.\" $Id: netlint.man,v 1.10 2012/07/06 22:58:05 ksb Exp $
.\" by Kevin Braunsdorf
.\" $Compile: Display%h
.\" $Display: groff -Tascii -man %f | ${PAGER:-less}
.\" $Install: %b -mDeinstall %o %f && cp %f $DESTDIR/usr/local/man/man8/netlint.8
.\" $Deinstall: ${rm-rm} -f $DESTDIR/usr/local/man/[cm]a[nt][18]/netlint.8*
.TH NETLINT 8 LOCAL
.SH NAME
netlint - scan this host for network configuration errors
.SH SYNOPSIS
.ds PN "netlint
\fI\*(PN\fP [\fB\-t\fP\~\fItimezone\fP]
.br
\fI\*(PN\fP \fB\-R\fP\~\fIrepo\fP [\fP\-p\fP\~\fIport\fP] [\fB\-t\fP\~\fItimezone\fP]
.br
\fI\*(PN\fP \fB\-F\fP
.br
\fI\*(PN\fP \fB\-h\fP
.br
\fI\*(PN\fP \fB\-V\fP

.SH DESCRIPTION
The network configuration of a node is critical to production
operations of all hosts attached to that network, even a small
error on a host (viz. a duplicate IP address) could seriously
impact the performance of every host on that segment.
No invariant assumption made about a node is valid, on a modern
system, unless the network is configurd correctly.
.PP
\fINetlint\fP provides a structured report about the network
configuration of a node.  This report is processed by the
\fIreporter\fP to generate a list of unexpected configuration
facts.  See \fBreport\fP(1).
.PP
The output is usually
sent to a reporting agent to notify the Administrator of errors
or inconsistent information found on the host.
An \fIad hoc\fP visual scan
of \fI\*(PN\fP's output might be useful to find configuration errors
on a host that has an (as yet) undiagnosed issue.

.SH OPTIONS
.TP
\fB\-F\fP
The \fI\*(PN\fP script contains some useful \fBksh\fP functions
that the plugins use (these are documented in the plugin manual page).
Since \fBksh\fP doesn't have a portable way to export this from
the running shell \fI\*(PN\fP has an option to produce them.

.TP
\fB\-h\fP
Print a help message.

.TP
\fB\-p\fP \fIport\fP
Specify a non-standard port to connect to the \fBrsync\fP server.

.TP
\fB\-R\fP \fIrepo\fP
Specify that the a remote policy, rather than the local one from
\fB/usr/local/libexec/netlint-plugins\fP should be executed.  The
policy is dowloaded via \fBrsync\fP to a temporary directory,
then executed in place of the local policy.  Note this trusts a
remote server to provide \fBcode to be locally executed\fP.
The module requested is \*(lqnetlint\*(rq.

.TP
\fB\-t\fP \fItimezone\fP
The timezone value expected for this node.  If a node
is distant from the reporter service we might ne in
a different timezone, this confirms that fact.

.TP
\fB\-V\fP
Show version information and exit.

.SH EXAMPLES
.TP
10 2 * * 1 /usr/local/libexec/netlint |Mail \-s "NETLINT: `/bin/hostname`" netlint@netlint
A \fBcrontab\fP fragment one might use to run \fI\*(PN\fP every Monday
morning, directing the output to the reporter account for processing.
.TP
/usr/local/libexec/netlint \-V
List the version of \fI\*(PN\fP and the versions of all the plugins
installed.
.TP
/usr/local/libexec/netlint \-F >/tmp/me$$ && . /tmp/me$$ ; rm /tmp/me$$
Output the common shell function to a temporary file, source them
into this shell, and cleanup the file.  This is a common idiom
in the plugin code-base.

.SH ENVIRONMENT
The environment set for the plugins contains (at least) these
variables:
.TP
$CARP
A shell command (viz. \fBecho\fP) that sends a collected fact to
the report.  A fact should always be reported via the command,
rather than assuming \fIstdout\fP is the report stream.
.TP
$OS
The output of uname \-s, or something like it.  This has already been
reported under the topic "OS:" before the plugins are executed.
.TP
$IFACE_LIST
A white-space separated list of network interfaces, given as:
.RS
\fIinterface\fP\fB(\fP\fIip\fP \fImac\fP \fInetwork\fP\fB/\fP\fICIDR\fP\fB \fItype\fP)\fP
.RE
.TP
$IP_LIST
A white-space separated list of IP addresses the host has configured
as UP on the network.
.TP
$SUBNET_LIST
A white-space separated list of networks the host is directly attached
to, given as:
.RS
\fIsubnet\fP\fB/\fP\fICIDR\fP
.RE
.TP
$NETLINT_FUNCS
The path to a file that contains "\fI\*(PN\fP \-F" output.
.TP
$rREPO and $rPORT
These are only exported if a remote repository was specified.
They have the obvious meaning.

.SH BUGS
The fact's topic tags could have been better organized.

.SH AUTHORS
Kevin Braunsdorf, Pete Fritchman
.br
netlint At ksb.npcguild.org, petef@databits.net

.SH "SEE ALSO"
sh(1), ksh(1), ifconfig(8), hostlint(8l), report(1l), robodoc(1), rsync(1)