mop up for the pcap.3 rename;
help/ok deraadt

pflogd(8): don't try to rename(2) broken/invalid pflog files, instead,
suspend logging until the log file has been moved out of the way, and
we have received either SIGHUP or SIGALRM.

ok florian@ deraadt@

Fix escaping: .Nm Op Fl "Dx" turning into "pflogd [-DragonFly]"
is funny, but not useful, so say .Nm Op Fl \&Dx as required.

Interface status printing (at exit and USR1) was broken for a while.
Remove it completely to simplify the code.
even better deraadt@

Use "In" to mark up include files, instead of wrongly wrapping with Aq.

Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.

ok schwarze@

obvious .Pa fixes; found with mandocdb(8)

Add missing .Mt macros for AUTHORS email addresses.
From Jan Stary <hans at stare dot cz>.
ok jmc@

log all, not log-all; ok henning

default snaplen is 160 these days
From: giovanni <qgiovanni at gmail dot com>

put the tcpdump-specific stuff in a sane place (that is, not EXAMPLES);
ok sthen henning

nowadays, .Dx is callable, so we need to quote it;
ok jmc@ millert@ henning@ kristaps@

Adjust pflog BPF descriptions, problem pointed out by jmc@

- sync actions with PF changes (pass/block/match not just pass/block,
and remove some binat/nat/rdr entries)

- list all reason codes in tcpdump(8)

ok henning jmc

tweak previous;

Get rid of pflogd.pid because the privsep child cannot delete the pidfile;
use pkill(1) in /etc/newsyslog.conf instead
together with otto and suggestions from tedu

log pcap stats upon SIGUSR1; ok canacar
From: Dave Harrison <dave@nullcube.com>

clear up pidfile(-p) option form

tweaked by jmc, ok henning

convert to new .Dd format;

- use .Bk/.Ek to avoid SYNOPSIS splitting
- put -p in the correct place
- sync the -p argument name and tweak its description
- add -p to usage()

Adds a pidfile argument to pflogd so that individual
instances can be rotated via newsyslog.
From Berk Demir < bdd at mindcast org >
ok henning@

state that if the log file is bad, it is first moved out of the way. if
that fails, then logging is suspended.

style

Default snaplen has been 116 for a while now.

- sort options
- sync usage()

allow pflogd to listen on alternate pflog interfaces
"Berk D. Demir" <bdd@mindcast.org> sent a diff in private, and then it
evolved quite a bit... ok djm canacar berk

filtering on ruleset name is already implemented, document it.

sync the list of acceptable values for 'reason' with reality

"bad-timestamp" is a valid logging reason;
from joel knight;

- standard option order
- sync usage()
- new sentence, new line
- Dv (not Va) for signals
- other nits

ok canacar@

Try to preserve the integrity of the log file in case of errors/unexpected
shutdowns etc. Also check logfile integrity on startup and suspend
logging if an inconsistency is detected.
ok dhartmei@

- section reorder
- some mdoc fixes

mdoc fixes: macros are not allowed inside .Bd -literal blocks
ok deraadt@

to to
found by krause

mdoc-police: officer krause catched one again

and one more tweaking round by krause, thanks!

typos; added white boldface to examples

ok deraadt@

SEE ALSO reordering and corrections.

fix grammar in tcpdump example

examples of tcpdump filters on pf log fields

Remove the ifconfig line again, it's in pflog(4), which is now linked,
and in pflogd context (started from rc), the interface is up already.

Document ethernet layer expressions.

Up the pflog0 interface. alphabetize xrefs and add pflog(4)
ok dhartmei@

o) start new sentence on a new line;
o) wrap long lines;
o) fix bogus .Xr usage;
o) we don't like blank lines;
o) always close .Bl tags;
o) OpenBSD -> .Ox;
o) don't like .Pp before .Ss;

millert@ ok;

When you give command examples in a manual page prefix them with
$ command
or
# command
Depending on if is a regular user command, or root-only. Please?

document tcpdump on pflog0 to make Theo happy and prove nroff can't kill you
(but damn can it try)

loging -> logging

add EXAMPLES section; canacar@eee.metu.edu.tr, ok deraadt@

kill the -i option; it just causes all sorts of grief; canacar@eee.metu.edu.tr

doc improvements; canacar@eee.metu.edu.tr

corrections; wouter.clarie@pandora.be

clarify tcpdump use; frantzen

pflogd; work by canacar@eee.metu.edu.tr and myself

pflogd(8): don't try to rename(2) broken/invalid pflog files, instead,
suspend logging until the log file has been moved out of the way, and
we have received either SIGHUP or SIGALRM.

ok florian@ deraadt@

Fix escaping: .Nm Op Fl "Dx" turning into "pflogd [-DragonFly]"
is funny, but not useful, so say .Nm Op Fl \&Dx as required.

Interface status printing (at exit and USR1) was broken for a while.
Remove it completely to simplify the code.
even better deraadt@

Use "In" to mark up include files, instead of wrongly wrapping with Aq.

Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.

ok schwarze@

obvious .Pa fixes; found with mandocdb(8)

Add missing .Mt macros for AUTHORS email addresses.
From Jan Stary <hans at stare dot cz>.
ok jmc@

log all, not log-all; ok henning

default snaplen is 160 these days
From: giovanni <qgiovanni at gmail dot com>

put the tcpdump-specific stuff in a sane place (that is, not EXAMPLES);
ok sthen henning

nowadays, .Dx is callable, so we need to quote it;
ok jmc@ millert@ henning@ kristaps@

Adjust pflog BPF descriptions, problem pointed out by jmc@

- sync actions with PF changes (pass/block/match not just pass/block,
and remove some binat/nat/rdr entries)

- list all reason codes in tcpdump(8)

ok henning jmc

tweak previous;

Get rid of pflogd.pid because the privsep child cannot delete the pidfile;
use pkill(1) in /etc/newsyslog.conf instead
together with otto and suggestions from tedu

log pcap stats upon SIGUSR1; ok canacar
From: Dave Harrison <dave@nullcube.com>

clear up pidfile(-p) option form

tweaked by jmc, ok henning

convert to new .Dd format;

- use .Bk/.Ek to avoid SYNOPSIS splitting
- put -p in the correct place
- sync the -p argument name and tweak its description
- add -p to usage()

Adds a pidfile argument to pflogd so that individual
instances can be rotated via newsyslog.
From Berk Demir < bdd at mindcast org >
ok henning@

state that if the log file is bad, it is first moved out of the way. if
that fails, then logging is suspended.

style

Default snaplen has been 116 for a while now.

- sort options
- sync usage()

allow pflogd to listen on alternate pflog interfaces
"Berk D. Demir" <bdd@mindcast.org> sent a diff in private, and then it
evolved quite a bit... ok djm canacar berk

filtering on ruleset name is already implemented, document it.

sync the list of acceptable values for 'reason' with reality

"bad-timestamp" is a valid logging reason;
from joel knight;

- standard option order
- sync usage()
- new sentence, new line
- Dv (not Va) for signals
- other nits

ok canacar@

Try to preserve the integrity of the log file in case of errors/unexpected
shutdowns etc. Also check logfile integrity on startup and suspend
logging if an inconsistency is detected.
ok dhartmei@

- section reorder
- some mdoc fixes

mdoc fixes: macros are not allowed inside .Bd -literal blocks
ok deraadt@

to to
found by krause

mdoc-police: officer krause catched one again

and one more tweaking round by krause, thanks!

typos; added white boldface to examples

ok deraadt@

SEE ALSO reordering and corrections.

fix grammar in tcpdump example

examples of tcpdump filters on pf log fields

Remove the ifconfig line again, it's in pflog(4), which is now linked,
and in pflogd context (started from rc), the interface is up already.

Document ethernet layer expressions.

Up the pflog0 interface. alphabetize xrefs and add pflog(4)
ok dhartmei@

o) start new sentence on a new line;
o) wrap long lines;
o) fix bogus .Xr usage;
o) we don't like blank lines;
o) always close .Bl tags;
o) OpenBSD -> .Ox;
o) don't like .Pp before .Ss;

millert@ ok;

When you give command examples in a manual page prefix them with
$ command
or
# command
Depending on if is a regular user command, or root-only. Please?

document tcpdump on pflog0 to make Theo happy and prove nroff can't kill you
(but damn can it try)

loging -> logging

add EXAMPLES section; canacar@eee.metu.edu.tr, ok deraadt@

kill the -i option; it just causes all sorts of grief; canacar@eee.metu.edu.tr

doc improvements; canacar@eee.metu.edu.tr

corrections; wouter.clarie@pandora.be

clarify tcpdump use; frantzen

pflogd; work by canacar@eee.metu.edu.tr and myself

Fix escaping: .Nm Op Fl "Dx" turning into "pflogd [-DragonFly]"
is funny, but not useful, so say .Nm Op Fl \&Dx as required.

Interface status printing (at exit and USR1) was broken for a while.
Remove it completely to simplify the code.
even better deraadt@

Use "In" to mark up include files, instead of wrongly wrapping with Aq.

Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.

ok schwarze@

obvious .Pa fixes; found with mandocdb(8)

Add missing .Mt macros for AUTHORS email addresses.
From Jan Stary <hans at stare dot cz>.
ok jmc@

log all, not log-all; ok henning

default snaplen is 160 these days
From: giovanni <qgiovanni at gmail dot com>

put the tcpdump-specific stuff in a sane place (that is, not EXAMPLES);
ok sthen henning

nowadays, .Dx is callable, so we need to quote it;
ok jmc@ millert@ henning@ kristaps@

Adjust pflog BPF descriptions, problem pointed out by jmc@

- sync actions with PF changes (pass/block/match not just pass/block,
and remove some binat/nat/rdr entries)

- list all reason codes in tcpdump(8)

ok henning jmc

tweak previous;

Get rid of pflogd.pid because the privsep child cannot delete the pidfile;
use pkill(1) in /etc/newsyslog.conf instead
together with otto and suggestions from tedu

log pcap stats upon SIGUSR1; ok canacar
From: Dave Harrison <dave@nullcube.com>

clear up pidfile(-p) option form

tweaked by jmc, ok henning

convert to new .Dd format;

- use .Bk/.Ek to avoid SYNOPSIS splitting
- put -p in the correct place
- sync the -p argument name and tweak its description
- add -p to usage()

Adds a pidfile argument to pflogd so that individual
instances can be rotated via newsyslog.
From Berk Demir < bdd at mindcast org >
ok henning@

state that if the log file is bad, it is first moved out of the way. if
that fails, then logging is suspended.

style

Default snaplen has been 116 for a while now.

- sort options
- sync usage()

allow pflogd to listen on alternate pflog interfaces
"Berk D. Demir" <bdd@mindcast.org> sent a diff in private, and then it
evolved quite a bit... ok djm canacar berk

filtering on ruleset name is already implemented, document it.

sync the list of acceptable values for 'reason' with reality

"bad-timestamp" is a valid logging reason;
from joel knight;

- standard option order
- sync usage()
- new sentence, new line
- Dv (not Va) for signals
- other nits

ok canacar@

Try to preserve the integrity of the log file in case of errors/unexpected
shutdowns etc. Also check logfile integrity on startup and suspend
logging if an inconsistency is detected.
ok dhartmei@

- section reorder
- some mdoc fixes

mdoc fixes: macros are not allowed inside .Bd -literal blocks
ok deraadt@

to to
found by krause

mdoc-police: officer krause catched one again

and one more tweaking round by krause, thanks!

typos; added white boldface to examples

ok deraadt@

SEE ALSO reordering and corrections.

fix grammar in tcpdump example

examples of tcpdump filters on pf log fields

Remove the ifconfig line again, it's in pflog(4), which is now linked,
and in pflogd context (started from rc), the interface is up already.

Document ethernet layer expressions.

Up the pflog0 interface. alphabetize xrefs and add pflog(4)
ok dhartmei@

o) start new sentence on a new line;
o) wrap long lines;
o) fix bogus .Xr usage;
o) we don't like blank lines;
o) always close .Bl tags;
o) OpenBSD -> .Ox;
o) don't like .Pp before .Ss;

millert@ ok;

When you give command examples in a manual page prefix them with
$ command
or
# command
Depending on if is a regular user command, or root-only. Please?

document tcpdump on pflog0 to make Theo happy and prove nroff can't kill you
(but damn can it try)

loging -> logging

add EXAMPLES section; canacar@eee.metu.edu.tr, ok deraadt@

kill the -i option; it just causes all sorts of grief; canacar@eee.metu.edu.tr

doc improvements; canacar@eee.metu.edu.tr

corrections; wouter.clarie@pandora.be

clarify tcpdump use; frantzen

pflogd; work by canacar@eee.metu.edu.tr and myself