From 01e9fe64d5066d0407f27b0b0b0c9cb4db17c607 Mon Sep 17 00:00:00 2001 Message-Id: <01e9fe64d5066d0407f27b0b0b0c9cb4db17c607.1716245742.git.mdw@distorted.org.uk> From: Mark Wooding Date: Mon, 11 Dec 2000 02:38:49 +0000 Subject: [PATCH] Bugfixes. Organization: Straylight/Edgeware From: ian --- ipif/udptunnel-reconf.pl | 43 ++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/ipif/udptunnel-reconf.pl b/ipif/udptunnel-reconf.pl index 0bb4646..9f70291 100755 --- a/ipif/udptunnel-reconf.pl +++ b/ipif/udptunnel-reconf.pl @@ -17,7 +17,7 @@ # along with userv-utils; if not, write to the Free Software # Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # -# $Id: udptunnel-reconf.pl,v 1.1.2.3 2000/12/11 01:53:01 ian Exp $ +# $Id: udptunnel-reconf.pl,v 1.1.2.4 2000/12/11 02:38:49 ian Exp $ use Socket; @@ -83,13 +83,6 @@ foreach $site (@actives, @passives) { check_junk("error in config for site $site",$site); } -$lgroup= var_global('lgroup'); -@lgroup= getgrnam($lgroup); -@lgroup or fault("invalid group $lgroup"); -$lgid= $lgroup[2]; -$forbid_remote= var_global('forbid_remote'); -@forbid_remote= (); - sub parse_addr_mask ($) { my ($r) = @_; my ($mask,$iaddr); @@ -101,43 +94,55 @@ sub parse_addr_mask ($) { return ($iaddr, $mask); } +$forbid_remote= var_global('forbid_remote'); +@forbid_remote= (); foreach $r (split /[, \t]+/, $forbid_remote) { push @forbid_remote, [ parse_addr_mask($r) ]; } -sub ipif_permit ($$$) { - my ($local,$net,$why) = @_; - my ($pmask,$piaddr,$fmask,$fiaddr); +sub ipif_permit ($$$$) { + my ($group,$local,$net,$why) = @_; + my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid); + + @lgroup= getgrnam($group); + @lgroup or fault("invalid group \`$group' ($why)"); + $lgid= $lgroup[2]; + if (!$local) { ($piaddr,$pmask) = parse_addr_mask($net); foreach $fref (@forbid_remote) { ($fiaddr,$fmask) = @$fref; $jmask= $fmask & $pmask; #printf STDERR "%8lx %8lx %l8x %8lx", $pmask,$pmask - fault("local network $net claimed as remote ($why) by $site") + fault("local network $net claimed as remote ($why)") if (($fiaddr&$jmask) == ($piaddr&$jmask)); } } - $ipif_file .= "$lgid,$local$net, $lgroup, $why\n"; + $ipif_file .= "$lgid,$local$net, $group, $why\n"; } +$glgroup= var_global('lgroup'); $glend= var_site('lend')."/32"; -if ($glend !~ m/^V_/) { - ipif_permit('=', "$glend", 'local endpoint'); +if ($glend !~ m/^V_/ && $glgroup !~ m/^V_/ && + length $glend && length $glgroup) { + ipif_permit($glgroup, '=', "$glend", 'local endpoint'); +} else { + $glend='X'; $glgroup='X'; } foreach $site (@actives, @passives) { $tlend= var_site('lend')."/32"; - if ($tlend != $glend) { - ipif_permit('=', $tlend.'/32', "$site - local endpoint"); + $tlgroup= var_site('lgroup'); + if ($tlend ne $glend || $tlgroup ne $glgroup) { + ipif_permit($tlgroup, '=', $tlend, "$site - local endpoint"); } $trend= var_site('rend').'/32'; $ix= 0; $trnets= var_site('rnets'); - ipif_permit('', $trend, "$site - remote endpoint"); + ipif_permit($tlgroup, '', $trend, "$site - remote endpoint"); if ($trnets ne '-') { foreach $rnet (split /,/, $trnets) { - ipif_permit('', $rnet, "$site - remote network #$ix"); + ipif_permit($tlgroup, '', $rnet, "$site - remote network #$ix"); $ix++; } } -- [mdw]