-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtnat64.8.in
163 lines (131 loc) · 6.29 KB
/
tnat64.8.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
.TH TNAT64 8 "" "TNAT64" \" -*-
\" nroff -*
.SH NAME
.BR tnat64
\- Library for intercepting outgoing network connections and
redirecting them through the NAT64.
.SH SYNOPSIS
Set LD_PRELOAD to load the library then use applications as normal
The syntax to force preload of the library for different shells is
specified below:
Bash, Ksh and Bourne shell \-
export LD_PRELOAD=@pkglibdir@/libtnat64.so
C Shell \-
setenv LD_PRELOAD=@pkglibdir@/libtnat64.so
This process can be automated (for Bash, Bourne and Korn shell
users) for a single command or for all commands in a shell session
by using the tnat64(1) script
You can also setup tnat64 in such a way that all processes
automatically use it, a very useful configuration. For more
information on this configuration see the CAVEATS section of this
manual page.
.SH DESCRIPTION
.BR tnat64
is a library to allow IPv4-only application to access IPv4 hosts on
IPv6-only systems by using NAT64. It wraps the normal
connect() function. When a connection is attempted, it consults the
configuration file (which is defined at configure time but defaults to
@CONF_FILE@) and determines if the IP address specified is local. If
it is not, the library redirects the connection to an IPv6 address inside
the NAT64 prefix that is specified in the configuration file. The
redirection is performed only if the destination host is unreachable
(when there's no route to host). Also, after the first successful redirection
all the following connection attempts are redirected immediately without even
trying to connect to the host via IPv4. When the destination host cannot be
reached via IPv6, the redirection is disabled.
.BR tnat64
avoids the need to recompile applications so they can use reach hosts
even if they do not support IPv6 and there's no IPv4 connectivity.
.BR tnat64
is heavily based on the source code of tsocks, a library that intercepts
outgoing TCP connections and redirects them though SOCKS proxy. Many thanks
for tsocks author, Shaun Clowes!
.SS ARGUMENTS
Most arguments to
.BR tnat64
are provided in the configuration file (the location of which is defined
at configure time by the \-\-with-conf=<file> argument but defaults to
@CONF_FILE@). The structure of this file is documented in tnat64.conf(8)
Some configuration options can be specified at run time using environment
variables as follows:
.TP
.I TNAT64_CONF_FILE
This environment variable overrides the default location of the tnat64
configuration file. This variable is not honored if the program tnat64
is embedded in is setuid. In addition this environment variable can
be compiled out of tnat64 with the \-\-disable-envconf argument to
configure at build time
.TP
.I TNAT64_DEBUG
This environment variable sets the level of debug output that should be
generated by tnat64 (debug output is generated in the form of output to
standard error). If this variable is not present by default the logging
level is set to 0 which indicates that only error messages should be output.
Setting it to higher values will cause tnat64 to generate more messages
describing what it is doing. If set to \-1 tnat64 will output absolutely no
error or debugging messages. This is only needed if tnat64 output interferes
with a program it is embedded in. Message output can be permanently compiled
out of tnat64 by specifying the \-\-disable-debug option to configure at
build time
.TP
.I TNAT64_DEBUG_FILE
This option can be used to redirect the tnat64 output (which would normally
be sent to standard error) to a file. This variable is not honored if the
program tnat64 is embedded in is setuid. For programs where tnat64 output
interferes with normal operation this option is generally better than
disabling messages (with TNAT64_DEBUG = \-1)
.SS ERRORS
.BR tnat64
will generate error messages and print them to stderr when there are
problems with the configuration file if the TNAT64_DEBUG
environment variable is not set to \-1 or and
\-\-disable-debug was not specified at compile time. This output may cause
some problems with programs that redirect standard error.
.SS CAVEATS
.BR tnat64
will not in the above configuration be able to provide proxying to
setuid applications or applications that are not run from a shell. You can
force all applications to LD_PRELOAD the library by placing the path to
libtnat64 in /etc/ld.so.preload. Please make sure you correctly enter the
full path to the library in this file if you do this. If you get it wrong,
you will be UNABLE TO DO ANYTHING with the machine and will have to boot
it with a rescue disk and remove the file (or try the saveme program, see
the INSTALL file for more info). THIS IS A ***WARNING***, please be
careful. Also be sure the library is in the root filesystem as all hell
will break loose if the directory it is in is not available at boot time.
.SH BUGS
.BR tnat64
can only proxy outgoing TCP connections
.BR tnat64
does NOT work correctly with asynchronous sockets (though it does work with
non blocking sockets). This bug would be very difficult to fix and there
appears to be no demand for it (I know of no major application that uses
asynchronous sockets)
.BR tnat64
uses ELF dynamic loader features to intercept dynamic function calls from
programs in which it is embedded. As a result, it cannot trace the
actions of statically linked executables, non-ELF executables, or
executables that make system calls directly with the system call trap or
through the syscall() routine.
.SH FILES
@CONF_FILE@ - default tnat64 configuration file
.SH SEE ALSO
tnat64.conf(5)
tnat64(1)
.SH AUTHORS
Andrej Shadura ([email protected]),
Shaun Clowes ([email protected])
.SH COPYRIGHT
Copyright 2011 Andrej Shadura
Original tsocks manual page, copyright 2000 Shaun Clowes
tnat64 and its documentation may be freely copied under the terms and
conditions of version 2 of the GNU General Public License, as published
by the Free Software Foundation (Cambridge, Massachusetts, United
States of America).
This documentation is heavily based on the documentation for tsocks,
transparent SOCKSification library, whose documentation itself
is based on the documentation for logwrites, another
shared library interceptor. One line of code from it was used in
tsocks and a lot of the documentation :) logwrites is by
[email protected] (Adam J. Richter) and can be had from ftp.yggdrasil.com
pub/dist/pkg