X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/userv-utils/blobdiff_plain/f2add8c1b19c46ff78655278643c3c2851db7566..08e5c1c8752d0dbf3cf404639e78a7e4276c1e1b:/ipif/service-wrap diff --git a/ipif/service-wrap b/ipif/service-wrap new file mode 100644 index 0000000..ad9de06 --- /dev/null +++ b/ipif/service-wrap @@ -0,0 +1,57 @@ +#!/usr/bin/perl -w +# +# When invoked appropriately, it creates a point-to-point network +# interface with specified parameters. It arranges for packets sent out +# via that interface by the kernel to appear on its own stdout in SLIP or +# CSLIP encoding, and packets injected into its own stdin to be given to +# the kernel as if received on that interface. Optionally, additional +# routes can be set up to arrange for traffic for other address ranges to +# be routed through the new interface. +# +# This is the access control wrapper for the service program. +# Arrangments should be made to invoke this as root from userv. +# +# Usage: +# +# .../ipif1 -- ... +# +# Config file is a series of lines. +# +# permit .... +# +# if caller, local addr, all remote addrs and networks, and +# ifname, all match, permits the request (and stops reading +# the config) +# +# group | +# matches caller if they are in that group +# user | +# matches caller if they are that user +# everyone +# always matches caller +# +# hostnet / +# equivalent to local remote +# local +# matches local address when it is +# remote / +# matches aplicable remote addrs (including p-t-p) +# addrs |/ +# matches applicable local ore remote addrs +# +# ifname +# matches interface name if it is exactly +# ( may contain %d, which is interpreted by +# the kernel) +# wildcards are not supported +# if a permit has no ifname at all, it is as if +# `ifname userv%d' was specified +# +# v0config +# +# If none of the `permit' lines match, will read +# in old format. Must be the last line in the file. +# +# -- + +use strict;