another tcp apps IPv6 updates.(should be make world safe)

  ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project

1 files changed, 256 insertions, 0 deletions

diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8
new file mode 100644
index 0000000..2f62ed3
--- /dev/null
+++ b/usr.sbin/faithd/faithd.8
@@ -0,0 +1,256 @@
+.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+.\" All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the project nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	$Id: faithd.8,v 1.3 1999/10/07 04:22:14 itojun Exp $
+.\"	$FreeBSD$
+.\"
+.Dd January 27, 2000
+.Dt FAITHD 8
+.Os KAME
+.Sh NAME
+.Nm faithd
+.Nd FAITH IPv6/v4 translator daemon
+.Sh SYNOPSIS
+.Nm faithd
+.Op Fl dp
+.Oo
+.Ar service
+.Oo
+.Ar serverpath
+.Op Ar serverargs
+.Oc
+.Oc
+.Sh DESCRIPTION
+.Nm
+provides IPv6/v4 TCP relay for the specified
+.Ar service .
+.Pp
+.Nm
+must be invoked on IPv4/v6 dual stack router.
+The router must be configured to capture all the TCP traffic
+toward reserved IPv6 address prefix, by using
+.Xr route 8
+and
+.Xr sysctl 8
+commands.
+.Nm
+will daemonize itself on invocation.
+.Pp
+.Nm
+will listen to TCPv6 port
+.Ar service .
+If TCPv6 traffic to port
+.Ar service
+is found,
+.Nm
+will relay the TCPv6 traffic to TCPv4.
+Destination for relayed TCPv4 connection will be determined by the
+last 4 octets of the original IPv6 destination.
+For example, if
+.Li 3ffe:0501:4819:ffff::
+is reserved for
+.Nm faithd ,
+and the TCPv6 destination address is
+.Li 3ffe:0501:4819:ffff::0a01:0101 ,
+the traffic will be relayed to IPv4 destination
+.Li 10.1.1.1 .
+.Pp
+If
+.Ar service
+is not given,
+.Li telnet
+is assumed, and
+.Nm
+will relay TCP traffic on TCP port
+.Li telnet .
+With
+.Ar service ,
+.Nm
+will work as TCP relaying daemon for specified
+.Ar service
+as described above.
+.Pp
+Since
+.Nm
+listens to TCP port
+.Ar service ,
+it is not possible to run local TCP daemons for port
+.Ar service
+on the router, using
+.Xr inetd 8
+or other standard mechanisms.
+By specifying
+.Ar serverpath
+to
+.Nm faithd ,
+you can run local daemons on the router.
+.Nm
+will invoke local daemon at
+.Ar serverpath
+if the destination address is local interface address,
+and will perform translation to IPv4 TCP in other cases.
+You can also specify
+.Ar serverargs
+for the arguments for the local daemon.
+.Pp
+To use
+.Nm
+translation service,
+an IPv6 address prefix must be reserved for mapping IPv4 addresses into.
+Kernel must be properly configured to route all the TCP connection 
+toward the reserved IPv6 address prefix into the
+.Dv faith
+pseudo interface, by using
+.Xr route 8
+command.
+Also,
+.Xr sysctl 8
+should be used to configure
+.Dv net.inet6.ip6.keepfaith
+to
+.Dv 1 .
+.Pp
+If
+.Fl d
+is given, debugging information will be generated using
+.Xr syslog 3 .
+If
+.Fl p
+is given,
+.Nm
+will use privileged TCP port number as source port,
+for IPv4 TCP connection toward final destination.
+For relaying
+.Xr ftp 1
+and
+.Xr rlogin 1 ,
+.Fl p
+is not necessary as special program code is supplied.
+.Pp
+.Nm 
+will relay both normal and out-of-band TCP data.
+It is capable of emulating TCP half close as well.
+.Nm
+includes special support for protocols used by
+.Xr ftp 1
+and
+.Xr rlogin 1 .
+When translating FTP protocol,
+.Nm
+translates network level addresses in
+.Li PORT/LPRT/EPRT
+and
+.Li PASV/LPSV/EPSV
+commands.
+For RLOGIN protocol,
+.Nm
+will relay back connection from
+.Xr rlogind 8
+on the server to
+.Xr rlogin 1
+on client.
+.Pp
+Inactive sessions will be disconnected in 30 minutes,
+to avoid stale sessions from chewing up resources.
+This may be inappropriate for some of the services
+.Po
+should this be configurable?
+.Pc .
+.\"
+.Sh EXAMPLES
+Before invoking
+.Nm faithd ,
+.Xr faith 4
+interface has to be configured properly.
+.Pp
+To translate
+.Li telnet
+service, and provide no local telnet service, invoke
+.Nm
+as either of the following:
+.Bd -literal -offset
+# faithd
+# faithd telnet 
+.Ed
+.Pp
+If you would like to provide local telnet service via
+.Xr telnetd 8
+on
+.Pa /usr/local/v6/libexec/telnetd ,
+user the following command line:
+.Bd -literal -offset
+# faithd telnet /usr/local/v6/libexec/telnetd telnetd
+.Ed
+.Pp
+If you would like to pass extra arguments to the local daemon:
+.Bd -literal -offset
+# faithd ftpd /usr/local/v6/libexec/ftpd ftpd -l
+.Ed
+.Pp
+Here are some other examples:
+.Bd -literal -offset
+# faithd login /usr/local/v6/libexec/rlogin rlogind
+# faithd shell /usr/local/v6/libexec/rshd rshd
+# faithd sshd
+.Ed
+.\"
+.Sh RETURN VALUES
+.Nm
+exits with
+.Dv EXIT_SUCCESS
+.Pq 0
+on success, and
+.Dv EXIT_FAILURE
+.Pq 1
+on error.
+.\"
+.Sh SEE ALSO
+.Xr faith 4 ,
+.Xr route 8 ,
+.Xr sysctl 8
+.Rs
+.%A Jun-ichiro itojun Hagino
+.%A Kazu Yamamoto
+.%T "An IPv6-to-IPv4 transport relay translator"
+.%R internet draft
+.%N draft-ietf-ngtrans-tcpudp-relay-00.txt
+.%O work in progress material
+.Re
+.\"
+.Sh SECURITY NOTICE
+It is very insecure to use
+.Xr rhosts 5
+and other IP-address based authentication, for connections relayed by
+.Nm
+.Po
+and any other TCP relaying services
+.Pc .
+.\"
+.Sh HISTORY
+The
+.Nm
+command first appeared in WIDE Hydrangea IPv6 protocol stack kit.