svn commit: r202494 - in stable/7: share/man/man4 usr.sbin/faithd
brueffer at FreeBSD.org
Sun Jan 17 17:36:26 UTC 2010
Date: Sun Jan 17 17:36:25 2010
New Revision: 202494
MFC: r201870, r201889
Various language fixes. Also fixed the URL to totd, obtained from NetBSD.
stable/7/share/man/man4/ (props changed)
stable/7/usr.sbin/faithd/ (props changed)
--- stable/7/share/man/man4/faith.4 Sun Jan 17 17:31:53 2010 (r202493)
+++ stable/7/share/man/man4/faith.4 Sun Jan 17 17:36:25 2010 (r202494)
@@ -58,15 +58,15 @@ variable in
.Xr rc.conf 5 .
Special action will be taken when IPv6 TCP traffic is seen on a router,
-and routing table suggests to route it to
+and the routing table suggests to route it to the
In this case, the packet will be accepted by the router,
-regardless of list of IPv6 interface addresses assigned to the router.
-The packet will be captured by an IPv6 TCP socket, if it has
+regardless of the list of IPv6 interface addresses assigned to the router.
+The packet will be captured by an IPv6 TCP socket, if it has the
-flag turned on and it has matching address/port pairs.
+flag turned on and matching address/port pairs.
+As a result,
will let you capture IPv6 TCP traffic to some specific destination addresses.
Userland programs, such as
@@ -79,43 +79,42 @@ and perform application-specific address
-flag on IPv6 TCP socket can be set by using
+flag on a IPv6 TCP socket can be set by using
.Xr setsockopt 2 ,
-with level equals to
-and optname equals to
.Dv IPv6_FAITH .
-To handle error reports by ICMPv6, some of ICMPv6 packets routed to
+To handle error reports by ICMPv6, some ICMPv6 packets routed to an
interface will be delivered to IPv6 TCP, as well.
To understand how
-can be used, take a look at source code of
+can be used, take a look at the source code of
.Xr faithd 8 .
-interface implements potentially dangerous operation,
-great care must be taken when configuring
-To avoid possible misuse,
+interface implements potentially dangerous operations,
+great care must be taken when configuring it.
+To avoid possible misuse, the
.Xr sysctl 8
must be set to
-prior to the use of the interface.
+prior to using the interface.
.Li 0 ,
-no packet will be captured by
+no packets will be captured by the
interface is intended to be used on routers, not on hosts.
@@ -130,5 +129,5 @@ interface is intended to be used on rout
-The FAITH IPv6-to-IPv4 TCP relay translator was first appeared in
+The FAITH IPv6-to-IPv4 TCP relay translator first appeared in the
WIDE hydrangea IPv6 stack.
--- stable/7/usr.sbin/faithd/faithd.8 Sun Jan 17 17:31:53 2010 (r202493)
+++ stable/7/usr.sbin/faithd/faithd.8 Sun Jan 17 17:36:25 2010 (r202494)
@@ -29,7 +29,7 @@
-.Dd May 17, 1998
+.Dd January 9, 2010
.Dt FAITHD 8
@@ -44,20 +44,18 @@
-utility provides IPv6-to-IPv4 TCP relay.
-It must be used on an IPv4/v6 dual stack router.
+utility provides IPv6-to-IPv4 TCP relaying.
+It can only be used on an IPv4/v6 dual stack router.
-will relay the
+traffic, it will relay the
.Tn TCPv4 .
-Destination for relayed
+The destination for the relayed
connection will be determined by the last 4 octets of the original
@@ -73,14 +71,14 @@ destination address is
the traffic will be relayed to IPv4 destination
.Li 10.1.1.1 .
+To use the
an IPv6 address prefix must be reserved for mapping IPv4 addresses into.
-Kernel must be properly configured to route all the TCP connection
+The kernel must be properly configured to route all the TCP connections
toward the reserved IPv6 address prefix into the
.Xr faith 4
-pseudo interface, by using
+pseudo interface, using the
.Xr route 8
@@ -91,7 +89,7 @@ to
.Dv 1 .
The router must be configured to capture all the TCP traffic
+for the reserved
address prefix, by using
.Xr route 8
@@ -101,21 +99,20 @@ commands.
-utility needs a special name-to-address translation logic, so that
-hostnames gets resolved into special
+utility needs special name-to-address translation logic, so that
+hostnames get resolved into the special
-For small-scale installation, use
-.Xr hosts 5 .
-For large-scale installation, it is useful to have
+For small-scale installations, use
+.Xr hosts 5 ;
+For large-scale installations, it is useful to have
a DNS server with special address translation support.
An implementation called
-.Pa http://www.vermicelli.pasta.cs.uit.no/ipv6/software.html .
-Make sure you do not propagate translated DNS records to normal DNS cloud,
-it is highly harmful.
+is available at
+.Pa http://www.vermicelli.pasta.cs.uit.no/software/totd.html .
+Make sure you do not propagate translated DNS records over to normal
+DNS, as it can cause severe problems.
.Ss Daemon mode
@@ -150,9 +147,9 @@ to
you can run local daemons on the router.
-utility will invoke local daemon at
+utility will invoke a local daemon at
-if the destination address is local interface address,
+if the destination address is a local interface address,
and will perform translation to IPv4 TCP in other cases.
You can also specify
@@ -182,7 +179,7 @@ The
utility includes special support for protocols used by
.Xr ftp 1 .
-When translating FTP protocol,
+When translating the FTP protocol,
translates network level addresses in
@@ -191,8 +188,8 @@ and
Inactive sessions will be disconnected in 30 minutes,
-to avoid stale sessions from chewing up resources.
-This may be inappropriate for some of the services
+to prevent stale sessions from chewing up resources.
+This may be inappropriate for some services
(should this be configurable?).
.Ss inetd mode
@@ -200,13 +197,13 @@ When
is invoked via
.Xr inetd 8 ,
-will handle connection passed from standard input.
+will handle connections passed from standard input.
If the connection endpoint is in the reserved IPv6 address prefix,
will relay the connection.
-will invoke service-specific daemon like
+will invoke a service-specific daemon like
.Xr telnetd 8 ,
by using the command argument passed from
.Xr inetd 8 .
@@ -219,16 +216,16 @@ For example, if
is invoked via
.Xr inetd 8
-on FTP port, it will operate as a FTP relay.
+on the FTP port, it will operate as an FTP relay.
The operation mode requires special support for
.Xr inetd 8 .
.Ss Access control
-To prevent malicious accesses,
+To prevent malicious access,
-implements a simple address-based access control.
+implements simple address-based access control.
@@ -239,7 +236,7 @@ specified by
will avoid relaying unwanted traffic.
-contains directives with the following format:
+configuration file contains directives of the following format:
.Ar src Ns / Ns Ar slen Cm deny Ar dst Ns / Ns Ar dlen
@@ -281,6 +278,7 @@ on error.
.Xr faith 4
interface has to be configured properly.
.Bd -literal -offset
@@ -334,12 +332,12 @@ ssh stream tcp6/faith nowait root
.Xr inetd 8
-will open listening sockets with enabling kernel TCP relay support.
-Whenever connection comes in,
+will open listening sockets with kernel TCP relay support enabled.
+Whenever a connection comes in,
will be invoked by
.Xr inetd 8 .
-If it the connection endpoint is in the reserved IPv6 address prefix.
+If the connection endpoint is in the reserved IPv6 address prefix.
utility will relay the connection.
@@ -377,12 +375,12 @@ setting.
-utility first appeared in WIDE Hydrangea IPv6 protocol stack kit.
+utility first appeared in the WIDE Hydrangea IPv6 protocol stack kit.
IPv6 and IPsec support based on the KAME Project (http://www.kame.net/) stack
was initially integrated into
+.Fx 4.0 .
.Sh SECURITY CONSIDERATIONS
It is very insecure to use IP-address based authentication, for connections relayed by
@@ -392,16 +390,15 @@ Administrators are advised to limit acce
.Pa faithd.conf ,
-or by using IPv6 packet filters.
-It is to protect
+or by using IPv6 packet filters, to protect the
-service from malicious parties and avoid theft of service/bandwidth.
-IPv6 destination address can be limited by
-carefully configuring routing entries that points to
+service from malicious parties, and to avoid theft of service/bandwidth.
+IPv6 destination addresses can be limited by
+carefully configuring routing entries that point to
.Xr faith 4 ,
.Xr route 8 .
-IPv6 source address needs to be filtered by using packet filters.
-Documents listed in
+The IPv6 source address needs to be filtered using packet filters.
+The documents listed in
.Sx SEE ALSO
-have more discussions on this topic.
+have more information on this topic.
More information about the svn-src-stable-7