faith interfaces are dynamically created and destroyed with the ifconfig(8) create and destroy subcommands.
Special action will be taken when IPv6 TCP traffic is seen on a router,
and the routing table suggests to route it to the
faith
interface.
In this case, the packet will be accepted by the router,
regardless of the list of IPv6 interface addresses assigned to the router.
The packet will be captured by an IPv6 TCP socket, if it has the
IN6P_FAITH
flag turned on and matching address/port pairs.
As a result,
faith
will let you capture IPv6 TCP traffic to some specific destination addresses.
Userland programs, such as
faithd(8)
can use this behavior to relay IPv6 TCP traffic to IPv4 TCP traffic.
The program can accept some specific IPv6 TCP traffic, perform
getsockname(2)
to get the IPv6 destination address specified by the client,
and perform application-specific address mapping to relay IPv6 TCP to IPv4 TCP.
IN6P_FAITH
flag on a IPv6 TCP socket can be set by using
setsockopt(2),
with level
IPPROTO_IPV6
and optname
IPv6_FAITH
.
To handle error reports by ICMPv6, some ICMPv6 packets routed to an faith interface will be delivered to IPv6 TCP, as well.
To understand how faith can be used, take a look at the source code of faithd(8).
As the
faith
interface implements potentially dangerous operations,
great care must be taken when configuring it.
To avoid possible misuse, the
sysctl(8)
variable
net.inet6.ip6.keepfaith
must be set to
1
prior to using the interface.
When
net.inet6.ip6.keepfaith
is
0
,
no packets will be captured by the
faith
interface.
The faith interface is intended to be used on routers, not on hosts.