git: c1f6704bf810 - main - ipf: Fix some typos
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 03 Feb 2024 04:37:38 UTC
The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=c1f6704bf810bc28b2af6cb0d0e60cb8f5a9b44b commit c1f6704bf810bc28b2af6cb0d0e60cb8f5a9b44b Author: Elyes Haouas <ehaouas@noos.fr> AuthorDate: 2023-10-15 16:03:11 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2024-02-03 04:36:27 +0000 ipf: Fix some typos Signed-off-by: Elyes Haouas <ehaouas@noos.fr> --- sbin/ipf/ipf/ipf.5 | 26 +++++++++++++------------- sbin/ipf/ipf/ipfilter.4 | 2 +- sbin/ipf/ipfstat/ipfstat.c | 2 +- sbin/ipf/ipnat/ipnat.5 | 16 ++++++++-------- sbin/ipf/ipscan/ipscan.5 | 2 +- sbin/ipf/libipf/interror.c | 2 +- sbin/ipf/libipf/parseipfexpr.c | 2 +- 7 files changed, 26 insertions(+), 26 deletions(-) diff --git a/sbin/ipf/ipf/ipf.5 b/sbin/ipf/ipf/ipf.5 index 79e6b2c45b05..7fbba17594ba 100644 --- a/sbin/ipf/ipf/ipf.5 +++ b/sbin/ipf/ipf/ipf.5 @@ -31,7 +31,7 @@ address patterns or "all" to match any address information .SS Long lines .PP For rules lines that are particularly long, it is possible to split -them over multiple lines implicity like this: +them over multiple lines implicitly like this: .PP .nf pass in on bgeo proto tcp from 1.1.1.1 port > 1000 @@ -536,7 +536,7 @@ URG - this bit is set to indicate that the packet contains urgent data .HP R RST - this bit is set only in packets that are a reply to another -that has been received but is not targetted at any open port +that has been received but is not targeted at any open port .HP C CWN @@ -686,7 +686,7 @@ Once a TCP connection has reached the established state, the default timeout allows for it to be idle for 5 days before it is removed from the state table. The timeouts for the other TCP connection states vary from 240 seconds to 30 seconds. -Both UDP and ICMP state entries have asymetric timeouts where the timeout +Both UDP and ICMP state entries have asymmetric timeouts where the timeout set upon seeing packets in the forward direction is much larger than for the reverse direction. For UDP the default timeouts are 120 and 12 seconds, for ICMP 60 and 6 seconds. This is a reflection of the @@ -890,8 +890,8 @@ construction of filter rules easier, it is possible to place them in groups. A rule can be both a member of a group and the head of a new group. .PP Using filter groups requires at least two rules: one to be in the group -one one to send matchign packets to the group. If a packet matches a -filtre rule that is a group head but does not match any of the rules +one one to send matching packets to the group. If a packet matches a +filter rule that is a group head but does not match any of the rules in that group, then the packet is considered to have matched the head rule. .PP @@ -1037,7 +1037,7 @@ pass in on bge0 to bge1:1.1.1.1 reply-to hme1:2.1.1.2 \\ .PP The design for IPv4 allows for the header to be upto 64 bytes long, however most traffic only uses the basic header which is 20 bytes long. -The other 44 bytes can be uesd to store IP options. These options are +The other 44 bytes can be used to store IP options. These options are generally not necessary for proper interaction and function on the Internet today. For most people it is sufficient to block and drop all packets that have any options set. This can be achieved with this @@ -1090,7 +1090,7 @@ some of the nodes the packet must go through, with the ssrr option, every next hop router must be specified. .PP The complete list of IPv4 options that can be matched on is: -addext (Address Extention), +addext (Address Extension), cipso (Classical IP Security Option), dps (Dynamic Packet State), e-sec (Extended Security), @@ -1357,7 +1357,7 @@ A list of the currently available variables inside IPFilter that may be tuned from ipf.conf are as follows: .HP active -set through -s command line switch of ipf(8). See ipf(8) for detals. +set through -s command line switch of ipf(8). See ipf(8) for details. .HP chksrc when set, enables reverse path verification on source addresses and @@ -1430,7 +1430,7 @@ sets the size of the in-kernel log buffer in bytes. log_suppress when set, IPFilter will check to see if the packet it is logging is similar to the one it previously logged and if so, increases -the occurance count for that packet. The previously logged packet +the occurrence count for that packet. The previously logged packet must not have yet been read by ipmon(8). .HP min_ttl @@ -1467,8 +1467,8 @@ when the fill percentage of the NAT table exceeds this mark, more aggressive flushing is enabled. .HP nat_table_wm_low -this sets the percentage at which the NAT table's agressive flushing -will turn itself off at. +this sets the percentage at which the NAT table's aggressive flushing +will turn itself off. .HP rdr_rules_size size of the hash table to store rdr rules. @@ -1492,7 +1492,7 @@ state_size size of the hash table used for stateful filtering .HP state_wm_freq -this controls how often the agressive flushing should be run once the +this controls how often the aggressive flushing should be run once the state table exceeds state_wm_high in percentage full. .HP state_wm_high @@ -1500,7 +1500,7 @@ when the fill percentage of the state table exceeds this mark, more aggressive flushing is enabled. .HP state_wm_low -this sets the percentage at which the state table's agressive flushing +this sets the percentage at which the state table's aggressive flushing will turn itself off at. .HP tcp_close_wait diff --git a/sbin/ipf/ipf/ipfilter.4 b/sbin/ipf/ipf/ipfilter.4 index f262f711b8ff..39676e3c1dae 100644 --- a/sbin/ipf/ipf/ipfilter.4 +++ b/sbin/ipf/ipf/ipfilter.4 @@ -123,7 +123,7 @@ file syslog .PP ipsend(1) -generates arbitary IP packets for ethernet connected machines. +generates arbitrary IP packets for ethernet connected machines. .PP ipresend(1) reads in a data file of saved IP packets (ie diff --git a/sbin/ipf/ipfstat/ipfstat.c b/sbin/ipf/ipfstat/ipfstat.c index ba9556f5421c..fd0ac83097a0 100644 --- a/sbin/ipf/ipfstat/ipfstat.c +++ b/sbin/ipf/ipfstat/ipfstat.c @@ -323,7 +323,7 @@ int main(int argc, char *argv[]) case 'm' : filter = parseipfexpr(optarg, NULL); if (filter == NULL) { - fprintf(stderr, "Error parseing '%s'\n", + fprintf(stderr, "Error parsing '%s'\n", optarg); exit(1); } diff --git a/sbin/ipf/ipnat/ipnat.5 b/sbin/ipf/ipnat/ipnat.5 index 01931c6be4f4..b01892f9749d 100644 --- a/sbin/ipf/ipnat/ipnat.5 +++ b/sbin/ipf/ipnat/ipnat.5 @@ -149,7 +149,7 @@ For TCP connections exiting a connection such as PPPoE where the MTU is slightly smaller than normal ethernet, it can be useful to reduce the Maximum Segment Size (MSS) offered by the internal machines to match, reducing the liklihood that the either end will attempt to send packets -that are too big and result in fragmentation. This is acheived using the +that are too big and result in fragmentation. This is achieved using the .B mssclamp option with TCP .B map @@ -220,7 +220,7 @@ that requires the destination port number to be 21 if this rule is to be activated. The word "ftp" is the proxy identifier that the kernel will try and resolve internally, "tcp" the protocol that packets must match. .PP -See below for a list of proxies and their relative staus. +See below for a list of proxies and their relative status. .PP To associate NAT rules with filtering rules, it is possible to set and match tags during either inbound or outbound processing. At present the @@ -355,7 +355,7 @@ rdr le0 from 1.1.0.0/16 to any -> 192.168.1.3 rdr le0 ! from 1.1.0.0/16 to any -> 192.168.1.4 .fi .PP -If there is a consective set of addresses you wish to spread the packets +If there is a consecutive set of addresses you wish to spread the packets over, then this can be done in one of two ways, the word "range" optional to preserve: .nf @@ -382,9 +382,9 @@ rdr le0 0/0 -> 192.168.1.5,192.168.1.7 round-robin rdr le0 0/0 -> 192.168.1.9 round-robin .fi .PP -If there are a large number of redirect rules and hosts being targetted +If there are a large number of redirect rules and hosts being targeted then it may be desirable to have all those from a single source address -be targetted at the same destination address. To achieve this, the +be targeted at the same destination address. To achieve this, the word .B sticky is appended to the rule like this: @@ -399,9 +399,9 @@ The .B sticky feature can only be combined with .B round-robin -and the use of comma. +and the use of a comma. .PP -For TCP and UDP packets, it is possible to both match on the destiantion +For TCP and UDP packets, it is possible to both match on the destination port number and to modify it. For example, to change the destination port from 80 to 3128, we would use a rule like this: .nf @@ -572,7 +572,7 @@ On the LHS is a normal set of matching capabilities but on the RHS it is a requirement to specify both the source and destination addresses and ports. .PP -As this feature is intended to be used with targetting packets at sockets +As this feature is intended to be used with targeting packets at sockets and not IPFilter running on other systems, there is no rule provided to \fIundivert\fR packets. .TP diff --git a/sbin/ipf/ipscan/ipscan.5 b/sbin/ipf/ipscan/ipscan.5 index 345561f9bb91..72b3f92a25a0 100644 --- a/sbin/ipf/ipscan/ipscan.5 +++ b/sbin/ipf/ipscan/ipscan.5 @@ -20,7 +20,7 @@ match-char ::= "*" | "?" | "." .fi .PP In this example an ip-address is a dotted-quad IPv4 address and a port-number -is a number betwee 1 and 65535, inclusive. The match string is must be of +is a number between 1 and 65535, inclusive. The match string is must be of same length as the literal string that it is matching (literal). The length of either string is limited to 16 bytes. .PP diff --git a/sbin/ipf/libipf/interror.c b/sbin/ipf/libipf/interror.c index a4c0b1c56b8e..981823ca6bb9 100644 --- a/sbin/ipf/libipf/interror.c +++ b/sbin/ipf/libipf/interror.c @@ -144,7 +144,7 @@ static ipf_error_entry_t ipf_errors[IPF_NUM_ERRORS] = { { 116, "error copying in match array" }, { 117, "match array type is not IPFOBJ_IPFEXPR" }, { 118, "bad size for match array" }, - { 119, "cannot allocate memory for match aray" }, + { 119, "cannot allocate memory for match array" }, { 120, "error copying in match array" }, { 121, "error verifying contents of match array" }, { 122, "need write permissions to set ipf lock status" }, diff --git a/sbin/ipf/libipf/parseipfexpr.c b/sbin/ipf/libipf/parseipfexpr.c index 880258e5dd66..be86456e143b 100644 --- a/sbin/ipf/libipf/parseipfexpr.c +++ b/sbin/ipf/libipf/parseipfexpr.c @@ -75,7 +75,7 @@ parseipfexpr(char *line, char **errorptr) for (ops = strtok(temp, ";"); ops != NULL; ops = strtok(NULL, ";")) { arg = strchr(ops, '='); if ((arg < ops + 2) || (arg == NULL)) { - error = "bad 'arg' vlaue"; + error = "bad 'arg' value"; goto parseerror; }