Module Name: src
Committed By: wiz
Date: Wed Jan 10 12:18:22 UTC 2018
Modified Files:
src/share/man/man4: ipsecif.4
Log Message:
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/share/man/man4/ipsecif.4
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man4/ipsecif.4
diff -u src/share/man/man4/ipsecif.4:1.1 src/share/man/man4/ipsecif.4:1.2
--- src/share/man/man4/ipsecif.4:1.1 Wed Jan 10 11:08:55 2018
+++ src/share/man/man4/ipsecif.4 Wed Jan 10 12:18:22 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipsecif.4,v 1.1 2018/01/10 11:08:55 knakahara Exp $
+.\" $NetBSD: ipsecif.4,v 1.2 2018/01/10 12:18:22 wiz Exp $
.\"
.\" Copyright (C) 2017 Internet Initiative Japan Inc.
.\" All rights reserved.
@@ -31,14 +31,14 @@
.Dt IPSECIF 4
.Os
.Sh NAME
-.Nm ipsec
-.Nd ipsec interface
+.Nm ipsecif
+.Nd IPsec interface
.Sh SYNOPSIS
.Cd "pseudo-device ipsecif"
.Sh DESCRIPTION
The
.Nm
-is similar to
+interface is similar to
.Xr gif 4
over
.Xr ipsec 4
@@ -46,25 +46,29 @@ transport mode.
.Xr gif 4
over
.Xr ipsec 4
-transport mode are managed by userland programs. In contrast,
+transport mode is managed by userland programs.
+In contrast,
.Nm
-manages its security policies by itself, that is, when user sets
+manages its security policies by itself, that is, when user sets up a
.Nm
tunnel source and destination address pair, the related security policies
-are created automatically in kernel. Therefore, the security policies of
+are created automatically in the kernel.
+Therefore, the security policies of
.Nm
-are added/deleted atomically. It also means
+are added/deleted atomically.
+It also means that
.Nm
-ensures both of in and out security policy pair exist, that is,
+ensures that both the in and out security policy pairs exist, that is,
.Nm
-avoids the troubles which is caused by only one of in and out security
+avoids the trouble caused when only one of the in and out security
policy pair exists.
.Pp
-There is four security policies generated by
+There are four security policies generated by
.Nm ,
-that is, in and out pair for each IPv4 and IPv6. Here is
+that is, one in and out pair for IPv4 and IPv6 each.
+This
.Xr ipsec.conf 5
-which is the same meaing as that security policies.
+has the same meaning as these security policies:
.Bd -literal
spdadd "src" "dst" ipv4 -P out ipsec esp/transport//unique;
spdadd "dst" "src" ipv4 -P in ipsec esp/transport//unique;
@@ -74,25 +78,27 @@ spdadd "dst" "src" ipv6 -P in ipsec esp/
.Pp
Therefore,
.Nm
-configuration will fail if you already add such security policies, and
+configuration will fail if you already added such security policies, and
vice versa.
.Pp
-The related security associates can be established by IKE daemon such as
+The related security associates can be established by an IKE daemon such as
.Xr racoon 8 .
They can also be manipulated manually by
.Xr setkey 8
-with -u option which we set security policy's unique#.
+with the
+.Fl u
+option which sets a security policy's unique id.
.Pp
Some if_flags change
-.Nm
-befavior. IFF_LINK0 can enable Network Address Translator traversal,
+.Nm Ap s
+behaviour.
+IFF_LINK0 can enable Network Address Translator traversal,
IFF_LINK1 can enable ECN friendly mode like
.Xr gif 4 ,
and IFF_LINK2 can enable forwarding inner IPv6 packets.
-Only IFF_LINK2 is set by default. If you use only IPv4 packets as
-inner packets, you would want to unset IFF_LINK2 to reduce security
-associates for IPv6 packets.
-
+Only IFF_LINK2 is set by default.
+If you use only IPv4 packets as inner packets, you would want to
+unset IFF_LINK2 to reduce security associates for IPv6 packets.
.Sh EXAMPLES
Configuration example:
.Bd -literal
@@ -127,12 +133,11 @@ start IKE daemon or set security associa
# ifconfig wm1 inet 10.200.0.1/24
# route add 10.100.0.1 172.16.200.1
.Ed
-.Pp
.Sh SEE ALSO
+.Xr gif 4 ,
.Xr inet 4 ,
.Xr inet6 4 ,
.Xr ipsec 4 ,
-.Xr gif 4 ,
.Xr ifconfig 8 ,
.Xr setkey 8
.Sh HISTORY
@@ -143,6 +148,6 @@ device first appeared in
.Sh LIMITATIONS
Currently, the
.Nm
-interface supports esp protocol only.
+interface supports the ESP protocol only.
.Nm
-does not support Network Address Translator traversal(NAT-T).
+does not support Network Address Translator traversal (NAT-T).
