1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-29 08:08:37 +00:00

ipf: Fix some typos

Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
This commit is contained in:
Elyes Haouas 2023-10-15 18:03:11 +02:00 committed by Warner Losh
parent 7bd6cbbf69
commit c1f6704bf8
7 changed files with 26 additions and 26 deletions

View File

@ -31,7 +31,7 @@ address patterns or "all" to match any address information
.SS Long lines
.PP
For rules lines that are particularly long, it is possible to split
them over multiple lines implicity like this:
them over multiple lines implicitly like this:
.PP
.nf
pass in on bgeo proto tcp from 1.1.1.1 port > 1000
@ -536,7 +536,7 @@ URG - this bit is set to indicate that the packet contains urgent data
.HP
R
RST - this bit is set only in packets that are a reply to another
that has been received but is not targetted at any open port
that has been received but is not targeted at any open port
.HP
C
CWN
@ -686,7 +686,7 @@ Once a TCP connection has reached the established state, the default
timeout allows for it to be idle for 5 days before it is removed from
the state table. The timeouts for the other TCP connection states
vary from 240 seconds to 30 seconds.
Both UDP and ICMP state entries have asymetric timeouts where the timeout
Both UDP and ICMP state entries have asymmetric timeouts where the timeout
set upon seeing packets in the forward direction is much larger than
for the reverse direction. For UDP the default timeouts are 120 and
12 seconds, for ICMP 60 and 6 seconds. This is a reflection of the
@ -890,8 +890,8 @@ construction of filter rules easier, it is possible to place them in groups.
A rule can be both a member of a group and the head of a new group.
.PP
Using filter groups requires at least two rules: one to be in the group
one one to send matchign packets to the group. If a packet matches a
filtre rule that is a group head but does not match any of the rules
one one to send matching packets to the group. If a packet matches a
filter rule that is a group head but does not match any of the rules
in that group, then the packet is considered to have matched the head
rule.
.PP
@ -1037,7 +1037,7 @@ pass in on bge0 to bge1:1.1.1.1 reply-to hme1:2.1.1.2 \\
.PP
The design for IPv4 allows for the header to be upto 64 bytes long,
however most traffic only uses the basic header which is 20 bytes long.
The other 44 bytes can be uesd to store IP options. These options are
The other 44 bytes can be used to store IP options. These options are
generally not necessary for proper interaction and function on the
Internet today. For most people it is sufficient to block and drop
all packets that have any options set. This can be achieved with this
@ -1090,7 +1090,7 @@ some of the nodes the packet must go through, with the ssrr option,
every next hop router must be specified.
.PP
The complete list of IPv4 options that can be matched on is:
addext (Address Extention),
addext (Address Extension),
cipso (Classical IP Security Option),
dps (Dynamic Packet State),
e-sec (Extended Security),
@ -1357,7 +1357,7 @@ A list of the currently available variables inside IPFilter that may
be tuned from ipf.conf are as follows:
.HP
active
set through -s command line switch of ipf(8). See ipf(8) for detals.
set through -s command line switch of ipf(8). See ipf(8) for details.
.HP
chksrc
when set, enables reverse path verification on source addresses and
@ -1430,7 +1430,7 @@ sets the size of the in-kernel log buffer in bytes.
log_suppress
when set, IPFilter will check to see if the packet it is logging is
similar to the one it previously logged and if so, increases
the occurance count for that packet. The previously logged packet
the occurrence count for that packet. The previously logged packet
must not have yet been read by ipmon(8).
.HP
min_ttl
@ -1467,8 +1467,8 @@ when the fill percentage of the NAT table exceeds this mark, more
aggressive flushing is enabled.
.HP
nat_table_wm_low
this sets the percentage at which the NAT table's agressive flushing
will turn itself off at.
this sets the percentage at which the NAT table's aggressive flushing
will turn itself off.
.HP
rdr_rules_size
size of the hash table to store rdr rules.
@ -1492,7 +1492,7 @@ state_size
size of the hash table used for stateful filtering
.HP
state_wm_freq
this controls how often the agressive flushing should be run once the
this controls how often the aggressive flushing should be run once the
state table exceeds state_wm_high in percentage full.
.HP
state_wm_high
@ -1500,7 +1500,7 @@ when the fill percentage of the state table exceeds this mark, more
aggressive flushing is enabled.
.HP
state_wm_low
this sets the percentage at which the state table's agressive flushing
this sets the percentage at which the state table's aggressive flushing
will turn itself off at.
.HP
tcp_close_wait

View File

@ -123,7 +123,7 @@ file
syslog
.PP
ipsend(1)
generates arbitary IP packets for ethernet connected machines.
generates arbitrary IP packets for ethernet connected machines.
.PP
ipresend(1)
reads in a data file of saved IP packets (ie

View File

@ -323,7 +323,7 @@ int main(int argc, char *argv[])
case 'm' :
filter = parseipfexpr(optarg, NULL);
if (filter == NULL) {
fprintf(stderr, "Error parseing '%s'\n",
fprintf(stderr, "Error parsing '%s'\n",
optarg);
exit(1);
}

View File

@ -149,7 +149,7 @@ For TCP connections exiting a connection such as PPPoE where the MTU is
slightly smaller than normal ethernet, it can be useful to reduce the
Maximum Segment Size (MSS) offered by the internal machines to match,
reducing the liklihood that the either end will attempt to send packets
that are too big and result in fragmentation. This is acheived using the
that are too big and result in fragmentation. This is achieved using the
.B mssclamp
option with TCP
.B map
@ -220,7 +220,7 @@ that requires the destination port number to be 21 if this rule is to be
activated. The word "ftp" is the proxy identifier that the kernel will
try and resolve internally, "tcp" the protocol that packets must match.
.PP
See below for a list of proxies and their relative staus.
See below for a list of proxies and their relative status.
.PP
To associate NAT rules with filtering rules, it is possible to set and
match tags during either inbound or outbound processing. At present the
@ -355,7 +355,7 @@ rdr le0 from 1.1.0.0/16 to any -> 192.168.1.3
rdr le0 ! from 1.1.0.0/16 to any -> 192.168.1.4
.fi
.PP
If there is a consective set of addresses you wish to spread the packets
If there is a consecutive set of addresses you wish to spread the packets
over, then this can be done in one of two ways, the word "range" optional
to preserve:
.nf
@ -382,9 +382,9 @@ rdr le0 0/0 -> 192.168.1.5,192.168.1.7 round-robin
rdr le0 0/0 -> 192.168.1.9 round-robin
.fi
.PP
If there are a large number of redirect rules and hosts being targetted
If there are a large number of redirect rules and hosts being targeted
then it may be desirable to have all those from a single source address
be targetted at the same destination address. To achieve this, the
be targeted at the same destination address. To achieve this, the
word
.B sticky
is appended to the rule like this:
@ -399,9 +399,9 @@ The
.B sticky
feature can only be combined with
.B round-robin
and the use of comma.
and the use of a comma.
.PP
For TCP and UDP packets, it is possible to both match on the destiantion
For TCP and UDP packets, it is possible to both match on the destination
port number and to modify it. For example, to change the destination port
from 80 to 3128, we would use a rule like this:
.nf
@ -572,7 +572,7 @@ On the LHS is a normal set of matching capabilities but on the RHS it is
a requirement to specify both the source and destination addresses and
ports.
.PP
As this feature is intended to be used with targetting packets at sockets
As this feature is intended to be used with targeting packets at sockets
and not IPFilter running on other systems, there is no rule provided to
\fIundivert\fR packets.
.TP

View File

@ -20,7 +20,7 @@ match-char ::= "*" | "?" | "."
.fi
.PP
In this example an ip-address is a dotted-quad IPv4 address and a port-number
is a number betwee 1 and 65535, inclusive. The match string is must be of
is a number between 1 and 65535, inclusive. The match string is must be of
same length as the literal string that it is matching (literal). The length
of either string is limited to 16 bytes.
.PP

View File

@ -144,7 +144,7 @@ static ipf_error_entry_t ipf_errors[IPF_NUM_ERRORS] = {
{ 116, "error copying in match array" },
{ 117, "match array type is not IPFOBJ_IPFEXPR" },
{ 118, "bad size for match array" },
{ 119, "cannot allocate memory for match aray" },
{ 119, "cannot allocate memory for match array" },
{ 120, "error copying in match array" },
{ 121, "error verifying contents of match array" },
{ 122, "need write permissions to set ipf lock status" },

View File

@ -75,7 +75,7 @@ parseipfexpr(char *line, char **errorptr)
for (ops = strtok(temp, ";"); ops != NULL; ops = strtok(NULL, ";")) {
arg = strchr(ops, '=');
if ((arg < ops + 2) || (arg == NULL)) {
error = "bad 'arg' vlaue";
error = "bad 'arg' value";
goto parseerror;
}