@@ -1,3 +1,12 @@

+userv-utils (0.1.90) unstable; urgency=low
+
+  * ipif/INSTALL instructions, such as they are, included.
+
+  * ipif service now supports `=' character in addrs in ipif-networks, for
+    local endpoint only.
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk>  Wed, 21 Jun 2000 23:48:10 +0100
+
 userv-utils (0.1.9) unstable; urgency=low

   * Completely revamped udptunnel (in ipif) - now does encryption.

1 files changed, 26 insertions, 16 deletions

diff --git a/ipif/service.c b/ipif/service.c
index 24ea45b..2edf4a6 100644
--- a/ipif/service.c
+++ b/ipif/service.c
@@ -11,16 +11,18 @@
  *  <local-addr>,<peer-addr>,<mtu>,<proto>
  *      As for slattach.  Supported protocols are slip, cslip, and
  *      adaptive.  Alternatively, set to `debug' to print debugging
- *      info.  <local-addr> is address of the interface on chiark;
- *      <peer-addr> is the address of the point-to-point peer.
+ *      info.  <local-addr> is address of the interface on the local
+ *      system; <peer-addr> is the address of the point-to-point peer.
  *  <prefix>/<mask>,<prefix>/<mask>,...
  *      List of additional routes to add for this interface.
  *      May be the empty argument, or `-' if this is problematic.
  *
  * <config> is either
- *    <gid>,<prefix>/<len>[,<junk>]
+ *    <gid>,[=]<prefix>/<len>[,<junk>]
  *      indicating that that gid may allocate addresses in
  *      the relevant subspace (<junk> is ignored)
+ *      if `=' is specified then it's only allowed for the local
+ *      endpoint address
  * or #...
  *      which is a comment
  * or /<config-file-name> or ./<config-file-name> or ../<config-file-name>
@@ -291,25 +293,27 @@ static int addrnet_isin(unsigned long prefix, unsigned long mask,
 }
   
 
-static void permit(unsigned long pprefix, unsigned long pmask) {
+static void permit(unsigned long pprefix, unsigned long pmask, int localonly) {
   int i, any;
   
   assert(!(pprefix & ~pmask));
   any= 0;
 
-  if (!proto) fputs("permits",stdout);
+  if (!proto) fputs(localonly ? "permits-l" : "permits",stdout);
   if (addrnet_isin(localaddr,~0UL, pprefix,pmask)) {
     if (!proto) fputs(" local-addr",stdout);
     any= localallow= 1;
   }
-  if (addrnet_isin(peeraddr,~0UL, pprefix,pmask)) {
-    if (!proto) fputs(" peer-addr",stdout);
-    any= peerallow= 1;
-  }
-  for (i=0; i<nexroutes; i++) {
-    if (addrnet_isin(exroutes[i].prefix,exroutes[i].mask, pprefix,pmask)) {
-      if (!proto) printf(" route#%d",i);
-      any= exroutes[i].allow= 1;
+  if (!localonly) {
+    if (addrnet_isin(peeraddr,~0UL, pprefix,pmask)) {
+      if (!proto) fputs(" peer-addr",stdout);
+      any= peerallow= 1;
+    }
+    for (i=0; i<nexroutes; i++) {
+      if (addrnet_isin(exroutes[i].prefix,exroutes[i].mask, pprefix,pmask)) {
+	if (!proto) printf(" route#%d",i);
+	any= exroutes[i].allow= 1;
+      }
     }
   }
   if (!proto) {
@@ -367,14 +371,14 @@ static void pfile(const char *filename) {
 
 static void pconfig(const char *configstr, int truncated) {
   unsigned long fgid, tgid, pprefix, pmask;
-  int plen;
+  int plen, localonly;
   char ptxt[ATXTLEN];
   const char *gidlist;
   
   switch (configstr[0]) {
   case '*':
     if (strcmp(configstr,"*")) badusage("`*' directive must be only thing on line");
-    permit(0UL,0UL);
+    permit(0UL,0UL,0);
     return;
     
   case '#':
@@ -390,6 +394,12 @@ static void pconfig(const char *configstr, int truncated) {
       badusage("unknown configuration directive");
     
     fgid= eat_number(&configstr,"gid", 0,gidmaxval, ",",0);
+    if (configstr[0] == '=') {
+      localonly= 1;
+      configstr++;
+    } else {
+      localonly= 0;
+    }
     eat_prefixmask(&configstr,"permitted-prefix", ",",0, &pprefix,&pmask,&plen);
     if (!configstr && truncated) badusage("gid,prefix/len,... spec too long");
 
@@ -405,7 +415,7 @@ static void pconfig(const char *configstr, int truncated) {
       tgid= eat_number(&gidlist,"userv-gid", 0,gidmaxval, " ",0);
       if (tgid == fgid) break;
     }
-    permit(pprefix,pmask);
+    permit(pprefix,pmask,localonly);
     return;
   }
 }