M Makefile => Makefile +2 -6
@@ 18,12 18,8 @@ man8_targets = \
s6-tcpclient.8 \
s6-tcpserver.8 \
s6-tcpserver-access.8 \
- s6-tcpserver4.8 \
- s6-tcpserver4-socketbinder.8 \
- s6-tcpserver4d.8 \
- s6-tcpserver6.8 \
- s6-tcpserver6-socketbinder.8 \
- s6-tcpserver6d.8 \
+ s6-tcpserver-socketbinder.8 \
+ s6-tcpserverd.8 \
s6-tlsc.8 \
s6-tlsc-io.8 \
s6-tlsclient.8 \
M man8/s6-tcpclient.8 => man8/s6-tcpclient.8 +4 -8
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd November 11, 2023
.Dt S6-TCPCLIENT 8
.Os
.Sh NAME
@@ 126,7 126,7 @@ By default, port selection is left to the operating system.
Use
.Ar localname
as the value of the
-.Ev TCPLOCALPATH
+.Ev TCPLOCALHOST
environment variable instead of looking it up via the DNS.
.It Fl T Ar timeoutconn
Configure the connection timeouts.
@@ 195,12 195,8 @@ Else unset.
.El
.Sh SEE ALSO
.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6-socketbinder 8 ,
-.Xr s6-tcpserver6d 8
+.Xr s6-tcpserver-socketbinder 8 ,
+.Xr s6-tcpserverd 8
.Pp
[1]
.Lk https://cr.yp.to/proto/ucspi.txt
M man8/s6-tcpserver-access.8 => man8/s6-tcpserver-access.8 +22 -37
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd November 11, 2023
.Dt S6-TCPSERVER-ACCESS 8
.Os
.Sh NAME
@@ 31,14 31,9 @@ It additionally performs some fine-tuning on a TCP socket.
.Nm
checks it is run under a UCSPI server tool
such as
-.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver4 8
-or
-.Xr s6-tcpserver6 8 ,
-or their stripped-down versions
-.Xr s6-tcpserver4d 8
-or
-.Xr s6-tcpserver6d 8 .
+.Xr s6-tcpserver 8
+or its stripped-down version
+.Xr s6-tcpserverd 8 .
.Pp
It checks that the remote end of the connection fits the accepted
criteria defined by the database contained in
@@ 57,21 52,13 @@ instructions to override
.Ar prog... .
.Pp
.Nm
-works with
-.Xr s6-tcpserver4d 8 ,
-handling IPv4 addresses, as well as
-.Xr s6-tcpserver6d 8 ,
-handling IPv6 addresses.
-It will automatically detect the remote address type and match it
-against the correct subdatabase.
-.Pp
-.Nm
may perform several DNS queries.
For efficiency purposes, it does as many of them as possible in
parallel.
However, if asked to do an IDENT query, it does not parallelize it
with DNS queries.
-Take that into account when estimating a proper <em>timeout</em>
+Take that into account when estimating a proper
+.Ar timeout
value.
.Ss Access rule checking
.Nm
@@ 253,7 240,7 @@ environment variables.
Enable DNS lookups.
This is the default.
.It Fl R
-DDisable IDENT lookups for the
+Disable IDENT lookups for the
.Ev ${PROTO}REMOTEINFO
environment variable.
This is the default.
@@ 305,9 292,7 @@ and
.Fl x
are mutually exclusive.
If none of those options is given, no credential checking will be
-performed, and a warning will be emitted on every connection if
-.Ar verbosity
-is 2 or more.
+performed.
.El
.Sh ENVIRONMENT
.Nm
@@ 315,10 300,13 @@ expects to inherit some environment variables from
its parent:
.Bl -tag -width x
.It Ev PROTO
-Normally TCP, but could be anything else, like SSL.
+Normally TCP, but could be anything else.
+.It Ev ${PROTO}LOCALIP
+The local address of the socket.
+.It Ev ${PROTO}LOCALPORT
+The local port of the socket.
.It Ev ${PROTO}REMOTEIP
The remote address of the socket, i.e. the client's IP address.
-This can be IPv4 or (if the underlying skalibs supports it) IPv6.
.It Ev ${PROTO}REMOTEPORT
The remote port of the socket.
.El
@@ 326,14 314,8 @@ The remote port of the socket.
Additionally, it exports the following variables before executing into
.Ar prog... :
.Bl -tag -width x
-.It Ev ${PROTO}LOCALIP
-Set to the local address of the socket.
-.It Ev ${PROTO}LOCALPORT
-Set to the local port of the socket.
-.It Ev ${PROTO}REMOTEINFO
-Normally unset, but set to the information retrieved from
-.Ev ${PROTO}REMOTEIP
-via the IDENT protocol if the
+.It Ev ${PROTO}REMOTEIP
+Via the IDENT protocol if the
.Fl r
option has been given.
.It Ev ${PROTO}REMOTEHOST
@@ 348,6 330,12 @@ If the
option has been given, set to
.Ar localname
instead.
+.It Ev ${PROTO}REMOTEINFO
+Normally unset, but set to the information retrieved from
+.Ev ${PROTO}REMOTEIP
+via the IDENT protocol if the
+.Fl r
+option has been given.
.El
.Pp
Also, the access rules database can instruct
@@ 359,10 347,7 @@ client address.
.Xr s6-accessrules-cdb-from-fs 8 ,
.Xr s6-envdir 8 ,
.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6d 8
+.Xr s6-tcpserverd 8
.Pp
[1]
.Lk https://en.wikipedia.org/wiki/Cdb_(software)
R man8/s6-tcpserver4-socketbinder.8 => man8/s6-tcpserver-socketbinder.8 +40 -30
@@ 1,9 1,9 @@
-.Dd September 29, 2021
-.Dt S6-TCPSERVER4-SOCKETBINDER 8
+.Dd November 11, 2023
+.Dt S6-TCPSERVER-SOCKETBINDER 8
.Os
.Sh NAME
-.Nm s6-tcpserver4-socketbinder
-.Nd bind an INET domain socket to an IPv4 address and port, then execute a program
+.Nm s6-tcpserver-socketbinder
+.Nd bind an INET domain socket to an IPv4 or IPv6 address and port, then execute a program
.Sh SYNOPSIS
.Nm
.Op Fl d | Fl D
@@ 15,49 15,63 @@
.Ar prog...
.Sh DESCRIPTION
.Nm
-creates a TCP socket and binds it to IPv4 address
+creates a TCP socket and binds it to IP address
.Ar ip ,
port
.Ar port .
+.Pp
It prepares the socket to accept connections by calling
.Xr listen 2 .
.Pp
It then
-.Xr exec 3
-s into
+.Xr exec 3 Ns
+into
.Ar prog...
with the open socket as its standard input.
.Pp
The socket is provided
-.Sy non-blocking by default .
+.Em non-blocking by default .
.Pp
.Nm
-is part of a set of basic blocks used to build a flexible TCP/IPv4
+is part of a set of basic blocks used to build a flexible TCP/IP
super-server.
It normally should be given a command line crafted to make it execute
into
-.Xr s6-tcpserver4d 8
+.Xr s6-tcpserverd 8
to accept connections from clients, or into a program such as
.Xr s6-applyuidgid 8
to drop privileges before doing so.
.Pp
The
-.Xr s6-tcpserver4 8
+.Xr s6-tcpserver 8
program does exactly this.
-It implements a full TCP/IPv4 super-server by building a command line
+It implements a full TCP/IP super-server by building a command line
starting with
.Nm
and ending with
-.Xr s6-tcpserver4d 8
+.Xr s6-tcpserverd 8
followed by the application program, and executing into it.
+.Pp
+For
+.Nm ,
+.Ql ::
+means
+.Dq all IPv6 addresses ,
+and
+.Ql 0.0.0.0
+means
+.Dq all IPv4 addresses .
+It does not provide a way to bind a socket to all addresses regardless
+of protocol; instead, you should use two sockets, one for IPv4 and one
+for IPv6.
.Sh OPTIONS
.Bl -tag -width x
.It Fl d
Allow instant rebinding to the same IP and port even if it has been
-used not long ago - this is the
+used not long ago \(em this is the
.Dv SO_REUSEADDR
flag to
-.Xr setsockopt 2
+.Xr setsockopt 2
and is generally used with server programs.
This is the default.
.It Fl D
@@ 65,15 79,13 @@ Disallow instant rebinding to the same path.
.It Fl b Ar backlog
Set a maximum of
.Ar backlog
-backlog connections on the socket - extra connection attempts will
+backlog connections on the socket \(em extra connection attempts will
rejected by the kernel.
-The default is
-.Dv SOMAXCONN ,
-i.e. the maximum number allowed by the system.
+The default is the maximum number allowed by the system.
If
.Ar backlog
is 0, then the socket will be created, but it
-.Sy will not be listening .
+.Em will not be listening .
.It Fl M
Create a TCP socket.
This is the default.
@@ 81,28 93,26 @@ This is the default.
Create a UDP socket.
Note that by default UDP sockets are not connection-mode, and
.Xr listen 2
-will fail - so you should always give the
-.Ql -b0
+will fail \(em so you should always give the
+.Ql b0
option to
.Nm
along with
-.Ql -m .
+.Fl m .
.It Fl B
Create a blocking socket.
Default is non-blocking.
.El
.Sh SEE ALSO
+.Xr listen 2 ,
+.Xr setsockopt 2 ,
+.Xr exec 3 ,
.Xr s6-applyuidgid 8 ,
-.Xr s6-tcpclient 8 ,
.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6-socketbinder 8 ,
-.Xr s6-tcpserver6d 8
+.Xr s6-tcpserverd 8
.Pp
This man page is ported from the authoritative documentation at:
-.Lk https://skarnet.org/software/s6-networking/s6-tcpserver4-socketbinder.html
+.Lk https://skarnet.org/software/s6-networking/s6-tcpserver-socketbinder.html
.Sh AUTHORS
.An Laurent Bercot
.An Alexis Ao Mt flexibeast@gmail.com Ac (man page port)
M man8/s6-tcpserver.8 => man8/s6-tcpserver.8 +171 -77
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd November 11, 2023
.Dt S6-TCPSERVER 8
.Os
.Sh NAME
@@ 7,7 7,6 @@
.Sh SYNOPSIS
.Nm
.Op Fl q | Fl Q | Fl v
-.Op Fl 4 | Fl 6
.Op Fl 1
.Op Fl c Ar maxconn
.Op Fl C Ar localmaxconn
@@ 21,105 20,200 @@
.Ar prog...
.Sh DESCRIPTION
.Nm
-accepts connections from clients, and forks a program to handle each
+accepts connections from clients, and spawns a program to handle each
connection.
.Pp
.Nm
-executes into
-.Xr s6-tcpserver4 8
-or into
-.Xr s6-tcpserver6 8
-depending on whether
+binds to local IP address
.Ar ip
-is an IPv4 or IPv6 address.
-It modifies some of its option syntax to match
-.Xr s6-tcpserver4 8
-and
-.Xr s6-tcpserver6 8 Ap
-s.
+.Po
+which can be IPv4 or IPv6
+.Pc ,
+port
+.Ar port .
+.Pp
+It closes its stdin and stdout.
+.Pp
+For every TCP connection to this address and port, it spawns a
+.Ar prog...
+child with stdin reading from the network socket and stdout writing to
+it.
.Pp
-.Xr s6-tcpserver4 8
-or
-.Xr s6-tcpserver6 8
-handles the connection itself.
+Depending on the verbosity level, it logs what it does to stderr.
.Pp
+It runs until killed by a signal.
+Depending on the received signal, it may kill its children before
+exiting.
+.Pp
+Unlike its ancestor tcpserver[2],
.Nm
-will not bind to every available IP address of the machine whether
-they are v4 or v6; on the other hand, it can bind to every available
-IPv4 address (if
-.Ar ip
-is
-.Ql 0.0.0.0 )
-or to every available IPv6 address (if
-.Ar ip
-is
-.Ql :: .
-Two instances of
+performs just the bare minimum: the point is to have a very small and
+very fast process to serve connections with the least possible
+overhead.
+Features such as access control and DNS resolution are provided via
+the
+.Xr s6-tcpserver-access 8
++program.
+.Pp
.Nm
-can cover every available address.
+is actually a wrapper that rewrites itself into a command line
+running:
+.Bl -bullet -width x
+.It
+.Xr s6-tcpserver-socketbinder 8 ,
+that binds the socket and listens to it.
+.It
+.Xr s6-applyuidgid 8 ,
+that drops privileges.
+.It
+.Xr s6-tcpserverd 8 ,
+the long-lived process that actually accepts the connections.
+So if you see in your
+.Xr ps 1
+output that the name of the process is
+.Ql s6-tcpserverd ,
+that's why.
+.El
+.Pp
+.Nm
+treats IPv4 and IPv6 separately.
+If you want to listen on
+.Em all
+the addresses of a machine no matter whether v4 or v6, then you need
+to run
+.Em two
+.Nm
+processes: one on
+.Ql 0.0.0.0
+and one on
+.Ql :: .
+.Ss Signals
+.Bl -tag -width x
+.It Dv SIGTERM
+Exit.
+.It Dv SIGHUP
+Send a
+.Dv SIGTERM
+and a
+.Dv SIGCONT
+to all children.
+.It Dv SIGQUIT
+Send a
+.Dv SIGTERM
+and a
+.Dv SIGCONT
+to all children, then exit.
+.It Dv SIGABRT
+Send a SIGKILL to all children, then exit.
+.El
.Sh OPTIONS
.Bl -tag -width x
.It Fl q
Be quiet.
-This is converted into
-.Fl v Ns 0
-for
-.Xr s6-tcpserver4 8
-or
-.Xr s6-tcpserver6 8 .
+Only print fatal error messages to stderr.
.It Fl Q
Be normally quiet.
-This is converted into
-.Fl v Ns 1
-for
-.Xr s6-tcpserver4 8
-or
-.Xr s6-tcpserver6 8 .
+Print warnings and fatal error messages to stderr.
This is the default.
.It Fl v
Be verbose.
-This is converted into
-.Fl v Ns 2
-for
-.Xr s6-tcpserver4 8
-or
-.Xr s6-tcpserver6 8 .
-.It Fl 4
-IPv4 only.
-Interpret
-.Ar ip
-as IPv4; if it is invalid, exit 100.
-.It Fl 6
-IPv6 only.
-Interpret
-.Ar ip
-as IPv6; if it is invalid, exit 100.
-If neither the
-.Fl 4
-nor the
-.Fl 6
-option is given,
-.Nm
-will parse
-.Ar ip
-to determine its family.
+Additionally to fatal errors and warnings, also print status and
+connection information for every client.
+.It Fl 1
+Write
+.Ar port
+to stdout, before closing it, right after binding and listening to the
+network socket.
+If stdout is suitably redirected, this can be used by monitoring
+programs to check when the server is ready to accept connections.
+.It Fl c Ar maxconn
+Accept at most
+.Ar maxconn
+concurrent connections.
+Default is 40.
+It is impossible to set it higher than 1000.
+.It Fl C Ar localmaxconn
+Accept at most
+.Ar localmaxconn
+connections from the same IP address.
+Default is 40.
+It is impossible to set it higher than
+.Ar maxconn .
+.It Fl b Ar backlog
+Set a maximum of
+.Ar backlog
+backlog connections on the socket.
+Extra connection attempts will rejected by the kernel.
+.It Fl G Ar gidlist
+Change
+.Nm Ap
+s supplementary group list to
+.Ar gidlist
+after binding the socket.
+This is only valid when run as root.
+.Ar gidlist must be a comma-separated list of numerical group IDs.
+.It Fl g Ar gid
+Change
+.Nm s
+group id to
+.Ar gid
+after binding the socket.
+This is only valid when run as root.
+.It Fl u Ar uid
+Change
+.Nm Ap
+s user id to
+.Ar uid
+after binding the socket.
+This is only valid when run as root.
+.It Fl U
+Change
+.Nm Ap
+s user id, group id and supplementary group list according to the values of the
+.Ev UID ,
+.Ev GID
+and
+.Ev GIDLIST
+environment variables after binding the socket.
+This is only valid when run as root.
+This can be used with the
+.Xr s6-envuidgid 8
+program to easily script a service that binds to a privileged socket
+then drops its privileges to those of a named non-root account.
+.El
+.Sh ENVIRONMENT
+For each connection, an instance of
+.Ar prog...
+is spawned with the following variables set:
+.Bl -tag -width x
+.It Ev PROTO
+Always set to TCP.
+.It Ev TCPLOCALIP
+Set to the server's address.
+.It Ev TCPLOCALPORT
+Set to the server's port.
+.It Ev TCPREMOTEIP
+Set to the client's address.
+.It Ev TCPREMOTEPORT
+Set to the client's port.
+.It Ev TCPCONNNUM
+Set to the number of connections originating from the same IP address.
.El
-.Pp
-Every other option is passed verbatim to
-.Xr s6-tcpserver4 8 or
-.Xr s6-tcpserver6 8 .
.Sh SEE ALSO
+.Xr ps 1 ,
+.Xr s6-applyuidgid 8 ,
+.Xr s6-envuidgid 8 ,
.Xr s6-tcpclient 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6-socketbinder 8 ,
-.Xr s6-tcpserver6d 8
+.Xr s6-tcpserver-access 8 ,
+.Xr s6-tcpserver-socketbinder 8 ,
+.Xr s6-tcpserverd 8
.Pp
[1]
.Lk https://cr.yp.to/proto/ucspi.txt
.Pp
+[2]
+.Lk https://cr.yp.to/ucspi-tcp/tcpserver.html
+.Pp
This man page is ported from the authoritative documentation at:
.Lk https://skarnet.org/software/s6-networking/s6-tcpserver.html
.Sh AUTHORS
D man8/s6-tcpserver4.8 => man8/s6-tcpserver4.8 +0 -201
@@ 1,201 0,0 @@
-.Dd September 29, 2021
-.Dt S6-TCPSERVER4 8
-.Os
-.Sh NAME
-.Nm s6-tcpserver4
-.Nd super-server for IPv4 TCP connections
-.Sh SYNOPSIS
-.Nm
-.Op Fl 1
-.Op Fl v Ar verbosity
-.Op Fl c Ar maxconn
-.Op Fl C Ar localmaxconn
-.Op Fl b Ar backlog
-.Op Fl G Ar gidlist
-.Op Fl g Ar gid
-.Op Fl u Ar uid
-.Op Fl U
-.Ar ip
-.Ar port
-.Ar prog...
-.Sh DESCRIPTION
-.Nm
-accepts connections from clients, and forks a program to handle each connection.
-.Pp
-.Nm
-binds to local IPv4 address
-.Ar ip ,
-port
-.Ar port .
-.Pp
-It closes its stdin and stdout.
-.Pp
-For every TCP connection to this address and port, it forks.
-The child sets some environment variables, then executes
-.Ar prog...
-with stdin reading from the network socket and stdout writing to it.
-.Pp
-Depending on the verbosity level, it logs what it does to stderr.
-.Pp
-It runs until killed by a signal.
-Depending on the received signal, it may kill its children before
-exiting.
-.Pp
-.Nm
-actually doesn't do any of this itself.
-It is a wrapper, rewriting the command line and executing into a chain
-of programs that perform those duties.
-.Pp
-Unlike its ancestor tcpserver[1],
-.Nm
-performs just the bare minimum: the point is to have a very small and
-very fast process to serve connections with the least possible
-overhead.
-Features such as additional environment variables, access control and
-DNS resolution are provided via the
-.Xr s6-tcpserver-access 8
-program.
-.Pp
-In previous releases of s6-networking,
-.Nm
-was monolithic: it did the work of
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-applyuidgid 8
-and
-.Xr s6-tcpserver4d 8
-itself.
-The functionality has now been split into several different programs
-because some service startup schemes require the daemon to get its
-socket from an external program instead of creating and binding it
-itself.
-The most obvious application of this is upgrading a long-lived process
-without losing existing connections.
-.Ss Signals
-.Bl -tag -width x
-.It Dv SIGTERM
-Exit.
-.It Dv SIGHUP
-Send a
-.Dv SIGTERM
-and a
-.Dv SIGCONT
-to all children.
-.It SIGQUIT
-Send a
-.Dv SIGTERM
-and a
-.Dv SIGCONT
-to all children, then exit.
-.It SIGABRT
-Send a
-.Dv SIGKILL
-to all children, then exit.
-.El
-.Sh OPTIONS
-.Bl -tag -width x
-.It Fl 1
-write
-.Ar port
-to stdout, before closing it, right after binding and listening to the
-network socket.
-If stdout is suitably redirected, this can be used by monitoring
-programs to check when the server is ready to accept connections.
-.It Fl v Ar verbosity
-Be more or less verbose.
-By default,
-.Ar verbosity
-is 1: print warning messages to stderr.
-0 means only print fatal error messages; 2 means print status and
-connection information for every client.
-.It Fl c Ar maxconn
-Accept at most
-.Ar maxconn
-concurrent connections.
-Default is 40.
-It is impossible to set it higher than 1000.
-.It Fl C Ar localmaxconn
-Accept at most
-.Ar localmaxconn
-connections from the same IP address.
-Default is 40.
-It is impossible to set it higher than
-.Ar maxconn .
-.It Fl b Ar backlog
-Set a maximum of
-.Ar backlog
-backlog connections on the socket.
-Extra connection attempts will rejected by the kernel.
-.It Fl G Ar gidlist
-Change
-.Nm Ap
-s supplementary group list to
-.Ar gidlist
-after binding the socket.
-This is only valid when run as root.
-.Ar gidlist
-must be a comma-separated list of numerical group IDs.
-.It Fl g Ar gid
-Change
-.Nm Ap
-s group id to
-.Ar gid
-after binding the socket.
-This is only valid when run as root.
-.It Fl u Ar uid
-Change
-.Nm Ap
-s user id
-to
-.Ar uid
-after binding the socket.
-This is only valid when run as root.
-.It Fl U
-Change
-.Nm Ap
-s user id, group id and supplementary group list according to the
-values of the
-.Ev UID ,
-.Ev GID
-and
-.Ev GIDLIST
-environment variables after binding the socket.
-This is only valid when run as root.
-This can be used with the
-.Xr s6-envuidgid 8
-program to easily script a service that binds to a privileged socket
-then drops its privileges to those of a named non-root account.
-.El
-.Sh ENVIRONMENT
-For each connection, an instance of
-.Ar prog...
-is spawned with
-the following variables set:
-.Bl -tag -width x
-.It Ev PROTO
-Always set to TCP.
-.It Ev TCPREMOTEIP
-Set to the originating address.
-.It Ev TCPREMOTEPORT
-Set to the originating port.
-.It Ev TCPCONNNUM
-Set to the number of connections originating from the same IP address.
-.El
-.Sh SEE ALSO
-.Xr s6-applyuidgid 8 ,
-.Xr s6-envuidgid 8 ,
-.Xr s6-tcpclient 8 ,
-.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver-access 8 ,
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6-socketbinder 8 ,
-.Xr s6-tcpserver6d 8
-.Pp
-[1]
-.Lk https://cr.yp.to/ucspi-tcp/tcpserver.html
-This man page is ported from the authoritative documentation at:
-.Lk https://skarnet.org/software/s6-networking/s6-tcpserver4.html
-.Sh AUTHORS
-.An Laurent Bercot
-.An Alexis Ao Mt flexibeast@gmail.com Ac (man page port)
D man8/s6-tcpserver6-socketbinder.8 => man8/s6-tcpserver6-socketbinder.8 +0 -107
@@ 1,107 0,0 @@
-.Dd September 29, 2021
-.Dt S6-TCPSERVER6-SOCKETBINDER 8
-.Os
-.Sh NAME
-.Nm s6-tcpserver6-socketbinder
-.Nd bind an INET domain socket to an IPv6 address and port, then execute a program
-.Sh SYNOPSIS
-.Nm
-.Op Fl d | Fl D
-.Op Fl b Ar backlog
-.Op Fl M | Fl m
-.Op Fl B
-.Ar ip
-.Ar port
-.Ar prog...
-.Sh DESCRIPTION
-.Nm
-creates an TCP socket
-and binds it to IPv6 address
-.Ar ip ,
-port
-.Ar port .
-It prepares the socket to accept connections by calling
-.Xr listen 2 .
-.Pp
-It then execs into
-.Ar prog...
-with the open socket as its standard input.
-.Pp
-The socket is provided
-.Sy non-blocking by default .
-.Pp
-.Nm
-is part of a set of basic blocks used to build a flexible TCP/IPv6
-super-server.
-It normally should be given a command line crafted to make it execute
-into
-.Xr s6-tcpserver6d 8
-to accept connections from clients, or into a program such as
-.Xr s6-applyuidgid 8
-to drop privileges before doing so.
-.Pp
-The
-.Xr s6-tcpserver6 8
-program does exactly this.
-It implements a full TCP/IPv6 super-server by building a command line
-starting with
-.Nm
-and ending with
-.Xr s6-tcpserver6d 8
-followed by the application program, and executing into it.
-.Sh OPTIONS
-.Bl -tag -width x
-.It Fl d
-Allow instant rebinding to the same IP and port even if it has been
-used not long ago - this is the
-.Dv SO_REUSEADDR
-flag to
-.Xr setsockopt 2
-and is generally used with server programs.
-This is the default.
-.It Fl D
-Disallow instant rebinding to the same path.
-.It Fl b Ar backlog
-Set a maximum of
-.Ar backlog
-backlog connections on the socket - extra connection attempts will
-rejected by the kernel.
-The default is
-.Dv SOMAXCONN ,
-i.e. the maximum number allowed by the system.
-If
-.Ar backlog
-is 0, then the socket will be created, but it
-.Sy will not be listening .
-.It Fl M
-Create a TCP socket.
-This is the default.
-.It Fl m
-Create a UDP socket.
-Note that by default UDP sockets are not connection-mode, and
-.Xr listen 2
-will fail - so you should always give the
-.Ql -b0
-option to
-.Nm
-along with
-.Ql -m .
-.It Fl B
-Create a blocking socket.
-Default is non-blocking.
-.El
-.Sh SEE ALSO
-.Xr s6-applyuidgid 8 ,
-.Xr s6-tcpclient 8 ,
-.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6d 8
-.Pp
-This man page is ported from the authoritative documentation at:
-.Lk https://skarnet.org/software/s6-networking/s6-tcpserver6-socketbinder.html
-.Sh AUTHORS
-.An Laurent Bercot
-.An Alexis Ao Mt flexibeast@gmail.com Ac (man page port)
D man8/s6-tcpserver6.8 => man8/s6-tcpserver6.8 +0 -199
@@ 1,199 0,0 @@
-.Dd September 29, 2021
-.Dt S6-TCPSERVER6 8
-.Os
-.Sh NAME
-.Nm s6-tcpserver6
-.Nd super-server for IPv6 TCP connections
-.Sh SYNOPSIS
-.Nm
-.Op Fl 1
-.Op Fl v Ar verbosity
-.Op Fl c Ar maxconn
-.Op Fl C Ar localmaxconn
-.Op Fl b Ar backlog
-.Op Fl G Ar gidlist
-.Op Fl g Ar gid
-.Op Fl u Ar uid
-.Op Fl U
-.Ar ip
-.Ar port
-.Ar prog
-.Sh DESCRIPTION
-.Nm
-accepts connections from clients, and forks a program to handle each
-connection.
-.Pp
-.Nm
-binds to local IPv6 address
-.Ar ip ,
-port
-.Ar port .
-.Pp
-It closes its stdin and stdout.
-.Pp
-For every TCP connection to this address and port, it forks.
-The child sets some environment variables, then executes
-.Ar prog...
-with stdin reading from the network socket and stdout writing to it.
-.Pp
-Depending on the verbosity level, it logs what it does to stderr.
-.Pp
-It runs until killed by a signal.
-Depending on the received signal, it may kill its children before
-exiting.
-.Pp
-.Nm
-actually doesn't do any of this itself.
-It is a wrapper, rewriting the command line and executing into a chain
-of programs that perform those duties.
-.Pp
-.Nm
-will only serve real IPv6 addresses; it does not default to an IPv4
-address.
-The
-.Xr s6-tcpserver4 8
-program should be used to serve IPv4 addresses.
-.Pp
-.Nm
-will only work if the underlying skalibs[1] has been compiled with
-IPv6 support.
-.Pp
-In previous releases of s6-networking, s6-tcpserver6 was
-monolithic: it did the work of
-.Xr s6-tcpserver6-socketbinder 8 ,
-.Xr s6-applyuidgid 8
-and
-.Xr s6-tcpserver6d 8
-itself.
-The functionality has now been split into several different programs
-because some service startup schemes require the daemon to get its
-socket from an external program instead of creating and binding it
-itself.
-The most obvious application of this is upgrading a long-lived process
-without losing existing connections.
-.Ss Signals
-.Bl -tag -width x
-.It Dv SIGTERM
-Exit.
-.It Dv SIGHUP
-Send a
-.Dv SIGTERM
-and a
-.Dv SIGCONT
-to all children.
-.It Dv SIGQUIT
-Send a
-.Dv SIGTERM
-and a
-.Dv SIGCONT
-to all children, then exit.
-.It Dv SIGABRT
-Send a
-.Dv SIGKILL
-to all children, then exit.
-.El
-.Sh OPTIONS
-.Bl -tag -width x
-.It Fl 1
-Write
-.Ar port
-to stdout, before closing it, right after binding and listening to the
-network socket.
-If stdout is suitably redirected, this can be used by monitoring
-programs to check when the server is ready to accept connections.
-.It Fl v Ar verbosity
-Be more or less verbose.
-By default,
-.Ar verbosity
-is 1: print warning messages to stderr.
-0 means only print fatal error messages; 2 means print status and
-connection information for every client.
-.It Fl c Ar maxconn
-Accept at most
-.Ar maxconn
-concurrent connections.
-Default is 40.
-It is impossible to set it higher than 1000.
-.It Fl C Ar localmaxconn
-Accept at most
-.Ar localmaxconn
-connections from the same IP address.
-Default is 40.
-It is impossible to set it higher than
-.Ar maxconn .
-.It Fl b Ar backlog
-Set a maximum of
-.Ar backlog
-backlog connections on the socket.
-Extra connection attempts will rejected by the kernel.
-.It Fl G Ar gidlist
-Change
-.Nm Ap
-s supplementary group list to
-.Ar gidlist
-after binding the socket.
-This is only valid when run as root.
-.Ar gidlist
-must be a comma-separated list of numerical group IDs.
-.It Fl g Ar gid
-Change
-.Nm Ap
-s group id to
-.Ar gid
-after binding the socket.
-This is only valid when run as root.
-.It Fl u Ar uid
-Change
-.Nm Ap
-s user id to
-.Ar uid
-after binding the socket.
-This is only valid when run as root.
-.It Fl U
-Change
-.Nm Ap
-s user id, group id and supplementary group list according to the values of the
-.Ev UID ,
-.Ev GID
-and
-.Ev GIDLIST
-environment variables after binding the socket.
-This is only valid when run as root.
-This can be used with the
-.Xr s6-envuidgid 8
-program to easily script a service that binds to a privileged socket
-then drops its privileges to those of a named non-root account.
-.El
-.Sh ENVIRONMENT
-For each connection, an instance of <em>prog...</em> is spawned with
-the following variables set:
-.Bl -tag -width x
-.It Ev PROTO
-Always set to TCP.
-.It Ev TCPREMOTEIP
-Set to the originating address, in canonical IPv6 form.
-.It Ev TCPREMOTEPORT
-Set to the originating port.
-.It Ev TCPCONNNUM
-Set to the number of connections originating from the same IPv6
-address.
-.El
-.Sh SEE ALSO
-.Xr s6-applyuidgid 8 ,
-.Xr s6-envuidgid 8 ,
-.Xr s6-tcpclient 8 ,
-.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6-socketbinder 8 ,
-.Xr s6-tcpserver6d 8
-.Pp
-[1]
-.Lk https://skarnet.org/software/skalibs/
-.Pp
-This man page is ported from the authoritative documentation at:
-.Lk https://skarnet.org/software/s6-networking/s6-tcpserver6.html
-.Sh AUTHORS
-.An Laurent Bercot
-.An Alexis Ao Mt flexibeast@gmail.com Ac (man page port)
D man8/s6-tcpserver6d.8 => man8/s6-tcpserver6d.8 +0 -143
@@ 1,143 0,0 @@
-.Dd September 29, 2021
-.Dt S6-TCPSERVER6D 8
-.Os
-.Sh NAME
-.Nm s6-tcpserver6d
-.Nd the serving part of the
-.Xr s6-tcpserver6 8
-super-server
-.Sh SYNOPSIS
-.Nm
-.Op Fl 1
-.Op Fl v Ar verbosity
-.Op Fl c Ar maxconn
-.Op Fl C Ar localmaxconn
-.Ar prog...
-.Sh DESCRIPTION
-.Nm
-assumes that its stdin is a bound and listening TCP/IPv6 socket, and
-it accepts connections from clients connecting to it, forking a
-program to handle each connection.
-.Pp
-.Nm
-accepts connections from clients to an already bound and listening TCP
-socket which is its standard input.
-.Pp
-For every TCP connection to this socket, it forks.
-The child sets some environment variables, then
-executes
-.Ar prog...
-with stdin reading from the network socket and stdout writing to it.
-.Pp
-Depending on the verbosity level, it logs what it does to stderr.
-.Pp
-It runs until killed by a signal.
-Depending on the received signal, it may kill its children before
-exiting.
-.Pp
-Unlike its ancestor tcpserver[1],
-.Nm
-performs just the bare minimum: the point is to have a very small and
-very fast process to serve connections with the least possible
-overhead.
-Features such as additional environment variables, access control and
-DNS resolution are provided via the
-.Xr s6-tcpserver-access 8
-program.
-.Pp
-.Nm
-is meant to be
-.Xr execve 2 Ap
-d into by a program that gets the listening socket.
-That program is normally
-.Xr s6-tcpserver6-socketbinder 8 ,
-which creates the socket itself; but it can be a different one if the
-socket is to be retrieved by another means, for instance by fd-passing
-from a fd-holding daemon (some people call this
-.Dq socket activation Ns
-).
-.Ss Signals
-.Bl -tag -width x
-.It Dv SIGTERM
-Exit.
-.It Dv SIGHUP
-Send a
-.Dv SIGTERM
-and a
-.Dv SIGCONT
-to all children.
-.It Dv SIGQUIT
-Send a
-.Dv SIGTERM
-and a
-.Dv SIGCONT
-to all children, then exit.
-.It Dv SIGABRT
-Send a
-.Dv SIGKILL
-to all children, then exit.
-.El
-.Sh OPTIONS
-.Bl -tag -width x
-.It Fl 1
-Write a newline to stdout, and close stdout, right before entering the
-client-accepting loop.
-If stdout is suitably redirected, this can be used by monitoring
-programs to check when the server is accepting connections, for
-instance s6's
-.Xr s6-notifywhenup 7
-readiness notification mechanism.
-.It Fl v Ar verbosity
-Be more or less verbose.
-By default,
-.Ar verbosity
-is 1: print warning messages to stderr.
-0 means only print fatal error messages; 2 means print status and
-connection information for every client.
-.It Fl c Ar maxconn
-Accept at most
-.Ar maxconn
-concurrent connections.
-Default is 40.
-It is impossible to set it higher than 1000.
-.It Fl C Ar localmaxconn
-Accept at most
-.Ar localmaxconn
-connections from the same IP address.
-Default is 40.
-It is impossible to set it higher than
-.Ar maxconn .
-.El
-.Sh ENVIRONMENT
-For each connection, an instance of
-.Ar prog...
-is spawned with the following variables set:
-.Bl -tag -width x
-.It Ev PROTO
-Always set to TCP.
-.It Ev TCPREMOTEIP
-Set to the originating address.
-.It Ev TCPREMOTEPORT
-Set to the originating port.
-.It Ev TCPCONNNUM
-Set to the number of connections originating from the same IP address.
-.El
-.Sh SEE ALSO
-.Xr s6-notifywhenup 7 ,
-.Xr s6-tcpclient 8 ,
-.Xr s6-tcpserver 8 ,
-.Xr s6-tcpserver-access 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6-socketbinder 8
-.Pp
-[1]
-.Lk https://cr.yp.to/ucspi-tcp/tcpserver.html
-.Pp
-This man page is ported from the authoritative documentation at:
-.Lk https://skarnet.org/software/s6-networking/s6-tcpserver6d.html
-.Sh AUTHORS
-.An Laurent Bercot
-.An Alexis Ao Mt flexibeast@gmail.com Ac (man page port)
R man8/s6-tcpserver4d.8 => man8/s6-tcpserverd.8 +40 -34
@@ 1,32 1,36 @@
-.Dd September 29, 2021
-.Dt S6-TCPSERVER4D 8
+.Dd November 11, 2023
+.Dt S6-TCPSERVERD 8
.Os
.Sh NAME
-.Nm s6-tcpserver4d
+.Nm s6-tcpserverd
.Nd the serving part of the
-.Xr s6-tcpserver4 8
+.Xr s6-tcpserver 8
super-server
.Sh SYNOPSIS
.Nm
+s6-tcpserverd
.Op Fl 1
.Op Fl v Ar verbosity
.Op Fl c Ar maxconn
-.Op Fl C Ar localmaxconn
+.Ar Fl C Ar localmaxconn
.Ar prog...
.Sh DESCRIPTION
.Nm
-assumes that its stdin is a bound and listening TCP/IPv4 socket, and
-it accepts connections from clients connecting to it, forking a
+is the serving part of the
+.Xr s6-tcpserver 8
+super-server.
+It assumes that its stdin is a bound and listening TCP/IP socket, and
+it accepts connections from clients connecting to it, spawning a
program to handle each connection.
.Pp
.Nm
accepts connections from clients to an already bound and listening TCP
socket which is its standard input.
.Pp
-For every TCP connection to this socket, it forks.
-The child sets some environment variables, then executes
+For every TCP connection to this socket, it spawns a
.Ar prog...
-with stdin reading from the network socket and stdout writing to it.
+child with stdin reading from the network socket and stdout writing to
+it.
.Pp
Depending on the verbosity level, it logs what it does to stderr.
.Pp
@@ 36,11 40,10 @@ exiting.
.Pp
Unlike its ancestor tcpserver[1],
.Nm
-performs just the bare minimum: the point is to have a very small and
-very fast process to serve connections with the least possible
-overhead.
-Features such as additional environment variables, access control and
-DNS resolution are provided via the
+performs just the bare minimum: the point is to have a small and very
+fast process to serve connections with the least possible overhead.
+Features such as access control and DNS resolution are provided via
+the
.Xr s6-tcpserver-access 8
program.
.Pp
@@ 49,12 52,14 @@ is meant to be
.Xr execve 2 Ap
d into by a program that gets the listening socket.
That program is normally
-.Xr s6-tcpserver4-socketbinder 8 ,
+.Xr s6-tcpserver-socketbinder 8 ,
which creates the socket itself; but it can be a different one if the
socket is to be retrieved by another means, for instance by fd-passing
-from a fd-holding daemon (some people call this
-.Dq socket activation Ns
-).
+from a fd-holding daemon
+.Po
+some people call this
+.Dq socket activation
+.Pc .
.Ss Signals
.Bl -tag -width x
.It Dv SIGTERM
@@ 79,8 84,8 @@ to all children, then exit.
.Sh OPTIONS
.Bl -tag -width x
.It Fl 1
-Write a newline to stdout, and close stdout, right before entering the
-client-accepting loop.
+Write the local port, followed by newline, to stdout, and close
+stdout, right before entering the client-accepting loop.
If stdout is suitably redirected, this can be used by monitoring
programs to check when the server is accepting connections.
This can be used with s6's
@@ 96,10 101,9 @@ is 1: print warning messages to stderr.
connection information for every client.
.It Fl c Ar maxconn
Accept at most
-.Ar maxconn
-concurrent connections.
+.Ar maxconn concurrent connections.
Default is 40.
-It is impossible to set it higher than 1000.
+It is impossible to set it higher than 16384.
.It Fl C Ar localmaxconn
Accept at most
.Ar localmaxconn
@@ 109,34 113,36 @@ It is impossible to set it higher than
.Ar maxconn .
.El
.Sh ENVIRONMENT
-For each connection, an instance of <em>prog...</em> is spawned with
-the following variables set:
+For each connection, an instance of
+.Ar prog...
+is spawned with the following variables set:
.Bl -tag -width x
.It Ev PROTO
Always set to TCP.
+.It Ev TCPLOCALIP
+Set to the server socket's address.
+.It Ev TCPLOCALPORT
+Set to the server socket's port.
.It Ev TCPREMOTEIP
-Set to the originating address.
+Set to the client socket's address.
.It Ev TCPREMOTEPORT
-Set to the originating port.
+Set to the client socket's port.
.It Ev TCPCONNNUM
Set to the number of connections originating from the same IP address.
.El
.Sh SEE ALSO
+.Xr execve 2 ,
.Xr s6-notifywhenup 7 ,
.Xr s6-tcpclient 8 ,
.Xr s6-tcpserver 8 ,
.Xr s6-tcpserver-access 8 ,
-.Xr s6-tcpserver4 8 ,
-.Xr s6-tcpserver4-socketbinder 8 ,
-.Xr s6-tcpserver6 8 ,
-.Xr s6-tcpserver6-socketbinder 8 ,
-.Xr s6-tcpserver6d 8
+.Xr s6-tcpserver-socketbinder 8
.Pp
[1]
.Lk https://cr.yp.to/ucspi-tcp/tcpserver.html
.Pp
This man page is ported from the authoritative documentation at:
-.Lk https://skarnet.org/software/s6-networking/s6-tcpserver4d.html
+.Lk https://skarnet.org/software/s6-networking/s6-tcpserverd.html
.Sh AUTHORS
.An Laurent Bercot
.An Alexis Ao Mt flexibeast@gmail.com Ac (man page port)
M man8/s6-tlsclient.8 => man8/s6-tlsclient.8 +36 -44
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd November 11, 2023
.Dt S6-TLSCLIENT 8
.Os
.Sh NAME
@@ 69,54 69,46 @@ option and do not provide a server name via
.Sy SNI will not be used, which may be a security risk .
.Sh OPTIONS
.Nm
-accepts a myriad of options, most of which are passed as is to the
+accepts a myriad of options, all of which are passed as is to the
correct executable.
Not giving any options will generally work: the defaults are sensible.
.Ss Options passed as-is to Xr s6-tcpclient 1
-.Bl -bullet -width x
-.It
-.Fl q ,
-.Fl Q ,
-.Fl v
-.It
-.Fl 4 ,
-.Fl 6
-.It
-.Fl d ,
-.Fl D
-.It
-.Fl r ,
-.fl R
-.It
-.Fl h ,
-.Fl H ,
-.Fl l Ar localname
-.It
-.Fl n ,
-.Fl N
-.It
-.Fl t Ar timeout
-.It
-.Fl i Ar localip ,
-.Fl p Ar localport
-.It
-.Fl T Ar timeoutconn
+.Bl -tag -width x
+.It Fl q , Fl Q , Fl v
+Be quiet, normally verbose, or verbose.
+.It Fl 4 , Fl 6
+Stick to IPv4 or IPv6 addresses.
+.It Fl d , Fl D
+Enable or disable Nagle's algorithm.
+.It Fl r , Fl R
+Enable or disable IDENT lookup.
+.It Fl h , Fl H
+Enable or disable DNS lookups.
+.It Fl l Ar localname
+Get the local name from the command line, not from a DNS lookup.
+.It Fl n , Fl N
+Qualify the host or not when resolving it.
+.It Fl t Ar timeout
+Global timeout on the connection attempt.
+.It Fl i Ar localip , Fl p Ar localport
+Force local socket parameters.
+.It Fl T Ar timeoutconn
+Configurable connection timeouts.
.El
.Ss Options passed as-is to Xr s6-tlsc 1
-.Bl -bullet -width x
-.It
-.Fl Z ,
-.Fl z
-.It
-.Fl S ,
-.Fl s
-.It
-.Fl Y ,
-.Fl y
-.It
-.Fl k Ar servername
-.It
-.Fl K Ar kimeout
+.Bl -tag -width x
+.It Fl Z , Fl z
+Keep or remove the
+.Xr s6-tlsc-io 8 Ns
+-specific variables from the application's environment.
+.It Fl S , Fl s
+Use close_notify or EOF to signal the end of a TLS connection.
+.It Fl Y , Fl y
+Don't send, or send, a client certificate.
+.It Fl k Ar servername
+Use SNI and provide a server name.
+.It Fl K Ar kimeout
+Set a timeout for the TLS handshake.
.El
.Sh ENVIRONMENT
.Ss Read
M man8/s6-tlsserver.8 => man8/s6-tlsserver.8 +58 -109
@@ 1,4 1,4 @@
-.Dd January 15, 2023
+.Dd November 11, 2023
.Dt S6-TLSSERVER 8
.Os
.Sh NAME
@@ 32,9 32,7 @@ Note that
also rewrites itself into a more complex command line
.Po
the final long-lived process being
-.Xr s6-tcpserver4d 8
-or
-.Xr s6-tcpserver6d 8
+.Xr s6-tcpserverd 8
.Pc ,
so your end command line may look a lot longer in
.Xr ps 1
@@ 75,119 73,73 @@ descriptors will not be a network socket - they will be pipes.
.Ss Signals
.Nm
reacts to the same signals as
-.Xr s6-tcpserver4d 8
-or
-.Xr s6-tcpserver6d 8 ,
-one of which is the long-lived process hanging around.
+.Xr s6-tcpserverd 8 ,
+which is the long-lived process hanging around.
.Sh OPTIONS
.Nm
-accepts a myriad of options, most of which are passed as is to the
+accepts a myriad of options, all of which are passed as is to the
correct executable.
Not giving any options will generally work, but unless you're running
a very public server (such as a Web server) or base your access
control on client certificates, you probably still want TCP access
rules.
-.Ss Options handled directly by s6-tlsserver
-.Bl -bullet -width x
-.It
-.Fl e
-indicates that
-.Xr s6-tcpserver-access 8
-should be invoked, even if no other option requires it, even in the
-absence of an access control ruleset.
-This ensures that
-.Ar prog...
-will always have access to environment variables such as
-.Ev TCPLOCALPORT .
-This option also ensures that the log does not get spammed with
-spurious
-.Dq no ruleset
-warnings if the
-.Fl v
-option has been
-given but no
-.Fl i
-or
-.Fl x
-option.
-.El
.Ss Options passed as-is to Xr s6-tcpserver 1
-.Bl -bullet -width x
-.It
-.Fl q ,
-.Fl Q ,
-.Fl v
-.It
-.Fl 4 ,
-.Fl 6
-.It
-.Fl 1
-.It
-.Fl c Ar maxconn
-.It
-.Fl C Ar localmaxconn
-.It
-.Fl b Ar backlog
+.Bl -tag -width x
+.It Fl q , Fl Q , Fl v
+.It Fl 1
+.It Fl c Ar maxconn
+.It Fl C Ar localmaxconn
+.It Fl b Ar backlog
.El
.Ss Options passed as-is to Xr s6-tcpserver-access 1
-.Bl -bullet -width x
-.It
-The verbosity level, if not default, as
-.Ql -v0
-or
-.Ql -v2
-.It
-.Fl w ,
-.Fl W
-.It
-.Fl d ,
-.Fl D
-.It
-.Fl r ,
-.Fl R
-.It
-.Fl p ,
-.Fl P
-.It
-.Fl h ,
-.Fl H ,
-.Fl l Ar localname
-.It
-.Fl B Ar banner
-.It
-.Fl t Ar timeout
-.It
-.Fl i Ar rulesdir ,
-.Fl x Ar rulesfile
+.Bl -tag -width x
+.It Fl v0 , Fl v2
+The verbosity level.
+.It Fl w , Fl W
+Be strict or tolerant with DNS or IDENT resolution errors.
+.It Fl d , Fl D
+Enable or disable Nagle's algorithm.
+.It Fl r , Fl R
+Enable or disable IDENT lookups.
+.It Fl p , Fl P
+Enable or disable paranoid DNS cross-checking.
+.It Fl h , Fl H
+Enable or disable DNS lookups.
+.It Fl l Ar localname
+Get the local name from the command line, not from DNS.
+.It Fl B Ar banner
+Initial server-side banner.
+.It Fl t Ar timeout
+Set a timeout for all the lookups.
+.It Fl i Ar rulesdir , Fl x Ar rulesfile
+TCP access control.
.El
.Ss Options passed as-is to Xr s6-tlsd 1
-.Bl -bullet -width x
-.It
-.Fl Z ,
-.Fl z
-.It
-.Fl S ,
-.Fl s
-.It
-.Fl Y ,
-.Fl y
-.It
-.Fl K Ar kimeout
-.It
-.Fl k Ar snilevel
+.Bl -tag -width x
+.It Fl Z , Fl z
+Keep or remove the
+.Xr s6-tlsd-io 8 Ns
+-specific variables from the application's environment.
+.It Fl S , Fl s
+Use close_notify or EOF to signal the end of a TLS connection.
+.It Fl Y , Fl y
+Request an optional or a mandatory client certificate.
+.It Fl K Ar kimeout
+Set a timeout for the TLS handshake.
+.It Fl k Ar snilevel
+Support SNI-based certificate chains.
.El
.Ss Options passed to s6-applyuidgid
-.Bl -bullet -width x
-.It
-.Fl u Ar uid ,
-.Fl g Ar gid ,
-.Fl G Ar gidlist
-.It
-.Fl U
-.Po
-passed as
-.Ql -Uz
-.Pc
+.Bl -tag -width x
+.It Fl u Ar uid , Fl g Ar gid , Fl G Ar gidlist
+Set uid, gid, or supplementary group list.
+.It Fl U Po passed as Fl Uz Pc
+Get the uid, gid and supplementary group list from the
+.Ev UID ,
+.Ev GID
+and
+.Ev GIDLIST
+variables, and remove these variables from the application's environment.
.El
.Sh ENVIRONMENT
.Ss Read
@@ 222,9 174,7 @@ is mandatory.
.Ar prog...
is run with the following variables added to,
or removed from, its environment by
-.Xr s6-tcpserver4d 8
-or
-.Xr s6-tcpserver6d 8 ,
+.Xr s6-tcpserverd 8
and possibly by
.Xr s6-tcpserver-access 8 :
.Bl -tag -width x
@@ 279,7 229,7 @@ s environment.
As root:
.Bd -literal -offset indent
env KEYFILE=/etc/ssl/private/mykey.der CERTFILE=/etc/ssl/public/mycert.pem \
-TLS_UID=65534 TLS_UID=65534 \
+TLS_UID=65534 TLS_GID=65534 \
s6-envuidgid www \
s6-tlsserver -U -- 1.2.3.4 443 httpd
.Ed
@@ 305,8 255,7 @@ that it keeps to itself.
.Xr s6-applyuidgid 8 ,
.Xr s6-tcpserver 8 ,
.Xr s6-tcpserver-access 8 ,
-.Xr s6-tcpserver4d 8 ,
-.Xr s6-tcpserver6d 8 ,
+.Xr s6-tcpserverd 8 ,
.Xr s6-tlsc 8 ,
.Xr s6-tlsc-io 8 ,
.Xr s6-tlsclient 8 ,