The
faith interface captures IPv6 TCP traffic, for implementing userland IPv6-to-IPv4 TCP relay like
faithd(8).
faith interfaces are dynamically created and destroyed with the
ifconfig(8) create and
destroy subcommands.
Special action will be taken when IPv6 TCP traffic is seen on a router, and the routing table suggests to route it to the
faith interface. In this case, the packet will be accepted by the router, regardless of the list of IPv6 interface addresses assigned to the router. The packet will be captured by an IPv6 TCP socket, if it has the
IN6P_FAITH flag turned on and matching address/port pairs. As a result,
faith will let you capture IPv6 TCP traffic to some specific destination addresses. Userland programs, such as
faithd(8) can use this behavior to relay IPv6 TCP traffic to IPv4 TCP traffic. The program can accept some specific IPv6 TCP traffic, perform
getsockname(2) to get the IPv6 destination address specified by the client, and perform application-specific address mapping to relay IPv6 TCP to IPv4 TCP.
IN6P_FAITH flag on an IPv6 TCP socket can be set by using
setsockopt(2), with level
IPPROTO_IPV6 and optname
IPv6_FAITH.
To handle error reports by ICMPv6, some ICMPv6 packets routed to an
faith interface will be delivered to IPv6 TCP, as well.
To understand how
faith can be used, take a look at the source code of
faithd(8).
As the
faith interface implements potentially dangerous operations, great care must be taken when configuring it. To avoid possible misuse, the
sysctl(8) variable
net.inet6.ip6.keepfaith must be set to
1 prior to using the interface. When
net.inet6.ip6.keepfaith is
0, no packets will be captured by the
faith interface.
The
faith interface is intended to be used on routers, not on hosts.