# along with userv-utils; if not, write to the Free Software
# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-# $Id: udptunnel-reconf.pl,v 1.1.2.3 2000/12/11 01:53:01 ian Exp $
+# $Id: udptunnel-reconf.pl,v 1.1.2.4 2000/12/11 02:38:49 ian Exp $
use Socket;
check_junk("error in config for site $site",$site);
}
-$lgroup= var_global('lgroup');
-@lgroup= getgrnam($lgroup);
-@lgroup or fault("invalid group $lgroup");
-$lgid= $lgroup[2];
-$forbid_remote= var_global('forbid_remote');
-@forbid_remote= ();
-
sub parse_addr_mask ($) {
my ($r) = @_;
my ($mask,$iaddr);
return ($iaddr, $mask);
}
+$forbid_remote= var_global('forbid_remote');
+@forbid_remote= ();
foreach $r (split /[, \t]+/, $forbid_remote) {
push @forbid_remote, [ parse_addr_mask($r) ];
}
-sub ipif_permit ($$$) {
- my ($local,$net,$why) = @_;
- my ($pmask,$piaddr,$fmask,$fiaddr);
+sub ipif_permit ($$$$) {
+ my ($group,$local,$net,$why) = @_;
+ my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid);
+
+ @lgroup= getgrnam($group);
+ @lgroup or fault("invalid group \`$group' ($why)");
+ $lgid= $lgroup[2];
+
if (!$local) {
($piaddr,$pmask) = parse_addr_mask($net);
foreach $fref (@forbid_remote) {
($fiaddr,$fmask) = @$fref;
$jmask= $fmask & $pmask;
#printf STDERR "%8lx %8lx %l8x %8lx", $pmask,$pmask
- fault("local network $net claimed as remote ($why) by $site")
+ fault("local network $net claimed as remote ($why)")
if (($fiaddr&$jmask) == ($piaddr&$jmask));
}
}
- $ipif_file .= "$lgid,$local$net, $lgroup, $why\n";
+ $ipif_file .= "$lgid,$local$net, $group, $why\n";
}
+$glgroup= var_global('lgroup');
$glend= var_site('lend')."/32";
-if ($glend !~ m/^V_/) {
- ipif_permit('=', "$glend", 'local endpoint');
+if ($glend !~ m/^V_/ && $glgroup !~ m/^V_/ &&
+ length $glend && length $glgroup) {
+ ipif_permit($glgroup, '=', "$glend", 'local endpoint');
+} else {
+ $glend='X'; $glgroup='X';
}
foreach $site (@actives, @passives) {
$tlend= var_site('lend')."/32";
- if ($tlend != $glend) {
- ipif_permit('=', $tlend.'/32', "$site - local endpoint");
+ $tlgroup= var_site('lgroup');
+ if ($tlend ne $glend || $tlgroup ne $glgroup) {
+ ipif_permit($tlgroup, '=', $tlend, "$site - local endpoint");
}
$trend= var_site('rend').'/32';
$ix= 0;
$trnets= var_site('rnets');
- ipif_permit('', $trend, "$site - remote endpoint");
+ ipif_permit($tlgroup, '', $trend, "$site - remote endpoint");
if ($trnets ne '-') {
foreach $rnet (split /,/, $trnets) {
- ipif_permit('', $rnet, "$site - remote network #$ix");
+ ipif_permit($tlgroup, '', $rnet, "$site - remote network #$ix");
$ix++;
}
}