Description: Fix some typographical and grammatical errors.
Author: Peter Pentchev <roam@ringlet.net>
Forwarded: not-yet
Last-Update: 2019-09-12

--- a/INSTALL
+++ b/INSTALL
@@ -251,7 +251,7 @@
 `--disable-preload'
      Do not build libdsocks.  The dynamic socks library might not work
      properly on all architectures.  This option disables building of
-     the library. Also disables it's use in the server.
+     the library. Also disables its use in the server.
 
 `--disable-clientdl'
      Disable building of libdsocks, used by the socksify application.
@@ -381,7 +381,7 @@
 
 No configuration-files are installed, these must be installed
 manually.
-The Dante server expects it's configuration file to be in /etc/danted.conf.
+The Dante server expects its configuration file to be in /etc/danted.conf.
 The client library uses the file /etc/dante.conf.
 
 The file bin/socksify.sh contains a shell script that allows one
--- a/NEWS
+++ b/NEWS
@@ -201,7 +201,7 @@
 
  o SIGHUP code rewritten.  Should function considerably better in
    environments were SIGHUP is, for whatever reason, sent an excessive
-   amount of times every second.
+   number of times every second.
 
  o Default for the maximum number of clients an i/o process can handle has
    been increased from 8 to 32.
@@ -358,7 +358,7 @@
    Performance has also been improved.
 
  o When checking whether a username is member of a group, as used in
-   in group-based authentication checks, also check against the
+   group-based authentication checks, also check against the
    primary groupname of the user, as listed in /etc/passwd or similar,
    rather than only against the entries in /etc/group or similar.
 
@@ -696,7 +696,7 @@
 
    Should make it easier to set up direct routes for local lan in
    the client (specify all local interface names in route statements),
-   and block connections to e.g. loopback addresses (specify the the
+   and block connections to e.g. loopback addresses (specify the
    loopback interface name in a block rule) in the server.
 
  o UPnP support in the client, using the miniupnp library by
@@ -846,7 +846,7 @@
    during negotiation.
    Thanks to Robert Marcano <robert@marcanoonline.com.example.com>.
 
- o Fix formating of some warning messages.
+ o Fix formatting of some warning messages.
    Thanks to James Carlson <james.d.carlson@sun.com.example.com>.
 
 ***
@@ -1036,7 +1036,7 @@
    instead of LOG_ERR, by popular request.
 
  o New module available: redirect, gives control over both
-   where clients requests and replies will end up, aswell as what
+   where clients requests and replies will end up, as well as what
    addresses and portranges the Dante server will use.
    Can also be used to limit the number of concurrent sessions
    from each client.
@@ -1061,7 +1061,7 @@
    default value set to "none".
    The global "method" is only used for socks-rules now.
 
- o delay checking of password/etc til we have received the socks
+ o delay checking of password/etc till we have received the socks
    request (rather than during negotiation, as was the case).
    Required for supporting passwordbased authentication via non-socks
    methods, e.g. pam.
@@ -1248,7 +1248,7 @@
        The correct usage should be that the method field is relative
        to the sourceaddress, and the sourceaddress for replies is
        a "non-socks" connection.  Special care might have to be
-       taken to not accidently block the replies since most of them
+       taken to not accidentally block the replies since most of them
        can only be using method "none" (the only other alternative
        is "rfc931").
 
--- a/configure.ac
+++ b/configure.ac
@@ -374,9 +374,9 @@
     echo "UPNP:              Enabled"
 fi
 if test x"$COMPATFUNCS" = x; then
-    echo "Compatability:     none"
+    echo "Compatibility:     none"
 else
-    echo "Compatability:     $COMPATFUNCS"
+    echo "Compatibility:     $COMPATFUNCS"
 fi
 
 echo ""
--- a/doc/README.survey
+++ b/doc/README.survey
@@ -1,6 +1,6 @@
 	Dante development survey
 
 If you use this software, please take the time to fill out the survey
-at http://www.inet.no/dante/survey.html. It's purpose is to try to
+at http://www.inet.no/dante/survey.html. Its purpose is to try to
 determine which features are most wanted, and will probably influence
 the direction future development will take.
--- a/doc/SOCKS4.protocol
+++ b/doc/SOCKS4.protocol
@@ -52,7 +52,7 @@
 
 	90: request granted
 	91: request rejected or failed
-	92: request rejected becasue SOCKS server cannot connect to
+	92: request rejected because SOCKS server cannot connect to
 	    identd on the client
 	93: request rejected because the client program and identd
 	    report different user-ids
@@ -110,7 +110,7 @@
 
 	90: request granted
 	91: request rejected or failed
-	92: request rejected becasue SOCKS server cannot connect to
+	92: request rejected because SOCKS server cannot connect to
 	    identd on the client
 	93: request rejected because the client program and identd
 	    report different user-ids.
@@ -121,9 +121,9 @@
 of that socket to the client in DSTPORT and DSTIP, respectively. If the
 DSTIP in the reply is 0 (the value of constant INADDR_ANY), then the
 client should replace it with the IP address of the SOCKS server to which
-the cleint is connected. (This happens if the SOCKS server is not a
+the client is connected. (This happens if the SOCKS server is not a
 multi-homed host.)  In the typical scenario, these two numbers are
-made available to the application client prgram via the result of the
+made available to the application client program via the result of the
 subsequent getsockname() call.  The application protocol must provide a
 way for these two pieces of information to be sent from the client to
 the application server so that it can initiate the connection, which
--- a/doc/sockd.conf.5
+++ b/doc/sockd.conf.5
@@ -65,7 +65,7 @@
 .\" clients, the child process will exit.
 .\"
 .\" The only reason for the existence of this option is to work around buggy
-.\" behavior in external libraries used by the the \fBDante\fP server,
+.\" behavior in external libraries used by the \fBDante\fP server,
 .\" which may end up leaking resources or create other problems when having
 .\" run to long.  The default value is \fB0\fP, meaning no limit.
 .\"
@@ -120,7 +120,7 @@
 \fBschedule\fP.<process type>: <scheduling policy>/<priority>.
 
 Example: \fBcpu.schedule.mother: SCHED_FIFO/20\fP
-The above requests that the kernel schedules the mother process(s)
+The above requests that the kernel schedules the mother process(es)
 using a first-in, first-out policy, at priority 20.
 
 The default is to not request any specific scheduling.
@@ -302,7 +302,7 @@
 from non-socks clients, and thus only a limited set of authentication
 methods are possible.
 
-The methods possible for TCP are the the methods not involving the socks
+The methods possible for TCP are the methods not involving the socks
 protocol in any way, and are listed in the \fBclientmethod\fP section
 previously mentioned.  For UDP-replies, no methods can be used.
 
@@ -646,7 +646,7 @@
 \fBtimeout.connect\fP, \fBtimeout.negotiate\fP, \fBtimeout.io\fP,
 \fBtimeout.tcp_fin_wait\fP, and \fBudp.portrange\fP.
 
-The format and content of the the keyword as used in client-rules or
+The format and content of the keyword as used in client-rules or
 socks-rules is identical, but client-rules can contain only a subset of
 the keyword that socks-rules may contain.
 
@@ -1068,7 +1068,7 @@
 .IP
 If the route specifies that a username/password-method should be offered
 to the upstream proxy, \fBDante\fP will forward the username/password received
-from it's own client to the foreign upstream proxy, meaning the
+from its own client to the foreign upstream proxy, meaning the
 upstream proxy will receive the user's username and password in cleartext
 from \fBDante.
 .IP
--- a/doc/socksify.1
+++ b/doc/socksify.1
@@ -50,7 +50,7 @@
 to wrap all networking-related system calls.
 
 When used the script can socksify a program by simply prefixing
-the given program and it's arguments with the the socksify script,
+the given program and its arguments with the socksify script,
 like in the example below.
 
 $ socksify ftp ftp.example.org
@@ -129,7 +129,7 @@
 \fBSOCKS_DIRECTROUTE_FALLBACK\fP
 If this is set to "yes", the client will fallback to attempting
 a direct connection if the proxy route fails.  The default is
-is "no".
+"no".
 .SH FILES
 .I /etc/socks.conf
 .SH AUTHORS
--- a/example/sockd.conf
+++ b/example/sockd.conf
@@ -118,12 +118,12 @@
 # Misc options.
 #
 
-# how many seconds can pass from when a client connects til it has
-# sent us it's request?  Adjust according to your network performance
+# how many seconds can pass from when a client connects till it has
+# sent us its request?  Adjust according to your network performance
 # and methods supported.
 #timeout.negotiate: 30   # on a lan, this should be enough.
 
-# how many seconds can the client and it's peer idle without sending
+# how many seconds can the client and its peer idle without sending
 # any data before we dump it?  Unless you disable tcp keep-alive for
 # some reason, it's probably best to set this to 0, which is
 # "forever".
--- a/example/socks.conf
+++ b/example/socks.conf
@@ -64,7 +64,7 @@
 # if you don't route all local connections via direct, you should
 # at least route the DNS server connections via direct connections if you
 # can.  That can make for much better performance, depending on
-# your setup.  Make sure the the DNS server line is the first.
+# your setup.  Make sure the DNS server line is the first.
 #
 # Assuming your the DNS server runs on address 10.1.1.1, you can do it like this:
 #route {
--- a/include/common.h
+++ b/include/common.h
@@ -116,7 +116,7 @@
 #if PRERELEASE
 
 /*
- * Solaris 2.5.1 and it's stream stuff is broken and puts the processes
+ * Solaris 2.5.1 and its stream stuff is broken and puts the processes
  * into never-never land forever on half the sendmsg() calls if they
  * involve ancillary data.  (it seems to deadlock the processes.)
  * XXX need to retest what the current status of this is.
@@ -749,7 +749,7 @@
  */
 #define DEBUG_NORMAL    (1)
 #define DEBUG_VERBOSE   (2)
-#define DEBUG_DEBUG     (9)   /* only for debuging problems. */
+#define DEBUG_DEBUG     (9)   /* only for debugging problems. */
 
 /*
  * If client, it might need to call malloc(3) to expand socksfdv
@@ -2265,7 +2265,7 @@
  * to getr the ipv4-mapped addresses returned to is to set ai_family to
  * zero, but then we get the regular ipv6-addresses also.  Since there
  * are cases when we want the ipv4-mapped addresses returned also, we
- * need to make the size set here able to accomodate that too.
+ * need to make the size set here able to accommodate that too.
  */
 #define MAX_ADDRINFO_NEXT (10)
 
@@ -3163,7 +3163,7 @@
 /*
  * Logs message "fmt" at priority "priority" to previously configured
  * output device.
- * Checks settings and ignores message if it's of to low a priority.
+ * Checks settings and ignores message if it's of too low a priority.
  */
 
 void vslog(int priority, const char *fmt, va_list ap, va_list apcopy)
@@ -3270,7 +3270,7 @@
  *
  * The route used may take into account the contents of "packet->req",
  * which is assumed to be the packet that will be sent to a socks server,
- * so it is recommended that it's contents be as conservative as possible.
+ * so it is recommended that its contents be as conservative as possible.
  *
  * When it has successfully connected to a gateway it will set
  * the packet->method members to point to the methods the gateway
@@ -3373,7 +3373,7 @@
  *
  * The route used may take into account the contents of "req", which is
  * assumed to be the packet that will be sent to a socks server, so it is
- * recommended that it's contents be as conservative as possible.
+ * recommended that its contents be as conservative as possible.
  *
  * Returns:
  *      On success: pointer to route that should be used.
@@ -4200,7 +4200,7 @@
 
 
 /*
- * Makes a dummy filedescriptor and returns it's index, or -1 on failure.
+ * Makes a dummy filedescriptor and returns its index, or -1 on failure.
  */
 
 #if DEBUG
--- a/include/monitor.h
+++ b/include/monitor.h
@@ -74,7 +74,7 @@
 
 
    /*
-    * Just for latency checking/debuging.
+    * Just for latency checking/debugging.
     */
    struct timeval         ts_sent;
    struct timeval         ts_received;
@@ -141,7 +141,7 @@
  * possibly progressing to the next state.
  *
  * Upon return, "mtu" will be updated to indicate its current state,
- * possibly after reseting the socket "s" to it's initial state and
+ * possibly after resetting the socket "s" to its initial state and
  * disabling further testing on this socket.
  */
 
--- a/include/sockd.h
+++ b/include/sockd.h
@@ -98,23 +98,23 @@
 
 /*
  * This is to handle a potential resource issue that can occur
- * in TCP when side 'A' of the TCP session closes it's end, but
- * the other end, side 'B', does not close it's end.  In this
+ * in TCP when side 'A' of the TCP session closes its end, but
+ * the other end, side 'B', does not close its end.  In this
  * situation, TCP will be forced to keep state for the TCP session
- * until side B closes it's end, or "never" if side B never closes.
+ * until side B closes its end, or "never" if side B never closes.
  *
  * Some kernels have added kernel support for tuning this on a global
  * basis, but implementations may vary.
  *
  * If this value is set, it gives the number of seconds to wait
- * for B to close it's side.  Note that this may break the application
+ * for B to close its side.  Note that this may break the application
  * protocol, as there may be nothing wrong with B using a long time,
- * days even, to close it's end.  It may however produce an unfortunate
- * resource problem with both the Dante server and the kernels TCP having to
+ * days even, to close its end.  It may however produce an unfortunate
+ * resource problem with both the Dante server and the kernel's TCP having to
  * keep state for these sessions, which in 99.999% of the cases could
  * probably be closed as B will not send anything more.
  *
- * The default therefor is to not enable this "feature".
+ * The default therefore is to not enable this "feature".
  */
 #define SOCKD_FIN_WAIT_2_TIMEOUT  (0) /* Seconds.  Set to 0 to disable. */
 
@@ -851,7 +851,7 @@
 
 /*
  * a request child can currently handle a maximum of one client, so can't
- * be changed and is therefor #defined here rather than in config.h.
+ * be changed and is therefore #defined here rather than in config.h.
  */
 #define SOCKD_REQUESTMAX   1
 
@@ -2062,7 +2062,7 @@
       struct timeval    accepted;      /* time connection accepted.           */
       struct timeval    negotiatestart;/* time negotiation started.           */
       struct timeval    negotiateend;  /* time negotiation ended.             */
-      struct timeval    requestend;    /* time requestprocesssing ended.      */
+      struct timeval    requestend;    /* time request processing ended.      */
       struct timeval    established;   /* time session was fully established. */
       struct timeval    firstio;       /* time of first i/o operation.        */
    } time;
@@ -2185,9 +2185,9 @@
     *      but not both).
     *    - two (packets forwarded to both ipv4 and ipv6 addresses).
     * This however assumes our external interface has both IPv4 and IPv6
-    * addresses.  Does it not, at most one target socket will be created.
+    * addresses.  If it does not, at most one target socket will be created.
     *
-    * In Barefoots case, we don't have a TCP control-session, so the scenario
+    * In Barefoot's case, we don't have a TCP control-session, so the scenario
     * is one-to-many; we receive all udp packets from different clients on
     * the one source socket, and we forward them to various targets based
     * what client it was received from.  Since the target is hardcoded in
@@ -2315,7 +2315,7 @@
    /*
     * if not zero, this is an "old" client that has been sent back
     * to the negotiate process from the i/o process, due to the client
-    * changing it's target (remote http server).
+    * changing its target (remote http server).
     * "clientdata" contains the request received from the client,
     * already parsed into "request".
     */
@@ -2435,7 +2435,7 @@
                                      * should it be included in any counts.
                                      *
                                      * Basically just waiting for the SIGCHLD
-                                     * so we can add it's resourceusage to
+                                     * so we can add its resourceusage to
                                      * our counters.
                                      */
    unsigned char    exitingnormally;/* exiting normally, on our request?      */
@@ -2443,7 +2443,7 @@
    int              ack;            /* connection to child for acks.          */
    int              s;              /* connection to child for data.          */
 
-   pid_t            pid;            /* childs pid.                            */
+   pid_t            pid;            /* child's pid.                           */
    int              type;           /* child type.                            */
 
    time_t           created;        /* time created.                          */
@@ -2902,9 +2902,9 @@
  *
  * If "isnormalexit" is set, we are closing the pipes to this child and
  * expect it to exit normally.  This notifies the child about the close,
- * telling it to exit normally when done serving it's clients, unlike what
+ * telling it to exit normally when done serving its clients, unlike what
  * happens if the child exiting by itself without us telling it to do so,
- * or closing it's pipes to us first.
+ * or closing its pipes to us first.
  *
  * If "childpid" is 0, closes all children.
  */
@@ -3276,7 +3276,7 @@
  * as necessary (i.e., it's a "deep copy").
  *
  * Note that memory that is only set once at startup and never changed
- * is not copied from "old".  Instead it is copied from the processes
+ * is not copied from "old".  Instead it is copied from the process's
  * current config object.
  *
  * Returns 0 on success, -1 on failure.
@@ -3489,7 +3489,7 @@
       const char *data, size_t datalen);
 
 /*
- * Called after each each complete io operation
+ * Called after each complete io operation
  * (read then write, or read then block).
  * Does misc. logging based on the log options set in "log".
  * - "rule" is the rule that matched the iooperation, not "const" due to
@@ -4511,8 +4511,8 @@
 /*
  * Gets the outgoing IP address to use.
  *
- * "client_laddr" is address we accepted the client on.
- " "client_raddr" is the address of the client, on whos behalf we are
+ * "client_laddr" is the address we accepted the client on.
+ " "client_raddr" is the address of the client, on whose behalf we are
  *  binding an address on the external side.
  *
  * "command" is the SOCKS command the client requested.
@@ -4657,7 +4657,7 @@
 void
 io_handlesighup(void);
 /*
- * Called at sighup to let the i/o childs do what they need to do
+ * Called at sighup to let the i/o children do what they need to do
  * upon receiving a sighup.
  */
 
--- a/include/socks.h
+++ b/include/socks.h
@@ -634,7 +634,7 @@
  * If "takelock" is true, it means the function should take the
  * socksfdv/addrlock.
  *
- * The function duplicates all arguments in it's own form and does
+ * The function duplicates all arguments in its own form and does
  * not access the memory referenced by them afterwards.
  *
  * The function checks the state of all file descriptors on each call and
--- a/lib/Raccept.c
+++ b/lib/Raccept.c
@@ -437,7 +437,7 @@
    }
 
    /*
-    * a separate socket with it's own remote address and possibly different
+    * a separate socket with its own remote address and possibly different
     * local address too, so need to add it to the socksfd table.
     */
 
--- a/lib/Rconnect.c
+++ b/lib/Rconnect.c
@@ -124,14 +124,14 @@
                 * address and is now trying to connect out from it.
                 * That also indicates the socks server is listening on a port
                 * for this client.
-                * Can't accept() on a connected socket so lets close the
+                * Can't accept() on a connected socket so let's close the
                 * connection to the server so it can stop listening on our
                 * behalf, and we continue as if this was an ordinary connect().
-                * Can only hope the server will use same port as we for
+                * Can only hope the server will use same port as we do for
                 * connecting out.
                 *
                 * Client might get problems if it has done a getsockname(2)
-                * already, and thus thinks it knows it's local address,
+                * already, and thus thinks it knows its local address,
                 * as this Rconnect() will have to change it.
                 */
                int tmp_s;
@@ -166,7 +166,7 @@
                 * connect out on the same socket.  In this case
                 * we want to keep the port bound on the server, and
                 * just add a connect to the peer, so let udpsetup() do
-                * it's thing.
+                * its thing.
                 */
             }
             else
--- a/lib/address.c
+++ b/lib/address.c
@@ -848,7 +848,7 @@
     * With the OpenBSD thread implementation, if a thread is interrupted,
     * calling pthread_mutex_lock() seems to clear the interrupt flag, so
     * that e.g. select(2) will restart rather than returning EINTR.
-    * We don't wont that to happen since we depend on select(2)/etc.
+    * We don't want that to happen since we depend on select(2)/etc.
     * being interrupted by the process used to handle non-blocking connects.
     * We instead take the risk of not taking the thread-lock in this case.
     */
--- a/lib/addressmatch.c
+++ b/lib/addressmatch.c
@@ -232,8 +232,8 @@
 
 #if SOCKS_CLIENT
    /*
-    * Wrong, but maintains compatability with 1.4.1 regarding
-    * 0.0.0.0/0 matching everything.  Keep that compatability with the
+    * Wrong, but maintains compatibility with 1.4.1 regarding
+    * 0.0.0.0/0 matching everything.  Keep that compatibility with the
     * the 1.4.1 socks.conf-files for now.
     */
    if (rule->atype                 == SOCKS_ADDR_IPV4
@@ -595,7 +595,7 @@
        *      addr.ipaddr isin rule.hostname->ipaddr
        *
        * If still no match, and alias is set, resolve addr.ipv4 to hostname(s),
-       * those hostnames back to ip, and and match against
+       * those hostnames back to ip, and match against
        * rule.hostame->ipaddr:
        *    rule.hostname->ipaddr isin addr->ipaddr->hostname(s)->ipaddr
        *    .
--- a/lib/authneg.c
+++ b/lib/authneg.c
@@ -151,9 +151,9 @@
             case AUTHMETHOD_GSSAPI:
                break; /*
                        * ok?  Can't forward gssapi/kerberos credentials,
-                       * but operator should be able to set up a
+                       * but operator should be able to set up
                        * things so we can initiate our own gssapi
-                       * session to the upsteam proxy.
+                       * session to the upstream proxy.
                        */
 
             default:
--- a/lib/clientprotocol.c
+++ b/lib/clientprotocol.c
@@ -1249,7 +1249,7 @@
                                            * RFC 1961 says GSS_C_DELEG_FLAG
                                            * should also be set, but I can't
                                            * see any reason why the client
-                                           * should want to forward it's
+                                           * should want to forward its
                                            * tickets to a socks server ...
                                            *
                                            * Don't set unless until we find
--- a/lib/config.c
+++ b/lib/config.c
@@ -224,7 +224,7 @@
     * after we receive a signal (e.g. SIGHUP) is not the same it was before
     * the signal, as well as other weirdness.  There are some bug-reports
     * related to what looks similar e.g.: kern/157657.  That bug has apparently
-    * been fixed in in a commit in June 2011, after the FreeBSD 8.2 release
+    * been fixed in a commit in June 2011, after the FreeBSD 8.2 release
     * running on our testmachine.
     */
    struct sched_param param;
--- a/lib/config_parse.c
+++ b/lib/config_parse.c
@@ -6460,7 +6460,7 @@
              * we are started with.  If logfiles created by that euid/egid are
              * not writable by our configured privileged userid (if any), it
              * means that upon SIGHUP we will be unable to re-open our own
-             * logfiles.  We therefor check whether the logfile(s) were created
+             * logfiles.  We therefore check whether the logfile(s) were created
              * by ourselves, and if so, make sure they have the right owner.
              */
             logtype_t *logv[] = { &sockscf.log, &sockscf.errlog };
--- a/lib/config_parse.y
+++ b/lib/config_parse.y
@@ -3546,7 +3546,7 @@
              * we are started with.  If logfiles created by that euid/egid are
              * not writable by our configured privileged userid (if any), it
              * means that upon SIGHUP we will be unable to re-open our own
-             * logfiles.  We therefor check whether the logfile(s) were created
+             * logfiles.  We therefore check whether the logfile(s) were created
              * by ourselves, and if so, make sure they have the right owner.
              */
             logtype_t *logv[] = { &sockscf.log, &sockscf.errlog };
--- a/lib/connectchild.c
+++ b/lib/connectchild.c
@@ -51,14 +51,14 @@
  * This sets things up for performing a non-blocking connect for the client.
  * We do this by initiating a connect on a non-blocking socket.
  * If the initial response is positive, we then save the endpoint
- * addresses of the socket and send it our "connect-child", which then
+ * addresses of the socket and send it to our "connect-child", which then
  * handles the socks negotiation and returns the proxy server's response back
  * to us.
  *
- * To avoid the client stepping on our (or rather our connect-childs) toes
+ * To avoid the client stepping on our (or rather our connect-child's) toes
  * while it negotiates with the proxy server, we temporarily let the
- * fd-index the client is using point at at dummy socket, while we use
- * the real socket to negotiate.  Then we set the clients fd to point back
+ * fd-index the client is using point at a dummy socket, while we use
+ * the real socket to negotiate.  Then we set the client's fd to point back
  * at the real socket.
  *
  * When the connect-child is done, it will send us back the same socket
@@ -684,8 +684,7 @@
 }
 
 /*
- * XXX should have more code so we could handle multiple requests at
- * a time.
+ * XXX should have more code so we could handle multiple simultaneous requests
  */
 static void
 run_connectchild(mother_data, mother_ack)
--- a/lib/gssapi.c
+++ b/lib/gssapi.c
@@ -541,7 +541,7 @@
 
 #if SOCKS_CLIENT
    /*
-    * When called by the client, we have the considerably added complexity
+    * When called by the client, we have the considerable added complexity
     * that we cannot completely drain the socket if we have data buffered
     * for read.  If the client then select(2)'s on the socket to know when
     * there is more to read, select(2) will block forever as the data has
@@ -552,13 +552,13 @@
     * as long as we have buffered data which we have not yet returned to
     * the client, so as to not drain this last byte from the socket until
     * we can return all the data buffered to the client, and only then
-    * do we completly drain the socket.
+    * do we completely drain the socket.
     *
     * This makes sure the socket remains readable until we have returned
     * all the data belonging to a given token to the caller, which should
     * let all the kernels select(2)/poll(2)/SIGIO/etc. stuff work.
     *
-    * Sounds simple enough, but alas, there has been many bugs here. :-/
+    * Sounds simple enough, but alas, there have been many bugs here. :-/
     *
     * We also need to handle a client only peeking at the data, with
     * MSG_PEEK. In this case we can do the same as for a normal read,
@@ -870,7 +870,7 @@
    ssize_t towrite, written, p, encodedlen, addedtobuf;
    size_t i;
 
-#if 0 /* for aid in debuging bufferproblems. */
+#if 0 /* for aid in debugging bufferproblems. */
    static size_t j;
    size_t lenv[] = { 60000, 60001, 60002, 60003, 60004, 60005, 60006, 60007,
                      60008, 60009, 60010, 60011, 60012, 60013, 60014, 60015 };
@@ -925,7 +925,7 @@
     * Two modes: Buffered and unbuffered.
     *
     * Unbuffered:
-    *    We try to write upto "len" bytes, and if that fails, we
+    *    We try to write up to "len" bytes, and if that fails, we
     *    store the remaining bytes in our internal iobuf, encoded.
     *    This makes us able to return either "len" or -1 (only if fatal
     *    error) to caller, so that caller understands we have accepted
--- a/lib/hostcache.c
+++ b/lib/hostcache.c
@@ -65,7 +65,7 @@
 static size_t
 hosthash(const char *name, const size_t size);
 /*
- * Calculates a hash value for "name" and returns it's value.
+ * Calculates a hash value for "name" and returns its value.
  * Size of hash table is given by "size".
 */
 
@@ -92,7 +92,7 @@
 static size_t
 addrhash(const struct sockaddr_storage *addr, const size_t size);
 /*
- * Calculates a hash value for the IP-address "addr" and returns it's value.
+ * Calculates a hash value for the IP-address "addr" and returns its value.
  * Size of hash table is given by "size".
 */
 
--- a/lib/httpproxy.c
+++ b/lib/httpproxy.c
@@ -105,7 +105,7 @@
    }
 
    /*
-    * read til we get the eof response so there's no junk left in buffer
+    * read till we get the eof response so there's no junk left in buffer
     * for client, then return the response code.
     */
    eof = checked = readsofar = 0;
@@ -137,7 +137,7 @@
       readsofar += len;
 
       if ((strstr(buf, eofresponse_str)) == NULL)
-         continue; /* don't bother to start parsing til we've got it all. */
+         continue; /* don't bother to start parsing till we've got it all. */
       else
          eof = 1;
 
--- a/lib/iobuf.c
+++ b/lib/iobuf.c
@@ -154,7 +154,7 @@
     * In the client-case, we don't want to encode the packet on
     * every buffered write.  E.g. we don't want 100 putc(3)'s to
     * end up creating 100 gssapi-encoded one-byte packets.
-    * We therefore postpone encoding til we get a flush call, then
+    * We therefore postpone encoding till we get a flush call, then
     * encode the data we have, and write it as one token.
     * That means any already encoded data in the buffer must be written
     * before the unencoded data.
@@ -573,7 +573,7 @@
        * more complex; appended to the end of the unencoded data,
        * which comes before the encoded data.  Meaning we have to first
        * move the encoded data further out in the buffer before we add the
-       * new unencoded data, so that that unencoded data we will add
+       * new unencoded data, so that unencoded data we will add
        * gets appended to any already present unencoded data, before
        * the encoded data.
        */
--- a/lib/log.c
+++ b/lib/log.c
@@ -105,7 +105,7 @@
 dolog(const int priority, const char *buf,
       const size_t logprefixlen, const size_t messagelen);
 /*
- * Does the actual logging of the formated logmessage for slog()/vslog().
+ * Does the actual logging of the formatted logmessage for slog()/vslog().
  *
  * The last character in "buf", before the NUL, must be a newline.
  *
--- a/lib/socket.c
+++ b/lib/socket.c
@@ -1154,7 +1154,7 @@
    /*
     * Test is to set a flag on fd1, and see if the same flag then gets set on
     * fd2.  Note that this flag must be a flag we can set on a socket that
-    * failed during connect(2), or where the peer has closed it's side
+    * failed during connect(2), or where the peer has closed its side
     * of the session, and which will be shared between descriptors that are
     * dup(2)'s of each other.
     *
--- a/lib/time.c
+++ b/lib/time.c
@@ -107,7 +107,7 @@
 
    /*
     * for some reason Coverity produces a warning about
-    * tv_lasttime.tv_usec being unitialized if we do a struct
+    * tv_lasttime.tv_usec being uninitialized if we do a struct
     * assignment here. :-/
     */
    tv_lasttime.tv_sec  = tv->tv_sec;
--- a/lib/udp.c
+++ b/lib/udp.c
@@ -201,7 +201,7 @@
           * via select(2)/poll(2)/etc. failed.
           *
           * In case of 1), the correct thing would be to return ENOTCONN,
-          * but in case 2), we could be called due to the the user having
+          * but in case 2), we could be called due to the user having
           * multiple fd's pointing to the same filedescription index,
           * meaning that even though we have hidden our usage of "s", the
           * user is using another fd (s').  Normally we would of course be
@@ -221,7 +221,7 @@
           * an indication that the connect(2) failed, which it has
           * not (yet, at least) done.  If we return EAGAIN, the
           * user will hopefully retry again, whenever the systemcall
-          * he used to detect that the fd was readable say it's readable.
+          * he used to detect that the fd was readable says it's readable.
           * If the connect is still in progress, we again assume the
           * readability was only related to i/o done by our connect-child
           * over the fd, and was not intended for the user, and again
--- a/lib/upnp.c
+++ b/lib/upnp.c
@@ -337,8 +337,8 @@
           * Can only find out what the external ip address of the device is.
           *
           * We could fetch the address here, but if the client never intends
-          * to find out what it's local address is, that's a waste of time.
-          * Therefor postpone it to the Rgetsockname() call, if it ever
+          * to find out what its local address is, that's a waste of time.
+          * Therefore postpone it to the Rgetsockname() call, if it ever
           * comes, and just connect(2) to the target for now, without
           * attempting to retrieve any information from the IGD.
           *
@@ -471,8 +471,8 @@
 
       case SOCKS_BIND: {
          /*
-          * Need tell the device to create a port mapping, mapping an
-          * address on it's side to the address we have bound.
+          * Need to tell the device to create a port mapping, mapping an
+          * address on its side to the address we have bound.
           * Then we need to get the ip address the device is using
           * on the external side.
           */
@@ -544,7 +544,7 @@
                                    (void *)GET_SOCKADDRADDR(&extaddr),
                                    NULL)) != 1) {
             snprintf(emsg, emsglen,
-                     "strange.  UPNP-device said it's external IP-address is "
+                     "strange.  UPNP-device said its external IP-address is "
                      "the %s \"%s\", but can't parse that with inet_pton(3).  "
                      "Errorcode %d (%s)",
                      safamily2string(extaddr.ss_family),
--- a/sockd/auth_pam.c
+++ b/sockd/auth_pam.c
@@ -122,7 +122,7 @@
     * some sort of busy-loop if we don't call pam_end(3) ever so
     * often.
     *
-    * Therefor, disregard all possible optimization stuff for now and
+    * Therefore, disregard all possible optimization stuff for now and
     * call pam_start(3) and pam_end(3) every time.
     */
 
--- a/sockd/dante_udp.c
+++ b/sockd/dante_udp.c
@@ -1405,7 +1405,7 @@
 
    if (!ADDRISBOUND(expected)) {
       /*
-       * Client hasn't sent us it's complete address yet, but if
+       * Client hasn't sent us its complete address yet, but if
        * the parts of the address it has sent (if any) matches
        * the source of this packet, we have to assume this packet
        * is from it.  We can then update the expected address with
--- a/sockd/method_uname.c
+++ b/sockd/method_uname.c
@@ -311,14 +311,14 @@
     * Very sadly we can't always do checking of the username/password here
     * since we don't know what authentication to use yet.  It could
     * be username, but it could also be PAM, or some future method.
-    * It depends on what the socks request is.  We therefor would have
+    * It depends on what the socks request is.  We therefore would have
     * liked to give the client success status back no matter what
     * the username/password is, and later deny the connection if need be
     * after we have gotten the request.
     *
     * That however creates problems with clients that, naturally, cache
     * the wrong username/password if they get success.
-    * We therefor check if we have a unique passworddb to use, and if so,
+    * We therefore check if we have a unique passworddb to use, and if so,
     * check the password here so we can return an immediate error to client.
     * This we can do because if the passworddb is unique there is
     * no chance of the result varying based to the client's request.
--- a/sockd/mother_util.c
+++ b/sockd/mother_util.c
@@ -63,8 +63,8 @@
 static void unexpecteddeath(void);
 /*
  * Should be called after any unexpected child death / child removal.
- * May disable creation of further children for a while and log a warning
- * if appropriate, or the enable creation of further children.
+ * May disable the creation of further children for a while and log a warning
+ * if appropriate, or enable the creation of further children.
  */
 
 void
@@ -730,7 +730,7 @@
     * The practical effect of this seems to be that if we use different
     * userids, we, when running with the euid of something other than root,
     * may not be able to send the SIGINFO signal to our own children. :-/
-    * Simlar problem exists for FreeBSD.
+    * A similar problem exists for FreeBSD.
     *
     * To workaround the problem, send SIGUSR1 to the children instead of
     * SIGINFO, as SIGUSR1 has always been treated the same way as SIGINFO
@@ -995,7 +995,7 @@
     *
     * The only reason for locking shmemconfig is so we do not update it (due
     * to another SIGHUP) while the children try to read it (children lock it
-    * read-only, we lock it it read-write).
+    * read-only, we lock it read-write).
     */
 
    socks_lock(sockscf.shmemconfigfd, 0, 0, 1, 1);
@@ -1168,7 +1168,7 @@
              * Note that this might be a pid from our former self also
              * if we failed on an internal error, fork(2)-ed process to
              * get the coredump and continue.  When the fork(2)-ed process
-             * exits after generating the coredump, we will receive it's
+             * exits after generating the coredump, we will receive its
              * SIGCHLD, but no account of it.  To avoid that, hopefully
              * never happening, problem generating a recursive error, let
              * this be a swarnx(), and not a SWARNX().
--- a/sockd/rule.c
+++ b/sockd/rule.c
@@ -154,7 +154,7 @@
     *    - make sure all rules have the same rule number (the user has only
     *      created one rule, our problem that it expands to multiple rules).
     *    - make sure the shmem-objects reference the same shmem ids, as the
-    *      limits/settings the user has specifed should be shared across
+    *      limits/settings the user has specified should be shared across
     *      all clients matching the rule(s).
     */
 
@@ -1676,15 +1676,15 @@
           * subsequent close(2) without us having sent the whole banner to
           * the client first.  But if the kernel wants to send RST while
           * we have data not yet sent, it will discard the data not yet
-          * sent.  We therefor drain the data first, trying to make sure the
+          * sent.  We therefore drain the data first, trying to make sure the
           * kernel does not discard the data in the outbuffer and sends a
           * RST when we close(2).  Note that this changes the RST to FIN.
           * See 2.17 in RFC 2525, "Failure to RST on close with data pending",
           * for more information about this.
           *
           * Note there is a race here, as the client could send us data
-          * between our last read(2) call and us closing the session later, not
-          * but much to do about that.
+          * between our last read(2) call and us closing the session later, but
+          * there's not much we can do about that.
           */
           char buf[1024];
           ssize_t p;
@@ -2450,7 +2450,7 @@
     * If no socksmethod is set in this rule, set all from the global methods.
     * For the client-rule there isn't really many checks we can do on what
     * methods to set (e.g., do they support what will be  required by the
-    * matchin socks-rule?), as we won't know what is required until we know
+    * matching socks-rule?), as we won't know what is required until we know
     * what the matching socks-rule will be for the clients request.
     *
     * For the socks-rule, we can check things however.
@@ -2600,7 +2600,7 @@
     * Set default values for some authentication-methods, if none
     * set.  Note that this needs to be set regardless of what the
     * method set in the rule is, as checkconfig() might add methods
-    * to the rules as part of it's operation.  This happens e.g. when
+    * to the rules as part of its operation.  This happens e.g. when
     * adding default methods to the global clientmethod line, if appropriate,
     * and then adding the same methods to the client-rules, if the rules
     * do not already have a method.
--- a/sockd/serverconfig.c
+++ b/sockd/serverconfig.c
@@ -63,7 +63,7 @@
  * Returns 0 if the address "ra" was addedd to the list of external addresses.
  *
  * Returns -1 if the address "ra" was not added for a non-fatal reason,
- * after loging a message if apropriate.
+ * after logging a message if appropriate.
  */
 
 static int addinternaladdr(const char *ifname,
@@ -73,7 +73,7 @@
  * Returns 0 if the address "ra" was addedd to the list of internal addresses.
  *
  * Returns -1 if the address "ra" was not added for a non-fatal reason,
- * after loging a message if apropriate.
+ * after logging a message if appropriate.
  */
 
 
@@ -741,7 +741,7 @@
    /* srchost, read from config file. */
    bzero(&config->srchost, sizeof(config->srchost));
 
-   /* stat: not touch.  Accumulated continously. */
+   /* stat: not touch.  Accumulated continuously. */
 
    /*
     * state; keep most of it, with the following exceptions:
--- a/sockd/shmem.c
+++ b/sockd/shmem.c
@@ -176,7 +176,7 @@
            function, SOCKD_SHMEMFILE);
 
    /*
-    * Hostcache also uses shmem, but has it's own area.
+    * Hostcache also uses shmem, but has its own area.
     */
    hostcachesetup();
 
--- a/sockd/sockd.c
+++ b/sockd/sockd.c
@@ -202,7 +202,7 @@
    /*
     * The monitor-child is special, as there is only one and it
     * is shared/used by all processes, the mother processes
-    * included.  It therefor needs to be the first one created,
+    * included.  It therefore needs to be the first one created,
     * even before the mother processes.
     */
    if (childcheck(PROC_MONITOR) < 1) {
@@ -1622,9 +1622,9 @@
 
          if (child->type == PROC_IO) {
             /*
-             * don't receive anything back from i/o childs
-             * except the freeslot ack, as i/o childs are the
-             * last in the chain, so need to update this stat her.
+             * don't receive anything back from i/o children
+             * except the freeslot ack, as i/o children are the
+             * last in the chain, so need to update this stat here.
              */
             ++sockscf.stat.io.received;
 #if COVENANT
--- a/sockd/sockd_child.c
+++ b/sockd/sockd_child.c
@@ -561,7 +561,7 @@
    size_t i, *childc;
 
 
-   slog(LOG_DEBUG, "%s: clearing all childs of type %s from set",
+   slog(LOG_DEBUG, "%s: clearing all children of type %s from set",
         function, childtype2string(childtype));
 
    setchildtype(childtype, &childv, &childc, NULL);
@@ -1126,7 +1126,7 @@
    /*
     * if not mother, request child.  Since that child only handles one
     * client at a time, it's safe to block as long as it takes.  Mother
-    * on the other hand can not block.
+    * on the other hand cannot block.
     */
    if (sendmsgn(s, &msg, 0, sockscf.state.type == PROC_MOTHER ? 0 : -1)
    != length) {
@@ -1869,8 +1869,8 @@
 
          /*
           * signals mother has set up but which we need ignore at this
-          * point, lest we accidentally run mothers signal handler if the
-          * child does not install it's own signal handler for the
+          * point, lest we accidentally run mother's signal handler if the
+          * child does not install its own signal handler for the
           * particular signal.
           * Later on, the child sets up its own signal handlers.
           */
@@ -1961,7 +1961,7 @@
 
 #if HAVE_PRIVILEGES
                if (sockscf.state.haveprivs) {
-                  /* don't need this privilege so permanently loose it. */
+                  /* don't need this privilege so permanently lose it. */
                   priv_delset(sockscf.privileges.privileged, PRIV_NET_PRIVADDR);
 
                   if (setppriv(PRIV_SET,
@@ -2025,13 +2025,13 @@
           * newprocinit() will close the old syslog descriptor, if any,
           * before opening a new one.  If we have started to use the
           * descriptor for something else already (e.g. due to dup(2)),
-          * newprocinit(), will still close the old descriptor, even
+          * newprocinit() will still close the old descriptor, even
           * though it's no longer a syslog descriptor.
           */
          newprocinit();
 
          /*
-          * This is minor optimization to make things faster for select(2)
+          * This is a minor optimization to make things faster for select(2)
           * by avoiding having two increasingly high-numbered descriptors
           * to check for, with most of the other descriptors in the lower-end.
           */
--- a/sockd/sockd_io.c
+++ b/sockd/sockd_io.c
@@ -77,9 +77,9 @@
 static int
 io_connectisinprogress(const sockd_io_t *io);
 /*
- * Returns true if "io" belongs to a connect whos current state is marked
- * as being in progress, but does not check whether it's status has changed
- * since last time state was updated.
+ * Returns true if "io" belongs to a connect whose current state is marked
+ * as being in progress, but does not check whether its status has changed
+ * since the last time state it was updated.
  * Returns false otherwise.
  */
 
@@ -195,7 +195,7 @@
  * "type", if not NULL, is filled in with the type of timeout that will
  * occur at that time, if any.
  *
- * Returns the number of seconds til the io object "io" will timeout.
+ * Returns the number of seconds till the io object "io" will timeout.
  *
  * 0 if the timeout has already been reached, or
  * -1 if no timeout on the io is currently set.
@@ -252,8 +252,8 @@
  * Note that this function must be called after the connect has completed,
  * as in the socks case (and some covenant cases) we need to send a
  * response back to the client before it will start sending us data.
- * We can thus not delay calling this function til we get ordinary i/o
- * from one side, as it's possible none will be coming til after we
+ * We can thus not delay calling this function till we get ordinary i/o
+ * from one side, as it's possible none will be coming till after we
  * have sent the response to the client.
  *
  * Returns 0 if the socket connected successfully.
@@ -311,7 +311,7 @@
  * if not 0, we have "overflowed" according to max bandwidth configured.
  * We can not attribute it to any given client though, so we penalize
  * all by delaying a little.  This object gives the earliest time at which we
- * can again do i/o over one of the object that has overflown it's bandwidth
+ * can again do i/o over one of the object that has overflown its bandwidth
  * limit.
  */
 static struct timeval bwoverflowtil;
@@ -361,7 +361,7 @@
          serr("%s: could not make rawsocket non-blocking", function);
 
 #if HAVE_PRIVILEGES
-   /* don't need this privilege any more, permanently loose it. */
+   /* don't need this privilege any more, permanently lose it. */
 
    if (sockscf.state.haveprivs) {
       priv_delset(sockscf.privileges.privileged, PRIV_NET_ICMPACCESS);
@@ -614,7 +614,7 @@
 #else /* !BAREFOOTD */
          /*
           * this process can continue independent of mother as long as it
-          * has clients, because each client has it's own unique
+          * has clients, because each client has its own unique
           * udp socket on the client-side also.
           */
 #endif /* !BAREFOOTD */
@@ -627,7 +627,7 @@
       }
 
       /*
-       * this needs to be after check of ack-pipe to limit error messages,
+       * this needs to be after the check of ack-pipe to limit error messages,
        * because the ack-pipe is a stream pipe, so hopefully we will handle
        * the EOF from mother on the ack-pipe before we get the error on
        * the data-pipe.
@@ -728,7 +728,7 @@
 
 #if BAREFOOTD
       /*
-       * Checked before, and checked again now, as it's status too may
+       * Checked before, and checked again now, as its status too may
        * change and it may become readable (again).
        */
       if (rawsocket != -1) {
@@ -738,12 +738,12 @@
 #endif /* BAREFOOTD */
 
       /*
-       * Use a separate set to to store all udp fds that should be writable.
+       * Use a separate set to store all udp fds that should be writable.
        * We don't bother actually checking udp sockets for writability
        * because if the udp write ends up failing, it wouldn't make any
        * difference whether the socket was marked as writable or not; for
-       * all we know it's "writability" could have have been limited to a
-       * one byte write/packet, while the corresponding packet read was much
+       * all we know its "writability" could have been limited to a
+       * single-byte write/packet, while the corresponding packet read was much
        * larger, in which case our write could have failed anyway.
        */
       FD_ZERO(udprset);
@@ -768,7 +768,7 @@
              * Descriptor has data buffered for write.  That means we should
              * mark the other side as readable.  Regardless of whether we
              * can read from the other side or not at the moment, we have
-             * data that we previously read from it which which we need to
+             * data that we previously read from it which we need to
              * forward to the other side.
              */
             int other_side;
@@ -1151,7 +1151,7 @@
              * packet has been read.
              *
              * Try to read as many packets as we can as presumably there is
-             * a much greater risk of loosing packets on on the client side,
+             * a much greater risk of losing packets on the client side,
              * since all the clients send to one address/socket.
              */
 
@@ -1816,7 +1816,7 @@
 #endif /* BAREFOOTD */
 
             /*
-             * Each client will have it's own target/dst object, set once
+             * Each client will have its own target/dst object, set once
              * we receive the first packet from it.  The client/source socket
              * is however the same for all clients.
              */
@@ -2307,7 +2307,7 @@
             /*
              * the client-socket is shared among many clients, so set it
              * regardless of bw-limits as we don't know from what
-             * client the packet is til we've read the packet.
+             * client the packet is till we've read the packet.
              *
              * XXX But what do we do if the bw overflows?  We can't know
              * that until we've read the packet and seen what client it's
--- a/sockd/sockd_negotiate.c
+++ b/sockd/sockd_negotiate.c
@@ -151,7 +151,7 @@
 static struct timeval *
 neg_gettimeout(struct timeval *timeout);
 /*
- * Fills in "timeout" with time til the first clients connection
+ * Fills in "timeout" with time till the first clients connection
  * expires.
  * Returns:
  *      If there is a timeout: pointer to filled in "timeout".
@@ -211,7 +211,7 @@
 static struct timeval *
 neg_gettimeout(struct timeval *timeout);
 /*
- * Fills in "timeout" with time til the first clients connection expires.
+ * Fills in "timeout" with time till the first clients connection expires.
  * Returns:
  *      If there is a timeout: pointer to filled in "timeout".
  *      If there is no timeout: NULL.
@@ -1231,8 +1231,8 @@
      * Normally there is no client data in Dante's case, but some clients
      * may piggy-back the payload together with the socks request, without
      * waiting for our response.  That is not legal to do, but some clients
-     * do it anyway, so we better support it.
-     * We therefor need to make sure we never read more of the payload than
+     * do it anyway, so we'd better support it.
+     * We therefore need to make sure we never read more of the payload than
      * we can send on to the i/o process, which will eventually need to
      * forward it to the destination.
      */
@@ -1313,7 +1313,7 @@
             if (permit) {
                /*
                 * Let the hostid-rule inherit settings from the client-rule,
-                * or use it's own.
+                * or use its own.
                 */
                if (rule_inheritoruse(&neg->crule,
                                      &cinfo,
@@ -1433,7 +1433,7 @@
       if (client.clientdatalen > 0) {
          slog(LOG_DEBUG,
               "%s: received client already has %lu bytes read from it.  "
-              "Must be a client that is changing it's http server target "
+              "Must be a client that is changing its http server target "
               "to %s, so request should already be parsed",
               function,
               (unsigned long)client.clientdatalen,
--- a/sockd/sockd_request.c
+++ b/sockd/sockd_request.c
@@ -1277,7 +1277,7 @@
              *
              * Unfortunately the meaning given in these standard provides
              * limited usability, so people "interpret" the standards more
-             * loose to get more practical functionality out of them.
+             * loosely to get more practical functionality out of them.
              *
              * - If the client provided an ip address when requesting the
              *   bind, we should only return remote connections matching
@@ -1392,7 +1392,7 @@
                               emsglen);
 
          /*
-          * XXX we should check whether it's possible receive any bindreply
+          * XXX we should check whether it's possible to receive any bindreply
           * also.  No need to stick around if no replies will be allowed.
           */
 
@@ -1461,10 +1461,10 @@
           * have a lot of complicated stuff for handling it in the i/o
           * process.
           *
-          * The procedure thus becomes that we use the clients TCP
+          * The procedure thus becomes that we use the client's TCP
           * address to evaluate what resources to allocate, and then
-          * use the clients UDP address to evaluate whether each individual
-          * packet should be passed through.  If the client sends us it's
+          * use the client's UDP address to evaluate whether each individual
+          * packet should be passed through.  If the client sends us its
           * UDP address in the udpassociate request, we can also evaluate
           * here whether it's at all possible that any udp packets from
           * it will be let through.  If not, we can just as well block it
@@ -1944,7 +1944,7 @@
 
                /*
                 * The problem is that both we and the process which receives
-                * the io packet needs to know when the client closes it's
+                * the io packet needs to know when the client closes its
                 * connection, but _we_ need to receive a query from the
                 * client on the connection as well, and the io process would
                 * get confused about that.  We try to hack around that
@@ -1973,7 +1973,7 @@
 
          if (rc == 0) {
             /*
-             * let client know what address we bound to on it's behalf.
+             * let client know what address we bound to on its behalf.
              */
 
             sockaddr2sockshost(&io.dst.laddr, &response.host);
@@ -2025,7 +2025,7 @@
          if (bindio.state.extension.bind) {
             sockshost2sockaddr(&bindio.dst.host, &bindio.dst.raddr);
 
-            /* won't create socket for this til we connect to the client. */
+            /* won't create socket for this till we connect to the client. */
             bzero(&bindio.dst.laddr, sizeof(bindio.dst.laddr));
             SET_SOCKADDR(&bindio.dst.laddr, AF_INET);
             TOIN(&bindio.dst.laddr)->sin_addr.s_addr = htonl(INADDR_ANY);
@@ -2043,7 +2043,7 @@
          sockaddr2sockshost(&bindio.src.laddr, &bindio.src.host);
 
          /*
-          * don't know what peer will be til we accept(2) it.
+          * don't know what peer will be till we accept(2) it.
           */
          bzero(&bindio.src.raddr, sizeof(bindio.src.raddr));
          SET_SOCKADDR(&bindio.src.raddr, bindio.src.laddr.ss_family);
@@ -2871,7 +2871,7 @@
           * Let the created socket be of the same address family as
           * the client tells us it will send packets from.  Note that
           * even if the client sends us an all-zero address now, even
-          * the all-zero address will have to have it's family
+          * the all-zero address will have to have its family
           * specified, as either ipv4 or ipv6.
           *
           * Exception is if the client does something so strange as to
@@ -2999,12 +2999,12 @@
 #else /* SOCKS_SERVER */
          /*
           * bind client-side address for receiving UDP packets, so we can tell
-          * the client where to send it's packets.
+          * the client where to send its packets.
           * XXX should perhaps have a global udprange option also, for clients
           *     that don't know what address they will be sending from.  This
-          *     rule is possibly not the one the client will finaly end up
+          *     rule is possibly not the one the client will finally end up
           *     using, in which the udprange specification would not apply,
-          *     but how can we know if the client doesn't tell us it's source
+          *     but how can we know if the client doesn't tell us its source
           *     address.
           * XXX add check for privileges on startup if range is privileged
           */
@@ -3773,7 +3773,7 @@
          /*
           * Possibly there is a route supporting an ipaddress destination,
           * even if there was no route supporting the hostname destination
-          * (e.g., there is only socks v4 route).  Therefor try resolving the
+          * (e.g., there is only a socks v4 route).  Therefore try to resolve the
           * destination locally before giving up on finding a route.
           *
           * We will need to resolve the destination sooner or later
--- a/sockd/sockd_socket.c
+++ b/sockd/sockd_socket.c
@@ -157,7 +157,7 @@
 
       slog(LOG_DEBUG, "%s: re-bind(2) after unconnecting failed: %s.  "
                       "Current address is %s (was %s).  Trying to create a "
-                      "new socket instead, though we might loose some packets "
+                      "new socket instead, though we might lose some packets "
                       "doing so",
                       function,
                       strerror(errno),
--- a/sockd/sockd_tcp.c
+++ b/sockd/sockd_tcp.c
@@ -503,7 +503,7 @@
    sendto_info_t sendtoflags;
    recvfrom_info_t recvfromflags;
    ssize_t r, w, p;
-#if 0 /* for aid in debuging bufferproblems. */
+#if 0 /* for aid in debugging bufferproblems. */
    static size_t j;
    size_t lenv[] = { 60000, 60001, 60002, 60003, 60004, 60005, 60006, 60007,
                      60008, 60009, 60010, 60011, 60012, 60013, 60014, 60015 };
@@ -769,11 +769,11 @@
 #if COVENANT
    if (in->isclientside && !reqflags->httpconnect) {
       /*
-       * As long as the target of the clients request does not change, we
+       * As long as the target of the client's request does not change, we
        * can forward it as normal.  If it changes, we need to restart
        * negotiation however.
        * Since we have no other way to know when the target changes, we have
-       * to parse all data from the the http client before we can forward it,
+       * to parse all data from the http client before we can forward it,
        * as if the request is to a different server, it should not be
        * forwarded to the current target.
        */
--- a/sockd/sockd_udp.c
+++ b/sockd/sockd_udp.c
@@ -116,7 +116,7 @@
     *               maxsessions: 1 }
     *
     * Correspondingly, in Dante, the below will not work as the
-    * socks udp client can change it's destination at any time.
+    * socks udp client can change its destination at any time.
     *
     * pass { from: 10/8 to: 10.1.1.1/32 port = echo
     *        maxsessions: 10 }
@@ -132,7 +132,7 @@
     * Do we move the client from the session belonging to rule #1 when it
     * sends a packet matching rule #2, and then move it back again from
     * rule #2 to rule #1?  Also obviously not.
-    * Instead we do the simple thing and and lock the resources when the
+    * Instead we do the simple thing and lock the resources when the
     * udp session is established, which will be in the request child.
     */
    const char *function   = "doio_udp()";
@@ -215,7 +215,7 @@
 
 #if BAREFOOTD
       /*
-       * initalize to crule, and if we get far enough, rulespermit() will
+       * initialize to crule, and if we get far enough, rulespermit() will
        * update it, possibly changing it to another crule based on the source
        * address of the client who sent the packet we will read.
        *