Update docco for new options.

diff --git a/debian/rules b/debian/rules
index d592b5bdf8288a44308ef908250d82ad7c4117a9..39706311056c1375954451a763d4ac5776dc2ef5 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -23,7 +23,7 @@ binary-arch: install
        dh_testdir -a
        dh_testroot -a
        dh_compress -a
        dh_testdir -a
        dh_testroot -a
        dh_compress -a

-       dh_installdocs -a
+       dh_installdocs -a grammar

        dh_strip -a
        dh_shlibdeps -a
        dh_gencontrol -a
        dh_strip -a
        dh_shlibdeps -a
        dh_gencontrol -a

diff --git a/fw.1 b/fw.1
index 4419f140b893bb1fe8bf12ce47c467784439068f..251aa5ab6053ce08c53205d6b5090591d0fd516a 100644 (file)
--- a/fw.1
+++ b/fw.1
@@ -1,6 +1,6 @@
 .\" -*-nroff-*-
 .\"
 .\" -*-nroff-*-
 .\"

-.\" $Id: fw.1,v 1.15 2003/01/24 20:13:04 mdw Exp $
+.\" $Id: fw.1,v 1.16 2003/11/25 14:46:50 mdw Exp $

 .\"
 .\" Manual page for fw
 .\"
 .\"
 .\" Manual page for fw
 .\"


@@ -28,6 +28,9 @@
 .\" ---- Revision history ---------------------------------------------------
 .\" 
 .\" $Log: fw.1,v $
 .\" ---- Revision history ---------------------------------------------------
 .\" 
 .\" $Log: fw.1,v $

+.\" Revision 1.16  2003/11/25 14:46:50  mdw
+.\" Update docco for new options.
+.\"

 .\" Revision 1.15  2003/01/24 20:13:04  mdw
 .\" Fix bogus examples.  Explain quoting rules for `exec' endpoints.
 .\"
 .\" Revision 1.15  2003/01/24 20:13:04  mdw
 .\" Fix bogus examples.  Explain quoting rules for `exec' endpoints.
 .\"


@@ -1077,11 +1080,23 @@ The
 .B inet
 source address accepts the following options:
 .OS "Socket options"
 .B inet
 source address accepts the following options:
 .OS "Socket options"

-.BR socket.inet. [ allow | deny ]
-.RB [ from ]
-.I address
+.B socket.inet.source.addr
+.RB [ = ]
+.RR any | \c
+.I addr
+.OD
+Specify the IP address on which to listen for incoming connections.  The
+default is
+.BR any ,
+which means to listen on all addresses, though it may be useful to
+specify this explicitly, if the global setting is different.
+.OE
+.OS "Socket options"
+.BR socket.inet.source. [ allow | deny ]
+.RB [ host ]
+.I addr

 .RB [ /
 .RB [ /

-.IR address ]
+.IR addr ]

 .OD
 Adds an entry to the source's access control list.  If only one
 .I address
 .OD
 Adds an entry to the source's access control list.  If only one
 .I address


@@ -1094,6 +1109,26 @@ and
 mean the same), and the entry applies to any address which, when masked
 by the netmask, is equal to the masked network address.
 .OE
 mean the same), and the entry applies to any address which, when masked
 by the netmask, is equal to the masked network address.
 .OE

+.OS "Socket options"
+.BR socket.inet.source. [ allow | deny ]
+.B priv-port
+.OD
+Accept or reject connections from low-numbered `privileged' ports, in
+the range 0--1023.
+.OE
+.OS "Socket options"
+.B socket.inet.dest.addr
+.RB [ = ]
+.RR any | \c
+.I addr
+.OD
+Specify the IP address to bind the local socket to when making an
+outbound connection.  The default is
+.BR any ,
+which means to use whichever address the kernel thinks is most
+convenient.  This option is useful if the destination is doing
+host-based access control and your server is multi-homed.
+.OE

 .PP
 The access control rules are examined in the order: local entries first,
 then global ones, each in the order given in the configuration file.
 .PP
 The access control rules are examined in the order: local entries first,
 then global ones, each in the order given in the configuration file.


@@ -1502,11 +1537,24 @@ exec
 .RB [ = ]
 .BR yes | no
 .PP
 .RB [ = ]
 .BR yes | no
 .PP

-.BR socket.inet. [ allow | deny ]
-.RB [ from ]
-.I address
+.BR socket.inet.source. [ allow | deny ]
+.RB [ host ]
+.I addr

 .RB [ /
 .RB [ /

-.IR address ]
+.IR addr ]
+.br
+.BR socket.inet.source. [ allow | deny ]
+.B priv-port
+.br
+.B socket.inet.source.addr
+.RB [ = ]
+.BR any | \c
+.I addr
+.br
+.B socket.inet.dest.addr
+.RB [ = ]
+.BR any | \c
+.I addr

 .PP
 .BR socket.unix.fattr. *
 .
 .PP
 .BR socket.unix.fattr. *
 .

diff --git a/fw.c b/fw.c
index b0eed7050c4a23b43a25e3063b7978b32c80bc5d..5a5db0f39151d335d6e11d6e98877857623392fd 100644 (file)
--- a/fw.c
+++ b/fw.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
 /* -*-c-*-
  *

- * $Id: fw.c,v 1.14 2003/01/24 20:12:40 mdw Exp $
+ * $Id: fw.c,v 1.15 2003/11/25 14:46:50 mdw Exp $

  *
  * Port forwarding thingy
  *
  *
  * Port forwarding thingy
  *


@@ -29,6 +29,9 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: fw.c,v $
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: fw.c,v $

+ * Revision 1.15  2003/11/25 14:46:50  mdw
+ * Update docco for new options.
+ *

  * Revision 1.14  2003/01/24 20:12:40  mdw
  * Correctly cast uid and gid sentinel values.
  *
  * Revision 1.14  2003/01/24 20:12:40  mdw
  * Correctly cast uid and gid sentinel values.
  *


@@ -515,53 +518,53 @@ static void grammar(FILE *fp)
 Grammar summary\n\
 \n\
 Basic syntax\n\
 Grammar summary\n\
 \n\
 Basic syntax\n\

-       file ::= empty | file stmt [`;']\n\
-       stmt ::= option-stmt | fw-stmt\n\
-       fw-stmt ::= `fw' source options [`to'|`->'] target options\n\
-       options ::= `{' option-seq `}'\n\
-       option-seq ::= empty | option-stmt [`;'] option-seq\n\
+       FILE ::= EMPTY | FILE STMT [`;']\n\
+       STMT ::= OPTION-STMT | FW-STMT\n\
+       FW-STMT ::= `fw' SOURCE OPTIONS [`to'|`->'] TARGET OPTIONS\n\
+       OPTIONS ::= `{' OPTION-SEQ `}'\n\
+       OPTION-SEQ ::= EMPTY | OPTION-STMT [`;'] OPTION-SEQ\n\

 \n\
 Option syntax\n\
 \n\
 Option syntax\n\

-       option-stmt ::= q-option\n\
-       q-option ::= option\n\
-            | prefix `.' q-option\n\
-            | prefix `{' option-seq `}'\n\
-       prefix ::= word\n\
+       OPTION-STMT ::= Q-OPTION\n\
+       Q-OPTION ::= OPTION\n\
+            | PREFIX `.' Q-OPTION\n\
+            | PREFIX `{' OPTION-SEQ `}'\n\
+       PREFIX ::= WORD\n\

 \n\
 File source and target\n\
 \n\
 File source and target\n\

-       source ::= file\n\
-       target ::= file\n\
-       file ::= `file' [`.'] fspec [`,' fspec]\n\
-       fspec ::= fd-spec | name-spec | null-spec\n\
-       fd-spec ::= [[`:']`fd'[`:']] number|`stdin'|`stdout'\n\
-       name-spec ::= [[`:']`file'[`:']] file-name\n\
-       file-name ::= path-seq | [ path-seq ]\n\
-       path-seq ::= path-elt | path-seq path-elt\n\
-       path-elt ::= `/' | word\n\
-       null-spec ::= [`:']`null'[`:']\n\
+       SOURCE ::= FILE\n\
+       TARGET ::= FILE\n\
+       FILE ::= `file' [`.'] FSPEC [`,' FSPEC]\n\
+       FSPEC ::= FD-SPEC | NAME-SPEC | NULL-SPEC\n\
+       FD-SPEC ::= [[`:']`fd'[`:']] NUMBER|`stdin'|`stdout'\n\
+       NAME-SPEC ::= [[`:']`file'[`:']] FILE-NAME\n\
+       FILE-NAME ::= PATH-SEQ | [ PATH-SEQ ]\n\
+       PATH-SEQ ::= PATH-ELT | PATH-SEQ PATH-ELT\n\
+       PATH-ELT ::= `/' | WORD\n\
+       NULL-SPEC ::= [`:']`null'[`:']\n\

 \n\
 Exec source and target\n\
 \n\
 Exec source and target\n\

-       source ::= exec\n\
-       target ::= exec\n\
-       exec ::= `exec' [`.'] cmd-spec\n\
-       cmd-spec ::= shell-cmd | [prog-name] `[' argv0 arg-seq `]'\n\
-       arg-seq ::= word | arg-seq word\n\
-       shell-cmd ::= word\n\
-       argv0 ::= word\n\
+       SOURCE ::= EXEC\n\
+       TARGET ::= EXEC\n\
+       EXEC ::= `exec' [`.'] CMD-SPEC\n\
+       CMD-SPEC ::= SHELL-CMD | [PROG-NAME] `[' ARGV0 ARG-SEQ `]'\n\
+       ARG-SEQ ::= WORD | ARG-SEQ WORD\n\
+       SHELL-CMD ::= WORD\n\
+       ARGV0 ::= WORD\n\

 \n\
 Socket source and target\n\
 \n\
 Socket source and target\n\

-       source ::= socket-source\n\
-       target ::= socket-target\n\
-       socket-source ::= [`socket'[`.']] [[`:']addr-type[`:']] source-addr\n\
-       socket-target ::= [`socket'[`.']] [[`:']addr-type[`:']] target-addr\n\
+       SOURCE ::= SOCKET-SOURCE\n\
+       TARGET ::= SOCKET-TARGET\n\
+       SOCKET-SOURCE ::= [`socket'[`.']] [[`:']ADDR-TYPE[`:']] SOURCE-ADDR\n\
+       SOCKET-TARGET ::= [`socket'[`.']] [[`:']ADDR-TYPE[`:']] TARGET-ADDR\n\

 \n\
 \n\

-       inet-source-addr ::= [port] port\n\
-       inet-target-addr ::= address [`:'] port\n\
-       address ::= addr-elt | address addr-elt\n\
-       addr-elt ::= `.' | word\n\
+       INET-SOURCE-ADDR ::= [`port'] PORT\n\
+       INET-TARGET-ADDR ::= ADDRESS [`:'] PORT\n\
+       ADDRESS ::= ADDR-ELT | ADDRESS ADDR-ELT\n\
+       ADDR-ELT ::= `.' | WORD\n\

 \n\
 \n\

-       unix-source-addr ::= file-name\n\
-       unix-target-addr ::= file-name\n\
+       UNIX-SOURCE-ADDR ::= FILE-NAME\n\
+       UNIX-TARGET-ADDR ::= FILE-NAME\n\

 ");
 }
 
 ");
 }
 


@@ -572,9 +575,9 @@ static void options(FILE *fp)
 Options summary\n\
 \n\
 File attributes (`fattr')\n\
 Options summary\n\
 \n\
 File attributes (`fattr')\n\

-       prefix.fattr.mode [=] mode\n\
-       prefix.fattr.owner [=] user\n\
-       prefix.fattr.group [=] group\n\
+       prefix.FATTR.MODE [=] MODE\n\
+       prefix.FATTR.OWNER [=] USER\n\
+       prefix.FATTR.GROUP [=] GROUP\n\

 \n\
 File options\n\
        file.create [=] yes|no\n\
 \n\
 File options\n\
        file.create [=] yes|no\n\


@@ -583,21 +586,24 @@ File options\n\
 \n\
 Exec options\n\
        exec.logging [=] yes|no\n\
 \n\
 Exec options\n\
        exec.logging [=] yes|no\n\

-       exec.dir [=] file-name\n\
-       exec.root [=] file-name\n\
-       exec.user [=] user\n\
-       exec.group [=] group\n\
-       exec.rlimit.limit[.hard|.soft] [=] value\n\
+       exec.dir [=] FILE-NAME\n\
+       exec.root [=] FILE-NAME\n\
+       exec.user [=] USER\n\
+       exec.group [=] GROUP\n\
+       exec.rlimit.LIMIT[.hard|.soft] [=] VALUE\n\

        exec.env.clear\n\
        exec.env.clear\n\

-       exec.env.unset var\n\
-       exec.env.[set] var [=] value\n\
+       exec.env.unset VAR\n\
+       exec.env.[set] VAR [=] VALUE\n\

 \n\
 Socket options\n\
 \n\
 Socket options\n\

-       socket.conn [=] number|unlimited|one-shot\n\
-       socket.listen [=] number\n\
+       socket.conn [=] NUMBER|unlimited|one-shot\n\
+       socket.listen [=] NUMBER\n\

        socket.logging [=] yes|no\n\
 \n\
        socket.logging [=] yes|no\n\
 \n\

-       socket.inet.[allow|deny] [from] address [/ address]\n\
+       socket.inet.source.[allow|deny] [host] ADDR [/ ADDR]\n\
+       socket.inet.source.[allow|deny] priv-port\n\
+       socket.inet.source.addr [=] any|ADDR\n\
+       socket.inet.dest.addr [=] any|ADDR\n\

 \n\
        socket.unix.fattr.*\n\
 ");
 \n\
        socket.unix.fattr.*\n\
 ");

diff --git a/grammar b/grammar
index ae3ce1f9dc9c7a7180f073523a09fb5a83689414..6c4fc02abb2078668dd4cef5cb2c31cf53df835f 100644 (file)
--- a/grammar
+++ b/grammar
@@ -1,56 +1,56 @@
 Basic syntax
 Basic syntax

-       file ::= empty | file stmt [`;']
-       stmt ::= option-stmt | fw-stmt
-       fw-stmt ::= `fw' source options [`to'|`->'] target options
-       options ::= `{' option-seq `}'
-       option-seq ::= empty | option-stmt [`;'] option-seq
+       FILE ::= EMPTY | FILE STMT [`;']
+       STMT ::= OPTION-STMT | FW-STMT
+       FW-STMT ::= `fw' SOURCE OPTIONS [`to'|`->'] TARGET OPTIONS
+       OPTIONS ::= `{' OPTION-SEQ `}'
+       OPTION-SEQ ::= EMPTY | OPTION-STMT [`;'] OPTION-SEQ

 
 Option syntax
 
 Option syntax

-       option-stmt ::= q-option
-       q-option ::= option
-            | prefix `.' q-option
-            | prefix `{' option-seq `}'
-       prefix ::= word
+       OPTION-STMT ::= Q-OPTION
+       Q-OPTION ::= OPTION
+            | PREFIX `.' Q-OPTION
+            | PREFIX `{' OPTION-SEQ `}'
+       PREFIX ::= WORD

 
 File source and target
 
 File source and target

-       source ::= file
-       target ::= file
-       file ::= `file' [`.'] fspec [`,' fspec]
-       fspec ::= fd-spec | name-spec | null-spec
-       fd-spec ::= [[`:']`fd'[`:']] number|`stdin'|`stdout'
-       name-spec ::= [[`:']`file'[`:']] file-name
-       file-name ::= path-seq | [ path-seq ]
-       path-seq ::= path-elt | path-seq path-elt
-       path-elt ::= `/' | word
-       null-spec ::= [`:']`null'[`:']
+       SOURCE ::= FILE
+       TARGET ::= FILE
+       FILE ::= `file' [`.'] FSPEC [`,' FSPEC]
+       FSPEC ::= FD-SPEC | NAME-SPEC | NULL-SPEC
+       FD-SPEC ::= [[`:']`fd'[`:']] NUMBER|`stdin'|`stdout'
+       NAME-SPEC ::= [[`:']`file'[`:']] FILE-NAME
+       FILE-NAME ::= PATH-SEQ | [ PATH-SEQ ]
+       PATH-SEQ ::= PATH-ELT | PATH-SEQ PATH-ELT
+       PATH-ELT ::= `/' | WORD
+       NULL-SPEC ::= [`:']`null'[`:']

 
 Exec source and target
 
 Exec source and target

-       source ::= exec
-       target ::= exec
-       exec ::= `exec' [`.'] cmd-spec
-       cmd-spec ::= shell-cmd | [prog-name] `[' argv0 arg-seq `]'
-       arg-seq ::= word | arg-seq word
-       shell-cmd ::= word
-       argv0 ::= word
+       SOURCE ::= EXEC
+       TARGET ::= EXEC
+       EXEC ::= `exec' [`.'] CMD-SPEC
+       CMD-SPEC ::= SHELL-CMD | [PROG-NAME] `[' ARGV0 ARG-SEQ `]'
+       ARG-SEQ ::= WORD | ARG-SEQ WORD
+       SHELL-CMD ::= WORD
+       ARGV0 ::= WORD

 
 Socket source and target
 
 Socket source and target

-       source ::= socket-source
-       target ::= socket-target
-       socket-source ::= [`socket'[`.']] [[`:']addr-type[`:']] source-addr
-       socket-target ::= [`socket'[`.']] [[`:']addr-type[`:']] target-addr
+       SOURCE ::= SOCKET-SOURCE
+       TARGET ::= SOCKET-TARGET
+       SOCKET-SOURCE ::= [`socket'[`.']] [[`:']ADDR-TYPE[`:']] SOURCE-ADDR
+       SOCKET-TARGET ::= [`socket'[`.']] [[`:']ADDR-TYPE[`:']] TARGET-ADDR

 
 

-       inet-source-addr ::= [port] port
-       inet-target-addr ::= address [`:'] port
-       address ::= addr-elt | address addr-elt
-       addr-elt ::= `.' | word
+       INET-SOURCE-ADDR ::= [`port'] PORT
+       INET-TARGET-ADDR ::= ADDRESS [`:'] PORT
+       ADDRESS ::= ADDR-ELT | ADDRESS ADDR-ELT
+       ADDR-ELT ::= `.' | WORD

 
 

-       unix-source-addr ::= file-name
-       unix-target-addr ::= file-name
+       UNIX-SOURCE-ADDR ::= FILE-NAME
+       UNIX-TARGET-ADDR ::= FILE-NAME

 
 File attributes (`fattr')
 
 File attributes (`fattr')

-       prefix.fattr.mode [=] mode
-       prefix.fattr.owner [=] user
-       prefix.fattr.group [=] group
+       PREFIX.fattr.mode [=] MODE
+       PREFIX.fattr.owner [=] USER
+       PREFIX.fattr.group [=] GROUP

 
 File options
        file.create [=] yes|no
 
 File options
        file.create [=] yes|no


@@ -59,17 +59,22 @@ File options
 
 Exec options
        exec.logging [=] yes|no
 
 Exec options
        exec.logging [=] yes|no

-       exec.dir [=] file-name
-       exec.root [=] file-name
-       exec.user [=] user
-       exec.group [=] group
-       exec.rlimit.limit[.hard|.soft] [=] value
+       exec.dir [=] FILE-NAME
+       exec.root [=] FILE-NAME
+       exec.user [=] USER
+       exec.group [=] GROUP
+       exec.rlimit.LIMIT[.hard|.soft] [=] VALUE

        exec.env.clear
        exec.env.clear

-       exec.env.unset var
-       exec.env.[set] var [=] value
+       exec.env.unset VAR
+       exec.env.[set] VAR [=] VALUE

 
 Socket options
 
 Socket options

-       socket.conn [=] number|unlimited|one-shot
+       socket.conn [=] NUMBER|unlimited|one-shot

        socket.logging [=] yes|no
        socket.logging [=] yes|no

-       socket.inet.[allow|deny] [from] address [/ address]
-       socket.unix.fattr.*
+
+       socket.inet.source.[allow|deny] priv-port
+       socket.inet.source.[allow|deny] [host] ADDR [/ ADDR]
+       socket.inet.source.addr [=] any|ADDR
+       socket.inet.dest.addr [=] any|ADDR
+
+       socket.unix.source.fattr.*