From 08e5c1c8752d0dbf3cf404639e78a7e4276c1e1b Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Mon, 17 Apr 2017 18:11:18 +0100 Subject: [PATCH] ipif: wip new service-wrap: docs Signed-off-by: Ian Jackson --- ipif/service-wrap | 57 +++++++++++++++++++++++++++++++++++++++++++++++ ipif/service.c | 8 ------- 2 files changed, 57 insertions(+), 8 deletions(-) create mode 100644 ipif/service-wrap diff --git a/ipif/service-wrap b/ipif/service-wrap new file mode 100644 index 0000000..ad9de06 --- /dev/null +++ b/ipif/service-wrap @@ -0,0 +1,57 @@ +#!/usr/bin/perl -w +# +# When invoked appropriately, it creates a point-to-point network +# interface with specified parameters. It arranges for packets sent out +# via that interface by the kernel to appear on its own stdout in SLIP or +# CSLIP encoding, and packets injected into its own stdin to be given to +# the kernel as if received on that interface. Optionally, additional +# routes can be set up to arrange for traffic for other address ranges to +# be routed through the new interface. +# +# This is the access control wrapper for the service program. +# Arrangments should be made to invoke this as root from userv. +# +# Usage: +# +# .../ipif1 -- ... +# +# Config file is a series of lines. +# +# permit .... +# +# if caller, local addr, all remote addrs and networks, and +# ifname, all match, permits the request (and stops reading +# the config) +# +# group | +# matches caller if they are in that group +# user | +# matches caller if they are that user +# everyone +# always matches caller +# +# hostnet / +# equivalent to local remote +# local +# matches local address when it is +# remote / +# matches aplicable remote addrs (including p-t-p) +# addrs |/ +# matches applicable local ore remote addrs +# +# ifname +# matches interface name if it is exactly +# ( may contain %d, which is interpreted by +# the kernel) +# wildcards are not supported +# if a permit has no ifname at all, it is as if +# `ifname userv%d' was specified +# +# v0config +# +# If none of the `permit' lines match, will read +# in old format. Must be the last line in the file. +# +# -- + +use strict; diff --git a/ipif/service.c b/ipif/service.c index eacfc63..ca02330 100644 --- a/ipif/service.c +++ b/ipif/service.c @@ -1,14 +1,6 @@ /* * userv service (or standalone program) for per-user IP subranges. * - * When invoked appropriately, it creates a point-to-point network - * interface with specified parameters. It arranges for packets sent out - * via that interface by the kernel to appear on its own stdout in SLIP or - * CSLIP encoding, and packets injected into its own stdin to be given to - * the kernel as if received on that interface. Optionally, additional - * routes can be set up to arrange for traffic for other address ranges to - * be routed through the new interface. - * * This is the service program, which is invoked as root from userv (or may * be invoked firectly). * -- 2.30.2