first go at a manpage

2 files changed, 134 insertions, 2 deletions

diff --git a/usr.sbin/tftp-proxy/Makefile b/usr.sbin/tftp-proxy/Makefile
index 6f94a06ed2c..7603dd23a4a 100644
--- a/usr.sbin/tftp-proxy/Makefile
+++ b/usr.sbin/tftp-proxy/Makefile
@@ -1,8 +1,8 @@
-#	$OpenBSD: Makefile,v 1.2 2012/07/11 11:45:37 dlg Exp $
+#	$OpenBSD: Makefile,v 1.3 2012/07/11 12:07:32 dlg Exp $
 
 PROG=	tftp-proxy
 SRCS=	tftp-proxy.c filter.c
-MAN=	#tftp-proxy.8
+MAN=	tftp-proxy.8
 LDADD=	-levent
 DPADD=	${LIBEVENT}
 
diff --git a/usr.sbin/tftp-proxy/tftp-proxy.8 b/usr.sbin/tftp-proxy/tftp-proxy.8
new file mode 100644
index 00000000000..2fa1f33656c
--- /dev/null
+++ b/usr.sbin/tftp-proxy/tftp-proxy.8
@@ -0,0 +1,132 @@
+.\"	$OpenBSD: tftp-proxy.8,v 1.1 2012/07/11 12:07:32 dlg Exp $
+.\"
+.\" Copyright (c) 2005 joshua stein <jcs@openbsd.org>
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: July 11 2012 $
+.Dt TFTP-PROXY 8
+.Os
+.Sh NAME
+.Nm tftp-proxy
+.Nd Internet Trivial File Transfer Protocol proxy
+.Sh SYNOPSIS
+.Nm tftp-proxy
+.Op Fl 46dv
+.Op Fl l Ar address
+.Op Fl p Ar port
+.Op Fl w Ar transwait
+.Sh DESCRIPTION
+.Nm
+is a proxy for the Internet Trivial File Transfer Protocol.
+TFTP connections should be redirected to the proxy using a
+.Xr pf 4
+rule using the
+.Ar divert-to
+option, after which the proxy connects to the server on behalf of
+the client.
+The connection from the proxy to the server needs to be passed by
+a rule with divert-reply set.
+.Pp
+The proxy inserts
+.Xr pf 4
+pass rules using the
+.Ar anchor
+facility to allow payload packets between the client and the server.
+Once the rules are inserted,
+.Nm
+forwards the initial request from the client to the server to begin the
+transfer.
+After
+.Ar transwait
+seconds, the states are assumed to have been established and the
+.Xr pf 4
+rules are deleted and the program exits.
+Once the transfer between the client and the server is completed the
+states will naturally expire.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl d
+Do not daemonize.
+If this option is specified,
+.Nm
+will run in the foreground and log
+the client IP, type of request, and filename to stderr.
+.It Fl l Ar address
+Listen on the specified address.
+By default
+.Nm
+listens on wildcard addresses.
+.It Fl p Ar port
+Listen on the specified port.
+By default
+.Nm
+listens on port 6969.
+.It Fl v
+Log the connection and request information to
+.Xr syslogd 8 .
+.It Fl w Ar transwait
+Number of seconds to wait for the data transmission to begin before
+removing the
+.Xr pf 4
+rule.
+The default is 2 seconds.
+.El
+.Sh CONFIGURATION
+To make use of the proxy,
+.Xr pf.conf 5
+needs the following rules.
+The anchor is mandatory.
+Adjust the rule as needed for your configuration.
+.Bd -literal -offset indent
+anchor "tftp-proxy/*"
+pass in quick on $int_if inet proto udp from $lan to port tftp \e
+    divert-to 127.0.0.1 port 6969
+pass out quick on $ext_if inet proto udp from $lan to port tftp \e
+    group proxy divert-reply
+.Ed
+.Sh SEE ALSO
+.Xr tftp 1 ,
+.Xr pf 4 ,
+.Xr pf.conf 5 ,
+.Xr ftp-proxy 8 ,
+.Xr inetd 8 ,
+.Xr syslogd 8 ,
+.Xr tftpd 8
+.Sh CAVEATS
+.Nm
+chroots to
+.Pa /var/empty
+and changes to user
+.Dq proxy
+to drop privileges.