chiark
/
gitweb
/
~mdw
/
userv-utils
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f037b24
)
Bugfixes.
author
ian
<ian>
Mon, 11 Dec 2000 02:38:49 +0000
(
02:38
+0000)
committer
ian
<ian>
Mon, 11 Dec 2000 02:38:49 +0000
(
02:38
+0000)
ipif/udptunnel-reconf.pl
patch
|
blob
|
blame
|
history
diff --git
a/ipif/udptunnel-reconf.pl
b/ipif/udptunnel-reconf.pl
index 0bb4646aeebb60e744830d81713ea963d656f64e..9f7029152f312c4998f53fabde02046ea478e2a4 100755
(executable)
--- a/
ipif/udptunnel-reconf.pl
+++ b/
ipif/udptunnel-reconf.pl
@@
-17,7
+17,7
@@
# along with userv-utils; if not, write to the Free Software
# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# along with userv-utils; if not, write to the Free Software
# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-# $Id: udptunnel-reconf.pl,v 1.1.2.
3 2000/12/11 01:53:01
ian Exp $
+# $Id: udptunnel-reconf.pl,v 1.1.2.
4 2000/12/11 02:38:49
ian Exp $
use Socket;
use Socket;
@@
-83,13
+83,6
@@
foreach $site (@actives, @passives) {
check_junk("error in config for site $site",$site);
}
check_junk("error in config for site $site",$site);
}
-$lgroup= var_global('lgroup');
-@lgroup= getgrnam($lgroup);
-@lgroup or fault("invalid group $lgroup");
-$lgid= $lgroup[2];
-$forbid_remote= var_global('forbid_remote');
-@forbid_remote= ();
-
sub parse_addr_mask ($) {
my ($r) = @_;
my ($mask,$iaddr);
sub parse_addr_mask ($) {
my ($r) = @_;
my ($mask,$iaddr);
@@
-101,43
+94,55
@@
sub parse_addr_mask ($) {
return ($iaddr, $mask);
}
return ($iaddr, $mask);
}
+$forbid_remote= var_global('forbid_remote');
+@forbid_remote= ();
foreach $r (split /[, \t]+/, $forbid_remote) {
push @forbid_remote, [ parse_addr_mask($r) ];
}
foreach $r (split /[, \t]+/, $forbid_remote) {
push @forbid_remote, [ parse_addr_mask($r) ];
}
-sub ipif_permit ($$$) {
- my ($local,$net,$why) = @_;
- my ($pmask,$piaddr,$fmask,$fiaddr);
+sub ipif_permit ($$$$) {
+ my ($group,$local,$net,$why) = @_;
+ my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid);
+
+ @lgroup= getgrnam($group);
+ @lgroup or fault("invalid group \`$group' ($why)");
+ $lgid= $lgroup[2];
+
if (!$local) {
($piaddr,$pmask) = parse_addr_mask($net);
foreach $fref (@forbid_remote) {
($fiaddr,$fmask) = @$fref;
$jmask= $fmask & $pmask;
#printf STDERR "%8lx %8lx %l8x %8lx", $pmask,$pmask
if (!$local) {
($piaddr,$pmask) = parse_addr_mask($net);
foreach $fref (@forbid_remote) {
($fiaddr,$fmask) = @$fref;
$jmask= $fmask & $pmask;
#printf STDERR "%8lx %8lx %l8x %8lx", $pmask,$pmask
- fault("local network $net claimed as remote ($why)
by $site
")
+ fault("local network $net claimed as remote ($why)")
if (($fiaddr&$jmask) == ($piaddr&$jmask));
}
}
if (($fiaddr&$jmask) == ($piaddr&$jmask));
}
}
- $ipif_file .= "$lgid,$local$net, $
lgroup,
$why\n";
+ $ipif_file .= "$lgid,$local$net, $
group,
$why\n";
}
}
+$glgroup= var_global('lgroup');
$glend= var_site('lend')."/32";
$glend= var_site('lend')."/32";
-if ($glend !~ m/^V_/) {
- ipif_permit('=', "$glend", 'local endpoint');
+if ($glend !~ m/^V_/ && $glgroup !~ m/^V_/ &&
+ length $glend && length $glgroup) {
+ ipif_permit($glgroup, '=', "$glend", 'local endpoint');
+} else {
+ $glend='X'; $glgroup='X';
}
foreach $site (@actives, @passives) {
$tlend= var_site('lend')."/32";
}
foreach $site (@actives, @passives) {
$tlend= var_site('lend')."/32";
- if ($tlend != $glend) {
- ipif_permit('=', $tlend.'/32', "$site - local endpoint");
+ $tlgroup= var_site('lgroup');
+ if ($tlend ne $glend || $tlgroup ne $glgroup) {
+ ipif_permit($tlgroup, '=', $tlend, "$site - local endpoint");
}
$trend= var_site('rend').'/32';
$ix= 0;
$trnets= var_site('rnets');
}
$trend= var_site('rend').'/32';
$ix= 0;
$trnets= var_site('rnets');
- ipif_permit('', $trend, "$site - remote endpoint");
+ ipif_permit(
$tlgroup,
'', $trend, "$site - remote endpoint");
if ($trnets ne '-') {
foreach $rnet (split /,/, $trnets) {
if ($trnets ne '-') {
foreach $rnet (split /,/, $trnets) {
- ipif_permit('', $rnet, "$site - remote network #$ix");
+ ipif_permit(
$tlgroup,
'', $rnet, "$site - remote network #$ix");
$ix++;
}
}
$ix++;
}
}
~mdw / userv-utils / commitdiff