1 EINVAL (Invalid argument) -.EE -.in -.IP -The error message from -.BR mount (8) -is a little confusing, but the -.BR strace (1) -output reveals that the underlying -.BR umount2 (2) -system call failed with the error -.BR EINVAL , -which is the error that the kernel returns to indicate that -the mount is locked. -.IP -Note, however, that it is possible to stack (and unstack) a -mount on top of one of the inherited locked mounts in a -less privileged mount namespace: -.IP -.in +4n -.EX -# \fBecho \[aq]aaaaa\[aq] > /tmp/a\fP # File to mount onto /etc/shadow -# \fBunshare \-\-user \-\-map\-root\-user \-\-mount \e\fP - \fBsh \-c \[aq]mount \-\-bind /tmp/a /etc/shadow; cat /etc/shadow\[aq]\fP -aaaaa -# \fBumount /etc/shadow\fP -.EE -.in -.IP -The final -.BR umount (8) -command above, which is performed in the initial mount namespace, -makes the original -.I /etc/shadow -file once more visible in that namespace. -.IP [4] -Following on from point [3], -note that it is possible to -.BR umount (2) -an entire subtree of mounts that -propagated as a unit into a less privileged mount namespace, -as illustrated in the following example. -.IP -First, we create new user and mount namespaces using -.BR unshare (1). -In the new mount namespace, -the propagation type of all mounts is set to private. -We then create a shared bind mount at -.IR /mnt , -and a small hierarchy of mounts underneath that mount. -.IP -.in +4n -.EX -$ \fBPS1=\[aq]ns1# \[aq] sudo unshare \-\-user \-\-map\-root\-user \e\fP - \fB\-\-mount \-\-propagation private bash\fP -ns1# \fBecho $$\fP # We need the PID of this shell later -778501 -ns1# \fBmount \-\-make\-shared \-\-bind /mnt /mnt\fP -ns1# \fBmkdir /mnt/x\fP -ns1# \fBmount \-\-make\-private \-t tmpfs none /mnt/x\fP -ns1# \fBmkdir /mnt/x/y\fP -ns1# \fBmount \-\-make\-private \-t tmpfs none /mnt/x/y\fP -ns1# \fBgrep /mnt /proc/self/mountinfo | sed \[aq]s/ \- .*//\[aq]\fP -986 83 8:5 /mnt /mnt rw,relatime shared:344 -989 986 0:56 / /mnt/x rw,relatime -990 989 0:57 / /mnt/x/y rw,relatime -.EE -.in -.IP -Continuing in the same shell session, -we then create a second shell in a new user namespace and a new -(less privileged) mount namespace and -check the state of the propagated mounts rooted at -.IR /mnt . -.IP -.in +4n -.EX -ns1# \fBPS1=\[aq]ns2# \[aq] unshare \-\-user \-\-map\-root\-user \e\fP - \fB\-\-mount \-\-propagation unchanged bash\fP -ns2# \fBgrep /mnt /proc/self/mountinfo | sed \[aq]s/ \- .*//\[aq]\fP -1239 1204 8:5 /mnt /mnt rw,relatime master:344 -1240 1239 0:56 / /mnt/x rw,relatime -1241 1240 0:57 / /mnt/x/y rw,relatime -.EE -.in -.IP -Of note in the above output is that the propagation type of the mount -.I /mnt -has been reduced to slave, as explained in point [2]. -This means that submount events will propagate from the master -.I /mnt -in "ns1", but propagation will not occur in the opposite direction. -.IP -From a separate terminal window, we then use -.BR nsenter (1) -to enter the mount and user namespaces corresponding to "ns1". -In that terminal window, we then recursively bind mount -.I /mnt/x -at the location -.IR /mnt/ppp . -.IP -.in +4n -.EX -$ \fBPS1=\[aq]ns3# \[aq] sudo nsenter \-t 778501 \-\-user \-\-mount\fP -ns3# \fBmount \-\-rbind \-\-make\-private /mnt/x /mnt/ppp\fP -ns3# \fBgrep /mnt /proc/self/mountinfo | sed \[aq]s/ \- .*//\[aq]\fP -986 83 8:5 /mnt /mnt rw,relatime shared:344 -989 986 0:56 / /mnt/x rw,relatime -990 989 0:57 / /mnt/x/y rw,relatime -1242 986 0:56 / /mnt/ppp rw,relatime -1243 1242 0:57 / /mnt/ppp/y rw,relatime shared:518 -.EE -.in -.IP -Because the propagation type of the parent mount, -.IR /mnt , -was shared, the recursive bind mount propagated a small subtree of -mounts under the slave mount -.I /mnt -into "ns2", -as can be verified by executing the following command in that shell session: -.IP -.in +4n -.EX -ns2# \fBgrep /mnt /proc/self/mountinfo | sed \[aq]s/ \- .*//\[aq]\fP -1239 1204 8:5 /mnt /mnt rw,relatime master:344 -1240 1239 0:56 / /mnt/x rw,relatime -1241 1240 0:57 / /mnt/x/y rw,relatime -1244 1239 0:56 / /mnt/ppp rw,relatime -1245 1244 0:57 / /mnt/ppp/y rw,relatime master:518 -.EE -.in -.IP -While it is not possible to -.BR umount (2) -a part of the propagated subtree -.RI ( /mnt/ppp/y ) -in "ns2", -it is possible to -.BR umount (2) -the entire subtree, -as shown by the following commands: -.IP -.in +4n -.EX -ns2# \fBumount /mnt/ppp/y\fP -umount: /mnt/ppp/y: not mounted. -ns2# \fBumount \-l /mnt/ppp | sed \[aq]s/ \- .*//\[aq]\fP # Succeeds... -ns2# \fBgrep /mnt /proc/self/mountinfo\fP -1239 1204 8:5 /mnt /mnt rw,relatime master:344 -1240 1239 0:56 / /mnt/x rw,relatime -1241 1240 0:57 / /mnt/x/y rw,relatime -.EE -.in -.IP [5] -The -.BR mount (2) -flags -.BR MS_RDONLY , -.BR MS_NOSUID , -.BR MS_NOEXEC , -and the "atime" flags -.RB ( MS_NOATIME , -.BR MS_NODIRATIME , -.BR MS_RELATIME ) -settings become locked -.\" commit 9566d6742852c527bf5af38af5cbb878dad75705 -.\" Author: Eric W. Biederman -.\" Date: Mon Jul 28 17:26:07 2014 -0700 -.\" -.\" mnt: Correct permission checks in do_remount -.\" -when propagated from a more privileged to -a less privileged mount namespace, -and may not be changed in the less privileged mount namespace. -.IP -This point is illustrated in the following example where, -in a more privileged mount namespace, -we create a bind mount that is marked as read-only. -For security reasons, -it should not be possible to make the mount writable in -a less privileged mount namespace, and indeed the kernel prevents this: -.IP -.in +4n -.EX -$ \fBsudo mkdir /mnt/dir\fP -$ \fBsudo mount \-\-bind \-o ro /some/path /mnt/dir\fP -$ \fBsudo unshare \-\-user \-\-map\-root\-user \-\-mount \e\fP - \fBmount \-o remount,rw /mnt/dir\fP -mount: /mnt/dir: permission denied. -.EE -.in -.IP [6] -.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree)) -A file or directory that is a mount point in one namespace that is not -a mount point in another namespace, may be renamed, unlinked, or removed -.RB ( rmdir (2)) -in the mount namespace in which it is not a mount point -(subject to the usual permission checks). -Consequently, the mount point is removed in the mount namespace -where it was a mount point. -.IP -Previously (before Linux 3.18), -.\" mtk: The change was in Linux 3.18, I think, with this commit: -.\" commit 8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe -.\" Author: Eric W. Biederman -.\" Date: Tue Oct 1 18:33:48 2013 -0700 -.\" -.\" vfs: Lazily remove mounts on unlinked files and directories. -attempting to unlink, rename, or remove a file or directory -that was a mount point in another mount namespace would result in the error -.BR EBUSY . -That behavior had technical problems of enforcement (e.g., for NFS) -and permitted denial-of-service attacks against more privileged users -(i.e., preventing individual files from being updated -by bind mounting on top of them). -.SH EXAMPLES -See -.BR pivot_root (2). -.SH SEE ALSO -.BR unshare (1), -.BR clone (2), -.BR mount (2), -.BR mount_setattr (2), -.BR pivot_root (2), -.BR setns (2), -.BR umount (2), -.BR unshare (2), -.BR proc (5), -.BR namespaces (7), -.BR user_namespaces (7), -.BR findmnt (8), -.BR mount (8), -.BR pam_namespace (8), -.BR pivot_root (8), -.BR umount (8) -.P -.I Documentation/filesystems/sharedsubtree.rst -in the kernel source tree. diff --git a/man7/mq_overview.7 b/man7/mq_overview.7 deleted file mode 100644 index 223f238..0000000 --- a/man7/mq_overview.7 +++ /dev/null @@ -1,389 +0,0 @@ -'\" t -.\" Copyright (C) 2006 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH mq_overview 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -mq_overview \- overview of POSIX message queues -.SH DESCRIPTION -POSIX message queues allow processes to exchange data in -the form of messages. -This API is distinct from that provided by System V message queues -.RB ( msgget (2), -.BR msgsnd (2), -.BR msgrcv (2), -etc.), but provides similar functionality. -.P -Message queues are created and opened using -.BR mq_open (3); -this function returns a -.I message queue descriptor -.RI ( mqd_t ), -which is used to refer to the open message queue in later calls. -Each message queue is identified by a name of the form -.IR /somename ; -that is, a null-terminated string of up to -.B NAME_MAX -(i.e., 255) characters consisting of an initial slash, -followed by one or more characters, none of which are slashes. -Two processes can operate on the same queue by passing the same name to -.BR mq_open (3). -.P -Messages are transferred to and from a queue using -.BR mq_send (3) -and -.BR mq_receive (3). -When a process has finished using the queue, it closes it using -.BR mq_close (3), -and when the queue is no longer required, it can be deleted using -.BR mq_unlink (3). -Queue attributes can be retrieved and (in some cases) modified using -.BR mq_getattr (3) -and -.BR mq_setattr (3). -A process can request asynchronous notification -of the arrival of a message on a previously empty queue using -.BR mq_notify (3). -.P -A message queue descriptor is a reference to an -.I "open message queue description" -(see -.BR open (2)). -After a -.BR fork (2), -a child inherits copies of its parent's message queue descriptors, -and these descriptors refer to the same open message queue descriptions -as the corresponding message queue descriptors in the parent. -Corresponding message queue descriptors in the two processes share the flags -.RI ( mq_flags ) -that are associated with the open message queue description. -.P -Each message has an associated -.IR priority , -and messages are always delivered to the receiving process -highest priority first. -Message priorities range from 0 (low) to -.I sysconf(_SC_MQ_PRIO_MAX)\ \-\ 1 -(high). -On Linux, -.I sysconf(_SC_MQ_PRIO_MAX) -returns 32768, but POSIX.1 requires only that -an implementation support at least priorities in the range 0 to 31; -some implementations provide only this range. -.P -The remainder of this section describes some specific details -of the Linux implementation of POSIX message queues. -.SS Library interfaces and system calls -In most cases the -.BR mq_* () -library interfaces listed above are implemented -on top of underlying system calls of the same name. -Deviations from this scheme are indicated in the following table: -.RS -.TS -lB lB -l l. -Library interface System call -mq_close(3) close(2) -mq_getattr(3) mq_getsetattr(2) -mq_notify(3) mq_notify(2) -mq_open(3) mq_open(2) -mq_receive(3) mq_timedreceive(2) -mq_send(3) mq_timedsend(2) -mq_setattr(3) mq_getsetattr(2) -mq_timedreceive(3) mq_timedreceive(2) -mq_timedsend(3) mq_timedsend(2) -mq_unlink(3) mq_unlink(2) -.TE -.RE -.SS Versions -POSIX message queues have been supported since Linux 2.6.6. -glibc support has been provided since glibc 2.3.4. -.SS Kernel configuration -Support for POSIX message queues is configurable via the -.B CONFIG_POSIX_MQUEUE -kernel configuration option. -This option is enabled by default. -.SS Persistence -POSIX message queues have kernel persistence: -if not removed by -.BR mq_unlink (3), -a message queue will exist until the system is shut down. -.SS Linking -Programs using the POSIX message queue API must be compiled with -.I cc \-lrt -to link against the real-time library, -.IR librt . -.SS /proc interfaces -The following interfaces can be used to limit the amount of -kernel memory consumed by POSIX message queues and to set -the default attributes for new message queues: -.TP -.IR /proc/sys/fs/mqueue/msg_default " (since Linux 3.5)" -This file defines the value used for a new queue's -.I mq_maxmsg -setting when the queue is created with a call to -.BR mq_open (3) -where -.I attr -is specified as NULL. -The default value for this file is 10. -The minimum and maximum are as for -.IR /proc/sys/fs/mqueue/msg_max . -A new queue's default -.I mq_maxmsg -value will be the smaller of -.I msg_default -and -.IR msg_max . -Before Linux 2.6.28, the default -.I mq_maxmsg -was 10; -from Linux 2.6.28 to Linux 3.4, the default was the value defined for the -.I msg_max -limit. -.TP -.I /proc/sys/fs/mqueue/msg_max -This file can be used to view and change the ceiling value for the -maximum number of messages in a queue. -This value acts as a ceiling on the -.I attr\->mq_maxmsg -argument given to -.BR mq_open (3). -The default value for -.I msg_max -is 10. -The minimum value is 1 (10 before Linux 2.6.28). -The upper limit is -.BR HARD_MSGMAX . -The -.I msg_max -limit is ignored for privileged processes -.RB ( CAP_SYS_RESOURCE ), -but the -.B HARD_MSGMAX -ceiling is nevertheless imposed. -.IP -The definition of -.B HARD_MSGMAX -has changed across kernel versions: -.RS -.IP \[bu] 3 -Up to Linux 2.6.32: -.I 131072\~/\~sizeof(void\~*) -.IP \[bu] -Linux 2.6.33 to Linux 3.4: -.I (32768\~*\~sizeof(void\~*) / 4) -.IP \[bu] -Since Linux 3.5: -.\" commit 5b5c4d1a1440e94994c73dddbad7be0676cd8b9a -65,536 -.RE -.TP -.IR /proc/sys/fs/mqueue/msgsize_default " (since Linux 3.5)" -This file defines the value used for a new queue's -.I mq_msgsize -setting when the queue is created with a call to -.BR mq_open (3) -where -.I attr -is specified as NULL. -The default value for this file is 8192 (bytes). -The minimum and maximum are as for -.IR /proc/sys/fs/mqueue/msgsize_max . -If -.I msgsize_default -exceeds -.IR msgsize_max , -a new queue's default -.I mq_msgsize -value is capped to the -.I msgsize_max -limit. -Before Linux 2.6.28, the default -.I mq_msgsize -was 8192; -from Linux 2.6.28 to Linux 3.4, the default was the value defined for the -.I msgsize_max -limit. -.TP -.I /proc/sys/fs/mqueue/msgsize_max -This file can be used to view and change the ceiling on the -maximum message size. -This value acts as a ceiling on the -.I attr\->mq_msgsize -argument given to -.BR mq_open (3). -The default value for -.I msgsize_max -is 8192 bytes. -The minimum value is 128 (8192 before Linux 2.6.28). -The upper limit for -.I msgsize_max -has varied across kernel versions: -.RS -.IP \[bu] 3 -Before Linux 2.6.28, the upper limit is -.BR INT_MAX . -.IP \[bu] -From Linux 2.6.28 to Linux 3.4, the limit is 1,048,576. -.IP \[bu] -Since Linux 3.5, the limit is 16,777,216 -.RB ( HARD_MSGSIZEMAX ). -.RE -.IP -The -.I msgsize_max -limit is ignored for privileged process -.RB ( CAP_SYS_RESOURCE ), -but, since Linux 3.5, the -.B HARD_MSGSIZEMAX -ceiling is enforced for privileged processes. -.TP -.I /proc/sys/fs/mqueue/queues_max -This file can be used to view and change the system-wide limit on the -number of message queues that can be created. -The default value for -.I queues_max -is 256. -No ceiling is imposed on the -.I queues_max -limit; privileged processes -.RB ( CAP_SYS_RESOURCE ) -can exceed the limit (but see BUGS). -.SS Resource limit -The -.B RLIMIT_MSGQUEUE -resource limit, which places a limit on the amount of space -that can be consumed by all of the message queues -belonging to a process's real user ID, is described in -.BR getrlimit (2). -.SS Mounting the message queue filesystem -On Linux, message queues are created in a virtual filesystem. -(Other implementations may also provide such a feature, -but the details are likely to differ.) -This filesystem can be mounted (by the superuser) using the following -commands: -.P -.in +4n -.EX -.RB "#" " mkdir /dev/mqueue" -.RB "#" " mount \-t mqueue none /dev/mqueue" -.EE -.in -.P -The sticky bit is automatically enabled on the mount directory. -.P -After the filesystem has been mounted, the message queues on the system -can be viewed and manipulated using the commands usually used for files -(e.g., -.BR ls (1) -and -.BR rm (1)). -.P -The contents of each file in the directory consist of a single line -containing information about the queue: -.P -.in +4n -.EX -.RB "$" " cat /dev/mqueue/mymq" -QSIZE:129 NOTIFY:2 SIGNO:0 NOTIFY_PID:8260 -.EE -.in -.P -These fields are as follows: -.TP -.B QSIZE -Number of bytes of data in all messages in the queue (but see BUGS). -.TP -.B NOTIFY_PID -If this is nonzero, then the process with this PID has used -.BR mq_notify (3) -to register for asynchronous message notification, -and the remaining fields describe how notification occurs. -.TP -.B NOTIFY -Notification method: -0 is -.BR SIGEV_SIGNAL ; -1 is -.BR SIGEV_NONE ; -and -2 is -.BR SIGEV_THREAD . -.TP -.B SIGNO -Signal number to be used for -.BR SIGEV_SIGNAL . -.SS Linux implementation of message queue descriptors -On Linux, a message queue descriptor is actually a file descriptor. -(POSIX does not require such an implementation.) -This means that a message queue descriptor can be monitored using -.BR select (2), -.BR poll (2), -or -.BR epoll (7). -This is not portable. -.P -The close-on-exec flag (see -.BR open (2)) -is automatically set on the file descriptor returned by -.BR mq_open (2). -.SS IPC namespaces -For a discussion of the interaction of POSIX message queue objects and -IPC namespaces, see -.BR ipc_namespaces (7). -.SH NOTES -System V message queues -.RB ( msgget (2), -.BR msgsnd (2), -.BR msgrcv (2), -etc.) are an older API for exchanging messages between processes. -POSIX message queues provide a better designed interface than -System V message queues; -on the other hand POSIX message queues are less widely available -(especially on older systems) than System V message queues. -.P -Linux does not currently (Linux 2.6.26) support the use of access control -lists (ACLs) for POSIX message queues. -.SH BUGS -Since Linux 3.5 to Linux 3.14, the kernel imposed a ceiling of 1024 -.RB ( HARD_QUEUESMAX ) -on the value to which the -.I queues_max -limit could be raised, -and the ceiling was enforced even for privileged processes. -This ceiling value was removed in Linux 3.14, -and patches to stable Linux 3.5.x to Linux 3.13.x also removed the ceiling. -.P -As originally implemented (and documented), -the QSIZE field displayed the total number of (user-supplied) -bytes in all messages in the message queue. -Some changes in Linux 3.5 -.\" commit d6629859b36d -inadvertently changed the behavior, -so that this field also included a count of kernel overhead bytes -used to store the messages in the queue. -This behavioral regression was rectified in Linux 4.2 -.\" commit de54b9ac253787c366bbfb28d901a31954eb3511 -(and earlier stable kernel series), -so that the count once more included just the bytes of user data -in messages in the queue. -.SH EXAMPLES -An example of the use of various message queue functions is shown in -.BR mq_notify (3). -.SH SEE ALSO -.BR getrlimit (2), -.BR mq_getsetattr (2), -.BR poll (2), -.BR select (2), -.BR mq_close (3), -.BR mq_getattr (3), -.BR mq_notify (3), -.BR mq_open (3), -.BR mq_receive (3), -.BR mq_send (3), -.BR mq_unlink (3), -.BR epoll (7), -.BR namespaces (7) diff --git a/man7/namespaces.7 b/man7/namespaces.7 deleted file mode 100644 index 5fdca2e..0000000 --- a/man7/namespaces.7 +++ /dev/null @@ -1,417 +0,0 @@ -'\" t -.\" Copyright (c) 2013, 2016, 2017 by Michael Kerrisk -.\" and Copyright (c) 2012 by Eric W. Biederman -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -namespaces \- overview of Linux namespaces -.SH DESCRIPTION -A namespace wraps a global system resource in an abstraction that -makes it appear to the processes within the namespace that they -have their own isolated instance of the global resource. -Changes to the global resource are visible to other processes -that are members of the namespace, but are invisible to other processes. -One use of namespaces is to implement containers. -.P -This page provides pointers to information on the various namespace types, -describes the associated -.I /proc -files, and summarizes the APIs for working with namespaces. -.\" -.SS Namespace types -The following table shows the namespace types available on Linux. -The second column of the table shows the flag value that is used to specify -the namespace type in various APIs. -The third column identifies the manual page that provides details -on the namespace type. -The last column is a summary of the resources that are isolated by -the namespace type. -.TS -lB lB lB lB -l1 lB1 l1 l. -Namespace Flag Page Isolates -Cgroup CLONE_NEWCGROUP \fBcgroup_namespaces\fP(7) T{ -Cgroup root directory -T} -IPC CLONE_NEWIPC \fBipc_namespaces\fP(7) T{ -System V IPC, -POSIX message queues -T} -Network CLONE_NEWNET \fBnetwork_namespaces\fP(7) T{ -Network devices, -stacks, ports, etc. -T} -Mount CLONE_NEWNS \fBmount_namespaces\fP(7) Mount points -PID CLONE_NEWPID \fBpid_namespaces\fP(7) Process IDs -Time CLONE_NEWTIME \fBtime_namespaces\fP(7) T{ -Boot and monotonic -clocks -T} -User CLONE_NEWUSER \fBuser_namespaces\fP(7) T{ -User and group IDs -T} -UTS CLONE_NEWUTS \fButs_namespaces\fP(7) T{ -Hostname and NIS -domain name -T} -.TE -.\" -.\" ==================== The namespaces API ==================== -.\" -.SS The namespaces API -As well as various -.I /proc -files described below, -the namespaces API includes the following system calls: -.TP -.BR clone (2) -The -.BR clone (2) -system call creates a new process. -If the -.I flags -argument of the call specifies one or more of the -.B CLONE_NEW* -flags listed above, then new namespaces are created for each flag, -and the child process is made a member of those namespaces. -(This system call also implements a number of features -unrelated to namespaces.) -.TP -.BR setns (2) -The -.BR setns (2) -system call allows the calling process to join an existing namespace. -The namespace to join is specified via a file descriptor that refers to -one of the -.IR /proc/ pid /ns -files described below. -.TP -.BR unshare (2) -The -.BR unshare (2) -system call moves the calling process to a new namespace. -If the -.I flags -argument of the call specifies one or more of the -.B CLONE_NEW* -flags listed above, then new namespaces are created for each flag, -and the calling process is made a member of those namespaces. -(This system call also implements a number of features -unrelated to namespaces.) -.TP -.BR ioctl (2) -Various -.BR ioctl (2) -operations can be used to discover information about namespaces. -These operations are described in -.BR ioctl_ns (2). -.P -Creation of new namespaces using -.BR clone (2) -and -.BR unshare (2) -in most cases requires the -.B CAP_SYS_ADMIN -capability, since, in the new namespace, -the creator will have the power to change global resources -that are visible to other processes that are subsequently created in, -or join the namespace. -User namespaces are the exception: since Linux 3.8, -no privilege is required to create a user namespace. -.\" -.\" ==================== The /proc/[pid]/ns/ directory ==================== -.\" -.SS The \fI/proc/\fPpid\fI/ns/\fP directory -Each process has a -.IR /proc/ pid /ns/ -.\" See commit 6b4e306aa3dc94a0545eb9279475b1ab6209a31f -subdirectory containing one entry for each namespace that -supports being manipulated by -.BR setns (2): -.P -.in +4n -.EX -$ \fBls \-l /proc/$$/ns | awk \[aq]{print $1, $9, $10, $11}\[aq]\fP -total 0 -lrwxrwxrwx. cgroup \-> cgroup:[4026531835] -lrwxrwxrwx. ipc \-> ipc:[4026531839] -lrwxrwxrwx. mnt \-> mnt:[4026531840] -lrwxrwxrwx. net \-> net:[4026531969] -lrwxrwxrwx. pid \-> pid:[4026531836] -lrwxrwxrwx. pid_for_children \-> pid:[4026531834] -lrwxrwxrwx. time \-> time:[4026531834] -lrwxrwxrwx. time_for_children \-> time:[4026531834] -lrwxrwxrwx. user \-> user:[4026531837] -lrwxrwxrwx. uts \-> uts:[4026531838] -.EE -.in -.P -Bind mounting (see -.BR mount (2)) -one of the files in this directory -to somewhere else in the filesystem keeps -the corresponding namespace of the process specified by -.I pid -alive even if all processes currently in the namespace terminate. -.P -Opening one of the files in this directory -(or a file that is bind mounted to one of these files) -returns a file handle for -the corresponding namespace of the process specified by -.IR pid . -As long as this file descriptor remains open, -the namespace will remain alive, -even if all processes in the namespace terminate. -The file descriptor can be passed to -.BR setns (2). -.P -In Linux 3.7 and earlier, these files were visible as hard links. -Since Linux 3.8, -.\" commit bf056bfa80596a5d14b26b17276a56a0dcb080e5 -they appear as symbolic links. -If two processes are in the same namespace, -then the device IDs and inode numbers of their -.IR /proc/ pid /ns/ xxx -symbolic links will be the same; an application can check this using the -.I stat.st_dev -.\" Eric Biederman: "I reserve the right for st_dev to be significant -.\" when comparing namespaces." -.\" https://lore.kernel.org/lkml/87poky5ca9.fsf@xmission.com/ -.\" Re: Documenting the ioctl interfaces to discover relationships... -.\" Date: Mon, 12 Dec 2016 11:30:38 +1300 -and -.I stat.st_ino -fields returned by -.BR stat (2). -The content of this symbolic link is a string containing -the namespace type and inode number as in the following example: -.P -.in +4n -.EX -$ \fBreadlink /proc/$$/ns/uts\fP -uts:[4026531838] -.EE -.in -.P -The symbolic links in this subdirectory are as follows: -.TP -.IR /proc/ pid /ns/cgroup " (since Linux 4.6)" -This file is a handle for the cgroup namespace of the process. -.TP -.IR /proc/ pid /ns/ipc " (since Linux 3.0)" -This file is a handle for the IPC namespace of the process. -.TP -.IR /proc/ pid /ns/mnt " (since Linux 3.8)" -.\" commit 8823c079ba7136dc1948d6f6dcb5f8022bde438e -This file is a handle for the mount namespace of the process. -.TP -.IR /proc/ pid /ns/net " (since Linux 3.0)" -This file is a handle for the network namespace of the process. -.TP -.IR /proc/ pid /ns/pid " (since Linux 3.8)" -.\" commit 57e8391d327609cbf12d843259c968b9e5c1838f -This file is a handle for the PID namespace of the process. -This handle is permanent for the lifetime of the process -(i.e., a process's PID namespace membership never changes). -.TP -.IR /proc/ pid /ns/pid_for_children " (since Linux 4.12)" -.\" commit eaa0d190bfe1ed891b814a52712dcd852554cb08 -This file is a handle for the PID namespace of -child processes created by this process. -This can change as a consequence of calls to -.BR unshare (2) -and -.BR setns (2) -(see -.BR pid_namespaces (7)), -so the file may differ from -.IR /proc/ pid /ns/pid . -The symbolic link gains a value only after the first child process -is created in the namespace. -(Beforehand, -.BR readlink (2) -of the symbolic link will return an empty buffer.) -.TP -.IR /proc/ pid /ns/time " (since Linux 5.6)" -This file is a handle for the time namespace of the process. -.TP -.IR /proc/ pid /ns/time_for_children " (since Linux 5.6)" -This file is a handle for the time namespace of -child processes created by this process. -This can change as a consequence of calls to -.BR unshare (2) -and -.BR setns (2) -(see -.BR time_namespaces (7)), -so the file may differ from -.IR /proc/ pid /ns/time . -.TP -.IR /proc/ pid /ns/user " (since Linux 3.8)" -.\" commit cde1975bc242f3e1072bde623ef378e547b73f91 -This file is a handle for the user namespace of the process. -.TP -.IR /proc/ pid /ns/uts " (since Linux 3.0)" -This file is a handle for the UTS namespace of the process. -.P -Permission to dereference or read -.RB ( readlink (2)) -these symbolic links is governed by a ptrace access mode -.B PTRACE_MODE_READ_FSCREDS -check; see -.BR ptrace (2). -.\" -.\" ==================== The /proc/sys/user directory ==================== -.\" -.SS The \fI/proc/sys/user\fP directory -The files in the -.I /proc/sys/user -directory (which is present since Linux 4.9) expose limits -on the number of namespaces of various types that can be created. -The files are as follows: -.TP -.I max_cgroup_namespaces -The value in this file defines a per-user limit on the number of -cgroup namespaces that may be created in the user namespace. -.TP -.I max_ipc_namespaces -The value in this file defines a per-user limit on the number of -ipc namespaces that may be created in the user namespace. -.TP -.I max_mnt_namespaces -The value in this file defines a per-user limit on the number of -mount namespaces that may be created in the user namespace. -.TP -.I max_net_namespaces -The value in this file defines a per-user limit on the number of -network namespaces that may be created in the user namespace. -.TP -.I max_pid_namespaces -The value in this file defines a per-user limit on the number of -PID namespaces that may be created in the user namespace. -.TP -.IR max_time_namespaces " (since Linux 5.7)" -.\" commit eeec26d5da8248ea4e240b8795bb4364213d3247 -The value in this file defines a per-user limit on the number of -time namespaces that may be created in the user namespace. -.TP -.I max_user_namespaces -The value in this file defines a per-user limit on the number of -user namespaces that may be created in the user namespace. -.TP -.I max_uts_namespaces -The value in this file defines a per-user limit on the number of -uts namespaces that may be created in the user namespace. -.P -Note the following details about these files: -.IP \[bu] 3 -The values in these files are modifiable by privileged processes. -.IP \[bu] -The values exposed by these files are the limits for the user namespace -in which the opening process resides. -.IP \[bu] -The limits are per-user. -Each user in the same user namespace -can create namespaces up to the defined limit. -.IP \[bu] -The limits apply to all users, including UID 0. -.IP \[bu] -These limits apply in addition to any other per-namespace -limits (such as those for PID and user namespaces) that may be enforced. -.IP \[bu] -Upon encountering these limits, -.BR clone (2) -and -.BR unshare (2) -fail with the error -.BR ENOSPC . -.IP \[bu] -For the initial user namespace, -the default value in each of these files is half the limit on the number -of threads that may be created -.RI ( /proc/sys/kernel/threads\-max ). -In all descendant user namespaces, the default value in each file is -.BR MAXINT . -.IP \[bu] -When a namespace is created, the object is also accounted -against ancestor namespaces. -More precisely: -.RS -.IP \[bu] 3 -Each user namespace has a creator UID. -.IP \[bu] -When a namespace is created, -it is accounted against the creator UIDs in each of the -ancestor user namespaces, -and the kernel ensures that the corresponding namespace limit -for the creator UID in the ancestor namespace is not exceeded. -.IP \[bu] -The aforementioned point ensures that creating a new user namespace -cannot be used as a means to escape the limits in force -in the current user namespace. -.RE -.\" -.SS Namespace lifetime -Absent any other factors, -a namespace is automatically torn down when the last process in -the namespace terminates or leaves the namespace. -However, there are a number of other factors that may pin -a namespace into existence even though it has no member processes. -These factors include the following: -.IP \[bu] 3 -An open file descriptor or a bind mount exists for the corresponding -.IR /proc/ pid /ns/* -file. -.IP \[bu] -The namespace is hierarchical (i.e., a PID or user namespace), -and has a child namespace. -.IP \[bu] -It is a user namespace that owns one or more nonuser namespaces. -.IP \[bu] -It is a PID namespace, -and there is a process that refers to the namespace via a -.IR /proc/ pid /ns/pid_for_children -symbolic link. -.IP \[bu] -It is a time namespace, -and there is a process that refers to the namespace via a -.IR /proc/ pid /ns/time_for_children -symbolic link. -.IP \[bu] -It is an IPC namespace, and a corresponding mount of an -.I mqueue -filesystem (see -.BR mq_overview (7)) -refers to this namespace. -.IP \[bu] -It is a PID namespace, and a corresponding mount of a -.BR proc (5) -filesystem refers to this namespace. -.SH EXAMPLES -See -.BR clone (2) -and -.BR user_namespaces (7). -.SH SEE ALSO -.BR nsenter (1), -.BR readlink (1), -.BR unshare (1), -.BR clone (2), -.BR ioctl_ns (2), -.BR setns (2), -.BR unshare (2), -.BR proc (5), -.BR capabilities (7), -.BR cgroup_namespaces (7), -.BR cgroups (7), -.BR credentials (7), -.BR ipc_namespaces (7), -.BR network_namespaces (7), -.BR pid_namespaces (7), -.BR user_namespaces (7), -.BR uts_namespaces (7), -.BR lsns (8), -.BR switch_root (8) diff --git a/man7/netdevice.7 b/man7/netdevice.7 deleted file mode 100644 index 9f9f002..0000000 --- a/man7/netdevice.7 +++ /dev/null @@ -1,449 +0,0 @@ -'\" t -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" -.\" $Id: netdevice.7,v 1.10 2000/08/17 10:09:54 ak Exp $ -.\" -.\" Modified, 2004-11-25, mtk, formatting and a few wording fixes -.\" -.\" Modified, 2011-11-02, , added many basic -.\" but missing ioctls, such as SIOCGIFADDR. -.\" -.TH netdevice 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -netdevice \- low-level access to Linux network devices -.SH SYNOPSIS -.nf -.B "#include " -.B "#include " -.fi -.SH DESCRIPTION -This man page describes the sockets interface which is used to configure -network devices. -.P -Linux supports some standard ioctls to configure network devices. -They can be used on any socket's file descriptor regardless of the -family or type. -Most of them pass an -.I ifreq -structure: -.P -.in +4n -.EX -struct ifreq { - char ifr_name[IFNAMSIZ]; /* Interface name */ - union { - struct sockaddr ifr_addr; - struct sockaddr ifr_dstaddr; - struct sockaddr ifr_broadaddr; - struct sockaddr ifr_netmask; - struct sockaddr ifr_hwaddr; - short ifr_flags; - int ifr_ifindex; - int ifr_metric; - int ifr_mtu; - struct ifmap ifr_map; - char ifr_slave[IFNAMSIZ]; - char ifr_newname[IFNAMSIZ]; - char *ifr_data; - }; -}; -.EE -.in -.P -.B AF_INET6 -is an exception. -It passes an -.I in6_ifreq -structure: -.P -.in +4n -.EX -struct in6_ifreq { - struct in6_addr ifr6_addr; - u32 ifr6_prefixlen; - int ifr6_ifindex; /* Interface index */ -}; -.EE -.in -.P -Normally, the user specifies which device to affect by setting -.I ifr_name -to the name of the interface or -.I ifr6_ifindex -to the index of the interface. -All other members of the structure may -share memory. -.SS Ioctls -If an ioctl is marked as privileged, then using it requires an effective -user ID of 0 or the -.B CAP_NET_ADMIN -capability. -If this is not the case, -.B EPERM -will be returned. -.TP -.B SIOCGIFNAME -Given the -.IR ifr_ifindex , -return the name of the interface in -.IR ifr_name . -This is the only ioctl which returns its result in -.IR ifr_name . -.TP -.B SIOCGIFINDEX -Retrieve the interface index of the interface into -.IR ifr_ifindex . -.TP -.B SIOCGIFFLAGS -.TQ -.B SIOCSIFFLAGS -Get or set the active flag word of the device. -.I ifr_flags -contains a bit mask of the following values: -.\" Do not right adjust text blocks in tables -.na -.TS -tab(:); -c s -l l. -Device flags -IFF_UP:Interface is running. -IFF_BROADCAST:Valid broadcast address set. -IFF_DEBUG:Internal debugging flag. -IFF_LOOPBACK:Interface is a loopback interface. -IFF_POINTOPOINT:Interface is a point-to-point link. -IFF_RUNNING:Resources allocated. -IFF_NOARP:T{ -No arp protocol, L2 destination address not set. -T} -IFF_PROMISC:Interface is in promiscuous mode. -IFF_NOTRAILERS:Avoid use of trailers. -IFF_ALLMULTI:Receive all multicast packets. -IFF_MASTER:Master of a load balancing bundle. -IFF_SLAVE:Slave of a load balancing bundle. -IFF_MULTICAST:Supports multicast -IFF_PORTSEL:Is able to select media type via ifmap. -IFF_AUTOMEDIA:Auto media selection active. -IFF_DYNAMIC:T{ -The addresses are lost when the interface goes down. -T} -IFF_LOWER_UP:Driver signals L1 up (since Linux 2.6.17) -IFF_DORMANT:Driver signals dormant (since Linux 2.6.17) -IFF_ECHO:Echo sent packets (since Linux 2.6.25) -.TE -.ad -.P -Setting the active flag word is a privileged operation, but any -process may read it. -.TP -.B SIOCGIFPFLAGS -.TQ -.B SIOCSIFPFLAGS -Get or set extended (private) flags for the device. -.I ifr_flags -contains a bit mask of the following values: -.TS -tab(:); -c s -l l. -Private flags -IFF_802_1Q_VLAN:Interface is 802.1Q VLAN device. -IFF_EBRIDGE:Interface is Ethernet bridging device. -IFF_SLAVE_INACTIVE:Interface is inactive bonding slave. -IFF_MASTER_8023AD:Interface is 802.3ad bonding master. -IFF_MASTER_ALB:Interface is balanced-alb bonding master. -IFF_BONDING:Interface is a bonding master or slave. -IFF_SLAVE_NEEDARP:Interface needs ARPs for validation. -IFF_ISATAP:Interface is RFC4214 ISATAP interface. -.TE -.P -Setting the extended (private) interface flags is a privileged operation. -.TP -.B SIOCGIFADDR -.TQ -.B SIOCSIFADDR -.TQ -.B SIOCDIFADDR -Get, set, or delete the address of the device using -.IR ifr_addr , -or -.I ifr6_addr -with -.IR ifr6_prefixlen . -Setting or deleting the interface address is a privileged operation. -For compatibility, -.B SIOCGIFADDR -returns only -.B AF_INET -addresses, -.B SIOCSIFADDR -accepts -.B AF_INET -and -.B AF_INET6 -addresses, and -.B SIOCDIFADDR -deletes only -.B AF_INET6 -addresses. -A -.B AF_INET -address can be deleted by setting it to zero via -.BR SIOCSIFADDR . -.TP -.B SIOCGIFDSTADDR -.TQ -.B SIOCSIFDSTADDR -Get or set the destination address of a point-to-point device using -.IR ifr_dstaddr . -For compatibility, only -.B AF_INET -addresses are accepted or returned. -Setting the destination address is a privileged operation. -.TP -.B SIOCGIFBRDADDR -.TQ -.B SIOCSIFBRDADDR -Get or set the broadcast address for a device using -.IR ifr_brdaddr . -For compatibility, only -.B AF_INET -addresses are accepted or returned. -Setting the broadcast address is a privileged operation. -.TP -.B SIOCGIFNETMASK -.TQ -.B SIOCSIFNETMASK -Get or set the network mask for a device using -.IR ifr_netmask . -For compatibility, only -.B AF_INET -addresses are accepted or returned. -Setting the network mask is a privileged operation. -.TP -.B SIOCGIFMETRIC -.TQ -.B SIOCSIFMETRIC -Get or set the metric of the device using -.IR ifr_metric . -This is currently not implemented; it sets -.I ifr_metric -to 0 if you attempt to read it and returns -.B EOPNOTSUPP -if you attempt to set it. -.TP -.B SIOCGIFMTU -.TQ -.B SIOCSIFMTU -Get or set the MTU (Maximum Transfer Unit) of a device using -.IR ifr_mtu . -Setting the MTU is a privileged operation. -Setting the MTU to -too small values may cause kernel crashes. -.TP -.B SIOCGIFHWADDR -.TQ -.B SIOCSIFHWADDR -Get or set the hardware address of a device using -.IR ifr_hwaddr . -The hardware address is specified in a struct -.IR sockaddr . -.I sa_family -contains the ARPHRD_* device type, -.I sa_data -the L2 hardware address starting from byte 0. -Setting the hardware address is a privileged operation. -.TP -.B SIOCSIFHWBROADCAST -Set the hardware broadcast address of a device from -.IR ifr_hwaddr . -This is a privileged operation. -.TP -.B SIOCGIFMAP -.TQ -.B SIOCSIFMAP -Get or set the interface's hardware parameters using -.IR ifr_map . -Setting the parameters is a privileged operation. -.IP -.in +4n -.EX -struct ifmap { - unsigned long mem_start; - unsigned long mem_end; - unsigned short base_addr; - unsigned char irq; - unsigned char dma; - unsigned char port; -}; -.EE -.in -.IP -The interpretation of the ifmap structure depends on the device driver -and the architecture. -.TP -.B SIOCADDMULTI -.TQ -.B SIOCDELMULTI -Add an address to or delete an address from the device's link layer -multicast filters using -.IR ifr_hwaddr . -These are privileged operations. -See also -.BR packet (7) -for an alternative. -.TP -.B SIOCGIFTXQLEN -.TQ -.B SIOCSIFTXQLEN -Get or set the transmit queue length of a device using -.IR ifr_qlen . -Setting the transmit queue length is a privileged operation. -.TP -.B SIOCSIFNAME -Changes the name of the interface specified in -.I ifr_name -to -.IR ifr_newname . -This is a privileged operation. -It is allowed only when the interface -is not up. -.TP -.B SIOCGIFCONF -Return a list of interface (network layer) addresses. -This currently -means only addresses of the -.B AF_INET -(IPv4) family for compatibility. -Unlike the others, this ioctl passes an -.I ifconf -structure: -.IP -.in +4n -.EX -struct ifconf { - int ifc_len; /* size of buffer */ - union { - char *ifc_buf; /* buffer address */ - struct ifreq *ifc_req; /* array of structures */ - }; -}; -.EE -.in -.IP -If -.I ifc_req -is NULL, -.B SIOCGIFCONF -returns the necessary buffer size in bytes -for receiving all available addresses in -.IR ifc_len . -Otherwise, -.I ifc_req -contains a pointer to an array of -.I ifreq -structures to be filled with all currently active L3 interface addresses. -.I ifc_len -contains the size of the array in bytes. -Within each -.I ifreq -structure, -.I ifr_name -will receive the interface name, and -.I ifr_addr -the address. -The actual number of bytes transferred is returned in -.IR ifc_len . -.IP -If the size specified by -.I ifc_len -is insufficient to store all the addresses, -the kernel will skip the exceeding ones and return success. -There is no reliable way of detecting this condition once it has occurred. -It is therefore recommended to either determine the necessary buffer size -beforehand by calling -.B SIOCGIFCONF -with -.I ifc_req -set to NULL, or to retry the call with a bigger buffer whenever -.I ifc_len -upon return differs by less than -.I sizeof(struct ifreq) -from its original value. -.IP -If an error occurs accessing the -.I ifconf -or -.I ifreq -structures, -.B EFAULT -will be returned. -.\" Slaving isn't supported in Linux 2.2 -.\" . -.\" .TP -.\" .B SIOCGIFSLAVE -.\" .TQ -.\" .B SIOCSIFSLAVE -.\" Get or set the slave device using -.\" .IR ifr_slave . -.\" Setting the slave device is a privileged operation. -.\" .P -.\" FIXME . add amateur radio stuff. -.P -Most protocols support their own ioctls to configure protocol-specific -interface options. -See the protocol man pages for a description. -For configuring IP addresses, see -.BR ip (7). -.P -In addition, some devices support private ioctls. -These are not described here. -.SH NOTES -.B SIOCGIFCONF -and the other ioctls that accept or return only -.B AF_INET -socket addresses -are IP-specific and perhaps should rather be documented in -.BR ip (7). -.P -The names of interfaces with no addresses or that don't have the -.B IFF_RUNNING -flag set can be found via -.IR /proc/net/dev . -.P -.B AF_INET6 -IPv6 addresses can be read from -.I /proc/net/if_inet6 -or via -.BR rtnetlink (7). -Adding a new IPv6 address and deleting an existing IPv6 address -can be done via -.B SIOCSIFADDR -and -.B SIOCDIFADDR -or via -.BR rtnetlink (7). -Retrieving or changing destination IPv6 addresses of a point-to-point -interface is possible only via -.BR rtnetlink (7). -.SH BUGS -glibc 2.1 is missing the -.I ifr_newname -macro in -.IR . -Add the following to your program as a workaround: -.P -.in +4n -.EX -#ifndef ifr_newname -#define ifr_newname ifr_ifru.ifru_slave -#endif -.EE -.in -.SH SEE ALSO -.BR proc (5), -.BR capabilities (7), -.BR ip (7), -.BR rtnetlink (7) diff --git a/man7/netlink.7 b/man7/netlink.7 deleted file mode 100644 index e0e14f4..0000000 --- a/man7/netlink.7 +++ /dev/null @@ -1,611 +0,0 @@ -'\" t -.\" This man page is Copyright (c) 1998 by Andi Kleen. -.\" -.\" SPDX-License-Identifier: GPL-1.0-or-later -.\" -.\" Based on the original comments from Alexey Kuznetsov -.\" Modified 2005-12-27 by Hasso Tepper -.\" $Id: netlink.7,v 1.8 2000/06/22 13:23:00 ak Exp $ -.TH netlink 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -netlink \- communication between kernel and user space (AF_NETLINK) -.SH SYNOPSIS -.nf -.B #include -.B #include -.B #include -.P -.BI "netlink_socket = socket(AF_NETLINK, " socket_type ", " netlink_family ); -.fi -.SH DESCRIPTION -Netlink is used to transfer information between the kernel and -user-space processes. -It consists of a standard sockets-based interface for user space -processes and an internal kernel API for kernel modules. -The internal kernel interface is not documented in this manual page. -There is also an obsolete netlink interface -via netlink character devices; this interface is not documented here -and is provided only for backward compatibility. -.P -Netlink is a datagram-oriented service. -Both -.B SOCK_RAW -and -.B SOCK_DGRAM -are valid values for -.IR socket_type . -However, the netlink protocol does not distinguish between datagram -and raw sockets. -.P -.I netlink_family -selects the kernel module or netlink group to communicate with. -The currently assigned netlink families are: -.TP -.B NETLINK_ROUTE -Receives routing and link updates and may be used to modify the routing -tables (both IPv4 and IPv6), IP addresses, link parameters, -neighbor setups, queueing disciplines, traffic classes, and -packet classifiers (see -.BR rtnetlink (7)). -.TP -.BR NETLINK_W1 " (Linux 2.6.13 to Linux 2.16.17)" -Messages from 1-wire subsystem. -.TP -.B NETLINK_USERSOCK -Reserved for user-mode socket protocols. -.TP -.BR NETLINK_FIREWALL " (up to and including Linux 3.4)" -.\" removed by commit d16cf20e2f2f13411eece7f7fb72c17d141c4a84 -Transport IPv4 packets from netfilter to user space. -Used by -.I ip_queue -kernel module. -After a long period of being declared obsolete (in favor of the more advanced -.I nfnetlink_queue -feature), -.B NETLINK_FIREWALL -was removed in Linux 3.5. -.TP -.BR NETLINK_SOCK_DIAG " (since Linux 3.3)" -.\" commit 7f1fb60c4fc9fb29fbb406ac8c4cfb4e59e168d6 -Query information about sockets of various protocol families from the kernel -(see -.BR sock_diag (7)). -.TP -.BR NETLINK_INET_DIAG " (since Linux 2.6.14)" -An obsolete synonym for -.BR NETLINK_SOCK_DIAG . -.TP -.BR NETLINK_NFLOG " (up to and including Linux 3.16)" -Netfilter/iptables ULOG. -.TP -.B NETLINK_XFRM -.\" FIXME More details on NETLINK_XFRM needed. -IPsec. -.TP -.BR NETLINK_SELINUX " (since Linux 2.6.4)" -SELinux event notifications. -.TP -.BR NETLINK_ISCSI " (since Linux 2.6.15)" -.\" FIXME More details on NETLINK_ISCSI needed. -Open-iSCSI. -.TP -.BR NETLINK_AUDIT " (since Linux 2.6.6)" -.\" FIXME More details on NETLINK_AUDIT needed. -Auditing. -.TP -.BR NETLINK_FIB_LOOKUP " (since Linux 2.6.13)" -.\" FIXME More details on NETLINK_FIB_LOOKUP needed. -Access to FIB lookup from user space. -.TP -.BR NETLINK_CONNECTOR " (since Linux 2.6.14)" -Kernel connector. -See -.I Documentation/driver\-api/connector.rst -(or -.I /Documentation/connector/connector.* -.\" commit baa293e9544bea71361950d071579f0e4d5713ed -in Linux 5.2 and earlier) -in the Linux kernel source tree for further information. -.TP -.BR NETLINK_NETFILTER " (since Linux 2.6.14)" -.\" FIXME More details on NETLINK_NETFILTER needed. -Netfilter subsystem. -.TP -.BR NETLINK_SCSITRANSPORT " (since Linux 2.6.19)" -.\" commit 84314fd4740ad73550c76dee4a9578979d84af48 -.\" FIXME More details on NETLINK_SCSITRANSPORT needed. -SCSI Transports. -.TP -.BR NETLINK_RDMA " (since Linux 3.0)" -.\" commit b2cbae2c248776d81cc265ff7d48405b6a4cc463 -.\" FIXME More details on NETLINK_RDMA needed. -Infiniband RDMA. -.TP -.BR NETLINK_IP6_FW " (up to and including Linux 3.4)" -Transport IPv6 packets from netfilter to user space. -Used by -.I ip6_queue -kernel module. -.TP -.B NETLINK_DNRTMSG -DECnet routing messages. -.TP -.BR NETLINK_KOBJECT_UEVENT " (since Linux 2.6.10)" -.\" FIXME More details on NETLINK_KOBJECT_UEVENT needed. -Kernel messages to user space. -.TP -.BR NETLINK_GENERIC " (since Linux 2.6.15)" -Generic netlink family for simplified netlink usage. -.TP -.BR NETLINK_CRYPTO " (since Linux 3.2)" -.\" commit a38f7907b926e4c6c7d389ad96cc38cec2e5a9e9 -.\" Author: Steffen Klassert -Netlink interface to request information about ciphers registered -with the kernel crypto API as well as allow configuration of the -kernel crypto API. -.P -Netlink messages consist of a byte stream with one or multiple -.I nlmsghdr -headers and associated payload. -The byte stream should be accessed only with the standard -.B NLMSG_* -macros. -See -.BR netlink (3) -for further information. -.P -In multipart messages (multiple -.I nlmsghdr -headers with associated payload in one byte stream) the first and all -following headers have the -.B NLM_F_MULTI -flag set, except for the last header which has the type -.BR NLMSG_DONE . -.P -After each -.I nlmsghdr -the payload follows. -.P -.in +4n -.EX -struct nlmsghdr { - __u32 nlmsg_len; /* Length of message including header */ - __u16 nlmsg_type; /* Type of message content */ - __u16 nlmsg_flags; /* Additional flags */ - __u32 nlmsg_seq; /* Sequence number */ - __u32 nlmsg_pid; /* Sender port ID */ -}; -.EE -.in -.P -.I nlmsg_type -can be one of the standard message types: -.B NLMSG_NOOP -message is to be ignored, -.B NLMSG_ERROR -message signals an error and the payload contains an -.I nlmsgerr -structure, -.B NLMSG_DONE -message terminates a multipart message. -Error messages get the -original request appended, unless the user requests to cap the -error message, and get extra error data if requested. -.P -.in +4n -.EX -struct nlmsgerr { - int error; /* Negative errno or 0 for acknowledgements */ - struct nlmsghdr msg; /* Message header that caused the error */ - /* - * followed by the message contents - * unless NETLINK_CAP_ACK was set - * or the ACK indicates success (error == 0). - * For example Generic Netlink message with attributes. - * message length is aligned with NLMSG_ALIGN() - */ - /* - * followed by TLVs defined in enum nlmsgerr_attrs - * if NETLINK_EXT_ACK was set - */ -}; -.EE -.in -.P -A netlink family usually specifies more message types, see the -appropriate manual pages for that, for example, -.BR rtnetlink (7) -for -.BR NETLINK_ROUTE . -.TS -tab(:); -l s -lB lx. -Standard flag bits in \fInlmsg_flags\fP -_ -NLM_F_REQUEST:T{ -Must be set on all request messages. -T} -NLM_F_MULTI:T{ -The message is part of a multipart message terminated by -.BR NLMSG_DONE . -T} -NLM_F_ACK:T{ -Request for an acknowledgement on success. -T} -NLM_F_ECHO:T{ -Echo this request. -T} -.TE -.\" No right adjustment for text blocks in tables -.TS -tab(:); -l s -lB lx. -Additional flag bits for GET requests -_ -NLM_F_ROOT:T{ -Return the complete table instead of a single entry. -T} -NLM_F_MATCH:T{ -Return all entries matching criteria passed in message content. -Not implemented yet. -T} -NLM_F_ATOMIC:T{ -Return an atomic snapshot of the table. -T} -NLM_F_DUMP:T{ -Convenience macro; equivalent to -(NLM_F_ROOT|NLM_F_MATCH). -T} -.TE -.\" FIXME NLM_F_ATOMIC is not used anymore? -.P -Note that -.B NLM_F_ATOMIC -requires the -.B CAP_NET_ADMIN -capability or an effective UID of 0. -.TS -tab(:); -l s -lB lx. -Additional flag bits for NEW requests -_ -NLM_F_REPLACE:T{ -Replace existing matching object. -T} -NLM_F_EXCL:T{ -Don't replace if the object already exists. -T} -NLM_F_CREATE:T{ -Create object if it doesn't already exist. -T} -NLM_F_APPEND:T{ -Add to the end of the object list. -T} -.TE -.P -.I nlmsg_seq -and -.I nlmsg_pid -are used to track messages. -.I nlmsg_pid -shows the origin of the message. -Note that there isn't a 1:1 relationship between -.I nlmsg_pid -and the PID of the process if the message originated from a netlink -socket. -See the -.B ADDRESS FORMATS -section for further information. -.P -Both -.I nlmsg_seq -and -.I nlmsg_pid -.\" FIXME Explain more about nlmsg_seq and nlmsg_pid. -are opaque to netlink core. -.P -Netlink is not a reliable protocol. -It tries its best to deliver a message to its destination(s), -but may drop messages when an out-of-memory condition or -other error occurs. -For reliable transfer the sender can request an -acknowledgement from the receiver by setting the -.B NLM_F_ACK -flag. -An acknowledgement is an -.B NLMSG_ERROR -packet with the error field set to 0. -The application must generate acknowledgements for -received messages itself. -The kernel tries to send an -.B NLMSG_ERROR -message for every failed packet. -A user process should follow this convention too. -.P -However, reliable transmissions from kernel to user are impossible -in any case. -The kernel can't send a netlink message if the socket buffer is full: -the message will be dropped and the kernel and the user-space process will -no longer have the same view of kernel state. -It is up to the application to detect when this happens (via the -.B ENOBUFS -error returned by -.BR recvmsg (2)) -and resynchronize. -.SS Address formats -The -.I sockaddr_nl -structure describes a netlink client in user space or in the kernel. -A -.I sockaddr_nl -can be either unicast (only sent to one peer) or sent to -netlink multicast groups -.RI ( nl_groups -not equal 0). -.P -.in +4n -.EX -struct sockaddr_nl { - sa_family_t nl_family; /* AF_NETLINK */ - unsigned short nl_pad; /* Zero */ - pid_t nl_pid; /* Port ID */ - __u32 nl_groups; /* Multicast groups mask */ -}; -.EE -.in -.P -.I nl_pid -is the unicast address of netlink socket. -It's always 0 if the destination is in the kernel. -For a user-space process, -.I nl_pid -is usually the PID of the process owning the destination socket. -However, -.I nl_pid -identifies a netlink socket, not a process. -If a process owns several netlink -sockets, then -.I nl_pid -can be equal to the process ID only for at most one socket. -There are two ways to assign -.I nl_pid -to a netlink socket. -If the application sets -.I nl_pid -before calling -.BR bind (2), -then it is up to the application to make sure that -.I nl_pid -is unique. -If the application sets it to 0, the kernel takes care of assigning it. -The kernel assigns the process ID to the first netlink socket the process -opens and assigns a unique -.I nl_pid -to every netlink socket that the process subsequently creates. -.P -.I nl_groups -is a bit mask with every bit representing a netlink group number. -Each netlink family has a set of 32 multicast groups. -When -.BR bind (2) -is called on the socket, the -.I nl_groups -field in the -.I sockaddr_nl -should be set to a bit mask of the groups which it wishes to listen to. -The default value for this field is zero which means that no multicasts -will be received. -A socket may multicast messages to any of the multicast groups by setting -.I nl_groups -to a bit mask of the groups it wishes to send to when it calls -.BR sendmsg (2) -or does a -.BR connect (2). -Only processes with an effective UID of 0 or the -.B CAP_NET_ADMIN -capability may send or listen to a netlink multicast group. -Since Linux 2.6.13, -.\" commit d629b836d151d43332492651dd841d32e57ebe3b -messages can't be broadcast to multiple groups. -Any replies to a message received for a multicast group should be -sent back to the sending PID and the multicast group. -Some Linux kernel subsystems may additionally allow other users -to send and/or receive messages. -As at Linux 3.0, the -.BR NETLINK_KOBJECT_UEVENT , -.BR NETLINK_GENERIC , -.BR NETLINK_ROUTE , -and -.B NETLINK_SELINUX -groups allow other users to receive messages. -No groups allow other users to send messages. -.SS Socket options -To set or get a netlink socket option, call -.BR getsockopt (2) -to read or -.BR setsockopt (2) -to write the option with the option level argument set to -.BR SOL_NETLINK . -Unless otherwise noted, -.I optval -is a pointer to an -.IR int . -.TP -.BR NETLINK_PKTINFO " (since Linux 2.6.14)" -.\" commit 9a4595bc7e67962f13232ee55a64e063062c3a99 -.\" Author: Patrick McHardy -Enable -.B nl_pktinfo -control messages for received packets to get the extended -destination group number. -.TP -.B NETLINK_ADD_MEMBERSHIP -.TQ -.BR NETLINK_DROP_MEMBERSHIP " (since Linux 2.6.14)" -.\" commit 9a4595bc7e67962f13232ee55a64e063062c3a99 -.\" Author: Patrick McHardy -Join/leave a group specified by -.IR optval . -.TP -.BR NETLINK_LIST_MEMBERSHIPS " (since Linux 4.2)" -.\" commit b42be38b2778eda2237fc759e55e3b698b05b315 -.\" Author: David Herrmann -Retrieve all groups a socket is a member of. -.I optval -is a pointer to -.B __u32 -and -.I optlen -is the size of the array. -The array is filled with the full membership set of the -socket, and the required array size is returned in -.IR optlen . -.TP -.BR NETLINK_BROADCAST_ERROR " (since Linux 2.6.30)" -.\" commit be0c22a46cfb79ab2342bb28fde99afa94ef868e -.\" Author: Pablo Neira Ayuso -When not set, -.B netlink_broadcast() -only reports -.B ESRCH -errors and silently ignore -.B ENOBUFS -errors. -.TP -.BR NETLINK_NO_ENOBUFS " (since Linux 2.6.30)" -.\" commit 38938bfe3489394e2eed5e40c9bb8f66a2ce1405 -.\" Author: Pablo Neira Ayuso -This flag can be used by unicast and broadcast listeners to avoid receiving -.B ENOBUFS -errors. -.TP -.BR NETLINK_LISTEN_ALL_NSID " (since Linux 4.2)" -.\" commit 59324cf35aba5336b611074028777838a963d03b -.\" Author: Nicolas Dichtel -When set, this socket will receive netlink notifications from -all network namespaces that have an -.I nsid -assigned into the network namespace where the socket has been opened. -The -.I nsid -is sent to user space via an ancillary data. -.TP -.BR NETLINK_CAP_ACK " (since Linux 4.3)" -.\" commit 0a6a3a23ea6efde079a5b77688541a98bf202721 -.\" Author: Christophe Ricard -The kernel may fail to allocate the necessary room for the acknowledgement -message back to user space. -This option trims off the payload of the original netlink message. -The netlink message header is still included, so the user can guess from the -sequence number which message triggered the acknowledgement. -.SH VERSIONS -The socket interface to netlink first appeared Linux 2.2. -.P -Linux 2.0 supported a more primitive device-based netlink interface -(which is still available as a compatibility option). -This obsolete interface is not described here. -.SH NOTES -It is often better to use netlink via -.I libnetlink -or -.I libnl -than via the low-level kernel interface. -.SH BUGS -This manual page is not complete. -.SH EXAMPLES -The following example creates a -.B NETLINK_ROUTE -netlink socket which will listen to the -.B RTMGRP_LINK -(network interface create/delete/up/down events) and -.B RTMGRP_IPV4_IFADDR -(IPv4 addresses add/delete events) multicast groups. -.P -.in +4n -.EX -struct sockaddr_nl sa; -\& -memset(&sa, 0, sizeof(sa)); -sa.nl_family = AF_NETLINK; -sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR; -\& -fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); -bind(fd, (struct sockaddr *) &sa, sizeof(sa)); -.EE -.in -.P -The next example demonstrates how to send a netlink message to the -kernel (pid 0). -Note that the application must take care of message sequence numbers -in order to reliably track acknowledgements. -.P -.in +4n -.EX -struct nlmsghdr *nh; /* The nlmsghdr with payload to send */ -struct sockaddr_nl sa; -struct iovec iov = { nh, nh\->nlmsg_len }; -struct msghdr msg; -\& -msg = { &sa, sizeof(sa), &iov, 1, NULL, 0, 0 }; -memset(&sa, 0, sizeof(sa)); -sa.nl_family = AF_NETLINK; -nh\->nlmsg_pid = 0; -nh\->nlmsg_seq = ++sequence_number; -/* Request an ack from kernel by setting NLM_F_ACK */ -nh\->nlmsg_flags |= NLM_F_ACK; -\& -sendmsg(fd, &msg, 0); -.EE -.in -.P -And the last example is about reading netlink message. -.P -.in +4n -.EX -int len; -/* 8192 to avoid message truncation on platforms with - page size > 4096 */ -struct nlmsghdr buf[8192/sizeof(struct nlmsghdr)]; -struct iovec iov = { buf, sizeof(buf) }; -struct sockaddr_nl sa; -struct msghdr msg; -struct nlmsghdr *nh; -\& -msg = { &sa, sizeof(sa), &iov, 1, NULL, 0, 0 }; -len = recvmsg(fd, &msg, 0); -\& -for (nh = (struct nlmsghdr *) buf; NLMSG_OK (nh, len); - nh = NLMSG_NEXT (nh, len)) { - /* The end of multipart message */ - if (nh\->nlmsg_type == NLMSG_DONE) - return; -\& - if (nh\->nlmsg_type == NLMSG_ERROR) - /* Do some error handling */ - ... -\& - /* Continue with parsing payload */ - ... -} -.EE -.in -.SH SEE ALSO -.BR cmsg (3), -.BR netlink (3), -.BR capabilities (7), -.BR rtnetlink (7), -.BR sock_diag (7) -.P -.UR ftp://ftp.inr.ac.ru\:/ip\-routing\:/iproute2* -information about libnetlink -.UE -.P -.UR http://www.infradead.org\:/\[ti]tgr\:/libnl/ -information about libnl -.UE -.P -RFC 3549 "Linux Netlink as an IP Services Protocol" diff --git a/man7/network_namespaces.7 b/man7/network_namespaces.7 deleted file mode 100644 index 06d323f..0000000 --- a/man7/network_namespaces.7 +++ /dev/null @@ -1,62 +0,0 @@ -.\" Copyright (c) 2017 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH network_namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -network_namespaces \- overview of Linux network namespaces -.SH DESCRIPTION -Network namespaces provide isolation of the system resources associated -with networking: network devices, IPv4 and IPv6 protocol stacks, -IP routing tables, firewall rules, the -.I /proc/net -directory (which is a symbolic link to -.IR /proc/ pid /net ), -the -.I /sys/class/net -directory, various files under -.IR /proc/sys/net , -port numbers (sockets), and so on. -In addition, -network namespaces isolate the UNIX domain abstract socket namespace (see -.BR unix (7)). -.P -A physical network device can live in exactly one -network namespace. -When a network namespace is freed -(i.e., when the last process in the namespace terminates), -its physical network devices are moved back to the -initial network namespace -(not to the namespace of the parent of the process). -.P -A virtual network -.RB ( veth (4)) -device pair provides a pipe-like abstraction -that can be used to create tunnels between network namespaces, -and can be used to create a bridge to a physical network device -in another namespace. -When a namespace is freed, the -.BR veth (4) -devices that it contains are destroyed. -.P -Use of network namespaces requires a kernel that is configured with the -.B CONFIG_NET_NS -option. -.\" FIXME .SH EXAMPLES -.SH SEE ALSO -.BR nsenter (1), -.BR unshare (1), -.BR clone (2), -.BR veth (4), -.BR proc (5), -.BR sysfs (5), -.BR namespaces (7), -.BR user_namespaces (7), -.BR brctl (8), -.BR ip (8), -.BR ip\-address (8), -.BR ip\-link (8), -.BR ip\-netns (8), -.BR iptables (8), -.BR ovs\-vsctl (8) diff --git a/man7/nptl.7 b/man7/nptl.7 deleted file mode 100644 index 421ad5f..0000000 --- a/man7/nptl.7 +++ /dev/null @@ -1,112 +0,0 @@ -.\" Copyright (c) 2015 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH nptl 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -nptl \- Native POSIX Threads Library -.SH DESCRIPTION -NPTL (Native POSIX Threads Library) -is the GNU C library POSIX threads implementation that is used on modern -Linux systems. -.\" -.SS NPTL and signals -NPTL makes internal use of the first two real-time signals -(signal numbers 32 and 33). -One of these signals is used to support thread cancelation and POSIX timers -(see -.BR timer_create (2)); -the other is used as part of a mechanism that ensures all threads in -a process always have the same UIDs and GIDs, as required by POSIX. -These signals cannot be used in applications. -.P -To prevent accidental use of these signals in applications, -which might interfere with the operation of the NPTL implementation, -various glibc library functions and system call wrapper functions -attempt to hide these signals from applications, -as follows: -.IP \[bu] 3 -.B SIGRTMIN -is defined with the value 34 (rather than 32). -.IP \[bu] -The -.BR sigwaitinfo (2), -.BR sigtimedwait (2), -and -.BR sigwait (3) -interfaces silently ignore requests to wait for these two signals -if they are specified in the signal set argument of these calls. -.IP \[bu] -The -.BR sigprocmask (2) -and -.BR pthread_sigmask (3) -interfaces silently ignore attempts to block these two signals. -.IP \[bu] -The -.BR sigaction (2), -.BR pthread_kill (3), -and -.BR pthread_sigqueue (3) -interfaces fail with the error -.B EINVAL -(indicating an invalid signal number) if these signals are specified. -.IP \[bu] -.BR sigfillset (3) -does not include these two signals when it creates a full signal set. -.\" -.SS NPTL and process credential changes -At the Linux kernel level, -credentials (user and group IDs) are a per-thread attribute. -However, POSIX requires that all of the POSIX threads in a process -have the same credentials. -To accommodate this requirement, -the NPTL implementation wraps all of the system calls that -change process credentials with functions that, -in addition to invoking the underlying system call, -arrange for all other threads in the process to also change their credentials. -.P -The implementation of each of these system calls involves the use of -a real-time signal that is sent (using -.BR tgkill (2)) -to each of the other threads that must change its credentials. -Before sending these signals, the thread that is changing credentials -saves the new credential(s) and records the system call being employed -in a global buffer. -A signal handler in the receiving thread(s) fetches this information and -then uses the same system call to change its credentials. -.P -Wrapper functions employing this technique are provided for -.BR setgid (2), -.BR setuid (2), -.BR setegid (2), -.BR seteuid (2), -.BR setregid (2), -.BR setreuid (2), -.BR setresgid (2), -.BR setresuid (2), -and -.BR setgroups (2). -.\" FIXME . -.\" Maybe say something about vfork() not being serialized wrt set*id() APIs? -.\" https://sourceware.org/bugzilla/show_bug.cgi?id=14749 -.SH STANDARDS -For details of the conformance of NPTL to the POSIX standard, see -.BR pthreads (7). -.SH NOTES -POSIX says -.\" See POSIX.1-2008 specification of pthread_mutexattr_init() -that any thread in any process with access to the memory -containing a process-shared -.RB ( PTHREAD_PROCESS_SHARED ) -mutex can operate on that mutex. -However, on 64-bit x86 systems, the mutex definition for x86-64 -is incompatible with the mutex definition for i386, -.\" See sysdeps/x86/bits/pthreadtypes.h -meaning that 32-bit and 64-bit binaries can't share mutexes on x86-64 systems. -.SH SEE ALSO -.BR credentials (7), -.BR pthreads (7), -.BR signal (7), -.BR standards (7) diff --git a/man7/numa.7 b/man7/numa.7 deleted file mode 100644 index 0365469..0000000 --- a/man7/numa.7 +++ /dev/null @@ -1,170 +0,0 @@ -.\" Copyright (c) 2008, Linux Foundation, written by Michael Kerrisk -.\" -.\" and Copyright 2003,2004 Andi Kleen, SuSE Labs. -.\" numa_maps material Copyright (c) 2005 Silicon Graphics Incorporated. -.\" Christoph Lameter, . -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH numa 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -numa \- overview of Non-Uniform Memory Architecture -.SH DESCRIPTION -Non-Uniform Memory Access (NUMA) refers to multiprocessor systems -whose memory is divided into multiple memory nodes. -The access time of a memory node depends on -the relative locations of the accessing CPU and the accessed node. -(This contrasts with a symmetric multiprocessor system, -where the access time for all of the memory is the same for all CPUs.) -Normally, each CPU on a NUMA system has a local memory node whose -contents can be accessed faster than the memory in -the node local to another CPU -or the memory on a bus shared by all CPUs. -.SS NUMA system calls -The Linux kernel implements the following NUMA-related system calls: -.BR get_mempolicy (2), -.BR mbind (2), -.BR migrate_pages (2), -.BR move_pages (2), -and -.BR set_mempolicy (2). -However, applications should normally use the interface provided by -.IR libnuma ; -see "Library Support" below. -.SS \fI/proc/\fPpid\fI/numa_maps\fP (since Linux 2.6.14) -.\" See also Changelog-2.6.14 -This file displays information about a process's -NUMA memory policy and allocation. -.P -Each line contains information about a memory range used by the process, -displaying\[em]among other information\[em]the effective memory policy for -that memory range and on which nodes the pages have been allocated. -.P -.I numa_maps -is a read-only file. -When -.IR /proc/ pid /numa_maps -is read, the kernel will scan the virtual address space of the -process and report how memory is used. -One line is displayed for each unique memory range of the process. -.P -The first field of each line shows the starting address of the memory range. -This field allows a correlation with the contents of the -.IR /proc/ pid /maps -file, -which contains the end address of the range and other information, -such as the access permissions and sharing. -.P -The second field shows the memory policy currently in effect for the -memory range. -Note that the effective policy is not necessarily the policy -installed by the process for that memory range. -Specifically, if the process installed a "default" policy for that range, -the effective policy for that range will be the process policy, -which may or may not be "default". -.P -The rest of the line contains information about the pages allocated in -the memory range, as follows: -.TP -.I N= -The number of pages allocated on -.IR . -.I -includes only pages currently mapped by the process. -Page migration and memory reclaim may have temporarily unmapped pages -associated with this memory range. -These pages may show up again only after the process has -attempted to reference them. -If the memory range represents a shared memory area or file mapping, -other processes may currently have additional pages mapped in a -corresponding memory range. -.TP -.I file= -The file backing the memory range. -If the file is mapped as private, write accesses may have generated -COW (Copy-On-Write) pages in this memory range. -These pages are displayed as anonymous pages. -.TP -.I heap -Memory range is used for the heap. -.TP -.I stack -Memory range is used for the stack. -.TP -.I huge -Huge memory range. -The page counts shown are huge pages and not regular sized pages. -.TP -.I anon= -The number of anonymous page in the range. -.TP -.I dirty= -Number of dirty pages. -.TP -.I mapped= -Total number of mapped pages, if different from -.I dirty -and -.I anon -pages. -.TP -.I mapmax= -Maximum mapcount (number of processes mapping a single page) encountered -during the scan. -This may be used as an indicator of the degree of sharing occurring in a -given memory range. -.TP -.I swapcache= -Number of pages that have an associated entry on a swap device. -.TP -.I active= -The number of pages on the active list. -This field is shown only if different from the number of pages in this range. -This means that some inactive pages exist in the memory range that may be -removed from memory by the swapper soon. -.TP -.I writeback= -Number of pages that are currently being written out to disk. -.SH STANDARDS -None. -.SH NOTES -The Linux NUMA system calls and -.I /proc -interface are available only -if the kernel was configured and built with the -.B CONFIG_NUMA -option. -.SS Library support -Link with \fI\-lnuma\fP -to get the system call definitions. -.I libnuma -and the required -.I -header are available in the -.I numactl -package. -.P -However, applications should not use these system calls directly. -Instead, the higher level interface provided by the -.BR numa (3) -functions in the -.I numactl -package is recommended. -The -.I numactl -package is available at -.UR ftp://oss.sgi.com\:/www\:/projects\:/libnuma\:/download/ -.UE . -The package is also included in some Linux distributions. -Some distributions include the development library and header -in the separate -.I numactl\-devel -package. -.SH SEE ALSO -.BR get_mempolicy (2), -.BR mbind (2), -.BR move_pages (2), -.BR set_mempolicy (2), -.BR numa (3), -.BR cpuset (7), -.BR numactl (8) diff --git a/man7/operator.7 b/man7/operator.7 deleted file mode 100644 index 047041e..0000000 --- a/man7/operator.7 +++ /dev/null @@ -1,54 +0,0 @@ -'\" t -.\" Copyright (c) 1989, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" SPDX-License-Identifier: BSD-3-Clause -.\" -.\" @(#)operator.7 8.1 (Berkeley) 6/9/93 -.\" -.\" Copied shamelessly from FreeBSD with minor changes. 2003-05-21 -.\" Brian M. Carlson -.\" -.\" Restored automatic formatting from FreeBSD. 2003-08-24 -.\" Martin Schulze -.\" -.\" 2007-12-08, mtk, Converted from mdoc to man macros -.\" -.TH operator 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -operator \- C operator precedence and order of evaluation -.SH DESCRIPTION -This manual page lists C operators and their precedence in evaluation. -.P -.TS -lb lb lb -l l l. -Operator Associativity Notes -[] () . \-> ++ \-\- left to right [1] -++ \-\- & * + \- \[ti] ! sizeof right to left [2] -(type) right to left -* / % left to right -+ \- left to right -<< >> left to right -< > <= >= left to right -== != left to right -& left to right -\[ha] left to right -| left to right -&& left to right -|| left to right -?: right to left -= *= /= %= += \-= <<= >>= &= \[ha]= |= right to left -, left to right -.TE -.P -The following notes provide further information to the above table: -.P -.PD 0 -.IP [1] 5 -The ++ and \-\- operators at this precedence level are -the postfix flavors of the operators. -.IP [2] -The ++ and \-\- operators at this precedence level are -the prefix flavors of the operators. -.PD diff --git a/man7/packet.7 b/man7/packet.7 deleted file mode 100644 index 5d9d0cf..0000000 --- a/man7/packet.7 +++ /dev/null @@ -1,694 +0,0 @@ -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" -.\" $Id: packet.7,v 1.13 2000/08/14 08:03:45 ak Exp $ -.\" -.TH packet 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -packet \- packet interface on device level -.SH SYNOPSIS -.nf -.B #include -.B #include -.B #include /* the L2 protocols */ -.P -.BI "packet_socket = socket(AF_PACKET, int " socket_type ", int "protocol ); -.fi -.SH DESCRIPTION -Packet sockets are used to receive or send raw packets at the device driver -(OSI Layer 2) level. -They allow the user to implement protocol modules in user space -on top of the physical layer. -.P -The -.I socket_type -is either -.B SOCK_RAW -for raw packets including the link-level header or -.B SOCK_DGRAM -for cooked packets with the link-level header removed. -The link-level header information is available in a common format in a -.I sockaddr_ll -structure. -.I protocol -is the IEEE 802.3 protocol number in network byte order. -See the -.I -include file for a list of allowed protocols. -When protocol -is set to -.BR htons(ETH_P_ALL) , -then all protocols are received. -All incoming packets of that protocol type will be passed to the packet -socket before they are passed to the protocols implemented in the kernel. -If -.I protocol -is set to zero, -no packets are received. -.BR bind (2) -can optionally be called with a nonzero -.I sll_protocol -to start receiving packets for the protocols specified. -.P -In order to create a packet socket, a process must have the -.B CAP_NET_RAW -capability in the user namespace that governs its network namespace. -.P -.B SOCK_RAW -packets are passed to and from the device driver without any changes in -the packet data. -When receiving a packet, the address is still parsed and -passed in a standard -.I sockaddr_ll -address structure. -When transmitting a packet, the user-supplied buffer -should contain the physical-layer header. -That packet is then -queued unmodified to the network driver of the interface defined by the -destination address. -Some device drivers always add other headers. -.B SOCK_RAW -is similar to but not compatible with the obsolete -.B AF_INET/SOCK_PACKET -of Linux 2.0. -.P -.B SOCK_DGRAM -operates on a slightly higher level. -The physical header is removed before the packet is passed to the user. -Packets sent through a -.B SOCK_DGRAM -packet socket get a suitable physical-layer header based on the -information in the -.I sockaddr_ll -destination address before they are queued. -.P -By default, all packets of the specified protocol type -are passed to a packet socket. -To get packets only from a specific interface use -.BR bind (2) -specifying an address in a -.I struct sockaddr_ll -to bind the packet socket to an interface. -Fields used for binding are -.I sll_family -(should be -.BR AF_PACKET ), -.IR sll_protocol , -and -.IR sll_ifindex . -.P -The -.BR connect (2) -operation is not supported on packet sockets. -.P -When the -.B MSG_TRUNC -flag is passed to -.BR recvmsg (2), -.BR recv (2), -or -.BR recvfrom (2), -the real length of the packet on the wire is always returned, -even when it is longer than the buffer. -.SS Address types -The -.I sockaddr_ll -structure is a device-independent physical-layer address. -.P -.in +4n -.EX -struct sockaddr_ll { - unsigned short sll_family; /* Always AF_PACKET */ - unsigned short sll_protocol; /* Physical\-layer protocol */ - int sll_ifindex; /* Interface number */ - unsigned short sll_hatype; /* ARP hardware type */ - unsigned char sll_pkttype; /* Packet type */ - unsigned char sll_halen; /* Length of address */ - unsigned char sll_addr[8]; /* Physical\-layer address */ -}; -.EE -.in -.P -The fields of this structure are as follows: -.TP -.I sll_protocol -is the standard ethernet protocol type in network byte order as defined -in the -.I -include file. -It defaults to the socket's protocol. -.TP -.I sll_ifindex -is the interface index of the interface -(see -.BR netdevice (7)); -0 matches any interface (only permitted for binding). -.I sll_hatype -is an ARP type as defined in the -.I -include file. -.TP -.I sll_pkttype -contains the packet type. -Valid types are -.B PACKET_HOST -for a packet addressed to the local host, -.B PACKET_BROADCAST -for a physical-layer broadcast packet, -.B PACKET_MULTICAST -for a packet sent to a physical-layer multicast address, -.B PACKET_OTHERHOST -for a packet to some other host that has been caught by a device driver -in promiscuous mode, and -.B PACKET_OUTGOING -for a packet originating from the local host that is looped back to a packet -socket. -These types make sense only for receiving. -.TP -.I sll_addr -.TQ -.I sll_halen -contain the physical-layer (e.g., IEEE 802.3) address and its length. -The exact interpretation depends on the device. -.P -When you send packets, it is enough to specify -.IR sll_family , -.IR sll_addr , -.IR sll_halen , -.IR sll_ifindex , -and -.IR sll_protocol . -The other fields should be 0. -.I sll_hatype -and -.I sll_pkttype -are set on received packets for your information. -.SS Socket options -Packet socket options are configured by calling -.BR setsockopt (2) -with level -.BR SOL_PACKET . -.TP -.B PACKET_ADD_MEMBERSHIP -.PD 0 -.TP -.B PACKET_DROP_MEMBERSHIP -.PD -Packet sockets can be used to configure physical-layer multicasting -and promiscuous mode. -.B PACKET_ADD_MEMBERSHIP -adds a binding and -.B PACKET_DROP_MEMBERSHIP -drops it. -They both expect a -.I packet_mreq -structure as argument: -.IP -.in +4n -.EX -struct packet_mreq { - int mr_ifindex; /* interface index */ - unsigned short mr_type; /* action */ - unsigned short mr_alen; /* address length */ - unsigned char mr_address[8]; /* physical\-layer address */ -}; -.EE -.in -.IP -.I mr_ifindex -contains the interface index for the interface whose status -should be changed. -The -.I mr_type -field specifies which action to perform. -.B PACKET_MR_PROMISC -enables receiving all packets on a shared medium (often known as -"promiscuous mode"), -.B PACKET_MR_MULTICAST -binds the socket to the physical-layer multicast group specified in -.I mr_address -and -.IR mr_alen , -and -.B PACKET_MR_ALLMULTI -sets the socket up to receive all multicast packets arriving at -the interface. -.IP -In addition, the traditional ioctls -.BR SIOCSIFFLAGS , -.BR SIOCADDMULTI , -.B SIOCDELMULTI -can be used for the same purpose. -.TP -.BR PACKET_AUXDATA " (since Linux 2.6.21)" -.\" commit 8dc4194474159660d7f37c495e3fc3f10d0db8cc -If this binary option is enabled, the packet socket passes a metadata -structure along with each packet in the -.BR recvmsg (2) -control field. -The structure can be read with -.BR cmsg (3). -It is defined as -.IP -.in +4n -.EX -struct tpacket_auxdata { - __u32 tp_status; - __u32 tp_len; /* packet length */ - __u32 tp_snaplen; /* captured length */ - __u16 tp_mac; - __u16 tp_net; - __u16 tp_vlan_tci; - __u16 tp_vlan_tpid; /* Since Linux 3.14; earlier, these - were unused padding bytes */ -.\" commit a0cdfcf39362410d5ea983f4daf67b38de129408 added tp_vlan_tpid -}; -.EE -.in -.TP -.BR PACKET_FANOUT " (since Linux 3.1)" -.\" commit dc99f600698dcac69b8f56dda9a8a00d645c5ffc -To scale processing across threads, packet sockets can form a fanout -group. -In this mode, each matching packet is enqueued onto only one -socket in the group. -A socket joins a fanout group by calling -.BR setsockopt (2) -with level -.B SOL_PACKET -and option -.BR PACKET_FANOUT . -Each network namespace can have up to 65536 independent groups. -A socket selects a group by encoding the ID in the first 16 bits of -the integer option value. -The first packet socket to join a group implicitly creates it. -To successfully join an existing group, subsequent packet sockets -must have the same protocol, device settings, fanout mode, and -flags (see below). -Packet sockets can leave a fanout group only by closing the socket. -The group is deleted when the last socket is closed. -.IP -Fanout supports multiple algorithms to spread traffic between sockets, -as follows: -.RS -.IP \[bu] 3 -The default mode, -.BR PACKET_FANOUT_HASH , -sends packets from the same flow to the same socket to maintain -per-flow ordering. -For each packet, it chooses a socket by taking the packet flow hash -modulo the number of sockets in the group, where a flow hash is a hash -over network-layer address and optional transport-layer port fields. -.IP \[bu] -The load-balance mode -.B PACKET_FANOUT_LB -implements a round-robin algorithm. -.IP \[bu] -.B PACKET_FANOUT_CPU -selects the socket based on the CPU that the packet arrived on. -.IP \[bu] -.B PACKET_FANOUT_ROLLOVER -processes all data on a single socket, moving to the next when one -becomes backlogged. -.IP \[bu] -.B PACKET_FANOUT_RND -selects the socket using a pseudo-random number generator. -.IP \[bu] -.B PACKET_FANOUT_QM -.\" commit 2d36097d26b5991d71a2cf4a20c1a158f0f1bfcd -(available since Linux 3.14) -selects the socket using the recorded queue_mapping of the received skb. -.RE -.IP -Fanout modes can take additional options. -IP fragmentation causes packets from the same flow to have different -flow hashes. -The flag -.BR PACKET_FANOUT_FLAG_DEFRAG , -if set, causes packets to be defragmented before fanout is applied, to -preserve order even in this case. -Fanout mode and options are communicated in the second 16 bits of the -integer option value. -The flag -.B PACKET_FANOUT_FLAG_ROLLOVER -enables the roll over mechanism as a backup strategy: if the -original fanout algorithm selects a backlogged socket, the packet -rolls over to the next available one. -.TP -.BR PACKET_LOSS " (with " PACKET_TX_RING ) -When a malformed packet is encountered on a transmit ring, -the default is to reset its -.I tp_status -to -.B TP_STATUS_WRONG_FORMAT -and abort the transmission immediately. -The malformed packet blocks itself and subsequently enqueued packets from -being sent. -The format error must be fixed, the associated -.I tp_status -reset to -.BR TP_STATUS_SEND_REQUEST , -and the transmission process restarted via -.BR send (2). -However, if -.B PACKET_LOSS -is set, any malformed packet will be skipped, its -.I tp_status -reset to -.BR TP_STATUS_AVAILABLE , -and the transmission process continued. -.TP -.BR PACKET_RESERVE " (with " PACKET_RX_RING ) -By default, a packet receive ring writes packets immediately following the -metadata structure and alignment padding. -This integer option reserves additional headroom. -.TP -.B PACKET_RX_RING -Create a memory-mapped ring buffer for asynchronous packet reception. -The packet socket reserves a contiguous region of application address -space, lays it out into an array of packet slots and copies packets -(up to -.IR tp_snaplen ) -into subsequent slots. -Each packet is preceded by a metadata structure similar to -.IR tpacket_auxdata . -The protocol fields encode the offset to the data -from the start of the metadata header. -.I tp_net -stores the offset to the network layer. -If the packet socket is of type -.BR SOCK_DGRAM , -then -.I tp_mac -is the same. -If it is of type -.BR SOCK_RAW , -then that field stores the offset to the link-layer frame. -Packet socket and application communicate the head and tail of the ring -through the -.I tp_status -field. -The packet socket owns all slots with -.I tp_status -equal to -.BR TP_STATUS_KERNEL . -After filling a slot, it changes the status of the slot to transfer -ownership to the application. -During normal operation, the new -.I tp_status -value has at least the -.B TP_STATUS_USER -bit set to signal that a received packet has been stored. -When the application has finished processing a packet, it transfers -ownership of the slot back to the socket by setting -.I tp_status -equal to -.BR TP_STATUS_KERNEL . -.IP -Packet sockets implement multiple variants of the packet ring. -The implementation details are described in -.I Documentation/networking/packet_mmap.rst -in the Linux kernel source tree. -.TP -.B PACKET_STATISTICS -Retrieve packet socket statistics in the form of a structure -.IP -.in +4n -.EX -struct tpacket_stats { - unsigned int tp_packets; /* Total packet count */ - unsigned int tp_drops; /* Dropped packet count */ -}; -.EE -.in -.IP -Receiving statistics resets the internal counters. -The statistics structure differs when using a ring of variant -.BR TPACKET_V3 . -.TP -.BR PACKET_TIMESTAMP " (with " PACKET_RX_RING "; since Linux 2.6.36)" -.\" commit 614f60fa9d73a9e8fdff3df83381907fea7c5649 -The packet receive ring always stores a timestamp in the metadata header. -By default, this is a software generated timestamp generated when the -packet is copied into the ring. -This integer option selects the type of timestamp. -Besides the default, it support the two hardware formats described in -.I Documentation/networking/timestamping.rst -in the Linux kernel source tree. -.TP -.BR PACKET_TX_RING " (since Linux 2.6.31)" -.\" commit 69e3c75f4d541a6eb151b3ef91f34033cb3ad6e1 -Create a memory-mapped ring buffer for packet transmission. -This option is similar to -.B PACKET_RX_RING -and takes the same arguments. -The application writes packets into slots with -.I tp_status -equal to -.B TP_STATUS_AVAILABLE -and schedules them for transmission by changing -.I tp_status -to -.BR TP_STATUS_SEND_REQUEST . -When packets are ready to be transmitted, the application calls -.BR send (2) -or a variant thereof. -The -.I buf -and -.I len -fields of this call are ignored. -If an address is passed using -.BR sendto (2) -or -.BR sendmsg (2), -then that overrides the socket default. -On successful transmission, the socket resets -.I tp_status -to -.BR TP_STATUS_AVAILABLE . -It immediately aborts the transmission on error unless -.B PACKET_LOSS -is set. -.TP -.BR PACKET_VERSION " (with " PACKET_RX_RING "; since Linux 2.6.27)" -.\" commit bbd6ef87c544d88c30e4b762b1b61ef267a7d279 -By default, -.B PACKET_RX_RING -creates a packet receive ring of variant -.BR TPACKET_V1 . -To create another variant, configure the desired variant by setting this -integer option before creating the ring. -.TP -.BR PACKET_QDISC_BYPASS " (since Linux 3.14)" -.\" commit d346a3fae3ff1d99f5d0c819bf86edf9094a26a1 -By default, packets sent through packet sockets pass through the kernel's -qdisc (traffic control) layer, which is fine for the vast majority of use -cases. -For traffic generator appliances using packet sockets -that intend to brute-force flood the network\[em]for example, -to test devices under load in a similar -fashion to pktgen\[em]this layer can be bypassed by setting -this integer option to 1. -A side effect is that packet buffering in the qdisc layer is avoided, -which will lead to increased drops when network -device transmit queues are busy; -therefore, use at your own risk. -.SS Ioctls -.B SIOCGSTAMP -can be used to receive the timestamp of the last received packet. -Argument is a -.I struct timeval -variable. -.\" FIXME Document SIOCGSTAMPNS -.P -In addition, all standard ioctls defined in -.BR netdevice (7) -and -.BR socket (7) -are valid on packet sockets. -.SS Error handling -Packet sockets do no error handling other than errors occurred -while passing the packet to the device driver. -They don't have the concept of a pending error. -.SH ERRORS -.TP -.B EADDRNOTAVAIL -Unknown multicast group address passed. -.TP -.B EFAULT -User passed invalid memory address. -.TP -.B EINVAL -Invalid argument. -.TP -.B EMSGSIZE -Packet is bigger than interface MTU. -.TP -.B ENETDOWN -Interface is not up. -.TP -.B ENOBUFS -Not enough memory to allocate the packet. -.TP -.B ENODEV -Unknown device name or interface index specified in interface address. -.TP -.B ENOENT -No packet received. -.TP -.B ENOTCONN -No interface address passed. -.TP -.B ENXIO -Interface address contained an invalid interface index. -.TP -.B EPERM -User has insufficient privileges to carry out this operation. -.P -In addition, other errors may be generated by the low-level driver. -.SH VERSIONS -.B AF_PACKET -is a new feature in Linux 2.2. -Earlier Linux versions supported only -.BR SOCK_PACKET . -.SH NOTES -For portable programs it is suggested to use -.B AF_PACKET -via -.BR pcap (3); -although this covers only a subset of the -.B AF_PACKET -features. -.P -The -.B SOCK_DGRAM -packet sockets make no attempt to create or parse the IEEE 802.2 LLC -header for a IEEE 802.3 frame. -When -.B ETH_P_802_3 -is specified as protocol for sending the kernel creates the -802.3 frame and fills out the length field; the user has to supply the LLC -header to get a fully conforming packet. -Incoming 802.3 packets are not multiplexed on the DSAP/SSAP protocol -fields; instead they are supplied to the user as protocol -.B ETH_P_802_2 -with the LLC header prefixed. -It is thus not possible to bind to -.BR ETH_P_802_3 ; -bind to -.B ETH_P_802_2 -instead and do the protocol multiplex yourself. -The default for sending is the standard Ethernet DIX -encapsulation with the protocol filled in. -.P -Packet sockets are not subject to the input or output firewall chains. -.SS Compatibility -In Linux 2.0, the only way to get a packet socket was with the call: -.P -.in +4n -.EX -socket(AF_INET, SOCK_PACKET, protocol) -.EE -.in -.P -This is still supported, but deprecated and strongly discouraged. -The main difference between the two methods is that -.B SOCK_PACKET -uses the old -.I struct sockaddr_pkt -to specify an interface, which doesn't provide physical-layer -independence. -.P -.in +4n -.EX -struct sockaddr_pkt { - unsigned short spkt_family; - unsigned char spkt_device[14]; - unsigned short spkt_protocol; -}; -.EE -.in -.P -.I spkt_family -contains -the device type, -.I spkt_protocol -is the IEEE 802.3 protocol type as defined in -.I -and -.I spkt_device -is the device name as a null-terminated string, for example, eth0. -.P -This structure is obsolete and should not be used in new code. -.SH BUGS -.SS LLC header handling -The IEEE 802.2/803.3 LLC handling could be considered as a bug. -.SS MSG_TRUNC issues -The -.B MSG_TRUNC -.BR recvmsg (2) -extension is an ugly hack and should be replaced by a control message. -There is currently no way to get the original destination address of -packets via -.BR SOCK_DGRAM . -.SS spkt_device device name truncation -The -.I spkt_device -field of -.I sockaddr_pkt -has a size of 14 bytes, -which is less than the constant -.B IFNAMSIZ -defined in -.I -which is 16 bytes and describes the system limit for a network interface name. -This means the names of network devices longer than 14 bytes -will be truncated to fit into -.IR spkt_device . -All these lengths include the terminating null byte (\[aq]\e0\[aq])). -.P -Issues from this with old code typically show up with -very long interface names used by the -.B Predictable Network Interface Names -feature enabled by default in many modern Linux distributions. -.P -The preferred solution is to rewrite code to avoid -.BR SOCK_PACKET . -Possible user solutions are to disable -.B Predictable Network Interface Names -or to rename the interface to a name of at most 13 bytes, -for example using the -.BR ip (8) -tool. -.SS Documentation issues -Socket filters are not documented. -.\" .SH CREDITS -.\" This man page was written by Andi Kleen with help from Matthew Wilcox. -.\" AF_PACKET in Linux 2.2 was implemented -.\" by Alexey Kuznetsov, based on code by Alan Cox and others. -.SH SEE ALSO -.BR socket (2), -.BR pcap (3), -.BR capabilities (7), -.BR ip (7), -.BR raw (7), -.BR socket (7), -.BR ip (8), -.P -RFC\ 894 for the standard IP Ethernet encapsulation. -RFC\ 1700 for the IEEE 802.3 IP encapsulation. -.P -The -.I -include file for physical-layer protocols. -.P -The Linux kernel source tree. -.I Documentation/networking/filter.rst -describes how to apply Berkeley Packet Filters to packet sockets. -.I tools/testing/selftests/net/psock_tpacket.c -contains example source code for all available versions of -.B PACKET_RX_RING -and -.BR PACKET_TX_RING . diff --git a/man7/path_resolution.7 b/man7/path_resolution.7 deleted file mode 100644 index ac814ed..0000000 --- a/man7/path_resolution.7 +++ /dev/null @@ -1,264 +0,0 @@ -.\" Copyright (C) 2003 Andries Brouwer (aeb@cwi.nl) -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH path_resolution 7 2024-02-18 "Linux man-pages 6.7" -.SH NAME -path_resolution \- how a pathname is resolved to a file -.SH DESCRIPTION -Some UNIX/Linux system calls have as parameter one or more filenames. -A filename (or pathname) is resolved as follows. -.SS Step 1: start of the resolution process -If the pathname starts with the \[aq]/\[aq] character, the starting lookup -directory is the root directory of the calling process. -A process inherits its root directory from its parent. -Usually this will be the root directory of the file hierarchy. -A process may get a different root directory by use of the -.BR chroot (2) -system call, or may temporarily use a different root directory by using -.BR openat2 (2) -with the -.B RESOLVE_IN_ROOT -flag set. -.P -A process may get an entirely private mount namespace in case -it\[em]or one of its ancestors\[em]was started by an invocation of the -.BR clone (2) -system call that had the -.B CLONE_NEWNS -flag set. -This handles the \[aq]/\[aq] part of the pathname. -.P -If the pathname does not start with the \[aq]/\[aq] character, the starting -lookup directory of the resolution process is the current working directory of -the process \[em] or in the case of -.BR openat (2)-style -system calls, the -.I dfd -argument (or the current working directory if -.B AT_FDCWD -is passed as the -.I dfd -argument). -The current working directory is inherited from the parent, and can -be changed by use of the -.BR chdir (2) -system call. -.P -Pathnames starting with a \[aq]/\[aq] character are called absolute pathnames. -Pathnames not starting with a \[aq]/\[aq] are called relative pathnames. -.SS Step 2: walk along the path -Set the current lookup directory to the starting lookup directory. -Now, for each nonfinal component of the pathname, where a component -is a substring delimited by \[aq]/\[aq] characters, this component is looked up -in the current lookup directory. -.P -If the process does not have search permission on -the current lookup directory, -an -.B EACCES -error is returned ("Permission denied"). -.P -If the component is not found, an -.B ENOENT -error is returned -("No such file or directory"). -.P -If the component is found, but is neither a directory nor a symbolic link, -an -.B ENOTDIR -error is returned ("Not a directory"). -.P -If the component is found and is a directory, we set the -current lookup directory to that directory, and go to the -next component. -.P -If the component is found and is a symbolic link, -we first resolve this symbolic link -(with the current lookup directory -as starting lookup directory). -Upon error, that error is returned. -If the result is not a directory, an -.B ENOTDIR -error is returned. -If the resolution of the symbolic link is successful and returns a directory, -we set the current lookup directory to that directory, and go to -the next component. -Note that the resolution process here can involve recursion if the -prefix ('dirname') component of a pathname contains a filename -that is a symbolic link that resolves to a directory (where the -prefix component of that directory may contain a symbolic link, and so on). -In order to protect the kernel against stack overflow, and also -to protect against denial of service, there are limits on the -maximum recursion depth, and on the maximum number of symbolic links -followed. -An -.B ELOOP -error is returned when the maximum is -exceeded ("Too many levels of symbolic links"). -.P -.\" -.\" presently: max recursion depth during symlink resolution: 5 -.\" max total number of symbolic links followed: 40 -.\" _POSIX_SYMLOOP_MAX is 8 -As currently implemented on Linux, the maximum number -.\" MAXSYMLINKS is 40 -of symbolic links that will be followed while resolving a pathname is 40. -Before Linux 2.6.18, the limit on the recursion depth was 5. -Starting with Linux 2.6.18, this limit -.\" MAX_NESTED_LINKS -was raised to 8. -In Linux 4.2, -.\" commit 894bc8c4662ba9daceafe943a5ba0dd407da5cd3 -the kernel's pathname-resolution code -was reworked to eliminate the use of recursion, -so that the only limit that remains is the maximum of 40 -resolutions for the entire pathname. -.P -The resolution of symbolic links during this stage can be blocked by using -.BR openat2 (2), -with the -.B RESOLVE_NO_SYMLINKS -flag set. -.SS Step 3: find the final entry -The lookup of the final component of the pathname goes just like -that of all other components, as described in the previous step, -with two differences: (i) the final component need not be a -directory (at least as far as the path resolution process is -concerned\[em]it may have to be a directory, or a nondirectory, because of -the requirements of the specific system call), and (ii) it -is not necessarily an error if the component is not found\[em]maybe -we are just creating it. -The details on the treatment -of the final entry are described in the manual pages of the specific -system calls. -.SS "\&. and .." -By convention, every directory has the entries "." and "..", -which refer to the directory itself and to its parent directory, -respectively. -.P -The path resolution process will assume that these entries have -their conventional meanings, regardless of whether they are -actually present in the physical filesystem. -.P -One cannot walk up past the root: "/.." is the same as "/". -.SS Mount points -After a -.I mount dev path -command, the pathname "path" refers to -the root of the filesystem hierarchy on the device "dev", and no -longer to whatever it referred to earlier. -.P -One can walk out of a mounted filesystem: "path/.." refers to -the parent directory of "path", -outside of the filesystem hierarchy on "dev". -.P -Traversal of mount points can be blocked by using -.BR openat2 (2), -with the -.B RESOLVE_NO_XDEV -flag set (though note that this also restricts bind mount traversal). -.SS Trailing slashes -If a pathname ends in a \[aq]/\[aq], that forces resolution of the preceding -component as in Step 2: -the component preceding the slash either exists and resolves to a directory -or it names a directory that is to be created -immediately after the pathname is resolved. -Otherwise, a trailing \[aq]/\[aq] is ignored. -.SS Final symbolic link -If the last component of a pathname is a symbolic link, then it -depends on the system call whether the file referred to will be -the symbolic link or the result of path resolution on its contents. -For example, the system call -.BR lstat (2) -will operate on the symbolic link, -while -.BR stat (2) -operates on the file pointed to by the symbolic link. -.SS Length limit -There is a maximum length for pathnames. -If the pathname (or some -intermediate pathname obtained while resolving symbolic links) -is too long, an -.B ENAMETOOLONG -error is returned ("Filename too long"). -.SS Empty pathname -In the original UNIX, the empty pathname referred to the current directory. -Nowadays POSIX decrees that an empty pathname must not be resolved -successfully. -Linux returns -.B ENOENT -in this case. -.SS Permissions -The permission bits of a file consist of three groups of three bits; see -.BR chmod (1) -and -.BR stat (2). -The first group of three is used when the effective user ID of -the calling process equals the owner ID of the file. -The second group -of three is used when the group ID of the file either equals the -effective group ID of the calling process, or is one of the -supplementary group IDs of the calling process (as set by -.BR setgroups (2)). -When neither holds, the third group is used. -.P -Of the three bits used, the first bit determines read permission, -the second write permission, and the last execute permission -in case of ordinary files, or search permission in case of directories. -.P -Linux uses the fsuid instead of the effective user ID in permission checks. -Ordinarily the fsuid will equal the effective user ID, but the fsuid can be -changed by the system call -.BR setfsuid (2). -.P -(Here "fsuid" stands for something like "filesystem user ID". -The concept was required for the implementation of a user space -NFS server at a time when processes could send a signal to a process -with the same effective user ID. -It is obsolete now. -Nobody should use -.BR setfsuid (2).) -.P -Similarly, Linux uses the fsgid ("filesystem group ID") -instead of the effective group ID. -See -.BR setfsgid (2). -.\" FIXME . say something about filesystem mounted read-only ? -.SS Bypassing permission checks: superuser and capabilities -On a traditional UNIX system, the superuser -.RI ( root , -user ID 0) is all-powerful, and bypasses all permissions restrictions -when accessing files. -.\" (but for exec at least one x bit must be set) -- AEB -.\" but there is variation across systems on this point: for -.\" example, HP-UX and Tru64 are as described by AEB. However, -.\" on some implementations (e.g., Solaris, FreeBSD), -.\" access(X_OK) by superuser will report success, regardless -.\" of the file's execute permission bits. -- MTK (Oct 05) -.P -On Linux, superuser privileges are divided into capabilities (see -.BR capabilities (7)). -Two capabilities are relevant for file permissions checks: -.B CAP_DAC_OVERRIDE -and -.BR CAP_DAC_READ_SEARCH . -(A process has these capabilities if its fsuid is 0.) -.P -The -.B CAP_DAC_OVERRIDE -capability overrides all permission checking, -but grants execute permission only when at least one -of the file's three execute permission bits is set. -.P -The -.B CAP_DAC_READ_SEARCH -capability grants read and search permission -on directories, and read permission on ordinary files. -.\" FIXME . say something about immutable files -.\" FIXME . say something about ACLs -.SH SEE ALSO -.BR readlink (2), -.BR capabilities (7), -.BR credentials (7), -.BR symlink (7) diff --git a/man7/persistent-keyring.7 b/man7/persistent-keyring.7 deleted file mode 100644 index 0db4940..0000000 --- a/man7/persistent-keyring.7 +++ /dev/null @@ -1,124 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH persistent-keyring 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -persistent-keyring \- per-user persistent keyring -.SH DESCRIPTION -The persistent keyring is a keyring used to anchor keys on behalf of a user. -Each UID the kernel deals with has its own persistent keyring that -is shared between all threads owned by that UID. -The persistent keyring has a name (description) of the form -.I _persistent. -where -.I -is the user ID of the corresponding user. -.P -The persistent keyring may not be accessed directly, -even by processes with the appropriate UID. -.\" FIXME The meaning of the preceding sentence isn't clear. What is meant? -Instead, it must first be linked to one of a process's keyrings, -before that keyring can access the persistent keyring -by virtue of its possessor permits. -This linking is done with the -.BR keyctl_get_persistent (3) -function. -.P -If a persistent keyring does not exist when it is accessed by the -.BR keyctl_get_persistent (3) -operation, it will be automatically created. -.P -Each time the -.BR keyctl_get_persistent (3) -operation is performed, -the persistent keyring's expiration timer is reset to the value in: -.P -.in +4n -.EX -/proc/sys/kernel/keys/persistent_keyring_expiry -.EE -.in -.P -Should the timeout be reached, -the persistent keyring will be removed and -everything it pins can then be garbage collected. -The keyring will then be re-created on a subsequent call to -.BR keyctl_get_persistent (3). -.P -The persistent keyring is not directly searched by -.BR request_key (2); -it is searched only if it is linked into one of the keyrings -that is searched by -.BR request_key (2). -.P -The persistent keyring is independent of -.BR clone (2), -.BR fork (2), -.BR vfork (2), -.BR execve (2), -and -.BR _exit (2). -It persists until its expiration timer triggers, -at which point it is garbage collected. -This allows the persistent keyring to carry keys beyond the life of -the kernel's record of the corresponding UID -(the destruction of which results in the destruction of the -.BR user\-keyring (7) -and the -.BR user\-session\-keyring (7)). -The persistent keyring can thus be used to -hold authentication tokens for processes that run without user interaction, -such as programs started by -.BR cron (8). -.P -The persistent keyring is used to store UID-specific objects that -themselves have limited lifetimes (e.g., kerberos tokens). -If those tokens cease to be used -(i.e., the persistent keyring is not accessed), -then the timeout of the persistent keyring ensures that -the corresponding objects are automatically discarded. -.\" -.SS Special operations -The -.I keyutils -library provides the -.BR keyctl_get_persistent (3) -function for manipulating persistent keyrings. -(This function is an interface to the -.BR keyctl (2) -.B KEYCTL_GET_PERSISTENT -operation.) -This operation allows the calling thread to get the persistent keyring -corresponding to its own UID or, if the thread has the -.B CAP_SETUID -capability, the persistent keyring corresponding to some other UID -in the same user namespace. -.SH NOTES -Each user namespace owns a keyring called -.I .persistent_register -that contains links to all of the persistent keys in that namespace. -(The -.I .persistent_register -keyring can be seen when reading the contents of the -.I /proc/keys -file for the UID 0 in the namespace.) -The -.BR keyctl_get_persistent (3) -operation looks for a key with a name of the form -.IR _persistent. UID -in that keyring, -creates the key if it does not exist, and links it into the keyring. -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR keyctl (3), -.BR keyctl_get_persistent (3), -.BR keyrings (7), -.BR process\-keyring (7), -.BR session\-keyring (7), -.BR thread\-keyring (7), -.BR user\-keyring (7), -.BR user\-session\-keyring (7) diff --git a/man7/pid_namespaces.7 b/man7/pid_namespaces.7 deleted file mode 100644 index 90d062b..0000000 --- a/man7/pid_namespaces.7 +++ /dev/null @@ -1,388 +0,0 @@ -.\" Copyright (c) 2013 by Michael Kerrisk -.\" and Copyright (c) 2012 by Eric W. Biederman -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH pid_namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -pid_namespaces \- overview of Linux PID namespaces -.SH DESCRIPTION -For an overview of namespaces, see -.BR namespaces (7). -.P -PID namespaces isolate the process ID number space, -meaning that processes in different PID namespaces can have the same PID. -PID namespaces allow containers to provide functionality -such as suspending/resuming the set of processes in the container and -migrating the container to a new host -while the processes inside the container maintain the same PIDs. -.P -PIDs in a new PID namespace start at 1, -somewhat like a standalone system, and calls to -.BR fork (2), -.BR vfork (2), -or -.BR clone (2) -will produce processes with PIDs that are unique within the namespace. -.P -Use of PID namespaces requires a kernel that is configured with the -.B CONFIG_PID_NS -option. -.\" -.\" ============================================================ -.\" -.SS The namespace "init" process -The first process created in a new namespace -(i.e., the process created using -.BR clone (2) -with the -.B CLONE_NEWPID -flag, or the first child created by a process after a call to -.BR unshare (2) -using the -.B CLONE_NEWPID -flag) has the PID 1, and is the "init" process for the namespace (see -.BR init (1)). -This process becomes the parent of any child processes that are orphaned -because a process that resides in this PID namespace terminated -(see below for further details). -.P -If the "init" process of a PID namespace terminates, -the kernel terminates all of the processes in the namespace via a -.B SIGKILL -signal. -This behavior reflects the fact that the "init" process -is essential for the correct operation of a PID namespace. -In this case, a subsequent -.BR fork (2) -into this PID namespace fail with the error -.BR ENOMEM ; -it is not possible to create a new process in a PID namespace whose "init" -process has terminated. -Such scenarios can occur when, for example, -a process uses an open file descriptor for a -.IR /proc/ pid /ns/pid -file corresponding to a process that was in a namespace to -.BR setns (2) -into that namespace after the "init" process has terminated. -Another possible scenario can occur after a call to -.BR unshare (2): -if the first child subsequently created by a -.BR fork (2) -terminates, then subsequent calls to -.BR fork (2) -fail with -.BR ENOMEM . -.P -Only signals for which the "init" process has established a signal handler -can be sent to the "init" process by other members of the PID namespace. -This restriction applies even to privileged processes, -and prevents other members of the PID namespace from -accidentally killing the "init" process. -.P -Likewise, a process in an ancestor namespace -can\[em]subject to the usual permission checks described in -.BR kill (2)\[em]send -signals to the "init" process of a child PID namespace only -if the "init" process has established a handler for that signal. -(Within the handler, the -.I siginfo_t -.I si_pid -field described in -.BR sigaction (2) -will be zero.) -.B SIGKILL -or -.B SIGSTOP -are treated exceptionally: -these signals are forcibly delivered when sent from an ancestor PID namespace. -Neither of these signals can be caught by the "init" process, -and so will result in the usual actions associated with those signals -(respectively, terminating and stopping the process). -.P -Starting with Linux 3.4, the -.BR reboot (2) -system call causes a signal to be sent to the namespace "init" process. -See -.BR reboot (2) -for more details. -.\" -.\" ============================================================ -.\" -.SS Nesting PID namespaces -PID namespaces can be nested: -each PID namespace has a parent, -except for the initial ("root") PID namespace. -The parent of a PID namespace is the PID namespace of the process that -created the namespace using -.BR clone (2) -or -.BR unshare (2). -PID namespaces thus form a tree, -with all namespaces ultimately tracing their ancestry to the root namespace. -Since Linux 3.7, -.\" commit f2302505775fd13ba93f034206f1e2a587017929 -.\" The kernel constant MAX_PID_NS_LEVEL -the kernel limits the maximum nesting depth for PID namespaces to 32. -.P -A process is visible to other processes in its PID namespace, -and to the processes in each direct ancestor PID namespace -going back to the root PID namespace. -In this context, "visible" means that one process -can be the target of operations by another process using -system calls that specify a process ID. -Conversely, the processes in a child PID namespace can't see -processes in the parent and further removed ancestor namespaces. -More succinctly: a process can see (e.g., send signals with -.BR kill (2), -set nice values with -.BR setpriority (2), -etc.) only processes contained in its own PID namespace -and in descendants of that namespace. -.P -A process has one process ID in each of the layers of the PID -namespace hierarchy in which is visible, -and walking back though each direct ancestor namespace -through to the root PID namespace. -System calls that operate on process IDs always -operate using the process ID that is visible in the -PID namespace of the caller. -A call to -.BR getpid (2) -always returns the PID associated with the namespace in which -the process was created. -.P -Some processes in a PID namespace may have parents -that are outside of the namespace. -For example, the parent of the initial process in the namespace -(i.e., the -.BR init (1) -process with PID 1) is necessarily in another namespace. -Likewise, the direct children of a process that uses -.BR setns (2) -to cause its children to join a PID namespace are in a different -PID namespace from the caller of -.BR setns (2). -Calls to -.BR getppid (2) -for such processes return 0. -.P -While processes may freely descend into child PID namespaces -(e.g., using -.BR setns (2) -with a PID namespace file descriptor), -they may not move in the other direction. -That is to say, processes may not enter any ancestor namespaces -(parent, grandparent, etc.). -Changing PID namespaces is a one-way operation. -.P -The -.B NS_GET_PARENT -.BR ioctl (2) -operation can be used to discover the parental relationship -between PID namespaces; see -.BR ioctl_ns (2). -.\" -.\" ============================================================ -.\" -.SS setns(2) and unshare(2) semantics -Calls to -.BR setns (2) -that specify a PID namespace file descriptor -and calls to -.BR unshare (2) -with the -.B CLONE_NEWPID -flag cause children subsequently created -by the caller to be placed in a different PID namespace from the caller. -(Since Linux 4.12, that PID namespace is shown via the -.IR /proc/ pid /ns/pid_for_children -file, as described in -.BR namespaces (7).) -These calls do not, however, -change the PID namespace of the calling process, -because doing so would change the caller's idea of its own PID -(as reported by -.BR getpid ()), -which would break many applications and libraries. -.P -To put things another way: -a process's PID namespace membership is determined when the process is created -and cannot be changed thereafter. -Among other things, this means that the parental relationship -between processes mirrors the parental relationship between PID namespaces: -the parent of a process is either in the same namespace -or resides in the immediate parent PID namespace. -.P -A process may call -.BR unshare (2) -with the -.B CLONE_NEWPID -flag only once. -After it has performed this operation, its -.IR /proc/ pid /ns/pid_for_children -symbolic link will be empty until the first child is created in the namespace. -.\" -.\" ============================================================ -.\" -.SS Adoption of orphaned children -When a child process becomes orphaned, it is reparented to the "init" -process in the PID namespace of its parent -(unless one of the nearer ancestors of the parent employed the -.BR prctl (2) -.B PR_SET_CHILD_SUBREAPER -command to mark itself as the reaper of orphaned descendant processes). -Note that because of the -.BR setns (2) -and -.BR unshare (2) -semantics described above, this may be the "init" process in the PID -namespace that is the -.I parent -of the child's PID namespace, -rather than the "init" process in the child's own PID namespace. -.\" Furthermore, by definition, the parent of the "init" process -.\" of a PID namespace resides in the parent PID namespace. -.\" -.\" ============================================================ -.\" -.SS Compatibility of CLONE_NEWPID with other CLONE_* flags -In current versions of Linux, -.B CLONE_NEWPID -can't be combined with -.BR CLONE_THREAD . -Threads are required to be in the same PID namespace such that -the threads in a process can send signals to each other. -Similarly, it must be possible to see all of the threads -of a process in the -.BR proc (5) -filesystem. -Additionally, if two threads were in different PID -namespaces, the process ID of the process sending a signal -could not be meaningfully encoded when a signal is sent -(see the description of the -.I siginfo_t -type in -.BR sigaction (2)). -Since this is computed when a signal is enqueued, -a signal queue shared by processes in multiple PID namespaces -would defeat that. -.P -.\" Note these restrictions were all introduced in -.\" 8382fcac1b813ad0a4e68a838fc7ae93fa39eda0 -.\" when CLONE_NEWPID|CLONE_VM was disallowed -In earlier versions of Linux, -.B CLONE_NEWPID -was additionally disallowed (failing with the error -.BR EINVAL ) -in combination with -.B CLONE_SIGHAND -.\" (restriction lifted in faf00da544045fdc1454f3b9e6d7f65c841de302) -(before Linux 4.3) as well as -.\" (restriction lifted in e79f525e99b04390ca4d2366309545a836c03bf1) -.B CLONE_VM -(before Linux 3.12). -The changes that lifted these restrictions have also been ported to -earlier stable kernels. -.\" -.\" ============================================================ -.\" -.SS /proc and PID namespaces -A -.I /proc -filesystem shows (in the -.IR /proc/ pid -directories) only processes visible in the PID namespace -of the process that performed the mount, even if the -.I /proc -filesystem is viewed from processes in other namespaces. -.P -After creating a new PID namespace, -it is useful for the child to change its root directory -and mount a new procfs instance at -.I /proc -so that tools such as -.BR ps (1) -work correctly. -If a new mount namespace is simultaneously created by including -.B CLONE_NEWNS -in the -.I flags -argument of -.BR clone (2) -or -.BR unshare (2), -then it isn't necessary to change the root directory: -a new procfs instance can be mounted directly over -.IR /proc . -.P -From a shell, the command to mount -.I /proc -is: -.P -.in +4n -.EX -$ mount \-t proc proc /proc -.EE -.in -.P -Calling -.BR readlink (2) -on the path -.I /proc/self -yields the process ID of the caller in the PID namespace of the procfs mount -(i.e., the PID namespace of the process that mounted the procfs). -This can be useful for introspection purposes, -when a process wants to discover its PID in other namespaces. -.\" -.\" ============================================================ -.\" -.SS /proc files -.TP -.BR /proc/sys/kernel/ns_last_pid " (since Linux 3.3)" -.\" commit b8f566b04d3cddd192cfd2418ae6d54ac6353792 -This file -(which is virtualized per PID namespace) -displays the last PID that was allocated in this PID namespace. -When the next PID is allocated, -the kernel will search for the lowest unallocated PID -that is greater than this value, -and when this file is subsequently read it will show that PID. -.IP -This file is writable by a process that has the -.B CAP_SYS_ADMIN -or (since Linux 5.9) -.B CAP_CHECKPOINT_RESTORE -capability inside the user namespace that owns the PID namespace. -.\" This ability is necessary to support checkpoint restore in user-space -This makes it possible to determine the PID that is allocated -to the next process that is created inside this PID namespace. -.\" -.\" ============================================================ -.\" -.SS Miscellaneous -When a process ID is passed over a UNIX domain socket to a -process in a different PID namespace (see the description of -.B SCM_CREDENTIALS -in -.BR unix (7)), -it is translated into the corresponding PID value in -the receiving process's PID namespace. -.SH STANDARDS -Linux. -.SH EXAMPLES -See -.BR user_namespaces (7). -.SH SEE ALSO -.BR clone (2), -.BR reboot (2), -.BR setns (2), -.BR unshare (2), -.BR proc (5), -.BR capabilities (7), -.BR credentials (7), -.BR mount_namespaces (7), -.BR namespaces (7), -.BR user_namespaces (7), -.BR switch_root (8) diff --git a/man7/pipe.7 b/man7/pipe.7 deleted file mode 100644 index bebb856..0000000 --- a/man7/pipe.7 +++ /dev/null @@ -1,407 +0,0 @@ -.\" Copyright (C) 2005 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH pipe 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -pipe \- overview of pipes and FIFOs -.SH DESCRIPTION -Pipes and FIFOs (also known as named pipes) -provide a unidirectional interprocess communication channel. -A pipe has a -.I read end -and a -.IR "write end" . -Data written to the write end of a pipe can be read -from the read end of the pipe. -.P -A pipe is created using -.BR pipe (2), -which creates a new pipe and returns two file descriptors, -one referring to the read end of the pipe, -the other referring to the write end. -Pipes can be used to create a communication channel between related -processes; see -.BR pipe (2) -for an example. -.P -A FIFO (short for First In First Out) has a name within the filesystem -(created using -.BR mkfifo (3)), -and is opened using -.BR open (2). -Any process may open a FIFO, assuming the file permissions allow it. -The read end is opened using the -.B O_RDONLY -flag; the write end is opened using the -.B O_WRONLY -flag. -See -.BR fifo (7) -for further details. -.IR Note : -although FIFOs have a pathname in the filesystem, -I/O on FIFOs does not involve operations on the underlying device -(if there is one). -.SS I/O on pipes and FIFOs -The only difference between pipes and FIFOs is the manner in which -they are created and opened. -Once these tasks have been accomplished, -I/O on pipes and FIFOs has exactly the same semantics. -.P -If a process attempts to read from an empty pipe, then -.BR read (2) -will block until data is available. -If a process attempts to write to a full pipe (see below), then -.BR write (2) -blocks until sufficient data has been read from the pipe -to allow the write to complete. -.P -Nonblocking I/O is possible by using the -.BR fcntl (2) -.B F_SETFL -operation to enable the -.B O_NONBLOCK -open file status flag or by opening a -.BR fifo (7) -with -.BR O_NONBLOCK . -If any process has the pipe open for writing, reads fail with -.BR EAGAIN ; -otherwise\[em]with no potential writers\[em]reads succeed and return empty. -.P -The communication channel provided by a pipe is a -.IR "byte stream" : -there is no concept of message boundaries. -.P -If all file descriptors referring to the write end of a pipe -have been closed, then an attempt to -.BR read (2) -from the pipe will see end-of-file -.RB ( read (2) -will return 0). -If all file descriptors referring to the read end of a pipe -have been closed, then a -.BR write (2) -will cause a -.B SIGPIPE -signal to be generated for the calling process. -If the calling process is ignoring this signal, then -.BR write (2) -fails with the error -.BR EPIPE . -An application that uses -.BR pipe (2) -and -.BR fork (2) -should use suitable -.BR close (2) -calls to close unnecessary duplicate file descriptors; -this ensures that end-of-file and -.BR SIGPIPE / EPIPE -are delivered when appropriate. -.P -It is not possible to apply -.BR lseek (2) -to a pipe. -.SS Pipe capacity -A pipe has a limited capacity. -If the pipe is full, then a -.BR write (2) -will block or fail, depending on whether the -.B O_NONBLOCK -flag is set (see below). -Different implementations have different limits for the pipe capacity. -Applications should not rely on a particular capacity: -an application should be designed so that a reading process consumes data -as soon as it is available, -so that a writing process does not remain blocked. -.P -Before Linux 2.6.11, the capacity of a pipe was the same as -the system page size (e.g., 4096 bytes on i386). -Since Linux 2.6.11, the pipe capacity is 16 pages -(i.e., 65,536 bytes in a system with a page size of 4096 bytes). -Since Linux 2.6.35, the default pipe capacity is 16 pages, -but the capacity can be queried and set using the -.BR fcntl (2) -.B F_GETPIPE_SZ -and -.B F_SETPIPE_SZ -operations. -See -.BR fcntl (2) -for more information. -.P -The following -.BR ioctl (2) -operation, which can be applied to a file descriptor -that refers to either end of a pipe, -places a count of the number of unread bytes in the pipe in the -.I int -buffer pointed to by the final argument of the call: -.P -.in +4n -.EX -ioctl(fd, FIONREAD, &nbytes); -.EE -.in -.P -The -.B FIONREAD -operation is not specified in any standard, -but is provided on many implementations. -.\" -.SS /proc files -On Linux, the following files control how much memory can be used for pipes: -.TP -.IR /proc/sys/fs/pipe\-max\-pages " (only in Linux 2.6.34)" -.\" commit b492e95be0ae672922f4734acf3f5d35c30be948 -An upper limit, in pages, on the capacity that an unprivileged user -(one without the -.B CAP_SYS_RESOURCE -capability) -can set for a pipe. -.IP -The default value for this limit is 16 times the default pipe capacity -(see above); the lower limit is two pages. -.IP -This interface was removed in Linux 2.6.35, in favor of -.IR /proc/sys/fs/pipe\-max\-size . -.TP -.IR /proc/sys/fs/pipe\-max\-size " (since Linux 2.6.35)" -.\" commit ff9da691c0498ff81fdd014e7a0731dab2337dac -The maximum size (in bytes) of individual pipes that can be set -.\" This limit is not checked on pipe creation, where the capacity is -.\" always PIPE_DEF_BUFS, regardless of pipe-max-size -by users without the -.B CAP_SYS_RESOURCE -capability. -The value assigned to this file may be rounded upward, -to reflect the value actually employed for a convenient implementation. -To determine the rounded-up value, -display the contents of this file after assigning a value to it. -.IP -The default value for this file is 1048576 (1\ MiB). -The minimum value that can be assigned to this file is the system page size. -Attempts to set a limit less than the page size cause -.BR write (2) -to fail with the error -.BR EINVAL . -.IP -Since Linux 4.9, -.\" commit 086e774a57fba4695f14383c0818994c0b31da7c -the value on this file also acts as a ceiling on the default capacity -of a new pipe or newly opened FIFO. -.TP -.IR /proc/sys/fs/pipe\-user\-pages\-hard " (since Linux 4.5)" -.\" commit 759c01142a5d0f364a462346168a56de28a80f52 -The hard limit on the total size (in pages) of all pipes created or set by -a single unprivileged user (i.e., one with neither the -.B CAP_SYS_RESOURCE -nor the -.B CAP_SYS_ADMIN -capability). -So long as the total number of pages allocated to pipe buffers -for this user is at this limit, -attempts to create new pipes will be denied, -and attempts to increase a pipe's capacity will be denied. -.IP -When the value of this limit is zero (which is the default), -no hard limit is applied. -.\" The default was chosen to avoid breaking existing applications that -.\" make intensive use of pipes (e.g., for splicing). -.TP -.IR /proc/sys/fs/pipe\-user\-pages\-soft " (since Linux 4.5)" -.\" commit 759c01142a5d0f364a462346168a56de28a80f52 -The soft limit on the total size (in pages) of all pipes created or set by -a single unprivileged user (i.e., one with neither the -.B CAP_SYS_RESOURCE -nor the -.B CAP_SYS_ADMIN -capability). -So long as the total number of pages allocated to pipe buffers -for this user is at this limit, -individual pipes created by a user will be limited to one page, -and attempts to increase a pipe's capacity will be denied. -.IP -When the value of this limit is zero, no soft limit is applied. -The default value for this file is 16384, -which permits creating up to 1024 pipes with the default capacity. -.P -Before Linux 4.9, some bugs affected the handling of the -.I pipe\-user\-pages\-soft -and -.I pipe\-user\-pages\-hard -limits; see BUGS. -.\" -.SS PIPE_BUF -POSIX.1 says that writes of less than -.B PIPE_BUF -bytes must be atomic: the output data is written to the pipe as a -contiguous sequence. -Writes of more than -.B PIPE_BUF -bytes may be nonatomic: the kernel may interleave the data -with data written by other processes. -POSIX.1 requires -.B PIPE_BUF -to be at least 512 bytes. -(On Linux, -.B PIPE_BUF -is 4096 bytes.) -The precise semantics depend on whether the file descriptor is nonblocking -.RB ( O_NONBLOCK ), -whether there are multiple writers to the pipe, and on -.IR n , -the number of bytes to be written: -.TP -\fBO_NONBLOCK\fP disabled, \fIn\fP <= \fBPIPE_BUF\fP -All -.I n -bytes are written atomically; -.BR write (2) -may block if there is not room for -.I n -bytes to be written immediately -.TP -\fBO_NONBLOCK\fP enabled, \fIn\fP <= \fBPIPE_BUF\fP -If there is room to write -.I n -bytes to the pipe, then -.BR write (2) -succeeds immediately, writing all -.I n -bytes; otherwise -.BR write (2) -fails, with -.I errno -set to -.BR EAGAIN . -.TP -\fBO_NONBLOCK\fP disabled, \fIn\fP > \fBPIPE_BUF\fP -The write is nonatomic: the data given to -.BR write (2) -may be interleaved with -.BR write (2)s -by other process; -the -.BR write (2) -blocks until -.I n -bytes have been written. -.TP -\fBO_NONBLOCK\fP enabled, \fIn\fP > \fBPIPE_BUF\fP -If the pipe is full, then -.BR write (2) -fails, with -.I errno -set to -.BR EAGAIN . -Otherwise, from 1 to -.I n -bytes may be written (i.e., a "partial write" may occur; -the caller should check the return value from -.BR write (2) -to see how many bytes were actually written), -and these bytes may be interleaved with writes by other processes. -.SS Open file status flags -The only open file status flags that can be meaningfully applied to -a pipe or FIFO are -.B O_NONBLOCK -and -.BR O_ASYNC . -.P -Setting the -.B O_ASYNC -flag for the read end of a pipe causes a signal -.RB ( SIGIO -by default) to be generated when new input becomes available on the pipe. -The target for delivery of signals must be set using the -.BR fcntl (2) -.B F_SETOWN -command. -On Linux, -.B O_ASYNC -is supported for pipes and FIFOs only since Linux 2.6. -.SS Portability notes -On some systems (but not Linux), pipes are bidirectional: -data can be transmitted in both directions between the pipe ends. -POSIX.1 requires only unidirectional pipes. -Portable applications should avoid reliance on -bidirectional pipe semantics. -.SS BUGS -Before Linux 4.9, some bugs affected the handling of the -.I pipe\-user\-pages\-soft -and -.I pipe\-user\-pages\-hard -limits when using the -.BR fcntl (2) -.B F_SETPIPE_SZ -operation to change a pipe's capacity: -.\" These bugs where remedied by a series of patches, in particular, -.\" commit b0b91d18e2e97b741b294af9333824ecc3fadfd8 and -.\" commit a005ca0e6813e1d796a7422a7e31d8b8d6555df1 -.IP (a) 5 -When increasing the pipe capacity, the checks against the soft and -hard limits were made against existing consumption, -and excluded the memory required for the increased pipe capacity. -The new increase in pipe capacity could then push the total -memory used by the user for pipes (possibly far) over a limit. -(This could also trigger the problem described next.) -.IP -Starting with Linux 4.9, -the limit checking includes the memory required for the new pipe capacity. -.IP (b) -The limit checks were performed even when the new pipe capacity was -less than the existing pipe capacity. -This could lead to problems if a user set a large pipe capacity, -and then the limits were lowered, with the result that the user could -no longer decrease the pipe capacity. -.IP -Starting with Linux 4.9, checks against the limits -are performed only when increasing a pipe's capacity; -an unprivileged user can always decrease a pipe's capacity. -.IP (c) -The accounting and checking against the limits were done as follows: -.RS -.IP (1) 5 -.PD 0 -Test whether the user has exceeded the limit. -.IP (2) -Make the new pipe buffer allocation. -.IP (3) -Account new allocation against the limits. -.PD -.RE -.IP -This was racey. -Multiple processes could pass point (1) simultaneously, -and then allocate pipe buffers that were accounted for only in step (3), -with the result that the user's pipe buffer -allocation could be pushed over the limit. -.IP -Starting with Linux 4.9, -the accounting step is performed before doing the allocation, -and the operation fails if the limit would be exceeded. -.P -Before Linux 4.9, bugs similar to points (a) and (c) could also occur -when the kernel allocated memory for a new pipe buffer; -that is, when calling -.BR pipe (2) -and when opening a previously unopened FIFO. -.SH SEE ALSO -.BR mkfifo (1), -.BR dup (2), -.BR fcntl (2), -.BR open (2), -.BR pipe (2), -.BR poll (2), -.BR select (2), -.BR socketpair (2), -.BR splice (2), -.BR stat (2), -.BR tee (2), -.BR vmsplice (2), -.BR mkfifo (3), -.BR epoll (7), -.BR fifo (7) diff --git a/man7/pkeys.7 b/man7/pkeys.7 deleted file mode 100644 index 660805c..0000000 --- a/man7/pkeys.7 +++ /dev/null @@ -1,237 +0,0 @@ -.\" Copyright (C) 2016 Intel Corporation -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH pkeys 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -pkeys \- overview of Memory Protection Keys -.SH DESCRIPTION -Memory Protection Keys (pkeys) are an extension to existing -page-based memory permissions. -Normal page permissions using -page tables require expensive system calls and TLB invalidations -when changing permissions. -Memory Protection Keys provide a mechanism for changing -protections without requiring modification of the page tables on -every permission change. -.P -To use pkeys, software must first "tag" a page in the page tables -with a pkey. -After this tag is in place, an application only has -to change the contents of a register in order to remove write -access, or all access to a tagged page. -.P -Protection keys work in conjunction with the existing -.BR PROT_READ , -.BR PROT_WRITE , -and -.B PROT_EXEC -permissions passed to system calls such as -.BR mprotect (2) -and -.BR mmap (2), -but always act to further restrict these traditional permission -mechanisms. -.P -If a process performs an access that violates pkey -restrictions, it receives a -.B SIGSEGV -signal. -See -.BR sigaction (2) -for details of the information available with that signal. -.P -To use the pkeys feature, the processor must support it, and the kernel -must contain support for the feature on a given processor. -As of early 2016 only future Intel x86 processors are supported, -and this hardware supports 16 protection keys in each process. -However, pkey 0 is used as the default key, so a maximum of 15 -are available for actual application use. -The default key is assigned to any memory region for which a -pkey has not been explicitly assigned via -.BR pkey_mprotect (2). -.P -Protection keys have the potential to add a layer of security and -reliability to applications. -But they have not been primarily designed as -a security feature. -For instance, WRPKRU is a completely unprivileged -instruction, so pkeys are useless in any case that an attacker controls -the PKRU register or can execute arbitrary instructions. -.P -Applications should be very careful to ensure that they do not "leak" -protection keys. -For instance, before calling -.BR pkey_free (2), -the application should be sure that no memory has that pkey assigned. -If the application left the freed pkey assigned, a future user of -that pkey might inadvertently change the permissions of an unrelated -data structure, which could impact security or stability. -The kernel currently allows in-use pkeys to have -.BR pkey_free (2) -called on them because it would have processor or memory performance -implications to perform the additional checks needed to disallow it. -Implementation of the necessary checks is left up to applications. -Applications may implement these checks by searching the -.IR /proc/ pid /smaps -file for memory regions with the pkey assigned. -Further details can be found in -.BR proc (5). -.P -Any application wanting to use protection keys needs to be able -to function without them. -They might be unavailable because the hardware that the -application runs on does not support them, the kernel code does -not contain support, the kernel support has been disabled, or -because the keys have all been allocated, perhaps by a library -the application is using. -It is recommended that applications wanting to use protection -keys should simply call -.BR pkey_alloc (2) -and test whether the call succeeds, -instead of attempting to detect support for the -feature in any other way. -.P -Although unnecessary, hardware support for protection keys may be -enumerated with the -.I cpuid -instruction. -Details of how to do this can be found in the Intel Software -Developers Manual. -The kernel performs this enumeration and exposes the information in -.I /proc/cpuinfo -under the "flags" field. -The string "pku" in this field indicates hardware support for protection -keys and the string "ospke" indicates that the kernel contains and has -enabled protection keys support. -.P -Applications using threads and protection keys should be especially -careful. -Threads inherit the protection key rights of the parent at the time -of the -.BR clone (2), -system call. -Applications should either ensure that their own permissions are -appropriate for child threads at the time when -.BR clone (2) -is called, or ensure that each child thread can perform its -own initialization of protection key rights. -.\" -.SS Signal Handler Behavior -Each time a signal handler is invoked (including nested signals), the -thread is temporarily given a new, default set of protection key rights -that override the rights from the interrupted context. -This means that applications must re-establish their desired protection -key rights upon entering a signal handler if the desired rights differ -from the defaults. -The rights of any interrupted context are restored when the signal -handler returns. -.P -This signal behavior is unusual and is due to the fact that the x86 PKRU -register (which stores protection key access rights) is managed with the -same hardware mechanism (XSAVE) that manages floating-point registers. -The signal behavior is the same as that of floating-point registers. -.\" -.SS Protection Keys system calls -The Linux kernel implements the following pkey-related system calls: -.BR pkey_mprotect (2), -.BR pkey_alloc (2), -and -.BR pkey_free (2). -.P -The Linux pkey system calls are available only if the kernel was -configured and built with the -.B CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS -option. -.SH EXAMPLES -The program below allocates a page of memory with read and write permissions. -It then writes some data to the memory and successfully reads it -back. -After that, it attempts to allocate a protection key and -disallows access to the page by using the WRPKRU instruction. -It then tries to access the page, -which we now expect to cause a fatal signal to the application. -.P -.in +4n -.EX -.RB "$" " ./a.out" -buffer contains: 73 -about to read buffer again... -Segmentation fault (core dumped) -.EE -.in -.SS Program source -\& -.EX -#define _GNU_SOURCE -#include -#include -#include -#include -#include -\& -int -main(void) -{ - int status; - int pkey; - int *buffer; -\& - /* - * Allocate one page of memory. - */ - buffer = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, - MAP_ANONYMOUS | MAP_PRIVATE, \-1, 0); - if (buffer == MAP_FAILED) - err(EXIT_FAILURE, "mmap"); -\& - /* - * Put some random data into the page (still OK to touch). - */ - *buffer = __LINE__; - printf("buffer contains: %d\en", *buffer); -\& - /* - * Allocate a protection key: - */ - pkey = pkey_alloc(0, 0); - if (pkey == \-1) - err(EXIT_FAILURE, "pkey_alloc"); -\& - /* - * Disable access to any memory with "pkey" set, - * even though there is none right now. - */ - status = pkey_set(pkey, PKEY_DISABLE_ACCESS); - if (status) - err(EXIT_FAILURE, "pkey_set"); -\& - /* - * Set the protection key on "buffer". - * Note that it is still read/write as far as mprotect() is - * concerned and the previous pkey_set() overrides it. - */ - status = pkey_mprotect(buffer, getpagesize(), - PROT_READ | PROT_WRITE, pkey); - if (status == \-1) - err(EXIT_FAILURE, "pkey_mprotect"); -\& - printf("about to read buffer again...\en"); -\& - /* - * This will crash, because we have disallowed access. - */ - printf("buffer contains: %d\en", *buffer); -\& - status = pkey_free(pkey); - if (status == \-1) - err(EXIT_FAILURE, "pkey_free"); -\& - exit(EXIT_SUCCESS); -} -.EE -.SH SEE ALSO -.BR pkey_alloc (2), -.BR pkey_free (2), -.BR pkey_mprotect (2), -.BR sigaction (2) diff --git a/man7/posixoptions.7 b/man7/posixoptions.7 deleted file mode 100644 index 2b3e3bc..0000000 --- a/man7/posixoptions.7 +++ /dev/null @@ -1,1014 +0,0 @@ -.\" Copyright (c) 2003 Andries Brouwer (aeb@cwi.nl) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH posixoptions 7 2023-11-01 "Linux man-pages 6.7" -.SH NAME -posixoptions \- optional parts of the POSIX standard -.SH DESCRIPTION -The POSIX standard (the information below is from POSIX.1-2001) -describes a set of behaviors and interfaces for a compliant system. -However, many interfaces are optional and there are feature test macros -to test the availability of interfaces at compile time, and functions -.BR sysconf (3), -.BR fpathconf (3), -.BR pathconf (3), -.BR confstr (3) -to do this at run time. -From shell scripts one can use -.BR getconf (1). -For more detail, see -.BR sysconf (3). -.P -We give the name of the POSIX abbreviation, the option, the name of the -.BR sysconf (3) -parameter used to inquire about the option, and possibly -a very short description. -Much more precise detail can be found in the POSIX standard itself, -versions of which can nowadays be accessed freely on the web. -.SS ADV - _POSIX_ADVISORY_INFO - _SC_ADVISORY_INFO -The following advisory functions are present: -.P -.nf -.in +4n -.IR posix_fadvise () -.IR posix_fallocate () -.IR posix_memalign () -.IR posix_madvise () -.in -.fi -.SS AIO - _POSIX_ASYNCHRONOUS_IO - _SC_ASYNCHRONOUS_IO -The header -.I -is present. -The following functions are present: -.P -.nf -.in +4n -.IR aio_cancel () -.IR aio_error () -.IR aio_fsync () -.IR aio_read () -.IR aio_return () -.IR aio_suspend () -.IR aio_write () -.IR lio_listio () -.in -.fi -.SS BAR - _POSIX_BARRIERS - _SC_BARRIERS -This option implies the -.B _POSIX_THREADS -and -.B _POSIX_THREAD_SAFE_FUNCTIONS -options. -The following functions are present: -.P -.nf -.in +4n -.IR pthread_barrier_destroy () -.IR pthread_barrier_init () -.IR pthread_barrier_wait () -.IR pthread_barrierattr_destroy () -.IR pthread_barrierattr_init () -.in -.fi -.\" .SS BE -.\" Batch environment. -.\" .SS CD -.\" C development. -.SS --- - POSIX_CHOWN_RESTRICTED -If this option is in effect (as it always is under POSIX.1-2001), -then only root may change the owner of a file, and nonroot can -set the group of a file only to one of the groups it belongs to. -This affects the following functions: -.P -.nf -.in +4n -.IR chown () -.IR fchown () -.in -.fi -.\" What about lchown() ? -.SS CS - _POSIX_CLOCK_SELECTION - _SC_CLOCK_SELECTION -This option implies the -.B _POSIX_TIMERS -option. -The following functions are present: -.P -.nf -.in +4n -.IR pthread_condattr_getclock () -.IR pthread_condattr_setclock () -.IR clock_nanosleep () -.in -.fi -.P -If -.B CLOCK_REALTIME -is changed by the function -.IR clock_settime (), -then this affects all timers set for an absolute time. -.SS CPT - _POSIX_CPUTIME - _SC_CPUTIME -The -.B CLOCK_PROCESS_CPUTIME_ID -clock ID is supported. -The initial value of this clock is 0 for each process. -This option implies the -.B _POSIX_TIMERS -option. -The function -.IR clock_getcpuclockid () -is present. -.\" .SS FD -.\" Fortran development -.\" .SS FR -.\" Fortran runtime -.SS --- - _POSIX_FILE_LOCKING - _SC_FILE_LOCKING -This option has been deleted. -Not in final XPG6. -.SS FSC - _POSIX_FSYNC - _SC_FSYNC -The function -.IR fsync () -is present. -.SS IP6 - _POSIX_IPV6 - _SC_IPV6 -Internet Protocol Version 6 is supported. -.SS --- - _POSIX_JOB_CONTROL - _SC_JOB_CONTROL -If this option is in effect (as it always is under POSIX.1-2001), -then the system implements POSIX-style job control, -and the following functions are present: -.P -.nf -.in +4n -.IR setpgid () -.IR tcdrain () -.IR tcflush () -.IR tcgetpgrp () -.IR tcsendbreak () -.IR tcsetattr () -.IR tcsetpgrp () -.in -.fi -.SS MF - _POSIX_MAPPED_FILES - _SC_MAPPED_FILES -Shared memory is supported. -The include file -.I -is present. -The following functions are present: -.P -.nf -.in +4n -.IR mmap () -.IR msync () -.IR munmap () -.in -.fi -.SS ML - _POSIX_MEMLOCK - _SC_MEMLOCK -Shared memory can be locked into core. -The following functions are present: -.P -.nf -.in +4n -.IR mlockall () -.IR munlockall () -.in -.fi -.SS MR/MLR - _POSIX_MEMLOCK_RANGE - _SC_MEMLOCK_RANGE -More precisely, ranges can be locked into core. -The following functions are present: -.P -.nf -.in +4n -.IR mlock () -.IR munlock () -.in -.fi -.SS MPR - _POSIX_MEMORY_PROTECTION - _SC_MEMORY_PROTECTION -The function -.IR mprotect () -is present. -.SS MSG - _POSIX_MESSAGE_PASSING - _SC_MESSAGE_PASSING -The include file -.I -is present. -The following functions are present: -.P -.nf -.in +4n -.IR mq_close () -.IR mq_getattr () -.IR mq_notify () -.IR mq_open () -.IR mq_receive () -.IR mq_send () -.IR mq_setattr () -.IR mq_unlink () -.in -.fi -.SS MON - _POSIX_MONOTONIC_CLOCK - _SC_MONOTONIC_CLOCK -.B CLOCK_MONOTONIC -is supported. -This option implies the -.B _POSIX_TIMERS -option. -The following functions are affected: -.P -.nf -.in +4n -.IR aio_suspend () -.IR clock_getres () -.IR clock_gettime () -.IR clock_settime () -.IR timer_create () -.in -.fi -.SS --- - _POSIX_MULTI_PROCESS - _SC_MULTI_PROCESS -This option has been deleted. -Not in final XPG6. -.\" .SS MX -.\" IEC 60559 Floating-Point Option. -.SS --- - _POSIX_NO_TRUNC -If this option is in effect (as it always is under POSIX.1-2001), -then pathname components longer than -.B NAME_MAX -are not truncated, -but give an error. -This property may be dependent on the path prefix of the component. -.SS PIO - _POSIX_PRIORITIZED_IO - _SC_PRIORITIZED_IO -This option says that one can specify priorities for asynchronous I/O. -This affects the functions -.P -.nf -.in +4n -.IR aio_read () -.IR aio_write () -.in -.fi -.SS PS - _POSIX_PRIORITY_SCHEDULING - _SC_PRIORITY_SCHEDULING -The include file -.I -is present. -The following functions are present: -.P -.nf -.in +4n -.IR sched_get_priority_max () -.IR sched_get_priority_min () -.IR sched_getparam () -.IR sched_getscheduler () -.IR sched_rr_get_interval () -.IR sched_setparam () -.IR sched_setscheduler () -.IR sched_yield () -.in -.fi -.P -If also -.B _POSIX_SPAWN -is in effect, then the following functions are present: -.P -.nf -.in +4n -.IR posix_spawnattr_getschedparam () -.IR posix_spawnattr_getschedpolicy () -.IR posix_spawnattr_setschedparam () -.IR posix_spawnattr_setschedpolicy () -.in -.fi -.SS RS - _POSIX_RAW_SOCKETS -Raw sockets are supported. -The following functions are affected: -.P -.nf -.in +4n -.IR getsockopt () -.IR setsockopt () -.in -.fi -.SS --- - _POSIX_READER_WRITER_LOCKS - _SC_READER_WRITER_LOCKS -This option implies the -.B _POSIX_THREADS -option. -Conversely, -under POSIX.1-2001 the -.B _POSIX_THREADS -option implies this option. -.P -The following functions are present: -.P -.in +4n -.nf -.IR pthread_rwlock_destroy () -.IR pthread_rwlock_init () -.IR pthread_rwlock_rdlock () -.IR pthread_rwlock_tryrdlock () -.IR pthread_rwlock_trywrlock () -.IR pthread_rwlock_unlock () -.IR pthread_rwlock_wrlock () -.IR pthread_rwlockattr_destroy () -.IR pthread_rwlockattr_init () -.in -.fi -.SS RTS - _POSIX_REALTIME_SIGNALS - _SC_REALTIME_SIGNALS -Realtime signals are supported. -The following functions are present: -.P -.nf -.in +4n -.IR sigqueue () -.IR sigtimedwait () -.IR sigwaitinfo () -.in -.fi -.SS --- - _POSIX_REGEXP - _SC_REGEXP -If this option is in effect (as it always is under POSIX.1-2001), -then POSIX regular expressions are supported -and the following functions are present: -.P -.nf -.in +4n -.IR regcomp () -.IR regerror () -.IR regexec () -.IR regfree () -.in -.fi -.SS --- - _POSIX_SAVED_IDS - _SC_SAVED_IDS -If this option is in effect (as it always is under POSIX.1-2001), -then a process has a saved set-user-ID and a saved set-group-ID. -The following functions are affected: -.P -.nf -.in +4n -.IR exec () -.IR kill () -.IR seteuid () -.IR setegid () -.IR setgid () -.IR setuid () -.in -.fi -.\" .SS SD -.\" Software development -.SS SEM - _POSIX_SEMAPHORES - _SC_SEMAPHORES -The include file -.I -is present. -The following functions are present: -.P -.nf -.in +4n -.IR sem_close () -.IR sem_destroy () -.IR sem_getvalue () -.IR sem_init () -.IR sem_open () -.IR sem_post () -.IR sem_trywait () -.IR sem_unlink () -.IR sem_wait () -.in -.fi -.SS SHM - _POSIX_SHARED_MEMORY_OBJECTS - _SC_SHARED_MEMORY_OBJECTS -The following functions are present: -.P -.nf -.in +4n -.IR mmap () -.IR munmap () -.IR shm_open () -.IR shm_unlink () -.in -.fi -.SS --- - _POSIX_SHELL - _SC_SHELL -If this option is in effect (as it always is under POSIX.1-2001), -the function -.IR system () -is present. -.SS SPN - _POSIX_SPAWN - _SC_SPAWN -This option describes support for process creation in a context where -it is difficult or impossible to use -.IR fork (), -for example, because no MMU is present. -.P -If -.B _POSIX_SPAWN -is in effect, then the include file -.I -and the following functions are present: -.P -.nf -.in +4n -.IR posix_spawn () -.IR posix_spawn_file_actions_addclose () -.IR posix_spawn_file_actions_adddup2 () -.IR posix_spawn_file_actions_addopen () -.IR posix_spawn_file_actions_destroy () -.IR posix_spawn_file_actions_init () -.IR posix_spawnattr_destroy () -.IR posix_spawnattr_getsigdefault () -.IR posix_spawnattr_getflags () -.IR posix_spawnattr_getpgroup () -.IR posix_spawnattr_getsigmask () -.IR posix_spawnattr_init () -.IR posix_spawnattr_setsigdefault () -.IR posix_spawnattr_setflags () -.IR posix_spawnattr_setpgroup () -.IR posix_spawnattr_setsigmask () -.IR posix_spawnp () -.in -.fi -.P -If also -.B _POSIX_PRIORITY_SCHEDULING -is in effect, then -the following functions are present: -.P -.nf -.in +4n -.IR posix_spawnattr_getschedparam () -.IR posix_spawnattr_getschedpolicy () -.IR posix_spawnattr_setschedparam () -.IR posix_spawnattr_setschedpolicy () -.in -.fi -.SS SPI - _POSIX_SPIN_LOCKS - _SC_SPIN_LOCKS -This option implies the -.B _POSIX_THREADS -and -.B _POSIX_THREAD_SAFE_FUNCTIONS -options. -The following functions are present: -.P -.nf -.in +4n -.IR pthread_spin_destroy () -.IR pthread_spin_init () -.IR pthread_spin_lock () -.IR pthread_spin_trylock () -.IR pthread_spin_unlock () -.in -4n -.fi -.SS SS - _POSIX_SPORADIC_SERVER - _SC_SPORADIC_SERVER -The scheduling policy -.B SCHED_SPORADIC -is supported. -This option implies the -.B _POSIX_PRIORITY_SCHEDULING -option. -The following functions are affected: -.P -.nf -.in +4n -.IR sched_setparam () -.IR sched_setscheduler () -.in -.fi -.SS SIO - _POSIX_SYNCHRONIZED_IO - _SC_SYNCHRONIZED_IO -The following functions are affected: -.P -.nf -.in +4n -.IR open () -.IR msync () -.IR fsync () -.IR fdatasync () -.in -.fi -.SS TSA - _POSIX_THREAD_ATTR_STACKADDR - _SC_THREAD_ATTR_STACKADDR -The following functions are affected: -.P -.nf -.in +4n -.IR pthread_attr_getstack () -.IR pthread_attr_getstackaddr () -.IR pthread_attr_setstack () -.IR pthread_attr_setstackaddr () -.in -.fi -.SS TSS - _POSIX_THREAD_ATTR_STACKSIZE - _SC_THREAD_ATTR_STACKSIZE -The following functions are affected: -.P -.nf -.in +4n -.IR pthread_attr_getstack () -.IR pthread_attr_getstacksize () -.IR pthread_attr_setstack () -.IR pthread_attr_setstacksize () -.in -.fi -.SS TCT - _POSIX_THREAD_CPUTIME - _SC_THREAD_CPUTIME -The clockID CLOCK_THREAD_CPUTIME_ID is supported. -This option implies the -.B _POSIX_TIMERS -option. -The following functions are affected: -.P -.nf -.in +4n -.IR pthread_getcpuclockid () -.IR clock_getres () -.IR clock_gettime () -.IR clock_settime () -.IR timer_create () -.in -.fi -.SS TPI - _POSIX_THREAD_PRIO_INHERIT - _SC_THREAD_PRIO_INHERIT -The following functions are affected: -.P -.nf -.in +4n -.IR pthread_mutexattr_getprotocol () -.IR pthread_mutexattr_setprotocol () -.in -.fi -.SS TPP - _POSIX_THREAD_PRIO_PROTECT - _SC_THREAD_PRIO_PROTECT -The following functions are affected: -.P -.nf -.in +4n -.IR pthread_mutex_getprioceiling () -.IR pthread_mutex_setprioceiling () -.IR pthread_mutexattr_getprioceiling () -.IR pthread_mutexattr_getprotocol () -.IR pthread_mutexattr_setprioceiling () -.IR pthread_mutexattr_setprotocol () -.in -.fi -.SS TPS - _POSIX_THREAD_PRIORITY_SCHEDULING - _SC_THREAD_PRIORITY_SCHEDULING -If this option is in effect, the different threads inside a process -can run with different priorities and/or different schedulers. -The following functions are affected: -.P -.nf -.in +4n -.IR pthread_attr_getinheritsched () -.IR pthread_attr_getschedpolicy () -.IR pthread_attr_getscope () -.IR pthread_attr_setinheritsched () -.IR pthread_attr_setschedpolicy () -.IR pthread_attr_setscope () -.IR pthread_getschedparam () -.IR pthread_setschedparam () -.IR pthread_setschedprio () -.in -.fi -.SS TSH - _POSIX_THREAD_PROCESS_SHARED - _SC_THREAD_PROCESS_SHARED -The following functions are affected: -.P -.nf -.in +4n -.IR pthread_barrierattr_getpshared () -.IR pthread_barrierattr_setpshared () -.IR pthread_condattr_getpshared () -.IR pthread_condattr_setpshared () -.IR pthread_mutexattr_getpshared () -.IR pthread_mutexattr_setpshared () -.IR pthread_rwlockattr_getpshared () -.IR pthread_rwlockattr_setpshared () -.in -.fi -.SS TSF - _POSIX_THREAD_SAFE_FUNCTIONS - _SC_THREAD_SAFE_FUNCTIONS -The following functions are affected: -.P -.nf -.in +4n -.IR readdir_r () -.IR getgrgid_r () -.IR getgrnam_r () -.IR getpwnam_r () -.IR getpwuid_r () -.IR flockfile () -.IR ftrylockfile () -.IR funlockfile () -.IR getc_unlocked () -.IR getchar_unlocked () -.IR putc_unlocked () -.IR putchar_unlocked () -.IR rand_r () -.IR strerror_r () -.IR strtok_r () -.IR asctime_r () -.IR ctime_r () -.IR gmtime_r () -.IR localtime_r () -.in -.fi -.SS TSP - _POSIX_THREAD_SPORADIC_SERVER - _SC_THREAD_SPORADIC_SERVER -This option implies the -.B _POSIX_THREAD_PRIORITY_SCHEDULING -option. -The following functions are affected: -.P -.nf -.in +4n -.IR sched_getparam () -.IR sched_setparam () -.IR sched_setscheduler () -.in -.fi -.SS THR - _POSIX_THREADS - _SC_THREADS -Basic support for POSIX threads is available. -The following functions are present: -.P -.nf -.in +4n -.IR pthread_atfork () -.IR pthread_attr_destroy () -.IR pthread_attr_getdetachstate () -.IR pthread_attr_getschedparam () -.IR pthread_attr_init () -.IR pthread_attr_setdetachstate () -.IR pthread_attr_setschedparam () -.IR pthread_cancel () -.IR pthread_cleanup_push () -.IR pthread_cleanup_pop () -.IR pthread_cond_broadcast () -.IR pthread_cond_destroy () -.IR pthread_cond_init () -.IR pthread_cond_signal () -.IR pthread_cond_timedwait () -.IR pthread_cond_wait () -.IR pthread_condattr_destroy () -.IR pthread_condattr_init () -.IR pthread_create () -.IR pthread_detach () -.IR pthread_equal () -.IR pthread_exit () -.IR pthread_getspecific () -.IR pthread_join () -.IR pthread_key_create () -.IR pthread_key_delete () -.IR pthread_mutex_destroy () -.IR pthread_mutex_init () -.IR pthread_mutex_lock () -.IR pthread_mutex_trylock () -.IR pthread_mutex_unlock () -.IR pthread_mutexattr_destroy () -.IR pthread_mutexattr_init () -.IR pthread_once () -.IR pthread_rwlock_destroy () -.IR pthread_rwlock_init () -.IR pthread_rwlock_rdlock () -.IR pthread_rwlock_tryrdlock () -.IR pthread_rwlock_trywrlock () -.IR pthread_rwlock_unlock () -.IR pthread_rwlock_wrlock () -.IR pthread_rwlockattr_destroy () -.IR pthread_rwlockattr_init () -.IR pthread_self () -.IR pthread_setcancelstate () -.IR pthread_setcanceltype () -.IR pthread_setspecific () -.IR pthread_testcancel () -.in -.fi -.SS TMO - _POSIX_TIMEOUTS - _SC_TIMEOUTS -The following functions are present: -.P -.nf -.in +4n -.IR mq_timedreceive () -.IR mq_timedsend () -.IR pthread_mutex_timedlock () -.IR pthread_rwlock_timedrdlock () -.IR pthread_rwlock_timedwrlock () -.IR sem_timedwait () -.IR posix_trace_timedgetnext_event () -.in -.fi -.SS TMR - _POSIX_TIMERS - _SC_TIMERS -The following functions are present: -.P -.nf -.in +4n -.IR clock_getres () -.IR clock_gettime () -.IR clock_settime () -.IR nanosleep () -.IR timer_create () -.IR timer_delete () -.IR timer_gettime () -.IR timer_getoverrun () -.IR timer_settime () -.in -.fi -.SS TRC - _POSIX_TRACE - _SC_TRACE -POSIX tracing is available. -The following functions are present: -.P -.nf -.in +4n -.IR posix_trace_attr_destroy () -.IR posix_trace_attr_getclockres () -.IR posix_trace_attr_getcreatetime () -.IR posix_trace_attr_getgenversion () -.IR posix_trace_attr_getmaxdatasize () -.IR posix_trace_attr_getmaxsystemeventsize () -.IR posix_trace_attr_getmaxusereventsize () -.IR posix_trace_attr_getname () -.IR posix_trace_attr_getstreamfullpolicy () -.IR posix_trace_attr_getstreamsize () -.IR posix_trace_attr_init () -.IR posix_trace_attr_setmaxdatasize () -.IR posix_trace_attr_setname () -.IR posix_trace_attr_setstreamsize () -.IR posix_trace_attr_setstreamfullpolicy () -.IR posix_trace_clear () -.IR posix_trace_create () -.IR posix_trace_event () -.IR posix_trace_eventid_equal () -.IR posix_trace_eventid_get_name () -.IR posix_trace_eventid_open () -.IR posix_trace_eventtypelist_getnext_id () -.IR posix_trace_eventtypelist_rewind () -.IR posix_trace_flush () -.IR posix_trace_get_attr () -.IR posix_trace_get_status () -.IR posix_trace_getnext_event () -.IR posix_trace_shutdown () -.IR posix_trace_start () -.IR posix_trace_stop () -.IR posix_trace_trygetnext_event () -.in -.fi -.SS TEF - _POSIX_TRACE_EVENT_FILTER - _SC_TRACE_EVENT_FILTER -This option implies the -.B _POSIX_TRACE -option. -The following functions are present: -.P -.nf -.in +4n -.IR posix_trace_eventset_add () -.IR posix_trace_eventset_del () -.IR posix_trace_eventset_empty () -.IR posix_trace_eventset_fill () -.IR posix_trace_eventset_ismember () -.IR posix_trace_get_filter () -.IR posix_trace_set_filter () -.IR posix_trace_trid_eventid_open () -.in -.fi -.SS TRI - _POSIX_TRACE_INHERIT - _SC_TRACE_INHERIT -Tracing children of the traced process is supported. -This option implies the -.B _POSIX_TRACE -option. -The following functions are present: -.P -.nf -.in +4n -.IR posix_trace_attr_getinherited () -.IR posix_trace_attr_setinherited () -.in -.fi -.SS TRL - _POSIX_TRACE_LOG - _SC_TRACE_LOG -This option implies the -.B _POSIX_TRACE -option. -The following functions are present: -.P -.nf -.in +4n -.IR posix_trace_attr_getlogfullpolicy () -.IR posix_trace_attr_getlogsize () -.IR posix_trace_attr_setlogfullpolicy () -.IR posix_trace_attr_setlogsize () -.IR posix_trace_close () -.IR posix_trace_create_withlog () -.IR posix_trace_open () -.IR posix_trace_rewind () -.in -.fi -.SS TYM - _POSIX_TYPED_MEMORY_OBJECTS - _SC_TYPED_MEMORY_OBJECT -The following functions are present: -.P -.nf -.in +4n -.IR posix_mem_offset () -.IR posix_typed_mem_get_info () -.IR posix_typed_mem_open () -.in -.fi -.SS --- - _POSIX_VDISABLE -Always present (probably 0). -Value to set a changeable special control -character to indicate that it is disabled. -.SH X/OPEN SYSTEM INTERFACE EXTENSIONS -.SS XSI - _XOPEN_CRYPT - _SC_XOPEN_CRYPT -The following functions are present: -.P -.nf -.in +4n -.IR crypt () -.IR encrypt () -.IR setkey () -.fi -.SS XSI - _XOPEN_REALTIME - _SC_XOPEN_REALTIME -This option implies the following options: -.P -.PD 0 -.TP -.BR _POSIX_ASYNCHRONOUS_IO == 200112L -.TP -.B _POSIX_FSYNC -.TP -.B _POSIX_MAPPED_FILES -.TP -.BR _POSIX_MEMLOCK == 200112L -.TP -.BR _POSIX_MEMLOCK_RANGE == 200112L -.TP -.B _POSIX_MEMORY_PROTECTION -.TP -.BR _POSIX_MESSAGE_PASSING == 200112L -.TP -.B _POSIX_PRIORITIZED_IO -.TP -.BR _POSIX_PRIORITY_SCHEDULING == 200112L -.TP -.BR _POSIX_REALTIME_SIGNALS == 200112L -.TP -.BR _POSIX_SEMAPHORES == 200112L -.TP -.BR _POSIX_SHARED_MEMORY_OBJECTS == 200112L -.TP -.BR _POSIX_SYNCHRONIZED_IO == 200112L -.TP -.BR _POSIX_TIMERS == 200112L -.PD -.\" -.SS ADV - --- - --- -The Advanced Realtime option group implies that the following options -are all defined to 200112L: -.P -.PD 0 -.TP -.B _POSIX_ADVISORY_INFO -.TP -.B _POSIX_CLOCK_SELECTION -(implies -.BR _POSIX_TIMERS ) -.TP -.B _POSIX_CPUTIME -(implies -.BR _POSIX_TIMERS ) -.TP -.B _POSIX_MONOTONIC_CLOCK -(implies -.BR _POSIX_TIMERS ) -.TP -.B _POSIX_SPAWN -.TP -.B _POSIX_SPORADIC_SERVER -(implies -.BR _POSIX_PRIORITY_SCHEDULING ) -.TP -.B _POSIX_TIMEOUTS -.TP -.B _POSIX_TYPED_MEMORY_OBJECTS -.PD -.\" -.SS XSI - _XOPEN_REALTIME_THREADS - _SC_XOPEN_REALTIME_THREADS -This option implies that the following options -are all defined to 200112L: -.P -.PD 0 -.TP -.B _POSIX_THREAD_PRIO_INHERIT -.TP -.B _POSIX_THREAD_PRIO_PROTECT -.TP -.B _POSIX_THREAD_PRIORITY_SCHEDULING -.PD -.SS ADVANCED REALTIME THREADS - --- - --- -This option implies that the following options -are all defined to 200112L: -.P -.PD 0 -.TP -.B _POSIX_BARRIERS -(implies -.BR _POSIX_THREADS , -.BR _POSIX_THREAD_SAFE_FUNCTIONS ) -.TP -.B _POSIX_SPIN_LOCKS -(implies -.BR _POSIX_THREADS , -.BR _POSIX_THREAD_SAFE_FUNCTIONS ) -.TP -.B _POSIX_THREAD_CPUTIME -(implies -.BR _POSIX_TIMERS ) -.TP -.B _POSIX_THREAD_SPORADIC_SERVER -(implies -.BR _POSIX_THREAD_PRIORITY_SCHEDULING ) -.PD -.\" -.SS TRACING - --- - --- -This option implies that the following options -are all defined to 200112L: -.P -.PD 0 -.TP -.B _POSIX_TRACE -.TP -.B _POSIX_TRACE_EVENT_FILTER -.TP -.B _POSIX_TRACE_LOG -.TP -.B _POSIX_TRACE_INHERIT -.PD -.SS STREAMS - _XOPEN_STREAMS - _SC_XOPEN_STREAMS -The following functions are present: -.P -.nf -.in +4n -.IR fattach () -.IR fdetach () -.IR getmsg () -.IR getpmsg () -.IR ioctl () -.IR isastream () -.IR putmsg () -.IR putpmsg () -.in -.fi -.SS XSI - _XOPEN_LEGACY - _SC_XOPEN_LEGACY -Functions included in the legacy option group were previously mandatory, -but are now optional in this version. -The following functions are present: -.P -.nf -.in +4n -.IR bcmp () -.IR bcopy () -.IR bzero () -.IR ecvt () -.IR fcvt () -.IR ftime () -.IR gcvt () -.IR getwd () -.IR index () -.IR mktemp () -.IR rindex () -.IR utimes () -.IR wcswcs () -.in -.fi -.SS XSI - _XOPEN_UNIX - _SC_XOPEN_UNIX -The following functions are present: -.P -.nf -.in +4n -.IR mmap () -.IR munmap () -.IR msync () -.in -.fi -.P -This option implies the following options: -.P -.PD 0 -.TP -.B _POSIX_FSYNC -.TP -.B _POSIX_MAPPED_FILES -.TP -.B _POSIX_MEMORY_PROTECTION -.TP -.B _POSIX_THREAD_ATTR_STACKADDR -.TP -.B _POSIX_THREAD_ATTR_STACKSIZE -.TP -.B _POSIX_THREAD_PROCESS_SHARED -.TP -.B _POSIX_THREAD_SAFE_FUNCTIONS -.TP -.B _POSIX_THREADS -.PD -.P -This option may imply the following options from the XSI option groups: -.P -.PD 0 -.TP -.RB "Encryption (" _XOPEN_CRYPT ) -.TP -.RB "Realtime (" _XOPEN_REALTIME ) -.TP -.RB "Advanced Realtime (" ADB ) -.TP -.RB "Realtime Threads (" _XOPEN_REALTIME_THREADS ) -.TP -.RB "Advanced Realtime Threads (" "ADVANCED REALTIME THREADS" ) -.TP -.RB "Tracing (" TRACING ) -.TP -.RB "XSI Streams (" STREAMS ) -.TP -.RB "Legacy (" _XOPEN_LEGACY ) -.PD -.SH SEE ALSO -.BR sysconf (3), -.BR standards (7) diff --git a/man7/precedence.7 b/man7/precedence.7 deleted file mode 100644 index 6ef216d..0000000 --- a/man7/precedence.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/operator.7 diff --git a/man7/process-keyring.7 b/man7/process-keyring.7 deleted file mode 100644 index 23a7722..0000000 --- a/man7/process-keyring.7 +++ /dev/null @@ -1,55 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH process-keyring 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -process-keyring \- per-process shared keyring -.SH DESCRIPTION -The process keyring is a keyring used to anchor keys on behalf of a process. -It is created only when a process requests it. -The process keyring has the name (description) -.IR _pid . -.P -A special serial number value, -.BR KEY_SPEC_PROCESS_KEYRING , -is defined that can be used in lieu of the actual serial number of -the calling process's process keyring. -.P -From the -.BR keyctl (1) -utility, '\fB@p\fP' can be used instead of a numeric key ID in -much the same way, but since -.BR keyctl (1) -is a program run after forking, this is of no utility. -.P -A thread created using the -.BR clone (2) -.B CLONE_THREAD -flag has the same process keyring as the caller of -.BR clone (2). -When a new process is created using -.BR fork () -it initially has no process keyring. -A process's process keyring is cleared on -.BR execve (2). -The process keyring is destroyed when the last -thread that refers to it terminates. -.P -If a process doesn't have a process keyring when it is accessed, -then the process keyring will be created if the keyring is to be modified; -otherwise, the error -.B ENOKEY -results. -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR keyctl (3), -.BR keyrings (7), -.BR persistent\-keyring (7), -.BR session\-keyring (7), -.BR thread\-keyring (7), -.BR user\-keyring (7), -.BR user\-session\-keyring (7) diff --git a/man7/pthreads.7 b/man7/pthreads.7 deleted file mode 100644 index 6d4a5e3..0000000 --- a/man7/pthreads.7 +++ /dev/null @@ -1,937 +0,0 @@ -.\" Copyright (c) 2005 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH pthreads 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -pthreads \- POSIX threads -.SH DESCRIPTION -POSIX.1 specifies a set of interfaces (functions, header files) for -threaded programming commonly known as POSIX threads, or Pthreads. -A single process can contain multiple threads, -all of which are executing the same program. -These threads share the same global memory (data and heap segments), -but each thread has its own stack (automatic variables). -.P -POSIX.1 also requires that threads share a range of other attributes -(i.e., these attributes are process-wide rather than per-thread): -.IP \[bu] 3 -process ID -.IP \[bu] -parent process ID -.IP \[bu] -process group ID and session ID -.IP \[bu] -controlling terminal -.IP \[bu] -user and group IDs -.IP \[bu] -open file descriptors -.IP \[bu] -record locks (see -.BR fcntl (2)) -.IP \[bu] -signal dispositions -.IP \[bu] -file mode creation mask -.RB ( umask (2)) -.IP \[bu] -current directory -.RB ( chdir (2)) -and -root directory -.RB ( chroot (2)) -.IP \[bu] -interval timers -.RB ( setitimer (2)) -and POSIX timers -.RB ( timer_create (2)) -.IP \[bu] -nice value -.RB ( setpriority (2)) -.IP \[bu] -resource limits -.RB ( setrlimit (2)) -.IP \[bu] -measurements of the consumption of CPU time -.RB ( times (2)) -and resources -.RB ( getrusage (2)) -.P -As well as the stack, POSIX.1 specifies that various other -attributes are distinct for each thread, including: -.IP \[bu] 3 -thread ID (the -.I pthread_t -data type) -.IP \[bu] -signal mask -.RB ( pthread_sigmask (3)) -.IP \[bu] -the -.I errno -variable -.IP \[bu] -alternate signal stack -.RB ( sigaltstack (2)) -.IP \[bu] -real-time scheduling policy and priority -.RB ( sched (7)) -.P -The following Linux-specific features are also per-thread: -.IP \[bu] 3 -capabilities (see -.BR capabilities (7)) -.IP \[bu] -CPU affinity -.RB ( sched_setaffinity (2)) -.SS Pthreads function return values -Most pthreads functions return 0 on success, and an error number on failure. -The error numbers that can be returned have the same meaning as -the error numbers returned in -.I errno -by conventional system calls and C library functions. -Note that the pthreads functions do not set -.IR errno . -For each of the pthreads functions that can return an error, -POSIX.1-2001 specifies that the function can never fail with the error -.BR EINTR . -.SS Thread IDs -Each of the threads in a process has a unique thread identifier -(stored in the type -.IR pthread_t ). -This identifier is returned to the caller of -.BR pthread_create (3), -and a thread can obtain its own thread identifier using -.BR pthread_self (3). -.P -Thread IDs are guaranteed to be unique only within a process. -(In all pthreads functions that accept a thread ID as an argument, -that ID by definition refers to a thread in -the same process as the caller.) -.P -The system may reuse a thread ID after a terminated thread has been joined, -or a detached thread has terminated. -POSIX says: "If an application attempts to use a thread ID whose -lifetime has ended, the behavior is undefined." -.SS Thread-safe functions -A thread-safe function is one that can be safely -(i.e., it will deliver the same results regardless of whether it is) -called from multiple threads at the same time. -.P -POSIX.1-2001 and POSIX.1-2008 require that all functions specified -in the standard shall be thread-safe, -except for the following functions: -.P -.in +4n -.EX -asctime() -basename() -catgets() -crypt() -ctermid() if passed a non-NULL argument -ctime() -dbm_clearerr() -dbm_close() -dbm_delete() -dbm_error() -dbm_fetch() -dbm_firstkey() -dbm_nextkey() -dbm_open() -dbm_store() -dirname() -dlerror() -drand48() -ecvt() [POSIX.1-2001 only (function removed in POSIX.1-2008)] -encrypt() -endgrent() -endpwent() -endutxent() -fcvt() [POSIX.1-2001 only (function removed in POSIX.1-2008)] -ftw() -gcvt() [POSIX.1-2001 only (function removed in POSIX.1-2008)] -getc_unlocked() -getchar_unlocked() -getdate() -getenv() -getgrent() -getgrgid() -getgrnam() -gethostbyaddr() [POSIX.1-2001 only (function removed in - POSIX.1-2008)] -gethostbyname() [POSIX.1-2001 only (function removed in - POSIX.1-2008)] -gethostent() -getlogin() -getnetbyaddr() -getnetbyname() -getnetent() -getopt() -getprotobyname() -getprotobynumber() -getprotoent() -getpwent() -getpwnam() -getpwuid() -getservbyname() -getservbyport() -getservent() -getutxent() -getutxid() -getutxline() -gmtime() -hcreate() -hdestroy() -hsearch() -inet_ntoa() -l64a() -lgamma() -lgammaf() -lgammal() -localeconv() -localtime() -lrand48() -mrand48() -nftw() -nl_langinfo() -ptsname() -putc_unlocked() -putchar_unlocked() -putenv() -pututxline() -rand() -readdir() -setenv() -setgrent() -setkey() -setpwent() -setutxent() -strerror() -strsignal() [Added in POSIX.1-2008] -strtok() -system() [Added in POSIX.1-2008] -tmpnam() if passed a non-NULL argument -ttyname() -unsetenv() -wcrtomb() if its final argument is NULL -wcsrtombs() if its final argument is NULL -wcstombs() -wctomb() -.EE -.in -.SS Async-cancel-safe functions -An async-cancel-safe function is one that can be safely called -in an application where asynchronous cancelability is enabled (see -.BR pthread_setcancelstate (3)). -.P -Only the following functions are required to be async-cancel-safe by -POSIX.1-2001 and POSIX.1-2008: -.P -.in +4n -.EX -pthread_cancel() -pthread_setcancelstate() -pthread_setcanceltype() -.EE -.in -.SS Cancelation points -POSIX.1 specifies that certain functions must, -and certain other functions may, be cancelation points. -If a thread is cancelable, its cancelability type is deferred, -and a cancelation request is pending for the thread, -then the thread is canceled when it calls a function -that is a cancelation point. -.P -The following functions are required to be cancelation points by -POSIX.1-2001 and/or POSIX.1-2008: -.P -.\" FIXME -.\" Document the list of all functions that are cancelation points in glibc -.in +4n -.EX -accept() -aio_suspend() -clock_nanosleep() -close() -connect() -creat() -fcntl() F_SETLKW -fdatasync() -fsync() -getmsg() -getpmsg() -lockf() F_LOCK -mq_receive() -mq_send() -mq_timedreceive() -mq_timedsend() -msgrcv() -msgsnd() -msync() -nanosleep() -open() -openat() [Added in POSIX.1-2008] -pause() -poll() -pread() -pselect() -pthread_cond_timedwait() -pthread_cond_wait() -pthread_join() -pthread_testcancel() -putmsg() -putpmsg() -pwrite() -read() -readv() -recv() -recvfrom() -recvmsg() -select() -sem_timedwait() -sem_wait() -send() -sendmsg() -sendto() -sigpause() [POSIX.1-2001 only (moves to "may" list in POSIX.1-2008)] -sigsuspend() -sigtimedwait() -sigwait() -sigwaitinfo() -sleep() -system() -tcdrain() -usleep() [POSIX.1-2001 only (function removed in POSIX.1-2008)] -wait() -waitid() -waitpid() -write() -writev() -.EE -.in -.P -The following functions may be cancelation points according to -POSIX.1-2001 and/or POSIX.1-2008: -.P -.in +4n -.EX -access() -asctime() -asctime_r() -catclose() -catgets() -catopen() -chmod() [Added in POSIX.1-2008] -chown() [Added in POSIX.1-2008] -closedir() -closelog() -ctermid() -ctime() -ctime_r() -dbm_close() -dbm_delete() -dbm_fetch() -dbm_nextkey() -dbm_open() -dbm_store() -dlclose() -dlopen() -dprintf() [Added in POSIX.1-2008] -endgrent() -endhostent() -endnetent() -endprotoent() -endpwent() -endservent() -endutxent() -faccessat() [Added in POSIX.1-2008] -fchmod() [Added in POSIX.1-2008] -fchmodat() [Added in POSIX.1-2008] -fchown() [Added in POSIX.1-2008] -fchownat() [Added in POSIX.1-2008] -fclose() -fcntl() (for any value of cmd argument) -fflush() -fgetc() -fgetpos() -fgets() -fgetwc() -fgetws() -fmtmsg() -fopen() -fpathconf() -fprintf() -fputc() -fputs() -fputwc() -fputws() -fread() -freopen() -fscanf() -fseek() -fseeko() -fsetpos() -fstat() -fstatat() [Added in POSIX.1-2008] -ftell() -ftello() -ftw() -futimens() [Added in POSIX.1-2008] -fwprintf() -fwrite() -fwscanf() -getaddrinfo() -getc() -getc_unlocked() -getchar() -getchar_unlocked() -getcwd() -getdate() -getdelim() [Added in POSIX.1-2008] -getgrent() -getgrgid() -getgrgid_r() -getgrnam() -getgrnam_r() -gethostbyaddr() [POSIX.1-2001 only (function removed in - POSIX.1-2008)] -gethostbyname() [POSIX.1-2001 only (function removed in - POSIX.1-2008)] -gethostent() -gethostid() -gethostname() -getline() [Added in POSIX.1-2008] -getlogin() -getlogin_r() -getnameinfo() -getnetbyaddr() -getnetbyname() -getnetent() -getopt() (if opterr is nonzero) -getprotobyname() -getprotobynumber() -getprotoent() -getpwent() -getpwnam() -getpwnam_r() -getpwuid() -getpwuid_r() -gets() -getservbyname() -getservbyport() -getservent() -getutxent() -getutxid() -getutxline() -getwc() -getwchar() -getwd() [POSIX.1-2001 only (function removed in POSIX.1-2008)] -glob() -iconv_close() -iconv_open() -ioctl() -link() -linkat() [Added in POSIX.1-2008] -lio_listio() [Added in POSIX.1-2008] -localtime() -localtime_r() -lockf() [Added in POSIX.1-2008] -lseek() -lstat() -mkdir() [Added in POSIX.1-2008] -mkdirat() [Added in POSIX.1-2008] -mkdtemp() [Added in POSIX.1-2008] -mkfifo() [Added in POSIX.1-2008] -mkfifoat() [Added in POSIX.1-2008] -mknod() [Added in POSIX.1-2008] -mknodat() [Added in POSIX.1-2008] -mkstemp() -mktime() -nftw() -opendir() -openlog() -pathconf() -pclose() -perror() -popen() -posix_fadvise() -posix_fallocate() -posix_madvise() -posix_openpt() -posix_spawn() -posix_spawnp() -posix_trace_clear() -posix_trace_close() -posix_trace_create() -posix_trace_create_withlog() -posix_trace_eventtypelist_getnext_id() -posix_trace_eventtypelist_rewind() -posix_trace_flush() -posix_trace_get_attr() -posix_trace_get_filter() -posix_trace_get_status() -posix_trace_getnext_event() -posix_trace_open() -posix_trace_rewind() -posix_trace_set_filter() -posix_trace_shutdown() -posix_trace_timedgetnext_event() -posix_typed_mem_open() -printf() -psiginfo() [Added in POSIX.1-2008] -psignal() [Added in POSIX.1-2008] -pthread_rwlock_rdlock() -pthread_rwlock_timedrdlock() -pthread_rwlock_timedwrlock() -pthread_rwlock_wrlock() -putc() -putc_unlocked() -putchar() -putchar_unlocked() -puts() -pututxline() -putwc() -putwchar() -readdir() -readdir_r() -readlink() [Added in POSIX.1-2008] -readlinkat() [Added in POSIX.1-2008] -remove() -rename() -renameat() [Added in POSIX.1-2008] -rewind() -rewinddir() -scandir() [Added in POSIX.1-2008] -scanf() -seekdir() -semop() -setgrent() -sethostent() -setnetent() -setprotoent() -setpwent() -setservent() -setutxent() -sigpause() [Added in POSIX.1-2008] -stat() -strerror() -strerror_r() -strftime() -symlink() -symlinkat() [Added in POSIX.1-2008] -sync() -syslog() -tmpfile() -tmpnam() -ttyname() -ttyname_r() -tzset() -ungetc() -ungetwc() -unlink() -unlinkat() [Added in POSIX.1-2008] -utime() [Added in POSIX.1-2008] -utimensat() [Added in POSIX.1-2008] -utimes() [Added in POSIX.1-2008] -vdprintf() [Added in POSIX.1-2008] -vfprintf() -vfwprintf() -vprintf() -vwprintf() -wcsftime() -wordexp() -wprintf() -wscanf() -.EE -.in -.P -An implementation may also mark other functions -not specified in the standard as cancelation points. -In particular, an implementation is likely to mark -any nonstandard function that may block as a cancelation point. -(This includes most functions that can touch files.) -.P -It should be noted that even if an application is not using -asynchronous cancelation, that calling a function from the above list -from an asynchronous signal handler may cause the equivalent of -asynchronous cancelation. -The underlying user code may not expect -asynchronous cancelation and the state of the user data may become -inconsistent. -Therefore signals should be used with caution when -entering a region of deferred cancelation. -.\" So, scanning "cancelation point" comments in the glibc 2.8 header -.\" files, it looks as though at least the following nonstandard -.\" functions are cancelation points: -.\" endnetgrent -.\" endspent -.\" epoll_pwait -.\" epoll_wait -.\" fcloseall -.\" fdopendir -.\" fflush_unlocked -.\" fgetc_unlocked -.\" fgetgrent -.\" fgetgrent_r -.\" fgetpwent -.\" fgetpwent_r -.\" fgets_unlocked -.\" fgetspent -.\" fgetspent_r -.\" fgetwc_unlocked -.\" fgetws_unlocked -.\" fputc_unlocked -.\" fputs_unlocked -.\" fputwc_unlocked -.\" fputws_unlocked -.\" fread_unlocked -.\" fwrite_unlocked -.\" gai_suspend -.\" getaddrinfo_a -.\" getdate_r -.\" getgrent_r -.\" getgrouplist -.\" gethostbyaddr_r -.\" gethostbyname2 -.\" gethostbyname2_r -.\" gethostbyname_r -.\" gethostent_r -.\" getnetbyaddr_r -.\" getnetbyname_r -.\" getnetent_r -.\" getnetgrent -.\" getnetgrent_r -.\" getprotobyname_r -.\" getprotobynumber_r -.\" getprotoent_r -.\" getpw -.\" getpwent_r -.\" getservbyname_r -.\" getservbyport_r -.\" getservent_r -.\" getspent -.\" getspent_r -.\" getspnam -.\" getspnam_r -.\" getutmp -.\" getutmpx -.\" getw -.\" getwc_unlocked -.\" getwchar_unlocked -.\" initgroups -.\" innetgr -.\" mkostemp -.\" mkostemp64 -.\" mkstemp64 -.\" ppoll -.\" pthread_timedjoin_np -.\" putgrent -.\" putpwent -.\" putspent -.\" putw -.\" putwc_unlocked -.\" putwchar_unlocked -.\" rcmd -.\" rcmd_af -.\" rexec -.\" rexec_af -.\" rresvport -.\" rresvport_af -.\" ruserok -.\" ruserok_af -.\" setnetgrent -.\" setspent -.\" sgetspent -.\" sgetspent_r -.\" updwtmpx -.\" utmpxname -.\" vfscanf -.\" vfwscanf -.\" vscanf -.\" vsyslog -.\" vwscanf -.SS Compiling on Linux -On Linux, programs that use the Pthreads API should be compiled using -.IR "cc \-pthread" . -.SS Linux implementations of POSIX threads -Over time, two threading implementations have been provided by -the GNU C library on Linux: -.TP -.B LinuxThreads -This is the original Pthreads implementation. -Since glibc 2.4, this implementation is no longer supported. -.TP -.BR NPTL " (Native POSIX Threads Library)" -This is the modern Pthreads implementation. -By comparison with LinuxThreads, NPTL provides closer conformance to -the requirements of the POSIX.1 specification and better performance -when creating large numbers of threads. -NPTL is available since glibc 2.3.2, -and requires features that are present in the Linux 2.6 kernel. -.P -Both of these are so-called 1:1 implementations, meaning that each -thread maps to a kernel scheduling entity. -Both threading implementations employ the Linux -.BR clone (2) -system call. -In NPTL, thread synchronization primitives (mutexes, -thread joining, and so on) are implemented using the Linux -.BR futex (2) -system call. -.SS LinuxThreads -The notable features of this implementation are the following: -.IP \[bu] 3 -In addition to the main (initial) thread, -and the threads that the program creates using -.BR pthread_create (3), -the implementation creates a "manager" thread. -This thread handles thread creation and termination. -(Problems can result if this thread is inadvertently killed.) -.IP \[bu] -Signals are used internally by the implementation. -On Linux 2.2 and later, the first three real-time signals are used -(see also -.BR signal (7)). -On older Linux kernels, -.B SIGUSR1 -and -.B SIGUSR2 -are used. -Applications must avoid the use of whichever set of signals is -employed by the implementation. -.IP \[bu] -Threads do not share process IDs. -(In effect, LinuxThreads threads are implemented as processes which share -more information than usual, but which do not share a common process ID.) -LinuxThreads threads (including the manager thread) -are visible as separate processes using -.BR ps (1). -.P -The LinuxThreads implementation deviates from the POSIX.1 -specification in a number of ways, including the following: -.IP \[bu] 3 -Calls to -.BR getpid (2) -return a different value in each thread. -.IP \[bu] -Calls to -.BR getppid (2) -in threads other than the main thread return the process ID of the -manager thread; instead -.BR getppid (2) -in these threads should return the same value as -.BR getppid (2) -in the main thread. -.IP \[bu] -When one thread creates a new child process using -.BR fork (2), -any thread should be able to -.BR wait (2) -on the child. -However, the implementation allows only the thread that -created the child to -.BR wait (2) -on it. -.IP \[bu] -When a thread calls -.BR execve (2), -all other threads are terminated (as required by POSIX.1). -However, the resulting process has the same PID as the thread that called -.BR execve (2): -it should have the same PID as the main thread. -.IP \[bu] -Threads do not share user and group IDs. -This can cause complications with set-user-ID programs and -can cause failures in Pthreads functions if an application -changes its credentials using -.BR seteuid (2) -or similar. -.IP \[bu] -Threads do not share a common session ID and process group ID. -.IP \[bu] -Threads do not share record locks created using -.BR fcntl (2). -.IP \[bu] -The information returned by -.BR times (2) -and -.BR getrusage (2) -is per-thread rather than process-wide. -.IP \[bu] -Threads do not share semaphore undo values (see -.BR semop (2)). -.IP \[bu] -Threads do not share interval timers. -.IP \[bu] -Threads do not share a common nice value. -.IP \[bu] -POSIX.1 distinguishes the notions of signals that are directed -to the process as a whole and signals that are directed to individual -threads. -According to POSIX.1, a process-directed signal (sent using -.BR kill (2), -for example) should be handled by a single, -arbitrarily selected thread within the process. -LinuxThreads does not support the notion of process-directed signals: -signals may be sent only to specific threads. -.IP \[bu] -Threads have distinct alternate signal stack settings. -However, a new thread's alternate signal stack settings -are copied from the thread that created it, so that -the threads initially share an alternate signal stack. -(A new thread should start with no alternate signal stack defined. -If two threads handle signals on their shared alternate signal -stack at the same time, unpredictable program failures are -likely to occur.) -.SS NPTL -With NPTL, all of the threads in a process are placed -in the same thread group; -all members of a thread group share the same PID. -NPTL does not employ a manager thread. -.P -NPTL makes internal use of the first two real-time signals; -these signals cannot be used in applications. -See -.BR nptl (7) -for further details. -.P -NPTL still has at least one nonconformance with POSIX.1: -.IP \[bu] 3 -Threads do not share a common nice value. -.\" FIXME . bug report filed for NPTL nice nonconformance -.\" http://bugzilla.kernel.org/show_bug.cgi?id=6258 -.\" Sep 08: there is a patch by Denys Vlasenko to address this -.\" "make setpriority POSIX compliant; introduce PRIO_THREAD extension" -.\" Monitor this to see if it makes it into mainline. -.P -Some NPTL nonconformances occur only with older kernels: -.IP \[bu] 3 -The information returned by -.BR times (2) -and -.BR getrusage (2) -is per-thread rather than process-wide (fixed in Linux 2.6.9). -.IP \[bu] -Threads do not share resource limits (fixed in Linux 2.6.10). -.IP \[bu] -Threads do not share interval timers (fixed in Linux 2.6.12). -.IP \[bu] -Only the main thread is permitted to start a new session using -.BR setsid (2) -(fixed in Linux 2.6.16). -.IP \[bu] -Only the main thread is permitted to make the process into a -process group leader using -.BR setpgid (2) -(fixed in Linux 2.6.16). -.IP \[bu] -Threads have distinct alternate signal stack settings. -However, a new thread's alternate signal stack settings -are copied from the thread that created it, so that -the threads initially share an alternate signal stack -(fixed in Linux 2.6.16). -.P -Note the following further points about the NPTL implementation: -.IP \[bu] 3 -If the stack size soft resource limit (see the description of -.B RLIMIT_STACK -in -.BR setrlimit (2)) -is set to a value other than -.IR unlimited , -then this value defines the default stack size for new threads. -To be effective, this limit must be set before the program -is executed, perhaps using the -.I ulimit \-s -shell built-in command -.RI ( "limit stacksize" -in the C shell). -.SS Determining the threading implementation -Since glibc 2.3.2, the -.BR getconf (1) -command can be used to determine -the system's threading implementation, for example: -.P -.in +4n -.EX -bash$ getconf GNU_LIBPTHREAD_VERSION -NPTL 2.3.4 -.EE -.in -.P -With older glibc versions, a command such as the following should -be sufficient to determine the default threading implementation: -.P -.in +4n -.EX -bash$ $( ldd /bin/ls | grep libc.so | awk \[aq]{print $3}\[aq] ) | \e - egrep \-i \[aq]threads|nptl\[aq] - Native POSIX Threads Library by Ulrich Drepper et al -.EE -.in -.SS Selecting the threading implementation: LD_ASSUME_KERNEL -On systems with a glibc that supports both LinuxThreads and NPTL -(i.e., glibc 2.3.\fIx\fP), the -.B LD_ASSUME_KERNEL -environment variable can be used to override -the dynamic linker's default choice of threading implementation. -This variable tells the dynamic linker to assume that it is -running on top of a particular kernel version. -By specifying a kernel version that does not -provide the support required by NPTL, we can force the use -of LinuxThreads. -(The most likely reason for doing this is to run a -(broken) application that depends on some nonconformant behavior -in LinuxThreads.) -For example: -.P -.in +4n -.EX -bash$ $( LD_ASSUME_KERNEL=2.2.5 ldd /bin/ls | grep libc.so | \e - awk \[aq]{print $3}\[aq] ) | egrep \-i \[aq]threads|nptl\[aq] - linuxthreads\-0.10 by Xavier Leroy -.EE -.in -.SH SEE ALSO -.ad l -.nh -.BR clone (2), -.BR fork (2), -.BR futex (2), -.BR gettid (2), -.BR proc (5), -.BR attributes (7), -.BR futex (7), -.BR nptl (7), -.BR sigevent (3type), -.BR signal (7) -.P -Various Pthreads manual pages, for example: -.BR pthread_atfork (3), -.BR pthread_attr_init (3), -.BR pthread_cancel (3), -.BR pthread_cleanup_push (3), -.BR pthread_cond_signal (3), -.BR pthread_cond_wait (3), -.BR pthread_create (3), -.BR pthread_detach (3), -.BR pthread_equal (3), -.BR pthread_exit (3), -.BR pthread_key_create (3), -.BR pthread_kill (3), -.BR pthread_mutex_lock (3), -.BR pthread_mutex_unlock (3), -.BR pthread_mutexattr_destroy (3), -.BR pthread_mutexattr_init (3), -.BR pthread_once (3), -.BR pthread_spin_init (3), -.BR pthread_spin_lock (3), -.BR pthread_rwlockattr_setkind_np (3), -.BR pthread_setcancelstate (3), -.BR pthread_setcanceltype (3), -.BR pthread_setspecific (3), -.BR pthread_sigmask (3), -.BR pthread_sigqueue (3), -and -.BR pthread_testcancel (3) diff --git a/man7/pty.7 b/man7/pty.7 deleted file mode 100644 index 45cdb5f..0000000 --- a/man7/pty.7 +++ /dev/null @@ -1,161 +0,0 @@ -.\" Copyright (C) 2005 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH pty 7 2023-11-19 "Linux man-pages 6.7" -.SH NAME -pty \- pseudoterminal interfaces -.SH DESCRIPTION -A pseudoterminal (sometimes abbreviated "pty") -is a pair of virtual character devices that -provide a bidirectional communication channel. -One end of the channel is called the -.IR master ; -the other end is called the -.IR slave . -.P -The slave end of the pseudoterminal provides an interface -that behaves exactly like a classical terminal. -A process that expects to be connected to a terminal, -can open the slave end of a pseudoterminal and -then be driven by a program that has opened the master end. -Anything that is written on the master end is provided to the process -on the slave end as though it was input typed on a terminal. -For example, writing the interrupt character (usually control-C) -to the master device would cause an interrupt signal -.RB ( SIGINT ) -to be generated for the foreground process group -that is connected to the slave. -Conversely, anything that is written to the slave end of the -pseudoterminal can be read by the process that is connected to -the master end. -.P -Data flow between master and slave is handled asynchronously, -much like data flow with a physical terminal. -Data written to the slave will be available at the master promptly, -but may not be available immediately. -Similarly, there may be a small processing delay between -a write to the master, and the effect being visible at the slave. -.P -Historically, two pseudoterminal APIs have evolved: BSD and System V. -SUSv1 standardized a pseudoterminal API based on the System V API, -and this API should be employed in all new programs that use -pseudoterminals. -.P -Linux provides both BSD-style and (standardized) System V-style -pseudoterminals. -System V-style terminals are commonly called UNIX 98 pseudoterminals -on Linux systems. -.P -Since Linux 2.6.4, BSD-style pseudoterminals are considered deprecated: -support can be disabled when building the kernel by disabling the -.B CONFIG_LEGACY_PTYS -option. -(Starting with Linux 2.6.30, -that option is disabled by default in the mainline kernel.) -UNIX 98 pseudoterminals should be used in new applications. -.SS UNIX 98 pseudoterminals -An unused UNIX 98 pseudoterminal master is opened by calling -.BR posix_openpt (3). -(This function opens the master clone device, -.IR /dev/ptmx ; -see -.BR pts (4).) -After performing any program-specific initializations, -changing the ownership and permissions of the slave device using -.BR grantpt (3), -and unlocking the slave using -.BR unlockpt (3)), -the corresponding slave device can be opened by passing -the name returned by -.BR ptsname (3) -in a call to -.BR open (2). -.P -The Linux kernel imposes a limit on the number of available -UNIX 98 pseudoterminals. -Up to and including Linux 2.6.3, this limit is configured -at kernel compilation time -.RB ( CONFIG_UNIX98_PTYS ), -and the permitted number of pseudoterminals can be up to 2048, -with a default setting of 256. -Since Linux 2.6.4, the limit is dynamically adjustable via -.IR /proc/sys/kernel/pty/max , -and a corresponding file, -.IR /proc/sys/kernel/pty/nr , -indicates how many pseudoterminals are currently in use. -For further details on these two files, see -.BR proc (5). -.SS BSD pseudoterminals -BSD-style pseudoterminals are provided as precreated pairs, with -names of the form -.I /dev/ptyXY -(master) and -.I /dev/ttyXY -(slave), -where X is a letter from the 16-character set [p\-za\-e], -and Y is a letter from the 16-character set [0\-9a\-f]. -(The precise range of letters in these two sets varies across UNIX -implementations.) -For example, -.I /dev/ptyp1 -and -.I /dev/ttyp1 -constitute a BSD pseudoterminal pair. -A process finds an unused pseudoterminal pair by trying to -.BR open (2) -each pseudoterminal master until an open succeeds. -The corresponding pseudoterminal slave (substitute "tty" -for "pty" in the name of the master) can then be opened. -.SH FILES -.TP -.I /dev/ptmx -UNIX 98 master clone device -.TP -.I /dev/pts/* -UNIX 98 slave devices -.TP -.I /dev/pty[p\-za\-e][0\-9a\-f] -BSD master devices -.TP -.I /dev/tty[p\-za\-e][0\-9a\-f] -BSD slave devices -.SH NOTES -Pseudoterminals are used by applications such as network login services -(\c -.BR ssh (1), -.BR rlogin (1), -.BR telnet (1)), -terminal emulators such as -.BR xterm (1), -.BR script (1), -.BR screen (1), -.BR tmux (1), -.BR unbuffer (1), -and -.BR expect (1). -.P -A description of the -.B TIOCPKT -.BR ioctl (2), -which controls packet mode operation, can be found in -.BR ioctl_tty (2). -.P -The BSD -.BR ioctl (2) -operations -.BR TIOCSTOP , -.BR TIOCSTART , -.BR TIOCUCNTL , -and -.B TIOCREMOTE -have not been implemented under Linux. -.SH SEE ALSO -.BR ioctl_tty (2), -.BR select (2), -.BR setsid (2), -.BR forkpty (3), -.BR openpty (3), -.BR termios (3), -.BR pts (4), -.BR tty (4) diff --git a/man7/queue.7 b/man7/queue.7 deleted file mode 100644 index 469974f..0000000 --- a/man7/queue.7 +++ /dev/null @@ -1,138 +0,0 @@ -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" and Copyright (c) 2020 by Alejandro Colomar -.\" -.\" SPDX-License-Identifier: BSD-3-Clause -.\" -.\" -.TH queue 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -queue \- implementations of linked lists and queues -.SH DESCRIPTION -The -.I -header file provides a set of macros that -define and operate on the following data structures: -.TP -SLIST -singly linked lists -.TP -LIST -doubly linked lists -.TP -STAILQ -singly linked tail queues -.TP -TAILQ -doubly linked tail queues -.TP -CIRCLEQ -doubly linked circular queues -.P -All structures support the following functionality: -.IP \[bu] 3 -Insertion of a new entry at the head of the list. -.IP \[bu] -Insertion of a new entry after any element in the list. -.IP \[bu] -O(1) removal of an entry from the head of the list. -.IP \[bu] -Forward traversal through the list. -.\".IP \[bu] -.\" Swapping the contents of two lists. -.P -Code size and execution time -depend on the complexity of the data structure being used, -so programmers should take care to choose the appropriate one. -.SS Singly linked lists (SLIST) -Singly linked lists are the simplest -and support only the above functionality. -Singly linked lists are ideal for applications with -large datasets and few or no removals, -or for implementing a LIFO queue. -Singly linked lists add the following functionality: -.IP \[bu] 3 -O(n) removal of any entry in the list. -.SS Singly linked tail queues (STAILQ) -Singly linked tail queues add the following functionality: -.IP \[bu] 3 -Entries can be added at the end of a list. -.IP \[bu] -O(n) removal of any entry in the list. -.IP \[bu] -They may be concatenated. -.P -However: -.IP \[bu] 3 -All list insertions must specify the head of the list. -.IP \[bu] -Each head entry requires two pointers rather than one. -.P -Singly linked tail queues are ideal for applications with -large datasets and few or no removals, -or for implementing a FIFO queue. -.SS Doubly linked data structures -All doubly linked types of data structures (lists and tail queues) -additionally allow: -.IP \[bu] 3 -Insertion of a new entry before any element in the list. -.IP \[bu] -O(1) removal of any entry in the list. -.P -However: -.IP \[bu] 3 -Each element requires two pointers rather than one. -.SS Doubly linked lists (LIST) -Linked lists are the simplest of the doubly linked data structures. -They add the following functionality over the above: -.IP \[bu] 3 -They may be traversed backwards. -.P -However: -.IP \[bu] 3 -To traverse backwards, an entry to begin the traversal and the list in -which it is contained must be specified. -.SS Doubly linked tail queues (TAILQ) -Tail queues add the following functionality: -.IP \[bu] 3 -Entries can be added at the end of a list. -.IP \[bu] -They may be traversed backwards, from tail to head. -.IP \[bu] -They may be concatenated. -.P -However: -.IP \[bu] 3 -All list insertions and removals must specify the head of the list. -.IP \[bu] -Each head entry requires two pointers rather than one. -.SS Doubly linked circular queues (CIRCLEQ) -Circular queues add the following functionality over the above: -.IP \[bu] 3 -The first and last entries are connected. -.P -However: -.IP \[bu] 3 -The termination condition for traversal is more complex. -.SH STANDARDS -BSD. -.SH HISTORY -.I -macros first appeared in 4.4BSD. -.SH NOTES -Some BSDs provide SIMPLEQ instead of STAILQ. -They are identical, but for historical reasons -they were named differently on different BSDs. -STAILQ originated on FreeBSD, and SIMPLEQ originated on NetBSD. -For compatibility reasons, some systems provide both sets of macros. -glibc provides both STAILQ and SIMPLEQ, -which are identical except for a missing SIMPLEQ equivalent to -.BR STAILQ_CONCAT (). -.SH SEE ALSO -.BR circleq (3), -.BR insque (3), -.BR list (3), -.BR slist (3), -.BR stailq (3), -.BR tailq (3) -.\" .BR tree (3) diff --git a/man7/random.7 b/man7/random.7 deleted file mode 100644 index 5ba6d33..0000000 --- a/man7/random.7 +++ /dev/null @@ -1,213 +0,0 @@ -'\" t -.\" Copyright (C) 2008, George Spelvin , -.\" and Copyright (C) 2008, Matt Mackall -.\" and Copyright (C) 2016, Laurent Georget -.\" and Copyright (C) 2016, Nikos Mavrogiannopoulos -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" The following web page is quite informative: -.\" http://www.2uo.de/myths-about-urandom/ -.\" -.TH random 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -random \- overview of interfaces for obtaining randomness -.SH DESCRIPTION -The kernel random-number generator relies on entropy gathered from -device drivers and other sources of environmental noise to seed -a cryptographically secure pseudorandom number generator (CSPRNG). -It is designed for security, rather than speed. -.P -The following interfaces provide access to output from the kernel CSPRNG: -.IP \[bu] 3 -The -.I /dev/urandom -and -.I /dev/random -devices, both described in -.BR random (4). -These devices have been present on Linux since early times, -and are also available on many other systems. -.IP \[bu] -The Linux-specific -.BR getrandom (2) -system call, available since Linux 3.17. -This system call provides access either to the same source as -.I /dev/urandom -(called the -.I urandom -source in this page) -or to the same source as -.I /dev/random -(called the -.I random -source in this page). -The default is the -.I urandom -source; the -.I random -source is selected by specifying the -.B GRND_RANDOM -flag to the system call. -(The -.BR getentropy (3) -function provides a slightly more portable interface on top of -.BR getrandom (2).) -.\" -.SS Initialization of the entropy pool -The kernel collects bits of entropy from the environment. -When a sufficient number of random bits has been collected, the -entropy pool is considered to be initialized. -.SS Choice of random source -Unless you are doing long-term key generation (and most likely not even -then), you probably shouldn't be reading from the -.I /dev/random -device or employing -.BR getrandom (2) -with the -.B GRND_RANDOM -flag. -Instead, either read from the -.I /dev/urandom -device or employ -.BR getrandom (2) -without the -.B GRND_RANDOM -flag. -The cryptographic algorithms used for the -.I urandom -source are quite conservative, and so should be sufficient for all purposes. -.P -The disadvantage of -.B GRND_RANDOM -and reads from -.I /dev/random -is that the operation can block for an indefinite period of time. -Furthermore, dealing with the partially fulfilled -requests that can occur when using -.B GRND_RANDOM -or when reading from -.I /dev/random -increases code complexity. -.\" -.SS Monte Carlo and other probabilistic sampling applications -Using these interfaces to provide large quantities of data for -Monte Carlo simulations or other programs/algorithms which are -doing probabilistic sampling will be slow. -Furthermore, it is unnecessary, because such applications do not -need cryptographically secure random numbers. -Instead, use the interfaces described in this page to obtain -a small amount of data to seed a user-space pseudorandom -number generator for use by such applications. -.\" -.SS Comparison between getrandom, /dev/urandom, and /dev/random -The following table summarizes the behavior of the various -interfaces that can be used to obtain randomness. -.B GRND_NONBLOCK -is a flag that can be used to control the blocking behavior of -.BR getrandom (2). -The final column of the table considers the case that can occur -in early boot time when the entropy pool is not yet initialized. -.ad l -.TS -allbox; -lbw13 lbw12 lbw14 lbw18 -l l l l. -Interface Pool T{ -Blocking -\%behavior -T} T{ -Behavior when pool is not yet ready -T} -T{ -.I /dev/random -T} T{ -Blocking pool -T} T{ -If entropy too low, blocks until there is enough entropy again -T} T{ -Blocks until enough entropy gathered -T} -T{ -.I /dev/urandom -T} T{ -CSPRNG output -T} T{ -Never blocks -T} T{ -Returns output from uninitialized CSPRNG (may be low entropy and unsuitable for cryptography) -T} -T{ -.BR getrandom () -T} T{ -Same as -.I /dev/urandom -T} T{ -Does not block once is pool ready -T} T{ -Blocks until pool ready -T} -T{ -.BR getrandom () -.B GRND_RANDOM -T} T{ -Same as -.I /dev/random -T} T{ -If entropy too low, blocks until there is enough entropy again -T} T{ -Blocks until pool ready -T} -T{ -.BR getrandom () -.B GRND_NONBLOCK -T} T{ -Same as -.I /dev/urandom -T} T{ -Does not block once is pool ready -T} T{ -.B EAGAIN -T} -T{ -.BR getrandom () -.B GRND_RANDOM -+ -.B GRND_NONBLOCK -T} T{ -Same as -.I /dev/random -T} T{ -.B EAGAIN -if not enough entropy available -T} T{ -.B EAGAIN -T} -.TE -.ad -.\" -.SS Generating cryptographic keys -The amount of seed material required to generate a cryptographic key -equals the effective key size of the key. -For example, a 3072-bit RSA -or Diffie-Hellman private key has an effective key size of 128 bits -(it requires about 2\[ha]128 operations to break) so a key generator -needs only 128 bits (16 bytes) of seed material from -.IR /dev/random . -.P -While some safety margin above that minimum is reasonable, as a guard -against flaws in the CSPRNG algorithm, no cryptographic primitive -available today can hope to promise more than 256 bits of security, -so if any program reads more than 256 bits (32 bytes) from the kernel -random pool per invocation, or per reasonable reseed interval (not less -than one minute), that should be taken as a sign that its cryptography is -.I not -skillfully implemented. -.\" -.SH SEE ALSO -.BR getrandom (2), -.BR getauxval (3), -.BR getentropy (3), -.BR random (4), -.BR urandom (4), -.BR signal (7) diff --git a/man7/raw.7 b/man7/raw.7 deleted file mode 100644 index 65cdbe0..0000000 --- a/man7/raw.7 +++ /dev/null @@ -1,281 +0,0 @@ -'\" t -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" -.\" $Id: raw.7,v 1.6 1999/06/05 10:32:08 freitag Exp $ -.\" -.TH raw 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -raw \- Linux IPv4 raw sockets -.SH SYNOPSIS -.nf -.B #include -.B #include -.BI "raw_socket = socket(AF_INET, SOCK_RAW, int " protocol ); -.fi -.SH DESCRIPTION -Raw sockets allow new IPv4 protocols to be implemented in user space. -A raw socket receives or sends the raw datagram not -including link level headers. -.P -The IPv4 layer generates an IP header when sending a packet unless the -.B IP_HDRINCL -socket option is enabled on the socket. -When it is enabled, the packet must contain an IP header. -For receiving, the IP header is always included in the packet. -.P -In order to create a raw socket, a process must have the -.B CAP_NET_RAW -capability in the user namespace that governs its network namespace. -.P -All packets or errors matching the -.I protocol -number specified -for the raw socket are passed to this socket. -For a list of the allowed protocols, -see the IANA list of assigned protocol numbers at -.UR http://www.iana.org/assignments/protocol\-numbers/ -.UE -and -.BR getprotobyname (3). -.P -A protocol of -.B IPPROTO_RAW -implies enabled -.B IP_HDRINCL -and is able to send any IP protocol that is specified in the passed -header. -Receiving of all IP protocols via -.B IPPROTO_RAW -is not possible using raw sockets. -.RS -.TS -tab(:) allbox; -c s -l l. -IP Header fields modified on sending by \fBIP_HDRINCL\fP -IP Checksum:Always filled in -Source Address:Filled in when zero -Packet ID:Filled in when zero -Total Length:Always filled in -.TE -.RE -.P -If -.B IP_HDRINCL -is specified and the IP header has a nonzero destination address, then -the destination address of the socket is used to route the packet. -When -.B MSG_DONTROUTE -is specified, the destination address should refer to a local interface, -otherwise a routing table lookup is done anyway but gatewayed routes -are ignored. -.P -If -.B IP_HDRINCL -isn't set, then IP header options can be set on raw sockets with -.BR setsockopt (2); -see -.BR ip (7) -for more information. -.P -Starting with Linux 2.2, all IP header fields and options can be set using -IP socket options. -This means raw sockets are usually needed only for new -protocols or protocols with no user interface (like ICMP). -.P -When a packet is received, it is passed to any raw sockets which have -been bound to its protocol before it is passed to other protocol handlers -(e.g., kernel protocol modules). -.SS Address format -For sending and receiving datagrams -.RB ( sendto (2), -.BR recvfrom (2), -and similar), -raw sockets use the standard -.I sockaddr_in -address structure defined in -.BR ip (7). -The -.I sin_port -field could be used to specify the IP protocol number, -but it is ignored for sending in Linux 2.2 and later, and should be always -set to 0 (see BUGS). -For incoming packets, -.I sin_port -.\" commit f59fc7f30b710d45aadf715460b3e60dbe9d3418 -is set to zero. -.SS Socket options -Raw socket options can be set with -.BR setsockopt (2) -and read with -.BR getsockopt (2) -by passing the -.B IPPROTO_RAW -.\" Or SOL_RAW on Linux -family flag. -.TP -.B ICMP_FILTER -Enable a special filter for raw sockets bound to the -.B IPPROTO_ICMP -protocol. -The value has a bit set for each ICMP message type which -should be filtered out. -The default is to filter no ICMP messages. -.P -In addition, all -.BR ip (7) -.B IPPROTO_IP -socket options valid for datagram sockets are supported. -.SS Error handling -Errors originating from the network are passed to the user only when the -socket is connected or the -.B IP_RECVERR -flag is enabled. -For connected sockets, only -.B EMSGSIZE -and -.B EPROTO -are passed for compatibility. -With -.BR IP_RECVERR , -all network errors are saved in the error queue. -.SH ERRORS -.TP -.B EACCES -User tried to send to a broadcast address without having the -broadcast flag set on the socket. -.TP -.B EFAULT -An invalid memory address was supplied. -.TP -.B EINVAL -Invalid argument. -.TP -.B EMSGSIZE -Packet too big. -Either Path MTU Discovery is enabled (the -.B IP_MTU_DISCOVER -socket flag) or the packet size exceeds the maximum allowed IPv4 -packet size of 64\ kB. -.TP -.B EOPNOTSUPP -Invalid flag has been passed to a socket call (like -.BR MSG_OOB ). -.TP -.B EPERM -The user doesn't have permission to open raw sockets. -Only processes with an effective user ID of 0 or the -.B CAP_NET_RAW -attribute may do that. -.TP -.B EPROTO -An ICMP error has arrived reporting a parameter problem. -.SH VERSIONS -.B IP_RECVERR -and -.B ICMP_FILTER -are new in Linux 2.2. -They are Linux extensions and should not be used in portable programs. -.P -Linux 2.0 enabled some bug-to-bug compatibility with BSD in the -raw socket code when the -.B SO_BSDCOMPAT -socket option was set; since Linux 2.2, -this option no longer has that effect. -.SH NOTES -By default, raw sockets do path MTU (Maximum Transmission Unit) discovery. -This means the kernel -will keep track of the MTU to a specific target IP address and return -.B EMSGSIZE -when a raw packet write exceeds it. -When this happens, the application should decrease the packet size. -Path MTU discovery can be also turned off using the -.B IP_MTU_DISCOVER -socket option or the -.I /proc/sys/net/ipv4/ip_no_pmtu_disc -file, see -.BR ip (7) -for details. -When turned off, raw sockets will fragment outgoing packets -that exceed the interface MTU. -However, disabling it is not recommended -for performance and reliability reasons. -.P -A raw socket can be bound to a specific local address using the -.BR bind (2) -call. -If it isn't bound, all packets with the specified IP protocol are received. -In addition, a raw socket can be bound to a specific network device using -.BR SO_BINDTODEVICE ; -see -.BR socket (7). -.P -An -.B IPPROTO_RAW -socket is send only. -If you really want to receive all IP packets, use a -.BR packet (7) -socket with the -.B ETH_P_IP -protocol. -Note that packet sockets don't reassemble IP fragments, -unlike raw sockets. -.P -If you want to receive all ICMP packets for a datagram socket, -it is often better to use -.B IP_RECVERR -on that particular socket; see -.BR ip (7). -.P -Raw sockets may tap all IP protocols in Linux, even -protocols like ICMP or TCP which have a protocol module in the kernel. -In this case, the packets are passed to both the kernel module and the raw -socket(s). -This should not be relied upon in portable programs, many other BSD -socket implementation have limitations here. -.P -Linux never changes headers passed from the user (except for filling -in some zeroed fields as described for -.BR IP_HDRINCL ). -This differs from many other implementations of raw sockets. -.P -Raw sockets are generally rather unportable and should be avoided in -programs intended to be portable. -.P -Sending on raw sockets should take the IP protocol from -.IR sin_port ; -this ability was lost in Linux 2.2. -The workaround is to use -.BR IP_HDRINCL . -.SH BUGS -Transparent proxy extensions are not described. -.P -When the -.B IP_HDRINCL -option is set, datagrams will not be fragmented and are limited to -the interface MTU. -.P -Setting the IP protocol for sending in -.I sin_port -got lost in Linux 2.2. -The protocol that the socket was bound to or that -was specified in the initial -.BR socket (2) -call is always used. -.\" .SH AUTHORS -.\" This man page was written by Andi Kleen. -.SH SEE ALSO -.BR recvmsg (2), -.BR sendmsg (2), -.BR capabilities (7), -.BR ip (7), -.BR socket (7) -.P -.B RFC\ 1191 -for path MTU discovery. -.B RFC\ 791 -and the -.I -header file for the IP protocol. diff --git a/man7/regex.7 b/man7/regex.7 deleted file mode 100644 index ad63573..0000000 --- a/man7/regex.7 +++ /dev/null @@ -1,293 +0,0 @@ -'\" t -.\" From Henry Spencer's regex package (as found in the apache -.\" distribution). The package carries the following copyright: -.\" -.\" Copyright 1992, 1993, 1994 Henry Spencer. All rights reserved. -.\" %%%LICENSE_START(MISC) -.\" This software is not subject to any license of the American Telephone -.\" and Telegraph Company or of the Regents of the University of California. -.\" -.\" Permission is granted to anyone to use this software for any purpose -.\" on any computer system, and to alter it and redistribute it, subject -.\" to the following restrictions: -.\" -.\" 1. The author is not responsible for the consequences of use of this -.\" software, no matter how awful, even if they arise from flaws in it. -.\" -.\" 2. The origin of this software must not be misrepresented, either by -.\" explicit claim or by omission. Since few users ever read sources, -.\" credits must appear in the documentation. -.\" -.\" 3. Altered versions must be plainly marked as such, and must not be -.\" misrepresented as being the original software. Since few users -.\" ever read sources, credits must appear in the documentation. -.\" -.\" 4. This notice may not be removed or altered. -.\" %%%LICENSE_END -.\" -.\" In order to comply with `credits must appear in the documentation' -.\" I added an AUTHOR paragraph below - aeb. -.\" -.\" In the default nroff environment there is no dagger \(dg. -.\" -.\" 2005-05-11 Removed discussion of `[[:<:]]' and `[[:>:]]', which -.\" appear not to be in the glibc implementation of regcomp -.\" -.ie t .ds dg \(dg -.el .ds dg (!) -.TH regex 7 2023-11-01 "Linux man-pages 6.7" -.SH NAME -regex \- POSIX.2 regular expressions -.SH DESCRIPTION -Regular expressions ("RE"s), -as defined in POSIX.2, come in two forms: -modern REs (roughly those of -.BR egrep (1); -POSIX.2 calls these "extended" REs) -and obsolete REs (roughly those of -.BR ed (1); -POSIX.2 "basic" REs). -Obsolete REs mostly exist for backward compatibility in some old programs; -they will be discussed at the end. -POSIX.2 leaves some aspects of RE syntax and semantics open; -"\*(dg" marks decisions on these aspects that -may not be fully portable to other POSIX.2 implementations. -.P -A (modern) RE is one\*(dg or more nonempty\*(dg \fIbranches\fR, -separated by \[aq]|\[aq]. -It matches anything that matches one of the branches. -.P -A branch is one\*(dg or more \fIpieces\fR, concatenated. -It matches a match for the first, followed by a match for the second, -and so on. -.P -A piece is an \fIatom\fR possibly followed -by a single\*(dg \[aq]*\[aq], \[aq]+\[aq], \[aq]?\[aq], or \fIbound\fR. -An atom followed by \[aq]*\[aq] -matches a sequence of 0 or more matches of the atom. -An atom followed by \[aq]+\[aq] -matches a sequence of 1 or more matches of the atom. -An atom followed by \[aq]?\[aq] -matches a sequence of 0 or 1 matches of the atom. -.P -A \fIbound\fR is \[aq]{\[aq] followed by an unsigned decimal integer, -possibly followed by \[aq],\[aq] -possibly followed by another unsigned decimal integer, -always followed by \[aq]}\[aq]. -The integers must lie between 0 and -.B RE_DUP_MAX -(255\*(dg) inclusive, -and if there are two of them, the first may not exceed the second. -An atom followed by a bound containing one integer \fIi\fR -and no comma matches -a sequence of exactly \fIi\fR matches of the atom. -An atom followed by a bound -containing one integer \fIi\fR and a comma matches -a sequence of \fIi\fR or more matches of the atom. -An atom followed by a bound -containing two integers \fIi\fR and \fIj\fR matches -a sequence of \fIi\fR through \fIj\fR (inclusive) matches of the atom. -.P -An atom is a regular expression enclosed in "\fI()\fP" -(matching a match for the regular expression), -an empty set of "\fI()\fP" (matching the null string)\*(dg, -a \fIbracket expression\fR (see below), -\[aq].\[aq] (matching any single character), -\[aq]\[ha]\[aq] (matching the null string at the beginning of a line), -\[aq]$\[aq] (matching the null string at the end of a line), -a \[aq]\e\[aq] followed by one of the characters "\fI\[ha].[$()|*+?{\e\fP" -(matching that character taken as an ordinary character), -a \[aq]\e\[aq] followed by any other character\*(dg -(matching that character taken as an ordinary character, -as if the \[aq]\e\[aq] had not been present\*(dg), -or a single character with no other significance (matching that character). -A \[aq]{\[aq] followed by a character other than a digit -is an ordinary character, -not the beginning of a bound\*(dg. -It is illegal to end an RE with \[aq]\e\[aq]. -.P -A \fIbracket expression\fR is a list of characters enclosed in "\fI[]\fP". -It normally matches any single character from the list (but see below). -If the list begins with \[aq]\[ha]\[aq], -it matches any single character -(but see below) \fInot\fR from the rest of the list. -If two characters in the list are separated by \[aq]\-\[aq], this is shorthand -for the full \fIrange\fR of characters between those two (inclusive) in the -collating sequence, -for example, "\fI[0\-9]\fP" in ASCII matches any decimal digit. -It is illegal\*(dg for two ranges to share an -endpoint, for example, "\fIa\-c\-e\fP". -Ranges are very collating-sequence-dependent, -and portable programs should avoid relying on them. -.P -To include a literal \[aq]]\[aq] in the list, make it the first character -(following a possible \[aq]\[ha]\[aq]). -To include a literal \[aq]\-\[aq], make it the first or last character, -or the second endpoint of a range. -To use a literal \[aq]\-\[aq] as the first endpoint of a range, -enclose it in "\fI[.\fP" and "\fI.]\fP" -to make it a collating element (see below). -With the exception of these and some combinations using \[aq][\[aq] (see next -paragraphs), all other special characters, including \[aq]\e\[aq], lose their -special significance within a bracket expression. -.P -Within a bracket expression, a collating element (a character, -a multicharacter sequence that collates as if it were a single character, -or a collating-sequence name for either) -enclosed in "\fI[.\fP" and "\fI.]\fP" stands for the -sequence of characters of that collating element. -The sequence is a single element of the bracket expression's list. -A bracket expression containing a multicharacter collating element -can thus match more than one character, -for example, if the collating sequence includes a "ch" collating element, -then the RE "\fI[[.ch.]]*c\fP" matches the first five characters -of "chchcc". -.P -Within a bracket expression, a collating element enclosed in "\fI[=\fP" and -"\fI=]\fP" is an equivalence class, standing for the sequences of characters -of all collating elements equivalent to that one, including itself. -(If there are no other equivalent collating elements, -the treatment is as if the enclosing delimiters -were "\fI[.\fP" and "\fI.]\fP".) -For example, if o and \(^o are the members of an equivalence class, -then "\fI[[=o=]]\fP", "\fI[[=\(^o=]]\fP", -and "\fI[o\(^o]\fP" are all synonymous. -An equivalence class may not\*(dg be an endpoint -of a range. -.P -Within a bracket expression, the name of a \fIcharacter class\fR enclosed -in "\fI[:\fP" and "\fI:]\fP" stands for the list -of all characters belonging to that -class. -Standard character class names are: -.P -.RS -.TS -l l l. -alnum digit punct -alpha graph space -blank lower upper -cntrl print xdigit -.TE -.RE -.P -These stand for the character classes defined in -.BR wctype (3). -A locale may provide others. -A character class may not be used as an endpoint of a range. -.\" As per http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295666 -.\" The following does not seem to apply in the glibc implementation -.\" .P -.\" There are two special cases\*(dg of bracket expressions: -.\" the bracket expressions "\fI[[:<:]]\fP" and "\fI[[:>:]]\fP" match -.\" the null string at the beginning and end of a word respectively. -.\" A word is defined as a sequence of -.\" word characters -.\" which is neither preceded nor followed by -.\" word characters. -.\" A word character is an -.\" .I alnum -.\" character (as defined by -.\" .BR wctype (3)) -.\" or an underscore. -.\" This is an extension, -.\" compatible with but not specified by POSIX.2, -.\" and should be used with -.\" caution in software intended to be portable to other systems. -.P -In the event that an RE could match more than one substring of a given -string, -the RE matches the one starting earliest in the string. -If the RE could match more than one substring starting at that point, -it matches the longest. -Subexpressions also match the longest possible substrings, subject to -the constraint that the whole match be as long as possible, -with subexpressions starting earlier in the RE taking priority over -ones starting later. -Note that higher-level subexpressions thus take priority over -their lower-level component subexpressions. -.P -Match lengths are measured in characters, not collating elements. -A null string is considered longer than no match at all. -For example, -"\fIbb*\fP" matches the three middle characters of "abbbc", -"\fI(wee|week)(knights|nights)\fP" -matches all ten characters of "weeknights", -when "\fI(.*).*\fP" is matched against "abc" the parenthesized subexpression -matches all three characters, and -when "\fI(a*)*\fP" is matched against "bc" -both the whole RE and the parenthesized -subexpression match the null string. -.P -If case-independent matching is specified, -the effect is much as if all case distinctions had vanished from the -alphabet. -When an alphabetic that exists in multiple cases appears as an -ordinary character outside a bracket expression, it is effectively -transformed into a bracket expression containing both cases, -for example, \[aq]x\[aq] becomes "\fI[xX]\fP". -When it appears inside a bracket expression, all case counterparts -of it are added to the bracket expression, so that, for example, "\fI[x]\fP" -becomes "\fI[xX]\fP" and "\fI[\[ha]x]\fP" becomes "\fI[\[ha]xX]\fP". -.P -No particular limit is imposed on the length of REs\*(dg. -Programs intended to be portable should not employ REs longer -than 256 bytes, -as an implementation can refuse to accept such REs and remain -POSIX-compliant. -.P -Obsolete ("basic") regular expressions differ in several respects. -\[aq]|\[aq], \[aq]+\[aq], and \[aq]?\[aq] are -ordinary characters and there is no equivalent -for their functionality. -The delimiters for bounds are "\fI\e{\fP" and "\fI\e}\fP", -with \[aq]{\[aq] and \[aq]}\[aq] by themselves ordinary characters. -The parentheses for nested subexpressions are "\fI\e(\fP" and "\fI\e)\fP", -with \[aq](\[aq] and \[aq])\[aq] by themselves ordinary characters. -\[aq]\[ha]\[aq] is an ordinary character except at the beginning of the -RE or\*(dg the beginning of a parenthesized subexpression, -\[aq]$\[aq] is an ordinary character except at the end of the -RE or\*(dg the end of a parenthesized subexpression, -and \[aq]*\[aq] is an ordinary character if it appears at the beginning of the -RE or the beginning of a parenthesized subexpression -(after a possible leading \[aq]\[ha]\[aq]). -.P -Finally, there is one new type of atom, a \fIback reference\fR: -\[aq]\e\[aq] followed by a nonzero decimal digit \fId\fR -matches the same sequence of characters -matched by the \fId\fRth parenthesized subexpression -(numbering subexpressions by the positions of their opening parentheses, -left to right), -so that, for example, "\fI\e([bc]\e)\e1\fP" matches "bb" or "cc" but not "bc". -.SH BUGS -Having two kinds of REs is a botch. -.P -The current POSIX.2 spec says that \[aq])\[aq] is an ordinary character in -the absence of an unmatched \[aq](\[aq]; -this was an unintentional result of a wording error, -and change is likely. -Avoid relying on it. -.P -Back references are a dreadful botch, -posing major problems for efficient implementations. -They are also somewhat vaguely defined -(does -"\fIa\e(\e(b\e)*\e2\e)*d\fP" match "abbbd"?). -Avoid using them. -.P -POSIX.2's specification of case-independent matching is vague. -The "one case implies all cases" definition given above -is current consensus among implementors as to the right interpretation. -.\" As per http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295666 -.\" The following does not seem to apply in the glibc implementation -.\" .P -.\" The syntax for word boundaries is incredibly ugly. -.SH AUTHOR -.\" Sigh... The page license means we must have the author's name -.\" in the formatted output. -This page was taken from Henry Spencer's regex package. -.SH SEE ALSO -.BR grep (1), -.BR regex (3) -.P -POSIX.2, section 2.8 (Regular Expression Notation). diff --git a/man7/rtld-audit.7 b/man7/rtld-audit.7 deleted file mode 100644 index 67678b4..0000000 --- a/man7/rtld-audit.7 +++ /dev/null @@ -1,606 +0,0 @@ -.\" Copyright (c) 2009 Linux Foundation, written by Michael Kerrisk -.\" -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" 2009-01-12, mtk, Created -.\" -.TH RTLD-AUDIT 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -rtld\-audit \- auditing API for the dynamic linker -.SH SYNOPSIS -.nf -.BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */" -.B #include -.fi -.SH DESCRIPTION -The GNU dynamic linker (run-time linker) -provides an auditing API that allows an application -to be notified when various dynamic linking events occur. -This API is very similar to the auditing interface provided by the -Solaris run-time linker. -The necessary constants and prototypes are defined by including -.IR . -.P -To use this interface, the programmer creates a shared library -that implements a standard set of function names. -Not all of the functions need to be implemented: in most cases, -if the programmer is not interested in a particular class of auditing event, -then no implementation needs to be provided for the corresponding -auditing function. -.P -To employ the auditing interface, the environment variable -.B LD_AUDIT -must be defined to contain a colon-separated list of shared libraries, -each of which can implement (parts of) the auditing API. -When an auditable event occurs, -the corresponding function is invoked in each library, -in the order that the libraries are listed. -.SS la_version() -\& -.nf -.BI "unsigned int la_version(unsigned int " version ); -.fi -.P -This is the only function that -.I must -be defined by an auditing library: -it performs the initial handshake between the dynamic linker and -the auditing library. -When invoking this function, the dynamic linker passes, in -.IR version , -the highest version of the auditing interface that the linker supports. -.P -A typical implementation of this function simply returns the constant -.BR LAV_CURRENT , -which indicates the version of -.I -that was used to build the audit module. -If the dynamic linker does -not support this version of the audit interface, it will refuse to -activate this audit module. -If the function returns zero, the dynamic -linker also does not activate this audit module. -.P -In order to enable backwards compatibility with older dynamic linkers, -an audit module can examine the -.I version -argument and return an earlier version than -.BR LAV_CURRENT , -assuming the module can adjust its implementation to match the -requirements of the previous version of the audit interface. -The -.B la_version -function should not return the value of -.I version -without further checks because it could correspond to an interface -that does not match the -.I -definitions used to build the audit module. -.SS la_objsearch() -\& -.nf -.BI "char *la_objsearch(const char *" name ", uintptr_t *" cookie , -.BI " unsigned int " flag ); -.fi -.P -The dynamic linker invokes this function to inform the auditing library -that it is about to search for a shared object. -The -.I name -argument is the filename or pathname that is to be searched for. -.I cookie -identifies the shared object that initiated the search. -.I flag -is set to one of the following values: -.TP 17 -.B LA_SER_ORIG -This is the original name that is being searched for. -Typically, this name comes from an ELF -.B DT_NEEDED -entry, or is the -.I filename -argument given to -.BR dlopen (3). -.TP -.B LA_SER_LIBPATH -.I name -was created using a directory specified in -.BR LD_LIBRARY_PATH . -.TP -.B LA_SER_RUNPATH -.I name -was created using a directory specified in an ELF -.B DT_RPATH -or -.B DT_RUNPATH -list. -.TP -.B LA_SER_CONFIG -.I name -was found via the -.BR ldconfig (8) -cache -.RI ( /etc/ld.so.cache ). -.TP -.B LA_SER_DEFAULT -.I name -was found via a search of one of the default directories. -.TP -.B LA_SER_SECURE -.I name -is specific to a secure object (unused on Linux). -.P -As its function result, -.BR la_objsearch () -returns the pathname that the dynamic linker should use -for further processing. -If NULL is returned, then this pathname is ignored for further processing. -If this audit library simply intends to monitor search paths, then -.I name -should be returned. -.SS la_activity() -\& -.nf -.BI "void la_activity( uintptr_t *" cookie ", unsigned int "flag ); -.fi -.P -The dynamic linker calls this function to inform the auditing library -that link-map activity is occurring. -.I cookie -identifies the object at the head of the link map. -When the dynamic linker invokes this function, -.I flag -is set to one of the following values: -.TP 19 -.B LA_ACT_ADD -New objects are being added to the link map. -.TP -.B LA_ACT_DELETE -Objects are being removed from the link map. -.TP -.B LA_ACT_CONSISTENT -Link-map activity has been completed: the map is once again consistent. -.SS la_objopen() -\& -.nf -.BI "unsigned int la_objopen(struct link_map *" map ", Lmid_t " lmid , -.BI " uintptr_t *" cookie ); -.fi -.P -The dynamic linker calls this function when a new shared object is loaded. -The -.I map -argument is a pointer to a link-map structure that describes the object. -The -.I lmid -field has one of the following values -.TP 17 -.B LM_ID_BASE -Link map is part of the initial namespace. -.TP -.B LM_ID_NEWLM -Link map is part of a new namespace requested via -.BR dlmopen (3). -.P -.I cookie -is a pointer to an identifier for this object. -The identifier is provided to later calls to functions -in the auditing library in order to identify this object. -This identifier is initialized to point to object's link map, -but the audit library can change the identifier to some other value -that it may prefer to use to identify the object. -.P -As its return value, -.BR la_objopen () -returns a bit mask created by ORing zero or more of the -following constants, -which allow the auditing library to select the objects to be monitored by -.BR la_symbind* (): -.TP 17 -.B LA_FLG_BINDTO -Audit symbol bindings to this object. -.TP -.B LA_FLG_BINDFROM -Audit symbol bindings from this object. -.P -A return value of 0 from -.BR la_objopen () -indicates that no symbol bindings should be audited for this object. -.SS la_objclose() -\& -.nf -.BI "unsigned int la_objclose(uintptr_t *" cookie ); -.fi -.P -The dynamic linker invokes this function after any finalization -code for the object has been executed, -before the object is unloaded. -The -.I cookie -argument is the identifier obtained from a previous invocation of -.BR la_objopen (). -.P -In the current implementation, the value returned by -.BR la_objclose () -is ignored. -.SS la_preinit() -\& -.nf -.BI "void la_preinit(uintptr_t *" cookie ); -.fi -.P -The dynamic linker invokes this function after all shared objects -have been loaded, before control is passed to the application -(i.e., before calling -.IR main ()). -Note that -.IR main () -may still later dynamically load objects using -.BR dlopen (3). -.SS la_symbind*() -\& -.nf -.BI "uintptr_t la_symbind32(Elf32_Sym *" sym ", unsigned int " ndx , -.BI " uintptr_t *" refcook ", uintptr_t *" defcook , -.BI " unsigned int *" flags ", const char *" symname ); -.BI "uintptr_t la_symbind64(Elf64_Sym *" sym ", unsigned int " ndx , -.BI " uintptr_t *" refcook ", uintptr_t *" defcook , -.BI " unsigned int *" flags ", const char *" symname ); -.fi -.P -The dynamic linker invokes one of these functions -when a symbol binding occurs between two shared objects -that have been marked for auditing notification by -.BR la_objopen (). -The -.BR la_symbind32 () -function is employed on 32-bit platforms; -the -.BR la_symbind64 () -function is employed on 64-bit platforms. -.P -The -.I sym -argument is a pointer to a structure -that provides information about the symbol being bound. -The structure definition is shown in -.IR . -Among the fields of this structure, -.I st_value -indicates the address to which the symbol is bound. -.P -The -.I ndx -argument gives the index of the symbol in the symbol table -of the bound shared object. -.P -The -.I refcook -argument identifies the shared object that is making the symbol reference; -this is the same identifier that is provided to the -.BR la_objopen () -function that returned -.BR LA_FLG_BINDFROM . -The -.I defcook -argument identifies the shared object that defines the referenced symbol; -this is the same identifier that is provided to the -.BR la_objopen () -function that returned -.BR LA_FLG_BINDTO . -.P -The -.I symname -argument points a string containing the name of the symbol. -.P -The -.I flags -argument is a bit mask that both provides information about the symbol -and can be used to modify further auditing of this -PLT (Procedure Linkage Table) entry. -The dynamic linker may supply the following bit values in this argument: -.\" LA_SYMB_STRUCTCALL appears to be unused -.TP 22 -.B LA_SYMB_DLSYM -The binding resulted from a call to -.BR dlsym (3). -.TP -.B LA_SYMB_ALTVALUE -A previous -.BR la_symbind* () -call returned an alternate value for this symbol. -.P -By default, if the auditing library implements -.BR la_pltenter () -and -.BR la_pltexit () -functions (see below), then these functions are invoked, after -.BR la_symbind (), -for PLT entries, each time the symbol is referenced. -.\" pltenter/pltexit are called for non-dynamically loaded libraries, -.\" but don't seem to be called for dynamically loaded libs? -.\" Is this the same on Solaris? -The following flags can be ORed into -.I *flags -to change this default behavior: -.TP 22 -.B LA_SYMB_NOPLTENTER -Don't call -.BR la_pltenter () -for this symbol. -.TP 22 -.B LA_SYMB_NOPLTEXIT -Don't call -.BR la_pltexit () -for this symbol. -.P -The return value of -.BR la_symbind32 () -and -.BR la_symbind64 () -is the address to which control should be passed after the function returns. -If the auditing library is simply monitoring symbol bindings, -then it should return -.IR sym\->st_value . -A different value may be returned if the library wishes to direct control -to an alternate location. -.SS la_pltenter() -The precise name and argument types for this function -depend on the hardware platform. -(The appropriate definition is supplied by -.IR .) -Here is the definition for x86-32: -.P -.nf -.BI "Elf32_Addr la_i86_gnu_pltenter(Elf32_Sym *" sym ", unsigned int " ndx , -.BI " uintptr_t *" refcook ", uintptr_t *" defcook , -.BI " La_i86_regs *" regs ", unsigned int *" flags , -.BI " const char *" symname ", long *" framesizep ); -.fi -.P -This function is invoked just before a PLT entry is called, -between two shared objects that have been marked for binding notification. -.P -The -.IR sym , -.IR ndx , -.IR refcook , -.IR defcook , -and -.I symname -are as for -.BR la_symbind* (). -.P -The -.I regs -argument points to a structure (defined in -.IR ) -containing the values of registers to be used for -the call to this PLT entry. -.P -The -.I flags -argument points to a bit mask that conveys information about, -and can be used to modify subsequent auditing of, this PLT entry, as for -.BR la_symbind* (). -.P -.\" FIXME . Is the following correct? -The -.I framesizep -argument points to a -.I long\~int -buffer that can be used to explicitly set the frame size -used for the call to this PLT entry. -If different -.BR la_pltenter () -invocations for this symbol return different values, -then the maximum returned value is used. -The -.BR la_pltexit () -function is called only if this buffer is -explicitly set to a suitable value. -.P -The return value of -.BR la_pltenter () -is as for -.BR la_symbind* (). -.SS la_pltexit() -The precise name and argument types for this function -depend on the hardware platform. -(The appropriate definition is supplied by -.IR .) -Here is the definition for x86-32: -.P -.nf -.BI "unsigned int la_i86_gnu_pltexit(Elf32_Sym *" sym ", unsigned int " ndx , -.BI " uintptr_t *" refcook ", uintptr_t *" defcook , -.BI " const La_i86_regs *" inregs ", La_i86_retval *" outregs , -.BI " const char *" symname ); -.fi -.P -This function is called when a PLT entry, -made between two shared objects that have been marked -for binding notification, returns. -The function is called just before control returns to the caller -of the PLT entry. -.P -The -.IR sym , -.IR ndx , -.IR refcook , -.IR defcook , -and -.I symname -are as for -.BR la_symbind* (). -.P -The -.I inregs -argument points to a structure (defined in -.IR ) -containing the values of registers used for the call to this PLT entry. -The -.I outregs -argument points to a structure (defined in -.IR ) -containing return values for the call to this PLT entry. -These values can be modified by the caller, -and the changes will be visible to the caller of the PLT entry. -.P -In the current GNU implementation, the return value of -.BR la_pltexit () -is ignored. -.\" This differs from Solaris, where an audit library that monitors -.\" symbol binding should return the value of the 'retval' argument -.\" (not provided by GNU, but equivalent to returning outregs->lrv_eax -.\" on (say) x86-32). -.SH VERSIONS -This API is very similar to the Solaris API -described in the Solaris -.IR "Linker and Libraries Guide" , -in the chapter -.IR "Runtime Linker Auditing Interface" . -.SH STANDARDS -None. -.SH NOTES -Note the following differences from the Solaris dynamic linker -auditing API: -.IP \[bu] 3 -The Solaris -.BR la_objfilter () -interface is not supported by the GNU implementation. -.IP \[bu] -The Solaris -.BR la_symbind32 () -and -.BR la_pltexit () -functions do not provide a -.I symname -argument. -.IP \[bu] -The Solaris -.BR la_pltexit () -function does not provide -.I inregs -and -.I outregs -arguments (but does provide a -.I retval -argument with the function return value). -.SH BUGS -In glibc versions up to and include 2.9, -specifying more than one audit library in -.B LD_AUDIT -results in a run-time crash. -This is reportedly fixed in glibc 2.10. -.\" FIXME . Specifying multiple audit libraries doesn't work on GNU. -.\" My simple tests on Solaris work okay, but not on Linux -- mtk, Jan 2009 -.\" glibc bug filed: http://sourceware.org/bugzilla/show_bug.cgi?id=9733 -.\" Reportedly, this is fixed on 16 Mar 2009 (i.e., for glibc 2.10) -.SH EXAMPLES -.EX -#include -#include -\& -unsigned int -la_version(unsigned int version) -{ - printf("la_version(): version = %u; LAV_CURRENT = %u\en", - version, LAV_CURRENT); -\& - return LAV_CURRENT; -} -\& -char * -la_objsearch(const char *name, uintptr_t *cookie, unsigned int flag) -{ - printf("la_objsearch(): name = %s; cookie = %p", name, cookie); - printf("; flag = %s\en", - (flag == LA_SER_ORIG) ? "LA_SER_ORIG" : - (flag == LA_SER_LIBPATH) ? "LA_SER_LIBPATH" : - (flag == LA_SER_RUNPATH) ? "LA_SER_RUNPATH" : - (flag == LA_SER_DEFAULT) ? "LA_SER_DEFAULT" : - (flag == LA_SER_CONFIG) ? "LA_SER_CONFIG" : - (flag == LA_SER_SECURE) ? "LA_SER_SECURE" : - "???"); -\& - return name; -} -\& -void -la_activity (uintptr_t *cookie, unsigned int flag) -{ - printf("la_activity(): cookie = %p; flag = %s\en", cookie, - (flag == LA_ACT_CONSISTENT) ? "LA_ACT_CONSISTENT" : - (flag == LA_ACT_ADD) ? "LA_ACT_ADD" : - (flag == LA_ACT_DELETE) ? "LA_ACT_DELETE" : - "???"); -} -\& -unsigned int -la_objopen(struct link_map *map, Lmid_t lmid, uintptr_t *cookie) -{ - printf("la_objopen(): loading \e"%s\e"; lmid = %s; cookie=%p\en", - map\->l_name, - (lmid == LM_ID_BASE) ? "LM_ID_BASE" : - (lmid == LM_ID_NEWLM) ? "LM_ID_NEWLM" : - "???", - cookie); -\& - return LA_FLG_BINDTO | LA_FLG_BINDFROM; -} -\& -unsigned int -la_objclose (uintptr_t *cookie) -{ - printf("la_objclose(): %p\en", cookie); -\& - return 0; -} -\& -void -la_preinit(uintptr_t *cookie) -{ - printf("la_preinit(): %p\en", cookie); -} -\& -uintptr_t -la_symbind32(Elf32_Sym *sym, unsigned int ndx, uintptr_t *refcook, - uintptr_t *defcook, unsigned int *flags, const char *symname) -{ - printf("la_symbind32(): symname = %s; sym\->st_value = %p\en", - symname, sym\->st_value); - printf(" ndx = %u; flags = %#x", ndx, *flags); - printf("; refcook = %p; defcook = %p\en", refcook, defcook); -\& - return sym\->st_value; -} -\& -uintptr_t -la_symbind64(Elf64_Sym *sym, unsigned int ndx, uintptr_t *refcook, - uintptr_t *defcook, unsigned int *flags, const char *symname) -{ - printf("la_symbind64(): symname = %s; sym\->st_value = %p\en", - symname, sym\->st_value); - printf(" ndx = %u; flags = %#x", ndx, *flags); - printf("; refcook = %p; defcook = %p\en", refcook, defcook); -\& - return sym\->st_value; -} -\& -Elf32_Addr -la_i86_gnu_pltenter(Elf32_Sym *sym, unsigned int ndx, - uintptr_t *refcook, uintptr_t *defcook, La_i86_regs *regs, - unsigned int *flags, const char *symname, long *framesizep) -{ - printf("la_i86_gnu_pltenter(): %s (%p)\en", symname, sym\->st_value); -\& - return sym\->st_value; -} -.EE -.SH SEE ALSO -.BR ldd (1), -.BR dlopen (3), -.BR ld.so (8), -.BR ldconfig (8) diff --git a/man7/rtnetlink.7 b/man7/rtnetlink.7 deleted file mode 100644 index 1ab355f..0000000 --- a/man7/rtnetlink.7 +++ /dev/null @@ -1,590 +0,0 @@ -'\" t -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" -.\" Based on the original comments from Alexey Kuznetsov, written with -.\" help from Matthew Wilcox. -.\" $Id: rtnetlink.7,v 1.8 2000/01/22 01:55:04 freitag Exp $ -.\" -.TH rtnetlink 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -rtnetlink \- Linux routing socket -.SH SYNOPSIS -.nf -.B #include -.B #include -.B #include -.B #include -.P -.BI "rtnetlink_socket = socket(AF_NETLINK, int " socket_type ", NETLINK_ROUTE);" -.fi -.SH DESCRIPTION -Rtnetlink allows the kernel's routing tables to be read and altered. -It is used within the kernel to communicate between -various subsystems, though this usage is not documented here, and for -communication with user-space programs. -Network routes, IP addresses, link parameters, neighbor setups, queueing -disciplines, traffic classes and packet classifiers may all be controlled -through -.B NETLINK_ROUTE -sockets. -It is based on netlink messages; see -.BR netlink (7) -for more information. -.\" FIXME . ? all these macros could be moved to rtnetlink(3) -.SS Routing attributes -Some rtnetlink messages have optional attributes after the initial header: -.P -.in +4n -.EX -struct rtattr { - unsigned short rta_len; /* Length of option */ - unsigned short rta_type; /* Type of option */ - /* Data follows */ -}; -.EE -.in -.P -These attributes should be manipulated using only the RTA_* macros -or libnetlink, see -.BR rtnetlink (3). -.SS Messages -Rtnetlink consists of these message types -(in addition to standard netlink messages): -.TP -.B RTM_NEWLINK -.TQ -.B RTM_DELLINK -.TQ -.B RTM_GETLINK -Create, remove, or get information about a specific network interface. -These messages contain an -.I ifinfomsg -structure followed by a series of -.I rtattr -structures. -.IP -.EX -struct ifinfomsg { - unsigned char ifi_family; /* AF_UNSPEC */ - unsigned short ifi_type; /* Device type */ - int ifi_index; /* Interface index */ - unsigned int ifi_flags; /* Device flags */ - unsigned int ifi_change; /* change mask */ -}; -.EE -.IP -.\" FIXME Document ifinfomsg.ifi_type -.I ifi_flags -contains the device flags, see -.BR netdevice (7); -.I ifi_index -is the unique interface index -(since Linux 3.7, it is possible to feed a nonzero value with the -.B RTM_NEWLINK -message, thus creating a link with the given -.IR ifindex ); -.I ifi_change -is reserved for future use and should be always set to 0xFFFFFFFF. -.TS -tab(:); -c s s -lb l l. -Routing attributes -rta_type:Value type:Description -_ -IFLA_UNSPEC:-:unspecified -IFLA_ADDRESS:hardware address:interface L2 address -IFLA_BROADCAST:hardware address:L2 broadcast address -IFLA_IFNAME:asciiz string:Device name -IFLA_MTU:unsigned int:MTU of the device -IFLA_LINK:int:Link type -IFLA_QDISC:asciiz string:Queueing discipline -IFLA_STATS:T{ -see below -T}:Interface Statistics -IFLA_PERM_ADDRESS:hardware address:T{ -hardware address provided by device (since Linux 5.5) -T} -.TE -.IP -The value type for -.B IFLA_STATS -is -.I struct rtnl_link_stats -.RI ( "struct net_device_stats" -in Linux 2.4 and earlier). -.TP -.B RTM_NEWADDR -.TQ -.B RTM_DELADDR -.TQ -.B RTM_GETADDR -Add, remove, or receive information about an IP address associated with -an interface. -In Linux 2.2, an interface can carry multiple IP addresses, -this replaces the alias device concept in Linux 2.0. -In Linux 2.2, these messages -support IPv4 and IPv6 addresses. -They contain an -.I ifaddrmsg -structure, optionally followed by -.I rtattr -routing attributes. -.IP -.EX -struct ifaddrmsg { - unsigned char ifa_family; /* Address type */ - unsigned char ifa_prefixlen; /* Prefixlength of address */ - unsigned char ifa_flags; /* Address flags */ - unsigned char ifa_scope; /* Address scope */ - unsigned int ifa_index; /* Interface index */ -}; -.EE -.IP -.I ifa_family -is the address family type (currently -.B AF_INET -or -.BR AF_INET6 ), -.I ifa_prefixlen -is the length of the address mask of the address if defined for the -family (like for IPv4), -.I ifa_scope -is the address scope, -.I ifa_index -is the interface index of the interface the address is associated with. -.I ifa_flags -is a flag word of -.B IFA_F_SECONDARY -for secondary address (old alias interface), -.B IFA_F_PERMANENT -for a permanent address set by the user and other undocumented flags. -.TS -tab(:); -c s s -lb l l. -Attributes -rta_type:Value type:Description -_ -IFA_UNSPEC:-:unspecified -IFA_ADDRESS:raw protocol address:interface address -IFA_LOCAL:raw protocol address:local address -IFA_LABEL:asciiz string:name of the interface -IFA_BROADCAST:raw protocol address:broadcast address -IFA_ANYCAST:raw protocol address:anycast address -IFA_CACHEINFO:struct ifa_cacheinfo:Address information -.TE -.\" FIXME Document struct ifa_cacheinfo -.TP -.B RTM_NEWROUTE -.TQ -.B RTM_DELROUTE -.TQ -.B RTM_GETROUTE -Create, remove, or receive information about a network route. -These messages contain an -.I rtmsg -structure with an optional sequence of -.I rtattr -structures following. -For -.BR RTM_GETROUTE , -setting -.I rtm_dst_len -and -.I rtm_src_len -to 0 means you get all entries for the specified routing table. -For the other fields, except -.I rtm_table -and -.IR rtm_protocol , -0 is the wildcard. -.IP -.EX -struct rtmsg { - unsigned char rtm_family; /* Address family of route */ - unsigned char rtm_dst_len; /* Length of destination */ - unsigned char rtm_src_len; /* Length of source */ - unsigned char rtm_tos; /* TOS filter */ - unsigned char rtm_table; /* Routing table ID; - see RTA_TABLE below */ - unsigned char rtm_protocol; /* Routing protocol; see below */ - unsigned char rtm_scope; /* See below */ - unsigned char rtm_type; /* See below */ -\& - unsigned int rtm_flags; -}; -.EE -.TS -tab(:); -lb l. -rtm_type:Route type -_ -RTN_UNSPEC:unknown route -RTN_UNICAST:a gateway or direct route -RTN_LOCAL:a local interface route -RTN_BROADCAST:T{ -a local broadcast route (sent as a broadcast) -T} -RTN_ANYCAST:T{ -a local broadcast route (sent as a unicast) -T} -RTN_MULTICAST:a multicast route -RTN_BLACKHOLE:a packet dropping route -RTN_UNREACHABLE:an unreachable destination -RTN_PROHIBIT:a packet rejection route -RTN_THROW:continue routing lookup in another table -RTN_NAT:a network address translation rule -RTN_XRESOLVE:T{ -refer to an external resolver (not implemented) -T} -.TE -.TS -tab(:); -lb l. -rtm_protocol:Route origin -_ -RTPROT_UNSPEC:unknown -RTPROT_REDIRECT:T{ -by an ICMP redirect (currently unused) -T} -RTPROT_KERNEL:by the kernel -RTPROT_BOOT:during boot -RTPROT_STATIC:by the administrator -.TE -.IP -Values larger than -.B RTPROT_STATIC -are not interpreted by the kernel, they are just for user information. -They may be used to tag the source of a routing information or to -distinguish between multiple routing daemons. -See -.I -for the routing daemon identifiers which are already assigned. -.IP -.I rtm_scope -is the distance to the destination: -.TS -tab(:); -lb l. -RT_SCOPE_UNIVERSE:global route -RT_SCOPE_SITE:T{ -interior route in the local autonomous system -T} -RT_SCOPE_LINK:route on this link -RT_SCOPE_HOST:route on the local host -RT_SCOPE_NOWHERE:destination doesn't exist -.TE -.IP -The values between -.B RT_SCOPE_UNIVERSE -and -.B RT_SCOPE_SITE -are available to the user. -.IP -The -.I rtm_flags -have the following meanings: -.TS -tab(:); -lb l. -RTM_F_NOTIFY:T{ -if the route changes, notify the user via rtnetlink -T} -RTM_F_CLONED:route is cloned from another route -RTM_F_EQUALIZE:a multipath equalizer (not yet implemented) -.TE -.IP -.I rtm_table -specifies the routing table -.TS -tab(:); -lb l. -RT_TABLE_UNSPEC:an unspecified routing table -RT_TABLE_DEFAULT:the default table -RT_TABLE_MAIN:the main table -RT_TABLE_LOCAL:the local table -.TE -.IP -The user may assign arbitrary values between -.B RT_TABLE_UNSPEC -and -.BR RT_TABLE_DEFAULT . -.\" Keep table on same page -.bp +1 -.TS -tab(:); -c s s -lb2 l2 l. -Attributes -rta_type:Value type:Description -_ -RTA_UNSPEC:-:ignored -RTA_DST:protocol address:Route destination address -RTA_SRC:protocol address:Route source address -RTA_IIF:int:Input interface index -RTA_OIF:int:Output interface index -RTA_GATEWAY:protocol address:The gateway of the route -RTA_PRIORITY:int:Priority of route -RTA_PREFSRC:protocol address:Preferred source address -RTA_METRICS:int:Route metric -RTA_MULTIPATH::T{ -Multipath nexthop data -br -(see below). -T} -RTA_PROTOINFO::No longer used -RTA_FLOW:int:Route realm -RTA_CACHEINFO:struct rta_cacheinfo:(see linux/rtnetlink.h) -RTA_SESSION::No longer used -RTA_MP_ALGO::No longer used -RTA_TABLE:int:T{ -Routing table ID; if set, -.br -rtm_table is ignored -T} -RTA_MARK:int: -RTA_MFC_STATS:struct rta_mfc_stats:(see linux/rtnetlink.h) -RTA_VIA:struct rtvia:T{ -Gateway in different AF -(see below) -T} -RTA_NEWDST:protocol address:T{ -Change packet -destination address -T} -RTA_PREF:char:T{ -RFC4191 IPv6 router -preference (see below) -T} -RTA_ENCAP_TYPE:short:T{ -Encapsulation type for -.br -lwtunnels (see below) -T} -RTA_ENCAP::Defined by RTA_ENCAP_TYPE -RTA_EXPIRES:int:T{ -Expire time for IPv6 -routes (in seconds) -T} -.TE -.IP -.B RTA_MULTIPATH -contains several packed instances of -.I struct rtnexthop -together with nested RTAs -.RB ( RTA_GATEWAY ): -.IP -.in +4n -.EX -struct rtnexthop { - unsigned short rtnh_len; /* Length of struct + length - of RTAs */ - unsigned char rtnh_flags; /* Flags (see - linux/rtnetlink.h) */ - unsigned char rtnh_hops; /* Nexthop priority */ - int rtnh_ifindex; /* Interface index for this - nexthop */ -} -.EE -.in -.IP -There exist a bunch of -.B RTNH_* -macros similar to -.B RTA_* -and -.B NLHDR_* -macros -useful to handle these structures. -.IP -.in +4n -.EX -struct rtvia { - unsigned short rtvia_family; - unsigned char rtvia_addr[0]; -}; -.EE -.in -.IP -.I rtvia_addr -is the address, -.I rtvia_family -is its family type. -.IP -.B RTA_PREF -may contain values -.BR ICMPV6_ROUTER_PREF_LOW , -.BR ICMPV6_ROUTER_PREF_MEDIUM , -and -.B ICMPV6_ROUTER_PREF_HIGH -defined incw -.IR . -.IP -.B RTA_ENCAP_TYPE -may contain values -.BR LWTUNNEL_ENCAP_MPLS , -.BR LWTUNNEL_ENCAP_IP , -.BR LWTUNNEL_ENCAP_ILA , -or -.B LWTUNNEL_ENCAP_IP6 -defined in -.IR . -.IP -.B Fill these values in! -.TP -.B RTM_NEWNEIGH -.TQ -.B RTM_DELNEIGH -.TQ -.B RTM_GETNEIGH -Add, remove, or receive information about a neighbor table -entry (e.g., an ARP entry). -The message contains an -.I ndmsg -structure. -.IP -.EX -struct ndmsg { - unsigned char ndm_family; - int ndm_ifindex; /* Interface index */ - __u16 ndm_state; /* State */ - __u8 ndm_flags; /* Flags */ - __u8 ndm_type; -}; -\& -struct nda_cacheinfo { - __u32 ndm_confirmed; - __u32 ndm_used; - __u32 ndm_updated; - __u32 ndm_refcnt; -}; -.EE -.IP -.I ndm_state -is a bit mask of the following states: -.TS -tab(:); -lb l. -NUD_INCOMPLETE:a currently resolving cache entry -NUD_REACHABLE:a confirmed working cache entry -NUD_STALE:an expired cache entry -NUD_DELAY:an entry waiting for a timer -NUD_PROBE:a cache entry that is currently reprobed -NUD_FAILED:an invalid cache entry -NUD_NOARP:a device with no destination cache -NUD_PERMANENT:a static entry -.TE -.IP -Valid -.I ndm_flags -are: -.TS -tab(:); -lb l. -NTF_PROXY:a proxy arp entry -NTF_ROUTER:an IPv6 router -.TE -.IP -.\" FIXME . -.\" document the members of the struct better -The -.I rtattr -struct has the following meanings for the -.I rta_type -field: -.TS -tab(:); -lb l. -NDA_UNSPEC:unknown type -NDA_DST:a neighbor cache n/w layer destination address -NDA_LLADDR:a neighbor cache link layer address -NDA_CACHEINFO:cache statistics -.TE -.IP -If the -.I rta_type -field is -.BR NDA_CACHEINFO , -then a -.I struct nda_cacheinfo -header follows. -.TP -.B RTM_NEWRULE -.TQ -.B RTM_DELRULE -.TQ -.B RTM_GETRULE -Add, delete, or retrieve a routing rule. -Carries a -.I struct rtmsg -.TP -.B RTM_NEWQDISC -.TQ -.B RTM_DELQDISC -.TQ -.B RTM_GETQDISC -Add, remove, or get a queueing discipline. -The message contains a -.I struct tcmsg -and may be followed by a series of -attributes. -.IP -.EX -struct tcmsg { - unsigned char tcm_family; - int tcm_ifindex; /* interface index */ - __u32 tcm_handle; /* Qdisc handle */ - __u32 tcm_parent; /* Parent qdisc */ - __u32 tcm_info; -}; -.EE -.TS -tab(:); -c s s -lb2 l2 l. -Attributes -rta_type:Value type:Description -_ -TCA_UNSPEC:-:unspecified -TCA_KIND:asciiz string:Name of queueing discipline -TCA_OPTIONS:byte sequence:Qdisc-specific options follow -TCA_STATS:struct tc_stats:Qdisc statistics -TCA_XSTATS:qdisc-specific:Module-specific statistics -TCA_RATE:struct tc_estimator:Rate limit -.TE -.IP -In addition, various other qdisc-module-specific attributes are allowed. -For more information see the appropriate include files. -.TP -.B RTM_NEWTCLASS -.TQ -.B RTM_DELTCLASS -.TQ -.B RTM_GETTCLASS -Add, remove, or get a traffic class. -These messages contain a -.I struct tcmsg -as described above. -.TP -.B RTM_NEWTFILTER -.TQ -.B RTM_DELTFILTER -.TQ -.B RTM_GETTFILTER -Add, remove, or receive information about a traffic filter. -These messages contain a -.I struct tcmsg -as described above. -.SH VERSIONS -.B rtnetlink -is a new feature of Linux 2.2. -.SH BUGS -This manual page is incomplete. -.SH SEE ALSO -.BR cmsg (3), -.BR rtnetlink (3), -.BR ip (7), -.BR netlink (7) diff --git a/man7/sched.7 b/man7/sched.7 deleted file mode 100644 index 7e1212f..0000000 --- a/man7/sched.7 +++ /dev/null @@ -1,992 +0,0 @@ -.\" Copyright (C) 2014 Michael Kerrisk -.\" and Copyright (C) 2014 Peter Zijlstra -.\" and Copyright (C) 2014 Juri Lelli -.\" Various pieces from the old sched_setscheduler(2) page -.\" Copyright (C) Tom Bjorkholm, Markus Kuhn & David A. Wheeler 1996-1999 -.\" and Copyright (C) 2007 Carsten Emde -.\" and Copyright (C) 2008 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" Worth looking at: http://rt.wiki.kernel.org/index.php -.\" -.TH sched 7 2024-02-18 "Linux man-pages 6.7" -.SH NAME -sched \- overview of CPU scheduling -.SH DESCRIPTION -Since Linux 2.6.23, the default scheduler is CFS, -the "Completely Fair Scheduler". -The CFS scheduler replaced the earlier "O(1)" scheduler. -.\" -.SS API summary -Linux provides the following system calls for controlling -the CPU scheduling behavior, policy, and priority of processes -(or, more precisely, threads). -.TP -.BR nice (2) -Set a new nice value for the calling thread, -and return the new nice value. -.TP -.BR getpriority (2) -Return the nice value of a thread, a process group, -or the set of threads owned by a specified user. -.TP -.BR setpriority (2) -Set the nice value of a thread, a process group, -or the set of threads owned by a specified user. -.TP -.BR sched_setscheduler (2) -Set the scheduling policy and parameters of a specified thread. -.TP -.BR sched_getscheduler (2) -Return the scheduling policy of a specified thread. -.TP -.BR sched_setparam (2) -Set the scheduling parameters of a specified thread. -.TP -.BR sched_getparam (2) -Fetch the scheduling parameters of a specified thread. -.TP -.BR sched_get_priority_max (2) -Return the maximum priority available in a specified scheduling policy. -.TP -.BR sched_get_priority_min (2) -Return the minimum priority available in a specified scheduling policy. -.TP -.BR sched_rr_get_interval (2) -Fetch the quantum used for threads that are scheduled under -the "round-robin" scheduling policy. -.TP -.BR sched_yield (2) -Cause the caller to relinquish the CPU, -so that some other thread be executed. -.TP -.BR sched_setaffinity (2) -(Linux-specific) -Set the CPU affinity of a specified thread. -.TP -.BR sched_getaffinity (2) -(Linux-specific) -Get the CPU affinity of a specified thread. -.TP -.BR sched_setattr (2) -Set the scheduling policy and parameters of a specified thread. -This (Linux-specific) system call provides a superset of the functionality of -.BR sched_setscheduler (2) -and -.BR sched_setparam (2). -.TP -.BR sched_getattr (2) -Fetch the scheduling policy and parameters of a specified thread. -This (Linux-specific) system call provides a superset of the functionality of -.BR sched_getscheduler (2) -and -.BR sched_getparam (2). -.\" -.SS Scheduling policies -The scheduler is the kernel component that decides which runnable thread -will be executed by the CPU next. -Each thread has an associated scheduling policy and a \fIstatic\fP -scheduling priority, -.IR sched_priority . -The scheduler makes its decisions based on knowledge of the scheduling -policy and static priority of all threads on the system. -.P -For threads scheduled under one of the normal scheduling policies -(\fBSCHED_OTHER\fP, \fBSCHED_IDLE\fP, \fBSCHED_BATCH\fP), -\fIsched_priority\fP is not used in scheduling -decisions (it must be specified as 0). -.P -Processes scheduled under one of the real-time policies -(\fBSCHED_FIFO\fP, \fBSCHED_RR\fP) have a -\fIsched_priority\fP value in the range 1 (low) to 99 (high). -(As the numbers imply, real-time threads always have higher priority -than normal threads.) -Note well: POSIX.1 requires an implementation to support only a -minimum 32 distinct priority levels for the real-time policies, -and some systems supply just this minimum. -Portable programs should use -.BR sched_get_priority_min (2) -and -.BR sched_get_priority_max (2) -to find the range of priorities supported for a particular policy. -.P -Conceptually, the scheduler maintains a list of runnable -threads for each possible \fIsched_priority\fP value. -In order to determine which thread runs next, the scheduler looks for -the nonempty list with the highest static priority and selects the -thread at the head of this list. -.P -A thread's scheduling policy determines -where it will be inserted into the list of threads -with equal static priority and how it will move inside this list. -.P -All scheduling is preemptive: if a thread with a higher static -priority becomes ready to run, the currently running thread -will be preempted and -returned to the wait list for its static priority level. -The scheduling policy determines the -ordering only within the list of runnable threads with equal static -priority. -.SS SCHED_FIFO: First in-first out scheduling -\fBSCHED_FIFO\fP can be used only with static priorities higher than -0, which means that when a \fBSCHED_FIFO\fP thread becomes runnable, -it will always immediately preempt any currently running -\fBSCHED_OTHER\fP, \fBSCHED_BATCH\fP, or \fBSCHED_IDLE\fP thread. -\fBSCHED_FIFO\fP is a simple scheduling -algorithm without time slicing. -For threads scheduled under the -\fBSCHED_FIFO\fP policy, the following rules apply: -.IP \[bu] 3 -A running \fBSCHED_FIFO\fP thread that has been preempted by another thread of -higher priority will stay at the head of the list for its priority and -will resume execution as soon as all threads of higher priority are -blocked again. -.IP \[bu] -When a blocked \fBSCHED_FIFO\fP thread becomes runnable, it -will be inserted at the end of the list for its priority. -.IP \[bu] -If a call to -.BR sched_setscheduler (2), -.BR sched_setparam (2), -.BR sched_setattr (2), -.BR pthread_setschedparam (3), -or -.BR pthread_setschedprio (3) -changes the priority of the running or runnable -.B SCHED_FIFO -thread identified by -.I pid -the effect on the thread's position in the list depends on -the direction of the change to the thread's priority: -.RS -.IP (a) 5 -If the thread's priority is raised, -it is placed at the end of the list for its new priority. -As a consequence, -it may preempt a currently running thread with the same priority. -.IP (b) -If the thread's priority is unchanged, -its position in the run list is unchanged. -.IP (c) -If the thread's priority is lowered, -it is placed at the front of the list for its new priority. -.RE -.IP -According to POSIX.1-2008, -changes to a thread's priority (or policy) using any mechanism other than -.BR pthread_setschedprio (3) -should result in the thread being placed at the end of -the list for its priority. -.\" In Linux 2.2.x and Linux 2.4.x, the thread is placed at the front of the queue -.\" In Linux 2.0.x, the Right Thing happened: the thread went to the back -- MTK -.IP \[bu] -A thread calling -.BR sched_yield (2) -will be put at the end of the list. -.P -No other events will move a thread -scheduled under the \fBSCHED_FIFO\fP policy in the wait list of -runnable threads with equal static priority. -.P -A \fBSCHED_FIFO\fP -thread runs until either it is blocked by an I/O request, it is -preempted by a higher priority thread, or it calls -.BR sched_yield (2). -.SS SCHED_RR: Round-robin scheduling -\fBSCHED_RR\fP is a simple enhancement of \fBSCHED_FIFO\fP. -Everything -described above for \fBSCHED_FIFO\fP also applies to \fBSCHED_RR\fP, -except that each thread is allowed to run only for a maximum time -quantum. -If a \fBSCHED_RR\fP thread has been running for a time -period equal to or longer than the time quantum, it will be put at the -end of the list for its priority. -A \fBSCHED_RR\fP thread that has -been preempted by a higher priority thread and subsequently resumes -execution as a running thread will complete the unexpired portion of -its round-robin time quantum. -The length of the time quantum can be -retrieved using -.BR sched_rr_get_interval (2). -.\" On Linux 2.4, the length of the RR interval is influenced -.\" by the process nice value -- MTK -.\" -.SS SCHED_DEADLINE: Sporadic task model deadline scheduling -Since Linux 3.14, Linux provides a deadline scheduling policy -.RB ( SCHED_DEADLINE ). -This policy is currently implemented using -GEDF (Global Earliest Deadline First) -in conjunction with CBS (Constant Bandwidth Server). -To set and fetch this policy and associated attributes, -one must use the Linux-specific -.BR sched_setattr (2) -and -.BR sched_getattr (2) -system calls. -.P -A sporadic task is one that has a sequence of jobs, where each -job is activated at most once per period. -Each job also has a -.IR "relative deadline" , -before which it should finish execution, and a -.IR "computation time" , -which is the CPU time necessary for executing the job. -The moment when a task wakes up -because a new job has to be executed is called the -.I arrival time -(also referred to as the request time or release time). -The -.I start time -is the time at which a task starts its execution. -The -.I absolute deadline -is thus obtained by adding the relative deadline to the arrival time. -.P -The following diagram clarifies these terms: -.P -.in +4n -.EX -arrival/wakeup absolute deadline - | start time | - | | | - v v v ------x--------xooooooooooooooooo--------x--------x--- - |<- comp. time ->| - |<------- relative deadline ------>| - |<-------------- period ------------------->| -.EE -.in -.P -When setting a -.B SCHED_DEADLINE -policy for a thread using -.BR sched_setattr (2), -one can specify three parameters: -.IR Runtime , -.IR Deadline , -and -.IR Period . -These parameters do not necessarily correspond to the aforementioned terms: -usual practice is to set Runtime to something bigger than the average -computation time (or worst-case execution time for hard real-time tasks), -Deadline to the relative deadline, and Period to the period of the task. -Thus, for -.B SCHED_DEADLINE -scheduling, we have: -.P -.in +4n -.EX -arrival/wakeup absolute deadline - | start time | - | | | - v v v ------x--------xooooooooooooooooo--------x--------x--- - |<-- Runtime ------->| - |<----------- Deadline ----------->| - |<-------------- Period ------------------->| -.EE -.in -.P -The three deadline-scheduling parameters correspond to the -.IR sched_runtime , -.IR sched_deadline , -and -.I sched_period -fields of the -.I sched_attr -structure; see -.BR sched_setattr (2). -These fields express values in nanoseconds. -.\" FIXME It looks as though specifying sched_period as 0 means -.\" "make sched_period the same as sched_deadline". -.\" This needs to be documented. -If -.I sched_period -is specified as 0, then it is made the same as -.IR sched_deadline . -.P -The kernel requires that: -.P -.in +4n -.EX -sched_runtime <= sched_deadline <= sched_period -.EE -.in -.P -.\" See __checkparam_dl in kernel/sched/core.c -In addition, under the current implementation, -all of the parameter values must be at least 1024 -(i.e., just over one microsecond, -which is the resolution of the implementation), and less than 2\[ha]63. -If any of these checks fails, -.BR sched_setattr (2) -fails with the error -.BR EINVAL . -.P -The CBS guarantees non-interference between tasks, by throttling -threads that attempt to over-run their specified Runtime. -.P -To ensure deadline scheduling guarantees, -the kernel must prevent situations where the set of -.B SCHED_DEADLINE -threads is not feasible (schedulable) within the given constraints. -The kernel thus performs an admittance test when setting or changing -.B SCHED_DEADLINE -policy and attributes. -This admission test calculates whether the change is feasible; -if it is not, -.BR sched_setattr (2) -fails with the error -.BR EBUSY . -.P -For example, it is required (but not necessarily sufficient) for -the total utilization to be less than or equal to the total number of -CPUs available, where, since each thread can maximally run for -Runtime per Period, that thread's utilization is its -Runtime divided by its Period. -.P -In order to fulfill the guarantees that are made when -a thread is admitted to the -.B SCHED_DEADLINE -policy, -.B SCHED_DEADLINE -threads are the highest priority (user controllable) threads in the -system; if any -.B SCHED_DEADLINE -thread is runnable, -it will preempt any thread scheduled under one of the other policies. -.P -A call to -.BR fork (2) -by a thread scheduled under the -.B SCHED_DEADLINE -policy fails with the error -.BR EAGAIN , -unless the thread has its reset-on-fork flag set (see below). -.P -A -.B SCHED_DEADLINE -thread that calls -.BR sched_yield (2) -will yield the current job and wait for a new period to begin. -.\" -.\" FIXME Calling sched_getparam() on a SCHED_DEADLINE thread -.\" fails with EINVAL, but sched_getscheduler() succeeds. -.\" Is that intended? (Why?) -.\" -.SS SCHED_OTHER: Default Linux time-sharing scheduling -\fBSCHED_OTHER\fP can be used at only static priority 0 -(i.e., threads under real-time policies always have priority over -.B SCHED_OTHER -processes). -\fBSCHED_OTHER\fP is the standard Linux time-sharing scheduler that is -intended for all threads that do not require the special -real-time mechanisms. -.P -The thread to run is chosen from the static -priority 0 list based on a \fIdynamic\fP priority that is determined only -inside this list. -The dynamic priority is based on the nice value (see below) -and is increased for each time quantum the thread is ready to run, -but denied to run by the scheduler. -This ensures fair progress among all \fBSCHED_OTHER\fP threads. -.P -In the Linux kernel source code, the -.B SCHED_OTHER -policy is actually named -.BR SCHED_NORMAL . -.\" -.SS The nice value -The nice value is an attribute -that can be used to influence the CPU scheduler to -favor or disfavor a process in scheduling decisions. -It affects the scheduling of -.B SCHED_OTHER -and -.B SCHED_BATCH -(see below) processes. -The nice value can be modified using -.BR nice (2), -.BR setpriority (2), -or -.BR sched_setattr (2). -.P -According to POSIX.1, the nice value is a per-process attribute; -that is, the threads in a process should share a nice value. -However, on Linux, the nice value is a per-thread attribute: -different threads in the same process may have different nice values. -.P -The range of the nice value -varies across UNIX systems. -On modern Linux, the range is \-20 (high priority) to +19 (low priority). -On some other systems, the range is \-20..20. -Very early Linux kernels (before Linux 2.0) had the range \-infinity..15. -.\" Linux before 1.3.36 had \-infinity..15. -.\" Since Linux 1.3.43, Linux has the range \-20..19. -.P -The degree to which the nice value affects the relative scheduling of -.B SCHED_OTHER -processes likewise varies across UNIX systems and -across Linux kernel versions. -.P -With the advent of the CFS scheduler in Linux 2.6.23, -Linux adopted an algorithm that causes -relative differences in nice values to have a much stronger effect. -In the current implementation, each unit of difference in the -nice values of two processes results in a factor of 1.25 -in the degree to which the scheduler favors the higher priority process. -This causes very low nice values (+19) to truly provide little CPU -to a process whenever there is any other -higher priority load on the system, -and makes high nice values (\-20) deliver most of the CPU to applications -that require it (e.g., some audio applications). -.P -On Linux, the -.B RLIMIT_NICE -resource limit can be used to define a limit to which -an unprivileged process's nice value can be raised; see -.BR setrlimit (2) -for details. -.P -For further details on the nice value, see the subsections on -the autogroup feature and group scheduling, below. -.\" -.SS SCHED_BATCH: Scheduling batch processes -(Since Linux 2.6.16.) -\fBSCHED_BATCH\fP can be used only at static priority 0. -This policy is similar to \fBSCHED_OTHER\fP in that it schedules -the thread according to its dynamic priority -(based on the nice value). -The difference is that this policy -will cause the scheduler to always assume -that the thread is CPU-intensive. -Consequently, the scheduler will apply a small scheduling -penalty with respect to wakeup behavior, -so that this thread is mildly disfavored in scheduling decisions. -.P -.\" The following paragraph is drawn largely from the text that -.\" accompanied Ingo Molnar's patch for the implementation of -.\" SCHED_BATCH. -.\" commit b0a9499c3dd50d333e2aedb7e894873c58da3785 -This policy is useful for workloads that are noninteractive, -but do not want to lower their nice value, -and for workloads that want a deterministic scheduling policy without -interactivity causing extra preemptions (between the workload's tasks). -.\" -.SS SCHED_IDLE: Scheduling very low priority jobs -(Since Linux 2.6.23.) -\fBSCHED_IDLE\fP can be used only at static priority 0; -the process nice value has no influence for this policy. -.P -This policy is intended for running jobs at extremely low -priority (lower even than a +19 nice value with the -.B SCHED_OTHER -or -.B SCHED_BATCH -policies). -.\" -.SS Resetting scheduling policy for child processes -Each thread has a reset-on-fork scheduling flag. -When this flag is set, children created by -.BR fork (2) -do not inherit privileged scheduling policies. -The reset-on-fork flag can be set by either: -.IP \[bu] 3 -ORing the -.B SCHED_RESET_ON_FORK -flag into the -.I policy -argument when calling -.BR sched_setscheduler (2) -(since Linux 2.6.32); -or -.IP \[bu] -specifying the -.B SCHED_FLAG_RESET_ON_FORK -flag in -.I attr.sched_flags -when calling -.BR sched_setattr (2). -.P -Note that the constants used with these two APIs have different names. -The state of the reset-on-fork flag can analogously be retrieved using -.BR sched_getscheduler (2) -and -.BR sched_getattr (2). -.P -The reset-on-fork feature is intended for media-playback applications, -and can be used to prevent applications evading the -.B RLIMIT_RTTIME -resource limit (see -.BR getrlimit (2)) -by creating multiple child processes. -.P -More precisely, if the reset-on-fork flag is set, -the following rules apply for subsequently created children: -.IP \[bu] 3 -If the calling thread has a scheduling policy of -.B SCHED_FIFO -or -.BR SCHED_RR , -the policy is reset to -.B SCHED_OTHER -in child processes. -.IP \[bu] -If the calling process has a negative nice value, -the nice value is reset to zero in child processes. -.P -After the reset-on-fork flag has been enabled, -it can be reset only if the thread has the -.B CAP_SYS_NICE -capability. -This flag is disabled in child processes created by -.BR fork (2). -.\" -.SS Privileges and resource limits -Before Linux 2.6.12, only privileged -.RB ( CAP_SYS_NICE ) -threads can set a nonzero static priority (i.e., set a real-time -scheduling policy). -The only change that an unprivileged thread can make is to set the -.B SCHED_OTHER -policy, and this can be done only if the effective user ID of the caller -matches the real or effective user ID of the target thread -(i.e., the thread specified by -.IR pid ) -whose policy is being changed. -.P -A thread must be privileged -.RB ( CAP_SYS_NICE ) -in order to set or modify a -.B SCHED_DEADLINE -policy. -.P -Since Linux 2.6.12, the -.B RLIMIT_RTPRIO -resource limit defines a ceiling on an unprivileged thread's -static priority for the -.B SCHED_RR -and -.B SCHED_FIFO -policies. -The rules for changing scheduling policy and priority are as follows: -.IP \[bu] 3 -If an unprivileged thread has a nonzero -.B RLIMIT_RTPRIO -soft limit, then it can change its scheduling policy and priority, -subject to the restriction that the priority cannot be set to a -value higher than the maximum of its current priority and its -.B RLIMIT_RTPRIO -soft limit. -.IP \[bu] -If the -.B RLIMIT_RTPRIO -soft limit is 0, then the only permitted changes are to lower the priority, -or to switch to a non-real-time policy. -.IP \[bu] -Subject to the same rules, -another unprivileged thread can also make these changes, -as long as the effective user ID of the thread making the change -matches the real or effective user ID of the target thread. -.IP \[bu] -Special rules apply for the -.B SCHED_IDLE -policy. -Before Linux 2.6.39, -an unprivileged thread operating under this policy cannot -change its policy, regardless of the value of its -.B RLIMIT_RTPRIO -resource limit. -Since Linux 2.6.39, -.\" commit c02aa73b1d18e43cfd79c2f193b225e84ca497c8 -an unprivileged thread can switch to either the -.B SCHED_BATCH -or the -.B SCHED_OTHER -policy so long as its nice value falls within the range permitted by its -.B RLIMIT_NICE -resource limit (see -.BR getrlimit (2)). -.P -Privileged -.RB ( CAP_SYS_NICE ) -threads ignore the -.B RLIMIT_RTPRIO -limit; as with older kernels, -they can make arbitrary changes to scheduling policy and priority. -See -.BR getrlimit (2) -for further information on -.BR RLIMIT_RTPRIO . -.SS Limiting the CPU usage of real-time and deadline processes -A nonblocking infinite loop in a thread scheduled under the -.BR SCHED_FIFO , -.BR SCHED_RR , -or -.B SCHED_DEADLINE -policy can potentially block all other threads from accessing -the CPU forever. -Before Linux 2.6.25, the only way of preventing a runaway real-time -process from freezing the system was to run (at the console) -a shell scheduled under a higher static priority than the tested application. -This allows an emergency kill of tested -real-time applications that do not block or terminate as expected. -.P -Since Linux 2.6.25, there are other techniques for dealing with runaway -real-time and deadline processes. -One of these is to use the -.B RLIMIT_RTTIME -resource limit to set a ceiling on the CPU time that -a real-time process may consume. -See -.BR getrlimit (2) -for details. -.P -Since Linux 2.6.25, Linux also provides two -.I /proc -files that can be used to reserve a certain amount of CPU time -to be used by non-real-time processes. -Reserving CPU time in this fashion allows some CPU time to be -allocated to (say) a root shell that can be used to kill a runaway process. -Both of these files specify time values in microseconds: -.TP -.I /proc/sys/kernel/sched_rt_period_us -This file specifies a scheduling period that is equivalent to -100% CPU bandwidth. -The value in this file can range from 1 to -.BR INT_MAX , -giving an operating range of 1 microsecond to around 35 minutes. -The default value in this file is 1,000,000 (1 second). -.TP -.I /proc/sys/kernel/sched_rt_runtime_us -The value in this file specifies how much of the "period" time -can be used by all real-time and deadline scheduled processes -on the system. -The value in this file can range from \-1 to -.BR INT_MAX \-1. -Specifying \-1 makes the run time the same as the period; -that is, no CPU time is set aside for non-real-time processes -(which was the behavior before Linux 2.6.25). -The default value in this file is 950,000 (0.95 seconds), -meaning that 5% of the CPU time is reserved for processes that -don't run under a real-time or deadline scheduling policy. -.SS Response time -A blocked high priority thread waiting for I/O has a certain -response time before it is scheduled again. -The device driver writer -can greatly reduce this response time by using a "slow interrupt" -interrupt handler. -.\" as described in -.\" .BR request_irq (9). -.SS Miscellaneous -Child processes inherit the scheduling policy and parameters across a -.BR fork (2). -The scheduling policy and parameters are preserved across -.BR execve (2). -.P -Memory locking is usually needed for real-time processes to avoid -paging delays; this can be done with -.BR mlock (2) -or -.BR mlockall (2). -.\" -.SS The autogroup feature -.\" commit 5091faa449ee0b7d73bc296a93bca9540fc51d0a -Since Linux 2.6.38, -the kernel provides a feature known as autogrouping to improve interactive -desktop performance in the face of multiprocess, CPU-intensive -workloads such as building the Linux kernel with large numbers of -parallel build processes (i.e., the -.BR make (1) -.B \-j -flag). -.P -This feature operates in conjunction with the -CFS scheduler and requires a kernel that is configured with -.BR CONFIG_SCHED_AUTOGROUP . -On a running system, this feature is enabled or disabled via the file -.IR /proc/sys/kernel/sched_autogroup_enabled ; -a value of 0 disables the feature, while a value of 1 enables it. -The default value in this file is 1, unless the kernel was booted with the -.I noautogroup -parameter. -.P -A new autogroup is created when a new session is created via -.BR setsid (2); -this happens, for example, when a new terminal window is started. -A new process created by -.BR fork (2) -inherits its parent's autogroup membership. -Thus, all of the processes in a session are members of the same autogroup. -An autogroup is automatically destroyed when the last process -in the group terminates. -.P -When autogrouping is enabled, all of the members of an autogroup -are placed in the same kernel scheduler "task group". -The CFS scheduler employs an algorithm that equalizes the -distribution of CPU cycles across task groups. -The benefits of this for interactive desktop performance -can be described via the following example. -.P -Suppose that there are two autogroups competing for the same CPU -(i.e., presume either a single CPU system or the use of -.BR taskset (1) -to confine all the processes to the same CPU on an SMP system). -The first group contains ten CPU-bound processes from -a kernel build started with -.IR "make\~\-j10" . -The other contains a single CPU-bound process: a video player. -The effect of autogrouping is that the two groups will -each receive half of the CPU cycles. -That is, the video player will receive 50% of the CPU cycles, -rather than just 9% of the cycles, -which would likely lead to degraded video playback. -The situation on an SMP system is more complex, -.\" Mike Galbraith, 25 Nov 2016: -.\" I'd say something more wishy-washy here, like cycles are -.\" distributed fairly across groups and leave it at that, as your -.\" detailed example is incorrect due to SMP fairness (which I don't -.\" like much because [very unlikely] worst case scenario -.\" renders a box sized group incapable of utilizing more that -.\" a single CPU total). For example, if a group of NR_CPUS -.\" size competes with a singleton, load balancing will try to give -.\" the singleton a full CPU of its very own. If groups intersect for -.\" whatever reason on say my quad lappy, distribution is 80/20 in -.\" favor of the singleton. -but the general effect is the same: -the scheduler distributes CPU cycles across task groups such that -an autogroup that contains a large number of CPU-bound processes -does not end up hogging CPU cycles at the expense of the other -jobs on the system. -.P -A process's autogroup (task group) membership can be viewed via the file -.IR /proc/ pid /autogroup : -.P -.in +4n -.EX -$ \fBcat /proc/1/autogroup\fP -/autogroup\-1 nice 0 -.EE -.in -.P -This file can also be used to modify the CPU bandwidth allocated -to an autogroup. -This is done by writing a number in the "nice" range to the file -to set the autogroup's nice value. -The allowed range is from +19 (low priority) to \-20 (high priority). -(Writing values outside of this range causes -.BR write (2) -to fail with the error -.BR EINVAL .) -.\" FIXME . -.\" Because of a bug introduced in Linux 4.7 -.\" (commit 2159197d66770ec01f75c93fb11dc66df81fd45b made changes -.\" that exposed the fact that autogroup didn't call scale_load()), -.\" it happened that *all* values in this range caused a task group -.\" to be further disfavored by the scheduler, with \-20 resulting -.\" in the scheduler mildly disfavoring the task group and +19 greatly -.\" disfavoring it. -.\" -.\" A patch was posted on 23 Nov 2016 -.\" ("sched/autogroup: Fix 64bit kernel nice adjustment"; -.\" check later to see in which kernel version it lands. -.P -The autogroup nice setting has the same meaning as the process nice value, -but applies to distribution of CPU cycles to the autogroup as a whole, -based on the relative nice values of other autogroups. -For a process inside an autogroup, the CPU cycles that it receives -will be a product of the autogroup's nice value -(compared to other autogroups) -and the process's nice value -(compared to other processes in the same autogroup. -.P -The use of the -.BR cgroups (7) -CPU controller to place processes in cgroups other than the -root CPU cgroup overrides the effect of autogrouping. -.P -The autogroup feature groups only processes scheduled under -non-real-time policies -.RB ( SCHED_OTHER , -.BR SCHED_BATCH , -and -.BR SCHED_IDLE ). -It does not group processes scheduled under real-time and -deadline policies. -Those processes are scheduled according to the rules described earlier. -.\" -.SS The nice value and group scheduling -When scheduling non-real-time processes (i.e., those scheduled under the -.BR SCHED_OTHER , -.BR SCHED_BATCH , -and -.B SCHED_IDLE -policies), the CFS scheduler employs a technique known as "group scheduling", -if the kernel was configured with the -.B CONFIG_FAIR_GROUP_SCHED -option (which is typical). -.P -Under group scheduling, threads are scheduled in "task groups". -Task groups have a hierarchical relationship, -rooted under the initial task group on the system, -known as the "root task group". -Task groups are formed in the following circumstances: -.IP \[bu] 3 -All of the threads in a CPU cgroup form a task group. -The parent of this task group is the task group of the -corresponding parent cgroup. -.IP \[bu] -If autogrouping is enabled, -then all of the threads that are (implicitly) placed in an autogroup -(i.e., the same session, as created by -.BR setsid (2)) -form a task group. -Each new autogroup is thus a separate task group. -The root task group is the parent of all such autogroups. -.IP \[bu] -If autogrouping is enabled, then the root task group consists of -all processes in the root CPU cgroup that were not -otherwise implicitly placed into a new autogroup. -.IP \[bu] -If autogrouping is disabled, then the root task group consists of -all processes in the root CPU cgroup. -.IP \[bu] -If group scheduling was disabled (i.e., the kernel was configured without -.BR CONFIG_FAIR_GROUP_SCHED ), -then all of the processes on the system are notionally placed -in a single task group. -.P -Under group scheduling, -a thread's nice value has an effect for scheduling decisions -.IR "only relative to other threads in the same task group" . -This has some surprising consequences in terms of the traditional semantics -of the nice value on UNIX systems. -In particular, if autogrouping -is enabled (which is the default in various distributions), then employing -.BR setpriority (2) -or -.BR nice (1) -on a process has an effect only for scheduling relative -to other processes executed in the same session -(typically: the same terminal window). -.P -Conversely, for two processes that are (for example) -the sole CPU-bound processes in different sessions -(e.g., different terminal windows, -each of whose jobs are tied to different autogroups), -.I modifying the nice value of the process in one of the sessions -.I has no effect -in terms of the scheduler's decisions relative to the -process in the other session. -.\" More succinctly: the nice(1) command is in many cases a no-op since -.\" Linux 2.6.38. -.\" -A possibly useful workaround here is to use a command such as -the following to modify the autogroup nice value for -.I all -of the processes in a terminal session: -.P -.in +4n -.EX -$ \fBecho 10 > /proc/self/autogroup\fP -.EE -.in -.SS Real-time features in the mainline Linux kernel -.\" FIXME . Probably this text will need some minor tweaking -.\" ask Carsten Emde about this. -Since Linux 2.6.18, Linux is gradually -becoming equipped with real-time capabilities, -most of which are derived from the former -.I realtime\-preempt -patch set. -Until the patches have been completely merged into the -mainline kernel, -they must be installed to achieve the best real-time performance. -These patches are named: -.P -.in +4n -.EX -patch\-\fIkernelversion\fP\-rt\fIpatchversion\fP -.EE -.in -.P -and can be downloaded from -.UR http://www.kernel.org\:/pub\:/linux\:/kernel\:/projects\:/rt/ -.UE . -.P -Without the patches and prior to their full inclusion into the mainline -kernel, the kernel configuration offers only the three preemption classes -.BR CONFIG_PREEMPT_NONE , -.BR CONFIG_PREEMPT_VOLUNTARY , -and -.B CONFIG_PREEMPT_DESKTOP -which respectively provide no, some, and considerable -reduction of the worst-case scheduling latency. -.P -With the patches applied or after their full inclusion into the mainline -kernel, the additional configuration item -.B CONFIG_PREEMPT_RT -becomes available. -If this is selected, Linux is transformed into a regular -real-time operating system. -The FIFO and RR scheduling policies are then used to run a thread -with true real-time priority and a minimum worst-case scheduling latency. -.SH NOTES -The -.BR cgroups (7) -CPU controller can be used to limit the CPU consumption of -groups of processes. -.P -Originally, Standard Linux was intended as a general-purpose operating -system being able to handle background processes, interactive -applications, and less demanding real-time applications (applications that -need to usually meet timing deadlines). -Although the Linux 2.6 -allowed for kernel preemption and the newly introduced O(1) scheduler -ensures that the time needed to schedule is fixed and deterministic -irrespective of the number of active tasks, true real-time computing -was not possible up to Linux 2.6.17. -.SH SEE ALSO -.ad l -.nh -.BR chcpu (1), -.BR chrt (1), -.BR lscpu (1), -.BR ps (1), -.BR taskset (1), -.BR top (1), -.BR getpriority (2), -.BR mlock (2), -.BR mlockall (2), -.BR munlock (2), -.BR munlockall (2), -.BR nice (2), -.BR sched_get_priority_max (2), -.BR sched_get_priority_min (2), -.BR sched_getaffinity (2), -.BR sched_getparam (2), -.BR sched_getscheduler (2), -.BR sched_rr_get_interval (2), -.BR sched_setaffinity (2), -.BR sched_setparam (2), -.BR sched_setscheduler (2), -.BR sched_yield (2), -.BR setpriority (2), -.BR pthread_getaffinity_np (3), -.BR pthread_getschedparam (3), -.BR pthread_setaffinity_np (3), -.BR sched_getcpu (3), -.BR capabilities (7), -.BR cpuset (7) -.ad -.P -.I Programming for the real world \- POSIX.4 -by Bill O.\& Gallmeister, O'Reilly & Associates, Inc., ISBN 1-56592-074-0. -.P -The Linux kernel source files -.IR \%Documentation/\:scheduler/\:sched\-deadline\:.txt , -.IR \%Documentation/\:scheduler/\:sched\-rt\-group\:.txt , -.IR \%Documentation/\:scheduler/\:sched\-design\-CFS\:.txt , -and -.I \%Documentation/\:scheduler/\:sched\-nice\-design\:.txt diff --git a/man7/sem_overview.7 b/man7/sem_overview.7 deleted file mode 100644 index 67f2e41..0000000 --- a/man7/sem_overview.7 +++ /dev/null @@ -1,139 +0,0 @@ -.\" Copyright (C) 2006 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH sem_overview 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -sem_overview \- overview of POSIX semaphores -.SH DESCRIPTION -POSIX semaphores allow processes and threads to synchronize their actions. -.P -A semaphore is an integer whose value is never allowed to fall below zero. -Two operations can be performed on semaphores: -increment the semaphore value by one -.RB ( sem_post (3)); -and decrement the semaphore value by one -.RB ( sem_wait (3)). -If the value of a semaphore is currently zero, then a -.BR sem_wait (3) -operation will block until the value becomes greater than zero. -.P -POSIX semaphores come in two forms: named semaphores and -unnamed semaphores. -.TP -.B Named semaphores -A named semaphore is identified by a name of the form -.IR /somename ; -that is, a null-terminated string of up to -.BI NAME_MAX \-4 -(i.e., 251) characters consisting of an initial slash, -.\" glibc allows the initial slash to be omitted, and makes -.\" multiple initial slashes equivalent to a single slash. -.\" This differs from the implementation of POSIX message queues. -followed by one or more characters, none of which are slashes. -.\" glibc allows subdirectory components in the name, in which -.\" case the subdirectory tree must exist under /dev/shm, and -.\" the fist subdirectory component must exist as the name -.\" sem.name, and all of the subdirectory components must allow the -.\" required permissions if a user wants to create a semaphore -.\" object in a subdirectory. -Two processes can operate on the same named semaphore by passing -the same name to -.BR sem_open (3). -.IP -The -.BR sem_open (3) -function creates a new named semaphore or opens an existing -named semaphore. -After the semaphore has been opened, it can be operated on using -.BR sem_post (3) -and -.BR sem_wait (3). -When a process has finished using the semaphore, it can use -.BR sem_close (3) -to close the semaphore. -When all processes have finished using the semaphore, -it can be removed from the system using -.BR sem_unlink (3). -.TP -.B Unnamed semaphores (memory-based semaphores) -An unnamed semaphore does not have a name. -Instead the semaphore is placed in a region of memory that -is shared between multiple threads (a -.IR "thread-shared semaphore" ) -or processes (a -.IR "process-shared semaphore" ). -A thread-shared semaphore is placed in an area of memory shared -between the threads of a process, for example, a global variable. -A process-shared semaphore must be placed in a shared memory region -(e.g., a System V shared memory segment created using -.BR shmget (2), -or a POSIX shared memory object built created using -.BR shm_open (3)). -.IP -Before being used, an unnamed semaphore must be initialized using -.BR sem_init (3). -It can then be operated on using -.BR sem_post (3) -and -.BR sem_wait (3). -When the semaphore is no longer required, -and before the memory in which it is located is deallocated, -the semaphore should be destroyed using -.BR sem_destroy (3). -.P -The remainder of this section describes some specific details -of the Linux implementation of POSIX semaphores. -.SS Versions -Before Linux 2.6, Linux supported only unnamed, -thread-shared semaphores. -On a system with Linux 2.6 and a glibc that provides the NPTL -threading implementation, -a complete implementation of POSIX semaphores is provided. -.SS Persistence -POSIX named semaphores have kernel persistence: -if not removed by -.BR sem_unlink (3), -a semaphore will exist until the system is shut down. -.SS Linking -Programs using the POSIX semaphores API must be compiled with -.I cc \-pthread -to link against the real-time library, -.IR librt . -.SS Accessing named semaphores via the filesystem -On Linux, named semaphores are created in a virtual filesystem, -normally mounted under -.IR /dev/shm , -with names of the form -.IR \fBsem.\fPsomename . -(This is the reason that semaphore names are limited to -.BI NAME_MAX \-4 -rather than -.B NAME_MAX -characters.) -.P -Since Linux 2.6.19, ACLs can be placed on files under this directory, -to control object permissions on a per-user and per-group basis. -.SH NOTES -System V semaphores -.RB ( semget (2), -.BR semop (2), -etc.) are an older semaphore API. -POSIX semaphores provide a simpler, and better designed interface than -System V semaphores; -on the other hand POSIX semaphores are less widely available -(especially on older systems) than System V semaphores. -.SH EXAMPLES -An example of the use of various POSIX semaphore functions is shown in -.BR sem_wait (3). -.SH SEE ALSO -.BR sem_close (3), -.BR sem_destroy (3), -.BR sem_getvalue (3), -.BR sem_init (3), -.BR sem_open (3), -.BR sem_post (3), -.BR sem_unlink (3), -.BR sem_wait (3), -.BR pthreads (7), -.BR shm_overview (7) diff --git a/man7/session-keyring.7 b/man7/session-keyring.7 deleted file mode 100644 index d67de25..0000000 --- a/man7/session-keyring.7 +++ /dev/null @@ -1,113 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH session-keyring 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -session-keyring \- session shared process keyring -.SH DESCRIPTION -The session keyring is a keyring used to anchor keys on behalf of a process. -It is typically created by -.BR pam_keyinit (8) -when a user logs in and a link will be added that refers to the -.BR user\-keyring (7). -Optionally, -.BR PAM (7) -may revoke the session keyring on logout. -(In typical configurations, PAM does do this revocation.) -The session keyring has the name (description) -.IR _ses . -.P -A special serial number value, -.BR KEY_SPEC_SESSION_KEYRING , -is defined that can be used in lieu of the actual serial number of -the calling process's session keyring. -.P -From the -.BR keyctl (1) -utility, '\fB@s\fP' can be used instead of a numeric key ID in -much the same way. -.P -A process's session keyring is inherited across -.BR clone (2), -.BR fork (2), -and -.BR vfork (2). -The session keyring -is preserved across -.BR execve (2), -even when the executable is set-user-ID or set-group-ID or has capabilities. -The session keyring is destroyed when the last process that -refers to it exits. -.P -If a process doesn't have a session keyring when it is accessed, then, -under certain circumstances, the -.BR user\-session\-keyring (7) -will be attached as the session keyring -and under others a new session keyring will be created. -(See -.BR user\-session\-keyring (7) -for further details.) -.SS Special operations -The -.I keyutils -library provides the following special operations for manipulating -session keyrings: -.TP -.BR keyctl_join_session_keyring (3) -This operation allows the caller to change the session keyring -that it subscribes to. -The caller can join an existing keyring with a specified name (description), -create a new keyring with a given name, -or ask the kernel to create a new "anonymous" -session keyring with the name "_ses". -(This function is an interface to the -.BR keyctl (2) -.B KEYCTL_JOIN_SESSION_KEYRING -operation.) -.TP -.BR keyctl_session_to_parent (3) -This operation allows the caller to make the parent process's -session keyring to the same as its own. -For this to succeed, the parent process must have -identical security attributes and must be single threaded. -(This function is an interface to the -.BR keyctl (2) -.B KEYCTL_SESSION_TO_PARENT -operation.) -.P -These operations are also exposed through the -.BR keyctl (1) -utility as: -.P -.in +4n -.EX -keyctl session -keyctl session \- [ ...] -keyctl session [ ...] -.EE -.in -.P -and: -.P -.in +4n -.EX -keyctl new_session -.EE -.in -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR keyctl (3), -.BR keyctl_join_session_keyring (3), -.BR keyctl_session_to_parent (3), -.BR keyrings (7), -.BR PAM (7), -.BR persistent\-keyring (7), -.BR process\-keyring (7), -.BR thread\-keyring (7), -.BR user\-keyring (7), -.BR user\-session\-keyring (7), -.BR pam_keyinit (8) diff --git a/man7/shm_overview.7 b/man7/shm_overview.7 deleted file mode 100644 index a049e4c..0000000 --- a/man7/shm_overview.7 +++ /dev/null @@ -1,104 +0,0 @@ -.\" Copyright (C) 2008, Linux Foundation, written by Michael Kerrisk -.\" -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH shm_overview 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -shm_overview \- overview of POSIX shared memory -.SH DESCRIPTION -The POSIX shared memory API allows processes to communicate information -by sharing a region of memory. -.P -The interfaces employed in the API are: -.TP 15 -.BR shm_open (3) -Create and open a new object, or open an existing object. -This is analogous to -.BR open (2). -The call returns a file descriptor for use by the other -interfaces listed below. -.TP -.BR ftruncate (2) -Set the size of the shared memory object. -(A newly created shared memory object has a length of zero.) -.TP -.BR mmap (2) -Map the shared memory object into the virtual address space -of the calling process. -.TP -.BR munmap (2) -Unmap the shared memory object from the virtual address space -of the calling process. -.TP -.BR shm_unlink (3) -Remove a shared memory object name. -.TP -.BR close (2) -Close the file descriptor allocated by -.BR shm_open (3) -when it is no longer needed. -.TP -.BR fstat (2) -Obtain a -.I stat -structure that describes the shared memory object. -Among the information returned by this call are the object's -size -.RI ( st_size ), -permissions -.RI ( st_mode ), -owner -.RI ( st_uid ), -and group -.RI ( st_gid ). -.TP -.BR fchown (2) -To change the ownership of a shared memory object. -.TP -.BR fchmod (2) -To change the permissions of a shared memory object. -.SS Versions -POSIX shared memory is supported since Linux 2.4 and glibc 2.2. -.SS Persistence -POSIX shared memory objects have kernel persistence: -a shared memory object will exist until the system is shut down, -or until all processes have unmapped the object and it has been deleted with -.BR shm_unlink (3) -.SS Linking -Programs using the POSIX shared memory API must be compiled with -.I cc \-lrt -to link against the real-time library, -.IR librt . -.SS Accessing shared memory objects via the filesystem -On Linux, shared memory objects are created in a -.RB ( tmpfs (5)) -virtual filesystem, normally mounted under -.IR /dev/shm . -Since Linux 2.6.19, Linux supports the use of access control lists (ACLs) -to control the permissions of objects in the virtual filesystem. -.SH NOTES -Typically, processes must synchronize their access to a shared -memory object, using, for example, POSIX semaphores. -.P -System V shared memory -.RB ( shmget (2), -.BR shmop (2), -etc.) is an older shared memory API. -POSIX shared memory provides a simpler, and better designed interface; -on the other hand POSIX shared memory is somewhat less widely available -(especially on older systems) than System V shared memory. -.SH SEE ALSO -.BR fchmod (2), -.BR fchown (2), -.BR fstat (2), -.BR ftruncate (2), -.BR memfd_create (2), -.BR mmap (2), -.BR mprotect (2), -.BR munmap (2), -.BR shmget (2), -.BR shmop (2), -.BR shm_open (3), -.BR shm_unlink (3), -.BR sem_overview (7) diff --git a/man7/sigevent.7 b/man7/sigevent.7 deleted file mode 100644 index b43f1bb..0000000 --- a/man7/sigevent.7 +++ /dev/null @@ -1 +0,0 @@ -.so man3type/sigevent.3type diff --git a/man7/signal-safety.7 b/man7/signal-safety.7 deleted file mode 100644 index d307dda..0000000 --- a/man7/signal-safety.7 +++ /dev/null @@ -1,341 +0,0 @@ -'\" t -.\" Copyright (c) 2016 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH signal-safety 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -signal-safety \- async-signal-safe functions -.SH DESCRIPTION -An -.I async-signal-safe -function is one that can be safely called from within a signal handler. -Many functions are -.I not -async-signal-safe. -In particular, -nonreentrant functions are generally unsafe to call from a signal handler. -.P -The kinds of issues that render a function -unsafe can be quickly understood when one considers -the implementation of the -.I stdio -library, all of whose functions are not async-signal-safe. -.P -When performing buffered I/O on a file, the -.I stdio -functions must maintain a statically allocated data buffer -along with associated counters and indexes (or pointers) -that record the amount of data and the current position in the buffer. -Suppose that the main program is in the middle of a call to a -.I stdio -function such as -.BR printf (3) -where the buffer and associated variables have been partially updated. -If, at that moment, -the program is interrupted by a signal handler that also calls -.BR printf (3), -then the second call to -.BR printf (3) -will operate on inconsistent data, with unpredictable results. -.P -To avoid problems with unsafe functions, there are two possible choices: -.IP (a) 5 -Ensure that -(1) the signal handler calls only async-signal-safe functions, -and -(2) the signal handler itself is reentrant -with respect to global variables in the main program. -.IP (b) -Block signal delivery in the main program when calling functions -that are unsafe or operating on global data that is also accessed -by the signal handler. -.P -Generally, the second choice is difficult in programs of any complexity, -so the first choice is taken. -.P -POSIX.1 specifies a set of functions that an implementation -must make async-signal-safe. -(An implementation may provide safe implementations of additional functions, -but this is not required by the standard and other implementations -may not provide the same guarantees.) -.P -In general, a function is async-signal-safe either because it is reentrant -or because it is atomic with respect to signals -(i.e., its execution can't be interrupted by a signal handler). -.P -The set of functions required to be async-signal-safe by POSIX.1 -is shown in the following table. -The functions not otherwise noted were required to be async-signal-safe -in POSIX.1-2001; -the table details changes in the subsequent standards. -.P -.TS -lb lb -l l. -Function Notes -\fBabort\fP(3) Added in POSIX.1-2001 TC1 -\fBaccept\fP(2) -\fBaccess\fP(2) -\fBaio_error\fP(3) -\fBaio_return\fP(3) -\fBaio_suspend\fP(3) See notes below -\fBalarm\fP(2) -\fBbind\fP(2) -\fBcfgetispeed\fP(3) -\fBcfgetospeed\fP(3) -\fBcfsetispeed\fP(3) -\fBcfsetospeed\fP(3) -\fBchdir\fP(2) -\fBchmod\fP(2) -\fBchown\fP(2) -\fBclock_gettime\fP(2) -\fBclose\fP(2) -\fBconnect\fP(2) -\fBcreat\fP(2) -\fBdup\fP(2) -\fBdup2\fP(2) -\fBexecl\fP(3) T{ -Added in POSIX.1-2008; see notes below -T} -\fBexecle\fP(3) See notes below -\fBexecv\fP(3) Added in POSIX.1-2008 -\fBexecve\fP(2) -\fB_exit\fP(2) -\fB_Exit\fP(2) -\fBfaccessat\fP(2) Added in POSIX.1-2008 -\fBfchdir\fP(2) Added in POSIX.1-2008 TC1 -\fBfchmod\fP(2) -\fBfchmodat\fP(2) Added in POSIX.1-2008 -\fBfchown\fP(2) -\fBfchownat\fP(2) Added in POSIX.1-2008 -\fBfcntl\fP(2) -\fBfdatasync\fP(2) -\fBfexecve\fP(3) Added in POSIX.1-2008 -\fBffs\fP(3) Added in POSIX.1-2008 TC2 -\fBfork\fP(2) See notes below -\fBfstat\fP(2) -\fBfstatat\fP(2) Added in POSIX.1-2008 -\fBfsync\fP(2) -\fBftruncate\fP(2) -\fBfutimens\fP(3) Added in POSIX.1-2008 -\fBgetegid\fP(2) -\fBgeteuid\fP(2) -\fBgetgid\fP(2) -\fBgetgroups\fP(2) -\fBgetpeername\fP(2) -\fBgetpgrp\fP(2) -\fBgetpid\fP(2) -\fBgetppid\fP(2) -\fBgetsockname\fP(2) -\fBgetsockopt\fP(2) -\fBgetuid\fP(2) -\fBhtonl\fP(3) Added in POSIX.1-2008 TC2 -\fBhtons\fP(3) Added in POSIX.1-2008 TC2 -\fBkill\fP(2) -\fBlink\fP(2) -\fBlinkat\fP(2) Added in POSIX.1-2008 -\fBlisten\fP(2) -\fBlongjmp\fP(3) T{ -Added in POSIX.1-2008 TC2; see notes below -T} -\fBlseek\fP(2) -\fBlstat\fP(2) -\fBmemccpy\fP(3) Added in POSIX.1-2008 TC2 -\fBmemchr\fP(3) Added in POSIX.1-2008 TC2 -\fBmemcmp\fP(3) Added in POSIX.1-2008 TC2 -\fBmemcpy\fP(3) Added in POSIX.1-2008 TC2 -\fBmemmove\fP(3) Added in POSIX.1-2008 TC2 -\fBmemset\fP(3) Added in POSIX.1-2008 TC2 -\fBmkdir\fP(2) -\fBmkdirat\fP(2) Added in POSIX.1-2008 -\fBmkfifo\fP(3) -\fBmkfifoat\fP(3) Added in POSIX.1-2008 -\fBmknod\fP(2) Added in POSIX.1-2008 -\fBmknodat\fP(2) Added in POSIX.1-2008 -\fBntohl\fP(3) Added in POSIX.1-2008 TC2 -\fBntohs\fP(3) Added in POSIX.1-2008 TC2 -\fBopen\fP(2) -\fBopenat\fP(2) Added in POSIX.1-2008 -\fBpause\fP(2) -\fBpipe\fP(2) -\fBpoll\fP(2) -\fBposix_trace_event\fP(3) -\fBpselect\fP(2) -\fBpthread_kill\fP(3) Added in POSIX.1-2008 TC1 -\fBpthread_self\fP(3) Added in POSIX.1-2008 TC1 -\fBpthread_sigmask\fP(3) Added in POSIX.1-2008 TC1 -\fBraise\fP(3) -\fBread\fP(2) -\fBreadlink\fP(2) -\fBreadlinkat\fP(2) Added in POSIX.1-2008 -\fBrecv\fP(2) -\fBrecvfrom\fP(2) -\fBrecvmsg\fP(2) -\fBrename\fP(2) -\fBrenameat\fP(2) Added in POSIX.1-2008 -\fBrmdir\fP(2) -\fBselect\fP(2) -\fBsem_post\fP(3) -\fBsend\fP(2) -\fBsendmsg\fP(2) -\fBsendto\fP(2) -\fBsetgid\fP(2) -\fBsetpgid\fP(2) -\fBsetsid\fP(2) -\fBsetsockopt\fP(2) -\fBsetuid\fP(2) -\fBshutdown\fP(2) -\fBsigaction\fP(2) -\fBsigaddset\fP(3) -\fBsigdelset\fP(3) -\fBsigemptyset\fP(3) -\fBsigfillset\fP(3) -\fBsigismember\fP(3) -\fBsiglongjmp\fP(3) T{ -Added in POSIX.1-2008 TC2; see notes below -T} -\fBsignal\fP(2) -\fBsigpause\fP(3) -\fBsigpending\fP(2) -\fBsigprocmask\fP(2) -\fBsigqueue\fP(2) -\fBsigset\fP(3) -\fBsigsuspend\fP(2) -\fBsleep\fP(3) -\fBsockatmark\fP(3) Added in POSIX.1-2001 TC2 -\fBsocket\fP(2) -\fBsocketpair\fP(2) -\fBstat\fP(2) -\fBstpcpy\fP(3) Added in POSIX.1-2008 TC2 -\fBstpncpy\fP(3) Added in POSIX.1-2008 TC2 -\fBstrcat\fP(3) Added in POSIX.1-2008 TC2 -\fBstrchr\fP(3) Added in POSIX.1-2008 TC2 -\fBstrcmp\fP(3) Added in POSIX.1-2008 TC2 -\fBstrcpy\fP(3) Added in POSIX.1-2008 TC2 -\fBstrcspn\fP(3) Added in POSIX.1-2008 TC2 -\fBstrlen\fP(3) Added in POSIX.1-2008 TC2 -\fBstrncat\fP(3) Added in POSIX.1-2008 TC2 -\fBstrncmp\fP(3) Added in POSIX.1-2008 TC2 -\fBstrncpy\fP(3) Added in POSIX.1-2008 TC2 -\fBstrnlen\fP(3) Added in POSIX.1-2008 TC2 -\fBstrpbrk\fP(3) Added in POSIX.1-2008 TC2 -\fBstrrchr\fP(3) Added in POSIX.1-2008 TC2 -\fBstrspn\fP(3) Added in POSIX.1-2008 TC2 -\fBstrstr\fP(3) Added in POSIX.1-2008 TC2 -\fBstrtok_r\fP(3) Added in POSIX.1-2008 TC2 -\fBsymlink\fP(2) -\fBsymlinkat\fP(2) Added in POSIX.1-2008 -\fBtcdrain\fP(3) -\fBtcflow\fP(3) -\fBtcflush\fP(3) -\fBtcgetattr\fP(3) -\fBtcgetpgrp\fP(3) -\fBtcsendbreak\fP(3) -\fBtcsetattr\fP(3) -\fBtcsetpgrp\fP(3) -\fBtime\fP(2) -\fBtimer_getoverrun\fP(2) -\fBtimer_gettime\fP(2) -\fBtimer_settime\fP(2) -\fBtimes\fP(2) -\fBumask\fP(2) -\fBuname\fP(2) -\fBunlink\fP(2) -\fBunlinkat\fP(2) Added in POSIX.1-2008 -\fButime\fP(2) -\fButimensat\fP(2) Added in POSIX.1-2008 -\fButimes\fP(2) Added in POSIX.1-2008 -\fBwait\fP(2) -\fBwaitpid\fP(2) -\fBwcpcpy\fP(3) Added in POSIX.1-2008 TC2 -\fBwcpncpy\fP(3) Added in POSIX.1-2008 TC2 -\fBwcscat\fP(3) Added in POSIX.1-2008 TC2 -\fBwcschr\fP(3) Added in POSIX.1-2008 TC2 -\fBwcscmp\fP(3) Added in POSIX.1-2008 TC2 -\fBwcscpy\fP(3) Added in POSIX.1-2008 TC2 -\fBwcscspn\fP(3) Added in POSIX.1-2008 TC2 -\fBwcslen\fP(3) Added in POSIX.1-2008 TC2 -\fBwcsncat\fP(3) Added in POSIX.1-2008 TC2 -\fBwcsncmp\fP(3) Added in POSIX.1-2008 TC2 -\fBwcsncpy\fP(3) Added in POSIX.1-2008 TC2 -\fBwcsnlen\fP(3) Added in POSIX.1-2008 TC2 -\fBwcspbrk\fP(3) Added in POSIX.1-2008 TC2 -\fBwcsrchr\fP(3) Added in POSIX.1-2008 TC2 -\fBwcsspn\fP(3) Added in POSIX.1-2008 TC2 -\fBwcsstr\fP(3) Added in POSIX.1-2008 TC2 -\fBwcstok\fP(3) Added in POSIX.1-2008 TC2 -\fBwmemchr\fP(3) Added in POSIX.1-2008 TC2 -\fBwmemcmp\fP(3) Added in POSIX.1-2008 TC2 -\fBwmemcpy\fP(3) Added in POSIX.1-2008 TC2 -\fBwmemmove\fP(3) Added in POSIX.1-2008 TC2 -\fBwmemset\fP(3) Added in POSIX.1-2008 TC2 -\fBwrite\fP(2) -.TE -.P -Notes: -.IP \[bu] 3 -POSIX.1-2001 and POSIX.1-2001 TC2 required the functions -.BR fpathconf (3), -.BR pathconf (3), -and -.BR sysconf (3) -to be async-signal-safe, but this requirement was removed in POSIX.1-2008. -.IP \[bu] -If a signal handler interrupts the execution of an unsafe function, -and the handler terminates via a call to -.BR longjmp (3) -or -.BR siglongjmp (3) -and the program subsequently calls an unsafe function, -then the behavior of the program is undefined. -.IP \[bu] -POSIX.1-2001 TC1 clarified -that if an application calls -.BR fork (2) -from a signal handler and any of the fork handlers registered by -.BR pthread_atfork (3) -calls a function that is not async-signal-safe, the behavior is undefined. -A future revision of the standard -.\" http://www.opengroup.org/austin/aardvark/latest/xshbug3.txt -is likely to remove -.BR fork (2) -from the list of async-signal-safe functions. -.\" -.IP \[bu] -Asynchronous signal handlers that call functions which are cancelation -points and nest over regions of deferred cancelation may trigger -cancelation whose behavior is as if asynchronous cancelation had -occurred and may cause application state to become inconsistent. -.\" -.SS errno -Fetching and setting the value of -.I errno -is async-signal-safe provided that the signal handler saves -.I errno -on entry and restores its value before returning. -.\" -.SS Deviations in the GNU C library -The following known deviations from the standard occur in -the GNU C library: -.IP \[bu] 3 -Before glibc 2.24, -.BR execl (3) -and -.BR execle (3) -employed -.BR realloc (3) -internally and were consequently not async-signal-safe. -.\" https://sourceware.org/bugzilla/show_bug.cgi?id=19534 -This was fixed in glibc 2.24. -.IP \[bu] -.\" FIXME . https://sourceware.org/bugzilla/show_bug.cgi?id=13172 -The glibc implementation of -.BR aio_suspend (3) -is not async-signal-safe because it uses -.BR pthread_mutex_lock (3) -internally. -.SH SEE ALSO -.BR sigaction (2), -.BR signal (7), -.BR standards (7) diff --git a/man7/signal.7 b/man7/signal.7 deleted file mode 100644 index 39281e5..0000000 --- a/man7/signal.7 +++ /dev/null @@ -1,1019 +0,0 @@ -'\" t -.\" Copyright (c) 1993 by Thomas Koenig (ig25@rz.uni-karlsruhe.de) -.\" and Copyright (c) 2002, 2006, 2020 by Michael Kerrisk -.\" and Copyright (c) 2008 Linux Foundation, written by Michael Kerrisk -.\" -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" Modified Sat Jul 24 17:34:08 1993 by Rik Faith (faith@cs.unc.edu) -.\" Modified Sun Jan 7 01:41:27 1996 by Andries Brouwer (aeb@cwi.nl) -.\" Modified Sun Apr 14 12:02:29 1996 by Andries Brouwer (aeb@cwi.nl) -.\" Modified Sat Nov 13 16:28:23 1999 by Andries Brouwer (aeb@cwi.nl) -.\" Modified 10 Apr 2002, by Michael Kerrisk -.\" Modified 7 Jun 2002, by Michael Kerrisk -.\" Added information on real-time signals -.\" Modified 13 Jun 2002, by Michael Kerrisk -.\" Noted that SIGSTKFLT is in fact unused -.\" 2004-12-03, Modified mtk, added notes on RLIMIT_SIGPENDING -.\" 2006-04-24, mtk, Added text on changing signal dispositions, -.\" signal mask, and pending signals. -.\" 2008-07-04, mtk: -.\" Added section on system call restarting (SA_RESTART) -.\" Added section on stop/cont signals interrupting syscalls. -.\" 2008-10-05, mtk: various additions -.\" -.TH signal 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -signal \- overview of signals -.SH DESCRIPTION -Linux supports both POSIX reliable signals (hereinafter -"standard signals") and POSIX real-time signals. -.SS Signal dispositions -Each signal has a current -.IR disposition , -which determines how the process behaves when it is delivered -the signal. -.P -The entries in the "Action" column of the table below specify -the default disposition for each signal, as follows: -.TP -Term -Default action is to terminate the process. -.TP -Ign -Default action is to ignore the signal. -.TP -Core -Default action is to terminate the process and dump core (see -.BR core (5)). -.TP -Stop -Default action is to stop the process. -.TP -Cont -Default action is to continue the process if it is currently stopped. -.P -A process can change the disposition of a signal using -.BR sigaction (2) -or -.BR signal (2). -(The latter is less portable when establishing a signal handler; -see -.BR signal (2) -for details.) -Using these system calls, a process can elect one of the -following behaviors to occur on delivery of the signal: -perform the default action; ignore the signal; -or catch the signal with a -.IR "signal handler" , -a programmer-defined function that is automatically invoked -when the signal is delivered. -.P -By default, a signal handler is invoked on the -normal process stack. -It is possible to arrange that the signal handler -uses an alternate stack; see -.BR sigaltstack (2) -for a discussion of how to do this and when it might be useful. -.P -The signal disposition is a per-process attribute: -in a multithreaded application, the disposition of a -particular signal is the same for all threads. -.P -A child created via -.BR fork (2) -inherits a copy of its parent's signal dispositions. -During an -.BR execve (2), -the dispositions of handled signals are reset to the default; -the dispositions of ignored signals are left unchanged. -.SS Sending a signal -The following system calls and library functions allow -the caller to send a signal: -.TP -.BR raise (3) -Sends a signal to the calling thread. -.TP -.BR kill (2) -Sends a signal to a specified process, -to all members of a specified process group, -or to all processes on the system. -.TP -.BR pidfd_send_signal (2) -Sends a signal to a process identified by a PID file descriptor. -.TP -.BR killpg (3) -Sends a signal to all of the members of a specified process group. -.TP -.BR pthread_kill (3) -Sends a signal to a specified POSIX thread in the same process as -the caller. -.TP -.BR tgkill (2) -Sends a signal to a specified thread within a specific process. -(This is the system call used to implement -.BR pthread_kill (3).) -.TP -.BR sigqueue (3) -Sends a real-time signal with accompanying data to a specified process. -.SS Waiting for a signal to be caught -The following system calls suspend execution of the calling -thread until a signal is caught -(or an unhandled signal terminates the process): -.TP -.BR pause (2) -Suspends execution until any signal is caught. -.TP -.BR sigsuspend (2) -Temporarily changes the signal mask (see below) and suspends -execution until one of the unmasked signals is caught. -.\" -.SS Synchronously accepting a signal -Rather than asynchronously catching a signal via a signal handler, -it is possible to synchronously accept the signal, that is, -to block execution until the signal is delivered, -at which point the kernel returns information about the -signal to the caller. -There are two general ways to do this: -.IP \[bu] 3 -.BR sigwaitinfo (2), -.BR sigtimedwait (2), -and -.BR sigwait (3) -suspend execution until one of the signals in a specified -set is delivered. -Each of these calls returns information about the delivered signal. -.IP \[bu] -.BR signalfd (2) -returns a file descriptor that can be used to read information -about signals that are delivered to the caller. -Each -.BR read (2) -from this file descriptor blocks until one of the signals -in the set specified in the -.BR signalfd (2) -call is delivered to the caller. -The buffer returned by -.BR read (2) -contains a structure describing the signal. -.SS Signal mask and pending signals -A signal may be -.IR blocked , -which means that it will not be delivered until it is later unblocked. -Between the time when it is generated and when it is delivered -a signal is said to be -.IR pending . -.P -Each thread in a process has an independent -.IR "signal mask" , -which indicates the set of signals that the thread is currently blocking. -A thread can manipulate its signal mask using -.BR pthread_sigmask (3). -In a traditional single-threaded application, -.BR sigprocmask (2) -can be used to manipulate the signal mask. -.P -A child created via -.BR fork (2) -inherits a copy of its parent's signal mask; -the signal mask is preserved across -.BR execve (2). -.P -A signal may be process-directed or thread-directed. -A process-directed signal is one that is targeted at (and thus pending for) -the process as a whole. -A signal may be process-directed -because it was generated by the kernel for reasons -other than a hardware exception, or because it was sent using -.BR kill (2) -or -.BR sigqueue (3). -A thread-directed signal is one that is targeted at a specific thread. -A signal may be thread-directed because it was generated as a consequence -of executing a specific machine-language instruction -that triggered a hardware exception (e.g., -.B SIGSEGV -for an invalid memory access, or -.B SIGFPE -for a math error), or because it was -targeted at a specific thread using -interfaces such as -.BR tgkill (2) -or -.BR pthread_kill (3). -.P -A process-directed signal may be delivered to any one of the -threads that does not currently have the signal blocked. -.\" Joseph C. Sible notes: -.\" On Linux, if the main thread has the signal unblocked, then the kernel -.\" will always deliver the signal there, citing this kernel code -.\" -.\" Per this comment in kernel/signal.c since time immemorial: -.\" -.\" /* -.\" * Now find a thread we can wake up to take the signal off the queue. -.\" * -.\" * If the main thread wants the signal, it gets first crack. -.\" * Probably the least surprising to the average bear. -.\" */ -.\" -.\" But this does not mean the signal will be delivered only in the -.\" main thread, since if a handler is already executing in the main thread -.\" (and thus the signal is blocked in that thread), then a further -.\" might be delivered in a different thread. -.\" -If more than one of the threads has the signal unblocked, then the -kernel chooses an arbitrary thread to which to deliver the signal. -.P -A thread can obtain the set of signals that it currently has pending -using -.BR sigpending (2). -This set will consist of the union of the set of pending -process-directed signals and the set of signals pending for -the calling thread. -.P -A child created via -.BR fork (2) -initially has an empty pending signal set; -the pending signal set is preserved across an -.BR execve (2). -.\" -.SS Execution of signal handlers -Whenever there is a transition from kernel-mode to user-mode execution -(e.g., on return from a system call or scheduling of a thread onto the CPU), -the kernel checks whether there is a pending unblocked signal -for which the process has established a signal handler. -If there is such a pending signal, the following steps occur: -.IP (1) 5 -The kernel performs the necessary preparatory steps for execution of -the signal handler: -.RS -.IP (1.1) 7 -The signal is removed from the set of pending signals. -.IP (1.2) -If the signal handler was installed by a call to -.BR sigaction (2) -that specified the -.B SA_ONSTACK -flag and the thread has defined an alternate signal stack (using -.BR sigaltstack (2)), -then that stack is installed. -.IP (1.3) -Various pieces of signal-related context are saved -into a special frame that is created on the stack. -The saved information includes: -.RS -.IP \[bu] 3 -the program counter register -(i.e., the address of the next instruction in the main program that -should be executed when the signal handler returns); -.IP \[bu] -architecture-specific register state required for resuming the -interrupted program; -.IP \[bu] -the thread's current signal mask; -.IP \[bu] -the thread's alternate signal stack settings. -.RE -.IP -(If the signal handler was installed using the -.BR sigaction (2) -.B SA_SIGINFO -flag, then the above information is accessible via the -.I ucontext_t -object that is pointed to by the third argument of the signal handler.) -.IP (1.4) -Any signals specified in -.I act\->sa_mask -when registering the handler with -.BR sigprocmask (2) -are added to the thread's signal mask. -The signal being delivered is also -added to the signal mask, unless -.B SA_NODEFER -was specified when registering the handler. -These signals are thus blocked while the handler executes. -.RE -.IP (2) -The kernel constructs a frame for the signal handler on the stack. -The kernel sets the program counter for the thread to point to the first -instruction of the signal handler function, -and configures the return address for that function to point to a piece -of user-space code known as the signal trampoline (described in -.BR sigreturn (2)). -.IP (3) -The kernel passes control back to user-space, where execution -commences at the start of the signal handler function. -.IP (4) -When the signal handler returns, control passes to the signal trampoline code. -.IP (5) -The signal trampoline calls -.BR sigreturn (2), -a system call that uses the information in the stack frame created in step 1 -to restore the thread to its state before the signal handler was -called. -The thread's signal mask and alternate signal stack settings -are restored as part of this procedure. -Upon completion of the call to -.BR sigreturn (2), -the kernel transfers control back to user space, -and the thread recommences execution at the point where it was -interrupted by the signal handler. -.P -Note that if the signal handler does not return -(e.g., control is transferred out of the handler using -.BR siglongjmp (3), -or the handler executes a new program with -.BR execve (2)), -then the final step is not performed. -In particular, in such scenarios it is the programmer's responsibility -to restore the state of the signal mask (using -.BR sigprocmask (2)), -if it is desired to unblock the signals that were blocked on entry -to the signal handler. -(Note that -.BR siglongjmp (3) -may or may not restore the signal mask, depending on the -.I savesigs -value that was specified in the corresponding call to -.BR sigsetjmp (3).) -.P -From the kernel's point of view, -execution of the signal handler code is exactly the same as the execution -of any other user-space code. -That is to say, the kernel does not record any special state information -indicating that the thread is currently executing inside a signal handler. -All necessary state information is maintained in user-space registers -and the user-space stack. -The depth to which nested signal handlers may be invoked is thus -limited only by the user-space stack (and sensible software design!). -.\" -.SS Standard signals -Linux supports the standard signals listed below. -The second column of the table indicates which standard (if any) -specified the signal: "P1990" indicates that the signal is described -in the original POSIX.1-1990 standard; -"P2001" indicates that the signal was added in SUSv2 and POSIX.1-2001. -.TS -l c c l -____ -lB c c l. -Signal Standard Action Comment -SIGABRT P1990 Core Abort signal from \fBabort\fP(3) -SIGALRM P1990 Term Timer signal from \fBalarm\fP(2) -SIGBUS P2001 Core Bus error (bad memory access) -SIGCHLD P1990 Ign Child stopped or terminated -SIGCLD \- Ign A synonym for \fBSIGCHLD\fP -SIGCONT P1990 Cont Continue if stopped -SIGEMT \- Term Emulator trap -SIGFPE P1990 Core Floating-point exception -SIGHUP P1990 Term Hangup detected on controlling terminal - or death of controlling process -SIGILL P1990 Core Illegal Instruction -SIGINFO \- A synonym for \fBSIGPWR\fP -SIGINT P1990 Term Interrupt from keyboard -SIGIO \- Term I/O now possible (4.2BSD) -SIGIOT \- Core IOT trap. A synonym for \fBSIGABRT\fP -SIGKILL P1990 Term Kill signal -SIGLOST \- Term File lock lost (unused) -SIGPIPE P1990 Term Broken pipe: write to pipe with no - readers; see \fBpipe\fP(7) -SIGPOLL P2001 Term Pollable event (Sys V); - synonym for \fBSIGIO\fP -SIGPROF P2001 Term Profiling timer expired -SIGPWR \- Term Power failure (System V) -SIGQUIT P1990 Core Quit from keyboard -SIGSEGV P1990 Core Invalid memory reference -SIGSTKFLT \- Term Stack fault on coprocessor (unused) -SIGSTOP P1990 Stop Stop process -SIGTSTP P1990 Stop Stop typed at terminal -SIGSYS P2001 Core Bad system call (SVr4); - see also \fBseccomp\fP(2) -SIGTERM P1990 Term Termination signal -SIGTRAP P2001 Core Trace/breakpoint trap -SIGTTIN P1990 Stop Terminal input for background process -SIGTTOU P1990 Stop Terminal output for background process -SIGUNUSED \- Core Synonymous with \fBSIGSYS\fP -SIGURG P2001 Ign Urgent condition on socket (4.2BSD) -SIGUSR1 P1990 Term User-defined signal 1 -SIGUSR2 P1990 Term User-defined signal 2 -SIGVTALRM P2001 Term Virtual alarm clock (4.2BSD) -SIGXCPU P2001 Core CPU time limit exceeded (4.2BSD); - see \fBsetrlimit\fP(2) -SIGXFSZ P2001 Core File size limit exceeded (4.2BSD); - see \fBsetrlimit\fP(2) -SIGWINCH \- Ign Window resize signal (4.3BSD, Sun) -.TE -.P -The signals -.B SIGKILL -and -.B SIGSTOP -cannot be caught, blocked, or ignored. -.P -Up to and including Linux 2.2, the default behavior for -.BR SIGSYS ", " SIGXCPU ", " SIGXFSZ , -and (on architectures other than SPARC and MIPS) -.B SIGBUS -was to terminate the process (without a core dump). -(On some other UNIX systems the default action for -.BR SIGXCPU " and " SIGXFSZ -is to terminate the process without a core dump.) -Linux 2.4 conforms to the POSIX.1-2001 requirements for these signals, -terminating the process with a core dump. -.P -.B SIGEMT -is not specified in POSIX.1-2001, but nevertheless appears -on most other UNIX systems, -where its default action is typically to terminate -the process with a core dump. -.P -.B SIGPWR -(which is not specified in POSIX.1-2001) is typically ignored -by default on those other UNIX systems where it appears. -.P -.B SIGIO -(which is not specified in POSIX.1-2001) is ignored by default -on several other UNIX systems. -.\" -.SS Queueing and delivery semantics for standard signals -If multiple standard signals are pending for a process, -the order in which the signals are delivered is unspecified. -.P -Standard signals do not queue. -If multiple instances of a standard signal are generated while -that signal is blocked, -then only one instance of the signal is marked as pending -(and the signal will be delivered just once when it is unblocked). -In the case where a standard signal is already pending, the -.I siginfo_t -structure (see -.BR sigaction (2)) -associated with that signal is not overwritten -on arrival of subsequent instances of the same signal. -Thus, the process will receive the information -associated with the first instance of the signal. -.\" -.SS Signal numbering for standard signals -The numeric value for each signal is given in the table below. -As shown in the table, many signals have different numeric values -on different architectures. -The first numeric value in each table row shows the signal number -on x86, ARM, and most other architectures; -the second value is for Alpha and SPARC; the third is for MIPS; -and the last is for PARISC. -A dash (\-) denotes that a signal is absent on the corresponding architecture. -.TS -l c c c c l -l c c c c l -______ -lB c c c c l. -Signal x86/ARM Alpha/ MIPS PARISC Notes - most others SPARC -SIGHUP \01 \01 \01 \01 -SIGINT \02 \02 \02 \02 -SIGQUIT \03 \03 \03 \03 -SIGILL \04 \04 \04 \04 -SIGTRAP \05 \05 \05 \05 -SIGABRT \06 \06 \06 \06 -SIGIOT \06 \06 \06 \06 -SIGBUS \07 10 10 10 -SIGEMT \- \07 \07 - -SIGFPE \08 \08 \08 \08 -SIGKILL \09 \09 \09 \09 -SIGUSR1 10 30 16 16 -SIGSEGV 11 11 11 11 -SIGUSR2 12 31 17 17 -SIGPIPE 13 13 13 13 -SIGALRM 14 14 14 14 -SIGTERM 15 15 15 15 -SIGSTKFLT 16 \- \- \07 -SIGCHLD 17 20 18 18 -SIGCLD \- \- 18 \- -SIGCONT 18 19 25 26 -SIGSTOP 19 17 23 24 -SIGTSTP 20 18 24 25 -SIGTTIN 21 21 26 27 -SIGTTOU 22 22 27 28 -SIGURG 23 16 21 29 -SIGXCPU 24 24 30 12 -SIGXFSZ 25 25 31 30 -SIGVTALRM 26 26 28 20 -SIGPROF 27 27 29 21 -SIGWINCH 28 28 20 23 -SIGIO 29 23 22 22 -SIGPOLL Same as SIGIO -SIGPWR 30 29/\- 19 19 -SIGINFO \- 29/\- \- \- -SIGLOST \- \-/29 \- \- -SIGSYS 31 12 12 31 -SIGUNUSED 31 \- \- 31 -.TE -.P -Note the following: -.IP \[bu] 3 -Where defined, -.B SIGUNUSED -is synonymous with -.BR SIGSYS . -Since glibc 2.26, -.B SIGUNUSED -is no longer defined on any architecture. -.IP \[bu] -Signal 29 is -.BR SIGINFO / SIGPWR -(synonyms for the same value) on Alpha but -.B SIGLOST -on SPARC. -.\" -.SS Real-time signals -Starting with Linux 2.2, -Linux supports real-time signals as originally defined in the POSIX.1b -real-time extensions (and now included in POSIX.1-2001). -The range of supported real-time signals is defined by the macros -.B SIGRTMIN -and -.BR SIGRTMAX . -POSIX.1-2001 requires that an implementation support at least -.B _POSIX_RTSIG_MAX -(8) real-time signals. -.P -The Linux kernel supports a range of 33 different real-time -signals, numbered 32 to 64. -However, the glibc POSIX threads implementation internally uses -two (for NPTL) or three (for LinuxThreads) real-time signals -(see -.BR pthreads (7)), -and adjusts the value of -.B SIGRTMIN -suitably (to 34 or 35). -Because the range of available real-time signals varies according -to the glibc threading implementation (and this variation can occur -at run time according to the available kernel and glibc), -and indeed the range of real-time signals varies across UNIX systems, -programs should -.IR "never refer to real-time signals using hard-coded numbers" , -but instead should always refer to real-time signals using the notation -.BR SIGRTMIN +n, -and include suitable (run-time) checks that -.BR SIGRTMIN +n -does not exceed -.BR SIGRTMAX . -.P -Unlike standard signals, real-time signals have no predefined meanings: -the entire set of real-time signals can be used for application-defined -purposes. -.P -The default action for an unhandled real-time signal is to terminate the -receiving process. -.P -Real-time signals are distinguished by the following: -.IP \[bu] 3 -Multiple instances of real-time signals can be queued. -By contrast, if multiple instances of a standard signal are delivered -while that signal is currently blocked, then only one instance is queued. -.IP \[bu] -If the signal is sent using -.BR sigqueue (3), -an accompanying value (either an integer or a pointer) can be sent -with the signal. -If the receiving process establishes a handler for this signal using the -.B SA_SIGINFO -flag to -.BR sigaction (2), -then it can obtain this data via the -.I si_value -field of the -.I siginfo_t -structure passed as the second argument to the handler. -Furthermore, the -.I si_pid -and -.I si_uid -fields of this structure can be used to obtain the PID -and real user ID of the process sending the signal. -.IP \[bu] -Real-time signals are delivered in a guaranteed order. -Multiple real-time signals of the same type are delivered in the order -they were sent. -If different real-time signals are sent to a process, they are delivered -starting with the lowest-numbered signal. -(I.e., low-numbered signals have highest priority.) -By contrast, if multiple standard signals are pending for a process, -the order in which they are delivered is unspecified. -.P -If both standard and real-time signals are pending for a process, -POSIX leaves it unspecified which is delivered first. -Linux, like many other implementations, gives priority -to standard signals in this case. -.P -According to POSIX, an implementation should permit at least -.B _POSIX_SIGQUEUE_MAX -(32) real-time signals to be queued to -a process. -However, Linux does things differently. -Up to and including Linux 2.6.7, Linux imposes -a system-wide limit on the number of queued real-time signals -for all processes. -This limit can be viewed and (with privilege) changed via the -.I /proc/sys/kernel/rtsig\-max -file. -A related file, -.IR /proc/sys/kernel/rtsig\-nr , -can be used to find out how many real-time signals are currently queued. -In Linux 2.6.8, these -.I /proc -interfaces were replaced by the -.B RLIMIT_SIGPENDING -resource limit, which specifies a per-user limit for queued -signals; see -.BR setrlimit (2) -for further details. -.P -The addition of real-time signals required the widening -of the signal set structure -.RI ( sigset_t ) -from 32 to 64 bits. -Consequently, various system calls were superseded by new system calls -that supported the larger signal sets. -The old and new system calls are as follows: -.TS -lb lb -l l. -Linux 2.0 and earlier Linux 2.2 and later -\fBsigaction\fP(2) \fBrt_sigaction\fP(2) -\fBsigpending\fP(2) \fBrt_sigpending\fP(2) -\fBsigprocmask\fP(2) \fBrt_sigprocmask\fP(2) -\fBsigreturn\fP(2) \fBrt_sigreturn\fP(2) -\fBsigsuspend\fP(2) \fBrt_sigsuspend\fP(2) -\fBsigtimedwait\fP(2) \fBrt_sigtimedwait\fP(2) -.TE -.\" -.SS Interruption of system calls and library functions by signal handlers -If a signal handler is invoked while a system call or library -function call is blocked, then either: -.IP \[bu] 3 -the call is automatically restarted after the signal handler returns; or -.IP \[bu] -the call fails with the error -.BR EINTR . -.P -Which of these two behaviors occurs depends on the interface and -whether or not the signal handler was established using the -.B SA_RESTART -flag (see -.BR sigaction (2)). -The details vary across UNIX systems; -below, the details for Linux. -.P -If a blocked call to one of the following interfaces is interrupted -by a signal handler, then the call is automatically restarted -after the signal handler returns if the -.B SA_RESTART -flag was used; otherwise the call fails with the error -.BR EINTR : -.\" The following system calls use ERESTARTSYS, -.\" so that they are restartable -.IP \[bu] 3 -.BR read (2), -.BR readv (2), -.BR write (2), -.BR writev (2), -and -.BR ioctl (2) -calls on "slow" devices. -A "slow" device is one where the I/O call may block for an -indefinite time, for example, a terminal, pipe, or socket. -If an I/O call on a slow device has already transferred some -data by the time it is interrupted by a signal handler, -then the call will return a success status -(normally, the number of bytes transferred). -Note that a (local) disk is not a slow device according to this definition; -I/O operations on disk devices are not interrupted by signals. -.IP \[bu] -.BR open (2), -if it can block (e.g., when opening a FIFO; see -.BR fifo (7)). -.IP \[bu] -.BR wait (2), -.BR wait3 (2), -.BR wait4 (2), -.BR waitid (2), -and -.BR waitpid (2). -.IP \[bu] -Socket interfaces: -.\" If a timeout (setsockopt()) is in effect on the socket, then these -.\" system calls switch to using EINTR. Consequently, they and are not -.\" automatically restarted, and they show the stop/cont behavior -.\" described below. (Verified from Linux 2.6.26 source, and by experiment; mtk) -.BR accept (2), -.BR connect (2), -.BR recv (2), -.BR recvfrom (2), -.BR recvmmsg (2), -.BR recvmsg (2), -.BR send (2), -.BR sendto (2), -and -.BR sendmsg (2), -.\" FIXME What about sendmmsg()? -unless a timeout has been set on the socket (see below). -.IP \[bu] -File locking interfaces: -.BR flock (2) -and -the -.B F_SETLKW -and -.B F_OFD_SETLKW -operations of -.BR fcntl (2) -.IP \[bu] -POSIX message queue interfaces: -.BR mq_receive (3), -.BR mq_timedreceive (3), -.BR mq_send (3), -and -.BR mq_timedsend (3). -.IP \[bu] -.BR futex (2) -.B FUTEX_WAIT -(since Linux 2.6.22; -.\" commit 72c1bbf308c75a136803d2d76d0e18258be14c7a -beforehand, always failed with -.BR EINTR ). -.IP \[bu] -.BR getrandom (2). -.IP \[bu] -.BR pthread_mutex_lock (3), -.BR pthread_cond_wait (3), -and related APIs. -.IP \[bu] -.BR futex (2) -.BR FUTEX_WAIT_BITSET . -.IP \[bu] -POSIX semaphore interfaces: -.BR sem_wait (3) -and -.BR sem_timedwait (3) -(since Linux 2.6.22; -.\" as a consequence of the 2.6.22 changes in the futex() implementation -beforehand, always failed with -.BR EINTR ). -.IP \[bu] -.BR read (2) -from an -.BR inotify (7) -file descriptor -(since Linux 3.8; -.\" commit 1ca39ab9d21ac93f94b9e3eb364ea9a5cf2aba06 -beforehand, always failed with -.BR EINTR ). -.P -The following interfaces are never restarted after -being interrupted by a signal handler, -regardless of the use of -.BR SA_RESTART ; -they always fail with the error -.B EINTR -when interrupted by a signal handler: -.\" These are the system calls that give EINTR or ERESTARTNOHAND -.\" on interruption by a signal handler. -.IP \[bu] 3 -"Input" socket interfaces, when a timeout -.RB ( SO_RCVTIMEO ) -has been set on the socket using -.BR setsockopt (2): -.BR accept (2), -.BR recv (2), -.BR recvfrom (2), -.BR recvmmsg (2) -(also with a non-NULL -.I timeout -argument), -and -.BR recvmsg (2). -.IP \[bu] -"Output" socket interfaces, when a timeout -.RB ( SO_RCVTIMEO ) -has been set on the socket using -.BR setsockopt (2): -.BR connect (2), -.BR send (2), -.BR sendto (2), -and -.BR sendmsg (2). -.\" FIXME What about sendmmsg()? -.IP \[bu] -Interfaces used to wait for signals: -.BR pause (2), -.BR sigsuspend (2), -.BR sigtimedwait (2), -and -.BR sigwaitinfo (2). -.IP \[bu] -File descriptor multiplexing interfaces: -.BR epoll_wait (2), -.BR epoll_pwait (2), -.BR poll (2), -.BR ppoll (2), -.BR select (2), -and -.BR pselect (2). -.IP \[bu] -System V IPC interfaces: -.\" On some other systems, SA_RESTART does restart these system calls -.BR msgrcv (2), -.BR msgsnd (2), -.BR semop (2), -and -.BR semtimedop (2). -.IP \[bu] -Sleep interfaces: -.BR clock_nanosleep (2), -.BR nanosleep (2), -and -.BR usleep (3). -.IP \[bu] -.BR io_getevents (2). -.P -The -.BR sleep (3) -function is also never restarted if interrupted by a handler, -but gives a success return: the number of seconds remaining to sleep. -.P -In certain circumstances, the -.BR seccomp (2) -user-space notification feature can lead to restarting of system calls -that would otherwise never be restarted by -.BR SA_RESTART ; -for details, see -.BR seccomp_unotify (2). -.\" -.SS Interruption of system calls and library functions by stop signals -On Linux, even in the absence of signal handlers, -certain blocking interfaces can fail with the error -.B EINTR -after the process is stopped by one of the stop signals -and then resumed via -.BR SIGCONT . -This behavior is not sanctioned by POSIX.1, and doesn't occur -on other systems. -.P -The Linux interfaces that display this behavior are: -.IP \[bu] 3 -"Input" socket interfaces, when a timeout -.RB ( SO_RCVTIMEO ) -has been set on the socket using -.BR setsockopt (2): -.BR accept (2), -.BR recv (2), -.BR recvfrom (2), -.BR recvmmsg (2) -(also with a non-NULL -.I timeout -argument), -and -.BR recvmsg (2). -.IP \[bu] -"Output" socket interfaces, when a timeout -.RB ( SO_RCVTIMEO ) -has been set on the socket using -.BR setsockopt (2): -.BR connect (2), -.BR send (2), -.BR sendto (2), -and -.\" FIXME What about sendmmsg()? -.BR sendmsg (2), -if a send timeout -.RB ( SO_SNDTIMEO ) -has been set. -.IP \[bu] -.BR epoll_wait (2), -.BR epoll_pwait (2). -.IP \[bu] -.BR semop (2), -.BR semtimedop (2). -.IP \[bu] -.BR sigtimedwait (2), -.BR sigwaitinfo (2). -.IP \[bu] -Linux 3.7 and earlier: -.BR read (2) -from an -.BR inotify (7) -file descriptor -.\" commit 1ca39ab9d21ac93f94b9e3eb364ea9a5cf2aba06 -.IP \[bu] -Linux 2.6.21 and earlier: -.BR futex (2) -.BR FUTEX_WAIT , -.BR sem_timedwait (3), -.BR sem_wait (3). -.IP \[bu] -Linux 2.6.8 and earlier: -.BR msgrcv (2), -.BR msgsnd (2). -.IP \[bu] -Linux 2.4 and earlier: -.BR nanosleep (2). -.SH STANDARDS -POSIX.1, except as noted. -.SH NOTES -For a discussion of async-signal-safe functions, see -.BR signal\-safety (7). -.P -The -.IR /proc/ pid /task/ tid /status -file contains various fields that show the signals -that a thread is blocking -.RI ( SigBlk ), -catching -.RI ( SigCgt ), -or ignoring -.RI ( SigIgn ). -(The set of signals that are caught or ignored will be the same -across all threads in a process.) -Other fields show the set of pending signals that are directed to the thread -.RI ( SigPnd ) -as well as the set of pending signals that are directed -to the process as a whole -.RI ( ShdPnd ). -The corresponding fields in -.IR /proc/ pid /status -show the information for the main thread. -See -.BR proc (5) -for further details. -.SH BUGS -There are six signals that can be delivered -as a consequence of a hardware exception: -.BR SIGBUS , -.BR SIGEMT , -.BR SIGFPE , -.BR SIGILL , -.BR SIGSEGV , -and -.BR SIGTRAP . -Which of these signals is delivered, -for any given hardware exception, -is not documented and does not always make sense. -.P -For example, an invalid memory access that causes delivery of -.B SIGSEGV -on one CPU architecture may cause delivery of -.B SIGBUS -on another architecture, or vice versa. -.P -For another example, using the x86 -.I int -instruction with a forbidden argument -(any number other than 3 or 128) -causes delivery of -.BR SIGSEGV , -even though -.B SIGILL -would make more sense, -because of how the CPU reports the forbidden operation to the kernel. -.SH SEE ALSO -.BR kill (1), -.BR clone (2), -.BR getrlimit (2), -.BR kill (2), -.BR pidfd_send_signal (2), -.BR restart_syscall (2), -.BR rt_sigqueueinfo (2), -.BR setitimer (2), -.BR setrlimit (2), -.BR sgetmask (2), -.BR sigaction (2), -.BR sigaltstack (2), -.BR signal (2), -.BR signalfd (2), -.BR sigpending (2), -.BR sigprocmask (2), -.BR sigreturn (2), -.BR sigsuspend (2), -.BR sigwaitinfo (2), -.BR abort (3), -.BR bsd_signal (3), -.BR killpg (3), -.BR longjmp (3), -.BR pthread_sigqueue (3), -.BR raise (3), -.BR sigqueue (3), -.BR sigset (3), -.BR sigsetops (3), -.BR sigvec (3), -.BR sigwait (3), -.BR strsignal (3), -.BR swapcontext (3), -.BR sysv_signal (3), -.BR core (5), -.BR proc (5), -.BR nptl (7), -.BR pthreads (7), -.BR sigevent (3type) diff --git a/man7/sock_diag.7 b/man7/sock_diag.7 deleted file mode 100644 index 3da3b4a..0000000 --- a/man7/sock_diag.7 +++ /dev/null @@ -1,825 +0,0 @@ -.\" Copyright (c) 2016 Pavel Emelyanov -.\" Copyright (c) 2016 Dmitry V. Levin -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.TH sock_diag 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -sock_diag \- obtaining information about sockets -.SH SYNOPSIS -.nf -.B #include -.B #include -.BR "#include " " /* for UNIX domain sockets */" -.BR "#include " " /* for IPv4 and IPv6 sockets */" -.P -.BI "diag_socket = socket(AF_NETLINK, " socket_type ", NETLINK_SOCK_DIAG);" -.fi -.SH DESCRIPTION -The sock_diag netlink subsystem provides a mechanism for obtaining -information about sockets of various address families from the kernel. -This subsystem can be used to obtain information about individual -sockets or request a list of sockets. -.P -In the request, the caller can specify additional information it would -like to obtain about the socket, for example, memory information or -information specific to the address family. -.P -When requesting a list of sockets, the caller can specify filters that -would be applied by the kernel to select a subset of sockets to report. -For now, there is only the ability to filter sockets by state (connected, -listening, and so on.) -.P -Note that sock_diag reports only those sockets that have a name; -that is, either sockets bound explicitly with -.BR bind (2) -or sockets that were automatically bound to an address (e.g., by -.BR connect (2)). -This is the same set of sockets that is available via -.IR /proc/net/unix , -.IR /proc/net/tcp , -.IR /proc/net/udp , -and so on. -.\" -.SS Request -The request starts with a -.I "struct nlmsghdr" -header described in -.BR netlink (7) -with -.I nlmsg_type -field set to -.BR SOCK_DIAG_BY_FAMILY . -It is followed by a header specific to the address family that starts with -a common part shared by all address families: -.P -.in +4n -.EX -struct sock_diag_req { - __u8 sdiag_family; - __u8 sdiag_protocol; -}; -.EE -.in -.P -The fields of this structure are as follows: -.TP -.I sdiag_family -An address family. -It should be set to the appropriate -.B AF_* -constant. -.TP -.I sdiag_protocol -Depends on -.IR sdiag_family . -It should be set to the appropriate -.B IPPROTO_* -constant for -.B AF_INET -and -.BR AF_INET6 , -and to 0 otherwise. -.P -If the -.I nlmsg_flags -field of the -.I "struct nlmsghdr" -header has the -.B NLM_F_DUMP -flag set, it means that a list of sockets is being requested; -otherwise it is a query about an individual socket. -.\" -.SS Response -The response starts with a -.I "struct nlmsghdr" -header and is followed by an array of objects specific to the address family. -The array is to be accessed with the standard -.B NLMSG_* -macros from the -.BR netlink (3) -API. -.P -Each object is the NLA (netlink attributes) list that is to be accessed -with the -.B RTA_* -macros from -.BR rtnetlink (3) -API. -.\" -.SS UNIX domain sockets -For UNIX domain sockets the request is represented in the following structure: -.P -.in +4n -.EX -struct unix_diag_req { - __u8 sdiag_family; - __u8 sdiag_protocol; - __u16 pad; - __u32 udiag_states; - __u32 udiag_ino; - __u32 udiag_show; - __u32 udiag_cookie[2]; -}; -.EE -.in -.P -The fields of this structure are as follows: -.TP -.I sdiag_family -The address family; it should be set to -.BR AF_UNIX . -.P -.I sdiag_protocol -.PD 0 -.TP -.PD -.I pad -These fields should be set to 0. -.TP -.I udiag_states -This is a bit mask that defines a filter of sockets states. -Only those sockets whose states are in this mask will be reported. -Ignored when querying for an individual socket. -Supported values are: -.P -.RS 12 -1 << -.B TCP_ESTABLISHED -.P -1 << -.B TCP_LISTEN -.RE -.TP -.I udiag_ino -This is an inode number when querying for an individual socket. -Ignored when querying for a list of sockets. -.TP -.I udiag_show -This is a set of flags defining what kind of information to report. -Each requested kind of information is reported back as a netlink -attribute as described below: -.RS -.TP -.B UDIAG_SHOW_NAME -The attribute reported in answer to this request is -.BR UNIX_DIAG_NAME . -The payload associated with this attribute is the pathname to which -the socket was bound (a sequence of bytes up to -.B UNIX_PATH_MAX -length). -.TP -.B UDIAG_SHOW_VFS -The attribute reported in answer to this request is -.BR UNIX_DIAG_VFS . -The payload associated with this attribute is represented in the following -structure: -.IP -.in +4n -.EX -struct unix_diag_vfs { - __u32 udiag_vfs_dev; - __u32 udiag_vfs_ino; -}; -.EE -.in -.IP -The fields of this structure are as follows: -.RS -.TP -.I udiag_vfs_dev -The device number of the corresponding on-disk socket inode. -.TP -.I udiag_vfs_ino -The inode number of the corresponding on-disk socket inode. -.RE -.TP -.B UDIAG_SHOW_PEER -The attribute reported in answer to this request is -.BR UNIX_DIAG_PEER . -The payload associated with this attribute is a __u32 value -which is the peer's inode number. -This attribute is reported for connected sockets only. -.TP -.B UDIAG_SHOW_ICONS -The attribute reported in answer to this request is -.BR UNIX_DIAG_ICONS . -The payload associated with this attribute is an array of __u32 values -which are inode numbers of sockets that has passed the -.BR connect (2) -call, but hasn't been processed with -.BR accept (2) -yet. -This attribute is reported for listening sockets only. -.TP -.B UDIAG_SHOW_RQLEN -The attribute reported in answer to this request is -.BR UNIX_DIAG_RQLEN . -The payload associated with this attribute is represented in the following -structure: -.IP -.in +4n -.EX -struct unix_diag_rqlen { - __u32 udiag_rqueue; - __u32 udiag_wqueue; -}; -.EE -.in -.IP -The fields of this structure are as follows: -.RS -.TP -.I udiag_rqueue -For listening sockets: -the number of pending connections. -The length of the array associated with the -.B UNIX_DIAG_ICONS -response attribute is equal to this value. -.IP -For established sockets: -the amount of data in incoming queue. -.TP -.I udiag_wqueue -For listening sockets: -the backlog length which equals to the value passed as the second argument to -.BR listen (2). -.IP -For established sockets: -the amount of memory available for sending. -.RE -.TP -.B UDIAG_SHOW_MEMINFO -The attribute reported in answer to this request is -.BR UNIX_DIAG_MEMINFO . -The payload associated with this attribute is an array of __u32 values -described below in the subsection "Socket memory information". -.P -The following attributes are reported back without any specific request: -.TP -.B UNIX_DIAG_SHUTDOWN -The payload associated with this attribute is __u8 value which represents -bits of -.BR shutdown (2) -state. -.RE -.TP -.I udiag_cookie -This is an array of opaque identifiers that could be used along with -.I udiag_ino -to specify an individual socket. -It is ignored when querying for a list -of sockets, as well as when all its elements are set to \-1. -.P -The response to a query for UNIX domain sockets is represented as an array of -.P -.in +4n -.EX -struct unix_diag_msg { - __u8 udiag_family; - __u8 udiag_type; - __u8 udiag_state; - __u8 pad; - __u32 udiag_ino; - __u32 udiag_cookie[2]; -}; -.EE -.in -.P -followed by netlink attributes. -.P -The fields of this structure are as follows: -.TP -.I udiag_family -This field has the same meaning as in -.IR "struct unix_diag_req" . -.TP -.I udiag_type -This is set to one of -.BR SOCK_PACKET , -.BR SOCK_STREAM , -or -.BR SOCK_SEQPACKET . -.TP -.I udiag_state -This is set to one of -.B TCP_LISTEN -or -.BR TCP_ESTABLISHED . -.TP -.I pad -This field is set to 0. -.TP -.I udiag_ino -This is the socket inode number. -.TP -.I udiag_cookie -This is an array of opaque identifiers that could be used in subsequent -queries. -.\" -.SS IPv4 and IPv6 sockets -For IPv4 and IPv6 sockets, -the request is represented in the following structure: -.P -.in +4n -.EX -struct inet_diag_req_v2 { - __u8 sdiag_family; - __u8 sdiag_protocol; - __u8 idiag_ext; - __u8 pad; - __u32 idiag_states; - struct inet_diag_sockid id; -}; -.EE -.in -.P -where -.I "struct inet_diag_sockid" -is defined as follows: -.P -.in +4n -.EX -struct inet_diag_sockid { - __be16 idiag_sport; - __be16 idiag_dport; - __be32 idiag_src[4]; - __be32 idiag_dst[4]; - __u32 idiag_if; - __u32 idiag_cookie[2]; -}; -.EE -.in -.P -The fields of -.I "struct inet_diag_req_v2" -are as follows: -.TP -.I sdiag_family -This should be set to either -.B AF_INET -or -.B AF_INET6 -for IPv4 or IPv6 sockets respectively. -.TP -.I sdiag_protocol -This should be set to one of -.BR IPPROTO_TCP , -.BR IPPROTO_UDP , -or -.BR IPPROTO_UDPLITE . -.TP -.I idiag_ext -This is a set of flags defining what kind of extended information to report. -Each requested kind of information is reported back as a netlink attribute -as described below: -.RS -.TP -.B INET_DIAG_TOS -The payload associated with this attribute is a __u8 value -which is the TOS of the socket. -.TP -.B INET_DIAG_TCLASS -The payload associated with this attribute is a __u8 value -which is the TClass of the socket. -IPv6 sockets only. -For LISTEN and CLOSE sockets, this is followed by -.B INET_DIAG_SKV6ONLY -attribute with associated __u8 payload value meaning whether the socket -is IPv6-only or not. -.TP -.B INET_DIAG_MEMINFO -The payload associated with this attribute is represented in the following -structure: -.IP -.in +4n -.EX -struct inet_diag_meminfo { - __u32 idiag_rmem; - __u32 idiag_wmem; - __u32 idiag_fmem; - __u32 idiag_tmem; -}; -.EE -.in -.IP -The fields of this structure are as follows: -.RS -.TP 12 -.I idiag_rmem -The amount of data in the receive queue. -.TP -.I idiag_wmem -The amount of data that is queued by TCP but not yet sent. -.TP -.I idiag_fmem -The amount of memory scheduled for future use (TCP only). -.TP -.I idiag_tmem -The amount of data in send queue. -.RE -.TP -.B INET_DIAG_SKMEMINFO -The payload associated with this attribute is an array of __u32 values -described below in the subsection "Socket memory information". -.TP -.B INET_DIAG_INFO -The payload associated with this attribute is specific to the address family. -For TCP sockets, it is an object of type -.IR "struct tcp_info" . -.TP -.B INET_DIAG_CONG -The payload associated with this attribute is a string that describes the -congestion control algorithm used. -For TCP sockets only. -.RE -.TP -.I pad -This should be set to 0. -.TP -.I idiag_states -This is a bit mask that defines a filter of socket states. -Only those sockets whose states are in this mask will be reported. -Ignored when querying for an individual socket. -.TP -.I id -This is a socket ID object that is used in dump requests, in queries -about individual sockets, and is reported back in each response. -Unlike UNIX domain sockets, IPv4 and IPv6 sockets are identified -using addresses and ports. -All values are in network byte order. -.P -The fields of -.I "struct inet_diag_sockid" -are as follows: -.TP -.I idiag_sport -The source port. -.TP -.I idiag_dport -The destination port. -.TP -.I idiag_src -The source address. -.TP -.I idiag_dst -The destination address. -.TP -.I idiag_if -The interface number the socket is bound to. -.TP -.I idiag_cookie -This is an array of opaque identifiers that could be used along with -other fields of this structure to specify an individual socket. -It is ignored when querying for a list of sockets, as well as -when all its elements are set to \-1. -.P -The response to a query for IPv4 or IPv6 sockets is represented as an array of -.P -.in +4n -.EX -struct inet_diag_msg { - __u8 idiag_family; - __u8 idiag_state; - __u8 idiag_timer; - __u8 idiag_retrans; -\& - struct inet_diag_sockid id; -\& - __u32 idiag_expires; - __u32 idiag_rqueue; - __u32 idiag_wqueue; - __u32 idiag_uid; - __u32 idiag_inode; -}; -.EE -.in -.P -followed by netlink attributes. -.P -The fields of this structure are as follows: -.TP -.I idiag_family -This is the same field as in -.IR "struct inet_diag_req_v2" . -.TP -.I idiag_state -This denotes socket state as in -.IR "struct inet_diag_req_v2" . -.TP -.I idiag_timer -For TCP sockets, this field describes the type of timer that is currently -active for the socket. -It is set to one of the following constants: -.IP -.PD 0 -.RS 12 -.TP -.B 0 -no timer is active -.TP -.B 1 -a retransmit timer -.TP -.B 2 -a keep-alive timer -.TP -.B 3 -a TIME_WAIT timer -.TP -.B 4 -a zero window probe timer -.RE -.PD -.IP -For non-TCP sockets, this field is set to 0. -.TP -.I idiag_retrans -For -.I idiag_timer -values 1, 2, and 4, this field contains the number of retransmits. -For other -.I idiag_timer -values, this field is set to 0. -.TP -.I idiag_expires -For TCP sockets that have an active timer, this field describes its expiration -time in milliseconds. -For other sockets, this field is set to 0. -.TP -.I idiag_rqueue -For listening sockets: -the number of pending connections. -.IP -For other sockets: -the amount of data in the incoming queue. -.TP -.I idiag_wqueue -For listening sockets: -the backlog length. -.IP -For other sockets: -the amount of memory available for sending. -.TP -.I idiag_uid -This is the socket owner UID. -.TP -.I idiag_inode -This is the socket inode number. -.\" -.SS Socket memory information -The payload associated with -.B UNIX_DIAG_MEMINFO -and -.B INET_DIAG_SKMEMINFO -netlink attributes is an array of the following __u32 values: -.TP -.B SK_MEMINFO_RMEM_ALLOC -The amount of data in receive queue. -.TP -.B SK_MEMINFO_RCVBUF -The receive socket buffer as set by -.BR SO_RCVBUF . -.TP -.B SK_MEMINFO_WMEM_ALLOC -The amount of data in send queue. -.TP -.B SK_MEMINFO_SNDBUF -The send socket buffer as set by -.BR SO_SNDBUF . -.TP -.B SK_MEMINFO_FWD_ALLOC -The amount of memory scheduled for future use (TCP only). -.TP -.B SK_MEMINFO_WMEM_QUEUED -The amount of data queued by TCP, but not yet sent. -.TP -.B SK_MEMINFO_OPTMEM -The amount of memory allocated for the socket's service needs (e.g., socket -filter). -.TP -.B SK_MEMINFO_BACKLOG -The amount of packets in the backlog (not yet processed). -.SH VERSIONS -.B NETLINK_INET_DIAG -was introduced in Linux 2.6.14 and supported -.B AF_INET -and -.B AF_INET6 -sockets only. -In Linux 3.3, it was renamed to -.B NETLINK_SOCK_DIAG -and extended to support -.B AF_UNIX -sockets. -.P -.B UNIX_DIAG_MEMINFO -and -.B INET_DIAG_SKMEMINFO -were introduced in Linux 3.6. -.SH STANDARDS -Linux. -.SH EXAMPLES -The following example program prints inode number, peer's inode number, -and name of all UNIX domain sockets in the current namespace. -.P -.EX -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -\& -static int -send_query(int fd) -{ - struct sockaddr_nl nladdr = { - .nl_family = AF_NETLINK - }; - struct - { - struct nlmsghdr nlh; - struct unix_diag_req udr; - } req = { - .nlh = { - .nlmsg_len = sizeof(req), - .nlmsg_type = SOCK_DIAG_BY_FAMILY, - .nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP - }, - .udr = { - .sdiag_family = AF_UNIX, - .udiag_states = \-1, - .udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER - } - }; - struct iovec iov = { - .iov_base = &req, - .iov_len = sizeof(req) - }; - struct msghdr msg = { - .msg_name = &nladdr, - .msg_namelen = sizeof(nladdr), - .msg_iov = &iov, - .msg_iovlen = 1 - }; -\& - for (;;) { - if (sendmsg(fd, &msg, 0) < 0) { - if (errno == EINTR) - continue; -\& - perror("sendmsg"); - return \-1; - } -\& - return 0; - } -} -\& -static int -print_diag(const struct unix_diag_msg *diag, unsigned int len) -{ - if (len < NLMSG_LENGTH(sizeof(*diag))) { - fputs("short response\en", stderr); - return \-1; - } - if (diag\->udiag_family != AF_UNIX) { - fprintf(stderr, "unexpected family %u\en", diag\->udiag_family); - return \-1; - } -\& - unsigned int rta_len = len \- NLMSG_LENGTH(sizeof(*diag)); - unsigned int peer = 0; - size_t path_len = 0; - char path[sizeof(((struct sockaddr_un *) 0)\->sun_path) + 1]; -\& - for (struct rtattr *attr = (struct rtattr *) (diag + 1); - RTA_OK(attr, rta_len); attr = RTA_NEXT(attr, rta_len)) { - switch (attr\->rta_type) { - case UNIX_DIAG_NAME: - if (!path_len) { - path_len = RTA_PAYLOAD(attr); - if (path_len > sizeof(path) \- 1) - path_len = sizeof(path) \- 1; - memcpy(path, RTA_DATA(attr), path_len); - path[path_len] = \[aq]\e0\[aq]; - } - break; -\& - case UNIX_DIAG_PEER: - if (RTA_PAYLOAD(attr) >= sizeof(peer)) - peer = *(unsigned int *) RTA_DATA(attr); - break; - } - } -\& - printf("inode=%u", diag\->udiag_ino); -\& - if (peer) - printf(", peer=%u", peer); -\& - if (path_len) - printf(", name=%s%s", *path ? "" : "@", - *path ? path : path + 1); -\& - putchar(\[aq]\en\[aq]); - return 0; -} -\& -static int -receive_responses(int fd) -{ - long buf[8192 / sizeof(long)]; - struct sockaddr_nl nladdr; - struct iovec iov = { - .iov_base = buf, - .iov_len = sizeof(buf) - }; - int flags = 0; -\& - for (;;) { - struct msghdr msg = { - .msg_name = &nladdr, - .msg_namelen = sizeof(nladdr), - .msg_iov = &iov, - .msg_iovlen = 1 - }; -\& - ssize_t ret = recvmsg(fd, &msg, flags); -\& - if (ret < 0) { - if (errno == EINTR) - continue; -\& - perror("recvmsg"); - return \-1; - } - if (ret == 0) - return 0; -\& - if (nladdr.nl_family != AF_NETLINK) { - fputs("!AF_NETLINK\en", stderr); - return \-1; - } -\& - const struct nlmsghdr *h = (struct nlmsghdr *) buf; -\& - if (!NLMSG_OK(h, ret)) { - fputs("!NLMSG_OK\en", stderr); - return \-1; - } -\& - for (; NLMSG_OK(h, ret); h = NLMSG_NEXT(h, ret)) { - if (h\->nlmsg_type == NLMSG_DONE) - return 0; -\& - if (h\->nlmsg_type == NLMSG_ERROR) { - const struct nlmsgerr *err = NLMSG_DATA(h); -\& - if (h\->nlmsg_len < NLMSG_LENGTH(sizeof(*err))) { - fputs("NLMSG_ERROR\en", stderr); - } else { - errno = \-err\->error; - perror("NLMSG_ERROR"); - } -\& - return \-1; - } -\& - if (h\->nlmsg_type != SOCK_DIAG_BY_FAMILY) { - fprintf(stderr, "unexpected nlmsg_type %u\en", - (unsigned) h\->nlmsg_type); - return \-1; - } -\& - if (print_diag(NLMSG_DATA(h), h\->nlmsg_len)) - return \-1; - } - } -} -\& -int -main(void) -{ - int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG); -\& - if (fd < 0) { - perror("socket"); - return 1; - } -\& - int ret = send_query(fd) || receive_responses(fd); -\& - close(fd); - return ret; -} -.EE -.SH SEE ALSO -.BR netlink (3), -.BR rtnetlink (3), -.BR netlink (7), -.BR tcp (7) diff --git a/man7/socket.7 b/man7/socket.7 deleted file mode 100644 index 619139e..0000000 --- a/man7/socket.7 +++ /dev/null @@ -1,1274 +0,0 @@ -'\" t -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" and copyright (c) 1999 Matthew Wilcox. -.\" -.\" 2002-10-30, Michael Kerrisk, -.\" Added description of SO_ACCEPTCONN -.\" 2004-05-20, aeb, added SO_RCVTIMEO/SO_SNDTIMEO text. -.\" Modified, 27 May 2004, Michael Kerrisk -.\" Added notes on capability requirements -.\" A few small grammar fixes -.\" 2010-06-13 Jan Engelhardt -.\" Documented SO_DOMAIN and SO_PROTOCOL. -.\" -.\" FIXME -.\" The following are not yet documented: -.\" -.\" SO_PEERNAME (2.4?) -.\" get only -.\" Seems to do something similar to getpeername(), but then -.\" why is it necessary / how does it differ? -.\" -.\" SO_TIMESTAMPING (2.6.30) -.\" Documentation/networking/timestamping.txt -.\" commit cb9eff097831007afb30d64373f29d99825d0068 -.\" Author: Patrick Ohly -.\" -.\" SO_WIFI_STATUS (3.3) -.\" commit 6e3e939f3b1bf8534b32ad09ff199d88800835a0 -.\" Author: Johannes Berg -.\" Also: SCM_WIFI_STATUS -.\" -.\" SO_NOFCS (3.4) -.\" commit 3bdc0eba0b8b47797f4a76e377dd8360f317450f -.\" Author: Ben Greear -.\" -.\" SO_GET_FILTER (3.8) -.\" commit a8fc92778080c845eaadc369a0ecf5699a03bef0 -.\" Author: Pavel Emelyanov -.\" -.\" SO_MAX_PACING_RATE (3.13) -.\" commit 62748f32d501f5d3712a7c372bbb92abc7c62bc7 -.\" Author: Eric Dumazet -.\" -.\" SO_BPF_EXTENSIONS (3.14) -.\" commit ea02f9411d9faa3553ed09ce0ec9f00ceae9885e -.\" Author: Michal Sekletar -.\" -.TH socket 7 2024-01-16 "Linux man-pages 6.7" -.SH NAME -socket \- Linux socket interface -.SH SYNOPSIS -.nf -.B #include -.P -.IB sockfd " = socket(int " socket_family ", int " socket_type ", int " protocol ); -.fi -.SH DESCRIPTION -This manual page describes the Linux networking socket layer user -interface. -The BSD compatible sockets -are the uniform interface -between the user process and the network protocol stacks in the kernel. -The protocol modules are grouped into -.I protocol families -such as -.BR AF_INET ", " AF_IPX ", and " AF_PACKET , -and -.I socket types -such as -.B SOCK_STREAM -or -.BR SOCK_DGRAM . -See -.BR socket (2) -for more information on families and types. -.SS Socket-layer functions -These functions are used by the user process to send or receive packets -and to do other socket operations. -For more information, see their respective manual pages. -.P -.BR socket (2) -creates a socket, -.BR connect (2) -connects a socket to a remote socket address, -the -.BR bind (2) -function binds a socket to a local socket address, -.BR listen (2) -tells the socket that new connections shall be accepted, and -.BR accept (2) -is used to get a new socket with a new incoming connection. -.BR socketpair (2) -returns two connected anonymous sockets (implemented only for a few -local families like -.BR AF_UNIX ) -.P -.BR send (2), -.BR sendto (2), -and -.BR sendmsg (2) -send data over a socket, and -.BR recv (2), -.BR recvfrom (2), -.BR recvmsg (2) -receive data from a socket. -.BR poll (2) -and -.BR select (2) -wait for arriving data or a readiness to send data. -In addition, the standard I/O operations like -.BR write (2), -.BR writev (2), -.BR sendfile (2), -.BR read (2), -and -.BR readv (2) -can be used to read and write data. -.P -.BR getsockname (2) -returns the local socket address and -.BR getpeername (2) -returns the remote socket address. -.BR getsockopt (2) -and -.BR setsockopt (2) -are used to set or get socket layer or protocol options. -.BR ioctl (2) -can be used to set or read some other options. -.P -.BR close (2) -is used to close a socket. -.BR shutdown (2) -closes parts of a full-duplex socket connection. -.P -Seeking, or calling -.BR pread (2) -or -.BR pwrite (2) -with a nonzero position is not supported on sockets. -.P -It is possible to do nonblocking I/O on sockets by setting the -.B O_NONBLOCK -flag on a socket file descriptor using -.BR fcntl (2). -Then all operations that would block will (usually) -return with -.B EAGAIN -(operation should be retried later); -.BR connect (2) -will return -.B EINPROGRESS -error. -The user can then wait for various events via -.BR poll (2) -or -.BR select (2). -.TS -tab(:) allbox; -c s s -l l lx. -I/O events -Event:Poll flag:Occurrence -Read:POLLIN:T{ -New data arrived. -T} -Read:POLLIN:T{ -A connection setup has been completed -(for connection-oriented sockets) -T} -Read:POLLHUP:T{ -A disconnection request has been initiated by the other end. -T} -Read:POLLHUP:T{ -A connection is broken (only for connection-oriented protocols). -When the socket is written -.B SIGPIPE -is also sent. -T} -Write:POLLOUT:T{ -Socket has enough send buffer space for writing new data. -T} -Read/Write:T{ -POLLIN | -.br -POLLOUT -T}:T{ -An outgoing -.BR connect (2) -finished. -T} -Read/Write:POLLERR:T{ -An asynchronous error occurred. -T} -Read/Write:POLLHUP:T{ -The other end has shut down one direction. -T} -Exception:POLLPRI:T{ -Urgent data arrived. -.B SIGURG -is sent then. -T} -.\" FIXME . The following is not true currently: -.\" It is no I/O event when the connection -.\" is broken from the local end using -.\" .BR shutdown (2) -.\" or -.\" .BR close (2). -.TE -.P -An alternative to -.BR poll (2) -and -.BR select (2) -is to let the kernel inform the application about events -via a -.B SIGIO -signal. -For that the -.B O_ASYNC -flag must be set on a socket file descriptor via -.BR fcntl (2) -and a valid signal handler for -.B SIGIO -must be installed via -.BR sigaction (2). -See the -.I Signals -discussion below. -.SS Socket address structures -Each socket domain has its own format for socket addresses, -with a domain-specific address structure. -Each of these structures begins with an -integer "family" field (typed as -.IR sa_family_t ) -that indicates the type of the address structure. -This allows -the various system calls (e.g., -.BR connect (2), -.BR bind (2), -.BR accept (2), -.BR getsockname (2), -.BR getpeername (2)), -which are generic to all socket domains, -to determine the domain of a particular socket address. -.P -To allow any type of socket address to be passed to -interfaces in the sockets API, -the type -.I struct sockaddr -is defined. -The purpose of this type is purely to allow casting of -domain-specific socket address types to a "generic" type, -so as to avoid compiler warnings about type mismatches in -calls to the sockets API. -.P -In addition, the sockets API provides the data type -.IR "struct sockaddr_storage". -This type -is suitable to accommodate all supported domain-specific socket -address structures; it is large enough and is aligned properly. -(In particular, it is large enough to hold -IPv6 socket addresses.) -The structure includes the following field, which can be used to identify -the type of socket address actually stored in the structure: -.P -.in +4n -.EX - sa_family_t ss_family; -.EE -.in -.P -The -.I sockaddr_storage -structure is useful in programs that must handle socket addresses -in a generic way -(e.g., programs that must deal with both IPv4 and IPv6 socket addresses). -.SS Socket options -The socket options listed below can be set by using -.BR setsockopt (2) -and read with -.BR getsockopt (2) -with the socket level set to -.B SOL_SOCKET -for all sockets. -Unless otherwise noted, -.I optval -is a pointer to an -.IR int . -.\" FIXME . -.\" In the list below, the text used to describe argument types -.\" for each socket option should be more consistent -.\" -.\" SO_ACCEPTCONN is in POSIX.1-2001, and its origin is explained in -.\" W R Stevens, UNPv1 -.TP -.B SO_ACCEPTCONN -Returns a value indicating whether or not this socket has been marked -to accept connections with -.BR listen (2). -The value 0 indicates that this is not a listening socket, -the value 1 indicates that this is a listening socket. -This socket option is read-only. -.TP -.BR SO_ATTACH_FILTER " (since Linux 2.2)" -.TQ -.BR SO_ATTACH_BPF " (since Linux 3.19)" -Attach a classic BPF -.RB ( SO_ATTACH_FILTER ) -or an extended BPF -.RB ( SO_ATTACH_BPF ) -program to the socket for use as a filter of incoming packets. -A packet will be dropped if the filter program returns zero. -If the filter program returns a -nonzero value which is less than the packet's data length, -the packet will be truncated to the length returned. -If the value returned by the filter is greater than or equal to the -packet's data length, the packet is allowed to proceed unmodified. -.IP -The argument for -.B SO_ATTACH_FILTER -is a -.I sock_fprog -structure, defined in -.IR : -.IP -.in +4n -.EX -struct sock_fprog { - unsigned short len; - struct sock_filter *filter; -}; -.EE -.in -.IP -The argument for -.B SO_ATTACH_BPF -is a file descriptor returned by the -.BR bpf (2) -system call and must refer to a program of type -.BR BPF_PROG_TYPE_SOCKET_FILTER . -.IP -These options may be set multiple times for a given socket, -each time replacing the previous filter program. -The classic and extended versions may be called on the same socket, -but the previous filter will always be replaced such that a socket -never has more than one filter defined. -.IP -Both classic and extended BPF are explained in the kernel source file -.I Documentation/networking/filter.txt -.TP -.B SO_ATTACH_REUSEPORT_CBPF -.TQ -.B SO_ATTACH_REUSEPORT_EBPF -For use with the -.B SO_REUSEPORT -option, these options allow the user to set a classic BPF -.RB ( SO_ATTACH_REUSEPORT_CBPF ) -or an extended BPF -.RB ( SO_ATTACH_REUSEPORT_EBPF ) -program which defines how packets are assigned to -the sockets in the reuseport group (that is, all sockets which have -.B SO_REUSEPORT -set and are using the same local address to receive packets). -.IP -The BPF program must return an index between 0 and N\-1 representing -the socket which should receive the packet -(where N is the number of sockets in the group). -If the BPF program returns an invalid index, -socket selection will fall back to the plain -.B SO_REUSEPORT -mechanism. -.IP -Sockets are numbered in the order in which they are added to the group -(that is, the order of -.BR bind (2) -calls for UDP sockets or the order of -.BR listen (2) -calls for TCP sockets). -New sockets added to a reuseport group will inherit the BPF program. -When a socket is removed from a reuseport group (via -.BR close (2)), -the last socket in the group will be moved into the closed socket's -position. -.IP -These options may be set repeatedly at any time on any socket in the group -to replace the current BPF program used by all sockets in the group. -.IP -.B SO_ATTACH_REUSEPORT_CBPF -takes the same argument type as -.B SO_ATTACH_FILTER -and -.B SO_ATTACH_REUSEPORT_EBPF -takes the same argument type as -.BR SO_ATTACH_BPF . -.IP -UDP support for this feature is available since Linux 4.5; -TCP support is available since Linux 4.6. -.TP -.B SO_BINDTODEVICE -Bind this socket to a particular device like \[lq]eth0\[rq], -as specified in the passed interface name. -If the -name is an empty string or the option length is zero, the socket device -binding is removed. -The passed option is a variable-length null-terminated -interface name string with the maximum size of -.BR IFNAMSIZ . -If a socket is bound to an interface, -only packets received from that particular interface are processed by the -socket. -Note that this works only for some socket types, particularly -.B AF_INET -sockets. -It is not supported for packet sockets (use normal -.BR bind (2) -there). -.IP -Before Linux 3.8, -this socket option could be set, but could not retrieved with -.BR getsockopt (2). -Since Linux 3.8, it is readable. -The -.I optlen -argument should contain the buffer size available -to receive the device name and is recommended to be -.B IFNAMSIZ -bytes. -The real device name length is reported back in the -.I optlen -argument. -.TP -.B SO_BROADCAST -Set or get the broadcast flag. -When enabled, datagram sockets are allowed to send -packets to a broadcast address. -This option has no effect on stream-oriented sockets. -.TP -.B SO_BSDCOMPAT -Enable BSD bug-to-bug compatibility. -This is used by the UDP protocol module in Linux 2.0 and 2.2. -If enabled, ICMP errors received for a UDP socket will not be passed -to the user program. -In later kernel versions, support for this option has been phased out: -Linux 2.4 silently ignores it, and Linux 2.6 generates a kernel warning -(printk()) if a program uses this option. -Linux 2.0 also enabled BSD bug-to-bug compatibility -options (random header changing, skipping of the broadcast flag) for raw -sockets with this option, but that was removed in Linux 2.2. -.TP -.B SO_DEBUG -Enable socket debugging. -Allowed only for processes with the -.B CAP_NET_ADMIN -capability or an effective user ID of 0. -.TP -.BR SO_DETACH_FILTER " (since Linux 2.2)" -.TQ -.BR SO_DETACH_BPF " (since Linux 3.19)" -These two options, which are synonyms, -may be used to remove the classic or extended BPF -program attached to a socket with either -.B SO_ATTACH_FILTER -or -.BR SO_ATTACH_BPF . -The option value is ignored. -.TP -.BR SO_DOMAIN " (since Linux 2.6.32)" -Retrieves the socket domain as an integer, returning a value such as -.BR AF_INET6 . -See -.BR socket (2) -for details. -This socket option is read-only. -.TP -.B SO_ERROR -Get and clear the pending socket error. -This socket option is read-only. -Expects an integer. -.TP -.B SO_DONTROUTE -Don't send via a gateway, send only to directly connected hosts. -The same effect can be achieved by setting the -.B MSG_DONTROUTE -flag on a socket -.BR send (2) -operation. -Expects an integer boolean flag. -.TP -.BR SO_INCOMING_CPU " (gettable since Linux 3.19, settable since Linux 4.4)" -.\" getsockopt 2c8c56e15df3d4c2af3d656e44feb18789f75837 -.\" setsockopt 70da268b569d32a9fddeea85dc18043de9d89f89 -Sets or gets the CPU affinity of a socket. -Expects an integer flag. -.IP -.in +4n -.EX -int cpu = 1; -setsockopt(fd, SOL_SOCKET, SO_INCOMING_CPU, &cpu, - sizeof(cpu)); -.EE -.in -.IP -Because all of the packets for a single stream -(i.e., all packets for the same 4-tuple) -arrive on the single RX queue that is associated with a particular CPU, -the typical use case is to employ one listening process per RX queue, -with the incoming flow being handled by a listener -on the same CPU that is handling the RX queue. -This provides optimal NUMA behavior and keeps CPU caches hot. -.\" -.\" From an email conversation with Eric Dumazet: -.\" >> Note that setting the option is not supported if SO_REUSEPORT is used. -.\" > -.\" > Please define "not supported". Does this yield an API diagnostic? -.\" > If so, what is it? -.\" > -.\" >> Socket will be selected from an array, either by a hash or BPF program -.\" >> that has no access to this information. -.\" > -.\" > Sorry -- I'm lost here. How does this comment relate to the proposed -.\" > man page text above? -.\" -.\" Simply that : -.\" -.\" If an application uses both SO_INCOMING_CPU and SO_REUSEPORT, then -.\" SO_REUSEPORT logic, selecting the socket to receive the packet, ignores -.\" SO_INCOMING_CPU setting. -.TP -.BR SO_INCOMING_NAPI_ID " (gettable since Linux 4.12)" -.\" getsockopt 6d4339028b350efbf87c61e6d9e113e5373545c9 -Returns a system-level unique ID called NAPI ID that is associated -with a RX queue on which the last packet associated with that -socket is received. -.IP -This can be used by an application to split the incoming flows among worker -threads based on the RX queue on which the packets associated with the -flows are received. -It allows each worker thread to be associated with -a NIC HW receive queue and service all the connection -requests received on that RX queue. -This mapping between an app thread and -a HW NIC queue streamlines the -flow of data from the NIC to the application. -.TP -.B SO_KEEPALIVE -Enable sending of keep-alive messages on connection-oriented sockets. -Expects an integer boolean flag. -.TP -.B SO_LINGER -Sets or gets the -.B SO_LINGER -option. -The argument is a -.I linger -structure. -.IP -.in +4n -.EX -struct linger { - int l_onoff; /* linger active */ - int l_linger; /* how many seconds to linger for */ -}; -.EE -.in -.IP -When enabled, a -.BR close (2) -or -.BR shutdown (2) -will not return until all queued messages for the socket have been -successfully sent or the linger timeout has been reached. -Otherwise, -the call returns immediately and the closing is done in the background. -When the socket is closed as part of -.BR exit (2), -it always lingers in the background. -.TP -.B SO_LOCK_FILTER -.\" commit d59577b6ffd313d0ab3be39cb1ab47e29bdc9182 -When set, this option will prevent -changing the filters associated with the socket. -These filters include any set using the socket options -.BR SO_ATTACH_FILTER , -.BR SO_ATTACH_BPF , -.BR SO_ATTACH_REUSEPORT_CBPF , -and -.BR SO_ATTACH_REUSEPORT_EBPF . -.IP -The typical use case is for a privileged process to set up a raw socket -(an operation that requires the -.B CAP_NET_RAW -capability), apply a restrictive filter, set the -.B SO_LOCK_FILTER -option, -and then either drop its privileges or pass the socket file descriptor -to an unprivileged process via a UNIX domain socket. -.IP -Once the -.B SO_LOCK_FILTER -option has been enabled, attempts to change or remove the filter -attached to a socket, or to disable the -.B SO_LOCK_FILTER -option will fail with the error -.BR EPERM . -.TP -.BR SO_MARK " (since Linux 2.6.25)" -.\" commit 4a19ec5800fc3bb64e2d87c4d9fdd9e636086fe0 -.\" and 914a9ab386a288d0f22252fc268ecbc048cdcbd5 -Set the mark for each packet sent through this socket -(similar to the netfilter MARK target but socket-based). -Changing the mark can be used for mark-based -routing without netfilter or for packet filtering. -Setting this option requires the -.B CAP_NET_ADMIN -or -.B CAP_NET_RAW -(since Linux 5.17) capability. -.TP -.B SO_OOBINLINE -If this option is enabled, -out-of-band data is directly placed into the receive data stream. -Otherwise, out-of-band data is passed only when the -.B MSG_OOB -flag is set during receiving. -.\" don't document it because it can do too much harm. -.\".B SO_NO_CHECK -.\" The kernel has support for the SO_NO_CHECK socket -.\" option (boolean: 0 == default, calculate checksum on xmit, -.\" 1 == do not calculate checksum on xmit). -.\" Additional note from Andi Kleen on SO_NO_CHECK (2010-08-30) -.\" On Linux UDP checksums are essentially free and there's no reason -.\" to turn them off and it would disable another safety line. -.\" That is why I didn't document the option. -.TP -.B SO_PASSCRED -Enable or disable the receiving of the -.B SCM_CREDENTIALS -control message. -For more information, see -.BR unix (7). -.TP -.B SO_PASSSEC -Enable or disable the receiving of the -.B SCM_SECURITY -control message. -For more information, see -.BR unix (7). -.TP -.BR SO_PEEK_OFF " (since Linux 3.4)" -.\" commit ef64a54f6e558155b4f149bb10666b9e914b6c54 -This option, which is currently supported only for -.BR unix (7) -sockets, sets the value of the "peek offset" for the -.BR recv (2) -system call when used with -.B MSG_PEEK -flag. -.IP -When this option is set to a negative value -(it is set to \-1 for all new sockets), -traditional behavior is provided: -.BR recv (2) -with the -.B MSG_PEEK -flag will peek data from the front of the queue. -.IP -When the option is set to a value greater than or equal to zero, -then the next peek at data queued in the socket will occur at -the byte offset specified by the option value. -At the same time, the "peek offset" will be -incremented by the number of bytes that were peeked from the queue, -so that a subsequent peek will return the next data in the queue. -.IP -If data is removed from the front of the queue via a call to -.BR recv (2) -(or similar) without the -.B MSG_PEEK -flag, the "peek offset" will be decreased by the number of bytes removed. -In other words, receiving data without the -.B MSG_PEEK -flag will cause the "peek offset" to be adjusted to maintain -the correct relative position in the queued data, -so that a subsequent peek will retrieve the data that would have been -retrieved had the data not been removed. -.IP -For datagram sockets, if the "peek offset" points to the middle of a packet, -the data returned will be marked with the -.B MSG_TRUNC -flag. -.IP -The following example serves to illustrate the use of -.BR SO_PEEK_OFF . -Suppose a stream socket has the following queued input data: -.IP -.in +4n -.EX -aabbccddeeff -.EE -.in -.IP -The following sequence of -.BR recv (2) -calls would have the effect noted in the comments: -.IP -.in +4n -.EX -int ov = 4; // Set peek offset to 4 -setsockopt(fd, SOL_SOCKET, SO_PEEK_OFF, &ov, sizeof(ov)); -\& -recv(fd, buf, 2, MSG_PEEK); // Peeks "cc"; offset set to 6 -recv(fd, buf, 2, MSG_PEEK); // Peeks "dd"; offset set to 8 -recv(fd, buf, 2, 0); // Reads "aa"; offset set to 6 -recv(fd, buf, 2, MSG_PEEK); // Peeks "ee"; offset set to 8 -.EE -.in -.TP -.B SO_PEERCRED -Return the credentials of the peer process connected to this socket. -For further details, see -.BR unix (7). -.TP -.BR SO_PEERSEC " (since Linux 2.6.2)" -Return the security context of the peer socket connected to this socket. -For further details, see -.BR unix (7) -and -.BR ip (7). -.TP -.B SO_PRIORITY -Set the protocol-defined priority for all packets to be sent on -this socket. -Linux uses this value to order the networking queues: -packets with a higher priority may be processed first depending -on the selected device queueing discipline. -.\" For -.\" .BR ip (7), -.\" this also sets the IP type-of-service (TOS) field for outgoing packets. -Setting a priority outside the range 0 to 6 requires the -.B CAP_NET_ADMIN -capability. -.TP -.BR SO_PROTOCOL " (since Linux 2.6.32)" -Retrieves the socket protocol as an integer, returning a value such as -.BR IPPROTO_SCTP . -See -.BR socket (2) -for details. -This socket option is read-only. -.TP -.B SO_RCVBUF -Sets or gets the maximum socket receive buffer in bytes. -The kernel doubles this value (to allow space for bookkeeping overhead) -when it is set using -.\" Most (all?) other implementations do not do this -- MTK, Dec 05 -.BR setsockopt (2), -and this doubled value is returned by -.BR getsockopt (2). -.\" The following thread on LMKL is quite informative: -.\" getsockopt/setsockopt with SO_RCVBUF and SO_SNDBUF "non-standard" behavior -.\" 17 July 2012 -.\" http://thread.gmane.org/gmane.linux.kernel/1328935 -The default value is set by the -.I /proc/sys/net/core/rmem_default -file, and the maximum allowed value is set by the -.I /proc/sys/net/core/rmem_max -file. -The minimum (doubled) value for this option is 256. -.TP -.BR SO_RCVBUFFORCE " (since Linux 2.6.14)" -Using this socket option, a privileged -.RB ( CAP_NET_ADMIN ) -process can perform the same task as -.BR SO_RCVBUF , -but the -.I rmem_max -limit can be overridden. -.TP -.BR SO_RCVLOWAT " and " SO_SNDLOWAT -Specify the minimum number of bytes in the buffer until the socket layer -will pass the data to the protocol -.RB ( SO_SNDLOWAT ) -or the user on receiving -.RB ( SO_RCVLOWAT ). -These two values are initialized to 1. -.B SO_SNDLOWAT -is not changeable on Linux -.RB ( setsockopt (2) -fails with the error -.BR ENOPROTOOPT ). -.B SO_RCVLOWAT -is changeable -only since Linux 2.4. -.IP -Before Linux 2.6.28 -.\" Tested on kernel 2.6.14 -- mtk, 30 Nov 05 -.BR select (2), -.BR poll (2), -and -.BR epoll (7) -did not respect the -.B SO_RCVLOWAT -setting on Linux, -and indicated a socket as readable when even a single byte of data -was available. -A subsequent read from the socket would then block until -.B SO_RCVLOWAT -bytes are available. -Since Linux 2.6.28, -.\" commit c7004482e8dcb7c3c72666395cfa98a216a4fb70 -.BR select (2), -.BR poll (2), -and -.BR epoll (7) -indicate a socket as readable only if at least -.B SO_RCVLOWAT -bytes are available. -.TP -.BR SO_RCVTIMEO " and " SO_SNDTIMEO -.\" Not implemented in Linux 2.0. -.\" Implemented in Linux 2.1.11 for getsockopt: always return a zero struct. -.\" Implemented in Linux 2.3.41 for setsockopt, and actually used. -Specify the receiving or sending timeouts until reporting an error. -The argument is a -.IR "struct timeval" . -If an input or output function blocks for this period of time, and -data has been sent or received, the return value of that function -will be the amount of data transferred; if no data has been transferred -and the timeout has been reached, then \-1 is returned with -.I errno -set to -.B EAGAIN -or -.BR EWOULDBLOCK , -.\" in fact to EAGAIN -or -.B EINPROGRESS -(for -.BR connect (2)) -just as if the socket was specified to be nonblocking. -If the timeout is set to zero (the default), -then the operation will never timeout. -Timeouts only have effect for system calls that perform socket I/O (e.g., -.BR accept (2), -.BR connect (2), -.BR read (2), -.BR recvmsg (2), -.BR send (2), -.BR sendmsg (2)); -timeouts have no effect for -.BR select (2), -.BR poll (2), -.BR epoll_wait (2), -and so on. -.TP -.B SO_REUSEADDR -.\" commit c617f398edd4db2b8567a28e899a88f8f574798d -.\" https://lwn.net/Articles/542629/ -Indicates that the rules used in validating addresses supplied in a -.BR bind (2) -call should allow reuse of local addresses. -For -.B AF_INET -sockets this -means that a socket may bind, except when there -is an active listening socket bound to the address. -When the listening socket is bound to -.B INADDR_ANY -with a specific port then it is not possible -to bind to this port for any local address. -Argument is an integer boolean flag. -.TP -.BR SO_REUSEPORT " (since Linux 3.9)" -Permits multiple -.B AF_INET -or -.B AF_INET6 -sockets to be bound to an identical socket address. -This option must be set on each socket (including the first socket) -prior to calling -.BR bind (2) -on the socket. -To prevent port hijacking, -all of the processes binding to the same address must have the same -effective UID. -This option can be employed with both TCP and UDP sockets. -.IP -For TCP sockets, this option allows -.BR accept (2) -load distribution in a multi-threaded server to be improved by -using a distinct listener socket for each thread. -This provides improved load distribution as compared -to traditional techniques such using a single -.BR accept (2)ing -thread that distributes connections, -or having multiple threads that compete to -.BR accept (2) -from the same socket. -.IP -For UDP sockets, -the use of this option can provide better distribution -of incoming datagrams to multiple processes (or threads) as compared -to the traditional technique of having multiple processes -compete to receive datagrams on the same socket. -.TP -.BR SO_RXQ_OVFL " (since Linux 2.6.33)" -.\" commit 3b885787ea4112eaa80945999ea0901bf742707f -Indicates that an unsigned 32-bit value ancillary message (cmsg) -should be attached to received skbs indicating -the number of packets dropped by the socket since its creation. -.TP -.BR SO_SELECT_ERR_QUEUE " (since Linux 3.10)" -.\" commit 7d4c04fc170087119727119074e72445f2bb192b -.\" Author: Keller, Jacob E -When this option is set on a socket, -an error condition on a socket causes notification not only via the -.I exceptfds -set of -.BR select (2). -Similarly, -.BR poll (2) -also returns a -.B POLLPRI -whenever an -.B POLLERR -event is returned. -.\" It does not affect wake up. -.IP -Background: this option was added when waking up on an error condition -occurred only via the -.I readfds -and -.I writefds -sets of -.BR select (2). -The option was added to allow monitoring for error conditions via the -.I exceptfds -argument without simultaneously having to receive notifications (via -.IR readfds ) -for regular data that can be read from the socket. -After changes in Linux 4.16, -.\" commit 6e5d58fdc9bedd0255a8 -.\" ("skbuff: Fix not waking applications when errors are enqueued") -the use of this flag to achieve the desired notifications -is no longer necessary. -This option is nevertheless retained for backwards compatibility. -.TP -.B SO_SNDBUF -Sets or gets the maximum socket send buffer in bytes. -The kernel doubles this value (to allow space for bookkeeping overhead) -when it is set using -.\" Most (all?) other implementations do not do this -- MTK, Dec 05 -.\" See also the comment to SO_RCVBUF (17 Jul 2012 LKML mail) -.BR setsockopt (2), -and this doubled value is returned by -.BR getsockopt (2). -The default value is set by the -.I /proc/sys/net/core/wmem_default -file and the maximum allowed value is set by the -.I /proc/sys/net/core/wmem_max -file. -The minimum (doubled) value for this option is 2048. -.TP -.BR SO_SNDBUFFORCE " (since Linux 2.6.14)" -Using this socket option, a privileged -.RB ( CAP_NET_ADMIN ) -process can perform the same task as -.BR SO_SNDBUF , -but the -.I wmem_max -limit can be overridden. -.TP -.B SO_TIMESTAMP -Enable or disable the receiving of the -.B SO_TIMESTAMP -control message. -The timestamp control message is sent with level -.B SOL_SOCKET -and a -.I cmsg_type -of -.BR SCM_TIMESTAMP . -The -.I cmsg_data -field is a -.I "struct timeval" -indicating the -reception time of the last packet passed to the user in this call. -See -.BR cmsg (3) -for details on control messages. -.TP -.BR SO_TIMESTAMPNS " (since Linux 2.6.22)" -.\" commit 92f37fd2ee805aa77925c1e64fd56088b46094fc -Enable or disable the receiving of the -.B SO_TIMESTAMPNS -control message. -The timestamp control message is sent with level -.B SOL_SOCKET -and a -.I cmsg_type -of -.BR SCM_TIMESTAMPNS . -The -.I cmsg_data -field is a -.I "struct timespec" -indicating the -reception time of the last packet passed to the user in this call. -The clock used for the timestamp is -.BR CLOCK_REALTIME . -See -.BR cmsg (3) -for details on control messages. -.IP -A socket cannot mix -.B SO_TIMESTAMP -and -.BR SO_TIMESTAMPNS : -the two modes are mutually exclusive. -.TP -.B SO_TYPE -Gets the socket type as an integer (e.g., -.BR SOCK_STREAM ). -This socket option is read-only. -.TP -.BR SO_BUSY_POLL " (since Linux 3.11)" -Sets the approximate time in microseconds to busy poll on a blocking receive -when there is no data. -Increasing this value requires -.BR CAP_NET_ADMIN . -The default for this option is controlled by the -.I /proc/sys/net/core/busy_read -file. -.IP -The value in the -.I /proc/sys/net/core/busy_poll -file determines how long -.BR select (2) -and -.BR poll (2) -will busy poll when they operate on sockets with -.B SO_BUSY_POLL -set and no events to report are found. -.IP -In both cases, -busy polling will only be done when the socket last received data -from a network device that supports this option. -.IP -While busy polling may improve latency of some applications, -care must be taken when using it since this will increase -both CPU utilization and power usage. -.SS Signals -When writing onto a connection-oriented socket that has been shut down -(by the local or the remote end) -.B SIGPIPE -is sent to the writing process and -.B EPIPE -is returned. -The signal is not sent when the write call -specified the -.B MSG_NOSIGNAL -flag. -.P -When requested with the -.B FIOSETOWN -.BR fcntl (2) -or -.B SIOCSPGRP -.BR ioctl (2), -.B SIGIO -is sent when an I/O event occurs. -It is possible to use -.BR poll (2) -or -.BR select (2) -in the signal handler to find out which socket the event occurred on. -An alternative (in Linux 2.2) is to set a real-time signal using the -.B F_SETSIG -.BR fcntl (2); -the handler of the real time signal will be called with -the file descriptor in the -.I si_fd -field of its -.IR siginfo_t . -See -.BR fcntl (2) -for more information. -.P -Under some circumstances (e.g., multiple processes accessing a -single socket), the condition that caused the -.B SIGIO -may have already disappeared when the process reacts to the signal. -If this happens, the process should wait again because Linux -will resend the signal later. -.\" .SS Ancillary messages -.SS /proc interfaces -The core socket networking parameters can be accessed -via files in the directory -.IR /proc/sys/net/core/ . -.TP -.I rmem_default -contains the default setting in bytes of the socket receive buffer. -.TP -.I rmem_max -contains the maximum socket receive buffer size in bytes which a user may -set by using the -.B SO_RCVBUF -socket option. -.TP -.I wmem_default -contains the default setting in bytes of the socket send buffer. -.TP -.I wmem_max -contains the maximum socket send buffer size in bytes which a user may -set by using the -.B SO_SNDBUF -socket option. -.TP -.IR message_cost " and " message_burst -configure the token bucket filter used to load limit warning messages -caused by external network events. -.TP -.I netdev_max_backlog -Maximum number of packets in the global input queue. -.TP -.I optmem_max -Maximum length of ancillary data and user control data like the iovecs -per socket. -.\" netdev_fastroute is not documented because it is experimental -.SS Ioctls -These operations can be accessed using -.BR ioctl (2): -.P -.in +4n -.EX -.IB error " = ioctl(" ip_socket ", " ioctl_type ", " &value_result ");" -.EE -.in -.TP -.B SIOCGSTAMP -Return a -.I struct timeval -with the receive timestamp of the last packet passed to the user. -This is useful for accurate round trip time measurements. -See -.BR setitimer (2) -for a description of -.IR "struct timeval" . -.\" -This ioctl should be used only if the socket options -.B SO_TIMESTAMP -and -.B SO_TIMESTAMPNS -are not set on the socket. -Otherwise, it returns the timestamp of the -last packet that was received while -.B SO_TIMESTAMP -and -.B SO_TIMESTAMPNS -were not set, or it fails if no such packet has been received, -(i.e., -.BR ioctl (2) -returns \-1 with -.I errno -set to -.BR ENOENT ). -.TP -.B SIOCSPGRP -Set the process or process group that is to receive -.B SIGIO -or -.B SIGURG -signals when I/O becomes possible or urgent data is available. -The argument is a pointer to a -.IR pid_t . -For further details, see the description of -.B F_SETOWN -in -.BR fcntl (2). -.TP -.B FIOASYNC -Change the -.B O_ASYNC -flag to enable or disable asynchronous I/O mode of the socket. -Asynchronous I/O mode means that the -.B SIGIO -signal or the signal set with -.B F_SETSIG -is raised when a new I/O event occurs. -.IP -Argument is an integer boolean flag. -(This operation is synonymous with the use of -.BR fcntl (2) -to set the -.B O_ASYNC -flag.) -.\" -.TP -.B SIOCGPGRP -Get the current process or process group that receives -.B SIGIO -or -.B SIGURG -signals, -or 0 -when none is set. -.P -Valid -.BR fcntl (2) -operations: -.TP -.B FIOGETOWN -The same as the -.B SIOCGPGRP -.BR ioctl (2). -.TP -.B FIOSETOWN -The same as the -.B SIOCSPGRP -.BR ioctl (2). -.SH VERSIONS -.B SO_BINDTODEVICE -was introduced in Linux 2.0.30. -.B SO_PASSCRED -is new in Linux 2.2. -The -.I /proc -interfaces were introduced in Linux 2.2. -.B SO_RCVTIMEO -and -.B SO_SNDTIMEO -are supported since Linux 2.3.41. -Earlier, timeouts were fixed to -a protocol-specific setting, and could not be read or written. -.SH NOTES -Linux assumes that half of the send/receive buffer is used for internal -kernel structures; thus the values in the corresponding -.I /proc -files are twice what can be observed on the wire. -.P -Linux will allow port reuse only with the -.B SO_REUSEADDR -option -when this option was set both in the previous program that performed a -.BR bind (2) -to the port and in the program that wants to reuse the port. -This differs from some implementations (e.g., FreeBSD) -where only the later program needs to set the -.B SO_REUSEADDR -option. -Typically this difference is invisible, since, for example, a server -program is designed to always set this option. -.\" .SH AUTHORS -.\" This man page was written by Andi Kleen. -.SH SEE ALSO -.BR wireshark (1), -.BR bpf (2), -.BR connect (2), -.BR getsockopt (2), -.BR setsockopt (2), -.BR socket (2), -.BR pcap (3), -.BR address_families (7), -.BR capabilities (7), -.BR ddp (7), -.BR ip (7), -.BR ipv6 (7), -.BR packet (7), -.BR tcp (7), -.BR udp (7), -.BR unix (7), -.BR tcpdump (8) diff --git a/man7/spufs.7 b/man7/spufs.7 deleted file mode 100644 index 3e8c2ed..0000000 --- a/man7/spufs.7 +++ /dev/null @@ -1,804 +0,0 @@ -.\" Copyright (c) International Business Machines Corp., 2006 -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" HISTORY: -.\" 2005-09-28, created by Arnd Bergmann , -.\" Mark Nutter and -.\" Ulrich Weigand -.\" 2006-06-16, revised by Eduardo M. Fleury -.\" 2007-07-10, quite a lot of polishing by mtk -.\" 2007-09-28, updates for newer kernels by Jeremy Kerr -.\" -.TH spufs 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -spufs \- SPU filesystem -.SH DESCRIPTION -The SPU filesystem is used on PowerPC machines that implement the -Cell Broadband Engine Architecture in order to access Synergistic -Processor Units (SPUs). -.P -The filesystem provides a name space similar to POSIX shared -memory or message queues. -Users that have write permissions -on the filesystem can use -.BR spu_create (2) -to establish SPU contexts under the -.B spufs -root directory. -.P -Every SPU context is represented by a directory containing -a predefined set of files. -These files can be -used for manipulating the state of the logical SPU. -Users can change permissions on the files, but can't -add or remove files. -.SS Mount options -.TP -.B uid= -Set the user owning the mount point; the default is 0 (root). -.TP -.B gid= -Set the group owning the mount point; the default is 0 (root). -.TP -.B mode= -Set the mode of the top-level directory in -.BR spufs , -as an octal mode string. -The default is 0775. -.SS Files -The files in -.B spufs -mostly follow the standard behavior for regular system calls like -.BR read (2) -or -.BR write (2), -but often support only a subset of the operations -supported on regular filesystems. -This list details the supported -operations and the deviations from the standard behavior described -in the respective man pages. -.P -All files that support the -.BR read (2) -operation also support -.BR readv (2) -and all files that support the -.BR write (2) -operation also support -.BR writev (2). -All files support the -.BR access (2) -and -.BR stat (2) -family of operations, but for the latter call, -the only fields of the returned -.I stat -structure that contain reliable information are -.IR st_mode , -.IR st_nlink , -.IR st_uid , -and -.IR st_gid . -.P -All files support the -.BR chmod (2)/\c -.BR fchmod (2) -and -.BR chown (2)/\c -.BR fchown (2) -operations, but will not be able to grant permissions that contradict -the possible operations (e.g., read access on the -.I wbox -file). -.P -The current set of files is: -.TP -.I /capabilities -Contains a comma-delimited string representing the capabilities of this -SPU context. -Possible capabilities are: -.RS -.TP -.B sched -This context may be scheduled. -.TP -.B step -This context can be run in single-step mode, for debugging. -.P -New capabilities flags may be added in the future. -.RE -.TP -.I /mem -the contents of the local storage memory of the SPU. -This can be accessed like a regular shared memory -file and contains both code and data in the address -space of the SPU. -The possible operations on an open -.I mem -file are: -.RS -.TP -.BR read (2) -.TQ -.BR pread (2) -.TQ -.BR write (2) -.TQ -.BR pwrite (2) -.TQ -.BR lseek (2) -These operate as usual, with the exception that -.BR lseek (2), -.BR write (2), -and -.BR pwrite (2) -are not supported beyond the end of the file. -The file size -is the size of the local storage of the SPU, -which is normally 256 kilobytes. -.TP -.BR mmap (2) -Mapping -.I mem -into the process address space provides access to the SPU local -storage within the process address space. -Only -.B MAP_SHARED -mappings are allowed. -.RE -.TP -.I /regs -Contains the saved general-purpose registers of the SPU context. -This file contains the 128-bit values of each register, -from register 0 to register 127, in order. -This allows the general-purpose registers to be -inspected for debugging. -.IP -Reading to or writing from this file requires that the context is -scheduled out, so use of this file is not recommended in normal -program operation. -.IP -The -.I regs -file is not present on contexts that have been created with the -.B SPU_CREATE_NOSCHED -flag. -.TP -.I /mbox -The first SPU-to-CPU communication mailbox. -This file is read-only and can be read in units of 4 bytes. -The file can be used only in nonblocking mode \- even -.BR poll (2) -cannot be used to block on this file. -The only possible operation on an open -.I mbox -file is: -.RS -.TP -.BR read (2) -If -.I count -is smaller than four, -.BR read (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -If there is no data available in the mailbox (i.e., the SPU has not -sent a mailbox message), the return value is set to \-1 and -.I errno -is set to -.BR EAGAIN . -When data -has been read successfully, four bytes are placed in -the data buffer and the value four is returned. -.RE -.TP -.I /ibox -The second SPU-to-CPU communication mailbox. -This file is similar to the first mailbox file, but can be read -in blocking I/O mode, thus calling -.BR read (2) -on an open -.I ibox -file will block until the SPU has written data to its interrupt mailbox -channel (unless the file has been opened with -.BR O_NONBLOCK , -see below). -Also, -.BR poll (2) -and similar system calls can be used to monitor for the presence -of mailbox data. -.IP -The possible operations on an open -.I ibox -file are: -.RS -.TP -.BR read (2) -If -.I count -is smaller than four, -.BR read (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -If there is no data available in the mailbox and the file -descriptor has been opened with -.BR O_NONBLOCK , -the return value is set to \-1 and -.I errno -is set to -.BR EAGAIN . -.IP -If there is no data available in the mailbox and the file -descriptor has been opened without -.BR O_NONBLOCK , -the call will -block until the SPU writes to its interrupt mailbox channel. -When data has been read successfully, four bytes are placed in -the data buffer and the value four is returned. -.TP -.BR poll (2) -Poll on the -.I ibox -file returns -.I "(POLLIN | POLLRDNORM)" -whenever data is available for reading. -.RE -.TP -.I /wbox -The CPU-to-SPU communication mailbox. -It is write-only and can be written in units of four bytes. -If the mailbox is full, -.BR write (2) -will block, and -.BR poll (2) -can be used to block until the mailbox is available for writing again. -The possible operations on an open -.I wbox -file are: -.RS -.TP -.BR write (2) -If -.I count -is smaller than four, -.BR write (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -If there is no space available in the mailbox and the file -descriptor has been opened with -.BR O_NONBLOCK , -the return -value is set to \-1 and -.I errno -is set to -.BR EAGAIN . -.IP -If there is no space available in the mailbox and the file -descriptor has been opened without -.BR O_NONBLOCK , -the call will block until the SPU reads from its -PPE (PowerPC Processing Element) -mailbox channel. -When data has been written successfully, -the system call returns four as its function result. -.TP -.BR poll (2) -A poll on the -.I wbox -file returns -.I "(POLLOUT | POLLWRNORM)" -whenever space is available for writing. -.RE -.TP -.I /mbox_stat -.TQ -.I /ibox_stat -.TQ -.I /wbox_stat -These are read-only files that contain the length of the current -queue of each mailbox\[em]that is, how many words can be read from -.IR mbox " or " ibox -or how many words can be written to -.I wbox -without blocking. -The files can be read only in four-byte units and return -a big-endian binary integer number. -The only possible operation on an open -.I *box_stat -file is: -.RS -.TP -.BR read (2) -If -.I count -is smaller than four, -.BR read (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -Otherwise, a four-byte value is placed in the data buffer. -This value is the number of elements that can be read from (for -.I mbox_stat -and -.IR ibox_stat ) -or written to (for -.IR wbox_stat ) -the respective mailbox without blocking or returning an -.B EAGAIN -error. -.RE -.TP -.I /npc -.TQ -.I /decr -.TQ -.I /decr_status -.TQ -.I /spu_tag_mask -.TQ -.I /event_mask -.TQ -.I /event_status -.TQ -.I /srr0 -.TQ -.I /lslr -Internal registers of the SPU. -These files contain an ASCII string -representing the hex value of the specified register. -Reads and writes on these -files (except for -.IR npc , -see below) require that the SPU context be scheduled out, -so frequent access to -these files is not recommended for normal program operation. -.IP -The contents of these files are: -.RS -.TP 16 -.I npc -Next Program Counter \- valid only when the SPU is in a stopped state. -.TP -.I decr -SPU Decrementer -.TP -.I decr_status -Decrementer Status -.TP -.I spu_tag_mask -MFC tag mask for SPU DMA -.TP -.I event_mask -Event mask for SPU interrupts -.TP -.I event_status -Number of SPU events pending (read-only) -.TP -.I srr0 -Interrupt Return address register -.TP -.I lslr -Local Store Limit Register -.RE -.IP -The possible operations on these files are: -.RS -.TP -.BR read (2) -Reads the current register value. -If the register value is larger than the buffer passed to the -.BR read (2) -system call, subsequent reads will continue reading from the same -buffer, until the end of the buffer is reached. -.IP -When a complete string has been read, all subsequent read operations -will return zero bytes and a new file descriptor needs to be opened -to read a new value. -.TP -.BR write (2) -A -.BR write (2) -operation on the file sets the register to the -value given in the string. -The string is parsed from the beginning -until the first nonnumeric character or the end of the buffer. -Subsequent writes to the same file descriptor overwrite the -previous setting. -.IP -Except for the -.I npc -file, these files are not present on contexts that have been created with -the -.B SPU_CREATE_NOSCHED -flag. -.RE -.TP -.I /fpcr -This file provides access to the Floating Point Status and -Control Register (fcpr) as a binary, four-byte file. -The operations on the -.I fpcr -file are: -.RS -.TP -.BR read (2) -If -.I count -is smaller than four, -.BR read (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -Otherwise, a four-byte value is placed in the data buffer; -this is the current value of the -.I fpcr -register. -.TP -.BR write (2) -If -.I count -is smaller than four, -.BR write (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -Otherwise, a four-byte value is copied from the data buffer, -updating the value of the -.I fpcr -register. -.RE -.TP -.I /signal1 -.TQ -.I /signal2 -The files provide access to the two signal notification channels -of an SPU. -These are read-write files that operate on four-byte words. -Writing to one of these files triggers an interrupt on the SPU. -The value written to the signal files can -be read from the SPU through a channel read or from -host user space through the file. -After the value has been read by the SPU, it is reset to zero. -The possible operations on an open -.I signal1 -or -.I signal2 -file are: -.RS -.TP -.BR read (2) -If -.I count -is smaller than four, -.BR read (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -Otherwise, a four-byte value is placed in the data buffer; -this is the current value of the specified signal notification -register. -.TP -.BR write (2) -If -.I count -is smaller than four, -.BR write (2) -returns \-1 and sets -.I errno -to -.BR EINVAL . -Otherwise, a four-byte value is copied from the data buffer, -updating the value of the specified signal notification -register. -The signal notification register will either be replaced with -the input data or will be updated to the bitwise OR operation -of the old value and the input data, depending on the contents -of the -.I signal1_type -or -.I signal2_type -files respectively. -.RE -.TP -.I /signal1_type -.TQ -.I /signal2_type -These two files change the behavior of the -.I signal1 -and -.I signal2 -notification files. -They contain a numeric ASCII string which is read -as either "1" or "0". -In mode 0 (overwrite), the hardware replaces the contents -of the signal channel with the data that is written to it. -In mode 1 (logical OR), the hardware accumulates the bits -that are subsequently written to it. -The possible operations on an open -.I signal1_type -or -.I signal2_type -file are: -.RS -.TP -.BR read (2) -When the count supplied to the -.BR read (2) -call is shorter than the required length for the digit (plus a newline -character), subsequent reads from the same file descriptor will -complete the string. -When a complete string has been read, all subsequent read operations -will return zero bytes and a new file descriptor needs to be opened -to read the value again. -.TP -.BR write (2) -A -.BR write (2) -operation on the file sets the register to the -value given in the string. -The string is parsed from the beginning -until the first nonnumeric character or the end of the buffer. -Subsequent writes to the same file descriptor overwrite the -previous setting. -.RE -.TP -.I /mbox_info -.TQ -.I /ibox_info -.TQ -.I /wbox_info -.TQ -.I /dma_into -.TQ -.I /proxydma_info -Read-only files that contain the saved state of the SPU mailboxes and -DMA queues. -This allows the SPU status to be inspected, mainly for debugging. -The -.I mbox_info -and -.I ibox_info -files each contain the four-byte mailbox message that has been written -by the SPU. -If no message has been written to these mailboxes, then -contents of these files is undefined. -The -.IR mbox_stat , -.IR ibox_stat , -and -.I wbox_stat -files contain the available message count. -.IP -The -.I wbox_info -file contains an array of four-byte mailbox messages, which have been -sent to the SPU. -With current CBEA machines, the array is four items in -length, so up to 4 * 4 = 16 bytes can be read from this file. -If any mailbox queue entry is empty, -then the bytes read at the corresponding location are undefined. -.IP -The -.I dma_info -file contains the contents of the SPU MFC DMA queue, represented as the -following structure: -.IP -.in +4n -.EX -struct spu_dma_info { - uint64_t dma_info_type; - uint64_t dma_info_mask; - uint64_t dma_info_status; - uint64_t dma_info_stall_and_notify; - uint64_t dma_info_atomic_command_status; - struct mfc_cq_sr dma_info_command_data[16]; -}; -.EE -.in -.IP -The last member of this data structure is the actual DMA queue, -containing 16 entries. -The -.I mfc_cq_sr -structure is defined as: -.IP -.in +4n -.EX -struct mfc_cq_sr { - uint64_t mfc_cq_data0_RW; - uint64_t mfc_cq_data1_RW; - uint64_t mfc_cq_data2_RW; - uint64_t mfc_cq_data3_RW; -}; -.EE -.in -.IP -The -.I proxydma_info -file contains similar information, but describes the proxy DMA queue -(i.e., DMAs initiated by entities outside the SPU) instead. -The file is in the following format: -.IP -.in +4n -.EX -struct spu_proxydma_info { - uint64_t proxydma_info_type; - uint64_t proxydma_info_mask; - uint64_t proxydma_info_status; - struct mfc_cq_sr proxydma_info_command_data[8]; -}; -.EE -.in -.IP -Accessing these files requires that the SPU context is scheduled out - -frequent use can be inefficient. -These files should not be used for normal program operation. -.IP -These files are not present on contexts that have been created with the -.B SPU_CREATE_NOSCHED -flag. -.TP -.I /cntl -This file provides access to the SPU Run Control and SPU status -registers, as an ASCII string. -The following operations are supported: -.RS -.TP -.BR read (2) -Reads from the -.I cntl -file will return an ASCII string with the hex -value of the SPU Status register. -.TP -.BR write (2) -Writes to the -.I cntl -file will set the context's SPU Run Control register. -.RE -.TP -.I /mfc -Provides access to the Memory Flow Controller of the SPU. -Reading from the file returns the contents of the -SPU's MFC Tag Status register, and -writing to the file initiates a DMA from the MFC. -The following operations are supported: -.RS -.TP -.BR write (2) -Writes to this file need to be in the format of a MFC DMA command, -defined as follows: -.IP -.in +4n -.EX -struct mfc_dma_command { - int32_t pad; /* reserved */ - uint32_t lsa; /* local storage address */ - uint64_t ea; /* effective address */ - uint16_t size; /* transfer size */ - uint16_t tag; /* command tag */ - uint16_t class; /* class ID */ - uint16_t cmd; /* command opcode */ -}; -.EE -.in -.IP -Writes are required to be exactly -.I sizeof(struct mfc_dma_command) -bytes in size. -The command will be sent to the SPU's MFC proxy queue, and the -tag stored in the kernel (see below). -.TP -.BR read (2) -Reads the contents of the tag status register. -If the file is opened in blocking mode (i.e., without -.BR O_NONBLOCK ), -then the read will block until a -DMA tag (as performed by a previous write) is complete. -In nonblocking mode, -the MFC tag status register will be returned without waiting. -.TP -.BR poll (2) -Calling -.BR poll (2) -on the -.I mfc -file will block until a new DMA can be -started (by checking for -.BR POLLOUT ) -or until a previously started DMA -(by checking for -.BR POLLIN ) -has been completed. -.IP -.I /mss -Provides access to the MFC MultiSource Synchronization (MSS) facility. -By -.BR mmap (2)-ing -this file, processes can access the MSS area of the SPU. -.IP -The following operations are supported: -.TP -.BR mmap (2) -Mapping -.B mss -into the process address space gives access to the SPU MSS area -within the process address space. -Only -.B MAP_SHARED -mappings are allowed. -.RE -.TP -.I /psmap -Provides access to the whole problem-state mapping of the SPU. -Applications can use this area to interface to the SPU, rather than -writing to individual register files in -.BR spufs . -.IP -The following operations are supported: -.RS -.TP -.BR mmap (2) -Mapping -.B psmap -gives a process a direct map of the SPU problem state area. -Only -.B MAP_SHARED -mappings are supported. -.RE -.TP -.I /phys\-id -Read-only file containing the physical SPU number that the SPU context -is running on. -When the context is not running, this file contains the -string "\-1". -.IP -The physical SPU number is given by an ASCII hex string. -.TP -.I /object\-id -Allows applications to store (or retrieve) a single 64-bit ID into the -context. -This ID is later used by profiling tools to uniquely identify -the context. -.RS -.TP -.BR write (2) -By writing an ASCII hex value into this file, applications can set the -object ID of the SPU context. -Any previous value of the object ID is overwritten. -.TP -.BR read (2) -Reading this file gives an ASCII hex string representing the object ID -for this SPU context. -.RE -.SH EXAMPLES -To automatically -.BR mount (8) -the SPU filesystem when booting, at the location -.I /spu -chosen by the user, put this line into the -.BR fstab (5) -configuration file: -.EX -none /spu spufs gid=spu 0 0 -.EE -.\" .SH AUTHORS -.\" Arnd Bergmann , Mark Nutter , -.\" Ulrich Weigand , Jeremy Kerr -.SH SEE ALSO -.BR close (2), -.BR spu_create (2), -.BR spu_run (2), -.BR capabilities (7) -.P -.I The Cell Broadband Engine Architecture (CBEA) specification diff --git a/man7/standards.7 b/man7/standards.7 deleted file mode 100644 index a058b92..0000000 --- a/man7/standards.7 +++ /dev/null @@ -1,307 +0,0 @@ -.\" Copyright (c) 2006, Michael Kerrisk -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH standards 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -standards \- C and UNIX Standards -.SH DESCRIPTION -The STANDARDS section that appears in many manual pages identifies -various standards to which the documented interface conforms. -The following list briefly describes these standards. -.TP -.B V7 -Version 7 (also known as Seventh Edition) UNIX, -released by AT&T/Bell Labs in 1979. -After this point, UNIX systems diverged into two main dialects: -BSD and System V. -.TP -.B 4.2BSD -This is an implementation standard defined by the 4.2 release -of the -.IR "Berkeley Software Distribution", -released by the University of California at Berkeley. -This was the first Berkeley release that contained a TCP/IP -stack and the sockets API. -4.2BSD was released in 1983. -.IP -Earlier major BSD releases included -.I 3BSD -(1980), -.I 4BSD -(1980), -and -.I 4.1BSD -(1981). -.TP -.B 4.3BSD -The successor to 4.2BSD, released in 1986. -.TP -.B 4.4BSD -The successor to 4.3BSD, released in 1993. -This was the last major Berkeley release. -.TP -.B System V -This is an implementation standard defined by AT&T's milestone 1983 -release of its commercial System V (five) release. -The previous major AT&T release was -.IR "System III" , -released in 1981. -.TP -.B System V release 2 (SVr2) -This was the next System V release, made in 1985. -The SVr2 was formally described in the -.I "System V Interface Definition version 1" -.RI ( "SVID 1" ) -published in 1985. -.TP -.B System V release 3 (SVr3) -This was the successor to SVr2, released in 1986. -This release was formally described in the -.I "System V Interface Definition version 2" -.RI ( "SVID 2" ). -.TP -.B System V release 4 (SVr4) -This was the successor to SVr3, released in 1989. -This version of System V is described in the "Programmer's Reference -Manual: Operating System API (Intel processors)" (Prentice-Hall -1992, ISBN 0-13-951294-2) -This release was formally described in the -.I "System V Interface Definition version 3" -.RI ( "SVID 3" ), -and is considered the definitive System V release. -.TP -.B SVID 4 -System V Interface Definition version 4, issued in 1995. -Available online at -.UR http://www.sco.com\:/developers\:/devspecs/ -.UE . -.TP -.B C89 -This was the first C language standard, ratified by ANSI -(American National Standards Institute) in 1989 -.RI ( X3.159-1989 ). -Sometimes this is known as -.IR "ANSI C" , -but since C99 is also an -ANSI standard, this term is ambiguous. -This standard was also ratified by -ISO (International Standards Organization) in 1990 -.RI ( "ISO/IEC 9899:1990" ), -and is thus occasionally referred to as -.IR "ISO C90" . -.TP -.B C99 -This revision of the C language standard was ratified by ISO in 1999 -.RI ( "ISO/IEC 9899:1999" ). -Available online at -.UR http://www.open\-std.org\:/jtc1\:/sc22\:/wg14\:/www\:/standards -.UE . -.TP -.B C11 -This revision of the C language standard was ratified by ISO in 2011 -.RI ( "ISO/IEC 9899:2011" ). -.TP -.B LFS -The Large File Summit specification, completed in 1996. -This specification defined mechanisms that allowed 32-bit systems -to support the use of large files (i.e., 64-bit file offsets). -See -.UR https://www.opengroup.org\:/platform\:/lfs.html -.UE . -.TP -.B POSIX.1-1988 -This was the first POSIX standard, -ratified by IEEE as IEEE Std 1003.1-1988, -and subsequently adopted (with minor revisions) as an ISO standard in 1990. -The term "POSIX" was coined by Richard Stallman. -.TP -.B POSIX.1-1990 -"Portable Operating System Interface for Computing Environments". -IEEE 1003.1-1990 part 1, ratified by ISO in 1990 -.RI ( "ISO/IEC 9945-1:1990" ). -.TP -.B POSIX.2 -IEEE Std 1003.2-1992, -describing commands and utilities, ratified by ISO in 1993 -.RI ( "ISO/IEC 9945-2:1993" ). -.TP -.BR POSIX.1b " (formerly known as \fIPOSIX.4\fP)" -IEEE Std 1003.1b-1993, -describing real-time facilities -for portable operating systems, ratified by ISO in 1996 -.RI ( "ISO/IEC 9945-1:1996" ). -.TP -.BR POSIX.1c " (formerly known as \fIPOSIX.4a\fP)" -IEEE Std 1003.1c-1995, which describes the POSIX threads interfaces. -.TP -.B POSIX.1d -IEEE Std 1003.1d-1999, which describes additional real-time extensions. -.TP -.B POSIX.1g -IEEE Std 1003.1g-2000, which describes networking APIs (including sockets). -.TP -.B POSIX.1j -IEEE Std 1003.1j-2000, which describes advanced real-time extensions. -.TP -.B POSIX.1-1996 -A 1996 revision of POSIX.1 which incorporated POSIX.1b and POSIX.1c. -.TP -.B XPG3 -Released in 1989, this was the first release of the X/Open -Portability Guide to be based on a POSIX standard (POSIX.1-1988). -This multivolume guide was developed by the X/Open Group, -a multivendor consortium. -.TP -.B XPG4 -A revision of the X/Open Portability Guide, released in 1992. -This revision incorporated POSIX.2. -.TP -.B XPG4v2 -A 1994 revision of XPG4. -This is also referred to as -.IR "Spec 1170" , -where 1170 referred to the number of interfaces -defined by this standard. -.TP -.B "SUS (SUSv1)" -Single UNIX Specification. -This was a repackaging of XPG4v2 and other X/Open standards -(X/Open Curses Issue 4 version 2, -X/Open Networking Service (XNS) Issue 4). -Systems conforming to this standard can be branded -.IR "UNIX 95" . -.TP -.B SUSv2 -Single UNIX Specification version 2. -Sometimes also referred to (incorrectly) as -.IR XPG5 . -This standard appeared in 1997. -Systems conforming to this standard can be branded -.IR "UNIX 98" . -See also -.UR http://www.unix.org\:/version2/ -.UE .) -.TP -.B POSIX.1-2001 -.TQ -.B SUSv3 -This was a 2001 revision and consolidation of the -POSIX.1, POSIX.2, and SUS standards into a single document, -conducted under the auspices of the Austin Group -.UR http://www.opengroup.org\:/austin/ -.UE . -The standard is available online at -.UR http://www.unix.org\:/version3/ -.UE . -.IP -The standard defines two levels of conformance: -.IR "POSIX conformance" , -which is a baseline set of interfaces required of a conforming system; -and -.IR "XSI Conformance", -which additionally mandates a set of interfaces -(the "XSI extension") which are only optional for POSIX conformance. -XSI-conformant systems can be branded -.IR "UNIX 03" . -.IP -The POSIX.1-2001 document is broken into four parts: -.IP -.BR XBD : -Definitions, terms, and concepts, header file specifications. -.IP -.BR XSH : -Specifications of functions (i.e., system calls and library -functions in actual implementations). -.IP -.BR XCU : -Specifications of commands and utilities -(i.e., the area formerly described by POSIX.2). -.IP -.BR XRAT : -Informative text on the other parts of the standard. -.IP -POSIX.1-2001 is aligned with C99, so that all of the -library functions standardized in C99 are also -standardized in POSIX.1-2001. -.IP -The Single UNIX Specification version 3 (SUSv3) comprises the -Base Specifications containing XBD, XSH, XCU, and XRAT as above, -plus X/Open Curses Issue 4 version 2 as an extra volume that is -not in POSIX.1-2001. -.IP -Two Technical Corrigenda (minor fixes and improvements) -of the original 2001 standard have occurred: -TC1 in 2003 -and TC2 in 2004. -.TP -.B POSIX.1-2008 -.TQ -.B SUSv4 -Work on the next revision of POSIX.1/SUS was completed and -ratified in 2008. -The standard is available online at -.UR http://www.unix.org\:/version4/ -.UE . -.IP -The changes in this revision are not as large as those -that occurred for POSIX.1-2001/SUSv3, -but a number of new interfaces are added -and various details of existing specifications are modified. -Many of the interfaces that were optional in -POSIX.1-2001 become mandatory in the 2008 revision of the standard. -A few interfaces that are present in POSIX.1-2001 are marked -as obsolete in POSIX.1-2008, or removed from the standard altogether. -.IP -The revised standard is structured in the same way as its predecessor. -The Single UNIX Specification version 4 (SUSv4) comprises the -Base Specifications containing XBD, XSH, XCU, and XRAT, -plus X/Open Curses Issue 7 as an extra volume that is -not in POSIX.1-2008. -.IP -Again there are two levels of conformance: the baseline -.IR "POSIX Conformance" , -and -.IR "XSI Conformance" , -which mandates an additional set of interfaces -beyond those in the base specification. -.IP -In general, where the STANDARDS section of a manual page -lists POSIX.1-2001, it can be assumed that the interface also -conforms to POSIX.1-2008, unless otherwise noted. -.IP -Technical Corrigendum 1 (minor fixes and improvements) -of this standard was released in 2013. -.IP -Technical Corrigendum 2 of this standard was released in 2016. -.IP -Further information can be found on the Austin Group web site, -.UR http://www.opengroup.org\:/austin/ -.UE . -.TP -.B SUSv4 2016 edition -This is equivalent to POSIX.1-2008, with the addition of -Technical Corrigenda 1 and 2 and the XCurses specification. -.TP -.B POSIX.1-2017 -This revision of POSIX is technically identical to POSIX.1-2008 with -Technical Corrigenda 1 and 2 applied. -.TP -.B SUSv4 2018 edition -This is equivalent to POSIX.1-2017, with the addition of -the XCurses specification. -.P -The interfaces documented in POSIX.1/SUS are available as -manual pages under sections 0p (header files), 1p (commands), -and 3p (functions); -thus one can write "man 3p open". -.SH SEE ALSO -.BR getconf (1), -.BR confstr (3), -.BR pathconf (3), -.BR sysconf (3), -.BR attributes (7), -.BR feature_test_macros (7), -.BR libc (7), -.BR posixoptions (7), -.BR system_data_types (7) diff --git a/man7/string_copying.7 b/man7/string_copying.7 deleted file mode 100644 index 43bc00d..0000000 --- a/man7/string_copying.7 +++ /dev/null @@ -1,767 +0,0 @@ -.\" Copyright 2022 Alejandro Colomar -.\" -.\" SPDX-License-Identifier: BSD-3-Clause -.\" -.TH string_copying 7 2023-12-17 "Linux man-pages 6.7" -.\" ----- NAME :: -----------------------------------------------------/ -.SH NAME -stpcpy, -strcpy, strcat, -stpecpy, -strtcpy, -strlcpy, strlcat, -stpncpy, -strncpy, -strncat -\- copying strings and character sequences -.\" ----- SYNOPSIS :: -------------------------------------------------/ -.SH SYNOPSIS -.\" ----- SYNOPSIS :: (Null-terminated) strings -----------------------/ -.SS Strings -.nf -// Chain-copy a string. -.BI "char *stpcpy(char *restrict " dst ", const char *restrict " src ); -.P -// Copy/catenate a string. -.BI "char *strcpy(char *restrict " dst ", const char *restrict " src ); -.BI "char *strcat(char *restrict " dst ", const char *restrict " src ); -.P -// Chain-copy a string with truncation. -.BI "char *stpecpy(char *" dst ", char " end "[0], const char *restrict " src ); -.P -// Copy/catenate a string with truncation. -.BI "ssize_t strtcpy(char " dst "[restrict ." dsize "], \ -const char *restrict " src , -.BI " size_t " dsize ); -.BI "size_t strlcpy(char " dst "[restrict ." dsize "], \ -const char *restrict " src , -.BI " size_t " dsize ); -.BI "size_t strlcat(char " dst "[restrict ." dsize "], \ -const char *restrict " src , -.BI " size_t " dsize ); -.fi -.\" ----- SYNOPSIS :: Null-padded character sequences --------/ -.SS Null-padded character sequences -.nf -// Fill a fixed-size buffer with characters from a string -// and pad with null bytes. -.BI "char *strncpy(char " dst "[restrict ." dsize "], \ -const char *restrict " src , -.BI " size_t " dsize ); -.BI "char *stpncpy(char " dst "[restrict ." dsize "], \ -const char *restrict " src , -.BI " size_t " dsize ); -.P -// Chain-copy a null-padded character sequence into a character sequence. -.I mempcpy(dst, src, strnlen(src, NITEMS(src))); -.P -// Chain-copy a null-padded character sequence into a string. -.I stpcpy(mempcpy(dst, src, strnlen(src, NITEMS(src))), \[dq]\[dq]); -.P -// Catenate a null-padded character sequence into a string. -.BI "char *strncat(char *restrict " dst ", const char " src "[restrict ." ssize ], -.BI " size_t " ssize ); -.fi -.\" ----- SYNOPSIS :: Known-length character sequences --------------------/ -.SS Known-length character sequences -.nf -// Chain-copy a known-length character sequence. -.BI "void *mempcpy(void " dst "[restrict ." len "], \ -const void " src "[restrict ." len ], -.BI " size_t " len ); -.P -// Chain-copy a known-length character sequence into a string. -.I stpcpy(mempcpy(dst, src, len), \[dq]\[dq]); -.fi -.SH DESCRIPTION -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: -----------------/ -.SS Terms (and abbreviations) -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: string (str) ----/ -.TP -.IR "string " ( str ) -is a sequence of zero or more non-null characters followed by a null character. -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: null-padded character seq -.TP -.I character sequence -is a sequence of zero or more non-null characters. -A program should never use a character sequence where a string is required. -However, with appropriate care, -a string can be used in the place of a character sequence. -.RS -.TP -.I null-padded character sequence -Character sequences can be contained in fixed-size buffers, -which contain padding null bytes after the character sequence, -to fill the rest of the buffer -without affecting the character sequence; -however, those padding null bytes are not part of the character sequence. -Don't confuse null-padded with null-terminated: -null-padded means 0 or more padding null bytes, -while null-terminated means exactly 1 terminating null character. -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: known-length character sequence -.TP -.I known-length character sequence -Character sequence delimited by its length. -It may be a slice of a larger character sequence, -or even of a string. -.RE -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: length (len) ----/ -.TP -.IR "length " ( len ) -is the number of non-null characters in a string or character sequence. -It is the return value of -.I strlen(str) -and of -.IR "strnlen(buf, size)" . -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: size ------------/ -.TP -.I size -refers to the entire buffer -where the string or character sequence is contained. -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: end -------------/ -.TP -.I end -is the name of a pointer to one past the last element of a buffer. -It is equivalent to -.IR &str[size] . -It is used as a sentinel value, -to be able to truncate strings or character sequences -instead of overrunning the containing buffer. -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: copy ------------/ -.TP -.I copy -This term is used when -the writing starts at the first element pointed to by -.IR dst . -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: catenate --------/ -.TP -.I catenate -This term is used when -a function first finds the terminating null character in -.IR dst , -and then starts writing at that position. -.\" ----- DESCRIPTION :: Terms (and abbreviations) :: chain -----------/ -.TP -.I chain -This term is used when -it's the programmer who provides -a pointer to the terminating null character in the string -.I dst -(or one after the last character in a character sequence), -and the function starts writing at that location. -The function returns -a pointer to the new location of the terminating null character -(or one after the last character in a character sequence) -after the call, -so that the programmer can use it to chain such calls. -.\" ----- DESCRIPTION :: Copy, catenate, and chain-copy ---------------/ -.SS Copy, catenate, and chain-copy -Originally, -there was a distinction between functions that copy and those that catenate. -However, newer functions that copy while allowing chaining -cover both use cases with a single API. -They are also algorithmically faster, -since they don't need to search for -the terminating null character of the existing string. -However, functions that catenate have a much simpler use, -so if performance is not important, -it can make sense to use them for improving readability. -.P -The pointer returned by functions that allow chaining -is a byproduct of the copy operation, -so it has no performance costs. -Functions that return such a pointer, -and thus can be chained, -have names of the form -.RB * stp *(), -since it's common to name the pointer just -.IR p . -.P -Chain-copying functions that truncate -should accept a pointer to the end of the destination buffer, -and have names of the form -.RB * stpe *(). -This allows not having to recalculate the remaining size after each call. -.\" ----- DESCRIPTION :: Truncate or not? -----------------------------/ -.SS Truncate or not? -The first thing to note is that programmers should be careful with buffers, -so they always have the correct size, -and truncation is not necessary. -.P -In most cases, -truncation is not desired, -and it is simpler to just do the copy. -Simpler code is safer code. -Programming against programming mistakes by adding more code -just adds more points where mistakes can be made. -.P -Nowadays, -compilers can detect most programmer errors with features like -compiler warnings, -static analyzers, and -.B \%_FORTIFY_SOURCE -(see -.BR ftm (7)). -Keeping the code simple -helps these overflow-detection features be more precise. -.P -When validating user input, -code should normally not truncate, -but instead fail and prevent the copy at all. -.P -In some cases, -however, -it makes sense to truncate. -.P -Functions that truncate: -.IP \[bu] 3 -.BR stpecpy () -.IP \[bu] -.BR strtcpy () -.IP \[bu] -.BR strlcpy (3bsd) -and -.BR strlcat (3bsd) -are similar, but have important performance problems; see BUGS. -.IP \[bu] -.BR stpncpy (3) -and -.BR strncpy (3) -also truncate, but they don't write strings, -but rather null-padded character sequences. -.\" ----- DESCRIPTION :: Null-padded character sequences --------------/ -.SS Null-padded character sequences -For historic reasons, -some standard APIs and file formats, -such as -.BR utmpx (5) -and -.BR tar (1), -use null-padded character sequences in fixed-size buffers. -To interface with them, -specialized functions need to be used. -.P -To copy bytes from strings into these buffers, use -.BR strncpy (3) -or -.BR stpncpy (3). -.P -To read a null-padded character sequence, -use -.IR "strnlen(src,\ NITEMS(src))" , -and then you can treat it as a known-length character sequence; -or use -.BR strncat (3) -directly. -.\" ----- DESCRIPTION :: Known-length character sequences -----------------/ -.SS Known-length character sequences -The simplest character sequence copying function is -.BR mempcpy (3). -It requires always knowing the length of your character sequences, -for which structures can be used. -It makes the code much faster, -since you always know the length of your character sequences, -and can do the minimal copies and length measurements. -.BR mempcpy (3) -copies character sequences, -so you need to explicitly set the terminating null character -if you need a string. -.P -In programs that make considerable use of strings or character sequences, -and need the best performance, -using overlapping character sequences can make a big difference. -It allows holding subsequences of a larger character sequence, -while not duplicating memory -nor using time to do a copy. -.P -However, this is delicate, -since it requires using character sequences. -C library APIs use strings, -so programs that use character sequences -will have to take care of differentiating strings from character sequences. -.P -To copy a known-length character sequence, use -.BR mempcpy (3). -.P -To copy a known-length character sequence into a string, use -.IR "\%stpcpy(mempcpy(dst,\ src,\ len),\ \[dq]\[dq])" . -.P -A string is also accepted as input, -because -.BR mempcpy (3) -asks for the length, -and a string is composed of a character sequence of the same length -plus a terminating null character. -.\" ----- DESCRIPTION :: String vs character sequence -----------------/ -.SS String vs character sequence -Some functions only operate on strings. -Those require that the input -.I src -is a string, -and guarantee an output string -(even when truncation occurs). -Functions that catenate -also require that -.I dst -holds a string before the call. -List of functions: -.IP \[bu] 3 -.PD 0 -.BR stpcpy (3) -.IP \[bu] -.BR strcpy (3), -.BR strcat (3) -.IP \[bu] -.BR stpecpy () -.IP \[bu] -.BR strtcpy () -.IP \[bu] -.BR strlcpy (3bsd), -.BR strlcat (3bsd) -.PD -.P -Other functions require an input string, -but create a character sequence as output. -These functions have confusing names, -and have a long history of misuse. -List of functions: -.IP \[bu] 3 -.PD 0 -.BR stpncpy (3) -.IP \[bu] -.BR strncpy (3) -.PD -.P -Other functions operate on an input character sequence, -and create an output string. -Functions that catenate -also require that -.I dst -holds a string before the call. -.BR strncat (3) -has an even more misleading name than the functions above. -List of functions: -.IP \[bu] 3 -.BR strncat (3) -.P -Other functions operate on an input character sequence -to create an output character sequence. -List of functions: -.IP \[bu] 3 -.BR mempcpy (3) -.\" ----- DESCRIPTION :: Functions :: ---------------------------------/ -.SS Functions -.\" ----- DESCRIPTION :: Functions :: stpcpy(3) -----------------------/ -.TP -.BR stpcpy (3) -Copy the input string into a destination string. -The programmer is responsible for allocating a buffer large enough. -It returns a pointer suitable for chaining. -.\" ----- DESCRIPTION :: Functions :: strcpy(3), strcat(3) ------------/ -.TP -.BR strcpy (3) -.TQ -.BR strcat (3) -Copy and catenate the input string into a destination string. -The programmer is responsible for allocating a buffer large enough. -The return value is useless. -.IP -.BR stpcpy (3) -is a faster alternative to these functions. -.\" ----- DESCRIPTION :: Functions :: stpecpy() -----------------------/ -.TP -.BR stpecpy () -Chain-copy the input string into a destination string. -If the destination buffer, -limited by a pointer to its end, -isn't large enough to hold the copy, -the resulting string is truncated -(but it is guaranteed to be null-terminated). -It returns a pointer suitable for chaining. -Truncation needs to be detected only once after the last chained call. -.IP -This function is not provided by any library; -see EXAMPLES for a reference implementation. -.\" ----- DESCRIPTION :: Functions :: strtcpy() -----------------------/ -.TP -.BR strtcpy () -Copy the input string into a destination string. -If the destination buffer isn't large enough to hold the copy, -the resulting string is truncated -(but it is guaranteed to be null-terminated). -It returns the length of the string, -or \-1 if it truncated. -.IP -This function is not provided by any library; -see EXAMPLES for a reference implementation. -.\" ----- DESCRIPTION :: Functions :: strlcpy(3bsd), strlcat(3bsd) ----/ -.TP -.BR strlcpy (3bsd) -.TQ -.BR strlcat (3bsd) -Copy and catenate the input string into a destination string. -If the destination buffer, -limited by its size, -isn't large enough to hold the copy, -the resulting string is truncated -(but it is guaranteed to be null-terminated). -They return the length of the total string they tried to create. -.IP -Check BUGS before using these functions. -.IP -.BR strtcpy () -and -.BR stpecpy () -are better alternatives to these functions. -.\" ----- DESCRIPTION :: Functions :: stpncpy(3) ----------------------/ -.TP -.BR stpncpy (3) -Copy the input string into -a destination null-padded character sequence in a fixed-size buffer. -If the destination buffer, -limited by its size, -isn't large enough to hold the copy, -the resulting character sequence is truncated. -Since it creates a character sequence, -it doesn't need to write a terminating null character. -It's impossible to distinguish truncation by the result of the call, -from a character sequence that just fits the destination buffer; -truncation should be detected by -comparing the length of the input string -with the size of the destination buffer. -.\" ----- DESCRIPTION :: Functions :: strncpy(3) ----------------------/ -.TP -.BR strncpy (3) -This function is identical to -.BR stpncpy (3) -except for the useless return value. -.IP -.BR stpncpy (3) -is a more useful alternative to this function. -.\" ----- DESCRIPTION :: Functions :: strncat(3) ----------------------/ -.TP -.BR strncat (3) -Catenate the input character sequence, -contained in a null-padded fixed-size buffer, -into a destination string. -The programmer is responsible for allocating a buffer large enough. -The return value is useless. -.IP -Do not confuse this function with -.BR strncpy (3); -they are not related at all. -.IP -.I \%stpcpy(mempcpy(dst,\ src,\ strnlen(src,\ NITEMS(src))),\ \[dq]\[dq]) -is a faster alternative to this function. -.\" ----- DESCRIPTION :: Functions :: mempcpy(3) ----------------------/ -.TP -.BR mempcpy (3) -Copy the input character sequence, -limited by its length, -into a destination character sequence. -The programmer is responsible for allocating a buffer large enough. -It returns a pointer suitable for chaining. -.\" ----- RETURN VALUE :: ---------------------------------------------/ -.SH RETURN VALUE -.TP -.BR stpcpy (3) -A pointer to the terminating null character in the destination string. -.TP -.BR stpecpy () -A pointer to the terminating null character in the destination string, -on success. -On error, -NULL is returned, -and -.I errno -is set to indicate the error. -.TP -.BR mempcpy (3) -.TQ -.BR stpncpy (3) -A pointer to one after the last character -in the destination character sequence. -.TP -.BR strtcpy () -The length of the string, -on success. -On error, -\-1 is returned, -and -.I errno -is set to indicate the error. -.TP -.BR strlcpy (3bsd) -.TQ -.BR strlcat (3bsd) -The length of the total string that they tried to create -(as if truncation didn't occur). -.TP -.BR strcpy (3) -.TQ -.BR strcat (3) -.TQ -.BR strncpy (3) -.TQ -.BR strncat (3) -The -.I dst -pointer, -which is useless. -.\" ----- ERRORS ------------------------------------------------------/ -.SH ERRORS -Most of these functions don't set -.IR errno . -.TP -.BR stpecpy () -.TQ -.BR strtcpy () -.RS -.TP -.B ENOBUFS -.I dsize -was -.BR 0 . -.TP -.B E2BIG -The string has been truncated. -.RE -.\" ----- NOTES :: strscpy(9) -----------------------------------------/ -.SH NOTES -The Linux kernel has an internal function for copying strings, -.BR strscpy (9), -which is identical to -.BR strtcpy (), -except that it returns -.B \-E2BIG -instead of \-1 -and it doesn't set -.IR errno . -.\" ----- CAVEATS :: --------------------------------------------------/ -.SH CAVEATS -Don't mix chain calls to truncating and non-truncating functions. -It is conceptually wrong -unless you know that the first part of a copy will always fit. -Anyway, the performance difference will probably be negligible, -so it will probably be more clear if you use consistent semantics: -either truncating or non-truncating. -Calling a non-truncating function after a truncating one is necessarily wrong. -.\" ----- BUGS :: -----------------------------------------------------/ -.SH BUGS -All catenation functions share the same performance problem: -.UR https://www.joelonsoftware.com/\:2001/12/11/\:back\-to\-basics/ -Shlemiel the painter -.UE . -As a mitigation, -compilers are able to transform some calls to catenation functions -into normal copy functions, -since -.I strlen(dst) -is usually a byproduct of the previous copy. -.P -.BR strlcpy (3) -and -.BR strlcat (3) -need to read the entire -.I src -string, -even if the destination buffer is small. -This makes them vulnerable to Denial of Service (DoS) attacks -if an attacker can control the length of the -.I src -string. -And if not, -they're still unnecessarily slow. -.\" ----- EXAMPLES :: -------------------------------------------------/ -.SH EXAMPLES -The following are examples of correct use of each of these functions. -.\" ----- EXAMPLES :: stpcpy(3) ---------------------------------------/ -.TP -.BR stpcpy (3) -.EX -p = buf; -p = stpcpy(p, "Hello "); -p = stpcpy(p, "world"); -p = stpcpy(p, "!"); -len = p \- buf; -puts(buf); -.EE -.\" ----- EXAMPLES :: strcpy(3), strcat(3) ----------------------------/ -.TP -.BR strcpy (3) -.TQ -.BR strcat (3) -.EX -strcpy(buf, "Hello "); -strcat(buf, "world"); -strcat(buf, "!"); -len = strlen(buf); -puts(buf); -.EE -.\" ----- EXAMPLES :: stpecpy() ---------------------------------------/ -.TP -.BR stpecpy () -.EX -end = buf + NITEMS(buf); -p = buf; -p = stpecpy(p, end, "Hello "); -p = stpecpy(p, end, "world"); -p = stpecpy(p, end, "!"); -if (p == NULL) { - len = NITEMS(buf) \- 1; - goto toolong; -} -len = p \- buf; -puts(buf); -.EE -.\" ----- EXAMPLES :: strtcpy() ---------------------------------------/ -.TP -.BR strtcpy () -.EX -len = strtcpy(buf, "Hello world!", NITEMS(buf)); -if (len == \-1) - goto toolong; -puts(buf); -.EE -.\" ----- EXAMPLES :: strlcpy(3bsd), strlcat(3bsd) --------------------/ -.TP -.BR strlcpy (3bsd) -.TQ -.BR strlcat (3bsd) -.EX -if (strlcpy(buf, "Hello ", NITEMS(buf)) >= NITEMS(buf)) - goto toolong; -if (strlcat(buf, "world", NITEMS(buf)) >= NITEMS(buf)) - goto toolong; -len = strlcat(buf, "!", NITEMS(buf)); -if (len >= NITEMS(buf)) - goto toolong; -puts(buf); -.EE -.\" ----- EXAMPLES :: stpncpy(3) --------------------------------------/ -.TP -.BR stpncpy (3) -.EX -p = stpncpy(u->ut_user, "alx", NITEMS(u->ut_user)); -if (NITEMS(u->ut_user) < strlen("alx")) - goto toolong; -len = p \- u->ut_user; -fwrite(u->ut_user, 1, len, stdout); -.EE -.\" ----- EXAMPLES :: strncpy(3) --------------------------------------/ -.TP -.BR strncpy (3) -.EX -strncpy(u->ut_user, "alx", NITEMS(u->ut_user)); -if (NITEMS(u->ut_user) < strlen("alx")) - goto toolong; -len = strnlen(u->ut_user, NITEMS(u->ut_user)); -fwrite(u->ut_user, 1, len, stdout); -.EE -.\" ----- EXAMPLES :: mempcpy(dst, src, strnlen(src, NITEMS(src))) ----/ -.TP -.I mempcpy(dst, src, strnlen(src, NITEMS(src))) -.EX -char buf[NITEMS(u->ut_user)]; -p = buf; -p = mempcpy(p, u->ut_user, strnlen(u->ut_user, NITEMS(u->ut_user))); -len = p \- buf; -fwrite(buf, 1, len, stdout); -.EE -.\" ----- EXAMPLES :: stpcpy(mempcpy(dst, src, strnlen(src, NITEMS(src))), "") -.TP -.I stpcpy(mempcpy(dst, src, strnlen(src, NITEMS(src))), \[dq]\[dq]) -.EX -char buf[NITEMS(u->ut_user) + 1]; -p = buf; -p = mempcpy(p, u->ut_user, strnlen(u->ut_user, NITEMS(u->ut_user))); -p = stpcpy(p, ""); -len = p \- buf; -puts(buf); -.EE -.\" ----- EXAMPLES :: strncat(3) --------------------------------------/ -.TP -.BR strncat (3) -.EX -char buf[NITEMS(u->ut_user) + 1]; -strcpy(buf, ""); -strncat(buf, u->ut_user, NITEMS(u->ut_user)); -len = strlen(buf); -puts(buf); -.EE -.\" ----- EXAMPLES :: mempcpy(3) --------------------------------------/ -.TP -.BR mempcpy (3) -.EX -p = buf; -p = mempcpy(p, "Hello ", 6); -p = mempcpy(p, "world", 5); -p = mempcpy(p, "!", 1); -len = p \- buf; -fwrite(buf, 1, len, stdout); -.EE -.\" ----- EXAMPLES :: stpcpy(mempcpy(), "") ---------------------------/ -.TP -.I stpcpy(mempcpy(dst, src, len), \[dq]\[dq]) -.EX -p = buf; -p = mempcpy(p, "Hello ", 6); -p = mempcpy(p, "world", 5); -p = mempcpy(p, "!", 1); -p = stpcpy(p, ""); -len = p \- buf; -puts(buf); -.EE -.\" ----- EXAMPLES :: Implementations :: ------------------------------/ -.SS Implementations -Here are reference implementations for functions not provided by libc. -.P -.in +4n -.EX -/* This code is in the public domain. */ -\& -.\" ----- EXAMPLES :: Implementations :: stpecpy() --------------------/ -char * -.IR stpecpy "(char *dst, char end[0], const char *restrict src)" -{ - size_t dlen; -\& - if (dst == NULL) - return NULL; -\& - dlen = strtcpy(dst, src, end \- dst); - return (dlen == \-1) ? NULL : dst + dlen; -} -\& -.\" ----- EXAMPLES :: Implementations :: strtcpy() --------------------/ -ssize_t -.IR strtcpy "(char *restrict dst, const char *restrict src, size_t dsize)" -{ - bool trunc; - size_t dlen, slen; -\& - if (dsize == 0) { - errno = ENOBUFS; - return \-1; - } -\& - slen = strnlen(src, dsize); - trunc = (slen == dsize); - dlen = slen \- trunc; -\& - stpcpy(mempcpy(dst, src, dlen), ""); - if (trunc) - errno = E2BIG; - return trunc ? \-1 : slen; -} -.\" ----- SEE ALSO :: -------------------------------------------------/ -.SH SEE ALSO -.BR bzero (3), -.BR memcpy (3), -.BR memccpy (3), -.BR mempcpy (3), -.BR stpcpy (3), -.BR strlcpy (3bsd), -.BR strncat (3), -.BR stpncpy (3), -.BR string (3) diff --git a/man7/suffixes.7 b/man7/suffixes.7 deleted file mode 100644 index 3352a9c..0000000 --- a/man7/suffixes.7 +++ /dev/null @@ -1,265 +0,0 @@ -'\" t -.\" Copyright (c) 1993 by Thomas Koenig (ig25@rz.uni-karlsruhe.de) -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" Modified Sat Jul 24 17:35:15 1993 by Rik Faith -.\" Modified Sun Feb 19 22:02:32 1995 by Rik Faith -.\" Modified Tue Oct 22 23:28:12 1996 by Eric S. Raymond -.\" Modified Sun Jan 26 21:56:56 1997 by Ralph Schleicher -.\" -.\" Modified Mon Jun 16 20:24:58 1997 by Nicolás Lichtmaier -.\" Modified Sun Oct 18 22:11:28 1998 by Joseph S. Myers -.\" Modified Mon Nov 16 17:24:47 1998 by Andries Brouwer -.\" Modified Thu Nov 16 23:28:25 2000 by David A. Wheeler -.\" -.\" -.TH SUFFIXES 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -suffixes \- list of file suffixes -.SH DESCRIPTION -It is customary to indicate the contents of a file with the file suffix, -which (typically) consists of a period, followed by one or more letters. -Many standard utilities, such as compilers, use this to recognize the type of -file they are dealing with. -The -.BR make (1) -utility is driven by rules based on file suffix. -.P -Following is a list of suffixes which are likely to be found on a -Linux system. -.P -.TS -l | l -_ | _ -lI | l . -Suffix File type -\&,v files for RCS (Revision Control System) -\&- backup file -\&.C C++ source code, equivalent to \fI.cc\fP -\&.F Fortran source with \fBcpp\fP(1) directives -\& or file compressed using freeze -\&.S assembler source with \fBcpp\fP(1) directives -\&.Y file compressed using yabba -\&.Z file compressed using \fBcompress\fP(1) -\&.[0\-9]+gf TeX generic font files -\&.[0\-9]+pk TeX packed font files -\&.[1\-9] manual page for the corresponding section -\&.[1\-9][a-z] manual page for section plus subsection -\&.a static object code library -\&.ad X application default resource file -\&.ada Ada source (may be body, spec, or combination) -\&.adb Ada body source -\&.ads Ada spec source -\&.afm PostScript font metrics -\&.al Perl autoload file -\&.am \fBautomake\fP(1) input file -\&.arc \fBarc\fP(1) archive -\&.arj \fBarj\fP(1) archive -\&.asc PGP ASCII-armored data -\&.asm (GNU) assembler source file -\&.au Audio sound file -\&.aux LaTeX auxiliary file -\&.avi (msvideo) movie -\&.awk AWK language program -\&.b LILO boot loader image -\&.bak backup file -\&.bash \fBbash\fP(1) shell script -\&.bb basic block list data produced by -\& gcc \-ftest\-coverage -\&.bbg basic block graph data produced by -\& gcc \-ftest\-coverage -\&.bbl BibTeX output -\&.bdf X font file -\&.bib TeX bibliographic database, BibTeX input -\&.bm bitmap source -\&.bmp bitmap -\&.bz2 file compressed using \fBbzip2\fP(1) -\&.c C source -\&.cat message catalog files -\&.cc C++ source -\&.cf configuration file -\&.cfg configuration file -\&.cgi WWW content generating script or program -\&.cls LaTeX Class definition -\&.class Java compiled byte-code -\&.conf configuration file -\&.config configuration file -\&.cpp equivalent to \fI.cc\fR -\&.csh \fBcsh\fP(1) shell script -\&.cxx equivalent to \fI.cc\fR -\&.dat data file -\&.deb Debian software package -\&.def Modula-2 source for definition modules -\&.def other definition files -\&.desc initial part of mail message unpacked with -\& \fBmunpack\fP(1) -\&.diff file differences (\fBdiff\fP(1) command output) -\&.dir dbm data base directory file -\&.doc documentation file -\&.dsc Debian Source Control (source package) -\&.dtx LaTeX package source file -\&.dvi TeX's device independent output -\&.el Emacs-Lisp source -\&.elc compiled Emacs-Lisp source -\&.eps encapsulated PostScript -\&.exp Expect source code -\&.f Fortran source -\&.f77 Fortran 77 source -\&.f90 Fortran 90 source -\&.fas precompiled Common-Lisp -\&.fi Fortran include files -\&.fig FIG image file (used by \fBxfig\fP(1)) -\&.fmt TeX format file -\&.gif Compuserve Graphics Image File format -\&.gmo GNU format message catalog -\&.gsf Ghostscript fonts -\&.gz file compressed using \fBgzip\fP(1) -\&.h C or C++ header files -\&.help help file -\&.hf equivalent to \fI.help\fP -\&.hlp equivalent to \fI.help\fP -\&.htm poor man's \fI.html\fP -\&.html HTML document used with the World Wide Web -\&.hqx 7-bit encoded Macintosh file -\&.i C source after preprocessing -\&.icon bitmap source -\&.idx reference or datum-index file for hypertext -\& or database system -\&.image bitmap source -\&.in configuration template, especially for GNU Autoconf -\&.info files for the Emacs info browser -\&.info-[0\-9]+ split info files -\&.ins LaTeX package install file for docstrip -\&.itcl itcl source code; -\& itcl ([incr Tcl]) is an OO extension of tcl -\&.java a Java source file -\&.jpeg Joint Photographic Experts Group format -\&.jpg poor man's \fI.jpeg\fP -\&.js JavaScript source code -\&.jsx JSX (JavaScript XML-like extension) source code -\&.kmap \fBlyx\fP(1) keymap -\&.l equivalent to \fI.lex\fP or \fI.lisp\fP -\&.lex \fBlex\fP(1) or \fBflex\fP(1) files -\&.lha lharc archive -\&.lib Common-Lisp library -\&.lisp Lisp source -\&.ln files for use with \fBlint\fP(1) -\&.log log file, in particular produced by TeX -\&.lsm Linux Software Map entry -\&.lsp Common-Lisp source -\&.lzh lharc archive -\&.m Objective-C source code -\&.m4 \fBm4\fP(1) source -\&.mac macro files for various programs -\&.man manual page (usually source rather than formatted) -\&.map map files for various programs -\&.me Nroff source using the me macro package -\&.mf Metafont (font generator for TeX) source -\&.mgp MagicPoint file -\&.mm sources for \fBgroff\fP(1) in mm - format -\&.mo Message catalog binary file -\&.mod Modula-2 source for implementation modules -\&.mov (quicktime) movie -\&.mp Metapost source -\&.mp2 MPEG Layer 2 (audio) file -\&.mp3 MPEG Layer 3 (audio) file -\&.mpeg movie file -\&.o object file -\&.old old or backup file -\&.orig backup (original) version of a file, from \fBpatch\fP(1) -\&.out output file, often executable program (a.out) -\&.p Pascal source -\&.pag dbm data base data file -\&.patch file differences for \fBpatch\fP(1) -\&.pbm portable bitmap format -\&.pcf X11 font files -\&.pdf Adobe Portable Data Format -\& (use Acrobat/\fBacroread\fP or \fBxpdf\fP) -\&.perl Perl source (see .ph, .pl, and .pm) -\&.pfa PostScript font definition files, ASCII format -\&.pfb PostScript font definition files, binary format -\&.pgm portable greymap format -\&.pgp PGP binary data -\&.ph Perl header file -\&.php PHP program file -\&.php3 PHP3 program file -\&.pid File to store daemon PID (e.g., crond.pid) -\&.pl TeX property list file or Perl library file -\&.pm Perl module -\&.png Portable Network Graphics file -\&.po Message catalog source -\&.pod \fBperldoc\fP(1) file -\&.ppm portable pixmap format -\&.pr bitmap source -\&.ps PostScript file -\&.py Python source -\&.pyc compiled python -\&.qt quicktime movie -\&.r RATFOR source (obsolete) -\&.rej patches that \fBpatch\fP(1) couldn't apply -\&.rpm RPM software package -\&.rtf Rich Text Format file -\&.rules rules for something -\&.s assembler source -\&.sa stub libraries for a.out shared libraries -\&.sc \fBsc\fP(1) spreadsheet commands -\&.scm Scheme source code -\&.sed sed source file -\&.sgml SGML source file -\&.sh \fBsh\fP(1) scripts -\&.shar archive created by the \fBshar\fP(1) utility -\&.shtml HTML using Server Side Includes -\&.so Shared library or dynamically loadable object -\&.sql SQL source -\&.sqml SQML schema or query program -\&.sty LaTeX style files -\&.sym Modula-2 compiled definition modules -\&.tar archive created by the \fBtar\fP(1) utility -\&.tar.Z tar(1) archive compressed with \fBcompress\fP(1) -\&.tar.bz2 tar(1) archive compressed with \fBbzip2\fP(1) -\&.tar.gz tar(1) archive compressed with \fBgzip\fP(1) -\&.taz tar(1) archive compressed with \fBcompress\fP(1) -\&.tcl tcl source code -\&.tex TeX or LaTeX source -\&.texi equivalent to \fI.texinfo\fP -\&.texinfo Texinfo documentation source -\&.text text file -\&.tfm TeX font metric file -\&.tgz tar archive compressed with \fBgzip\fP(1) -\&.tif poor man's \fI.tiff\fP -\&.tiff Tagged Image File Format -\&.tk tcl/tk script -\&.tmp temporary file -\&.tmpl template files -\&.ts TypeScript source code -\&.tsx TypeScript with JSX source code (\fI.ts\fP + \fI.jsx\fP) -\&.txt equivalent to \fI.text\fP -\&.uu equivalent to \fI.uue\fP -\&.uue binary file encoded with \fBuuencode\fP(1) -\&.vf TeX virtual font file -\&.vpl TeX virtual property list file -\&.w Silvio Levi's CWEB -\&.wav wave sound file -\&.web Donald Knuth's WEB -\&.wml Source file for Web Meta Language -\&.xbm X11 bitmap source -\&.xcf GIMP graphic -\&.xml eXtended Markup Language file -\&.xpm X11 pixmap source -\&.xs Perl xsub file produced by h2xs -\&.xsl XSL stylesheet -\&.y \fByacc\fP(1) or \fBbison\fP(1) (parser generator) files -\&.z File compressed using \fBpack\fP(1) (or an old \fBgzip\fP(1)) -\&.zip \fBzip\fP(1) archive -\&.zoo \fBzoo\fP(1) archive -\&\[ti] Emacs or \fBpatch\fP(1) backup file -\&rc startup (`run control') file, e.g., \fI.newsrc\fP -.TE -.SH STANDARDS -General UNIX conventions. -.SH BUGS -This list is not exhaustive. -.SH SEE ALSO -.BR file (1), -.BR make (1) diff --git a/man7/svipc.7 b/man7/svipc.7 deleted file mode 100644 index cc543f5..0000000 --- a/man7/svipc.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/sysvipc.7 diff --git a/man7/symlink.7 b/man7/symlink.7 deleted file mode 100644 index 737bb1f..0000000 --- a/man7/symlink.7 +++ /dev/null @@ -1,564 +0,0 @@ -.\" Copyright (c) 1992, 1993, 1994 -.\" The Regents of the University of California. All rights reserved. -.\" and Copyright (C) 2008, 2014 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: BSD-3-Clause -.\" -.\" @(#)symlink.7 8.3 (Berkeley) 3/31/94 -.\" $FreeBSD: src/bin/ln/symlink.7,v 1.30 2005/02/13 22:25:09 ru Exp $ -.\" -.\" 2008-06-11, mtk, Taken from FreeBSD 6.2 and heavily edited for -.\" specific Linux details, improved readability, and man-pages style. -.\" -.TH symlink 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -symlink \- symbolic link handling -.SH DESCRIPTION -Symbolic links are files that act as pointers to other files. -To understand their behavior, you must first understand how hard links -work. -.P -A hard link to a file is indistinguishable from the original file because -it is a reference to the object underlying the original filename. -(To be precise: each of the hard links to a file is a reference to -the same -.IR "inode number" , -where an inode number is an index into the inode table, -which contains metadata about all files on a filesystem. -See -.BR stat (2).) -Changes to a file are independent of the name used to reference the file. -Hard links may not refer to directories -(to prevent the possibility of loops within the filesystem tree, -which would confuse many programs) -and may not refer to files on different filesystems -(because inode numbers are not unique across filesystems). -.P -A symbolic link is a special type of file whose contents are a string -that is the pathname of another file, the file to which the link refers. -(The contents of a symbolic link can be read using -.BR readlink (2).) -In other words, a symbolic link is a pointer to another name, -and not to an underlying object. -For this reason, symbolic links may refer to directories and may cross -filesystem boundaries. -.P -There is no requirement that the pathname referred to by a symbolic link -should exist. -A symbolic link that refers to a pathname that does not exist is said -to be a -.IR "dangling link" . -.P -Because a symbolic link and its referenced object coexist in the filesystem -name space, confusion can arise in distinguishing between the link itself -and the referenced object. -On historical systems, -commands and system calls adopted their own link-following -conventions in a somewhat ad-hoc fashion. -Rules for a more uniform approach, -as they are implemented on Linux and other systems, -are outlined here. -It is important that site-local applications also conform to these rules, -so that the user interface can be as consistent as possible. -.\" -.SS Magic links -There is a special class of symbolic-link-like objects -known as "magic links", which -can be found in certain pseudofilesystems such as -.BR proc (5) -(examples include -.IR /proc/ pid /exe -and -.IR /proc/ pid /fd/ *). -Unlike normal symbolic links, magic links are not resolved through -pathname-expansion, but instead act as direct references to the kernel's own -representation of a file handle. -As such, these magic links allow users to -access files which cannot be referenced with normal paths (such as unlinked -files still referenced by a running program ). -.P -Because they can bypass ordinary -.BR mount_namespaces (7)-based -restrictions, -magic links have been used as attack vectors in various exploits. -.\" -.SS Symbolic link ownership, permissions, and timestamps -The owner and group of an existing symbolic link can be changed -using -.BR lchown (2). -The ownership of a symbolic link matters -when the link is being removed or renamed in a directory that -has the sticky bit set (see -.BR inode (7)), -and when the -.I fs.protected_symlinks -sysctl is set (see -.BR proc (5)). -.P -The last access and last modification timestamps -of a symbolic link can be changed using -.BR utimensat (2) -or -.BR lutimes (3). -.P -.\" Linux does not currently implement an lchmod(2). -On Linux, the permissions of an ordinary symbolic link are not used in any -operations; the permissions are always 0777 (read, write, and execute for all -user categories), and can't be changed. -.P -However, magic links do not follow this rule. -They can have a non-0777 mode, -though this mode is not currently used in any permission checks. -.\" .P -.\" The -.\" 4.4BSD -.\" system differs from historical -.\" 4BSD -.\" systems in that the system call -.\" .BR chown (2) -.\" has been changed to follow symbolic links. -.\" The -.\" .BR lchown (2) -.\" system call was added later when the limitations of the new -.\" .BR chown (2) -.\" became apparent. -.SS Obtaining a file descriptor that refers to a symbolic link -Using the combination of the -.B O_PATH -and -.B O_NOFOLLOW -flags to -.BR open (2) -yields a file descriptor that can be passed as the -.I dirfd -argument in system calls such as -.BR fstatat (2), -.BR fchownat (2), -.BR fchmodat (2), -.BR linkat (2), -and -.BR readlinkat (2), -in order to operate on the symbolic link itself -(rather than the file to which it refers). -.P -By default -(i.e., if the -.B AT_SYMLINK_FOLLOW -flag is not specified), if -.BR name_to_handle_at (2) -is applied to a symbolic link, it yields a handle for the symbolic link -(rather than the file to which it refers). -One can then obtain a file descriptor for the symbolic link -(rather than the file to which it refers) -by specifying the -.B O_PATH -flag in a subsequent call to -.BR open_by_handle_at (2). -Again, that file descriptor can be used in the -aforementioned system calls to operate on the symbolic link itself. -.SS Handling of symbolic links by system calls and commands -Symbolic links are handled either by operating on the link itself, -or by operating on the object referred to by the link. -In the latter case, -an application or system call is said to -.I follow -the link. -Symbolic links may refer to other symbolic links, -in which case the links are dereferenced until an object that is -not a symbolic link is found, -a symbolic link that refers to a file which does not exist is found, -or a loop is detected. -(Loop detection is done by placing an upper limit on the number of -links that may be followed, and an error results if this limit is -exceeded.) -.P -There are three separate areas that need to be discussed. -They are as follows: -.IP \[bu] 3 -Symbolic links used as filename arguments for system calls. -.IP \[bu] -Symbolic links specified as command-line arguments to utilities that -are not traversing a file tree. -.IP \[bu] -Symbolic links encountered by utilities that are traversing a file tree -(either specified on the command line or encountered as part of the -file hierarchy walk). -.P -Before describing the treatment of symbolic links by system calls and commands, -we require some terminology. -Given a pathname of the form -.IR a/b/c , -the part preceding the final slash (i.e., -.IR a/b ) -is called the -.I dirname -component, and the part following the final slash (i.e., -.IR c ) -is called the -.I basename -component. -.\" -.SS Treatment of symbolic links in system calls -The first area is symbolic links used as filename arguments for -system calls. -.P -The treatment of symbolic links within a pathname passed to -a system call is as follows: -.IP (1) 5 -Within the dirname component of a pathname, -symbolic links are always followed in nearly every system call. -(This is also true for commands.) -The one exception is -.BR openat2 (2), -which provides flags that can be used to explicitly -prevent following of symbolic links in the dirname component. -.IP (2) -Except as noted below, -all system calls follow symbolic links -in the basename component of a pathname. -For example, if there were a symbolic link -.I slink -which pointed to a file named -.IR afile , -the system call -.I "open(""slink"" ...\&)" -would return a file descriptor referring to the file -.IR afile . -.P -Various system calls do not follow links in -the basename component of a pathname, -and operate on the symbolic link itself. -They are: -.BR lchown (2), -.BR lgetxattr (2), -.BR llistxattr (2), -.BR lremovexattr (2), -.BR lsetxattr (2), -.BR lstat (2), -.BR readlink (2), -.BR rename (2), -.BR rmdir (2), -and -.BR unlink (2). -.P -Certain other system calls optionally follow symbolic links -in the basename component of a pathname. -They are: -.BR faccessat (2), -.\" Maybe one day: .BR fchownat (2) -.BR fchownat (2), -.BR fstatat (2), -.BR linkat (2), -.BR name_to_handle_at (2), -.BR open (2), -.BR openat (2), -.BR open_by_handle_at (2), -and -.BR utimensat (2); -see their manual pages for details. -Because -.BR remove (3) -is an alias for -.BR unlink (2), -that library function also does not follow symbolic links. -When -.BR rmdir (2) -is applied to a symbolic link, it fails with the error -.BR ENOTDIR . -.P -.BR link (2) -warrants special discussion. -POSIX.1-2001 specifies that -.BR link (2) -should dereference -.I oldpath -if it is a symbolic link. -However, Linux does not do this. -(By default, Solaris is the same, -but the POSIX.1-2001 specified behavior can be obtained with -suitable compiler options.) -POSIX.1-2008 changed the specification to allow -either behavior in an implementation. -.SS Commands not traversing a file tree -The second area is symbolic links, specified as command-line -filename arguments, to commands which are not traversing a file tree. -.P -Except as noted below, commands follow symbolic links named as -command-line arguments. -For example, if there were a symbolic link -.I slink -which pointed to a file named -.IR afile , -the command -.I "cat slink" -would display the contents of the file -.IR afile . -.P -It is important to realize that this rule includes commands which may -optionally traverse file trees; for example, the command -.I "chown file" -is included in this rule, while the command -.IR "chown\ \-R file" , -which performs a tree traversal, is not. -(The latter is described in the third area, below.) -.P -If it is explicitly intended that the command operate on the symbolic -link instead of following the symbolic link\[em]for example, it is desired that -.I "chown slink" -change the ownership of the file that -.I slink -is, whether it is a symbolic link or not\[em]then the -.I \-h -option should be used. -In the above example, -.I "chown root slink" -would change the ownership of the file referred to by -.IR slink , -while -.I "chown\ \-h root slink" -would change the ownership of -.I slink -itself. -.P -There are some exceptions to this rule: -.IP \[bu] 3 -The -.BR mv (1) -and -.BR rm (1) -commands do not follow symbolic links named as arguments, -but respectively attempt to rename and delete them. -(Note, if the symbolic link references a file via a relative path, -moving it to another directory may very well cause it to stop working, -since the path may no longer be correct.) -.IP \[bu] -The -.BR ls (1) -command is also an exception to this rule. -For compatibility with historic systems (when -.BR ls (1) -is not doing a tree walk\[em]that is, -.I \-R -option is not specified), -the -.BR ls (1) -command follows symbolic links named as arguments if the -.I \-H -or -.I \-L -option is specified, -or if the -.IR \-F , -.IR \-d , -or -.I \-l -options are not specified. -(The -.BR ls (1) -command is the only command where the -.I \-H -and -.I \-L -options affect its behavior even though it is not doing a walk of -a file tree.) -.IP \[bu] -The -.BR file (1) -command is also an exception to this rule. -The -.BR file (1) -command does not follow symbolic links named as argument by default. -The -.BR file (1) -command does follow symbolic links named as argument if the -.I \-L -option is specified. -.\" -.\"The 4.4BSD system differs from historical 4BSD systems in that the -.\".BR chown (1) -.\"and -.\".BR chgrp (1) -.\"commands follow symbolic links specified on the command line. -.SS Commands traversing a file tree -The following commands either optionally or always traverse file trees: -.BR chgrp (1), -.BR chmod (1), -.BR chown (1), -.BR cp (1), -.BR du (1), -.BR find (1), -.BR ls (1), -.BR pax (1), -.BR rm (1), -and -.BR tar (1). -.P -It is important to realize that the following rules apply equally to -symbolic links encountered during the file tree traversal and symbolic -links listed as command-line arguments. -.P -The \fIfirst rule\fP applies to symbolic links that reference files other -than directories. -Operations that apply to symbolic links are performed on the links -themselves, but otherwise the links are ignored. -.P -The command -.I "rm\ \-r slink directory" -will remove -.IR slink , -as well as any symbolic links encountered in the tree traversal of -.IR directory , -because symbolic links may be removed. -In no case will -.BR rm (1) -affect the file referred to by -.IR slink . -.P -The \fIsecond rule\fP applies to symbolic links that refer to directories. -Symbolic links that refer to directories are never followed by default. -This is often referred to as a "physical" walk, as opposed to a "logical" -walk (where symbolic links that refer to directories are followed). -.P -Certain conventions are (should be) followed as consistently as -possible by commands that perform file tree walks: -.IP \[bu] 3 -A command can be made to follow -any symbolic links named on the command line, -regardless of the type of file they reference, by specifying the -.I \-H -(for "half-logical") flag. -This flag is intended to make the command-line name space look -like the logical name space. -(Note, for commands that do not always do file tree traversals, the -.I \-H -flag will be ignored if the -.I \-R -flag is not also specified.) -.IP -For example, the command -.I "chown\ \-HR user slink" -will traverse the file hierarchy rooted in the file pointed to by -.IR slink . -Note, the -.I \-H -is not the same as the previously discussed -.I \-h -flag. -The -.I \-H -flag causes symbolic links specified on the command line to be -dereferenced for the purposes of both the action to be performed -and the tree walk, and it is as if the user had specified the -name of the file to which the symbolic link pointed. -.IP \[bu] -A command can be made to -follow any symbolic links named on the command line, -as well as any symbolic links encountered during the traversal, -regardless of the type of file they reference, by specifying the -.I \-L -(for "logical") flag. -This flag is intended to make the entire name space look like -the logical name space. -(Note, for commands that do not always do file tree traversals, the -.I \-L -flag will be ignored if the -.I \-R -flag is not also specified.) -.IP -For example, the command -.I "chown\ \-LR user slink" -will change the owner of the file referred to by -.IR slink . -If -.I slink -refers to a directory, -.B chown -will traverse the file hierarchy rooted in the directory that it -references. -In addition, if any symbolic links are encountered in any file tree that -.B chown -traverses, they will be treated in the same fashion as -.IR slink . -.IP \[bu] -A command can be made to -provide the default behavior by specifying the -.I \-P -(for "physical") flag. -This flag is intended to make the entire name space look like the -physical name space. -.P -For commands that do not by default do file tree traversals, the -.IR \-H , -.IR \-L , -and -.I \-P -flags are ignored if the -.I \-R -flag is not also specified. -In addition, you may specify the -.IR \-H , -.IR \-L , -and -.I \-P -options more than once; -the last one specified determines the command's behavior. -This is intended to permit you to alias commands to behave one way -or the other, and then override that behavior on the command line. -.P -The -.BR ls (1) -and -.BR rm (1) -commands have exceptions to these rules: -.IP \[bu] 3 -The -.BR rm (1) -command operates on the symbolic link, and not the file it references, -and therefore never follows a symbolic link. -The -.BR rm (1) -command does not support the -.IR \-H , -.IR \-L , -or -.I \-P -options. -.IP \[bu] -To maintain compatibility with historic systems, -the -.BR ls (1) -command acts a little differently. -If you do not specify the -.IR \-F , -.IR \-d , -or -.I \-l -options, -.BR ls (1) -will follow symbolic links specified on the command line. -If the -.I \-L -flag is specified, -.BR ls (1) -follows all symbolic links, -regardless of their type, -whether specified on the command line or encountered in the tree walk. -.SH SEE ALSO -.BR chgrp (1), -.BR chmod (1), -.BR find (1), -.BR ln (1), -.BR ls (1), -.BR mv (1), -.BR namei (1), -.BR rm (1), -.BR lchown (2), -.BR link (2), -.BR lstat (2), -.BR readlink (2), -.BR rename (2), -.BR symlink (2), -.BR unlink (2), -.BR utimensat (2), -.BR lutimes (3), -.BR path_resolution (7) diff --git a/man7/system_data_types.7 b/man7/system_data_types.7 deleted file mode 100644 index f79b65d..0000000 --- a/man7/system_data_types.7 +++ /dev/null @@ -1,242 +0,0 @@ -.\" Copyright (c) 2020 by Alejandro Colomar -.\" and Copyright (c) 2020 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH system_data_types 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -system_data_types \- overview of system data types -.SH DESCRIPTION -.\" Layout: -.\" A list of type names (the struct/union keyword will be omitted). -.\" Each entry will have the following parts: -.\" * Include (see NOTES) -.\" -.\" * Definition (no "Definition" header) -.\" Only struct/union types will have definition; -.\" typedefs will remain opaque. -.\" -.\" * Description (no "Description" header) -.\" A few lines describing the type. -.\" -.\" * Versions (optional) -.\" -.\" * Conforming to (see NOTES) -.\" Format: CXY and later; POSIX.1-XXXX and later. -.\" -.\" * Notes (optional) -.\" -.\" * Bugs (if any) -.\" -.\" * See also -.\"------------------------------------- aiocb ------------------------/ -.\"------------------------------------- blkcnt_t ---------------------/ -.\"------------------------------------- blksize_t --------------------/ -.\"------------------------------------- cc_t -------------------------/ -.\"------------------------------------- clock_t ----------------------/ -.\"------------------------------------- clockid_t --------------------/ -.\"------------------------------------- dev_t ------------------------/ -.\"------------------------------------- div_t ------------------------/ -.\"------------------------------------- double_t ---------------------/ -.\"------------------------------------- fd_set -----------------------/ -.\"------------------------------------- fenv_t -----------------------/ -.\"------------------------------------- fexcept_t --------------------/ -.\"------------------------------------- FILE -------------------------/ -.\"------------------------------------- float_t ----------------------/ -.\"------------------------------------- gid_t ------------------------/ -.\"------------------------------------- id_t -------------------------/ -.\"------------------------------------- imaxdiv_t --------------------/ -.\"------------------------------------- intmax_t ---------------------/ -.\"------------------------------------- intN_t -----------------------/ -.\"------------------------------------- intptr_t ---------------------/ -.\"------------------------------------- lconv ------------------------/ -.\"------------------------------------- ldiv_t -----------------------/ -.\"------------------------------------- lldiv_t ----------------------/ -.\"------------------------------------- mode_t -----------------------/ -.\"------------------------------------- off64_t ----------------------/ -.\"------------------------------------- off_t ------------------------/ -.\"------------------------------------- pid_t ------------------------/ -.\"------------------------------------- ptrdiff_t --------------------/ -.\"------------------------------------- regex_t ----------------------/ -.\"------------------------------------- regmatch_t -------------------/ -.\"------------------------------------- regoff_t ---------------------/ -.\"------------------------------------- sigevent ---------------------/ -.\"------------------------------------- siginfo_t --------------------/ -.TP -.I siginfo_t -.RS -.IR Include : -.IR . -Alternatively, -.IR . -.P -.EX -typedef struct { - int si_signo; /* Signal number */ - int si_code; /* Signal code */ - pid_t si_pid; /* Sending process ID */ - uid_t si_uid; /* Real user ID of sending process */ - void *si_addr; /* Memory location which caused fault */ - int si_status; /* Exit value or signal */ - union sigval si_value; /* Signal value */ -} siginfo_t; -.EE -.P -Information associated with a signal. -For further details on this structure -(including additional, Linux-specific fields), see -.BR sigaction (2). -.P -.IR "Conforming to" : -POSIX.1-2001 and later. -.P -.IR "See also" : -.BR pidfd_send_signal (2), -.BR rt_sigqueueinfo (2), -.BR sigaction (2), -.BR sigwaitinfo (2), -.BR psiginfo (3) -.RE -.\"------------------------------------- sigset_t ---------------------/ -.TP -.I sigset_t -.RS -.IR Include : -.IR . -Alternatively, -.IR , -or -.IR . -.P -This is a type that represents a set of signals. -According to POSIX, this shall be an integer or structure type. -.P -.IR "Conforming to" : -POSIX.1-2001 and later. -.P -.IR "See also" : -.BR epoll_pwait (2), -.BR ppoll (2), -.BR pselect (2), -.BR sigaction (2), -.BR signalfd (2), -.BR sigpending (2), -.BR sigprocmask (2), -.BR sigsuspend (2), -.BR sigwaitinfo (2), -.BR signal (7) -.RE -.\"------------------------------------- sigval -----------------------/ -.\"------------------------------------- size_t -----------------------/ -.\"------------------------------------- sockaddr ---------------------/ -.\"------------------------------------- socklen_t --------------------/ -.\"------------------------------------- ssize_t ----------------------/ -.\"------------------------------------- stat -------------------------/ -.\"------------------------------------- suseconds_t ------------------/ -.\"------------------------------------- time_t -----------------------/ -.\"------------------------------------- timer_t ----------------------/ -.\"------------------------------------- timespec ---------------------/ -.\"------------------------------------- timeval ----------------------/ -.\"------------------------------------- uid_t ----------------------/ -.\"------------------------------------- uintmax_t --------------------/ -.\"------------------------------------- uintN_t ----------------------/ -.\"------------------------------------- uintptr_t --------------------/ -.\"------------------------------------- useconds_t -------------------/ -.\"------------------------------------- va_list ----------------------/ -.\"------------------------------------- void * -----------------------/ -.\"--------------------------------------------------------------------/ -.SH NOTES -The structures described in this manual page shall contain, -at least, the members shown in their definition, in no particular order. -.P -Most of the integer types described in this page don't have -a corresponding length modifier for the -.BR printf (3) -and the -.BR scanf (3) -families of functions. -To print a value of an integer type that doesn't have a length modifier, -it should be converted to -.I intmax_t -or -.I uintmax_t -by an explicit cast. -To scan into a variable of an integer type -that doesn't have a length modifier, -an intermediate temporary variable of type -.I intmax_t -or -.I uintmax_t -should be used. -When copying from the temporary variable to the destination variable, -the value could overflow. -If the type has upper and lower limits, -the user should check that the value is within those limits, -before actually copying the value. -The example below shows how these conversions should be done. -.SS Conventions used in this page -In "Conforming to" we only concern ourselves with -C99 and later and POSIX.1-2001 and later. -Some types may be specified in earlier versions of one of these standards, -but in the interests of simplicity we omit details from earlier standards. -.P -In "Include", we first note the "primary" header(s) that -define the type according to either the C or POSIX.1 standards. -Under "Alternatively", we note additional headers that -the standards specify shall define the type. -.SH EXAMPLES -The program shown below scans from a string and prints a value stored in -a variable of an integer type that doesn't have a length modifier. -The appropriate conversions from and to -.IR intmax_t , -and the appropriate range checks, -are used as explained in the notes section above. -.P -.EX -#include -#include -#include -#include -\& -int -main (void) -{ - static const char *const str = "500000 us in half a second"; - suseconds_t us; - intmax_t tmp; -\& - /* Scan the number from the string into the temporary variable. */ -\& - sscanf(str, "%jd", &tmp); -\& - /* Check that the value is within the valid range of suseconds_t. */ -\& - if (tmp < \-1 || tmp > 1000000) { - fprintf(stderr, "Scanned value outside valid range!\en"); - exit(EXIT_FAILURE); - } -\& - /* Copy the value to the suseconds_t variable \[aq]us\[aq]. */ -\& - us = tmp; -\& - /* Even though suseconds_t can hold the value \-1, this isn\[aq]t - a sensible number of microseconds. */ -\& - if (us < 0) { - fprintf(stderr, "Scanned value shouldn\[aq]t be negative!\en"); - exit(EXIT_FAILURE); - } -\& - /* Print the value. */ -\& - printf("There are %jd microseconds in half a second.\en", - (intmax_t) us); -\& - exit(EXIT_SUCCESS); -} -.EE -.SH SEE ALSO -.BR feature_test_macros (7), -.BR standards (7) diff --git a/man7/sysvipc.7 b/man7/sysvipc.7 deleted file mode 100644 index 11c08ab..0000000 --- a/man7/sysvipc.7 +++ /dev/null @@ -1,99 +0,0 @@ -.\" Copyright 2020 Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH sysvipc 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -sysvipc \- System V interprocess communication mechanisms -.SH DESCRIPTION -System V IPC is the name given to three interprocess -communication mechanisms that are widely available on UNIX systems: -message queues, semaphore, and shared memory. -.\" -.SS Message queues -System V message queues allow data to be exchanged in units called messages. -Each message can have an associated priority. -POSIX message queues provide an alternative API for achieving the same result; -see -.BR mq_overview (7). -.P -The System V message queue API consists of the following system calls: -.TP -.BR msgget (2) -Create a new message queue or obtain the ID of an existing message queue. -This call returns an identifier that is used in the remaining APIs. -.TP -.BR msgsnd (2) -Add a message to a queue. -.TP -.BR msgrcv (2) -Remove a message from a queue. -.TP -.BR msgctl (2) -Perform various control operations on a queue, including deletion. -.\" -.SS Semaphore sets -System V semaphores allow processes to synchronize their actions. -System V semaphores are allocated in groups called sets; -each semaphore in a set is a counting semaphore. -POSIX semaphores provide an alternative API for achieving the same result; -see -.BR sem_overview (7). -.P -The System V semaphore API consists of the following system calls: -.TP -.BR semget (2) -Create a new set or obtain the ID of an existing set. -This call returns an identifier that is used in the remaining APIs. -.TP -.BR semop (2) -Perform operations on the semaphores in a set. -.TP -.BR semctl (2) -Perform various control operations on a set, including deletion. -.\" -.SS Shared memory segments -System V shared memory allows processes to share a region a memory -(a "segment"). -POSIX shared memory is an alternative API for achieving the same result; see -.BR shm_overview (7). -.P -The System V shared memory API consists of the following system calls: -.TP -.BR shmget (2) -Create a new segment or obtain the ID of an existing segment. -This call returns an identifier that is used in the remaining APIs. -.TP -.BR shmat (2) -Attach an existing shared memory object into the calling process's -address space. -.TP -.BR shmdt (2) -Detach a segment from the calling process's address space. -.TP -.BR shmctl (2) -Perform various control operations on a segment, including deletion. -.\" -.SS IPC namespaces -For a discussion of the interaction of System V IPC objects and -IPC namespaces, see -.BR ipc_namespaces (7). -.SH SEE ALSO -.BR ipcmk (1), -.BR ipcrm (1), -.BR ipcs (1), -.BR lsipc (1), -.BR ipc (2), -.BR msgctl (2), -.BR msgget (2), -.BR msgrcv (2), -.BR msgsnd (2), -.BR semctl (2), -.BR semget (2), -.BR semop (2), -.BR shmat (2), -.BR shmctl (2), -.BR shmdt (2), -.BR shmget (2), -.BR ftok (3), -.BR ipc_namespaces (7) diff --git a/man7/tcp.7 b/man7/tcp.7 deleted file mode 100644 index 2b1d333..0000000 --- a/man7/tcp.7 +++ /dev/null @@ -1,1563 +0,0 @@ -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" and Copyright (C) 2008 Michael Kerrisk -.\" Note also that many pieces are drawn from the kernel source file -.\" Documentation/networking/ip-sysctl.txt. -.\" -.\" 2.4 Updates by Nivedita Singhvi 4/20/02 . -.\" Modified, 2004-11-11, Michael Kerrisk and Andries Brouwer -.\" Updated details of interaction of TCP_CORK and TCP_NODELAY. -.\" -.\" 2008-11-21, mtk, many, many updates. -.\" The descriptions of /proc files and socket options should now -.\" be more or less up to date and complete as at Linux 2.6.27 -.\" (other than the remaining FIXMEs in the page source below). -.\" -.\" FIXME The following need to be documented -.\" TCP_MD5SIG (2.6.20) -.\" commit cfb6eeb4c860592edd123fdea908d23c6ad1c7dc -.\" Author was yoshfuji@linux-ipv6.org -.\" Needs CONFIG_TCP_MD5SIG -.\" From net/inet/Kconfig: -.\" bool "TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL)" -.\" RFC2385 specifies a method of giving MD5 protection to TCP sessions. -.\" Its main (only?) use is to protect BGP sessions between core routers -.\" on the Internet. -.\" -.\" There is a TCP_MD5SIG option documented in FreeBSD's tcp(4), -.\" but probably many details are different on Linux -.\" http://thread.gmane.org/gmane.linux.network/47490 -.\" http://www.daemon-systems.org/man/tcp.4.html -.\" http://article.gmane.org/gmane.os.netbsd.devel.network/3767/match=tcp_md5sig+freebsd -.\" -.\" TCP_COOKIE_TRANSACTIONS (2.6.33) -.\" commit 519855c508b9a17878c0977a3cdefc09b59b30df -.\" Author: William Allen Simpson -.\" commit e56fb50f2b7958b931c8a2fc0966061b3f3c8f3a -.\" Author: William Allen Simpson -.\" -.\" REMOVED in Linux 3.10 -.\" commit 1a2c6181c4a1922021b4d7df373bba612c3e5f04 -.\" Author: Christoph Paasch -.\" -.\" TCP_THIN_LINEAR_TIMEOUTS (2.6.34) -.\" commit 36e31b0af58728071e8023cf8e20c5166b700717 -.\" Author: Andreas Petlund -.\" -.\" TCP_THIN_DUPACK (2.6.34) -.\" commit 7e38017557bc0b87434d184f8804cadb102bb903 -.\" Author: Andreas Petlund -.\" -.\" TCP_REPAIR (3.5) -.\" commit ee9952831cfd0bbe834f4a26489d7dce74582e37 -.\" Author: Pavel Emelyanov -.\" See also -.\" http://criu.org/TCP_connection -.\" https://lwn.net/Articles/495304/ -.\" -.\" TCP_REPAIR_QUEUE (3.5) -.\" commit ee9952831cfd0bbe834f4a26489d7dce74582e37 -.\" Author: Pavel Emelyanov -.\" -.\" TCP_QUEUE_SEQ (3.5) -.\" commit ee9952831cfd0bbe834f4a26489d7dce74582e37 -.\" Author: Pavel Emelyanov -.\" -.\" TCP_REPAIR_OPTIONS (3.5) -.\" commit b139ba4e90dccbf4cd4efb112af96a5c9e0b098c -.\" Author: Pavel Emelyanov -.\" -.\" TCP_FASTOPEN (3.6) -.\" (Fast Open server side implementation completed in Linux 3.7) -.\" http://lwn.net/Articles/508865/ -.\" -.\" TCP_TIMESTAMP (3.9) -.\" commit 93be6ce0e91b6a94783e012b1857a347a5e6e9f2 -.\" Author: Andrey Vagin -.\" -.\" TCP_NOTSENT_LOWAT (3.12) -.\" commit c9bee3b7fdecb0c1d070c7b54113b3bdfb9a3d36 -.\" Author: Eric Dumazet -.\" -.\" TCP_CC_INFO (4.1) -.\" commit 6e9250f59ef9efb932c84850cd221f22c2a03c4a -.\" Author: Eric Dumazet -.\" -.\" TCP_SAVE_SYN, TCP_SAVED_SYN (4.2) -.\" commit cd8ae85299d54155702a56811b2e035e63064d3d -.\" Author: Eric Dumazet -.\" -.TH tcp 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -tcp \- TCP protocol -.SH SYNOPSIS -.nf -.B #include -.B #include -.B #include -.P -.IB tcp_socket " = socket(AF_INET, SOCK_STREAM, 0);" -.fi -.SH DESCRIPTION -This is an implementation of the TCP protocol defined in -RFC\ 793, RFC\ 1122 and RFC\ 2001 with the NewReno and SACK -extensions. -It provides a reliable, stream-oriented, -full-duplex connection between two sockets on top of -.BR ip (7), -for both v4 and v6 versions. -TCP guarantees that the data arrives in order and -retransmits lost packets. -It generates and checks a per-packet checksum to catch -transmission errors. -TCP does not preserve record boundaries. -.P -A newly created TCP socket has no remote or local address and is not -fully specified. -To create an outgoing TCP connection use -.BR connect (2) -to establish a connection to another TCP socket. -To receive new incoming connections, first -.BR bind (2) -the socket to a local address and port and then call -.BR listen (2) -to put the socket into the listening state. -After that a new socket for each incoming connection can be accepted using -.BR accept (2). -A socket which has had -.BR accept (2) -or -.BR connect (2) -successfully called on it is fully specified and may transmit data. -Data cannot be transmitted on listening or not yet connected sockets. -.P -Linux supports RFC\ 1323 TCP high performance -extensions. -These include Protection Against Wrapped -Sequence Numbers (PAWS), Window Scaling and Timestamps. -Window scaling allows the use -of large (> 64\ kB) TCP windows in order to support links with high -latency or bandwidth. -To make use of them, the send and receive buffer sizes must be increased. -They can be set globally with the -.I /proc/sys/net/ipv4/tcp_wmem -and -.I /proc/sys/net/ipv4/tcp_rmem -files, or on individual sockets by using the -.B SO_SNDBUF -and -.B SO_RCVBUF -socket options with the -.BR setsockopt (2) -call. -.P -The maximum sizes for socket buffers declared via the -.B SO_SNDBUF -and -.B SO_RCVBUF -mechanisms are limited by the values in the -.I /proc/sys/net/core/rmem_max -and -.I /proc/sys/net/core/wmem_max -files. -Note that TCP actually allocates twice the size of -the buffer requested in the -.BR setsockopt (2) -call, and so a succeeding -.BR getsockopt (2) -call will not return the same size of buffer as requested in the -.BR setsockopt (2) -call. -TCP uses the extra space for administrative purposes and internal -kernel structures, and the -.I /proc -file values reflect the -larger sizes compared to the actual TCP windows. -On individual connections, the socket buffer size must be set prior to the -.BR listen (2) -or -.BR connect (2) -calls in order to have it take effect. -See -.BR socket (7) -for more information. -.P -TCP supports urgent data. -Urgent data is used to signal the -receiver that some important message is part of the data -stream and that it should be processed as soon as possible. -To send urgent data specify the -.B MSG_OOB -option to -.BR send (2). -When urgent data is received, the kernel sends a -.B SIGURG -signal to the process or process group that has been set as the -socket "owner" using the -.B SIOCSPGRP -or -.B FIOSETOWN -ioctls (or the POSIX.1-specified -.BR fcntl (2) -.B F_SETOWN -operation). -When the -.B SO_OOBINLINE -socket option is enabled, urgent data is put into the normal -data stream (a program can test for its location using the -.B SIOCATMARK -ioctl described below), -otherwise it can be received only when the -.B MSG_OOB -flag is set for -.BR recv (2) -or -.BR recvmsg (2). -.P -When out-of-band data is present, -.BR select (2) -indicates the file descriptor as having an exceptional condition and -.I poll (2) -indicates a -.B POLLPRI -event. -.P -Linux 2.4 introduced a number of changes for improved -throughput and scaling, as well as enhanced functionality. -Some of these features include support for zero-copy -.BR sendfile (2), -Explicit Congestion Notification, new -management of TIME_WAIT sockets, keep-alive socket options -and support for Duplicate SACK extensions. -.SS Address formats -TCP is built on top of IP (see -.BR ip (7)). -The address formats defined by -.BR ip (7) -apply to TCP. -TCP supports point-to-point communication only; -broadcasting and multicasting are not -supported. -.SS /proc interfaces -System-wide TCP parameter settings can be accessed by files in the directory -.IR /proc/sys/net/ipv4/ . -In addition, most IP -.I /proc -interfaces also apply to TCP; see -.BR ip (7). -Variables described as -.I Boolean -take an integer value, with a nonzero value ("true") meaning that -the corresponding option is enabled, and a zero value ("false") -meaning that the option is disabled. -.TP -.IR tcp_abc " (Integer; default: 0; Linux 2.6.15 to Linux 3.8)" -.\" Since Linux 2.6.15; removed in Linux 3.9 -.\" commit ca2eb5679f8ddffff60156af42595df44a315ef0 -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -Control the Appropriate Byte Count (ABC), defined in RFC 3465. -ABC is a way of increasing the congestion window -.RI ( cwnd ) -more slowly in response to partial acknowledgements. -Possible values are: -.RS -.TP -.B 0 -increase -.I cwnd -once per acknowledgement (no ABC) -.TP -.B 1 -increase -.I cwnd -once per acknowledgement of full sized segment -.TP -.B 2 -allow increase -.I cwnd -by two if acknowledgement is -of two segments to compensate for delayed acknowledgements. -.RE -.TP -.IR tcp_abort_on_overflow " (Boolean; default: disabled; since Linux 2.4)" -.\" Since Linux 2.3.41 -Enable resetting connections if the listening service is too -slow and unable to keep up and accept them. -It means that if overflow occurred due -to a burst, the connection will recover. -Enable this option -.I only -if you are really sure that the listening daemon -cannot be tuned to accept connections faster. -Enabling this option can harm the clients of your server. -.TP -.IR tcp_adv_win_scale " (integer; default: 2; since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -Count buffering overhead as -.IR "bytes/2\[ha]tcp_adv_win_scale" , -if -.I tcp_adv_win_scale -is greater than 0; or -.IR "bytes\-bytes/2\[ha](\-tcp_adv_win_scale)" , -if -.I tcp_adv_win_scale -is less than or equal to zero. -.IP -The socket receive buffer space is shared between the -application and kernel. -TCP maintains part of the buffer as -the TCP window, this is the size of the receive window -advertised to the other end. -The rest of the space is used -as the "application" buffer, used to isolate the network -from scheduling and application latencies. -The -.I tcp_adv_win_scale -default value of 2 implies that the space -used for the application buffer is one fourth that of the total. -.TP -.IR tcp_allowed_congestion_control " (String; default: see text; since Linux 2.4.20)" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -Show/set the congestion control algorithm choices available to unprivileged -processes (see the description of the -.B TCP_CONGESTION -socket option). -The items in the list are separated by white space and -terminated by a newline character. -The list is a subset of those listed in -.IR tcp_available_congestion_control . -The default value for this list is "reno" plus the default setting of -.IR tcp_congestion_control . -.TP -.IR tcp_autocorking " (Boolean; default: enabled; since Linux 3.14)" -.\" commit f54b311142a92ea2e42598e347b84e1655caf8e3 -.\" Text heavily based on Documentation/networking/ip-sysctl.txt -If this option is enabled, the kernel tries to coalesce small writes -(from consecutive -.BR write (2) -and -.BR sendmsg (2) -calls) as much as possible, -in order to decrease the total number of sent packets. -Coalescing is done if at least one prior packet for the flow -is waiting in Qdisc queues or device transmit queue. -Applications can still use the -.B TCP_CORK -socket option to obtain optimal behavior -when they know how/when to uncork their sockets. -.TP -.IR tcp_available_congestion_control " (String; read-only; since Linux 2.4.20)" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -Show a list of the congestion-control algorithms -that are registered. -The items in the list are separated by white space and -terminated by a newline character. -This list is a limiting set for the list in -.IR tcp_allowed_congestion_control . -More congestion-control algorithms may be available as modules, -but not loaded. -.TP -.IR tcp_app_win " (integer; default: 31; since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -This variable defines how many -bytes of the TCP window are reserved for buffering overhead. -.IP -A maximum of (\fIwindow/2\[ha]tcp_app_win\fP, mss) bytes in the window -are reserved for the application buffer. -A value of 0 implies that no amount is reserved. -.\" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_base_mss " (Integer; default: 512; since Linux 2.6.17)" -The initial value of -.I search_low -to be used by the packetization layer Path MTU discovery (MTU probing). -If MTU probing is enabled, -this is the initial MSS used by the connection. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_bic " (Boolean; default: disabled; Linux 2.4.27/2.6.6 to Linux 2.6.13)" -Enable BIC TCP congestion control algorithm. -BIC-TCP is a sender-side-only change that ensures a linear RTT -fairness under large windows while offering both scalability and -bounded TCP-friendliness. -The protocol combines two schemes -called additive increase and binary search increase. -When the congestion window is large, additive increase with a large -increment ensures linear RTT fairness as well as good scalability. -Under small congestion windows, binary search -increase provides TCP friendliness. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_bic_low_window " (integer; default: 14; Linux 2.4.27/2.6.6 to Linux 2.6.13)" -Set the threshold window (in packets) where BIC TCP starts to -adjust the congestion window. -Below this threshold BIC TCP behaves the same as the default TCP Reno. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_bic_fast_convergence " (Boolean; default: enabled; Linux 2.4.27/2.6.6 to Linux 2.6.13)" -Force BIC TCP to more quickly respond to changes in congestion window. -Allows two flows sharing the same connection to converge more rapidly. -.TP -.IR tcp_congestion_control " (String; default: see text; since Linux 2.4.13)" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -Set the default congestion-control algorithm to be used for new connections. -The algorithm "reno" is always available, -but additional choices may be available depending on kernel configuration. -The default value for this file is set as part of kernel configuration. -.TP -.IR tcp_dma_copybreak " (integer; default: 4096; since Linux 2.6.24)" -Lower limit, in bytes, of the size of socket reads that will be -offloaded to a DMA copy engine, if one is present in the system -and the kernel was configured with the -.B CONFIG_NET_DMA -option. -.TP -.IR tcp_dsack " (Boolean; default: enabled; since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -Enable RFC\ 2883 TCP Duplicate SACK support. -.TP -.IR tcp_fastopen " (Bitmask; default: 0x1; since Linux 3.7)" -Enables RFC\~7413 Fast Open support. -The flag is used as a bitmap with the following values: -.RS -.TP -.B 0x1 -Enables client side Fast Open support -.TP -.B 0x2 -Enables server side Fast Open support -.TP -.B 0x4 -Allows client side to transmit data in SYN without Fast Open option -.TP -.B 0x200 -Allows server side to accept SYN data without Fast Open option -.TP -.B 0x400 -Enables Fast Open on all listeners without -.B TCP_FASTOPEN -socket option -.RE -.TP -.IR tcp_fastopen_key " (since Linux 3.7)" -Set server side RFC\~7413 Fast Open key to generate Fast Open cookie -when server side Fast Open support is enabled. -.TP -.IR tcp_ecn " (Integer; default: see below; since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -Enable RFC\ 3168 Explicit Congestion Notification. -.IP -This file can have one of the following values: -.RS -.TP -.B 0 -Disable ECN. -Neither initiate nor accept ECN. -This was the default up to and including Linux 2.6.30. -.TP -.B 1 -Enable ECN when requested by incoming connections and also -request ECN on outgoing connection attempts. -.TP -.B 2 -.\" commit 255cac91c3c9ce7dca7713b93ab03c75b7902e0e -Enable ECN when requested by incoming connections, -but do not request ECN on outgoing connections. -This value is supported, and is the default, since Linux 2.6.31. -.RE -.IP -When enabled, connectivity to some destinations could be affected -due to older, misbehaving middle boxes along the path, causing -connections to be dropped. -However, to facilitate and encourage deployment with option 1, and -to work around such buggy equipment, the -.B tcp_ecn_fallback -option has been introduced. -.TP -.IR tcp_ecn_fallback " (Boolean; default: enabled; since Linux 4.1)" -.\" commit 492135557dc090a1abb2cfbe1a412757e3ed68ab -Enable RFC\ 3168, Section 6.1.1.1. fallback. -When enabled, outgoing ECN-setup SYNs that time out within the -normal SYN retransmission timeout will be resent with CWR and -ECE cleared. -.TP -.IR tcp_fack " (Boolean; default: enabled; since Linux 2.2)" -.\" Since Linux 2.1.92 -Enable TCP Forward Acknowledgement support. -.TP -.IR tcp_fin_timeout " (integer; default: 60; since Linux 2.2)" -.\" Since Linux 2.1.53 -This specifies how many seconds to wait for a final FIN packet before the -socket is forcibly closed. -This is strictly a violation of the TCP specification, -but required to prevent denial-of-service attacks. -In Linux 2.2, the default value was 180. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_frto " (integer; default: see below; since Linux 2.4.21/2.6)" -.\" Since Linux 2.4.21/2.5.43 -Enable F-RTO, an enhanced recovery algorithm for TCP retransmission -timeouts (RTOs). -It is particularly beneficial in wireless environments -where packet loss is typically due to random radio interference -rather than intermediate router congestion. -See RFC 4138 for more details. -.IP -This file can have one of the following values: -.RS -.TP -.B 0 -Disabled. -This was the default up to and including Linux 2.6.23. -.TP -.B 1 -The basic version F-RTO algorithm is enabled. -.TP -.B 2 -.\" commit c96fd3d461fa495400df24be3b3b66f0e0b152f9 -Enable SACK-enhanced F-RTO if flow uses SACK. -The basic version can be used also when -SACK is in use though in that case scenario(s) exists where F-RTO -interacts badly with the packet counting of the SACK-enabled TCP flow. -This value is the default since Linux 2.6.24. -.RE -.IP -Before Linux 2.6.22, this parameter was a Boolean value, -supporting just values 0 and 1 above. -.TP -.IR tcp_frto_response " (integer; default: 0; since Linux 2.6.22)" -When F-RTO has detected that a TCP retransmission timeout was spurious -(i.e., the timeout would have been avoided had TCP set a -longer retransmission timeout), -TCP has several options concerning what to do next. -Possible values are: -.RS -.TP -.B 0 -Rate halving based; a smooth and conservative response, -results in halved congestion window -.RI ( cwnd ) -and slow-start threshold -.RI ( ssthresh ) -after one RTT. -.TP -.B 1 -Very conservative response; not recommended because even -though being valid, it interacts poorly with the rest of Linux TCP; halves -.I cwnd -and -.I ssthresh -immediately. -.TP -.B 2 -Aggressive response; undoes congestion-control measures -that are now known to be unnecessary -(ignoring the possibility of a lost retransmission that would require -TCP to be more cautious); -.I cwnd -and -.I ssthresh -are restored to the values prior to timeout. -.RE -.TP -.IR tcp_keepalive_intvl " (integer; default: 75; since Linux 2.4)" -.\" Since Linux 2.3.18 -The number of seconds between TCP keep-alive probes. -.TP -.IR tcp_keepalive_probes " (integer; default: 9; since Linux 2.2)" -.\" Since Linux 2.1.43 -The maximum number of TCP keep-alive probes to send -before giving up and killing the connection if -no response is obtained from the other end. -.TP -.IR tcp_keepalive_time " (integer; default: 7200; since Linux 2.2)" -.\" Since Linux 2.1.43 -The number of seconds a connection needs to be idle -before TCP begins sending out keep-alive probes. -Keep-alives are sent only when the -.B SO_KEEPALIVE -socket option is enabled. -The default value is 7200 seconds (2 hours). -An idle connection is terminated after -approximately an additional 11 minutes (9 probes an interval -of 75 seconds apart) when keep-alive is enabled. -.IP -Note that underlying connection tracking mechanisms and -application timeouts may be much shorter. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_low_latency " (Boolean; default: disabled; since Linux 2.4.21/2.6; \ -obsolete since Linux 4.14)" -.\" Since Linux 2.4.21/2.5.60 -If enabled, the TCP stack makes decisions that prefer lower -latency as opposed to higher throughput. -It this option is disabled, then higher throughput is preferred. -An example of an application where this default should be -changed would be a Beowulf compute cluster. -Since Linux 4.14, -.\" commit b6690b14386698ce2c19309abad3f17656bdfaea -this file still exists, but its value is ignored. -.TP -.IR tcp_max_orphans " (integer; default: see below; since Linux 2.4)" -.\" Since Linux 2.3.41 -The maximum number of orphaned (not attached to any user file -handle) TCP sockets allowed in the system. -When this number is exceeded, -the orphaned connection is reset and a warning is printed. -This limit exists only to prevent simple denial-of-service attacks. -Lowering this limit is not recommended. -Network conditions might require you to increase the number of -orphans allowed, but note that each orphan can eat up to \[ti]64\ kB -of unswappable memory. -The default initial value is set equal to the kernel parameter NR_FILE. -This initial default is adjusted depending on the memory in the system. -.TP -.IR tcp_max_syn_backlog " (integer; default: see below; since Linux 2.2)" -.\" Since Linux 2.1.53 -The maximum number of queued connection requests which have -still not received an acknowledgement from the connecting client. -If this number is exceeded, the kernel will begin -dropping requests. -The default value of 256 is increased to -1024 when the memory present in the system is adequate or -greater (>= 128\ MB), and reduced to 128 for those systems with -very low memory (<= 32\ MB). -.IP -Before Linux 2.6.20, -.\" commit 72a3effaf633bcae9034b7e176bdbd78d64a71db -it was recommended that if this needed to be increased above 1024, -the size of the SYNACK hash table -.RB ( TCP_SYNQ_HSIZE ) -in -.I include/net/tcp.h -should be modified to keep -.IP -.in +4n -.EX -TCP_SYNQ_HSIZE * 16 <= tcp_max_syn_backlog -.EE -.in -.IP -and the kernel should be -recompiled. -In Linux 2.6.20, the fixed sized -.B TCP_SYNQ_HSIZE -was removed in favor of dynamic sizing. -.TP -.IR tcp_max_tw_buckets " (integer; default: see below; since Linux 2.4)" -.\" Since Linux 2.3.41 -The maximum number of sockets in TIME_WAIT state allowed in -the system. -This limit exists only to prevent simple denial-of-service attacks. -The default value of NR_FILE*2 is adjusted -depending on the memory in the system. -If this number is -exceeded, the socket is closed and a warning is printed. -.TP -.IR tcp_moderate_rcvbuf " (Boolean; default: enabled; since Linux 2.4.17/2.6.7)" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -If enabled, TCP performs receive buffer auto-tuning, -attempting to automatically size the buffer (no greater than -.IR tcp_rmem[2] ) -to match the size required by the path for full throughput. -.TP -.IR tcp_mem " (since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -This is a vector of 3 integers: [low, pressure, high]. -These bounds, measured in units of the system page size, -are used by TCP to track its memory usage. -The defaults are calculated at boot time from the amount of -available memory. -(TCP can only use -.I "low memory" -for this, which is limited to around 900 megabytes on 32-bit systems. -64-bit systems do not suffer this limitation.) -.RS -.TP -.I low -TCP doesn't regulate its memory allocation when the number -of pages it has allocated globally is below this number. -.TP -.I pressure -When the amount of memory allocated by TCP -exceeds this number of pages, TCP moderates its memory consumption. -This memory pressure state is exited -once the number of pages allocated falls below -the -.I low -mark. -.TP -.I high -The maximum number of pages, globally, that TCP will allocate. -This value overrides any other limits imposed by the kernel. -.RE -.TP -.IR tcp_mtu_probing " (integer; default: 0; since Linux 2.6.17)" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -This parameter controls TCP Packetization-Layer Path MTU Discovery. -The following values may be assigned to the file: -.RS -.TP -.B 0 -Disabled -.TP -.B 1 -Disabled by default, enabled when an ICMP black hole detected -.TP -.B 2 -Always enabled, use initial MSS of -.IR tcp_base_mss . -.RE -.TP -.IR tcp_no_metrics_save " (Boolean; default: disabled; since Linux 2.6.6)" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -By default, TCP saves various connection metrics in the route cache -when the connection closes, so that connections established in the -near future can use these to set initial conditions. -Usually, this increases overall performance, -but it may sometimes cause performance degradation. -If -.I tcp_no_metrics_save -is enabled, TCP will not cache metrics on closing connections. -.TP -.IR tcp_orphan_retries " (integer; default: 8; since Linux 2.4)" -.\" Since Linux 2.3.41 -The maximum number of attempts made to probe the other -end of a connection which has been closed by our end. -.TP -.IR tcp_reordering " (integer; default: 3; since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -The maximum a packet can be reordered in a TCP packet stream -without TCP assuming packet loss and going into slow start. -It is not advisable to change this number. -This is a packet reordering detection metric designed to -minimize unnecessary back off and retransmits provoked by -reordering of packets on a connection. -.TP -.IR tcp_retrans_collapse " (Boolean; default: enabled; since Linux 2.2)" -.\" Since Linux 2.1.96 -Try to send full-sized packets during retransmit. -.TP -.IR tcp_retries1 " (integer; default: 3; since Linux 2.2)" -.\" Since Linux 2.1.43 -The number of times TCP will attempt to retransmit a -packet on an established connection normally, -without the extra effort of getting the network layers involved. -Once we exceed this number of -retransmits, we first have the network layer -update the route if possible before each new retransmit. -The default is the RFC specified minimum of 3. -.TP -.IR tcp_retries2 " (integer; default: 15; since Linux 2.2)" -.\" Since Linux 2.1.43 -The maximum number of times a TCP packet is retransmitted -in established state before giving up. -The default value is 15, which corresponds to a duration of -approximately between 13 to 30 minutes, depending -on the retransmission timeout. -The RFC\ 1122 specified -minimum limit of 100 seconds is typically deemed too short. -.TP -.IR tcp_rfc1337 " (Boolean; default: disabled; since Linux 2.2)" -.\" Since Linux 2.1.90 -Enable TCP behavior conformant with RFC\ 1337. -When disabled, -if a RST is received in TIME_WAIT state, we close -the socket immediately without waiting for the end -of the TIME_WAIT period. -.TP -.IR tcp_rmem " (since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -This is a vector of 3 integers: [min, default, max]. -These parameters are used by TCP to regulate receive buffer sizes. -TCP dynamically adjusts the size of the -receive buffer from the defaults listed below, in the range -of these values, depending on memory available in the system. -.RS -.TP -.I min -minimum size of the receive buffer used by each TCP socket. -The default value is the system page size. -(On Linux 2.4, the default value is 4\ kB, lowered to -.B PAGE_SIZE -bytes in low-memory systems.) -This value -is used to ensure that in memory pressure mode, -allocations below this size will still succeed. -This is not -used to bound the size of the receive buffer declared -using -.B SO_RCVBUF -on a socket. -.TP -.I default -the default size of the receive buffer for a TCP socket. -This value overwrites the initial default buffer size from -the generic global -.I net.core.rmem_default -defined for all protocols. -The default value is 87380 bytes. -(On Linux 2.4, this will be lowered to 43689 in low-memory systems.) -If larger receive buffer sizes are desired, this value should -be increased (to affect all sockets). -To employ large TCP windows, the -.I net.ipv4.tcp_window_scaling -must be enabled (default). -.TP -.I max -the maximum size of the receive buffer used by each TCP socket. -This value does not override the global -.IR net.core.rmem_max . -This is not used to limit the size of the receive buffer declared using -.B SO_RCVBUF -on a socket. -The default value is calculated using the formula -.IP -.in +4n -.EX -max(87380, min(4\ MB, \fItcp_mem\fP[1]*PAGE_SIZE/128)) -.EE -.in -.IP -(On Linux 2.4, the default is 87380*2 bytes, -lowered to 87380 in low-memory systems). -.RE -.TP -.IR tcp_sack " (Boolean; default: enabled; since Linux 2.2)" -.\" Since Linux 2.1.36 -Enable RFC\ 2018 TCP Selective Acknowledgements. -.TP -.IR tcp_slow_start_after_idle " (Boolean; default: enabled; since Linux 2.6.18)" -.\" The following is from Linux 2.6.28-rc4: Documentation/networking/ip-sysctl.txt -If enabled, provide RFC 2861 behavior and time out the congestion -window after an idle period. -An idle period is defined as the current RTO (retransmission timeout). -If disabled, the congestion window will not -be timed out after an idle period. -.TP -.IR tcp_stdurg " (Boolean; default: disabled; since Linux 2.2)" -.\" Since Linux 2.1.44 -If this option is enabled, then use the RFC\ 1122 interpretation -of the TCP urgent-pointer field. -.\" RFC 793 was ambiguous in its specification of the meaning of the -.\" urgent pointer. RFC 1122 (and RFC 961) fixed on a particular -.\" resolution of this ambiguity (unfortunately the "wrong" one). -According to this interpretation, the urgent pointer points -to the last byte of urgent data. -If this option is disabled, then use the BSD-compatible interpretation of -the urgent pointer: -the urgent pointer points to the first byte after the urgent data. -Enabling this option may lead to interoperability problems. -.TP -.IR tcp_syn_retries " (integer; default: 6; since Linux 2.2)" -.\" Since Linux 2.1.38 -The maximum number of times initial SYNs for an active TCP -connection attempt will be retransmitted. -This value should not be higher than 255. -The default value is 6, which corresponds to retrying for up to -approximately 127 seconds. -Before Linux 3.7, -.\" commit 6c9ff979d1921e9fd05d89e1383121c2503759b9 -the default value was 5, which -(in conjunction with calculation based on other kernel parameters) -corresponded to approximately 180 seconds. -.TP -.IR tcp_synack_retries " (integer; default: 5; since Linux 2.2)" -.\" Since Linux 2.1.38 -The maximum number of times a SYN/ACK segment -for a passive TCP connection will be retransmitted. -This number should not be higher than 255. -.TP -.IR tcp_syncookies " (integer; default: 1; since Linux 2.2)" -.\" Since Linux 2.1.43 -Enable TCP syncookies. -The kernel must be compiled with -.BR CONFIG_SYN_COOKIES . -The syncookies feature attempts to protect a -socket from a SYN flood attack. -This should be used as a last resort, if at all. -This is a violation of the TCP protocol, -and conflicts with other areas of TCP such as TCP extensions. -It can cause problems for clients and relays. -It is not recommended as a tuning mechanism for heavily -loaded servers to help with overloaded or misconfigured conditions. -For recommended alternatives see -.IR tcp_max_syn_backlog , -.IR tcp_synack_retries , -and -.IR tcp_abort_on_overflow . -Set to one of the following values: -.RS -.TP -.B 0 -Disable TCP syncookies. -.TP -.B 1 -Send out syncookies when the syn backlog queue of a socket overflows. -.TP -.B 2 -(since Linux 3.12) -.\" commit 5ad37d5deee1ff7150a2d0602370101de158ad86 -Send out syncookies unconditionally. -This can be useful for network testing. -.RE -.TP -.IR tcp_timestamps " (integer; default: 1; since Linux 2.2)" -.\" Since Linux 2.1.36 -Set to one of the following values to enable or disable RFC\ 1323 -TCP timestamps: -.RS -.TP -.B 0 -Disable timestamps. -.TP -.B 1 -Enable timestamps as defined in RFC1323 and use random offset for -each connection rather than only using the current time. -.TP -.B 2 -As for the value 1, but without random offsets. -.\" commit 25429d7b7dca01dc4f17205de023a30ca09390d0 -Setting -.I tcp_timestamps -to this value is meaningful since Linux 4.10. -.RE -.TP -.IR tcp_tso_win_divisor " (integer; default: 3; since Linux 2.6.9)" -This parameter controls what percentage of the congestion window -can be consumed by a single TCP Segmentation Offload (TSO) frame. -The setting of this parameter is a tradeoff between burstiness and -building larger TSO frames. -.TP -.IR tcp_tw_recycle " (Boolean; default: disabled; Linux 2.4 to Linux 4.11)" -.\" Since Linux 2.3.15 -.\" removed in Linux 4.12; commit 4396e46187ca5070219b81773c4e65088dac50cc -Enable fast recycling of TIME_WAIT sockets. -Enabling this option is -not recommended as the remote IP may not use monotonically increasing -timestamps (devices behind NAT, devices with per-connection timestamp -offsets). -See RFC 1323 (PAWS) and RFC 6191. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_tw_reuse " (Boolean; default: disabled; since Linux 2.4.19/2.6)" -.\" Since Linux 2.4.19/2.5.43 -Allow to reuse TIME_WAIT sockets for new connections when it is -safe from protocol viewpoint. -It should not be changed without advice/request of technical experts. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_vegas_cong_avoid " (Boolean; default: disabled; Linux 2.2 to Linux 2.6.13)" -.\" Since Linux 2.1.8; removed in Linux 2.6.13 -Enable TCP Vegas congestion avoidance algorithm. -TCP Vegas is a sender-side-only change to TCP that anticipates -the onset of congestion by estimating the bandwidth. -TCP Vegas adjusts the sending rate by modifying the congestion window. -TCP Vegas should provide less packet loss, but it is -not as aggressive as TCP Reno. -.\" -.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt -.TP -.IR tcp_westwood " (Boolean; default: disabled; Linux 2.4.26/2.6.3 to Linux 2.6.13)" -Enable TCP Westwood+ congestion control algorithm. -TCP Westwood+ is a sender-side-only modification of the TCP Reno -protocol stack that optimizes the performance of TCP congestion control. -It is based on end-to-end bandwidth estimation to set -congestion window and slow start threshold after a congestion episode. -Using this estimation, TCP Westwood+ adaptively sets a -slow start threshold and a congestion window which takes into -account the bandwidth used at the time congestion is experienced. -TCP Westwood+ significantly increases fairness with respect to -TCP Reno in wired networks and throughput over wireless links. -.TP -.IR tcp_window_scaling " (Boolean; default: enabled; since Linux 2.2)" -.\" Since Linux 2.1.36 -Enable RFC\ 1323 TCP window scaling. -This feature allows the use of a large window -(> 64\ kB) on a TCP connection, should the other end support it. -Normally, the 16 bit window length field in the TCP header -limits the window size to less than 64\ kB. -If larger windows are desired, applications can increase the size of -their socket buffers and the window scaling option will be employed. -If -.I tcp_window_scaling -is disabled, TCP will not negotiate the use of window -scaling with the other end during connection setup. -.TP -.IR tcp_wmem " (since Linux 2.4)" -.\" Since Linux 2.4.0-test7 -This is a vector of 3 integers: [min, default, max]. -These parameters are used by TCP to regulate send buffer sizes. -TCP dynamically adjusts the size of the send buffer from the -default values listed below, in the range of these values, -depending on memory available. -.RS -.TP -.I min -Minimum size of the send buffer used by each TCP socket. -The default value is the system page size. -(On Linux 2.4, the default value is 4\ kB.) -This value is used to ensure that in memory pressure mode, -allocations below this size will still succeed. -This is not used to bound the size of the send buffer declared using -.B SO_SNDBUF -on a socket. -.TP -.I default -The default size of the send buffer for a TCP socket. -This value overwrites the initial default buffer size from -the generic global -.I /proc/sys/net/core/wmem_default -defined for all protocols. -The default value is 16\ kB. -.\" True in Linux 2.4 and 2.6 -If larger send buffer sizes are desired, this value -should be increased (to affect all sockets). -To employ large TCP windows, the -.I /proc/sys/net/ipv4/tcp_window_scaling -must be set to a nonzero value (default). -.TP -.I max -The maximum size of the send buffer used by each TCP socket. -This value does not override the value in -.IR /proc/sys/net/core/wmem_max . -This is not used to limit the size of the send buffer declared using -.B SO_SNDBUF -on a socket. -The default value is calculated using the formula -.IP -.in +4n -.EX -max(65536, min(4\ MB, \fItcp_mem\fP[1]*PAGE_SIZE/128)) -.EE -.in -.IP -(On Linux 2.4, the default value is 128\ kB, -lowered 64\ kB depending on low-memory systems.) -.RE -.TP -.IR tcp_workaround_signed_windows " (Boolean; default: disabled; since Linux 2.6.26)" -If enabled, assume that no receipt of a window-scaling option means that the -remote TCP is broken and treats the window as a signed quantity. -If disabled, assume that the remote TCP is not broken even if we do -not receive a window scaling option from it. -.SS Socket options -To set or get a TCP socket option, call -.BR getsockopt (2) -to read or -.BR setsockopt (2) -to write the option with the option level argument set to -.BR IPPROTO_TCP . -Unless otherwise noted, -.I optval -is a pointer to an -.IR int . -.\" or SOL_TCP on Linux -In addition, -most -.B IPPROTO_IP -socket options are valid on TCP sockets. -For more information see -.BR ip (7). -.P -Following is a list of TCP-specific socket options. -For details of some other socket options that are also applicable -for TCP sockets, see -.BR socket (7). -.TP -.BR TCP_CONGESTION " (since Linux 2.6.13)" -.\" commit 5f8ef48d240963093451bcf83df89f1a1364f51d -.\" Author: Stephen Hemminger -The argument for this option is a string. -This option allows the caller to set the TCP congestion control -algorithm to be used, on a per-socket basis. -Unprivileged processes are restricted to choosing one of the algorithms in -.I tcp_allowed_congestion_control -(described above). -Privileged processes -.RB ( CAP_NET_ADMIN ) -can choose from any of the available congestion-control algorithms -(see the description of -.I tcp_available_congestion_control -above). -.TP -.BR TCP_CORK " (since Linux 2.2)" -.\" precisely: since Linux 2.1.127 -If set, don't send out partial frames. -All queued partial frames are sent when the option is cleared again. -This is useful for prepending headers before calling -.BR sendfile (2), -or for throughput optimization. -As currently implemented, there is a 200 millisecond ceiling on the time -for which output is corked by -.BR TCP_CORK . -If this ceiling is reached, then queued data is automatically transmitted. -This option can be combined with -.B TCP_NODELAY -only since Linux 2.5.71. -This option should not be used in code intended to be portable. -.TP -.BR TCP_DEFER_ACCEPT " (since Linux 2.4)" -.\" Precisely: since Linux 2.3.38 -.\" Useful references: -.\" http://www.techrepublic.com/article/take-advantage-of-tcp-ip-options-to-optimize-data-transmission/ -.\" http://unix.stackexchange.com/questions/94104/real-world-use-of-tcp-defer-accept -Allow a listener to be awakened only when data arrives on the socket. -Takes an integer value (seconds), this can -bound the maximum number of attempts TCP will make to -complete the connection. -This option should not be used in code intended to be portable. -.TP -.BR TCP_INFO " (since Linux 2.4)" -Used to collect information about this socket. -The kernel returns a \fIstruct tcp_info\fP as defined in the file -.IR /usr/include/linux/tcp.h . -This option should not be used in code intended to be portable. -.TP -.BR TCP_KEEPCNT " (since Linux 2.4)" -.\" Precisely: since Linux 2.3.18 -The maximum number of keepalive probes TCP should send -before dropping the connection. -This option should not be -used in code intended to be portable. -.TP -.BR TCP_KEEPIDLE " (since Linux 2.4)" -.\" Precisely: since Linux 2.3.18 -The time (in seconds) the connection needs to remain idle -before TCP starts sending keepalive probes, if the socket -option -.B SO_KEEPALIVE -has been set on this socket. -This option should not be used in code intended to be portable. -.TP -.BR TCP_KEEPINTVL " (since Linux 2.4)" -.\" Precisely: since Linux 2.3.18 -The time (in seconds) between individual keepalive probes. -This option should not be used in code intended to be portable. -.TP -.BR TCP_LINGER2 " (since Linux 2.4)" -.\" Precisely: since Linux 2.3.41 -The lifetime of orphaned FIN_WAIT2 state sockets. -This option can be used to override the system-wide setting in the file -.I /proc/sys/net/ipv4/tcp_fin_timeout -for this socket. -This is not to be confused with the -.BR socket (7) -level option -.BR SO_LINGER . -This option should not be used in code intended to be portable. -.TP -.B TCP_MAXSEG -.\" Present in Linux 1.0 -The maximum segment size for outgoing TCP packets. -In Linux 2.2 and earlier, and in Linux 2.6.28 and later, -if this option is set before connection establishment, it also -changes the MSS value announced to the other end in the initial packet. -Values greater than the (eventual) interface MTU have no effect. -TCP will also impose -its minimum and maximum bounds over the value provided. -.TP -.B TCP_NODELAY -.\" Present in Linux 1.0 -If set, disable the Nagle algorithm. -This means that segments -are always sent as soon as possible, even if there is only a -small amount of data. -When not set, data is buffered until there -is a sufficient amount to send out, thereby avoiding the -frequent sending of small packets, which results in poor -utilization of the network. -This option is overridden by -.BR TCP_CORK ; -however, setting this option forces an explicit flush of -pending output, even if -.B TCP_CORK -is currently set. -.TP -.BR TCP_QUICKACK " (since Linux 2.4.4)" -Enable quickack mode if set or disable quickack -mode if cleared. -In quickack mode, acks are sent -immediately, rather than delayed if needed in accordance -to normal TCP operation. -This flag is not permanent, -it only enables a switch to or from quickack mode. -Subsequent operation of the TCP protocol will -once again enter/leave quickack mode depending on -internal protocol processing and factors such as -delayed ack timeouts occurring and data transfer. -This option should not be used in code intended to be -portable. -.TP -.BR TCP_SYNCNT " (since Linux 2.4)" -.\" Precisely: since Linux 2.3.18 -Set the number of SYN retransmits that TCP should send before -aborting the attempt to connect. -It cannot exceed 255. -This option should not be used in code intended to be portable. -.TP -.BR TCP_USER_TIMEOUT " (since Linux 2.6.37)" -.\" commit dca43c75e7e545694a9dd6288553f55c53e2a3a3 -.\" Author: Jerry Chu -.\" The following text taken nearly verbatim from Jerry Chu's (excellent) -.\" commit message. -.\" -This option takes an -.I unsigned int -as an argument. -When the value is greater than 0, -it specifies the maximum amount of time in milliseconds that transmitted -data may remain unacknowledged, or buffered data may remain untransmitted -(due to zero window size) before TCP will forcibly close the -corresponding connection and return -.B ETIMEDOUT -to the application. -If the option value is specified as 0, -TCP will use the system default. -.IP -Increasing user timeouts allows a TCP connection to survive extended -periods without end-to-end connectivity. -Decreasing user timeouts -allows applications to "fail fast", if so desired. -Otherwise, failure may take up to 20 minutes with -the current system defaults in a normal WAN environment. -.IP -This option can be set during any state of a TCP connection, -but is effective only during the synchronized states of a connection -(ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, and LAST-ACK). -Moreover, when used with the TCP keepalive -.RB ( SO_KEEPALIVE ) -option, -.B TCP_USER_TIMEOUT -will override keepalive to determine when to close a -connection due to keepalive failure. -.IP -The option has no effect on when TCP retransmits a packet, -nor when a keepalive probe is sent. -.IP -This option, like many others, will be inherited by the socket returned by -.BR accept (2), -if it was set on the listening socket. -.IP -Further details on the user timeout feature can be found in -RFC\ 793 and RFC\ 5482 ("TCP User Timeout Option"). -.TP -.BR TCP_WINDOW_CLAMP " (since Linux 2.4)" -.\" Precisely: since Linux 2.3.41 -Bound the size of the advertised window to this value. -The kernel imposes a minimum size of SOCK_MIN_RCVBUF/2. -This option should not be used in code intended to be -portable. -.TP -.BR TCP_FASTOPEN " (since Linux 3.6)" -This option enables Fast Open (RFC\~7413) on the listener socket. -The value specifies the maximum length of pending SYNs -(similar to the backlog argument in -.BR listen (2)). -Once enabled, -the listener socket grants the TCP Fast Open cookie -on incoming SYN with TCP Fast Open option. -.IP -More importantly it accepts the data in SYN with a valid Fast Open cookie -and responds SYN-ACK acknowledging both the data and the SYN sequence. -.BR accept (2) -returns a socket that is available for read and write -when the handshake has not completed yet. -Thus the data exchange can commence before the handshake completes. -This option requires enabling the server-side support on sysctl -.I net.ipv4.tcp_fastopen -(see above). -For TCP Fast Open client-side support, -see -.BR send (2) -.B MSG_FASTOPEN -or -.B TCP_FASTOPEN_CONNECT -below. -.TP -.BR TCP_FASTOPEN_CONNECT " (since Linux 4.11)" -This option enables an alternative way to perform Fast Open -on the active side (client). -When this option is enabled, -.BR connect (2) -would behave differently depending on -if a Fast Open cookie is available for the destination. -.IP -If a cookie is not available (i.e. first contact to the destination), -.BR connect (2) -behaves as usual by sending a SYN immediately, -except the SYN would include an empty Fast Open cookie option -to solicit a cookie. -.IP -If a cookie is available, -.BR connect (2) -would return 0 immediately but the SYN transmission is deferred. -A subsequent -.BR write (2) -or -.BR sendmsg (2) -would trigger a SYN with data plus cookie in the Fast Open option. -In other words, -the actual connect operation is deferred until data is supplied. -.IP -.B Note: -While this option is designed for convenience, -enabling it does change the behaviors and certain system calls might set -different -.I errno -values. -With cookie present, -.BR write (2) -or -.BR sendmsg (2) -must be called right after -.BR connect (2) -in order to send out SYN+data to complete 3WHS and establish connection. -Calling -.BR read (2) -right after -.BR connect (2) -without -.BR write (2) -will cause the blocking socket to be blocked forever. -.IP -The application should either set -.B TCP_FASTOPEN_CONNECT -socket option before -.BR write (2) -or -.BR sendmsg (2), -or call -.BR write (2) -or -.BR sendmsg (2) -with -.B MSG_FASTOPEN -flag directly, -instead of both on the same connection. -.IP -Here is the typical call flow with this new option: -.IP -.in +4n -.EX -s = socket(); -setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, 1, ...); -connect(s); -write(s); /* write() should always follow connect() - * in order to trigger SYN to go out. */ -read(s)/write(s); -/* ... */ -close(s); -.EE -.in -.SS Sockets API -TCP provides limited support for out-of-band data, -in the form of (a single byte of) urgent data. -In Linux this means if the other end sends newer out-of-band -data the older urgent data is inserted as normal data into -the stream (even when -.B SO_OOBINLINE -is not set). -This differs from BSD-based stacks. -.P -Linux uses the BSD compatible interpretation of the urgent -pointer field by default. -This violates RFC\ 1122, but is -required for interoperability with other stacks. -It can be changed via -.IR /proc/sys/net/ipv4/tcp_stdurg . -.P -It is possible to peek at out-of-band data using the -.BR recv (2) -.B MSG_PEEK -flag. -.P -Since Linux 2.4, Linux supports the use of -.B MSG_TRUNC -in the -.I flags -argument of -.BR recv (2) -(and -.BR recvmsg (2)). -This flag causes the received bytes of data to be discarded, -rather than passed back in a caller-supplied buffer. -Since Linux 2.4.4, -.B MSG_TRUNC -also has this effect when used in conjunction with -.B MSG_OOB -to receive out-of-band data. -.SS Ioctls -The following -.BR ioctl (2) -calls return information in -.IR value . -The correct syntax is: -.P -.RS -.nf -.BI int " value"; -.IB error " = ioctl(" tcp_socket ", " ioctl_type ", &" value ");" -.fi -.RE -.P -.I ioctl_type -is one of the following: -.TP -.B SIOCINQ -Returns the amount of queued unread data in the receive buffer. -The socket must not be in LISTEN state, otherwise an error -.RB ( EINVAL ) -is returned. -.B SIOCINQ -is defined in -.IR . -.\" FIXME https://www.sourceware.org/bugzilla/show_bug.cgi?id=12002, -.\" filed 2010-09-10, may cause SIOCINQ to be defined in glibc headers -Alternatively, -you can use the synonymous -.BR FIONREAD , -defined in -.IR . -.TP -.B SIOCATMARK -Returns true (i.e., -.I value -is nonzero) if the inbound data stream is at the urgent mark. -.IP -If the -.B SO_OOBINLINE -socket option is set, and -.B SIOCATMARK -returns true, then the -next read from the socket will return the urgent data. -If the -.B SO_OOBINLINE -socket option is not set, and -.B SIOCATMARK -returns true, then the -next read from the socket will return the bytes following -the urgent data (to actually read the urgent data requires the -.B recv(MSG_OOB) -flag). -.IP -Note that a read never reads across the urgent mark. -If an application is informed of the presence of urgent data via -.BR select (2) -(using the -.I exceptfds -argument) or through delivery of a -.B SIGURG -signal, -then it can advance up to the mark using a loop which repeatedly tests -.B SIOCATMARK -and performs a read (requesting any number of bytes) as long as -.B SIOCATMARK -returns false. -.TP -.B SIOCOUTQ -Returns the amount of unsent data in the socket send queue. -The socket must not be in LISTEN state, otherwise an error -.RB ( EINVAL ) -is returned. -.B SIOCOUTQ -is defined in -.IR . -.\" FIXME . https://www.sourceware.org/bugzilla/show_bug.cgi?id=12002, -.\" filed 2010-09-10, may cause SIOCOUTQ to be defined in glibc headers -Alternatively, -you can use the synonymous -.BR TIOCOUTQ , -defined in -.IR . -.SS Error handling -When a network error occurs, TCP tries to resend the packet. -If it doesn't succeed after some time, either -.B ETIMEDOUT -or the last received error on this connection is reported. -.P -Some applications require a quicker error notification. -This can be enabled with the -.B IPPROTO_IP -level -.B IP_RECVERR -socket option. -When this option is enabled, all incoming -errors are immediately passed to the user program. -Use this option with care \[em] it makes TCP less tolerant to routing -changes and other normal network conditions. -.SH ERRORS -.TP -.B EAFNOTSUPPORT -Passed socket address type in -.I sin_family -was not -.BR AF_INET . -.TP -.B EPIPE -The other end closed the socket unexpectedly or a read is -executed on a shut down socket. -.TP -.B ETIMEDOUT -The other end didn't acknowledge retransmitted data after some time. -.P -Any errors defined for -.BR ip (7) -or the generic socket layer may also be returned for TCP. -.SH VERSIONS -Support for Explicit Congestion Notification, zero-copy -.BR sendfile (2), -reordering support and some SACK extensions -(DSACK) were introduced in Linux 2.4. -Support for forward acknowledgement (FACK), TIME_WAIT recycling, -and per-connection keepalive socket options were introduced in Linux 2.3. -.SH BUGS -Not all errors are documented. -.P -IPv6 is not described. -.\" Only a single Linux kernel version is described -.\" Info for 2.2 was lost. Should be added again, -.\" or put into a separate page. -.\" .SH AUTHORS -.\" This man page was originally written by Andi Kleen. -.\" It was updated for 2.4 by Nivedita Singhvi with input from -.\" Alexey Kuznetsov's Documentation/networking/ip-sysctl.txt -.\" document. -.SH SEE ALSO -.BR accept (2), -.BR bind (2), -.BR connect (2), -.BR getsockopt (2), -.BR listen (2), -.BR recvmsg (2), -.BR sendfile (2), -.BR sendmsg (2), -.BR socket (2), -.BR ip (7), -.BR socket (7) -.P -The kernel source file -.IR Documentation/networking/ip\-sysctl.txt . -.P -RFC\ 793 for the TCP specification. -.br -RFC\ 1122 for the TCP requirements and a description of the Nagle algorithm. -.br -RFC\ 1323 for TCP timestamp and window scaling options. -.br -RFC\ 1337 for a description of TIME_WAIT assassination hazards. -.br -RFC\ 3168 for a description of Explicit Congestion Notification. -.br -RFC\ 2581 for TCP congestion control algorithms. -.br -RFC\ 2018 and RFC\ 2883 for SACK and extensions to SACK. diff --git a/man7/termio.7 b/man7/termio.7 deleted file mode 100644 index bff1d9f..0000000 --- a/man7/termio.7 +++ /dev/null @@ -1,45 +0,0 @@ -.\" Copyright (c) 2006 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" 28 Dec 2006 - Initial Creation -.\" -.TH termio 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -termio \- System V terminal driver interface -.SH DESCRIPTION -.B termio -is the name of the old System V terminal driver interface. -This interface defined a -.I termio -structure used to store terminal settings, and a range of -.BR ioctl (2) -operations to get and set terminal attributes. -.P -The -.B termio -interface is now obsolete: POSIX.1-1990 standardized a modified -version of this interface, under the name -.BR termios . -The POSIX.1 data structure differs slightly from the -System V version, and POSIX.1 defined a suite of functions -to replace the various -.BR ioctl (2) -operations that existed in System V. -(This was done because -.BR ioctl (2) -was unstandardized, and its variadic third argument -does not allow argument type checking.) -.P -If you're looking for a page called "termio", then you can probably -find most of the information that you seek in either -.BR termios (3) -or -.BR ioctl_tty (2). -.SH SEE ALSO -.BR reset (1), -.BR setterm (1), -.BR stty (1), -.BR ioctl_tty (2), -.BR termios (3), -.BR tty (4) diff --git a/man7/thread-keyring.7 b/man7/thread-keyring.7 deleted file mode 100644 index 703f083..0000000 --- a/man7/thread-keyring.7 +++ /dev/null @@ -1,50 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH thread-keyring 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -thread-keyring \- per-thread keyring -.SH DESCRIPTION -The thread keyring is a keyring used to anchor keys on behalf of a process. -It is created only when a thread requests it. -The thread keyring has the name (description) -.IR _tid . -.P -A special serial number value, -.BR KEY_SPEC_THREAD_KEYRING , -is defined that can be used in lieu of the actual serial number of -the calling thread's thread keyring. -.P -From the -.BR keyctl (1) -utility, '\fB@t\fP' can be used instead of a numeric key ID in -much the same way, but as -.BR keyctl (1) -is a program run after forking, this is of no utility. -.P -Thread keyrings are not inherited across -.BR clone (2) -and -.BR fork (2) -and are cleared by -.BR execve (2). -A thread keyring is destroyed when the thread that refers to it terminates. -.P -Initially, a thread does not have a thread keyring. -If a thread doesn't have a thread keyring when it is accessed, -then it will be created if it is to be modified; -otherwise the operation fails with the error -.BR ENOKEY . -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR keyctl (3), -.BR keyrings (7), -.BR persistent\-keyring (7), -.BR process\-keyring (7), -.BR session\-keyring (7), -.BR user\-keyring (7), -.BR user\-session\-keyring (7) diff --git a/man7/time.7 b/man7/time.7 deleted file mode 100644 index 7259feb..0000000 --- a/man7/time.7 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Copyright (c) 2006 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" 2008-06-24, mtk: added some details about where jiffies come into -.\" play; added section on high-resolution timers. -.\" -.TH time 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -time \- overview of time and timers -.SH DESCRIPTION -.SS Real time and process time -.I "Real time" -is defined as time measured from some fixed point, -either from a standard point in the past -(see the description of the Epoch and calendar time below), -or from some point (e.g., the start) in the life of a process -.RI ( "elapsed time" ). -.P -.I "Process time" -is defined as the amount of CPU time used by a process. -This is sometimes divided into -.I user -and -.I system -components. -User CPU time is the time spent executing code in user mode. -System CPU time is the time spent by the kernel executing -in system mode on behalf of the process (e.g., executing system calls). -The -.BR time (1) -command can be used to determine the amount of CPU time consumed -during the execution of a program. -A program can determine the amount of CPU time it has consumed using -.BR times (2), -.BR getrusage (2), -or -.BR clock (3). -.SS The hardware clock -Most computers have a (battery-powered) hardware clock which the kernel -reads at boot time in order to initialize the software clock. -For further details, see -.BR rtc (4) -and -.BR hwclock (8). -.SS The software clock, HZ, and jiffies -The accuracy of various system calls that set timeouts, -(e.g., -.BR select (2), -.BR sigtimedwait (2)) -.\" semtimedop(), mq_timedwait(), io_getevents(), poll() are the same -.\" futexes and thus sem_timedwait() seem to use high-res timers. -and measure CPU time (e.g., -.BR getrusage (2)) -is limited by the resolution of the -.IR "software clock" , -a clock maintained by the kernel which measures time in -.IR jiffies . -The size of a jiffy is determined by the value of the kernel constant -.IR HZ . -.P -The value of -.I HZ -varies across kernel versions and hardware platforms. -On i386 the situation is as follows: -on kernels up to and including Linux 2.4.x, -HZ was 100, -giving a jiffy value of 0.01 seconds; -starting with Linux 2.6.0, -HZ was raised to 1000, -giving a jiffy of 0.001 seconds. -Since Linux 2.6.13, the HZ value is a kernel -configuration parameter and can be 100, 250 (the default) or 1000, -yielding a jiffies value of, respectively, 0.01, 0.004, or 0.001 seconds. -Since Linux 2.6.20, a further frequency is available: -300, a number that divides evenly for the common video frame rates -(PAL, 25 Hz; NTSC, 30 Hz). -.P -The -.BR times (2) -system call is a special case. -It reports times with a granularity defined by the kernel constant -.IR USER_HZ . -User-space applications can determine the value of this constant using -.IR sysconf(_SC_CLK_TCK) . -.\" glibc gets this info with a little help from the ELF loader; -.\" see glibc elf/dl-support.c and kernel fs/binfmt_elf.c. -.\" -.SS System and process clocks; time namespaces -The kernel supports a range of clocks that measure various kinds of -elapsed and virtual (i.e., consumed CPU) time. -These clocks are described in -.BR clock_gettime (2). -A few of the clocks are settable using -.BR clock_settime (2). -The values of certain clocks are virtualized by time namespaces; see -.BR time_namespaces (7). -.\" -.SS High-resolution timers -Before Linux 2.6.21, the accuracy of timer and sleep system calls -(see below) was also limited by the size of the jiffy. -.P -Since Linux 2.6.21, Linux supports high-resolution timers (HRTs), -optionally configurable via -.BR CONFIG_HIGH_RES_TIMERS . -On a system that supports HRTs, the accuracy of sleep and timer -system calls is no longer constrained by the jiffy, -but instead can be as accurate as the hardware allows -(microsecond accuracy is typical of modern hardware). -You can determine whether high-resolution timers are supported by -checking the resolution returned by a call to -.BR clock_getres (2) -or looking at the "resolution" entries in -.IR /proc/timer_list . -.P -HRTs are not supported on all hardware architectures. -(Support is provided on x86, ARM, and PowerPC, among others.) -.SS The Epoch -UNIX systems represent time in seconds since the -.IR Epoch , -1970-01-01 00:00:00 +0000 (UTC). -.P -A program can determine the -.I "calendar time" -via the -.BR clock_gettime (2) -.B CLOCK_REALTIME -clock, -which returns time (in seconds and nanoseconds) that have -elapsed since the Epoch; -.BR time (2) -provides similar information, but only with accuracy to the -nearest second. -The system time can be changed using -.BR clock_settime (2). -.\" -.SS Broken-down time -Certain library functions use a structure of -type -.I tm -to represent -.IR "broken-down time" , -which stores time value separated out into distinct components -(year, month, day, hour, minute, second, etc.). -This structure is described in -.BR tm (3type), -which also describes functions that convert between calendar time and -broken-down time. -Functions for converting between broken-down time and printable -string representations of the time are described in -.BR ctime (3), -.BR strftime (3), -and -.BR strptime (3). -.SS Sleeping and setting timers -Various system calls and functions allow a program to sleep -(suspend execution) for a specified period of time; see -.BR nanosleep (2), -.BR clock_nanosleep (2), -and -.BR sleep (3). -.P -Various system calls allow a process to set a timer that expires -at some point in the future, and optionally at repeated intervals; -see -.BR alarm (2), -.BR getitimer (2), -.BR timerfd_create (2), -and -.BR timer_create (2). -.SS Timer slack -Since Linux 2.6.28, it is possible to control the "timer slack" -value for a thread. -The timer slack is the length of time by -which the kernel may delay the wake-up of certain -system calls that block with a timeout. -Permitting this delay allows the kernel to coalesce wake-up events, -thus possibly reducing the number of system wake-ups and saving power. -For more details, see the description of -.B PR_SET_TIMERSLACK -in -.BR prctl (2). -.SH SEE ALSO -.ad l -.nh -.BR date (1), -.BR time (1), -.BR timeout (1), -.BR adjtimex (2), -.BR alarm (2), -.BR clock_gettime (2), -.BR clock_nanosleep (2), -.BR getitimer (2), -.BR getrlimit (2), -.BR getrusage (2), -.BR gettimeofday (2), -.BR nanosleep (2), -.BR stat (2), -.BR time (2), -.BR timer_create (2), -.BR timerfd_create (2), -.BR times (2), -.BR utime (2), -.BR adjtime (3), -.BR clock (3), -.BR clock_getcpuclockid (3), -.BR ctime (3), -.BR ntp_adjtime (3), -.BR ntp_gettime (3), -.BR pthread_getcpuclockid (3), -.BR sleep (3), -.BR strftime (3), -.BR strptime (3), -.BR timeradd (3), -.BR usleep (3), -.BR rtc (4), -.BR time_namespaces (7), -.BR hwclock (8) diff --git a/man7/time_namespaces.7 b/man7/time_namespaces.7 deleted file mode 100644 index 4c85001..0000000 --- a/man7/time_namespaces.7 +++ /dev/null @@ -1,345 +0,0 @@ -.\" Copyright (c) 2020 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH time_namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -time_namespaces \- overview of Linux time namespaces -.SH DESCRIPTION -Time namespaces virtualize the values of two system clocks: -.IP \[bu] 3 -.B CLOCK_MONOTONIC -(and likewise -.B CLOCK_MONOTONIC_COARSE -and -.BR CLOCK_MONOTONIC_RAW ), -a nonsettable clock that represents monotonic time since\[em]as -described by POSIX\[em]"some unspecified point in the past". -.IP \[bu] -.B CLOCK_BOOTTIME -(and likewise -.BR CLOCK_BOOTTIME_ALARM ), -a nonsettable clock that is identical to -.BR CLOCK_MONOTONIC , -except that it also includes any time that the system is suspended. -.P -Thus, the processes in a time namespace share per-namespace values -for these clocks. -This affects various APIs that measure against these clocks, including: -.BR clock_gettime (2), -.BR clock_nanosleep (2), -.BR nanosleep (2), -.BR timer_settime (2), -.BR timerfd_settime (2), -and -.IR /proc/uptime . -.P -Currently, the only way to create a time namespace is by calling -.BR unshare (2) -with the -.B CLONE_NEWTIME -flag. -This call creates a new time namespace but does -.I not -place the calling process in the new namespace. -Instead, the calling process's -subsequently created children are placed in the new namespace. -This allows clock offsets (see below) for the new namespace -to be set before the first process is placed in the namespace. -The -.IR /proc/ pid /ns/time_for_children -symbolic link shows the time namespace in which -the children of a process will be created. -(A process can use a file descriptor opened on -this symbolic link in a call to -.BR setns (2) -in order to move into the namespace.) -.\" -.SS \fI/proc/\fPpid\fI/timens_offsets\fP -Associated with each time namespace are offsets, -expressed with respect to the initial time namespace, -that define the values of the monotonic and -boot-time clocks in that namespace. -These offsets are exposed via the file -.IR /proc/ pid /timens_offsets . -Within this file, -the offsets are expressed as lines consisting of -three space-delimited fields: -.P -.in +4n -.EX - -.EE -.in -.P -The -.I clock-id -is a string that identifies the clock whose offsets are being shown. -This field is either -.IR monotonic , -for -.BR CLOCK_MONOTONIC , -or -.IR boottime , -for -.BR CLOCK_BOOTTIME . -The remaining fields express the offset (seconds plus nanoseconds) for the -clock in this time namespace. -These offsets are expressed relative to the clock values in -the initial time namespace. -The -.I offset-secs -value can be negative, subject to restrictions noted below; -.I offset-nanosecs -is an unsigned value. -.P -In the initial time namespace, the contents of the -.I timens_offsets -file are as follows: -.P -.in +4n -.EX -$ \fBcat /proc/self/timens_offsets\fP -monotonic 0 0 -boottime 0 0 -.EE -.in -.P -In a new time namespace that has had no member processes, -the clock offsets can be modified by writing newline-terminated -records of the same form to the -.I timens_offsets -file. -The file can be written to multiple times, -but after the first process has been created in or has entered the namespace, -.BR write (2)s -on this file fail with the error -.BR EACCES . -In order to write to the -.I timens_offsets -file, a process must have the -.B CAP_SYS_TIME -capability in the user namespace that owns the time namespace. -.P -Writes to the -.I timens_offsets -file can fail with the following errors: -.TP -.B EINVAL -An -.I offset-nanosecs -value is greater than 999,999,999. -.TP -.B EINVAL -A -.I clock-id -value is not valid. -.TP -.B EPERM -The caller does not have the -.B CAP_SYS_TIME -capability. -.TP -.B ERANGE -An -.I offset-secs -value is out of range. -In particular; -.RS -.IP \[bu] 3 -.I offset-secs -can't be set to a value which would make the current -time on the corresponding clock inside the namespace a negative value; and -.IP \[bu] -.I offset-secs -can't be set to a value such that the time on the corresponding clock -inside the namespace would exceed half of the value of the kernel constant -.B KTIME_SEC_MAX -(this limits the clock value to a maximum of approximately 146 years). -.RE -.P -In a new time namespace created by -.BR unshare (2), -the contents of the -.I timens_offsets -file are inherited from the time namespace of the creating process. -.SH NOTES -Use of time namespaces requires a kernel that is configured with the -.B CONFIG_TIME_NS -option. -.P -Note that time namespaces do not virtualize the -.B CLOCK_REALTIME -clock. -Virtualization of this clock was avoided for reasons of complexity -and overhead within the kernel. -.P -For compatibility with the initial implementation, when writing a -.I clock-id -to the -.IR /proc/ pid /timens_offsets -file, the numerical values of the IDs can be written -instead of the symbolic names show above; i.e., 1 instead of -.IR monotonic , -and 7 instead of -.IR boottime . -For readability, the use of the symbolic names over the numbers is preferred. -.P -The motivation for adding time namespaces was to allow -the monotonic and boot-time clocks to maintain consistent values -during container migration and checkpoint/restore. -.SH EXAMPLES -The following shell session demonstrates the operation of time namespaces. -We begin by displaying the inode number of the time namespace -of a shell in the initial time namespace: -.P -.in +4n -.EX -$ \fBreadlink /proc/$$/ns/time\fP -time:[4026531834] -.EE -.in -.P -Continuing in the initial time namespace, we display the system uptime using -.BR uptime (1) -and use the -.I clock_times -example program shown in -.BR clock_getres (2) -to display the values of various clocks: -.P -.in +4n -.EX -$ \fBuptime \-\-pretty\fP -up 21 hours, 17 minutes -$ \fB./clock_times\fP -CLOCK_REALTIME : 1585989401.971 (18356 days + 8h 36m 41s) -CLOCK_TAI : 1585989438.972 (18356 days + 8h 37m 18s) -CLOCK_MONOTONIC: 56338.247 (15h 38m 58s) -CLOCK_BOOTTIME : 76633.544 (21h 17m 13s) -.EE -.in -.P -We then use -.BR unshare (1) -to create a time namespace and execute a -.BR bash (1) -shell. -From the new shell, we use the built-in -.B echo -command to write records to the -.I timens_offsets -file adjusting the offset for the -.B CLOCK_MONOTONIC -clock forward 2 days -and the offset for the -.B CLOCK_BOOTTIME -clock forward 7 days: -.P -.in +4n -.EX -$ \fBPS1="ns2# " sudo unshare \-T \-\- bash \-\-norc\fP -ns2# \fBecho "monotonic $((2*24*60*60)) 0" > /proc/$$/timens_offsets\fP -ns2# \fBecho "boottime $((7*24*60*60)) 0" > /proc/$$/timens_offsets\fP -.EE -.in -.P -Above, we started the -.BR bash (1) -shell with the -.B \-\-norc -option so that no start-up scripts were executed. -This ensures that no child processes are created from the -shell before we have a chance to update the -.I timens_offsets -file. -.P -We then use -.BR cat (1) -to display the contents of the -.I timens_offsets -file. -The execution of -.BR cat (1) -creates the first process in the new time namespace, -after which further attempts to update the -.I timens_offsets -file produce an error. -.P -.in +4n -.EX -ns2# \fBcat /proc/$$/timens_offsets\fP -monotonic 172800 0 -boottime 604800 0 -ns2# \fBecho "boottime $((9*24*60*60)) 0" > /proc/$$/timens_offsets\fP -bash: echo: write error: Permission denied -.EE -.in -.P -Continuing in the new namespace, we execute -.BR uptime (1) -and the -.I clock_times -example program: -.P -.in +4n -.EX -ns2# \fBuptime \-\-pretty\fP -up 1 week, 21 hours, 18 minutes -ns2# \fB./clock_times\fP -CLOCK_REALTIME : 1585989457.056 (18356 days + 8h 37m 37s) -CLOCK_TAI : 1585989494.057 (18356 days + 8h 38m 14s) -CLOCK_MONOTONIC: 229193.332 (2 days + 15h 39m 53s) -CLOCK_BOOTTIME : 681488.629 (7 days + 21h 18m 8s) -.EE -.in -.P -From the above output, we can see that the monotonic -and boot-time clocks have different values in the new time namespace. -.P -Examining the -.IR /proc/ pid /ns/time -and -.IR /proc/ pid /ns/time_for_children -symbolic links, we see that the shell is a member of the initial time -namespace, but its children are created in the new namespace. -.P -.in +4n -.EX -ns2# \fBreadlink /proc/$$/ns/time\fP -time:[4026531834] -ns2# \fBreadlink /proc/$$/ns/time_for_children\fP -time:[4026532900] -ns2# \fBreadlink /proc/self/ns/time\fP # Creates a child process -time:[4026532900] -.EE -.in -.P -Returning to the shell in the initial time namespace, -we see that the monotonic and boot-time clocks -are unaffected by the -.I timens_offsets -changes that were made in the other time namespace: -.P -.in +4n -.EX -$ \fBuptime \-\-pretty\fP -up 21 hours, 19 minutes -$ \fB./clock_times\fP -CLOCK_REALTIME : 1585989401.971 (18356 days + 8h 38m 51s) -CLOCK_TAI : 1585989438.972 (18356 days + 8h 39m 28s) -CLOCK_MONOTONIC: 56338.247 (15h 41m 8s) -CLOCK_BOOTTIME : 76633.544 (21h 19m 23s) -.EE -.in -.SH SEE ALSO -.BR nsenter (1), -.BR unshare (1), -.BR clock_settime (2), -.\" clone3() support for time namespaces is a work in progress -.\" .BR clone3 (2), -.BR setns (2), -.BR unshare (2), -.BR namespaces (7), -.BR time (7) diff --git a/man7/tis-620.7 b/man7/tis-620.7 deleted file mode 100644 index cbd4cfe..0000000 --- a/man7/tis-620.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/iso_8859-11.7 diff --git a/man7/udp.7 b/man7/udp.7 deleted file mode 100644 index 6b643a2..0000000 --- a/man7/udp.7 +++ /dev/null @@ -1,312 +0,0 @@ -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen . -.\" -.\" $Id: udp.7,v 1.7 2000/01/22 01:55:05 freitag Exp $ -.\" -.TH udp 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -udp \- User Datagram Protocol for IPv4 -.SH SYNOPSIS -.nf -.B #include -.B #include -.B #include -.P -.IB udp_socket " = socket(AF_INET, SOCK_DGRAM, 0);" -.fi -.SH DESCRIPTION -This is an implementation of the User Datagram Protocol -described in RFC\ 768. -It implements a connectionless, unreliable datagram packet service. -Packets may be reordered or duplicated before they arrive. -UDP generates and checks checksums to catch transmission errors. -.P -When a UDP socket is created, -its local and remote addresses are unspecified. -Datagrams can be sent immediately using -.BR sendto (2) -or -.BR sendmsg (2) -with a valid destination address as an argument. -When -.BR connect (2) -is called on the socket, the default destination address is set and -datagrams can now be sent using -.BR send (2) -or -.BR write (2) -without specifying a destination address. -It is still possible to send to other destinations by passing an -address to -.BR sendto (2) -or -.BR sendmsg (2). -In order to receive packets, the socket can be bound to a local -address first by using -.BR bind (2). -Otherwise, the socket layer will automatically assign -a free local port out of the range defined by -.I /proc/sys/net/ipv4/ip_local_port_range -and bind the socket to -.BR INADDR_ANY . -.P -All receive operations return only one packet. -When the packet is smaller than the passed buffer, only that much -data is returned; when it is bigger, the packet is truncated and the -.B MSG_TRUNC -flag is set. -.B MSG_WAITALL -is not supported. -.P -IP options may be sent or received using the socket options described in -.BR ip (7). -They are processed by the kernel only when the appropriate -.I /proc -parameter -is enabled (but still passed to the user even when it is turned off). -See -.BR ip (7). -.P -When the -.B MSG_DONTROUTE -flag is set on sending, the destination address must refer to a local -interface address and the packet is sent only to that interface. -.P -By default, Linux UDP does path MTU (Maximum Transmission Unit) discovery. -This means the kernel -will keep track of the MTU to a specific target IP address and return -.B EMSGSIZE -when a UDP packet write exceeds it. -When this happens, the application should decrease the packet size. -Path MTU discovery can be also turned off using the -.B IP_MTU_DISCOVER -socket option or the -.I /proc/sys/net/ipv4/ip_no_pmtu_disc -file; see -.BR ip (7) -for details. -When turned off, UDP will fragment outgoing UDP packets -that exceed the interface MTU. -However, disabling it is not recommended -for performance and reliability reasons. -.SS Address format -UDP uses the IPv4 -.I sockaddr_in -address format described in -.BR ip (7). -.SS Error handling -All fatal errors will be passed to the user as an error return even -when the socket is not connected. -This includes asynchronous errors -received from the network. -You may get an error for an earlier packet -that was sent on the same socket. -This behavior differs from many other BSD socket implementations -which don't pass any errors unless the socket is connected. -Linux's behavior is mandated by -.BR RFC\ 1122 . -.P -For compatibility with legacy code, in Linux 2.0 and 2.2 -it was possible to set the -.B SO_BSDCOMPAT -.B SOL_SOCKET -option to receive remote errors only when the socket has been -connected (except for -.B EPROTO -and -.BR EMSGSIZE ). -Locally generated errors are always passed. -Support for this socket option was removed in later kernels; see -.BR socket (7) -for further information. -.P -When the -.B IP_RECVERR -option is enabled, all errors are stored in the socket error queue, -and can be received by -.BR recvmsg (2) -with the -.B MSG_ERRQUEUE -flag set. -.SS /proc interfaces -System-wide UDP parameter settings can be accessed by files in the directory -.IR /proc/sys/net/ipv4/ . -.TP -.IR udp_mem " (since Linux 2.6.25)" -This is a vector of three integers governing the number -of pages allowed for queueing by all UDP sockets. -.RS -.TP -.I min -Below this number of pages, UDP is not bothered about its -memory appetite. -When the amount of memory allocated by UDP exceeds -this number, UDP starts to moderate memory usage. -.TP -.I pressure -This value was introduced to follow the format of -.I tcp_mem -(see -.BR tcp (7)). -.TP -.I max -Number of pages allowed for queueing by all UDP sockets. -.RE -.IP -Defaults values for these three items are -calculated at boot time from the amount of available memory. -.TP -.IR udp_rmem_min " (integer; default value: PAGE_SIZE; since Linux 2.6.25)" -Minimal size, in bytes, of receive buffers used by UDP sockets in moderation. -Each UDP socket is able to use the size for receiving data, -even if total pages of UDP sockets exceed -.I udp_mem -pressure. -.TP -.IR udp_wmem_min " (integer; default value: PAGE_SIZE; since Linux 2.6.25)" -Minimal size, in bytes, of send buffer used by UDP sockets in moderation. -Each UDP socket is able to use the size for sending data, -even if total pages of UDP sockets exceed -.I udp_mem -pressure. -.SS Socket options -To set or get a UDP socket option, call -.BR getsockopt (2) -to read or -.BR setsockopt (2) -to write the option with the option level argument set to -.BR IPPROTO_UDP . -Unless otherwise noted, -.I optval -is a pointer to an -.IR int . -.P -Following is a list of UDP-specific socket options. -For details of some other socket options that are also applicable -for UDP sockets, see -.BR socket (7). -.TP -.BR UDP_CORK " (since Linux 2.5.44)" -If this option is enabled, then all data output on this socket -is accumulated into a single datagram that is transmitted when -the option is disabled. -This option should not be used in code intended to be -portable. -.\" FIXME document UDP_ENCAP (new in Linux 2.5.67) -.\" From include/linux/udp.h: -.\" UDP_ENCAP_ESPINUDP_NON_IKE draft-ietf-ipsec-nat-t-ike-00/01 -.\" UDP_ENCAP_ESPINUDP draft-ietf-ipsec-udp-encaps-06 -.\" UDP_ENCAP_L2TPINUDP rfc2661 -.\" FIXME Document UDP_NO_CHECK6_TX and UDP_NO_CHECK6_RX, added in Linux 3.16 -.TP -.BR UDP_SEGMENT " (since Linux 4.18)" -Enables UDP segmentation offload. -Segmentation offload reduces -.BR send (2) -cost by transferring multiple datagrams worth of data -as a single large packet through the kernel transmit path, -even when that exceeds MTU. -As late as possible, -the large packet is split by segment size into a series of datagrams. -This segmentation offload step is deferred to hardware if supported, -else performed in software. -This option takes a value in the range -.RB [ 0 ,\~ USHRT_MAX ] -that sets the segment size: -the size of datagram payload, -excluding the UDP header. -The segment size must be chosen such that -at most 64 datagrams are sent in a single call -and that the datagrams after segmentation meet -the same MTU rules that apply to datagrams sent without this option. -Segmentation offload depends on checksum offload, -as datagram checksums are computed after segmentation. -The option may also be set for individual -.BR sendmsg (2) -calls by passing it as a -.BR cmsg (3). -A value of zero disables the feature. -This option should not be used in code intended to be portable. -.TP -.BR UDP_GRO " (since Linux 5.0)" -Enables UDP receive offload. -If enabled, -the socket may receive multiple datagrams worth of data -as a single large buffer, -together with a -.BR cmsg (3) -that holds the segment size. -This option is the inverse of segmentation offload. -It reduces receive cost by handling multiple datagrams worth of data -as a single large packet in the kernel receive path, -even when that exceeds MTU. -This option should not be used in code intended to be portable. -.SS Ioctls -These ioctls can be accessed using -.BR ioctl (2). -The correct syntax is: -.P -.RS -.nf -.BI int " value"; -.IB error " = ioctl(" udp_socket ", " ioctl_type ", &" value ");" -.fi -.RE -.TP -.BR FIONREAD " (" SIOCINQ ) -Gets a pointer to an integer as argument. -Returns the size of the next pending datagram in the integer in bytes, -or 0 when no datagram is pending. -.B Warning: -Using -.BR FIONREAD , -it is impossible to distinguish the case where no datagram is pending -from the case where the next pending datagram contains zero bytes of data. -It is safer to use -.BR select (2), -.BR poll (2), -or -.BR epoll (7) -to distinguish these cases. -.\" See http://www.securiteam.com/unixfocus/5KP0I15IKO.html -.\" "GNUnet DoS (UDP Socket Unreachable)", 14 May 2006 -.TP -.BR TIOCOUTQ " (" SIOCOUTQ ) -Returns the number of data bytes in the local send queue. -Supported only with Linux 2.4 and above. -.P -In addition, all ioctls documented in -.BR ip (7) -and -.BR socket (7) -are supported. -.SH ERRORS -All errors documented for -.BR socket (7) -or -.BR ip (7) -may be returned by a send or receive on a UDP socket. -.TP -.B ECONNREFUSED -No receiver was associated with the destination address. -This might be caused by a previous packet sent over the socket. -.SH VERSIONS -.B IP_RECVERR -is a new feature in Linux 2.2. -.\" .SH CREDITS -.\" This man page was written by Andi Kleen. -.SH SEE ALSO -.BR ip (7), -.BR raw (7), -.BR socket (7), -.BR udplite (7) -.P -The kernel source file -.IR Documentation/networking/ip\-sysctl.txt . -.P -RFC\ 768 for the User Datagram Protocol. -.br -RFC\ 1122 for the host requirements. -.br -RFC\ 1191 for a description of path MTU discovery. diff --git a/man7/udplite.7 b/man7/udplite.7 deleted file mode 100644 index 4ba4266..0000000 --- a/man7/udplite.7 +++ /dev/null @@ -1,137 +0,0 @@ -.\" Copyright (c) 2008 by Gerrit Renker -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" $Id: udplite.7,v 1.12 2008/07/23 15:22:22 gerrit Exp gerrit $ -.\" -.TH udplite 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -udplite \- Lightweight User Datagram Protocol -.SH SYNOPSIS -.nf -.B #include -.\" FIXME . see #defines under `BUGS', -.\" when glibc supports this, add -.\" #include -.P -.B sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE); -.fi -.SH DESCRIPTION -This is an implementation of the Lightweight User Datagram Protocol -(UDP-Lite), as described in RFC\ 3828. -.P -UDP-Lite is an extension of UDP (RFC\ 768) to support variable-length -checksums. -This has advantages for some types of multimedia transport that -may be able to make use of slightly damaged datagrams, -rather than having them discarded by lower-layer protocols. -.P -The variable-length checksum coverage is set via a -.BR setsockopt (2) -option. -If this option is not set, the only difference from UDP is -in using a different IP protocol identifier (IANA number 136). -.P -The UDP-Lite implementation is a full extension of -.BR udp (7)\[em]that -is, it shares the same API and API behavior, and in addition -offers two socket options to control the checksum coverage. -.SS Address format -UDP-Litev4 uses the -.I sockaddr_in -address format described in -.BR ip (7). -UDP-Litev6 uses the -.I sockaddr_in6 -address format described in -.BR ipv6 (7). -.SS Socket options -To set or get a UDP-Lite socket option, call -.BR getsockopt (2) -to read or -.BR setsockopt (2) -to write the option with the option level argument set to -.BR IPPROTO_UDPLITE . -In addition, all -.B IPPROTO_UDP -socket options are valid on a UDP-Lite socket. -See -.BR udp (7) -for more information. -.P -The following two options are specific to UDP-Lite. -.TP -.B UDPLITE_SEND_CSCOV -This option sets the sender checksum coverage and takes an -.I int -as argument, with a checksum coverage value in the range 0..2\[ha]16-1. -.IP -A value of 0 means that the entire datagram is always covered. -Values from 1\-7 are illegal (RFC\ 3828, 3.1) and are rounded up to -the minimum coverage of 8. -.IP -With regard to IPv6 jumbograms (RFC\ 2675), the UDP-Litev6 checksum -coverage is limited to the first 2\[ha]16-1 octets, as per RFC\ 3828, 3.5. -Higher values are therefore silently truncated to 2\[ha]16-1. -If in doubt, the current coverage value can always be queried using -.BR getsockopt (2). -.TP -.B UDPLITE_RECV_CSCOV -This is the receiver-side analogue and uses the same argument format -and value range as -.BR UDPLITE_SEND_CSCOV . -This option is not required to enable traffic with partial checksum -coverage. -Its function is that of a traffic filter: when enabled, it -instructs the kernel to drop all packets which have a coverage -.I less -than the specified coverage value. -.IP -When the value of -.B UDPLITE_RECV_CSCOV -exceeds the actual packet coverage, incoming packets are silently dropped, -but may generate a warning message in the system log. -.\" SO_NO_CHECK exists and is supported by UDPv4, but is -.\" commented out in socket(7), hence also commented out here -.\".P -.\"Since UDP-Lite mandates checksums, checksumming can not be disabled -.\"via the -.\".B SO_NO_CHECK -.\"option from -.\".BR socket (7). -.SH ERRORS -All errors documented for -.BR udp (7) -may be returned. -UDP-Lite does not add further errors. -.SH FILES -.TP -.I /proc/net/snmp -Basic UDP-Litev4 statistics counters. -.TP -.I /proc/net/snmp6 -Basic UDP-Litev6 statistics counters. -.SH VERSIONS -UDP-Litev4/v6 first appeared in Linux 2.6.20. -.SH BUGS -.\" FIXME . remove this section once glibc supports UDP-Lite -Where glibc support is missing, the following definitions are needed: -.P -.in +4n -.EX -#define IPPROTO_UDPLITE 136 -.\" The following two are defined in the kernel in linux/net/udplite.h -#define UDPLITE_SEND_CSCOV 10 -#define UDPLITE_RECV_CSCOV 11 -.EE -.in -.SH SEE ALSO -.BR ip (7), -.BR ipv6 (7), -.BR socket (7), -.BR udp (7) -.P -RFC\ 3828 for the Lightweight User Datagram Protocol (UDP-Lite). -.P -.I Documentation/networking/udplite.txt -in the Linux kernel source tree diff --git a/man7/unicode.7 b/man7/unicode.7 deleted file mode 100644 index fe38909..0000000 --- a/man7/unicode.7 +++ /dev/null @@ -1,246 +0,0 @@ -.\" Copyright (C) Markus Kuhn, 1995, 2001 -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" 1995-11-26 Markus Kuhn -.\" First version written -.\" 2001-05-11 Markus Kuhn -.\" Update -.\" -.TH unicode 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -unicode \- universal character set -.SH DESCRIPTION -The international standard ISO/IEC 10646 defines the -Universal Character Set (UCS). -UCS contains all characters of all other character set standards. -It also guarantees "round-trip compatibility"; -in other words, -conversion tables can be built such that no information is lost -when a string is converted from any other encoding to UCS and back. -.P -UCS contains the characters required to represent practically all -known languages. -This includes not only the Latin, Greek, Cyrillic, -Hebrew, Arabic, Armenian, and Georgian scripts, but also Chinese, -Japanese and Korean Han ideographs as well as scripts such as -Hiragana, Katakana, Hangul, Devanagari, Bengali, Gurmukhi, Gujarati, -Oriya, Tamil, Telugu, Kannada, Malayalam, Thai, Lao, Khmer, Bopomofo, -Tibetan, Runic, Ethiopic, Canadian Syllabics, Cherokee, Mongolian, -Ogham, Myanmar, Sinhala, Thaana, Yi, and others. -For scripts not yet -covered, research on how to best encode them for computer usage is -still going on and they will be added eventually. -This might -eventually include not only Hieroglyphs and various historic -Indo-European languages, but even some selected artistic scripts such -as Tengwar, Cirth, and Klingon. -UCS also covers a large number of -graphical, typographical, mathematical, and scientific symbols, -including those provided by TeX, Postscript, APL, MS-DOS, MS-Windows, -Macintosh, OCR fonts, as well as many word processing and publishing -systems, and more are being added. -.P -The UCS standard (ISO/IEC 10646) describes a -31-bit character set architecture -consisting of 128 24-bit -.IR groups , -each divided into 256 16-bit -.I planes -made up of 256 8-bit -.I rows -with 256 -.I column -positions, one for each character. -Part 1 of the standard (ISO/IEC 10646-1) -defines the first 65534 code positions (0x0000 to 0xfffd), which form -the -.I Basic Multilingual Plane -(BMP), that is plane 0 in group 0. -Part 2 of the standard (ISO/IEC 10646-2) -adds characters to group 0 outside the BMP in several -.I "supplementary planes" -in the range 0x10000 to 0x10ffff. -There are no plans to add characters -beyond 0x10ffff to the standard, therefore of the entire code space, -only a small fraction of group 0 will ever be actually used in the -foreseeable future. -The BMP contains all characters found in the -commonly used other character sets. -The supplemental planes added by -ISO/IEC 10646-2 cover only more exotic characters for special scientific, -dictionary printing, publishing industry, higher-level protocol and -enthusiast needs. -.P -The representation of each UCS character as a 2-byte word is referred -to as the UCS-2 form (only for BMP characters), -whereas UCS-4 is the representation of each character by a 4-byte word. -In addition, there exist two encoding forms UTF-8 -for backward compatibility with ASCII processing software and UTF-16 -for the backward-compatible handling of non-BMP characters up to -0x10ffff by UCS-2 software. -.P -The UCS characters 0x0000 to 0x007f are identical to those of the -classic US-ASCII -character set and the characters in the range 0x0000 to 0x00ff -are identical to those in -ISO/IEC\~8859-1 (Latin-1). -.SS Combining characters -Some code points in UCS -have been assigned to -.IR "combining characters" . -These are similar to the nonspacing accent keys on a typewriter. -A combining character just adds an accent to the previous character. -The most important accented characters have codes of their own in UCS, -however, the combining character mechanism allows us to add accents -and other diacritical marks to any character. -The combining characters -always follow the character which they modify. -For example, the German -character Umlaut-A ("Latin capital letter A with diaeresis") can -either be represented by the precomposed UCS code 0x00c4, or -alternatively as the combination of a normal "Latin capital letter A" -followed by a "combining diaeresis": 0x0041 0x0308. -.P -Combining characters are essential for instance for encoding the Thai -script or for mathematical typesetting and users of the International -Phonetic Alphabet. -.SS Implementation levels -As not all systems are expected to support advanced mechanisms like -combining characters, ISO/IEC 10646-1 specifies the following three -.I implementation levels -of UCS: -.TP 0.9i -Level 1 -Combining characters and Hangul Jamo -(a variant encoding of the Korean script, where a Hangul syllable -glyph is coded as a triplet or pair of vowel/consonant codes) are not -supported. -.TP -Level 2 -In addition to level 1, combining characters are now allowed for some -languages where they are essential (e.g., Thai, Lao, Hebrew, -Arabic, Devanagari, Malayalam). -.TP -Level 3 -All UCS characters are supported. -.P -The Unicode 3.0 Standard -published by the Unicode Consortium -contains exactly the UCS Basic Multilingual Plane -at implementation level 3, as described in ISO/IEC 10646-1:2000. -Unicode 3.1 added the supplemental planes of ISO/IEC 10646-2. -The Unicode standard and -technical reports published by the Unicode Consortium provide much -additional information on the semantics and recommended usages of -various characters. -They provide guidelines and algorithms for -editing, sorting, comparing, normalizing, converting, and displaying -Unicode strings. -.SS Unicode under Linux -Under GNU/Linux, the C type -.I wchar_t -is a signed 32-bit integer type. -Its values are always interpreted -by the C library as UCS -code values (in all locales), a convention that is signaled by the GNU -C library to applications by defining the constant -.B __STDC_ISO_10646__ -as specified in the ISO C99 standard. -.P -UCS/Unicode can be used just like ASCII in input/output streams, -terminal communication, plaintext files, filenames, and environment -variables in the ASCII compatible UTF-8 multibyte encoding. -To signal the use of UTF-8 as the character -encoding to all applications, a suitable -.I locale -has to be selected via environment variables (e.g., -"LANG=en_GB.UTF-8"). -.P -The -.B nl_langinfo(CODESET) -function returns the name of the selected encoding. -Library functions such as -.BR wctomb (3) -and -.BR mbsrtowcs (3) -can be used to transform the internal -.I wchar_t -characters and strings into the system character encoding and back -and -.BR wcwidth (3) -tells how many positions (0\[en]2) the cursor is advanced by the -output of a character. -.SS Private Use Areas (PUA) -In the Basic Multilingual Plane, -the range 0xe000 to 0xf8ff will never be assigned to any characters by -the standard and is reserved for private usage. -For the Linux -community, this private area has been subdivided further into the -range 0xe000 to 0xefff which can be used individually by any end-user -and the Linux zone in the range 0xf000 to 0xf8ff where extensions are -coordinated among all Linux users. -The registry of the characters -assigned to the Linux zone is maintained by LANANA and the registry -itself is -.I Documentation/admin\-guide/unicode.rst -in the Linux kernel sources -.\" commit 9d85025b0418163fae079c9ba8f8445212de8568 -(or -.I Documentation/unicode.txt -before Linux 4.10). -.P -Two other planes are reserved for private usage, plane 15 -(Supplementary Private Use Area-A, range 0xf0000 to 0xffffd) -and plane 16 (Supplementary Private Use Area-B, range -0x100000 to 0x10fffd). -.SS Literature -.IP \[bu] 3 -Information technology \[em] Universal Multiple-Octet Coded Character -Set (UCS) \[em] Part 1: Architecture and Basic Multilingual Plane. -International Standard ISO/IEC 10646-1, International Organization -for Standardization, Geneva, 2000. -.IP -This is the official specification of UCS. -Available from -.UR http://www.iso.ch/ -.UE . -.IP \[bu] -The Unicode Standard, Version 3.0. -The Unicode Consortium, Addison-Wesley, -Reading, MA, 2000, ISBN 0-201-61633-5. -.IP \[bu] -S.\& Harbison, G.\& Steele. C: A Reference Manual. Fourth edition, -Prentice Hall, Englewood Cliffs, 1995, ISBN 0-13-326224-3. -.IP -A good reference book about the C programming language. -The fourth -edition covers the 1994 Amendment 1 to the ISO C90 standard, which -adds a large number of new C library functions for handling wide and -multibyte character encodings, but it does not yet cover ISO C99, -which improved wide and multibyte character support even further. -.IP \[bu] -Unicode Technical Reports. -.RS -.UR http://www.unicode.org\:/reports/ -.UE -.RE -.IP \[bu] -Markus Kuhn: UTF-8 and Unicode FAQ for UNIX/Linux. -.RS -.UR http://www.cl.cam.ac.uk\:/\[ti]mgk25\:/unicode.html -.UE -.RE -.IP \[bu] -Bruno Haible: Unicode HOWTO. -.RS -.UR http://www.tldp.org\:/HOWTO\:/Unicode\-HOWTO.html -.UE -.RE -.\" .SH AUTHOR -.\" Markus Kuhn -.SH SEE ALSO -.BR locale (1), -.BR setlocale (3), -.BR charsets (7), -.BR utf\-8 (7) diff --git a/man7/units.7 b/man7/units.7 deleted file mode 100644 index da0492f..0000000 --- a/man7/units.7 +++ /dev/null @@ -1,108 +0,0 @@ -'\" t -.\" Copyright (C) 2001 Andries Brouwer -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH units 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -units \- decimal and binary prefixes -.SH DESCRIPTION -.SS Decimal prefixes -The SI system of units uses prefixes that indicate powers of ten. -A kilometer is 1000 meter, and a megawatt is 1000000 watt. -Below the standard prefixes. -.RS -.TS -l l l. -Prefix Name Value -q quecto 10\[ha]\-30 = 0.000000000000000000000000000001 -r ronto 10\[ha]\-27 = 0.000000000000000000000000001 -y yocto 10\[ha]\-24 = 0.000000000000000000000001 -z zepto 10\[ha]\-21 = 0.000000000000000000001 -a atto 10\[ha]\-18 = 0.000000000000000001 -f femto 10\[ha]\-15 = 0.000000000000001 -p pico 10\[ha]\-12 = 0.000000000001 -n nano 10\[ha]\-9 = 0.000000001 -\[mc] micro 10\[ha]\-6 = 0.000001 -m milli 10\[ha]\-3 = 0.001 -c centi 10\[ha]\-2 = 0.01 -d deci 10\[ha]\-1 = 0.1 -da deka 10\[ha] 1 = 10 -h hecto 10\[ha] 2 = 100 -k kilo 10\[ha] 3 = 1000 -M mega 10\[ha] 6 = 1000000 -G giga 10\[ha] 9 = 1000000000 -T tera 10\[ha]12 = 1000000000000 -P peta 10\[ha]15 = 1000000000000000 -E exa 10\[ha]18 = 1000000000000000000 -Z zetta 10\[ha]21 = 1000000000000000000000 -Y yotta 10\[ha]24 = 1000000000000000000000000 -R ronna 10\[ha]27 = 1000000000000000000000000000 -Q quetta 10\[ha]30 = 1000000000000000000000000000000 -.TE -.RE -.P -The symbol for micro is the Greek letter mu, often written u -in an ASCII context where this Greek letter is not available. -.SS Binary prefixes -The binary prefixes resemble the decimal ones, -but have an additional \[aq]i\[aq] -(and "Ki" starts with a capital \[aq]K\[aq]). -The names are formed by taking the -first syllable of the names of the decimal prefix with roughly the same -size, followed by "bi" for "binary". -.RS -.TS -l l l. -Prefix Name Value -Ki kibi 2\[ha]10 = 1024 -Mi mebi 2\[ha]20 = 1048576 -Gi gibi 2\[ha]30 = 1073741824 -Ti tebi 2\[ha]40 = 1099511627776 -Pi pebi 2\[ha]50 = 1125899906842624 -Ei exbi 2\[ha]60 = 1152921504606846976 -Zi zebi 2\[ha]70 = 1180591620717411303424 -Yi yobi 2\[ha]80 = 1208925819614629174706176 -.TE -.RE -.SS Discussion -Before these binary prefixes were introduced, it was fairly -common to use k=1000 and K=1024, just like b=bit, B=byte. -Unfortunately, the M is capital already, and cannot be -capitalized to indicate binary-ness. -.P -At first that didn't matter too much, since memory modules -and disks came in sizes that were powers of two, so everyone -knew that in such contexts "kilobyte" and "megabyte" meant -1024 and 1048576 bytes, respectively. -What originally was a -sloppy use of the prefixes "kilo" and "mega" started to become -regarded as the "real true meaning" when computers were involved. -But then disk technology changed, and disk sizes became arbitrary numbers. -After a period of uncertainty all disk manufacturers settled on the -standard, namely k=1000, M=1000\ k, G=1000\ M. -.P -The situation was messy: in the 14k4 modems, k=1000; in the 1.44\ MB -.\" also common: 14.4k modem -diskettes, M=1024000; and so on. -In 1998 the IEC approved the standard -that defines the binary prefixes given above, enabling people -to be precise and unambiguous. -.P -Thus, today, MB = 1000000\ B and MiB = 1048576\ B. -.P -In the free software world programs are slowly -being changed to conform. -When the Linux kernel boots and says -.P -.in +4n -.EX -hda: 120064896 sectors (61473 MB) w/2048KiB Cache -.EE -.in -.P -the MB are megabytes and the KiB are kibibytes. -.SH SEE ALSO -.UR https://www.bipm.org/\:documents/\:20126/\:41483022/\:SI\-Brochure\-9.pdf -The International System of Units -.UE . diff --git a/man7/unix.7 b/man7/unix.7 deleted file mode 100644 index 426a430..0000000 --- a/man7/unix.7 +++ /dev/null @@ -1,1223 +0,0 @@ -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1999 Andi Kleen , -.\" Copyright (C) 2008-2014, Michael Kerrisk , -.\" and Copyright (C) 2016, Heinrich Schuchardt -.\" -.\" Modified, 2003-12-02, Michael Kerrisk, -.\" Modified, 2003-09-23, Adam Langley -.\" Modified, 2004-05-27, Michael Kerrisk, -.\" Added SOCK_SEQPACKET -.\" 2008-05-27, mtk, Provide a clear description of the three types of -.\" address that can appear in the sockaddr_un structure: pathname, -.\" unnamed, and abstract. -.\" -.TH UNIX 7 2024-03-16 "Linux man-pages 6.7" -.SH NAME -unix \- sockets for local interprocess communication -.SH SYNOPSIS -.nf -.B #include -.B #include -.P -.IB unix_socket " = socket(AF_UNIX, type, 0);" -.IB error " = socketpair(AF_UNIX, type, 0, int *" sv ");" -.fi -.SH DESCRIPTION -The -.B AF_UNIX -(also known as -.BR AF_LOCAL ) -socket family is used to communicate between processes on the same machine -efficiently. -Traditionally, UNIX domain sockets can be either unnamed, -or bound to a filesystem pathname (marked as being of type socket). -Linux also supports an abstract namespace which is independent of the -filesystem. -.P -Valid socket types in the UNIX domain are: -.BR SOCK_STREAM , -for a stream-oriented socket; -.BR SOCK_DGRAM , -for a datagram-oriented socket that preserves message boundaries -(as on most UNIX implementations, UNIX domain datagram -sockets are always reliable and don't reorder datagrams); -and (since Linux 2.6.4) -.BR SOCK_SEQPACKET , -for a sequenced-packet socket that is connection-oriented, -preserves message boundaries, -and delivers messages in the order that they were sent. -.P -UNIX domain sockets support passing file descriptors or process credentials -to other processes using ancillary data. -.SS Address format -A UNIX domain socket address is represented in the following structure: -.P -.in +4n -.EX -.\" #define UNIX_PATH_MAX 108 -.\" -struct sockaddr_un { - sa_family_t sun_family; /* AF_UNIX */ - char sun_path[108]; /* Pathname */ -}; -.EE -.in -.P -The -.I sun_family -field always contains -.BR AF_UNIX . -On Linux, -.I sun_path -is 108 bytes in size; see also BUGS, below. -.P -Various system calls (for example, -.BR bind (2), -.BR connect (2), -and -.BR sendto (2)) -take a -.I sockaddr_un -argument as input. -Some other system calls (for example, -.BR getsockname (2), -.BR getpeername (2), -.BR recvfrom (2), -and -.BR accept (2)) -return an argument of this type. -.P -Three types of address are distinguished in the -.I sockaddr_un -structure: -.TP -pathname -a UNIX domain socket can be bound to a null-terminated -filesystem pathname using -.BR bind (2). -When the address of a pathname socket is returned -(by one of the system calls noted above), -its length is -.IP -.in +4n -.EX -offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1 -.EE -.in -.IP -and -.I sun_path -contains the null-terminated pathname. -(On Linux, the above -.BR offsetof () -expression equates to the same value as -.IR sizeof(sa_family_t) , -but some other implementations include other fields before -.IR sun_path , -so the -.BR offsetof () -expression more portably describes the size of the address structure.) -.IP -For further details of pathname sockets, see below. -.TP -unnamed -A stream socket that has not been bound to a pathname using -.BR bind (2) -has no name. -Likewise, the two sockets created by -.BR socketpair (2) -are unnamed. -When the address of an unnamed socket is returned, -its length is -.IR "sizeof(sa_family_t)" , -and -.I sun_path -should not be inspected. -.\" There is quite some variation across implementations: FreeBSD -.\" says the length is 16 bytes, HP-UX 11 says it's zero bytes. -.TP -abstract -an abstract socket address is distinguished (from a pathname socket) -by the fact that -.I sun_path[0] -is a null byte (\[aq]\e0\[aq]). -The socket's address in this namespace is given by the additional -bytes in -.I sun_path -that are covered by the specified length of the address structure. -(Null bytes in the name have no special significance.) -The name has no connection with filesystem pathnames. -When the address of an abstract socket is returned, -the returned -.I addrlen -is greater than -.I sizeof(sa_family_t) -(i.e., greater than 2), and the name of the socket is contained in -the first -.I (addrlen \- sizeof(sa_family_t)) -bytes of -.IR sun_path . -.SS Pathname sockets -When binding a socket to a pathname, a few rules should be observed -for maximum portability and ease of coding: -.IP \[bu] 3 -The pathname in -.I sun_path -should be null-terminated. -.IP \[bu] -The length of the pathname, including the terminating null byte, -should not exceed the size of -.IR sun_path . -.IP \[bu] -The -.I addrlen -argument that describes the enclosing -.I sockaddr_un -structure should have a value of at least: -.IP -.in +4n -.EX -offsetof(struct sockaddr_un, sun_path)+strlen(addr.sun_path)+1 -.EE -.in -.IP -or, more simply, -.I addrlen -can be specified as -.IR "sizeof(struct sockaddr_un)" . -.P -There is some variation in how implementations handle UNIX domain -socket addresses that do not follow the above rules. -For example, some (but not all) implementations -.\" Linux does this, including for the case where the supplied path -.\" is 108 bytes -append a null terminator if none is present in the supplied -.IR sun_path . -.P -When coding portable applications, -keep in mind that some implementations -.\" HP-UX -have -.I sun_path -as short as 92 bytes. -.\" Modern BSDs generally have 104, Tru64 and AIX have 104, -.\" Solaris and Irix have 108 -.P -Various system calls -.RB ( accept (2), -.BR recvfrom (2), -.BR getsockname (2), -.BR getpeername (2)) -return socket address structures. -When applied to UNIX domain sockets, the value-result -.I addrlen -argument supplied to the call should be initialized as above. -Upon return, the argument is set to indicate the -.I actual -size of the address structure. -The caller should check the value returned in this argument: -if the output value exceeds the input value, -then there is no guarantee that a null terminator is present in -.IR sun_path . -(See BUGS.) -.\" -.SS Pathname socket ownership and permissions -In the Linux implementation, -pathname sockets honor the permissions of the directory they are in. -Creation of a new socket fails if the process does not have write and -search (execute) permission on the directory in which the socket is created. -.P -On Linux, -connecting to a stream socket object requires write permission on that socket; -sending a datagram to a datagram socket likewise -requires write permission on that socket. -POSIX does not make any statement about the effect of the permissions -on a socket file, and on some systems (e.g., older BSDs), -the socket permissions are ignored. -Portable programs should not rely on -this feature for security. -.P -When creating a new socket, the owner and group of the socket file -are set according to the usual rules. -The socket file has all permissions enabled, -other than those that are turned off by the process -.BR umask (2). -.P -The owner, group, and permissions of a pathname socket can be changed (using -.BR chown (2) -and -.BR chmod (2)). -.\" However, fchown() and fchmod() do not seem to have an effect -.\" -.SS Abstract sockets -Socket permissions have no meaning for abstract sockets: -the process -.BR umask (2) -has no effect when binding an abstract socket, -and changing the ownership and permissions of the object (via -.BR fchown (2) -and -.BR fchmod (2)) -has no effect on the accessibility of the socket. -.P -Abstract sockets automatically disappear when all open references -to the socket are closed. -.P -The abstract socket namespace is a nonportable Linux extension. -.\" -.SS Socket options -For historical reasons, these socket options are specified with a -.B SOL_SOCKET -type even though they are -.B AF_UNIX -specific. -They can be set with -.BR setsockopt (2) -and read with -.BR getsockopt (2) -by specifying -.B SOL_SOCKET -as the socket family. -.TP -.B SO_PASSCRED -Enabling this socket option causes receipt of the credentials of -the sending process in an -.B SCM_CREDENTIALS ancillary -message in each subsequently received message. -The returned credentials are those specified by the sender using -.BR SCM_CREDENTIALS , -or a default that includes the sender's PID, real user ID, and real group ID, -if the sender did not specify -.B SCM_CREDENTIALS -ancillary data. -.IP -When this option is set and the socket is not yet connected, -a unique name in the abstract namespace will be generated automatically. -.IP -The value given as an argument to -.BR setsockopt (2) -and returned as the result of -.BR getsockopt (2) -is an integer boolean flag. -.TP -.B SO_PASSSEC -Enables receiving of the SELinux security label of the peer socket -in an ancillary message of type -.B SCM_SECURITY -(see below). -.IP -The value given as an argument to -.BR setsockopt (2) -and returned as the result of -.BR getsockopt (2) -is an integer boolean flag. -.IP -The -.B SO_PASSSEC -option is supported for UNIX domain datagram sockets -.\" commit 877ce7c1b3afd69a9b1caeb1b9964c992641f52a -since Linux 2.6.18; -support for UNIX domain stream sockets was added -.\" commit 37a9a8df8ce9de6ea73349c9ac8bdf6ba4ec4f70 -in Linux 4.2. -.TP -.B SO_PEEK_OFF -See -.BR socket (7). -.TP -.B SO_PEERCRED -This read-only socket option returns the -credentials of the peer process connected to this socket. -The returned credentials are those that were in effect at the time -of the call to -.BR connect (2), -.BR listen (2), -or -.BR socketpair (2). -.IP -The argument to -.BR getsockopt (2) -is a pointer to a -.I ucred -structure; define the -.B _GNU_SOURCE -feature test macro to obtain the definition of that structure from -.IR . -.IP -The use of this option is possible only for connected -.B AF_UNIX -stream sockets and for -.B AF_UNIX -stream and datagram socket pairs created using -.BR socketpair (2). -.TP -.B SO_PEERSEC -This read-only socket option returns the -security context of the peer socket connected to this socket. -By default, this will be the same as the security context of -the process that created the peer socket unless overridden -by the policy or by a process with the required permissions. -.IP -The argument to -.BR getsockopt (2) -is a pointer to a buffer of the specified length in bytes -into which the security context string will be copied. -If the buffer length is less than the length of the security -context string, then -.BR getsockopt (2) -returns \-1, sets -.I errno -to -.BR ERANGE , -and returns the required length via -.IR optlen . -The caller should allocate at least -.B NAME_MAX -bytes for the buffer initially, although this is not guaranteed -to be sufficient. -Resizing the buffer to the returned length -and retrying may be necessary. -.IP -The security context string may include a terminating null character -in the returned length, but is not guaranteed to do so: a security -context "foo" might be represented as either {'f','o','o'} of length 3 -or {'f','o','o','\\0'} of length 4, which are considered to be -interchangeable. -The string is printable, does not contain non-terminating null characters, -and is in an unspecified encoding (in particular, it -is not guaranteed to be ASCII or UTF-8). -.IP -The use of this option for sockets in the -.B AF_UNIX -address family is supported since Linux 2.6.2 for connected stream sockets, -and since Linux 4.18 -.\" commit 0b811db2cb2aabc910e53d34ebb95a15997c33e7 -also for stream and datagram socket pairs created using -.BR socketpair (2). -.\" -.SS Autobind feature -If a -.BR bind (2) -call specifies -.I addrlen -as -.IR sizeof(sa_family_t) , -.\" i.e., sizeof(short) -or the -.B SO_PASSCRED -socket option was specified for a socket that was -not explicitly bound to an address, -then the socket is autobound to an abstract address. -The address consists of a null byte -followed by 5 bytes in the character set -.IR [0\-9a\-f] . -Thus, there is a limit of 2\[ha]20 autobind addresses. -(From Linux 2.1.15, when the autobind feature was added, -8 bytes were used, and the limit was thus 2\[ha]32 autobind addresses. -The change to 5 bytes came in Linux 2.3.15.) -.SS Sockets API -The following paragraphs describe domain-specific details and -unsupported features of the sockets API for UNIX domain sockets on Linux. -.P -UNIX domain sockets do not support the transmission of -out-of-band data (the -.B MSG_OOB -flag for -.BR send (2) -and -.BR recv (2)). -.P -The -.BR send (2) -.B MSG_MORE -flag is not supported by UNIX domain sockets. -.P -Before Linux 3.4, -.\" commit 9f6f9af7694ede6314bed281eec74d588ba9474f -the use of -.B MSG_TRUNC -in the -.I flags -argument of -.BR recv (2) -was not supported by UNIX domain sockets. -.P -The -.B SO_SNDBUF -socket option does have an effect for UNIX domain sockets, but the -.B SO_RCVBUF -option does not. -For datagram sockets, the -.B SO_SNDBUF -value imposes an upper limit on the size of outgoing datagrams. -This limit is calculated as the doubled (see -.BR socket (7)) -option value less 32 bytes used for overhead. -.SS Ancillary messages -Ancillary data is sent and received using -.BR sendmsg (2) -and -.BR recvmsg (2). -For historical reasons, the ancillary message types listed below -are specified with a -.B SOL_SOCKET -type even though they are -.B AF_UNIX -specific. -To send them, set the -.I cmsg_level -field of the struct -.I cmsghdr -to -.B SOL_SOCKET -and the -.I cmsg_type -field to the type. -For more information, see -.BR cmsg (3). -.TP -.B SCM_RIGHTS -Send or receive a set of open file descriptors from another process. -The data portion contains an integer array of the file descriptors. -.IP -Commonly, this operation is referred to as "passing a file descriptor" -to another process. -However, more accurately, -what is being passed is a reference to an open file description (see -.BR open (2)), -and in the receiving process it is likely that a different -file descriptor number will be used. -Semantically, this operation is equivalent to duplicating -.RB ( dup (2)) -a file descriptor into the file descriptor table of another process. -.IP -If the buffer used to receive the ancillary data containing -file descriptors is too small (or is absent), -then the ancillary data is truncated (or discarded) -and the excess file descriptors are automatically closed -in the receiving process. -.IP -If the number of file descriptors received in the ancillary data would -cause the process to exceed its -.B RLIMIT_NOFILE -resource limit (see -.BR getrlimit (2)), -the excess file descriptors are automatically closed -in the receiving process. -.IP -The kernel constant -.B SCM_MAX_FD -defines a limit on the number of file descriptors in the array. -Attempting to send an array larger than this limit causes -.BR sendmsg (2) -to fail with the error -.BR EINVAL . -.B SCM_MAX_FD -has the value 253 -.\" commit bba14de98753cb6599a2dae0e520714b2153522d -(or 255 before Linux 2.6.38). -.TP -.B SCM_CREDENTIALS -Send or receive UNIX credentials. -This can be used for authentication. -The credentials are passed as a -.I struct ucred -ancillary message. -This structure is defined in -.I -as follows: -.IP -.in +4n -.EX -struct ucred { - pid_t pid; /* Process ID of the sending process */ - uid_t uid; /* User ID of the sending process */ - gid_t gid; /* Group ID of the sending process */ -}; -.EE -.in -.IP -Since glibc 2.8, the -.B _GNU_SOURCE -feature test macro must be defined (before including -.I any -header files) in order to obtain the definition -of this structure. -.IP -The credentials which the sender specifies are checked by the kernel. -A privileged process is allowed to specify values that do not match its own. -The sender must specify its own process ID (unless it has the capability -.BR CAP_SYS_ADMIN , -in which case the PID of any existing process may be specified), -its real user ID, effective user ID, or saved set-user-ID (unless it has -.BR CAP_SETUID ), -and its real group ID, effective group ID, or saved set-group-ID -(unless it has -.BR CAP_SETGID ). -.IP -To receive a -.I struct ucred -message, the -.B SO_PASSCRED -option must be enabled on the socket. -.TP -.B SCM_SECURITY -Receive the SELinux security context (the security label) -of the peer socket. -The received ancillary data is a null-terminated string containing -the security context. -The receiver should allocate at least -.B NAME_MAX -bytes in the data portion of the ancillary message for this data. -.IP -To receive the security context, the -.B SO_PASSSEC -option must be enabled on the socket (see above). -.P -When sending ancillary data with -.BR sendmsg (2), -only one item of each of the above types may be included in the sent message. -.P -At least one byte of real data should be sent when sending ancillary data. -On Linux, this is required to successfully send ancillary data over -a UNIX domain stream socket. -When sending ancillary data over a UNIX domain datagram socket, -it is not necessary on Linux to send any accompanying real data. -However, portable applications should also include at least one byte -of real data when sending ancillary data over a datagram socket. -.P -When receiving from a stream socket, -ancillary data forms a kind of barrier for the received data. -For example, suppose that the sender transmits as follows: -.P -.RS -.PD 0 -.IP (1) 5 -.BR sendmsg (2) -of four bytes, with no ancillary data. -.IP (2) -.BR sendmsg (2) -of one byte, with ancillary data. -.IP (3) -.BR sendmsg (2) -of four bytes, with no ancillary data. -.PD -.RE -.P -Suppose that the receiver now performs -.BR recvmsg (2) -calls each with a buffer size of 20 bytes. -The first call will receive five bytes of data, -along with the ancillary data sent by the second -.BR sendmsg (2) -call. -The next call will receive the remaining four bytes of data. -.P -If the space allocated for receiving incoming ancillary data is too small -then the ancillary data is truncated to the number of headers -that will fit in the supplied buffer (or, in the case of an -.B SCM_RIGHTS -file descriptor list, the list of file descriptors may be truncated). -If no buffer is provided for incoming ancillary data (i.e., the -.I msg_control -field of the -.I msghdr -structure supplied to -.BR recvmsg (2) -is NULL), -then the incoming ancillary data is discarded. -In both of these cases, the -.B MSG_CTRUNC -flag will be set in the -.I msg.msg_flags -value returned by -.BR recvmsg (2). -.\" -.SS Ioctls -The following -.BR ioctl (2) -calls return information in -.IR value . -The correct syntax is: -.P -.RS -.nf -.BI int " value"; -.IB error " = ioctl(" unix_socket ", " ioctl_type ", &" value ");" -.fi -.RE -.P -.I ioctl_type -can be: -.TP -.B SIOCINQ -For -.B SOCK_STREAM -sockets, this call returns the number of unread bytes in the receive buffer. -The socket must not be in LISTEN state, otherwise an error -.RB ( EINVAL ) -is returned. -.B SIOCINQ -is defined in -.IR . -.\" FIXME . https://www.sourceware.org/bugzilla/show_bug.cgi?id=12002, -.\" filed 2010-09-10, may cause SIOCINQ to be defined in glibc headers -Alternatively, -you can use the synonymous -.BR FIONREAD , -defined in -.IR . -.\" SIOCOUTQ also has an effect for UNIX domain sockets, but not -.\" quite what userland might expect. It seems to return the number -.\" of bytes allocated for buffers containing pending output. -.\" That number is normally larger than the number of bytes of pending -.\" output. Since this info is, from userland's point of view, imprecise, -.\" and it may well change, probably best not to document this now. -For -.B SOCK_DGRAM -sockets, -the returned value is the same as -for Internet domain datagram sockets; -see -.BR udp (7). -.SH ERRORS -.TP -.B EADDRINUSE -The specified local address is already in use or the filesystem socket -object already exists. -.TP -.B EBADF -This error can occur for -.BR sendmsg (2) -when sending a file descriptor as ancillary data over -a UNIX domain socket (see the description of -.BR SCM_RIGHTS , -above), and indicates that the file descriptor number that -is being sent is not valid (e.g., it is not an open file descriptor). -.TP -.B ECONNREFUSED -The remote address specified by -.BR connect (2) -was not a listening socket. -This error can also occur if the target pathname is not a socket. -.TP -.B ECONNRESET -Remote socket was unexpectedly closed. -.TP -.B EFAULT -User memory address was not valid. -.TP -.B EINVAL -Invalid argument passed. -A common cause is that the value -.B AF_UNIX -was not specified in the -.I sun_type -field of passed addresses, or the socket was in an -invalid state for the applied operation. -.TP -.B EISCONN -.BR connect (2) -called on an already connected socket or a target address was -specified on a connected socket. -.TP -.B ENFILE -The system-wide limit on the total number of open files has been reached. -.TP -.B ENOENT -The pathname in the remote address specified to -.BR connect (2) -did not exist. -.TP -.B ENOMEM -Out of memory. -.TP -.B ENOTCONN -Socket operation needs a target address, but the socket is not connected. -.TP -.B EOPNOTSUPP -Stream operation called on non-stream oriented socket or tried to -use the out-of-band data option. -.TP -.B EPERM -The sender passed invalid credentials in the -.IR "struct ucred" . -.TP -.B EPIPE -Remote socket was closed on a stream socket. -If enabled, a -.B SIGPIPE -is sent as well. -This can be avoided by passing the -.B MSG_NOSIGNAL -flag to -.BR send (2) -or -.BR sendmsg (2). -.TP -.B EPROTONOSUPPORT -Passed protocol is not -.BR AF_UNIX . -.TP -.B EPROTOTYPE -Remote socket does not match the local socket type -.RB ( SOCK_DGRAM -versus -.BR SOCK_STREAM ). -.TP -.B ESOCKTNOSUPPORT -Unknown socket type. -.TP -.B ESRCH -While sending an ancillary message containing credentials -.RB ( SCM_CREDENTIALS ), -the caller specified a PID that does not match any existing process. -.TP -.B ETOOMANYREFS -This error can occur for -.BR sendmsg (2) -when sending a file descriptor as ancillary data over -a UNIX domain socket (see the description of -.BR SCM_RIGHTS , -above). -It occurs if the number of "in-flight" file descriptors exceeds the -.B RLIMIT_NOFILE -resource limit and the caller does not have the -.B CAP_SYS_RESOURCE -capability. -An in-flight file descriptor is one that has been sent using -.BR sendmsg (2) -but has not yet been accepted in the recipient process using -.BR recvmsg (2). -.IP -This error is diagnosed since mainline Linux 4.5 -(and in some earlier kernel versions where the fix has been backported). -.\" commit 712f4aad406bb1ed67f3f98d04c044191f0ff593 -In earlier kernel versions, -it was possible to place an unlimited number of file descriptors in flight, -by sending each file descriptor with -.BR sendmsg (2) -and then closing the file descriptor so that it was not accounted against the -.B RLIMIT_NOFILE -resource limit. -.P -Other errors can be generated by the generic socket layer or -by the filesystem while generating a filesystem socket object. -See the appropriate manual pages for more information. -.SH VERSIONS -.B SCM_CREDENTIALS -and the abstract namespace were introduced with Linux 2.2 and should not -be used in portable programs. -(Some BSD-derived systems also support credential passing, -but the implementation details differ.) -.SH NOTES -Binding to a socket with a filename creates a socket -in the filesystem that must be deleted by the caller when it is no -longer needed (using -.BR unlink (2)). -The usual UNIX close-behind semantics apply; the socket can be unlinked -at any time and will be finally removed from the filesystem when the last -reference to it is closed. -.P -To pass file descriptors or credentials over a -.B SOCK_STREAM -socket, you must -send or receive at least one byte of nonancillary data in the same -.BR sendmsg (2) -or -.BR recvmsg (2) -call. -.P -UNIX domain stream sockets do not support the notion of out-of-band data. -.\" -.SH BUGS -When binding a socket to an address, -Linux is one of the implementations that append a null terminator -if none is supplied in -.IR sun_path . -In most cases this is unproblematic: -when the socket address is retrieved, -it will be one byte longer than that supplied when the socket was bound. -However, there is one case where confusing behavior can result: -if 108 non-null bytes are supplied when a socket is bound, -then the addition of the null terminator takes the length of -the pathname beyond -.IR sizeof(sun_path) . -Consequently, when retrieving the socket address -(for example, via -.BR accept (2)), -.\" The behavior on Solaris is quite similar. -if the input -.I addrlen -argument for the retrieving call is specified as -.IR "sizeof(struct sockaddr_un)" , -then the returned address structure -.I won't -have a null terminator in -.IR sun_path . -.P -In addition, some implementations -.\" i.e., traditional BSD -don't require a null terminator when binding a socket (the -.I addrlen -argument is used to determine the length of -.IR sun_path ) -and when the socket address is retrieved on these implementations, -there is no null terminator in -.IR sun_path . -.P -Applications that retrieve socket addresses can (portably) code -to handle the possibility that there is no null terminator in -.I sun_path -by respecting the fact that the number of valid bytes in the pathname is: -.P -.in +4n -.EX -strnlen(addr.sun_path, addrlen \- offsetof(sockaddr_un, sun_path)) -.EE -.in -.\" The following patch to amend kernel behavior was rejected: -.\" http://thread.gmane.org/gmane.linux.kernel.api/2437 -.\" Subject: [patch] Fix handling of overlength pathname in AF_UNIX sun_path -.\" 2012-04-17 -.\" And there was a related discussion in the Austin list: -.\" http://thread.gmane.org/gmane.comp.standards.posix.austin.general/5735 -.\" Subject: Having a sun_path with no null terminator -.\" 2012-04-18 -.\" -.\" FIXME . Track http://austingroupbugs.net/view.php?id=561 -.P -Alternatively, an application can retrieve -the socket address by allocating a buffer of size -.I "sizeof(struct sockaddr_un)+1" -that is zeroed out before the retrieval. -The retrieving call can specify -.I addrlen -as -.IR "sizeof(struct sockaddr_un)" , -and the extra zero byte ensures that there will be -a null terminator for the string returned in -.IR sun_path : -.P -.in +4n -.EX -void *addrp; -\& -addrlen = sizeof(struct sockaddr_un); -addrp = malloc(addrlen + 1); -if (addrp == NULL) - /* Handle error */ ; -memset(addrp, 0, addrlen + 1); -\& -if (getsockname(sfd, (struct sockaddr *) addrp, &addrlen)) == \-1) - /* handle error */ ; -\& -printf("sun_path = %s\en", ((struct sockaddr_un *) addrp)\->sun_path); -.EE -.in -.P -This sort of messiness can be avoided if it is guaranteed -that the applications that -.I create -pathname sockets follow the rules outlined above under -.IR "Pathname sockets" . -.SH EXAMPLES -The following code demonstrates the use of sequenced-packet -sockets for local interprocess communication. -It consists of two programs. -The server program waits for a connection from the client program. -The client sends each of its command-line arguments in separate messages. -The server treats the incoming messages as integers and adds them up. -The client sends the command string "END". -The server sends back a message containing the sum of the client's integers. -The client prints the sum and exits. -The server waits for the next client to connect. -To stop the server, the client is called with the command-line argument "DOWN". -.P -The following output was recorded while running the server in the background -and repeatedly executing the client. -Execution of the server program ends when it receives the "DOWN" command. -.SS Example output -.in +4n -.EX -$ \fB./server &\fP -[1] 25887 -$ \fB./client 3 4\fP -Result = 7 -$ \fB./client 11 \-5\fP -Result = 6 -$ \fB./client DOWN\fP -Result = 0 -[1]+ Done ./server -$ -.EE -.in -.SS Program source -\& -.\" SRC BEGIN (connection.h) -.EX -/* - * File connection.h - */ -\& -#define SOCKET_NAME "/tmp/9Lq7BNBnBycd6nxy.socket" -#define BUFFER_SIZE 12 -.EE -.\" SRC END -.P -.\" SRC BEGIN (server.c) -.EX -/* - * File server.c - */ -\& -#include -#include -#include -#include -#include -#include -\& -#include "connection.h" -\& -int -main(void) -{ - int down_flag = 0; - int ret; - int connection_socket; - int data_socket; - int result; - ssize_t r, w; - struct sockaddr_un name; - char buffer[BUFFER_SIZE]; -\& - /* Create local socket. */ -\& - connection_socket = socket(AF_UNIX, SOCK_SEQPACKET, 0); - if (connection_socket == \-1) { - perror("socket"); - exit(EXIT_FAILURE); - } -\& - /* - * For portability clear the whole structure, since some - * implementations have additional (nonstandard) fields in - * the structure. - */ -\& - memset(&name, 0, sizeof(name)); -\& - /* Bind socket to socket name. */ -\& - name.sun_family = AF_UNIX; - strncpy(name.sun_path, SOCKET_NAME, sizeof(name.sun_path) \- 1); -\& - ret = bind(connection_socket, (const struct sockaddr *) &name, - sizeof(name)); - if (ret == \-1) { - perror("bind"); - exit(EXIT_FAILURE); - } -\& - /* - * Prepare for accepting connections. The backlog size is set - * to 20. So while one request is being processed other requests - * can be waiting. - */ -\& - ret = listen(connection_socket, 20); - if (ret == \-1) { - perror("listen"); - exit(EXIT_FAILURE); - } -\& - /* This is the main loop for handling connections. */ -\& - for (;;) { -\& - /* Wait for incoming connection. */ -\& - data_socket = accept(connection_socket, NULL, NULL); - if (data_socket == \-1) { - perror("accept"); - exit(EXIT_FAILURE); - } -\& - result = 0; - for (;;) { -\& - /* Wait for next data packet. */ -\& - r = read(data_socket, buffer, sizeof(buffer)); - if (r == \-1) { - perror("read"); - exit(EXIT_FAILURE); - } -\& - /* Ensure buffer is 0\-terminated. */ -\& - buffer[sizeof(buffer) \- 1] = 0; -\& - /* Handle commands. */ -\& - if (!strncmp(buffer, "DOWN", sizeof(buffer))) { - down_flag = 1; - continue; - } -\& - if (!strncmp(buffer, "END", sizeof(buffer))) { - break; - } -\& - if (down_flag) { - continue; - } -\& - /* Add received summand. */ -\& - result += atoi(buffer); - } -\& - /* Send result. */ -\& - sprintf(buffer, "%d", result); - w = write(data_socket, buffer, sizeof(buffer)); - if (w == \-1) { - perror("write"); - exit(EXIT_FAILURE); - } -\& - /* Close socket. */ -\& - close(data_socket); -\& - /* Quit on DOWN command. */ -\& - if (down_flag) { - break; - } - } -\& - close(connection_socket); -\& - /* Unlink the socket. */ -\& - unlink(SOCKET_NAME); -\& - exit(EXIT_SUCCESS); -} -.EE -.\" SRC END -.P -.\" SRC BEGIN (client.c) -.EX -/* - * File client.c - */ -\& -#include -#include -#include -#include -#include -#include -\& -#include "connection.h" -\& -int -main(int argc, char *argv[]) -{ - int ret; - int data_socket; - ssize_t r, w; - struct sockaddr_un addr; - char buffer[BUFFER_SIZE]; -\& - /* Create local socket. */ -\& - data_socket = socket(AF_UNIX, SOCK_SEQPACKET, 0); - if (data_socket == \-1) { - perror("socket"); - exit(EXIT_FAILURE); - } -\& - /* - * For portability clear the whole structure, since some - * implementations have additional (nonstandard) fields in - * the structure. - */ -\& - memset(&addr, 0, sizeof(addr)); -\& - /* Connect socket to socket address. */ -\& - addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, SOCKET_NAME, sizeof(addr.sun_path) \- 1); -\& - ret = connect(data_socket, (const struct sockaddr *) &addr, - sizeof(addr)); - if (ret == \-1) { - fprintf(stderr, "The server is down.\en"); - exit(EXIT_FAILURE); - } -\& - /* Send arguments. */ -\& - for (int i = 1; i < argc; ++i) { - w = write(data_socket, argv[i], strlen(argv[i]) + 1); - if (w == \-1) { - perror("write"); - break; - } - } -\& - /* Request result. */ -\& - strcpy(buffer, "END"); - w = write(data_socket, buffer, strlen(buffer) + 1); - if (w == \-1) { - perror("write"); - exit(EXIT_FAILURE); - } -\& - /* Receive result. */ -\& - r = read(data_socket, buffer, sizeof(buffer)); - if (r == \-1) { - perror("read"); - exit(EXIT_FAILURE); - } -\& - /* Ensure buffer is 0\-terminated. */ -\& - buffer[sizeof(buffer) \- 1] = 0; -\& - printf("Result = %s\en", buffer); -\& - /* Close socket. */ -\& - close(data_socket); -\& - exit(EXIT_SUCCESS); -} -.EE -.\" SRC END -.P -For examples of the use of -.BR SCM_RIGHTS , -see -.BR cmsg (3) -and -.BR seccomp_unotify (2). -.SH SEE ALSO -.BR recvmsg (2), -.BR sendmsg (2), -.BR socket (2), -.BR socketpair (2), -.BR cmsg (3), -.BR capabilities (7), -.BR credentials (7), -.BR socket (7), -.BR udp (7) diff --git a/man7/uri.7 b/man7/uri.7 deleted file mode 100644 index 6823b45..0000000 --- a/man7/uri.7 +++ /dev/null @@ -1,761 +0,0 @@ -.\" (C) Copyright 1999-2000 David A. Wheeler (dwheeler@dwheeler.com) -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" Fragments of this document are directly derived from IETF standards. -.\" For those fragments which are directly derived from such standards, -.\" the following notice applies, which is the standard copyright and -.\" rights announcement of The Internet Society: -.\" -.\" Copyright (C) The Internet Society (1998). All Rights Reserved. -.\" This document and translations of it may be copied and furnished to -.\" others, and derivative works that comment on or otherwise explain it -.\" or assist in its implementation may be prepared, copied, published -.\" and distributed, in whole or in part, without restriction of any -.\" kind, provided that the above copyright notice and this paragraph are -.\" included on all such copies and derivative works. However, this -.\" document itself may not be modified in any way, such as by removing -.\" the copyright notice or references to the Internet Society or other -.\" Internet organizations, except as needed for the purpose of -.\" developing Internet standards in which case the procedures for -.\" copyrights defined in the Internet Standards process must be -.\" followed, or as required to translate it into languages other than English. -.\" -.\" Modified Fri Jul 25 23:00:00 1999 by David A. Wheeler (dwheeler@dwheeler.com) -.\" Modified Fri Aug 21 23:00:00 1999 by David A. Wheeler (dwheeler@dwheeler.com) -.\" Modified Tue Mar 14 2000 by David A. Wheeler (dwheeler@dwheeler.com) -.\" -.TH uri 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -uri, url, urn \- uniform resource identifier (URI), including a URL or URN -.SH SYNOPSIS -.SY "\fIURI\fP \fR=\fP" -.RI [\~ absoluteURI -| -.IR relativeURI \~] -.RB [\~\[dq] # \[dq]\~\c -.IR fragment \~] -.YS -.P -.SY "\fIabsoluteURI\fP \fR=\fP" -.I scheme\~\c -.RB \[dq] : \[dq] -.RI (\~ hierarchical_part -| -.IR opaque_part \~) -.YS -.P -.SY "\fIrelativeURI\fP \fR=\fP" -.RI (\~ net_path -| -.I absolute_path -| -.IR relative_path \~) -.RB [\~\[dq] ? \[dq]\~\c -.IR query \~] -.YS -.P -.SY "\fIscheme\fP \fR=\fP" -.RB \[dq] http \[dq] -| -.RB \[dq] ftp \[dq] -| -.RB \[dq] gopher \[dq] -| -.RB \[dq] mailto \[dq] -| -.RB \[dq] news \[dq] -| -.RB \[dq] telnet \[dq] -| -.RB \[dq] file \[dq] -| -.RB \[dq] ftp \[dq] -| -.RB \[dq] man \[dq] -| -.RB \[dq] info \[dq] -| -.RB \[dq] whatis \[dq] -| -.RB \[dq] ldap \[dq] -| -.RB \[dq] wais \[dq] -| \&... -.YS -.P -.SY "\fIhierarchical_part\fP \fR=\fP" -.RI (\~ net_path -| -.IR absolute_path \~) -.RB [\~\[dq] ? \[dq]\~\c -.IR query \~] -.YS -.P -.SY "\fInet_path\fP \fR=\fP" -.RB \[dq] // \[dq]\~\c -.I authority -.RI [\~ absolute_path \~] -.YS -.P -.SY "\fIabsolute_path\fP \fR=\fP" -.RB \[dq] / \[dq]\~\c -.I path_segments -.YS -.P -.SY "\fIrelative_path\fP \fR=\fP" -.I relative_segment -.RI [\~ absolute_path \~] -.YS -.SH DESCRIPTION -A Uniform Resource Identifier (URI) is a short string of characters -identifying an abstract or physical resource (for example, a web page). -A Uniform Resource Locator (URL) is a URI -that identifies a resource through its primary access -mechanism (e.g., its network "location"), rather than -by name or some other attribute of that resource. -A Uniform Resource Name (URN) is a URI -that must remain globally unique and persistent even when -the resource ceases to exist or becomes unavailable. -.P -URIs are the standard way to name hypertext link destinations -for tools such as web browsers. -The string "http://www.kernel.org" is a URL (and thus it -is also a URI). -Many people use the term URL loosely as a synonym for URI -(though technically URLs are a subset of URIs). -.P -URIs can be absolute or relative. -An absolute identifier refers to a resource independent of -context, while a relative -identifier refers to a resource by describing the difference -from the current context. -Within a relative path reference, the complete path segments "." and -".." have special meanings: "the current hierarchy level" and "the -level above this hierarchy level", respectively, just like they do in -UNIX-like systems. -A path segment which contains a colon -character can't be used as the first segment of a relative URI path -(e.g., "this:that"), because it would be mistaken for a scheme name; -precede such segments with ./ (e.g., "./this:that"). -Note that descendants of MS-DOS (e.g., Microsoft Windows) replace -devicename colons with the vertical bar ("|") in URIs, so "C:" becomes "C|". -.P -A fragment identifier, -if included, -refers to a particular named portion (fragment) of a resource; -text after a \[aq]#\[aq] identifies the fragment. -A URI beginning with \[aq]#\[aq] -refers to that fragment in the current resource. -.SS Usage -There are many different URI schemes, each with specific -additional rules and meanings, but they are intentionally made to be -as similar as possible. -For example, many URL schemes -permit the authority to be the following format, called here an -.I ip_server -(square brackets show what's optional): -.P -.IR "ip_server = " [ user " [ : " password " ] @ ] " host " [ : " port ] -.P -This format allows you to optionally insert a username, -a user plus password, and/or a port number. -The -.I host -is the name of the host computer, either its name as determined by DNS -or an IP address (numbers separated by periods). -Thus the URI - -logs into a web server on host example.com -as fred (using fredpassword) using port 8080. -Avoid including a password in a URI if possible because of the many -security risks of having a password written down. -If the URL supplies a username but no password, and the remote -server requests a password, the program interpreting the URL -should request one from the user. -.P -Here are some of the most common schemes in use on UNIX-like systems -that are understood by many tools. -Note that many tools using URIs also have internal schemes or specialized -schemes; see those tools' documentation for information on those schemes. -.P -.B "http \- Web (HTTP) server" -.P -.RI http:// ip_server / path -.br -.RI http:// ip_server / path ? query -.P -This is a URL accessing a web (HTTP) server. -The default port is 80. -If the path refers to a directory, the web server will choose what -to return; usually if there is a file named "index.html" or "index.htm" -its content is returned, otherwise, a list of the files in the current -directory (with appropriate links) is generated and returned. -An example is . -.P -A query can be given in the archaic "isindex" format, consisting of a -word or phrase and not including an equal sign (=). -A query can also be in the longer "GET" format, which has one or more -query entries of the form -.IR key = value -separated by the ampersand character (&). -Note that -.I key -can be repeated more than once, though it's up to the web server -and its application programs to determine if there's any meaning to that. -There is an unfortunate interaction with HTML/XML/SGML and -the GET query format; when such URIs with more than one key -are embedded in SGML/XML documents (including HTML), the ampersand -(&) has to be rewritten as &. -Note that not all queries use this format; larger forms -may be too long to store as a URI, so they use a different -interaction mechanism (called POST) which does -not include the data in the URI. -See the Common Gateway Interface specification at -.UR http://www.w3.org\:/CGI -.UE -for more information. -.P -.B "ftp \- File Transfer Protocol (FTP)" -.P -.RI ftp:// ip_server / path -.P -This is a URL accessing a file through the file transfer protocol (FTP). -The default port (for control) is 21. -If no username is included, the username "anonymous" is supplied, and -in that case many clients provide as the password the requestor's -Internet email address. -An example is -. -.P -.B "gopher \- Gopher server" -.P -.RI gopher:// ip_server / "gophertype selector" -.br -.RI gopher:// ip_server / "gophertype selector" %09 search -.br -.RI gopher:// ip_server / "gophertype selector" %09 search %09 gopher+_string -.br -.P -The default gopher port is 70. -.I gophertype -is a single-character field to denote the -Gopher type of the resource to -which the URL refers. -The entire path may also be empty, in -which case the delimiting "/" is also optional and the gophertype -defaults to "1". -.P -.I selector -is the Gopher selector string. -In the Gopher protocol, -Gopher selector strings are a sequence of octets which may contain -any octets except 09 hexadecimal (US-ASCII HT or tab), 0A hexadecimal -(US-ASCII character LF), and 0D (US-ASCII character CR). -.P -.B "mailto \- Email address" -.P -.RI mailto: email-address -.P -This is an email address, usually of the form -.IR name @ hostname . -See -.BR mailaddr (7) -for more information on the correct format of an email address. -Note that any % character must be rewritten as %25. -An example is . -.P -.B "news \- Newsgroup or News message" -.P -.RI news: newsgroup-name -.br -.RI news: message-id -.P -A -.I newsgroup-name -is a period-delimited hierarchical name, such as -"comp.infosystems.www.misc". -If is "*" (as in ), it is used to refer -to "all available news groups". -An example is . -.P -A -.I message-id -corresponds to the Message-ID of -.UR http://www.ietf.org\:/rfc\:/rfc1036.txt -IETF RFC\ 1036, -.UE -without the enclosing "<" -and ">"; it takes the form -.IR unique @ full_domain_name . -A message identifier may be distinguished from a news group name by the -presence of the "@" character. -.P -.B "telnet \- Telnet login" -.P -.RI telnet:// ip_server / -.P -The Telnet URL scheme is used to designate interactive text services that -may be accessed by the Telnet protocol. -The final "/" character may be omitted. -The default port is 23. -An example is . -.P -.B "file \- Normal file" -.P -.RI file:// ip_server / path_segments -.br -.RI file: path_segments -.P -This represents a file or directory accessible locally. -As a special case, -.I ip_server -can be the string "localhost" or the empty -string; this is interpreted as "the machine from which the URL is -being interpreted". -If the path is to a directory, the viewer should display the -directory's contents with links to each containee; -not all viewers currently do this. -KDE supports generated files through the URL . -If the given file isn't found, browser writers may want to try to expand -the filename via filename globbing -(see -.BR glob (7) -and -.BR glob (3)). -.P -The second format (e.g., ) -is a correct format for referring to -a local file. -However, older standards did not permit this format, -and some programs don't recognize this as a URI. -A more portable syntax is to use an empty string as the server name, -for example, -; this form does the same thing -and is easily recognized by pattern matchers and older programs as a URI. -Note that if you really mean to say "start from the current location", don't -specify the scheme at all; use a relative address like <../test.txt>, -which has the side-effect of being scheme-independent. -An example of this scheme is . -.P -.B "man \- Man page documentation" -.P -.RI man: command-name -.br -.RI man: command-name ( section ) -.P -This refers to local online manual (man) reference pages. -The command name can optionally be followed by a -parenthesis and section number; see -.BR man (7) -for more information on the meaning of the section numbers. -This URI scheme is unique to UNIX-like systems (such as Linux) -and is not currently registered by the IETF. -An example is . -.P -.B "info \- Info page documentation" -.P -.RI info: virtual-filename -.br -.RI info: virtual-filename # nodename -.br -.RI info:( virtual-filename ) -.br -.RI info:( virtual-filename ) nodename -.P -This scheme refers to online info reference pages (generated from -texinfo files), -a documentation format used by programs such as the GNU tools. -This URI scheme is unique to UNIX-like systems (such as Linux) -and is not currently registered by the IETF. -As of this writing, GNOME and KDE differ in their URI syntax -and do not accept the other's syntax. -The first two formats are the GNOME format; in nodenames all spaces -are written as underscores. -The second two formats are the KDE format; -spaces in nodenames must be written as spaces, even though this -is forbidden by the URI standards. -It's hoped that in the future most tools will understand all of these -formats and will always accept underscores for spaces in nodenames. -In both GNOME and KDE, if the form without the nodename is used the -nodename is assumed to be "Top". -Examples of the GNOME format are and . -Examples of the KDE format are and . -.P -.B "whatis \- Documentation search" -.P -.RI whatis: string -.P -This scheme searches the database of short (one-line) descriptions of -commands and returns a list of descriptions containing that string. -Only complete word matches are returned. -See -.BR whatis (1). -This URI scheme is unique to UNIX-like systems (such as Linux) -and is not currently registered by the IETF. -.P -.B "ghelp \- GNOME help documentation" -.P -.RI ghelp: name-of-application -.P -This loads GNOME help for the given application. -Note that not much documentation currently exists in this format. -.P -.B "ldap \- Lightweight Directory Access Protocol" -.P -.RI ldap:// hostport -.br -.RI ldap:// hostport / -.br -.RI ldap:// hostport / dn -.br -.RI ldap:// hostport / dn ? attributes -.br -.RI ldap:// hostport / dn ? attributes ? scope -.br -.RI ldap:// hostport / dn ? attributes ? scope ? filter -.br -.RI ldap:// hostport / dn ? attributes ? scope ? filter ? extensions -.P -This scheme supports queries to the -Lightweight Directory Access Protocol (LDAP), a protocol for querying -a set of servers for hierarchically organized information -(such as people and computing resources). -See -.UR http://www.ietf.org\:/rfc\:/rfc2255.txt -RFC\ 2255 -.UE -for more information on the LDAP URL scheme. -The components of this URL are: -.TP -hostport -the LDAP server to query, written as a hostname optionally followed by -a colon and the port number. -The default LDAP port is TCP port 389. -If empty, the client determines which the LDAP server to use. -.TP -dn -the LDAP Distinguished Name, which identifies -the base object of the LDAP search (see -.UR http://www.ietf.org\:/rfc\:/rfc2253.txt -RFC\ 2253 -.UE -section 3). -.TP -attributes -a comma-separated list of attributes to be returned; -see RFC\ 2251 section 4.1.5. -If omitted, all attributes should be returned. -.TP -scope -specifies the scope of the search, which can be one of -"base" (for a base object search), "one" (for a one-level search), -or "sub" (for a subtree search). -If scope is omitted, "base" is assumed. -.TP -filter -specifies the search filter (subset of entries -to return). -If omitted, all entries should be returned. -See -.UR http://www.ietf.org\:/rfc\:/rfc2254.txt -RFC\ 2254 -.UE -section 4. -.TP -extensions -a comma-separated list of type=value -pairs, where the =value portion may be omitted for options not -requiring it. -An extension prefixed with a \[aq]!\[aq] is critical -(must be supported to be valid), otherwise it is noncritical (optional). -.P -LDAP queries are easiest to explain by example. -Here's a query that asks ldap.itd.umich.edu for information about -the University of Michigan in the U.S.: -.P -.nf -ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US -.fi -.P -To just get its postal address attribute, request: -.P -.nf -ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US?postalAddress -.fi -.P -To ask a host.com at port 6666 for information about the person -with common name (cn) "Babs Jensen" at University of Michigan, request: -.P -.nf -ldap://host.com:6666/o=University%20of%20Michigan,c=US??sub?(cn=Babs%20Jensen) -.fi -.P -.B "wais \- Wide Area Information Servers" -.P -.RI wais:// hostport / database -.br -.RI wais:// hostport / database ? search -.br -.RI wais:// hostport / database / wtype / wpath -.P -This scheme designates a WAIS database, search, or document -(see -.UR http://www.ietf.org\:/rfc\:/rfc1625.txt -IETF RFC\ 1625 -.UE -for more information on WAIS). -Hostport is the hostname, optionally followed by a colon and port number -(the default port number is 210). -.P -The first form designates a WAIS database for searching. -The second form designates a particular search of the WAIS database -.IR database . -The third form designates a particular document within a WAIS -database to be retrieved. -.I wtype -is the WAIS designation of the type of the object and -.I wpath -is the WAIS document-id. -.P -.B "other schemes" -.P -There are many other URI schemes. -Most tools that accept URIs support a set of internal URIs -(e.g., Mozilla has the about: scheme for internal information, -and the GNOME help browser has the toc: scheme for various starting -locations). -There are many schemes that have been defined but are not as widely -used at the current time -(e.g., prospero). -The nntp: scheme is deprecated in favor of the news: scheme. -URNs are to be supported by the urn: scheme, with a hierarchical name space -(e.g., urn:ietf:... would identify IETF documents); at this time -URNs are not widely implemented. -Not all tools support all schemes. -.SS Character encoding -URIs use a limited number of characters so that they can be -typed in and used in a variety of situations. -.P -The following characters are reserved, that is, they may appear in a -URI but their use is limited to their reserved purpose -(conflicting data must be escaped before forming the URI): -.IP -.in +4n -.EX -; / ? : @ & = + $ , -.EE -.in -.P -Unreserved characters may be included in a URI. -Unreserved characters -include uppercase and lowercase Latin letters, -decimal digits, and the following -limited set of punctuation marks and symbols: -.IP -.in +4n -.EX -\- _ . ! \[ti] * ' ( ) -.EE -.in -.P -All other characters must be escaped. -An escaped octet is encoded as a character triplet, consisting of the -percent character "%" followed by the two hexadecimal digits -representing the octet code (you can use uppercase or lowercase letters -for the hexadecimal digits). -For example, a blank space must be escaped -as "%20", a tab character as "%09", and the "&" as "%26". -Because the percent "%" character always has the reserved purpose of -being the escape indicator, it must be escaped as "%25". -It is common practice to escape space characters as the plus symbol (+) -in query text; this practice isn't uniformly defined -in the relevant RFCs (which recommend %20 instead) but any tool accepting -URIs with query text should be prepared for them. -A URI is always shown in its "escaped" form. -.P -Unreserved characters can be escaped without changing the semantics -of the URI, but this should not be done unless the URI is being used -in a context that does not allow the unescaped character to appear. -For example, "%7e" is sometimes used instead of "\[ti]" in an HTTP URL -path, but the two are equivalent for an HTTP URL. -.P -For URIs which must handle characters outside the US ASCII character set, -the HTML 4.01 specification (section B.2) and -IETF RFC\~3986 (last paragraph of section 2.5) -recommend the following approach: -.IP (1) 5 -translate the character sequences into UTF-8 (IETF RFC\~3629)\[em]see -.BR utf\-8 (7)\[em]and -then -.IP (2) -use the URI escaping mechanism, that is, -use the %HH encoding for unsafe octets. -.SS Writing a URI -When written, URIs should be placed inside double quotes -(e.g., "http://www.kernel.org"), -enclosed in angle brackets (e.g., ), -or placed on a line by themselves. -A warning for those who use double-quotes: -.B never -move extraneous punctuation (such as the period ending a sentence or the -comma in a list) -inside a URI, since this will change the value of the URI. -Instead, use angle brackets instead, or -switch to a quoting system that never includes extraneous characters -inside quotation marks. -This latter system, called the 'new' or 'logical' quoting system by -"Hart's Rules" and the "Oxford Dictionary for Writers and Editors", -is preferred practice in Great Britain and in various European languages. -Older documents suggested inserting the prefix "URL:" -just before the URI, but this form has never caught on. -.P -The URI syntax was designed to be unambiguous. -However, as URIs have become commonplace, traditional media -(television, radio, newspapers, billboards, etc.) have increasingly -used abbreviated URI references consisting of -only the authority and path portions of the identified resource -(e.g., ). -Such references are primarily -intended for human interpretation rather than machine, with the -assumption that context-based heuristics are sufficient to complete -the URI (e.g., hostnames beginning with "www" are likely to have -a URI prefix of "http://" and hostnames beginning with "ftp" likely -to have a prefix of "ftp://"). -Many client implementations heuristically resolve these references. -Such heuristics may -change over time, particularly when new schemes are introduced. -Since an abbreviated URI has the same syntax as a relative URL path, -abbreviated URI references cannot be used where relative URIs are -permitted, and can be used only when there is no defined base -(such as in dialog boxes). -Don't use abbreviated URIs as hypertext links inside a document; -use the standard format as described here. -.SH STANDARDS -.UR http://www.ietf.org\:/rfc\:/rfc2396.txt -(IETF RFC\ 2396) -.UE , -.UR http://www.w3.org\:/TR\:/REC\-html40 -(HTML 4.0) -.UE . -.SH NOTES -Any tool accepting URIs (e.g., a web browser) on a Linux system should -be able to handle (directly or indirectly) all of the -schemes described here, including the man: and info: schemes. -Handling them by invoking some other program is -fine and in fact encouraged. -.P -Technically the fragment isn't part of the URI. -.P -For information on how to embed URIs (including URLs) in a data format, -see documentation on that format. -HTML uses the format -.I text -. -Texinfo files use the format @uref{\fIuri\fP}. -Man and mdoc have the recently added UR macro, or just include the -URI in the text (viewers should be able to detect :// as part of a URI). -.P -The GNOME and KDE desktop environments currently vary in the URIs -they accept, in particular in their respective help browsers. -To list man pages, GNOME uses while KDE uses , and -to list info pages, GNOME uses while KDE uses -(the author of this man page prefers the KDE approach here, though a more -regular format would be even better). -In general, KDE uses as a prefix to a set of generated -files. -KDE prefers documentation in HTML, accessed via the -. -GNOME prefers the ghelp scheme to store and find documentation. -Neither browser handles file: references to directories at the time -of this writing, making it difficult to refer to an entire directory with -a browsable URI. -As noted above, these environments differ in how they handle the -info: scheme, probably the most important variation. -It is expected that GNOME and KDE -will converge to common URI formats, and a future -version of this man page will describe the converged result. -Efforts to aid this convergence are encouraged. -.SS Security -A URI does not in itself pose a security threat. -There is no general guarantee that a URL, which at one time -located a given resource, will continue to do so. -Nor is there any -guarantee that a URL will not locate a different resource at some -later point in time; such a guarantee can be -obtained only from the person(s) controlling that namespace and the -resource in question. -.P -It is sometimes possible to construct a URL such that an attempt to -perform a seemingly harmless operation, such as the -retrieval of an entity associated with the resource, will in fact -cause a possibly damaging remote operation to occur. -The unsafe URL -is typically constructed by specifying a port number other than that -reserved for the network protocol in question. -The client unwittingly contacts a site that is in fact -running a different protocol. -The content of the URL contains instructions that, when -interpreted according to this other protocol, cause an unexpected -operation. -An example has been the use of a gopher URL to cause an -unintended or impersonating message to be sent via a SMTP server. -.P -Caution should be used when using any URL that specifies a port -number other than the default for the protocol, especially when it is -a number within the reserved space. -.P -Care should be taken when a URI contains escaped delimiters for a -given protocol (for example, CR and LF characters for telnet -protocols) that these are not unescaped before transmission. -This might violate the protocol, but avoids the potential for such -characters to be used to simulate an extra operation or parameter in -that protocol, which might lead to an unexpected and possibly harmful -remote operation to be performed. -.P -It is clearly unwise to use a URI that contains a password which is -intended to be secret. -In particular, the use of a password within -the "userinfo" component of a URI is strongly recommended against except -in those rare cases where the "password" parameter is intended to be public. -.SH BUGS -Documentation may be placed in a variety of locations, so there -currently isn't a good URI scheme for general online documentation -in arbitrary formats. -References of the form - don't work because different distributions and -local installation requirements may place the files in different -directories -(it may be in /usr/doc, or /usr/local/doc, or /usr/share, -or somewhere else). -Also, the directory ZZZ usually changes when a version changes -(though filename globbing could partially overcome this). -Finally, using the file: scheme doesn't easily support people -who dynamically load documentation from the Internet (instead of -loading the files onto a local filesystem). -A future URI scheme may be added (e.g., "userdoc:") to permit -programs to include cross-references to more detailed documentation -without having to know the exact location of that documentation. -Alternatively, a future version of the filesystem specification may -specify file locations sufficiently so that the file: scheme will -be able to locate documentation. -.P -Many programs and file formats don't include a way to incorporate -or implement links using URIs. -.P -Many programs can't handle all of these different URI formats; there -should be a standard mechanism to load an arbitrary URI that automatically -detects the users' environment (e.g., text or graphics, -desktop environment, local user preferences, and currently executing -tools) and invokes the right tool for any URI. -.\" .SH AUTHOR -.\" David A. Wheeler (dwheeler@dwheeler.com) wrote this man page. -.SH SEE ALSO -.BR lynx (1), -.BR man2html (1), -.BR mailaddr (7), -.BR utf\-8 (7) -.P -.UR http://www.ietf.org\:/rfc\:/rfc2255.txt -IETF RFC\ 2255 -.UE diff --git a/man7/url.7 b/man7/url.7 deleted file mode 100644 index 079fb5e..0000000 --- a/man7/url.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/uri.7 diff --git a/man7/urn.7 b/man7/urn.7 deleted file mode 100644 index 079fb5e..0000000 --- a/man7/urn.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/uri.7 diff --git a/man7/user-keyring.7 b/man7/user-keyring.7 deleted file mode 100644 index 137c691..0000000 --- a/man7/user-keyring.7 +++ /dev/null @@ -1,81 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH user-keyring 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -user-keyring \- per-user keyring -.SH DESCRIPTION -The user keyring is a keyring used to anchor keys on behalf of a user. -Each UID the kernel deals with has its own user keyring that -is shared by all processes with that UID. -The user keyring has a name (description) of the form -.I _uid. -where -.I -is the user ID of the corresponding user. -.P -The user keyring is associated with the record that the kernel maintains -for the UID. -It comes into existence upon the first attempt to access either the -user keyring, the -.BR user\-session\-keyring (7), -or the -.BR session\-keyring (7). -The keyring remains pinned in existence so long as there are processes -running with that real UID or files opened by those processes remain open. -(The keyring can also be pinned indefinitely by linking it -into another keyring.) -.P -Typically, the user keyring is created by -.BR pam_keyinit (8) -when a user logs in. -.P -The user keyring is not searched by default by -.BR request_key (2). -When -.BR pam_keyinit (8) -creates a session keyring, it adds to it a link to the user -keyring so that the user keyring will be searched when the session keyring is. -.P -A special serial number value, -.BR KEY_SPEC_USER_KEYRING , -is defined that can be used in lieu of the actual serial number of -the calling process's user keyring. -.P -From the -.BR keyctl (1) -utility, '\fB@u\fP' can be used instead of a numeric key ID in -much the same way. -.P -User keyrings are independent of -.BR clone (2), -.BR fork (2), -.BR vfork (2), -.BR execve (2), -and -.BR _exit (2) -excepting that the keyring is destroyed when the UID record is destroyed when -the last process pinning it exits. -.P -If it is necessary for a key associated with a user to exist beyond the UID -record being garbage collected\[em]for example, for use by a -.BR cron (8) -script\[em]then the -.BR persistent\-keyring (7) -should be used instead. -.P -If a user keyring does not exist when it is accessed, it will be created. -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR keyctl (3), -.BR keyrings (7), -.BR persistent\-keyring (7), -.BR process\-keyring (7), -.BR session\-keyring (7), -.BR thread\-keyring (7), -.BR user\-session\-keyring (7), -.BR pam_keyinit (8) diff --git a/man7/user-session-keyring.7 b/man7/user-session-keyring.7 deleted file mode 100644 index 7af56f0..0000000 --- a/man7/user-session-keyring.7 +++ /dev/null @@ -1,92 +0,0 @@ -.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH user-session-keyring 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -user-session-keyring \- per-user default session keyring -.SH DESCRIPTION -The user session keyring is a keyring used to anchor keys on behalf of a user. -Each UID the kernel deals with has its own user session keyring that -is shared by all processes with that UID. -The user session keyring has a name (description) of the form -.I _uid_ses. -where -.I -is the user ID of the corresponding user. -.P -The user session keyring is associated with the record that -the kernel maintains for the UID. -It comes into existence upon the first attempt to access either the -user session keyring, the -.BR user\-keyring (7), -or the -.BR session\-keyring (7). -.\" Davis Howells: the user and user-session keyrings are managed as a pair. -The keyring remains pinned in existence so long as there are processes -running with that real UID or files opened by those processes remain open. -(The keyring can also be pinned indefinitely by linking it -into another keyring.) -.P -The user session keyring is created on demand when a thread requests it -or when a thread asks for its -.BR session\-keyring (7) -and that keyring doesn't exist. -In the latter case, a user session keyring will be created and, -if the session keyring wasn't to be created, -the user session keyring will be set as the process's actual session keyring. -.P -The user session keyring is searched by -.BR request_key (2) -if the actual session keyring does not exist and is ignored otherwise. -.P -A special serial number value, -.BR KEY_SPEC_USER_SESSION_KEYRING , -is defined -that can be used in lieu of the actual serial number of -the calling process's user session keyring. -.P -From the -.BR keyctl (1) -utility, '\fB@us\fP' can be used instead of a numeric key ID in -much the same way. -.P -User session keyrings are independent of -.BR clone (2), -.BR fork (2), -.BR vfork (2), -.BR execve (2), -and -.BR _exit (2) -excepting that the keyring is destroyed when the UID record is destroyed -when the last process pinning it exits. -.P -If a user session keyring does not exist when it is accessed, -it will be created. -.P -Rather than relying on the user session keyring, -it is strongly recommended\[em]especially if the process -is running as root\[em]that a -.BR session\-keyring (7) -be set explicitly, for example by -.BR pam_keyinit (8). -.SH NOTES -The user session keyring was added to support situations where -a process doesn't have a session keyring, -perhaps because it was created via a pathway that didn't involve PAM -(e.g., perhaps it was a daemon started by -.BR inetd (8)). -In such a scenario, the user session keyring acts as a substitute for the -.BR session\-keyring (7). -.SH SEE ALSO -.ad l -.nh -.BR keyctl (1), -.BR keyctl (3), -.BR keyrings (7), -.BR persistent\-keyring (7), -.BR process\-keyring (7), -.BR session\-keyring (7), -.BR thread\-keyring (7), -.BR user\-keyring (7) diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7 deleted file mode 100644 index 94e0785..0000000 --- a/man7/user_namespaces.7 +++ /dev/null @@ -1,1469 +0,0 @@ -.\" Copyright (c) 2013, 2014 by Michael Kerrisk -.\" and Copyright (c) 2012, 2014 by Eric W. Biederman -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH user_namespaces 7 2024-02-25 "Linux man-pages 6.7" -.SH NAME -user_namespaces \- overview of Linux user namespaces -.SH DESCRIPTION -For an overview of namespaces, see -.BR namespaces (7). -.P -User namespaces isolate security-related identifiers and attributes, -in particular, -user IDs and group IDs (see -.BR credentials (7)), -the root directory, -keys (see -.BR keyrings (7)), -.\" FIXME: This page says very little about the interaction -.\" of user namespaces and keys. Add something on this topic. -and capabilities (see -.BR capabilities (7)). -A process's user and group IDs can be different -inside and outside a user namespace. -In particular, -a process can have a normal unprivileged user ID outside a user namespace -while at the same time having a user ID of 0 inside the namespace; -in other words, -the process has full privileges for operations inside the user namespace, -but is unprivileged for operations outside the namespace. -.\" -.\" ============================================================ -.\" -.SS Nested namespaces, namespace membership -User namespaces can be nested; -that is, each user namespace\[em]except the initial ("root") -namespace\[em]has a parent user namespace, -and can have zero or more child user namespaces. -The parent user namespace is the user namespace -of the process that creates the user namespace via a call to -.BR unshare (2) -or -.BR clone (2) -with the -.B CLONE_NEWUSER -flag. -.P -The kernel imposes (since Linux 3.11) a limit of 32 nested levels of -.\" commit 8742f229b635bf1c1c84a3dfe5e47c814c20b5c8 -user namespaces. -.\" FIXME Explain the rationale for this limit. (What is the rationale?) -Calls to -.BR unshare (2) -or -.BR clone (2) -that would cause this limit to be exceeded fail with the error -.BR EUSERS . -.P -Each process is a member of exactly one user namespace. -A process created via -.BR fork (2) -or -.BR clone (2) -without the -.B CLONE_NEWUSER -flag is a member of the same user namespace as its parent. -A single-threaded process can join another user namespace with -.BR setns (2) -if it has the -.B CAP_SYS_ADMIN -in that namespace; -upon doing so, it gains a full set of capabilities in that namespace. -.P -A call to -.BR clone (2) -or -.BR unshare (2) -with the -.B CLONE_NEWUSER -flag makes the new child process (for -.BR clone (2)) -or the caller (for -.BR unshare (2)) -a member of the new user namespace created by the call. -.P -The -.B NS_GET_PARENT -.BR ioctl (2) -operation can be used to discover the parental relationship -between user namespaces; see -.BR ioctl_ns (2). -.P -A task that changes one of its effective IDs -will have its dumpability reset to the value in -.IR /proc/sys/fs/suid_dumpable . -This may affect the ownership of proc files of child processes -and may thus cause the parent to lack the permissions -to write to mapping files of child processes running in a new user namespace. -In such cases making the parent process dumpable, using -.B PR_SET_DUMPABLE -in a call to -.BR prctl (2), -before creating a child process in a new user namespace -may rectify this problem. -See -.BR prctl (2) -and -.BR proc (5) -for details on how ownership is affected. -.\" -.\" ============================================================ -.\" -.SS Capabilities -The child process created by -.BR clone (2) -with the -.B CLONE_NEWUSER -flag starts out with a complete set -of capabilities in the new user namespace. -Likewise, a process that creates a new user namespace using -.BR unshare (2) -or joins an existing user namespace using -.BR setns (2) -gains a full set of capabilities in that namespace. -On the other hand, -that process has no capabilities in the parent (in the case of -.BR clone (2)) -or previous (in the case of -.BR unshare (2) -and -.BR setns (2)) -user namespace, -even if the new namespace is created or joined by the root user -(i.e., a process with user ID 0 in the root namespace). -.P -Note that a call to -.BR execve (2) -will cause a process's capabilities to be recalculated in the usual way (see -.BR capabilities (7)). -Consequently, -unless the process has a user ID of 0 within the namespace, -or the executable file has a nonempty inheritable capabilities mask, -the process will lose all capabilities. -See the discussion of user and group ID mappings, below. -.P -A call to -.BR clone (2) -or -.BR unshare (2) -using the -.B CLONE_NEWUSER -flag -or a call to -.BR setns (2) -that moves the caller into another user namespace -sets the "securebits" flags -(see -.BR capabilities (7)) -to their default values (all flags disabled) in the child (for -.BR clone (2)) -or caller (for -.BR unshare (2) -or -.BR setns (2)). -Note that because the caller no longer has capabilities -in its original user namespace after a call to -.BR setns (2), -it is not possible for a process to reset its "securebits" flags while -retaining its user namespace membership by using a pair of -.BR setns (2) -calls to move to another user namespace and then return to -its original user namespace. -.P -The rules for determining whether or not a process has a capability -in a particular user namespace are as follows: -.IP \[bu] 3 -A process has a capability inside a user namespace -if it is a member of that namespace and -it has the capability in its effective capability set. -A process can gain capabilities in its effective capability -set in various ways. -For example, it may execute a set-user-ID program or an -executable with associated file capabilities. -In addition, -a process may gain capabilities via the effect of -.BR clone (2), -.BR unshare (2), -or -.BR setns (2), -as already described. -.\" In the 3.8 sources, see security/commoncap.c::cap_capable(): -.IP \[bu] -If a process has a capability in a user namespace, -then it has that capability in all child (and further removed descendant) -namespaces as well. -.IP \[bu] -.\" * The owner of the user namespace in the parent of the -.\" * user namespace has all caps. -When a user namespace is created, the kernel records the effective -user ID of the creating process as being the "owner" of the namespace. -.\" (and likewise associates the effective group ID of the creating process -.\" with the namespace). -A process that resides -in the parent of the user namespace -.\" See kernel commit 520d9eabce18edfef76a60b7b839d54facafe1f9 for a fix -.\" on this point -and whose effective user ID matches the owner of the namespace -has all capabilities in the namespace. -.\" This includes the case where the process executes a set-user-ID -.\" program that confers the effective UID of the creator of the namespace. -By virtue of the previous rule, -this means that the process has all capabilities in all -further removed descendant user namespaces as well. -The -.B NS_GET_OWNER_UID -.BR ioctl (2) -operation can be used to discover the user ID of the owner of the namespace; -see -.BR ioctl_ns (2). -.\" -.\" ============================================================ -.\" -.SS Effect of capabilities within a user namespace -Having a capability inside a user namespace -permits a process to perform operations (that require privilege) -only on resources governed by that namespace. -In other words, having a capability in a user namespace permits a process -to perform privileged operations on resources that are governed by (nonuser) -namespaces owned by (associated with) the user namespace -(see the next subsection). -.P -On the other hand, there are many privileged operations that affect -resources that are not associated with any namespace type, -for example, changing the system (i.e., calendar) time (governed by -.BR CAP_SYS_TIME ), -loading a kernel module (governed by -.BR CAP_SYS_MODULE ), -and creating a device (governed by -.BR CAP_MKNOD ). -Only a process with privileges in the -.I initial -user namespace can perform such operations. -.P -Holding -.B CAP_SYS_ADMIN -within the user namespace that owns a process's mount namespace -allows that process to create bind mounts -and mount the following types of filesystems: -.\" fs_flags = FS_USERNS_MOUNT in kernel sources -.P -.RS 4 -.PD 0 -.IP \[bu] 3 -.I /proc -(since Linux 3.8) -.IP \[bu] -.I /sys -(since Linux 3.8) -.IP \[bu] -.I devpts -(since Linux 3.9) -.IP \[bu] -.BR tmpfs (5) -(since Linux 3.9) -.IP \[bu] -.I ramfs -(since Linux 3.9) -.IP \[bu] -.I mqueue -(since Linux 3.9) -.IP \[bu] -.I bpf -.\" commit b2197755b2633e164a439682fb05a9b5ea48f706 -(since Linux 4.4) -.IP \[bu] -.I overlayfs -.\" commit 92dbc9dedccb9759c7f9f2f0ae6242396376988f -.\" commit 4cb2c00c43b3fe88b32f29df4f76da1b92c33224 -(since Linux 5.11) -.PD -.RE -.P -Holding -.B CAP_SYS_ADMIN -within the user namespace that owns a process's cgroup namespace -allows (since Linux 4.6) -that process to the mount the cgroup version 2 filesystem and -cgroup version 1 named hierarchies -(i.e., cgroup filesystems mounted with the -.I \[dq]none,name=\[dq] -option). -.P -Holding -.B CAP_SYS_ADMIN -within the user namespace that owns a process's PID namespace -allows (since Linux 3.8) -that process to mount -.I /proc -filesystems. -.P -Note, however, that mounting block-based filesystems can be done -only by a process that holds -.B CAP_SYS_ADMIN -in the initial user namespace. -.\" -.\" ============================================================ -.\" -.SS Interaction of user namespaces and other types of namespaces -Starting in Linux 3.8, unprivileged processes can create user namespaces, -and the other types of namespaces can be created with just the -.B CAP_SYS_ADMIN -capability in the caller's user namespace. -.P -When a nonuser namespace is created, -it is owned by the user namespace in which the creating process -was a member at the time of the creation of the namespace. -Privileged operations on resources governed by the nonuser namespace -require that the process has the necessary capabilities -in the user namespace that owns the nonuser namespace. -.P -If -.B CLONE_NEWUSER -is specified along with other -.B CLONE_NEW* -flags in a single -.BR clone (2) -or -.BR unshare (2) -call, the user namespace is guaranteed to be created first, -giving the child -.RB ( clone (2)) -or caller -.RB ( unshare (2)) -privileges over the remaining namespaces created by the call. -Thus, it is possible for an unprivileged caller to specify this combination -of flags. -.P -When a new namespace (other than a user namespace) is created via -.BR clone (2) -or -.BR unshare (2), -the kernel records the user namespace of the creating process as the owner of -the new namespace. -(This association can't be changed.) -When a process in the new namespace subsequently performs -privileged operations that operate on global -resources isolated by the namespace, -the permission checks are performed according to the process's capabilities -in the user namespace that the kernel associated with the new namespace. -For example, suppose that a process attempts to change the hostname -.RB ( sethostname (2)), -a resource governed by the UTS namespace. -In this case, -the kernel will determine which user namespace owns -the process's UTS namespace, and check whether the process has the -required capability -.RB ( CAP_SYS_ADMIN ) -in that user namespace. -.P -The -.B NS_GET_USERNS -.BR ioctl (2) -operation can be used to discover the user namespace -that owns a nonuser namespace; see -.BR ioctl_ns (2). -.\" -.\" ============================================================ -.\" -.SS User and group ID mappings: uid_map and gid_map -When a user namespace is created, -it starts out without a mapping of user IDs (group IDs) -to the parent user namespace. -The -.IR /proc/ pid /uid_map -and -.IR /proc/ pid /gid_map -files (available since Linux 3.5) -.\" commit 22d917d80e842829d0ca0a561967d728eb1d6303 -expose the mappings for user and group IDs -inside the user namespace for the process -.IR pid . -These files can be read to view the mappings in a user namespace and -written to (once) to define the mappings. -.P -The description in the following paragraphs explains the details for -.IR uid_map ; -.I gid_map -is exactly the same, -but each instance of "user ID" is replaced by "group ID". -.P -The -.I uid_map -file exposes the mapping of user IDs from the user namespace -of the process -.I pid -to the user namespace of the process that opened -.I uid_map -(but see a qualification to this point below). -In other words, processes that are in different user namespaces -will potentially see different values when reading from a particular -.I uid_map -file, depending on the user ID mappings for the user namespaces -of the reading processes. -.P -Each line in the -.I uid_map -file specifies a 1-to-1 mapping of a range of contiguous -user IDs between two user namespaces. -(When a user namespace is first created, this file is empty.) -The specification in each line takes the form of -three numbers delimited by white space. -The first two numbers specify the starting user ID in -each of the two user namespaces. -The third number specifies the length of the mapped range. -In detail, the fields are interpreted as follows: -.IP (1) 5 -The start of the range of user IDs in -the user namespace of the process -.IR pid . -.IP (2) -The start of the range of user -IDs to which the user IDs specified by field one map. -How field two is interpreted depends on whether the process that opened -.I uid_map -and the process -.I pid -are in the same user namespace, as follows: -.RS -.IP (a) 5 -If the two processes are in different user namespaces: -field two is the start of a range of -user IDs in the user namespace of the process that opened -.IR uid_map . -.IP (b) -If the two processes are in the same user namespace: -field two is the start of the range of -user IDs in the parent user namespace of the process -.IR pid . -This case enables the opener of -.I uid_map -(the common case here is opening -.IR /proc/self/uid_map ) -to see the mapping of user IDs into the user namespace of the process -that created this user namespace. -.RE -.IP (3) -The length of the range of user IDs that is mapped between the two -user namespaces. -.P -System calls that return user IDs (group IDs)\[em]for example, -.BR getuid (2), -.BR getgid (2), -and the credential fields in the structure returned by -.BR stat (2)\[em]return -the user ID (group ID) mapped into the caller's user namespace. -.P -When a process accesses a file, its user and group IDs -are mapped into the initial user namespace for the purpose of permission -checking and assigning IDs when creating a file. -When a process retrieves file user and group IDs via -.BR stat (2), -the IDs are mapped in the opposite direction, -to produce values relative to the process user and group ID mappings. -.P -The initial user namespace has no parent namespace, -but, for consistency, the kernel provides dummy user and group -ID mapping files for this namespace. -Looking at the -.I uid_map -file -.RI ( gid_map -is the same) from a shell in the initial namespace shows: -.P -.in +4n -.EX -$ \fBcat /proc/$$/uid_map\fP - 0 0 4294967295 -.EE -.in -.P -This mapping tells us -that the range starting at user ID 0 in this namespace -maps to a range starting at 0 in the (nonexistent) parent namespace, -and the length of the range is the largest 32-bit unsigned integer. -This leaves 4294967295 (the 32-bit signed \-1 value) unmapped. -This is deliberate: -.I (uid_t)\~\-1 -is used in several interfaces (e.g., -.BR setreuid (2)) -as a way to specify "no user ID". -Leaving -.I (uid_t)\~\-1 -unmapped and unusable guarantees that there will be no -confusion when using these interfaces. -.\" -.\" ============================================================ -.\" -.SS Defining user and group ID mappings: writing to uid_map and gid_map -After the creation of a new user namespace, the -.I uid_map -file of -.I one -of the processes in the namespace may be written to -.I once -to define the mapping of user IDs in the new user namespace. -An attempt to write more than once to a -.I uid_map -file in a user namespace fails with the error -.BR EPERM . -Similar rules apply for -.I gid_map -files. -.P -The lines written to -.I uid_map -.RI ( gid_map ) -must conform to the following validity rules: -.IP \[bu] 3 -The three fields must be valid numbers, -and the last field must be greater than 0. -.IP \[bu] -Lines are terminated by newline characters. -.IP \[bu] -There is a limit on the number of lines in the file. -In Linux 4.14 and earlier, this limit was (arbitrarily) -.\" 5*12-byte records could fit in a 64B cache line -set at 5 lines. -Since Linux 4.15, -.\" commit 6397fac4915ab3002dc15aae751455da1a852f25 -the limit is 340 lines. -In addition, the number of bytes written to -the file must be less than the system page size, -and the write must be performed at the start of the file (i.e., -.BR lseek (2) -and -.BR pwrite (2) -can't be used to write to nonzero offsets in the file). -.IP \[bu] -The range of user IDs (group IDs) -specified in each line cannot overlap with the ranges -in any other lines. -In the initial implementation (Linux 3.8), this requirement was -satisfied by a simplistic implementation that imposed the further -requirement that -the values in both field 1 and field 2 of successive lines must be -in ascending numerical order, -which prevented some otherwise valid maps from being created. -Linux 3.9 and later -.\" commit 0bd14b4fd72afd5df41e9fd59f356740f22fceba -fix this limitation, allowing any valid set of nonoverlapping maps. -.IP \[bu] -At least one line must be written to the file. -.P -Writes that violate the above rules fail with the error -.BR EINVAL . -.P -In order for a process to write to the -.IR /proc/ pid /uid_map -.RI ( /proc/ pid /gid_map ) -file, all of the following permission requirements must be met: -.IP \[bu] 3 -The writing process must have the -.B CAP_SETUID -.RB ( CAP_SETGID ) -capability in the user namespace of the process -.IR pid . -.IP \[bu] -The writing process must either be in the user namespace of the process -.I pid -or be in the parent user namespace of the process -.IR pid . -.IP \[bu] -The mapped user IDs (group IDs) must in turn have a mapping -in the parent user namespace. -.IP \[bu] -If updating -.IR /proc/ pid /uid_map -to create a mapping that maps UID 0 in the parent namespace, -then one of the following must be true: -.RS -.IP (a) 5 -if writing process is in the parent user namespace, -then it must have the -.B CAP_SETFCAP -capability in that user namespace; or -.IP (b) -if the writing process is in the child user namespace, -then the process that created the user namespace must have had the -.B CAP_SETFCAP -capability when the namespace was created. -.RE -.IP -This rule has been in place since -.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18 -Linux 5.12. -It eliminates an earlier security bug whereby -a UID 0 process that lacks the -.B CAP_SETFCAP -capability, -which is needed to create a binary with namespaced file capabilities -(as described in -.BR capabilities (7)), -could nevertheless create such a binary, -by the following steps: -.RS -.IP (1) 5 -Create a new user namespace with the identity mapping -(i.e., UID 0 in the new user namespace maps to UID 0 in the parent namespace), -so that UID 0 in both namespaces is equivalent to the same root user ID. -.IP (2) -Since the child process has the -.B CAP_SETFCAP -capability, it could create a binary with namespaced file capabilities -that would then be effective in the parent user namespace -(because the root user IDs are the same in the two namespaces). -.RE -.IP \[bu] -One of the following two cases applies: -.RS -.IP (a) 5 -.I Either -the writing process has the -.B CAP_SETUID -.RB ( CAP_SETGID ) -capability in the -.I parent -user namespace. -.RS -.IP \[bu] 3 -No further restrictions apply: -the process can make mappings to arbitrary user IDs (group IDs) -in the parent user namespace. -.RE -.IP (b) -.I Or -otherwise all of the following restrictions apply: -.RS -.IP \[bu] 3 -The data written to -.I uid_map -.RI ( gid_map ) -must consist of a single line that maps -the writing process's effective user ID -(group ID) in the parent user namespace to a user ID (group ID) -in the user namespace. -.IP \[bu] -The writing process must have the same effective user ID as the process -that created the user namespace. -.IP \[bu] -In the case of -.IR gid_map , -use of the -.BR setgroups (2) -system call must first be denied by writing -.RI \[dq] deny \[dq] -to the -.IR /proc/ pid /setgroups -file (see below) before writing to -.IR gid_map . -.RE -.RE -.P -Writes that violate the above rules fail with the error -.BR EPERM . -.\" -.\" ============================================================ -.\" -.SS Project ID mappings: projid_map -Similarly to user and group ID mappings, -it is possible to create project ID mappings for a user namespace. -(Project IDs are used for disk quotas; see -.BR setquota (8) -and -.BR quotactl (2).) -.P -Project ID mappings are defined by writing to the -.IR /proc/ pid /projid_map -file (present since -.\" commit f76d207a66c3a53defea67e7d36c3eb1b7d6d61d -Linux 3.7). -.P -The validity rules for writing to the -.IR /proc/ pid /projid_map -file are as for writing to the -.I uid_map -file; violation of these rules causes -.BR write (2) -to fail with the error -.BR EINVAL . -.P -The permission rules for writing to the -.IR /proc/ pid /projid_map -file are as follows: -.IP \[bu] 3 -The writing process must either be in the user namespace of the process -.I pid -or be in the parent user namespace of the process -.IR pid . -.IP \[bu] -The mapped project IDs must in turn have a mapping -in the parent user namespace. -.P -Violation of these rules causes -.BR write (2) -to fail with the error -.BR EPERM . -.\" -.\" ============================================================ -.\" -.SS Interaction with system calls that change process UIDs or GIDs -In a user namespace where the -.I uid_map -file has not been written, the system calls that change user IDs will fail. -Similarly, if the -.I gid_map -file has not been written, the system calls that change group IDs will fail. -After the -.I uid_map -and -.I gid_map -files have been written, only the mapped values may be used in -system calls that change user and group IDs. -.P -For user IDs, the relevant system calls include -.BR setuid (2), -.BR setfsuid (2), -.BR setreuid (2), -and -.BR setresuid (2). -For group IDs, the relevant system calls include -.BR setgid (2), -.BR setfsgid (2), -.BR setregid (2), -.BR setresgid (2), -and -.BR setgroups (2). -.P -Writing -.RI \[dq] deny \[dq] -to the -.IR /proc/ pid /setgroups -file before writing to -.IR /proc/ pid /gid_map -.\" Things changed in Linux 3.19 -.\" commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8 -.\" commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272 -.\" http://lwn.net/Articles/626665/ -will permanently disable -.BR setgroups (2) -in a user namespace and allow writing to -.IR /proc/ pid /gid_map -without having the -.B CAP_SETGID -capability in the parent user namespace. -.\" -.\" ============================================================ -.\" -.SS The \fI/proc/\fPpid\fI/setgroups\fP file -.\" -.\" commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8 -.\" commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272 -.\" http://lwn.net/Articles/626665/ -.\" http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8989 -.\" -The -.IR /proc/ pid /setgroups -file displays the string -.RI \[dq] allow \[dq] -if processes in the user namespace that contains the process -.I pid -are permitted to employ the -.BR setgroups (2) -system call; it displays -.RI \[dq] deny \[dq] -if -.BR setgroups (2) -is not permitted in that user namespace. -Note that regardless of the value in the -.IR /proc/ pid /setgroups -file (and regardless of the process's capabilities), calls to -.BR setgroups (2) -are also not permitted if -.IR /proc/ pid /gid_map -has not yet been set. -.P -A privileged process (one with the -.B CAP_SYS_ADMIN -capability in the namespace) may write either of the strings -.RI \[dq] allow \[dq] -or -.RI \[dq] deny \[dq] -to this file -.I before -writing a group ID mapping -for this user namespace to the file -.IR /proc/ pid /gid_map . -Writing the string -.RI \[dq] deny \[dq] -prevents any process in the user namespace from employing -.BR setgroups (2). -.P -The essence of the restrictions described in the preceding -paragraph is that it is permitted to write to -.IR /proc/ pid /setgroups -only so long as calling -.BR setgroups (2) -is disallowed because -.IR /proc/ pid /gid_map -has not been set. -This ensures that a process cannot transition from a state where -.BR setgroups (2) -is allowed to a state where -.BR setgroups (2) -is denied; -a process can transition only from -.BR setgroups (2) -being disallowed to -.BR setgroups (2) -being allowed. -.P -The default value of this file in the initial user namespace is -.RI \[dq] allow \[dq]. -.P -Once -.IR /proc/ pid /gid_map -has been written to -(which has the effect of enabling -.BR setgroups (2) -in the user namespace), -it is no longer possible to disallow -.BR setgroups (2) -by writing -.RI \[dq] deny \[dq] -to -.IR /proc/ pid /setgroups -(the write fails with the error -.BR EPERM ). -.P -A child user namespace inherits the -.IR /proc/ pid /setgroups -setting from its parent. -.P -If the -.I setgroups -file has the value -.RI \[dq] deny \[dq], -then the -.BR setgroups (2) -system call can't subsequently be reenabled (by writing -.RI \[dq] allow \[dq] -to the file) in this user namespace. -(Attempts to do so fail with the error -.BR EPERM .) -This restriction also propagates down to all child user namespaces of -this user namespace. -.P -The -.IR /proc/ pid /setgroups -file was added in Linux 3.19, -but was backported to many earlier stable kernel series, -because it addresses a security issue. -The issue concerned files with permissions such as "rwx\-\-\-rwx". -Such files give fewer permissions to "group" than they do to "other". -This means that dropping groups using -.BR setgroups (2) -might allow a process file access that it did not formerly have. -Before the existence of user namespaces this was not a concern, -since only a privileged process (one with the -.B CAP_SETGID -capability) could call -.BR setgroups (2). -However, with the introduction of user namespaces, -it became possible for an unprivileged process to create -a new namespace in which the user had all privileges. -This then allowed formerly unprivileged -users to drop groups and thus gain file access -that they did not previously have. -The -.IR /proc/ pid /setgroups -file was added to address this security issue, -by denying any pathway for an unprivileged process to drop groups with -.BR setgroups (2). -.\" -.\" /proc/PID/setgroups -.\" [allow == setgroups() is allowed, "deny" == setgroups() is disallowed] -.\" * Can write if have CAP_SYS_ADMIN in NS -.\" * Must write BEFORE writing to /proc/PID/gid_map -.\" -.\" setgroups() -.\" * Must already have written to gid_map -.\" * /proc/PID/setgroups must be "allow" -.\" -.\" /proc/PID/gid_map -- writing -.\" * Must already have written "deny" to /proc/PID/setgroups -.\" -.\" ============================================================ -.\" -.SS Unmapped user and group IDs -There are various places where an unmapped user ID (group ID) -may be exposed to user space. -For example, the first process in a new user namespace may call -.BR getuid (2) -before a user ID mapping has been defined for the namespace. -In most such cases, an unmapped user ID is converted -.\" from_kuid_munged(), from_kgid_munged() -to the overflow user ID (group ID); -the default value for the overflow user ID (group ID) is 65534. -See the descriptions of -.I /proc/sys/kernel/overflowuid -and -.I /proc/sys/kernel/overflowgid -in -.BR proc (5). -.P -The cases where unmapped IDs are mapped in this fashion include -system calls that return user IDs -.RB ( getuid (2), -.BR getgid (2), -and similar), -credentials passed over a UNIX domain socket, -.\" also SO_PEERCRED -credentials returned by -.BR stat (2), -.BR waitid (2), -and the System V IPC "ctl" -.B IPC_STAT -operations, -credentials exposed by -.IR /proc/ pid /status -and the files in -.IR /proc/sysvipc/* , -credentials returned via the -.I si_uid -field in the -.I siginfo_t -received with a signal (see -.BR sigaction (2)), -credentials written to the process accounting file (see -.BR acct (5)), -and credentials returned with POSIX message queue notifications (see -.BR mq_notify (3)). -.P -There is one notable case where unmapped user and group IDs are -.I not -.\" from_kuid(), from_kgid() -.\" Also F_GETOWNER_UIDS is an exception -converted to the corresponding overflow ID value. -When viewing a -.I uid_map -or -.I gid_map -file in which there is no mapping for the second field, -that field is displayed as 4294967295 (\-1 as an unsigned integer). -.\" -.\" ============================================================ -.\" -.SS Accessing files -In order to determine permissions when an unprivileged process accesses a file, -the process credentials (UID, GID) and the file credentials -are in effect mapped back to what they would be in -the initial user namespace and then compared to determine -the permissions that the process has on the file. -The same is also true of other objects that employ the credentials plus -permissions mask accessibility model, such as System V IPC objects. -.\" -.\" ============================================================ -.\" -.SS Operation of file-related capabilities -Certain capabilities allow a process to bypass various -kernel-enforced restrictions when performing operations on -files owned by other users or groups. -These capabilities are: -.BR CAP_CHOWN , -.BR CAP_DAC_OVERRIDE , -.BR CAP_DAC_READ_SEARCH , -.BR CAP_FOWNER , -and -.BR CAP_FSETID . -.P -Within a user namespace, -these capabilities allow a process to bypass the rules -if the process has the relevant capability over the file, -meaning that: -.IP \[bu] 3 -the process has the relevant effective capability in its user namespace; and -.IP \[bu] -the file's user ID and group ID both have valid mappings -in the user namespace. -.P -The -.B CAP_FOWNER -capability is treated somewhat exceptionally: -.\" These are the checks performed by the kernel function -.\" inode_owner_or_capable(). There is one exception to the exception: -.\" overriding the directory sticky permission bit requires that -.\" the file has a valid mapping for both its UID and GID. -it allows a process to bypass the corresponding rules so long as -at least the file's user ID has a mapping in the user namespace -(i.e., the file's group ID does not need to have a valid mapping). -.\" -.\" ============================================================ -.\" -.SS Set-user-ID and set-group-ID programs -When a process inside a user namespace executes -a set-user-ID (set-group-ID) program, -the process's effective user (group) ID inside the namespace is changed -to whatever value is mapped for the user (group) ID of the file. -However, if either the user -.I or -the group ID of the file has no mapping inside the namespace, -the set-user-ID (set-group-ID) bit is silently ignored: -the new program is executed, -but the process's effective user (group) ID is left unchanged. -(This mirrors the semantics of executing a set-user-ID or set-group-ID -program that resides on a filesystem that was mounted with the -.B MS_NOSUID -flag, as described in -.BR mount (2).) -.\" -.\" ============================================================ -.\" -.SS Miscellaneous -When a process's user and group IDs are passed over a UNIX domain socket -to a process in a different user namespace (see the description of -.B SCM_CREDENTIALS -in -.BR unix (7)), -they are translated into the corresponding values as per the -receiving process's user and group ID mappings. -.\" -.SH STANDARDS -Linux. -.\" -.SH NOTES -Over the years, there have been a lot of features that have been added -to the Linux kernel that have been made available only to privileged users -because of their potential to confuse set-user-ID-root applications. -In general, it becomes safe to allow the root user in a user namespace to -use those features because it is impossible, while in a user namespace, -to gain more privilege than the root user of a user namespace has. -.\" -.\" ============================================================ -.\" -.SS Global root -The term "global root" is sometimes used as a shorthand for -user ID 0 in the initial user namespace. -.\" -.\" ============================================================ -.\" -.SS Availability -Use of user namespaces requires a kernel that is configured with the -.B CONFIG_USER_NS -option. -User namespaces require support in a range of subsystems across -the kernel. -When an unsupported subsystem is configured into the kernel, -it is not possible to configure user namespaces support. -.P -As at Linux 3.8, most relevant subsystems supported user namespaces, -but a number of filesystems did not have the infrastructure needed -to map user and group IDs between user namespaces. -Linux 3.9 added the required infrastructure support for many of -the remaining unsupported filesystems -(Plan 9 (9P), Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2). -Linux 3.12 added support for the last of the unsupported major filesystems, -.\" commit d6970d4b726cea6d7a9bc4120814f95c09571fc3 -XFS. -.\" -.SH EXAMPLES -The program below is designed to allow experimenting with -user namespaces, as well as other types of namespaces. -It creates namespaces as specified by command-line options and then executes -a command inside those namespaces. -The comments and -.IR usage () -function inside the program provide a full explanation of the program. -The following shell session demonstrates its use. -.P -First, we look at the run-time environment: -.P -.in +4n -.EX -$ \fBuname \-rs\fP # Need Linux 3.8 or later -Linux 3.8.0 -$ \fBid \-u\fP # Running as unprivileged user -1000 -$ \fBid \-g\fP -1000 -.EE -.in -.P -Now start a new shell in new user -.RI ( \-U ), -mount -.RI ( \-m ), -and PID -.RI ( \-p ) -namespaces, with user ID -.RI ( \-M ) -and group ID -.RI ( \-G ) -1000 mapped to 0 inside the user namespace: -.P -.in +4n -.EX -$ \fB./userns_child_exec \-p \-m \-U \-M \[aq]0 1000 1\[aq] \-G \[aq]0 1000 1\[aq] bash\fP -.EE -.in -.P -The shell has PID 1, because it is the first process in the new -PID namespace: -.P -.in +4n -.EX -bash$ \fBecho $$\fP -1 -.EE -.in -.P -Mounting a new -.I /proc -filesystem and listing all of the processes visible -in the new PID namespace shows that the shell can't see -any processes outside the PID namespace: -.P -.in +4n -.EX -bash$ \fBmount \-t proc proc /proc\fP -bash$ \fBps ax\fP - PID TTY STAT TIME COMMAND - 1 pts/3 S 0:00 bash - 22 pts/3 R+ 0:00 ps ax -.EE -.in -.P -Inside the user namespace, the shell has user and group ID 0, -and a full set of permitted and effective capabilities: -.P -.in +4n -.EX -bash$ \fBcat /proc/$$/status | egrep \[aq]\[ha][UG]id\[aq]\fP -Uid: 0 0 0 0 -Gid: 0 0 0 0 -bash$ \fBcat /proc/$$/status | egrep \[aq]\[ha]Cap(Prm|Inh|Eff)\[aq]\fP -CapInh: 0000000000000000 -CapPrm: 0000001fffffffff -CapEff: 0000001fffffffff -.EE -.in -.SS Program source -\& -.EX -/* userns_child_exec.c -\& - Licensed under GNU General Public License v2 or later -\& - Create a child process that executes a shell command in new - namespace(s); allow UID and GID mappings to be specified when - creating a user namespace. -*/ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -\& -struct child_args { - char **argv; /* Command to be executed by child, with args */ - int pipe_fd[2]; /* Pipe used to synchronize parent and child */ -}; -\& -static int verbose; -\& -static void -usage(char *pname) -{ - fprintf(stderr, "Usage: %s [options] cmd [arg...]\en\en", pname); - fprintf(stderr, "Create a child process that executes a shell " - "command in a new user namespace,\en" - "and possibly also other new namespace(s).\en\en"); - fprintf(stderr, "Options can be:\en\en"); -#define fpe(str) fprintf(stderr, " %s", str); - fpe("\-i New IPC namespace\en"); - fpe("\-m New mount namespace\en"); - fpe("\-n New network namespace\en"); - fpe("\-p New PID namespace\en"); - fpe("\-u New UTS namespace\en"); - fpe("\-U New user namespace\en"); - fpe("\-M uid_map Specify UID map for user namespace\en"); - fpe("\-G gid_map Specify GID map for user namespace\en"); - fpe("\-z Map user\[aq]s UID and GID to 0 in user namespace\en"); - fpe(" (equivalent to: \-M \[aq]0 1\[aq] \-G \[aq]0 1\[aq])\en"); - fpe("\-v Display verbose messages\en"); - fpe("\en"); - fpe("If \-z, \-M, or \-G is specified, \-U is required.\en"); - fpe("It is not permitted to specify both \-z and either \-M or \-G.\en"); - fpe("\en"); - fpe("Map strings for \-M and \-G consist of records of the form:\en"); - fpe("\en"); - fpe(" ID\-inside\-ns ID\-outside\-ns len\en"); - fpe("\en"); - fpe("A map string can contain multiple records, separated" - " by commas;\en"); - fpe("the commas are replaced by newlines before writing" - " to map files.\en"); -\& - exit(EXIT_FAILURE); -} -\& -/* Update the mapping file \[aq]map_file\[aq], with the value provided in - \[aq]mapping\[aq], a string that defines a UID or GID mapping. A UID or - GID mapping consists of one or more newline\-delimited records - of the form: -\& - ID_inside\-ns ID\-outside\-ns length -\& - Requiring the user to supply a string that contains newlines is - of course inconvenient for command\-line use. Thus, we permit the - use of commas to delimit records in this string, and replace them - with newlines before writing the string to the file. */ -\& -static void -update_map(char *mapping, char *map_file) -{ - int fd; - size_t map_len; /* Length of \[aq]mapping\[aq] */ -\& - /* Replace commas in mapping string with newlines. */ -\& - map_len = strlen(mapping); - for (size_t j = 0; j < map_len; j++) - if (mapping[j] == \[aq],\[aq]) - mapping[j] = \[aq]\en\[aq]; -\& - fd = open(map_file, O_RDWR); - if (fd == \-1) { - fprintf(stderr, "ERROR: open %s: %s\en", map_file, - strerror(errno)); - exit(EXIT_FAILURE); - } -\& - if (write(fd, mapping, map_len) != map_len) { - fprintf(stderr, "ERROR: write %s: %s\en", map_file, - strerror(errno)); - exit(EXIT_FAILURE); - } -\& - close(fd); -} -\& -/* Linux 3.19 made a change in the handling of setgroups(2) and - the \[aq]gid_map\[aq] file to address a security issue. The issue - allowed *unprivileged* users to employ user namespaces in - order to drop groups. The upshot of the 3.19 changes is that - in order to update the \[aq]gid_maps\[aq] file, use of the setgroups() - system call in this user namespace must first be disabled by - writing "deny" to one of the /proc/PID/setgroups files for - this namespace. That is the purpose of the following function. */ -\& -static void -proc_setgroups_write(pid_t child_pid, char *str) -{ - char setgroups_path[PATH_MAX]; - int fd; -\& - snprintf(setgroups_path, PATH_MAX, "/proc/%jd/setgroups", - (intmax_t) child_pid); -\& - fd = open(setgroups_path, O_RDWR); - if (fd == \-1) { -\& - /* We may be on a system that doesn\[aq]t support - /proc/PID/setgroups. In that case, the file won\[aq]t exist, - and the system won\[aq]t impose the restrictions that Linux 3.19 - added. That\[aq]s fine: we don\[aq]t need to do anything in order - to permit \[aq]gid_map\[aq] to be updated. -\& - However, if the error from open() was something other than - the ENOENT error that is expected for that case, let the - user know. */ -\& - if (errno != ENOENT) - fprintf(stderr, "ERROR: open %s: %s\en", setgroups_path, - strerror(errno)); - return; - } -\& - if (write(fd, str, strlen(str)) == \-1) - fprintf(stderr, "ERROR: write %s: %s\en", setgroups_path, - strerror(errno)); -\& - close(fd); -} -\& -static int /* Start function for cloned child */ -childFunc(void *arg) -{ - struct child_args *args = arg; - char ch; -\& - /* Wait until the parent has updated the UID and GID mappings. - See the comment in main(). We wait for end of file on a - pipe that will be closed by the parent process once it has - updated the mappings. */ -\& - close(args\->pipe_fd[1]); /* Close our descriptor for the write - end of the pipe so that we see EOF - when parent closes its descriptor. */ - if (read(args\->pipe_fd[0], &ch, 1) != 0) { - fprintf(stderr, - "Failure in child: read from pipe returned != 0\en"); - exit(EXIT_FAILURE); - } -\& - close(args\->pipe_fd[0]); -\& - /* Execute a shell command. */ -\& - printf("About to exec %s\en", args\->argv[0]); - execvp(args\->argv[0], args\->argv); - err(EXIT_FAILURE, "execvp"); -} -\& -#define STACK_SIZE (1024 * 1024) -\& -static char child_stack[STACK_SIZE]; /* Space for child\[aq]s stack */ -\& -int -main(int argc, char *argv[]) -{ - int flags, opt, map_zero; - pid_t child_pid; - struct child_args args; - char *uid_map, *gid_map; - const int MAP_BUF_SIZE = 100; - char map_buf[MAP_BUF_SIZE]; - char map_path[PATH_MAX]; -\& - /* Parse command\-line options. The initial \[aq]+\[aq] character in - the final getopt() argument prevents GNU\-style permutation - of command\-line options. That\[aq]s useful, since sometimes - the \[aq]command\[aq] to be executed by this program itself - has command\-line options. We don\[aq]t want getopt() to treat - those as options to this program. */ -\& - flags = 0; - verbose = 0; - gid_map = NULL; - uid_map = NULL; - map_zero = 0; - while ((opt = getopt(argc, argv, "+imnpuUM:G:zv")) != \-1) { - switch (opt) { - case \[aq]i\[aq]: flags |= CLONE_NEWIPC; break; - case \[aq]m\[aq]: flags |= CLONE_NEWNS; break; - case \[aq]n\[aq]: flags |= CLONE_NEWNET; break; - case \[aq]p\[aq]: flags |= CLONE_NEWPID; break; - case \[aq]u\[aq]: flags |= CLONE_NEWUTS; break; - case \[aq]v\[aq]: verbose = 1; break; - case \[aq]z\[aq]: map_zero = 1; break; - case \[aq]M\[aq]: uid_map = optarg; break; - case \[aq]G\[aq]: gid_map = optarg; break; - case \[aq]U\[aq]: flags |= CLONE_NEWUSER; break; - default: usage(argv[0]); - } - } -\& - /* \-M or \-G without \-U is nonsensical */ -\& - if (((uid_map != NULL || gid_map != NULL || map_zero) && - !(flags & CLONE_NEWUSER)) || - (map_zero && (uid_map != NULL || gid_map != NULL))) - usage(argv[0]); -\& - args.argv = &argv[optind]; -\& - /* We use a pipe to synchronize the parent and child, in order to - ensure that the parent sets the UID and GID maps before the child - calls execve(). This ensures that the child maintains its - capabilities during the execve() in the common case where we - want to map the child\[aq]s effective user ID to 0 in the new user - namespace. Without this synchronization, the child would lose - its capabilities if it performed an execve() with nonzero - user IDs (see the capabilities(7) man page for details of the - transformation of a process\[aq]s capabilities during execve()). */ -\& - if (pipe(args.pipe_fd) == \-1) - err(EXIT_FAILURE, "pipe"); -\& - /* Create the child in new namespace(s). */ -\& - child_pid = clone(childFunc, child_stack + STACK_SIZE, - flags | SIGCHLD, &args); - if (child_pid == \-1) - err(EXIT_FAILURE, "clone"); -\& - /* Parent falls through to here. */ -\& - if (verbose) - printf("%s: PID of child created by clone() is %jd\en", - argv[0], (intmax_t) child_pid); -\& - /* Update the UID and GID maps in the child. */ -\& - if (uid_map != NULL || map_zero) { - snprintf(map_path, PATH_MAX, "/proc/%jd/uid_map", - (intmax_t) child_pid); - if (map_zero) { - snprintf(map_buf, MAP_BUF_SIZE, "0 %jd 1", - (intmax_t) getuid()); - uid_map = map_buf; - } - update_map(uid_map, map_path); - } -\& - if (gid_map != NULL || map_zero) { - proc_setgroups_write(child_pid, "deny"); -\& - snprintf(map_path, PATH_MAX, "/proc/%jd/gid_map", - (intmax_t) child_pid); - if (map_zero) { - snprintf(map_buf, MAP_BUF_SIZE, "0 %ld 1", - (intmax_t) getgid()); - gid_map = map_buf; - } - update_map(gid_map, map_path); - } -\& - /* Close the write end of the pipe, to signal to the child that we - have updated the UID and GID maps. */ -\& - close(args.pipe_fd[1]); -\& - if (waitpid(child_pid, NULL, 0) == \-1) /* Wait for child */ - err(EXIT_FAILURE, "waitpid"); -\& - if (verbose) - printf("%s: terminating\en", argv[0]); -\& - exit(EXIT_SUCCESS); -} -.EE -.SH SEE ALSO -.BR newgidmap (1), \" From the shadow package -.BR newuidmap (1), \" From the shadow package -.BR clone (2), -.BR ptrace (2), -.BR setns (2), -.BR unshare (2), -.BR proc (5), -.BR subgid (5), \" From the shadow package -.BR subuid (5), \" From the shadow package -.BR capabilities (7), -.BR cgroup_namespaces (7), -.BR credentials (7), -.BR namespaces (7), -.BR pid_namespaces (7) -.P -The kernel source file -.IR Documentation/admin\-guide/namespaces/resource\-control.rst . diff --git a/man7/utf-8.7 b/man7/utf-8.7 deleted file mode 100644 index 077fa42..0000000 --- a/man7/utf-8.7 +++ /dev/null @@ -1,205 +0,0 @@ -.\" Copyright (C) Markus Kuhn, 1996, 2001 -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.\" 1995-11-26 Markus Kuhn -.\" First version written -.\" 2001-05-11 Markus Kuhn -.\" Update -.\" -.TH UTF-8 7 2024-03-14 "Linux man-pages 6.7" -.SH NAME -UTF-8 \- an ASCII compatible multibyte Unicode encoding -.SH DESCRIPTION -The Unicode 3.0 character set occupies a 16-bit code space. -The most obvious -Unicode encoding (known as UCS-2) -consists of a sequence of 16-bit words. -Such strings can contain\[em]as part of many 16-bit characters\[em]bytes -such as \[aq]\e0\[aq] or \[aq]/\[aq], which have a -special meaning in filenames and other C library function arguments. -In addition, the majority of UNIX tools expect ASCII files and can't -read 16-bit words as characters without major modifications. -For these reasons, -UCS-2 is not a suitable external encoding of Unicode -in filenames, text files, environment variables, and so on. -The ISO/IEC 10646 Universal Character Set (UCS), -a superset of Unicode, occupies an even larger code -space\[em]31\ bits\[em]and the obvious -UCS-4 encoding for it (a sequence of 32-bit words) has the same problems. -.P -The UTF-8 encoding of Unicode and UCS -does not have these problems and is the common way in which -Unicode is used on UNIX-style operating systems. -.SS Properties -The UTF-8 encoding has the following nice properties: -.IP \[bu] 3 -UCS -characters 0x00000000 to 0x0000007f (the classic US-ASCII -characters) are encoded simply as bytes 0x00 to 0x7f (ASCII -compatibility). -This means that files and strings which contain only -7-bit ASCII characters have the same encoding under both -ASCII -and -UTF-8. -.IP \[bu] -All UCS characters greater than 0x7f are encoded as a multibyte sequence -consisting only of bytes in the range 0x80 to 0xfd, so no ASCII -byte can appear as part of another character and there are no -problems with, for example, \[aq]\e0\[aq] or \[aq]/\[aq]. -.IP \[bu] -The lexicographic sorting order of UCS-4 strings is preserved. -.IP \[bu] -All possible 2\[ha]31 UCS codes can be encoded using UTF-8. -.IP \[bu] -The bytes 0xc0, 0xc1, 0xfe, and 0xff are never used in the UTF-8 encoding. -.IP \[bu] -The first byte of a multibyte sequence which represents a single non-ASCII -UCS character is always in the range 0xc2 to 0xfd and indicates how long -this multibyte sequence is. -All further bytes in a multibyte sequence -are in the range 0x80 to 0xbf. -This allows easy resynchronization and -makes the encoding stateless and robust against missing bytes. -.IP \[bu] -UTF-8 encoded UCS characters may be up to six bytes long, however the -Unicode standard specifies no characters above 0x10ffff, so Unicode characters -can be only up to four bytes long in -UTF-8. -.SS Encoding -The following byte sequences are used to represent a character. -The sequence to be used depends on the UCS code number of the character: -.TP -0x00000000 \- 0x0000007F: -.RI 0 xxxxxxx -.TP -0x00000080 \- 0x000007FF: -.RI 110 xxxxx -.RI 10 xxxxxx -.TP -0x00000800 \- 0x0000FFFF: -.RI 1110 xxxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.TP -0x00010000 \- 0x001FFFFF: -.RI 11110 xxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.TP -0x00200000 \- 0x03FFFFFF: -.RI 111110 xx -.RI 10 xxxxxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.TP -0x04000000 \- 0x7FFFFFFF: -.RI 1111110 x -.RI 10 xxxxxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.RI 10 xxxxxx -.P -The -.I xxx -bit positions are filled with the bits of the character code number in -binary representation, most significant bit first (big-endian). -Only the shortest possible multibyte sequence -which can represent the code number of the character can be used. -.P -The UCS code values 0xd800\[en]0xdfff (UTF-16 surrogates) as well as 0xfffe and -0xffff (UCS noncharacters) should not appear in conforming UTF-8 streams. -According to RFC 3629 no point above U+10FFFF should be used, -which limits characters to four bytes. -.SS Example -The Unicode character 0xa9 = 1010 1001 (the copyright sign) is encoded -in UTF-8 as -.P -.RS -11000010 10101001 = 0xc2 0xa9 -.RE -.P -and character 0x2260 = 0010 0010 0110 0000 (the "not equal" symbol) is -encoded as: -.P -.RS -11100010 10001001 10100000 = 0xe2 0x89 0xa0 -.RE -.SS Application notes -Users have to select a UTF-8 locale, for example with -.P -.RS -export LANG=en_GB.UTF-8 -.RE -.P -in order to activate the UTF-8 support in applications. -.P -Application software that has to be aware of the used character -encoding should always set the locale with for example -.P -.RS -setlocale(LC_CTYPE, "") -.RE -.P -and programmers can then test the expression -.P -.RS -strcmp(nl_langinfo(CODESET), "UTF-8") == 0 -.RE -.P -to determine whether a UTF-8 locale has been selected and whether -therefore all plaintext standard input and output, terminal -communication, plaintext file content, filenames, and environment -variables are encoded in UTF-8. -.P -Programmers accustomed to single-byte encodings -such as US-ASCII or ISO/IEC\~8859 -have to be aware that two assumptions made so far are no longer valid -in UTF-8 locales. -Firstly, a single byte does not necessarily correspond any -more to a single character. -Secondly, since modern terminal emulators in UTF-8 -mode also support Chinese, Japanese, and Korean -double-width characters as well as nonspacing combining characters, -outputting a single character does not necessarily advance the cursor -by one position as it did in ASCII. -Library functions such as -.BR mbsrtowcs (3) -and -.BR wcswidth (3) -should be used today to count characters and cursor positions. -.P -The official ESC sequence to switch from an ISO/IEC\~2022 -encoding scheme (as used for instance by VT100 terminals) to -UTF-8 is ESC % G -("\ex1b%G"). -The corresponding return sequence from -UTF-8 to ISO/IEC\~2022 is ESC % @ ("\ex1b%@"). -Other ISO/IEC\~2022 sequences (such as -for switching the G0 and G1 sets) are not applicable in UTF-8 mode. -.SS Security -The Unicode and UCS standards require that producers of UTF-8 -shall use the shortest form possible, for example, producing a two-byte -sequence with first byte 0xc0 is nonconforming. -Unicode 3.1 has added the requirement that conforming programs must not accept -non-shortest forms in their input. -This is for security reasons: if -user input is checked for possible security violations, a program -might check only for the ASCII -version of "/../" or ";" or NUL and overlook that there are many -non-ASCII ways to represent these things in a non-shortest UTF-8 -encoding. -.SS Standards -ISO/IEC 10646-1:2000, Unicode 3.1, RFC\ 3629, Plan 9. -.\" .SH AUTHOR -.\" Markus Kuhn -.SH SEE ALSO -.BR locale (1), -.BR nl_langinfo (3), -.BR setlocale (3), -.BR charsets (7), -.BR unicode (7) diff --git a/man7/utf8.7 b/man7/utf8.7 deleted file mode 100644 index 52a9008..0000000 --- a/man7/utf8.7 +++ /dev/null @@ -1 +0,0 @@ -.so man7/utf-8.7 diff --git a/man7/uts_namespaces.7 b/man7/uts_namespaces.7 deleted file mode 100644 index 0b2a9a0..0000000 --- a/man7/uts_namespaces.7 +++ /dev/null @@ -1,46 +0,0 @@ -.\" Copyright (c) 2019 by Michael Kerrisk -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.\" -.TH uts_namespaces 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -uts_namespaces \- overview of Linux UTS namespaces -.SH DESCRIPTION -UTS namespaces provide isolation of two system identifiers: -the hostname and the NIS domain name. -These identifiers are set using -.BR sethostname (2) -and -.BR setdomainname (2), -and can be retrieved using -.BR uname (2), -.BR gethostname (2), -and -.BR getdomainname (2). -Changes made to these identifiers are visible to all other -processes in the same UTS namespace, -but are not visible to processes in other UTS namespaces. -.P -When a process creates a new UTS namespace using -.BR clone (2) -or -.BR unshare (2) -with the -.B CLONE_NEWUTS -flag, the hostname and domain name of the new UTS namespace are copied -from the corresponding values in the caller's UTS namespace. -.P -Use of UTS namespaces requires a kernel that is configured with the -.B CONFIG_UTS_NS -option. -.SH SEE ALSO -.BR nsenter (1), -.BR unshare (1), -.BR clone (2), -.BR getdomainname (2), -.BR gethostname (2), -.BR setns (2), -.BR uname (2), -.BR unshare (2), -.BR namespaces (7) diff --git a/man7/vdso.7 b/man7/vdso.7 deleted file mode 100644 index d37360c..0000000 --- a/man7/vdso.7 +++ /dev/null @@ -1,612 +0,0 @@ -'\" t -.\" Written by Mike Frysinger -.\" -.\" %%%LICENSE_START(PUBLIC_DOMAIN) -.\" This page is in the public domain. -.\" %%%LICENSE_END -.\" -.\" Useful background: -.\" http://articles.manugarg.com/systemcallinlinux2_6.html -.\" https://lwn.net/Articles/446528/ -.\" http://www.linuxjournal.com/content/creating-vdso-colonels-other-chicken -.\" http://www.trilithium.com/johan/2005/08/linux-gate/ -.\" -.TH vDSO 7 2024-02-18 "Linux man-pages 6.7" -.SH NAME -vdso \- overview of the virtual ELF dynamic shared object -.SH SYNOPSIS -.nf -.B #include -.P -.B void *vdso = (uintptr_t) getauxval(AT_SYSINFO_EHDR); -.fi -.SH DESCRIPTION -The "vDSO" (virtual dynamic shared object) is a small shared library that -the kernel automatically maps into the -address space of all user-space applications. -Applications usually do not need to concern themselves with these details -as the vDSO is most commonly called by the C library. -This way you can code in the normal way using standard functions -and the C library will take care -of using any functionality that is available via the vDSO. -.P -Why does the vDSO exist at all? -There are some system calls the kernel provides that -user-space code ends up using frequently, -to the point that such calls can dominate overall performance. -This is due both to the frequency of the call as well as the -context-switch overhead that results -from exiting user space and entering the kernel. -.P -The rest of this documentation is geared toward the curious and/or -C library writers rather than general developers. -If you're trying to call the vDSO in your own application rather than using -the C library, you're most likely doing it wrong. -.SS Example background -Making system calls can be slow. -In x86 32-bit systems, you can trigger a software interrupt -.RI ( "int $0x80" ) -to tell the kernel you wish to make a system call. -However, this instruction is expensive: it goes through -the full interrupt-handling paths -in the processor's microcode as well as in the kernel. -Newer processors have faster (but backward incompatible) instructions to -initiate system calls. -Rather than require the C library to figure out if this functionality is -available at run time, -the C library can use functions provided by the kernel in -the vDSO. -.P -Note that the terminology can be confusing. -On x86 systems, the vDSO function -used to determine the preferred method of making a system call is -named "__kernel_vsyscall", but on x86-64, -the term "vsyscall" also refers to an obsolete way to ask the kernel -what time it is or what CPU the caller is on. -.P -One frequently used system call is -.BR gettimeofday (2). -This system call is called both directly by user-space applications -as well as indirectly by -the C library. -Think timestamps or timing loops or polling\[em]all of these -frequently need to know what time it is right now. -This information is also not secret\[em]any application in any -privilege mode (root or any unprivileged user) will get the same answer. -Thus the kernel arranges for the information required to answer -this question to be placed in memory the process can access. -Now a call to -.BR gettimeofday (2) -changes from a system call to a normal function -call and a few memory accesses. -.SS Finding the vDSO -The base address of the vDSO (if one exists) is passed by the kernel to -each program in the initial auxiliary vector (see -.BR getauxval (3)), -via the -.B AT_SYSINFO_EHDR -tag. -.P -You must not assume the vDSO is mapped at any particular location in the -user's memory map. -The base address will usually be randomized at run time every time a new -process image is created (at -.BR execve (2) -time). -This is done for security reasons, -to prevent "return-to-libc" attacks. -.P -For some architectures, there is also an -.B AT_SYSINFO -tag. -This is used only for locating the vsyscall entry point and is frequently -omitted or set to 0 (meaning it's not available). -This tag is a throwback to the initial vDSO work (see -.I History -below) and its use should be avoided. -.SS File format -Since the vDSO is a fully formed ELF image, you can do symbol lookups on it. -This allows new symbols to be added with newer kernel releases, -and allows the C library to detect available functionality at -run time when running under different kernel versions. -Oftentimes the C library will do detection with the first call and then -cache the result for subsequent calls. -.P -All symbols are also versioned (using the GNU version format). -This allows the kernel to update the function signature without breaking -backward compatibility. -This means changing the arguments that the function accepts as well as the -return value. -Thus, when looking up a symbol in the vDSO, -you must always include the version -to match the ABI you expect. -.P -Typically the vDSO follows the naming convention of prefixing -all symbols with "__vdso_" or "__kernel_" -so as to distinguish them from other standard symbols. -For example, the "gettimeofday" function is named "__vdso_gettimeofday". -.P -You use the standard C calling conventions when calling -any of these functions. -No need to worry about weird register or stack behavior. -.SH NOTES -.SS Source -When you compile the kernel, -it will automatically compile and link the vDSO code for you. -You will frequently find it under the architecture-specific directory: -.P -.in +4n -.EX -find arch/$ARCH/ \-name \[aq]*vdso*.so*\[aq] \-o \-name \[aq]*gate*.so*\[aq] -.EE -.in -.\" -.SS vDSO names -The name of the vDSO varies across architectures. -It will often show up in things like glibc's -.BR ldd (1) -output. -The exact name should not matter to any code, so do not hardcode it. -.if t \{\ -.ft CW -\} -.TS -l l. -user ABI vDSO name -_ -aarch64 linux\-vdso.so.1 -arm linux\-vdso.so.1 -ia64 linux\-gate.so.1 -mips linux\-vdso.so.1 -ppc/32 linux\-vdso32.so.1 -ppc/64 linux\-vdso64.so.1 -riscv linux\-vdso.so.1 -s390 linux\-vdso32.so.1 -s390x linux\-vdso64.so.1 -sh linux\-gate.so.1 -i386 linux\-gate.so.1 -x86-64 linux\-vdso.so.1 -x86/x32 linux\-vdso.so.1 -.TE -.if t \{\ -.in -.ft P -\} -.SS strace(1), seccomp(2), and the vDSO -When tracing system calls with -.BR strace (1), -symbols (system calls) that are exported by the vDSO will -.I not -appear in the trace output. -Those system calls will likewise not be visible to -.BR seccomp (2) -filters. -.SH ARCHITECTURE-SPECIFIC NOTES -The subsections below provide architecture-specific notes -on the vDSO. -.P -Note that the vDSO that is used is based on the ABI of your user-space code -and not the ABI of the kernel. -Thus, for example, -when you run an i386 32-bit ELF binary, -you'll get the same vDSO regardless of whether you run it under -an i386 32-bit kernel or under an x86-64 64-bit kernel. -Therefore, the name of the user-space ABI should be used to determine -which of the sections below is relevant. -.SS ARM functions -.\" See linux/arch/arm/vdso/vdso.lds.S -.\" Commit: 8512287a8165592466cb9cb347ba94892e9c56a5 -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__vdso_gettimeofday LINUX_2.6 (exported since Linux 4.1) -__vdso_clock_gettime LINUX_2.6 (exported since Linux 4.1) -.TE -.if t \{\ -.in -.ft P -\} -.P -.\" See linux/arch/arm/kernel/entry-armv.S -.\" See linux/Documentation/arm/kernel_user_helpers.rst -Additionally, the ARM port has a code page full of utility functions. -Since it's just a raw page of code, there is no ELF information for doing -symbol lookups or versioning. -It does provide support for different versions though. -.P -For information on this code page, -it's best to refer to the kernel documentation -as it's extremely detailed and covers everything you need to know: -.IR Documentation/arm/kernel_user_helpers.rst . -.SS aarch64 functions -.\" See linux/arch/arm64/kernel/vdso/vdso.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_rt_sigreturn LINUX_2.6.39 -__kernel_gettimeofday LINUX_2.6.39 -__kernel_clock_gettime LINUX_2.6.39 -__kernel_clock_getres LINUX_2.6.39 -.TE -.if t \{\ -.in -.ft P -\} -.SS bfin (Blackfin) functions (port removed in Linux 4.17) -.\" See linux/arch/blackfin/kernel/fixed_code.S -.\" See http://docs.blackfin.uclinux.org/doku.php?id=linux-kernel:fixed-code -As this CPU lacks a memory management unit (MMU), -it doesn't set up a vDSO in the normal sense. -Instead, it maps at boot time a few raw functions into -a fixed location in memory. -User-space applications then call directly into that region. -There is no provision for backward compatibility -beyond sniffing raw opcodes, -but as this is an embedded CPU, it can get away with things\[em]some of the -object formats it runs aren't even ELF based (they're bFLT/FLAT). -.P -For information on this code page, -it's best to refer to the public documentation: -.br -http://docs.blackfin.uclinux.org/doku.php?id=linux\-kernel:fixed\-code -.SS mips functions -.\" See linux/arch/mips/vdso/vdso.ld.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_gettimeofday LINUX_2.6 (exported since Linux 4.4) -__kernel_clock_gettime LINUX_2.6 (exported since Linux 4.4) -.TE -.if t \{\ -.in -.ft P -\} -.SS ia64 (Itanium) functions -.\" See linux/arch/ia64/kernel/gate.lds.S -.\" Also linux/arch/ia64/kernel/fsys.S and linux/Documentation/ia64/fsys.rst -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_sigtramp LINUX_2.5 -__kernel_syscall_via_break LINUX_2.5 -__kernel_syscall_via_epc LINUX_2.5 -.TE -.if t \{\ -.in -.ft P -\} -.P -The Itanium port is somewhat tricky. -In addition to the vDSO above, it also has "light-weight system calls" -(also known as "fast syscalls" or "fsys"). -You can invoke these via the -.I __kernel_syscall_via_epc -vDSO helper. -The system calls listed here have the same semantics as if you called them -directly via -.BR syscall (2), -so refer to the relevant -documentation for each. -The table below lists the functions available via this mechanism. -.if t \{\ -.ft CW -\} -.TS -l. -function -_ -clock_gettime -getcpu -getpid -getppid -gettimeofday -set_tid_address -.TE -.if t \{\ -.in -.ft P -\} -.SS parisc (hppa) functions -.\" See linux/arch/parisc/kernel/syscall.S -.\" See linux/Documentation/parisc/registers.rst -The parisc port has a code page with utility functions -called a gateway page. -Rather than use the normal ELF auxiliary vector approach, -it passes the address of -the page to the process via the SR2 register. -The permissions on the page are such that merely executing those addresses -automatically executes with kernel privileges and not in user space. -This is done to match the way HP-UX works. -.P -Since it's just a raw page of code, there is no ELF information for doing -symbol lookups or versioning. -Simply call into the appropriate offset via the branch instruction, -for example: -.P -.in +4n -.EX -ble (%sr2, %r0) -.EE -.in -.if t \{\ -.ft CW -\} -.TS -l l. -offset function -_ -00b0 lws_entry (CAS operations) -00e0 set_thread_pointer (used by glibc) -0100 linux_gateway_entry (syscall) -.TE -.if t \{\ -.in -.ft P -\} -.SS ppc/32 functions -.\" See linux/arch/powerpc/kernel/vdso32/vdso32.lds.S -The table below lists the symbols exported by the vDSO. -The functions marked with a -.I * -are available only when the kernel is -a PowerPC64 (64-bit) kernel. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_clock_getres LINUX_2.6.15 -__kernel_clock_gettime LINUX_2.6.15 -__kernel_clock_gettime64 LINUX_5.11 -__kernel_datapage_offset LINUX_2.6.15 -__kernel_get_syscall_map LINUX_2.6.15 -__kernel_get_tbfreq LINUX_2.6.15 -__kernel_getcpu \fI*\fR LINUX_2.6.15 -__kernel_gettimeofday LINUX_2.6.15 -__kernel_sigtramp_rt32 LINUX_2.6.15 -__kernel_sigtramp32 LINUX_2.6.15 -__kernel_sync_dicache LINUX_2.6.15 -__kernel_sync_dicache_p5 LINUX_2.6.15 -.TE -.if t \{\ -.in -.ft P -\} -.P -Before Linux 5.6, -.\" commit 654abc69ef2e69712e6d4e8a6cb9292b97a4aa39 -the -.B CLOCK_REALTIME_COARSE -and -.B CLOCK_MONOTONIC_COARSE -clocks are -.I not -supported by the -.I __kernel_clock_getres -and -.I __kernel_clock_gettime -interfaces; -the kernel falls back to the real system call. -.SS ppc/64 functions -.\" See linux/arch/powerpc/kernel/vdso64/vdso64.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_clock_getres LINUX_2.6.15 -__kernel_clock_gettime LINUX_2.6.15 -__kernel_datapage_offset LINUX_2.6.15 -__kernel_get_syscall_map LINUX_2.6.15 -__kernel_get_tbfreq LINUX_2.6.15 -__kernel_getcpu LINUX_2.6.15 -__kernel_gettimeofday LINUX_2.6.15 -__kernel_sigtramp_rt64 LINUX_2.6.15 -__kernel_sync_dicache LINUX_2.6.15 -__kernel_sync_dicache_p5 LINUX_2.6.15 -.TE -.if t \{\ -.in -.ft P -\} -.P -Before Linux 4.16, -.\" commit 5c929885f1bb4b77f85b1769c49405a0e0f154a1 -the -.B CLOCK_REALTIME_COARSE -and -.B CLOCK_MONOTONIC_COARSE -clocks are -.I not -supported by the -.I __kernel_clock_getres -and -.I __kernel_clock_gettime -interfaces; -the kernel falls back to the real system call. -.SS riscv functions -.\" See linux/arch/riscv/kernel/vdso/vdso.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__vdso_rt_sigreturn LINUX_4.15 -__vdso_gettimeofday LINUX_4.15 -__vdso_clock_gettime LINUX_4.15 -__vdso_clock_getres LINUX_4.15 -__vdso_getcpu LINUX_4.15 -__vdso_flush_icache LINUX_4.15 -.TE -.if t \{\ -.in -.ft P -\} -.SS s390 functions -.\" See linux/arch/s390/kernel/vdso32/vdso32.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_clock_getres LINUX_2.6.29 -__kernel_clock_gettime LINUX_2.6.29 -__kernel_gettimeofday LINUX_2.6.29 -.TE -.if t \{\ -.in -.ft P -\} -.SS s390x functions -.\" See linux/arch/s390/kernel/vdso64/vdso64.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_clock_getres LINUX_2.6.29 -__kernel_clock_gettime LINUX_2.6.29 -__kernel_gettimeofday LINUX_2.6.29 -.TE -.if t \{\ -.in -.ft P -\} -.SS sh (SuperH) functions -.\" See linux/arch/sh/kernel/vsyscall/vsyscall.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_rt_sigreturn LINUX_2.6 -__kernel_sigreturn LINUX_2.6 -__kernel_vsyscall LINUX_2.6 -.TE -.if t \{\ -.in -.ft P -\} -.SS i386 functions -.\" See linux/arch/x86/vdso/vdso32/vdso32.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__kernel_sigreturn LINUX_2.5 -__kernel_rt_sigreturn LINUX_2.5 -__kernel_vsyscall LINUX_2.5 -.\" Added in 7a59ed415f5b57469e22e41fc4188d5399e0b194 and updated -.\" in 37c975545ec63320789962bf307f000f08fabd48. -__vdso_clock_gettime LINUX_2.6 (exported since Linux 3.15) -__vdso_gettimeofday LINUX_2.6 (exported since Linux 3.15) -__vdso_time LINUX_2.6 (exported since Linux 3.15) -.TE -.if t \{\ -.in -.ft P -\} -.SS x86-64 functions -.\" See linux/arch/x86/vdso/vdso.lds.S -The table below lists the symbols exported by the vDSO. -All of these symbols are also available without the "__vdso_" prefix, but -you should ignore those and stick to the names below. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__vdso_clock_gettime LINUX_2.6 -__vdso_getcpu LINUX_2.6 -__vdso_gettimeofday LINUX_2.6 -__vdso_time LINUX_2.6 -.TE -.if t \{\ -.in -.ft P -\} -.SS x86/x32 functions -.\" See linux/arch/x86/vdso/vdso32.lds.S -The table below lists the symbols exported by the vDSO. -.if t \{\ -.ft CW -\} -.TS -l l. -symbol version -_ -__vdso_clock_gettime LINUX_2.6 -__vdso_getcpu LINUX_2.6 -__vdso_gettimeofday LINUX_2.6 -__vdso_time LINUX_2.6 -.TE -.if t \{\ -.in -.ft P -\} -.SS History -The vDSO was originally just a single function\[em]the vsyscall. -In older kernels, you might see that name -in a process's memory map rather than "vdso". -Over time, people realized that this mechanism -was a great way to pass more functionality -to user space, so it was reconceived as a vDSO in the current format. -.SH SEE ALSO -.BR syscalls (2), -.BR getauxval (3), -.BR proc (5) -.P -The documents, examples, and source code in the Linux source code tree: -.P -.in +4n -.EX -Documentation/ABI/stable/vdso -Documentation/ia64/fsys.rst -Documentation/vDSO/* (includes examples of using the vDSO) -.P -find arch/ \-iname \[aq]*vdso*\[aq] \-o \-iname \[aq]*gate*\[aq] -.EE -.in diff --git a/man7/vsock.7 b/man7/vsock.7 deleted file mode 100644 index 3d679c0..0000000 --- a/man7/vsock.7 +++ /dev/null @@ -1,232 +0,0 @@ -.\" Copyright (C) 2018, Stefan Hajnoczi -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH vsock 7 2024-02-25 "Linux man-pages 6.7" -.SH NAME -vsock \- Linux VSOCK address family -.SH SYNOPSIS -.nf -.B #include -.B #include -.P -.IB stream_socket " = socket(AF_VSOCK, SOCK_STREAM, 0);" -.IB datagram_socket " = socket(AF_VSOCK, SOCK_DGRAM, 0);" -.fi -.SH DESCRIPTION -The VSOCK address family facilitates communication between virtual machines and -the host they are running on. -This address family is used by guest agents and -hypervisor services that need a communications channel that is independent of -virtual machine network configuration. -.P -Valid socket types are -.B SOCK_STREAM -and -.BR SOCK_DGRAM . -.B SOCK_STREAM -provides connection-oriented byte streams with guaranteed, in-order delivery. -.B SOCK_DGRAM -provides a connectionless datagram packet service with best-effort delivery and -best-effort ordering. -Availability of these socket types is dependent on the -underlying hypervisor. -.P -A new socket is created with -.P -.in +4n -.EX -socket(AF_VSOCK, socket_type, 0); -.EE -.in -.P -When a process wants to establish a connection, it calls -.BR connect (2) -with a given destination socket address. -The socket is automatically bound to a free port if unbound. -.P -A process can listen for incoming connections by first binding to a socket -address using -.BR bind (2) -and then calling -.BR listen (2). -.P -Data is transmitted using the -.BR send (2) -or -.BR write (2) -families of system calls and data is received using the -.BR recv (2) -or -.BR read (2) -families of system calls. -.SS Address format -A socket address is defined as a combination of a 32-bit Context Identifier -(CID) and a 32-bit port number. -The CID identifies the source or destination, -which is either a virtual machine or the host. -The port number differentiates between multiple services running on -a single machine. -.P -.in +4n -.EX -struct sockaddr_vm { - sa_family_t svm_family; /* Address family: AF_VSOCK */ - unsigned short svm_reserved1; - unsigned int svm_port; /* Port # in host byte order */ - unsigned int svm_cid; /* Address in host byte order */ - unsigned char svm_zero[sizeof(struct sockaddr) \- - sizeof(sa_family_t) \- - sizeof(unsigned short) \- - sizeof(unsigned int) \- - sizeof(unsigned int)]; -}; -.EE -.in -.P -.I svm_family -is always set to -.BR AF_VSOCK . -.I svm_reserved1 -is always set to 0. -.I svm_port -contains the port number in host byte order. -The port numbers below 1024 are called -.IR "privileged ports" . -Only a process with the -.B CAP_NET_BIND_SERVICE -capability may -.BR bind (2) -to these port numbers. -.I svm_zero -must be zero-filled. -.P -There are several special addresses: -.B VMADDR_CID_ANY -(\-1U) -means any address for binding; -.B VMADDR_CID_HYPERVISOR -(0) is reserved for services built into the hypervisor; -.B VMADDR_CID_LOCAL -(1) is the well-known address for local communication (loopback); -.B VMADDR_CID_HOST -(2) -is the well-known address of the host. -.P -The special constant -.B VMADDR_PORT_ANY -(\-1U) -means any port number for binding. -.SS Live migration -Sockets are affected by live migration of virtual machines. -Connected -.B SOCK_STREAM -sockets become disconnected when the virtual machine migrates to a new host. -Applications must reconnect when this happens. -.P -The local CID may change across live migration if the old CID is -not available on the new host. -Bound sockets are automatically updated to the new CID. -.SS Ioctls -The following ioctls are available on the -.I /dev/vsock -device. -.TP -.B IOCTL_VM_SOCKETS_GET_LOCAL_CID -Get the CID of the local machine. -The argument is a pointer to an -.IR "unsigned int" . -.IP -.in +4n -.EX -ioctl(fd, IOCTL_VM_SOCKETS_GET_LOCAL_CID, &cid); -.EE -.in -.IP -Consider using -.B VMADDR_CID_ANY -when binding instead of getting the local CID with -.BR IOCTL_VM_SOCKETS_GET_LOCAL_CID . -.SS Local communication -.B VMADDR_CID_LOCAL -(1) directs packets to the same host that generated them. -This is useful -for testing applications on a single host and for debugging. -.P -The local CID obtained with -.B IOCTL_VM_SOCKETS_GET_LOCAL_CID -can be used for the same purpose, but it is preferable to use -.BR VMADDR_CID_LOCAL . -.SH ERRORS -.TP -.B EACCES -Unable to bind to a privileged port without the -.B CAP_NET_BIND_SERVICE -capability. -.TP -.B EADDRINUSE -Unable to bind to a port that is already in use. -.TP -.B EADDRNOTAVAIL -Unable to find a free port for binding or unable to bind to a nonlocal CID. -.TP -.B EINVAL -Invalid parameters. -This includes: -attempting to bind a socket that is already bound, providing an invalid struct -.IR sockaddr_vm , -and other input validation errors. -.TP -.B ENOPROTOOPT -Invalid socket option in -.BR setsockopt (2) -or -.BR getsockopt (2). -.TP -.B ENOTCONN -Unable to perform operation on an unconnected socket. -.TP -.B EOPNOTSUPP -Operation not supported. -This includes: -the -.B MSG_OOB -flag that is not implemented for the -.BR send (2) -family of syscalls and -.B MSG_PEEK -for the -.BR recv (2) -family of syscalls. -.TP -.B EPROTONOSUPPORT -Invalid socket protocol number. -The protocol should always be 0. -.TP -.B ESOCKTNOSUPPORT -Unsupported socket type in -.BR socket (2). -Only -.B SOCK_STREAM -and -.B SOCK_DGRAM -are valid. -.SH VERSIONS -Support for VMware (VMCI) has been available since Linux 3.9. -KVM (virtio) is supported since Linux 4.8. -Hyper-V is supported since Linux 4.14. -.P -.B VMADDR_CID_LOCAL -is supported since Linux 5.6. -.\" commit ef343b35d46667668a099655fca4a5b2e43a5dfe -Local communication in the guest and on the host is available since Linux 5.6. -Previous versions supported only local communication within a guest -(not on the host), and with only some transports (VMCI and virtio). -.SH SEE ALSO -.BR bind (2), -.BR connect (2), -.BR listen (2), -.BR recv (2), -.BR send (2), -.BR socket (2), -.BR capabilities (7) diff --git a/man7/x25.7 b/man7/x25.7 deleted file mode 100644 index 73ef2f3..0000000 --- a/man7/x25.7 +++ /dev/null @@ -1,124 +0,0 @@ -.\" SPDX-License-Identifier: Linux-man-pages-1-para -.\" -.\" This man page is Copyright (C) 1998 Heiner Eisen. -.\" -.\" $Id: x25.7,v 1.4 1999/05/18 10:35:12 freitag Exp $ -.\" -.TH x25 7 2024-01-28 "Linux man-pages 6.7" -.SH NAME -x25 -\- -ITU-T X.25 / ISO/IEC\~8208 protocol interface -.SH SYNOPSIS -.nf -.B #include -.B #include -.P -.IB x25_socket " = socket(AF_X25, SOCK_SEQPACKET, 0);" -.fi -.SH DESCRIPTION -X25 sockets provide an interface to the X.25 packet layer protocol. -This allows applications to -communicate over a public X.25 data network as standardized by -International Telecommunication Union's recommendation X.25 -(X.25 DTE-DCE mode). -X25 sockets can also be used for communication -without an intermediate X.25 network (X.25 DTE-DTE mode) as described -in ISO/IEC\~8208. -.P -Message boundaries are preserved \[em] a -.BR read (2) -from a socket will -retrieve the same chunk of data as output with the corresponding -.BR write (2) -to the peer socket. -When necessary, the kernel takes care -of segmenting and reassembling long messages by means of -the X.25 M-bit. -There is no hard-coded upper limit for the -message size. -However, reassembling of a long message might fail if -there is a temporary lack of system resources or when other constraints -(such as socket memory or buffer size limits) become effective. -If that -occurs, the X.25 connection will be reset. -.SS Socket addresses -The -.B AF_X25 -socket address family uses the -.I struct sockaddr_x25 -for representing network addresses as defined in ITU-T -recommendation X.121. -.P -.in +4n -.EX -struct sockaddr_x25 { - sa_family_t sx25_family; /* must be AF_X25 */ - x25_address sx25_addr; /* X.121 Address */ -}; -.EE -.in -.P -.I sx25_addr -contains a char array -.I x25_addr[] -to be interpreted as a null-terminated string. -.I sx25_addr.x25_addr[] -consists of up to 15 (not counting the terminating null byte) ASCII -characters forming the X.121 address. -Only the decimal digit characters from \[aq]0\[aq] to \[aq]9\[aq] are allowed. -.SS Socket options -The following X.25-specific socket options can be set by using -.BR setsockopt (2) -and read with -.BR getsockopt (2) -with the -.I level -argument set to -.BR SOL_X25 . -.TP -.B X25_QBITINCL -Controls whether the X.25 Q-bit (Qualified Data Bit) is accessible by the -user. -It expects an integer argument. -If set to 0 (default), -the Q-bit is never set for outgoing packets and the Q-bit of incoming -packets is ignored. -If set to 1, an additional first byte is prepended -to each message read from or written to the socket. -For data read from -the socket, a 0 first byte indicates that the Q-bits of the corresponding -incoming data packets were not set. -A first byte with value 1 indicates -that the Q-bit of the corresponding incoming data packets was set. -If the first byte of the data written to the socket is 1, the Q-bit of the -corresponding outgoing data packets will be set. -If the first byte is 0, -the Q-bit will not be set. -.SH VERSIONS -The AF_X25 protocol family is a new feature of Linux 2.2. -.SH BUGS -Plenty, as the X.25 PLP implementation is -.BR CONFIG_EXPERIMENTAL . -.P -This man page is incomplete. -.P -There is no dedicated application programmer's header file yet; -you need to include the kernel header file -.IR . -.B CONFIG_EXPERIMENTAL -might also imply that future versions of the -interface are not binary compatible. -.P -X.25 N-Reset events are not propagated to the user process yet. -Thus, -if a reset occurred, data might be lost without notice. -.SH SEE ALSO -.BR socket (2), -.BR socket (7) -.P -Jonathan Simon Naylor: -\[lq]The Re-Analysis and Re-Implementation of X.25.\[rq] -The URL is -.UR ftp://ftp.pspt.fi\:/pub\:/ham\:/linux\:/ax25\:/x25doc.tgz -.UE . diff --git a/man7/xattr.7 b/man7/xattr.7 deleted file mode 100644 index c90aaf8..0000000 --- a/man7/xattr.7 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Extended attributes manual page -.\" -.\" Copyright (C) 2000, 2002, 2007 Andreas Gruenbacher -.\" Copyright (C) 2001, 2002, 2004, 2007 Silicon Graphics, Inc. -.\" All rights reserved. -.\" -.\" SPDX-License-Identifier: GPL-2.0-or-later -.\" -.TH xattr 7 2023-10-31 "Linux man-pages 6.7" -.SH NAME -xattr \- Extended attributes -.SH DESCRIPTION -Extended attributes are name:value pairs associated permanently with -files and directories, similar to the environment strings associated -with a process. -An attribute may be defined or undefined. -If it is defined, its value may be empty or non-empty. -.P -Extended attributes are extensions to the normal attributes which are -associated with all inodes in the system (i.e., the -.BR stat (2) -data). -They are often used to provide additional functionality -to a filesystem\[em]for example, additional security features such as -Access Control Lists (ACLs) may be implemented using extended attributes. -.P -Users with search access to a file or directory may use -.BR listxattr (2) -to retrieve a list of attribute names defined for that file or directory. -.P -Extended attributes are accessed as atomic objects. -Reading -.RB ( getxattr (2)) -retrieves the whole value of an attribute and stores it in a buffer. -Writing -.RB ( setxattr (2)) -replaces any previous value with the new value. -.P -Space consumed for extended attributes may be counted towards the disk quotas -of the file owner and file group. -.SS Extended attribute namespaces -Attribute names are null-terminated strings. -The attribute name is always specified in the fully qualified -.I namespace.attribute -form, for example, -.IR user.mime_type , -.IR trusted.md5sum , -.IR system.posix_acl_access , -or -.IR security.selinux . -.P -The namespace mechanism is used to define different classes of extended -attributes. -These different classes exist for several reasons; -for example, the permissions -and capabilities required for manipulating extended attributes of one -namespace may differ to another. -.P -Currently, the -.IR security , -.IR system , -.IR trusted , -and -.I user -extended attribute classes are defined as described below. -Additional classes may be added in the future. -.SS Extended security attributes -The security attribute namespace is used by kernel security modules, -such as Security Enhanced Linux, and also to implement file capabilities (see -.BR capabilities (7)). -Read and write access permissions to security attributes depend on the -policy implemented for each security attribute by the security module. -When no security module is loaded, all processes have read access to -extended security attributes, and write access is limited to processes -that have the -.B CAP_SYS_ADMIN -capability. -.SS System extended attributes -System extended attributes are used by the kernel to store system -objects such as Access Control Lists. -Read and write -access permissions to system attributes depend on the policy implemented -for each system attribute implemented by filesystems in the kernel. -.SS Trusted extended attributes -Trusted extended attributes are visible and accessible only to processes that -have the -.B CAP_SYS_ADMIN -capability. -Attributes in this class are used to implement mechanisms in user -space (i.e., outside the kernel) which keep information in extended attributes -to which ordinary processes should not have access. -.SS User extended attributes -User extended attributes may be assigned to files and directories for -storing arbitrary additional information such as the mime type, -character set or encoding of a file. -The access permissions for user -attributes are defined by the file permission bits: -read permission is required to retrieve the attribute value, -and writer permission is required to change it. -.P -The file permission bits of regular files and directories are -interpreted differently from the file permission bits of special files -and symbolic links. -For regular files and directories the file -permission bits define access to the file's contents, while for device special -files they define access to the device described by the special file. -The file permissions of symbolic links are not used in access checks. -These differences would allow users to consume filesystem resources in -a way not controllable by disk quotas for group or world writable -special files and directories. -.P -For this reason, -user extended attributes are allowed only for regular files and directories, -and access to user extended attributes is restricted to the -owner and to users with appropriate capabilities for directories with the -sticky bit set (see the -.BR chmod (1) -manual page for an explanation of the sticky bit). -.SS Filesystem differences -The kernel and the filesystem may place limits on the maximum number -and size of extended attributes that can be associated with a file. -The VFS-imposed limits on attribute names and values are 255 bytes -and 64\ kB, respectively. -The list of attribute names that -can be returned is also limited to 64\ kB -(see BUGS in -.BR listxattr (2)). -.P -Some filesystems, such as Reiserfs (and, historically, ext2 and ext3), -require the filesystem to be mounted with the -.B user_xattr -mount option in order for user extended attributes to be used. -.P -In the current ext2, ext3, and ext4 filesystem implementations, -the total bytes used by the names and values of all of a file's -extended attributes must fit in a single filesystem block (1024, 2048 -or 4096 bytes, depending on the block size specified when the -filesystem was created). -.P -In the Btrfs, XFS, and Reiserfs filesystem implementations, there is no -practical limit on the number of extended attributes -associated with a file, and the algorithms used to store extended -attribute information on disk are scalable. -.P -In the JFS, XFS, and Reiserfs filesystem implementations, -the limit on bytes used in an EA value is the ceiling imposed by the VFS. -.P -In the Btrfs filesystem implementation, -the total bytes used for the name, value, and implementation overhead bytes -is limited to the filesystem -.I nodesize -value (16\ kB by default). -.SH STANDARDS -Extended attributes are not specified in POSIX.1, but some other systems -(e.g., the BSDs and Solaris) provide a similar feature. -.SH NOTES -Since the filesystems on which extended attributes are stored might also -be used on architectures with a different byte order and machine word -size, care should be taken to store attribute values in an -architecture-independent format. -.P -This page was formerly named -.BR attr (5). -.\" .SH AUTHORS -.\" Andreas Gruenbacher, -.\" .RI < a.gruenbacher@bestbits.at > -.\" and the SGI XFS development team, -.\" .RI < linux-xfs@oss.sgi.com >. -.SH SEE ALSO -.BR attr (1), -.BR getfattr (1), -.BR setfattr (1), -.BR getxattr (2), -.BR ioctl_iflags (2), -.BR listxattr (2), -.BR removexattr (2), -.BR setxattr (2), -.BR acl (5), -.BR capabilities (7), -.BR selinux (8) -- cgit v1.2.3