From owner-freebsd-doc Mon May 13 20:20:22 2002 Delivered-To: freebsd-doc@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9306037B408 for ; Mon, 13 May 2002 20:20:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4E3K1s48802; Mon, 13 May 2002 20:20:01 -0700 (PDT) (envelope-from gnats) Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117]) by hub.freebsd.org (Postfix) with ESMTP id DEB4237B405 for ; Mon, 13 May 2002 20:15:00 -0700 (PDT) Received: from www.freebsd.org (localhost [127.0.0.1]) by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g4E3F0hG083108 for ; Mon, 13 May 2002 20:15:00 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.2/8.12.2/Submit) id g4E3F0c2083107; Mon, 13 May 2002 20:15:00 -0700 (PDT) Message-Id: <200205140315.g4E3F0c2083107@www.freebsd.org> Date: Mon, 13 May 2002 20:15:00 -0700 (PDT) From: Chris Pepper To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: docs/38061: Typos in man pages for faith & faithd Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 38061 >Category: docs >Synopsis: Typos in man pages for faith & faithd >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon May 13 20:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Chris Pepper >Release: 4.5-RELEASE >Organization: Rockefeller University >Environment: FreeBSD kra.info-mac.org 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Thu May 2 17:53:25 EDT 2002 root@kra.info-mac.org:/usr/src/sys/compile/KRA i386 >Description: Many typos in manpages for faith & faithd. >How-To-Repeat: >Fix: --- faith.4 Mon May 13 22:51:35 2002 +++ faith.4.fixed Mon May 13 22:57:20 2002 @@ -46,20 +46,20 @@ .Xr faithd 8 . .Pp Special action will be taken when IPv6 TCP traffic is seen on a router, -and routing table suggests to route it to +and the routing table suggests routing it to the .Nm interface. In this case, the packet will be accepted by the router, -regardless of list of IPv6 interface addresses assigned to the router. -The packet will be captured by an IPv6 TCP socket, if it has +regardless of the list of IPv6 interface addresses assigned to the router. +The packet will be captured by an IPv6 TCP socket, if it has the .Dv IN6P_FAITH -flag turned on and it has matching address/port pairs. -In result, +flag turned on and matching address/port pairs. +As a result, .Nm will let you capture IPv6 TCP traffic to some specific destination addresses. Userland programs, such as .Xr faithd 8 -can use this behavior to relay IPv6 TCP traffic to IPv4 TCP traffic. +can use this behavior to relay IPv6 TCP traffic to IPv4 TCP programs. The program can accept some specific IPv6 TCP traffic, perform .Xr getsockname 2 to get the IPv6 destination address specified by the client, @@ -69,26 +69,24 @@ .Dv IN6P_FAITH flag on IPv6 TCP socket can be set by using .Xr setsockopt 2 , -with level equals to +with level .Dv IPPROTO_IPV6 -and optname equals to +and optname .Dv IPv6_FAITH . .Pp -To handle error reports by ICMPv6, some of ICMPv6 packets routed to +To handle error reports by ICMPv6, some ICMPv6 packets routed to .Nm -interface will be delivered to IPv6 TCP, as well. +interface may be delivered to IPv6 TCP, as well. .Pp To understand how .Nm -can be used, take a look at source code of +can be used, take a look at the source code of .Xr faithd 8 . .Pp -As +As the .Nm -interface implements potentially dangerous operation, -great care must be taken when configuring -.Nm -interface. +interface implements potentially dangerous operations, +great care must be taken when configuring it. To avoid possible misuse, .Xr sysctl 8 variable @@ -100,10 +98,11 @@ .Li net.inet6.ip6.keepfaith is .Li 0 , -no packet will be captured by +no packets will be captured by the .Nm interface. .Pp +The .Nm interface is intended to be used on routers, not on hosts. .\" @@ -120,5 +119,5 @@ .%O work in progress material .Re .Sh HISTORY -The FAITH IPv6-to-IPv4 TCP relay translator was first appeared in +The FAITH IPv6-to-IPv4 TCP relay translator first appeared in the WIDE hydrangea IPv6 stack. --- faithd.8 Mon May 13 22:51:36 2002 +++ faithd.8.fixed Mon May 13 23:12:54 2002 @@ -43,21 +43,19 @@ .Op Ar serverpath Op Ar serverargs .Sh DESCRIPTION .Nm -provides IPv6-to-IPv4 TCP relay. +provides IPv6-to-IPv4 TCP relaying. .Nm -must be used on an IPv4/v6 dual stack router. +can only be used on an IPv4/v6 dual stack router. .Pp When .Nm receives .Tn TCPv6 -traffic, -.Nm -will relay the +traffic, it will relay the .Tn TCPv6 traffic to .Tn TCPv4 . -Destination for relayed +The destination for the relayed .Tn TCPv4 connection will be determined by the last 4 octets of the original .Tn IPv6 @@ -73,14 +71,14 @@ the traffic will be relayed to IPv4 destination .Li 10.1.1.1 . .Pp -To use +To use the .Nm translation service, -an IPv6 address prefix must be reserved for mapping IPv4 addresses into. -Kernel must be properly configured to route all the TCP connection -toward the reserved IPv6 address prefix into the +an IPv6 address prefix must be reserved for mapping IPv4 addresses +into, and the kernel must be properly configured to route all the +TCPs connections to the reserved IPv6 address prefix into the .Xr faith 4 -pseudo interface, by using +pseudo interface, using the .Xr route 8 command. Also, @@ -91,7 +89,7 @@ .Dv 1 . .Pp The router must be configured to capture all the TCP traffic -toward reserved +for the reserved .Tn IPv6 address prefix, by using .Xr route 8 @@ -100,21 +98,21 @@ commands. .Pp .Nm -needs a special name-to-address translation logic, so that -hostnames gets resolved into special +needs special name-to-address translation logic, so that +hostnames get resolved into the special .Tn IPv6 address prefix. -For small-scale installation, use -.Xr hosts 5 . -For large-scale installation, it is useful to have +For small-scale installations, use +.Xr hosts 5 ; +for large-scale installations, it is useful to have a DNS server with special address translation support. An implementation called .Nm totd is available at .Pa http://www.vermicelli.pasta.cs.uit.no/ipv6/software.html . -Make sure you do not propagate translated DNS records to normal DNS cloud, -it is highly harmful. +Make sure you do not propagate translated DNS records over to normal +DNS, as it can cause severe problems. .Pp .Ss Daemon mode When @@ -148,9 +146,9 @@ .Nm , you can run local daemons on the router. .Nm -will invoke local daemon at +will invoke a local daemon at .Ar serverpath -if the destination address is local interface address, +if the destination address is a local interface address, and will perform translation to IPv4 TCP in other cases. You can also specify .Ar serverargs @@ -182,24 +180,24 @@ .Xr ftp 1 and .Xr rlogin 1 . -When translating FTP protocol, +When translating the FTP protocol, .Nm translates network level addresses in .Li PORT/LPRT/EPRT and .Li PASV/LPSV/EPSV commands. -For RLOGIN protocol, +For the rlogin protocol, .Nm -will relay back connection from +will relay back connections from .Xr rlogind 8 on the server to .Xr rlogin 1 -on client. +on the client. .Pp Inactive sessions will be disconnected in 30 minutes, -to avoid stale sessions from chewing up resources. -This may be inappropriate for some of the services +to prevent stale sessions from chewing up resources. +This may be inappropriate for some services (should this be configurable?). .Ss inetd mode When @@ -207,13 +205,13 @@ is invoked via .Xr inetd 8 , .Nm -will handle connection passed from standard input. +will handle connections passed from standard input. If the connection endpoint is in the reserved IPv6 address prefix, .Nm will relay the connection. Otherwise, .Nm -will invoke service-specific daemon like +will invoke a service-specific daemon like .Xr telnetd 8 , by using the command argument passed from .Xr inetd 8 . @@ -225,16 +223,16 @@ .Nm is invoked via .Xr inetd 8 -on FTP port, it will operate as a FTP relay. +on the FTP port, it will operate as an FTP relay. .Pp The operation mode requires special support for .Nm in .Xr inetd 8 . .Ss Access control -To prevent malicious accesses, +To prevent malicious access, .Nm -implements a simple address-based access control. +implements simple address-based access control. With .Pa /etc/faithd.conf (or @@ -243,9 +241,8 @@ .Fl f ) , .Nm will avoid relaying unwanted traffic. -The .Pa faithd.conf -contains directives with the following format: +contains directives of the following format: .Bl -bullet .It .Ar src Ns / Ns Ar slen Cm deny Ar dst Ns / Ns Ar dlen @@ -266,7 +263,7 @@ .El .Pp The directives are evaluated in sequence, -and the first matching entry will be effective. +and the first matching entry will be used. If there is no match .Pq if we reach the end of the ruleset the traffic will be denied. @@ -277,6 +274,7 @@ .Sh EXAMPLES Before invoking .Nm , +the .Xr faith 4 interface has to be configured properly. .Bd -literal -offset @@ -337,12 +335,12 @@ .Ed .Pp .Xr inetd 8 -will open listening sockets with enabling kernel TCP relay support. -Whenever connection comes in, +will open listening sockets with kernel TCP relay support enabled. +Whenever a connection comes in, .Nm will be invoked by .Xr inetd 8 . -If it the connection endpoint is in the reserved IPv6 address prefix. +If the connection endpoint is in the reserved IPv6 address prefix. .Nm will relay the connection. Otherwise, @@ -388,7 +386,7 @@ .Sh HISTORY The .Nm -command first appeared in WIDE Hydrangea IPv6 protocol stack kit. +command first appeared in the WIDE Hydrangea IPv6 protocol stack kit. .\" .Pp IPv6 and IPsec support based on the KAME Project (http://www.kame.net/) stack @@ -405,16 +403,15 @@ .Nm using .Pa faithd.conf , -or by using IPv6 packet filters. -It is to protect +or by using IPv6 packet filters, to protect the .Nm -service from malicious parties and avoid theft of service/bandwidth. -IPv6 destination address can be limited by -carefully configuring routing entries that points to +service from malicious parties, and to avoid theft of service/bandwidth. +IPv6 destination addresses can be limited by +carefully configuring routing entries that point to .Xr faith 4 , using .Xr route 8 . -IPv6 source address needs to be filtered by using packet filters. -Documents listed in +The IPv6 source address needs to be filtered using packet filters. +The documents listed in .Sx SEE ALSO -have more discussions on this topic. +have more information on this topic. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message