blob: ad9de0685358c4635e2a2ccff109be6ae8c3296e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#!/usr/bin/perl -w
#
# When invoked appropriately, it creates a point-to-point network
# interface with specified parameters. It arranges for packets sent out
# via that interface by the kernel to appear on its own stdout in SLIP or
# CSLIP encoding, and packets injected into its own stdin to be given to
# the kernel as if received on that interface. Optionally, additional
# routes can be set up to arrange for traffic for other address ranges to
# be routed through the new interface.
#
# This is the access control wrapper for the service program.
# Arrangments should be made to invoke this as root from userv.
#
# Usage:
#
# .../ipif1 <v1config> -- <service-args>...
#
# Config file is a series of lines.
#
# permit <keyword>....
#
# if caller, local addr, all remote addrs and networks, and
# ifname, all match, permits the request (and stops reading
# the config)
#
# group <groupname>|<gid>
# matches caller if they are in that group
# user <username>|<uid>
# matches caller if they are that user
# everyone
# always matches caller
#
# hostnet <ipaddr>/<prefixlen>
# equivalent to local <ipv4addr> remote <ipv4addr&prefix>
# local <ipaddr>
# matches local address when it is <ipv4addr>
# remote <ipnetnet>/<prefixlen>
# matches aplicable remote addrs (including p-t-p)
# addrs <ipaddr>|<ipnetnet>/<prefixlen>
# matches applicable local ore remote addrs
#
# ifname <ifname>
# matches interface name if it is exactly <ifname>
# (<ifname> may contain %d, which is interpreted by
# the kernel)
# wildcards are not supported
# if a permit has no ifname at all, it is as if
# `ifname userv%d' was specified
#
# v0config <v0configfile>
#
# If none of the `permit' lines match, will read <v0configfile>
# in old format. Must be the last line in the file.
#
# <config> --
use strict;
|
