diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2017-04-17 18:11:18 +0100 |
---|---|---|
committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2017-04-17 18:11:18 +0100 |
commit | 08e5c1c8752d0dbf3cf404639e78a7e4276c1e1b (patch) | |
tree | 5a428985fe3c970b620fa5daaa779d3d783ab808 /ipif/service-wrap | |
parent | f2add8c1b19c46ff78655278643c3c2851db7566 (diff) | |
download | userv-utils-08e5c1c8752d0dbf3cf404639e78a7e4276c1e1b.tar.gz |
ipif: wip new service-wrap: docs
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Diffstat (limited to 'ipif/service-wrap')
-rw-r--r-- | ipif/service-wrap | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/ipif/service-wrap b/ipif/service-wrap new file mode 100644 index 0000000..ad9de06 --- /dev/null +++ b/ipif/service-wrap @@ -0,0 +1,57 @@ +#!/usr/bin/perl -w +# +# When invoked appropriately, it creates a point-to-point network +# interface with specified parameters. It arranges for packets sent out +# via that interface by the kernel to appear on its own stdout in SLIP or +# CSLIP encoding, and packets injected into its own stdin to be given to +# the kernel as if received on that interface. Optionally, additional +# routes can be set up to arrange for traffic for other address ranges to +# be routed through the new interface. +# +# This is the access control wrapper for the service program. +# Arrangments should be made to invoke this as root from userv. +# +# Usage: +# +# .../ipif1 <v1config> -- <service-args>... +# +# Config file is a series of lines. +# +# permit <keyword>.... +# +# if caller, local addr, all remote addrs and networks, and +# ifname, all match, permits the request (and stops reading +# the config) +# +# group <groupname>|<gid> +# matches caller if they are in that group +# user <username>|<uid> +# matches caller if they are that user +# everyone +# always matches caller +# +# hostnet <ipaddr>/<prefixlen> +# equivalent to local <ipv4addr> remote <ipv4addr&prefix> +# local <ipaddr> +# matches local address when it is <ipv4addr> +# remote <ipnetnet>/<prefixlen> +# matches aplicable remote addrs (including p-t-p) +# addrs <ipaddr>|<ipnetnet>/<prefixlen> +# matches applicable local ore remote addrs +# +# ifname <ifname> +# matches interface name if it is exactly <ifname> +# (<ifname> may contain %d, which is interpreted by +# the kernel) +# wildcards are not supported +# if a permit has no ifname at all, it is as if +# `ifname userv%d' was specified +# +# v0config <v0configfile> +# +# If none of the `permit' lines match, will read <v0configfile> +# in old format. Must be the last line in the file. +# +# <config> -- + +use strict; |