Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-18 03:25:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clarify needed permission to open /dev/pf et al for reading

Browse Source 
Issue:		#66
Reported by:	Nikolay Khodov
This commit is contained in:
Daniel Roethlisberger 2014-12-08 19:40:01 +01:00
parent 39e9c898e5
commit d6b11f61b7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sslsplit.1
View File

@ -413,6 +413,8 @@ SSLsplit currently supports the following NAT engines:
OpenBSD packet filter (pf) \fBrdr\fP/\fBrdr-to\fP NAT redirects, also available OpenBSD packet filter (pf) \fBrdr\fP/\fBrdr-to\fP NAT redirects, also available
on FreeBSD, NetBSD and Mac OS X. on FreeBSD, NetBSD and Mac OS X.
Fully supported, including IPv6. Fully supported, including IPv6.
Note that SSLsplit needs permission to open \fB/dev/pf\fP for reading, which by
default means that it needs to run under \fBroot\fP privileges.
Assuming inbound interface \fBem0\fP, first in old (FreeBSD, Mac OS X), Assuming inbound interface \fBem0\fP, first in old (FreeBSD, Mac OS X),
then in new (OpenBSD 4.7+) syntax: then in new (OpenBSD 4.7+) syntax:
.LP .LP
@ -474,6 +476,8 @@ First in IPFW, then in pf \fBdivert-to\fP syntax:
.B ipfilter .B ipfilter
IPFilter (ipfilter, ipf), available on many systems, including FreeBSD, NetBSD, IPFilter (ipfilter, ipf), available on many systems, including FreeBSD, NetBSD,
Linux and Solaris. Linux and Solaris.
Note that SSLsplit needs permission to open \fB/dev/ipnat\fP for reading, which
by default means that it needs to run under \fBroot\fP privileges.
Only supports IPv4 due to limitations in the SIOCGNATL ioctl(2) interface. Only supports IPv4 due to limitations in the SIOCGNATL ioctl(2) interface.
Assuming inbound interface \fBbge0\fP: Assuming inbound interface \fBbge0\fP:
.LP .LP