[userv-utils] / ipif / service-wrap

#!/usr/bin/perl -w
#
# When invoked appropriately, it creates a point-to-point network
# interface with specified parameters.  It arranges for packets sent out
# via that interface by the kernel to appear on its own stdout in SLIP or
# CSLIP encoding, and packets injected into its own stdin to be given to
# the kernel as if received on that interface.  Optionally, additional
# routes can be set up to arrange for traffic for other address ranges to
# be routed through the new interface.
# 
# This is the access control wrapper for the service program.
# Arrangments should be made to invoke this as root from userv.
#
# Usage:
#
#   .../ipif1 <v1config> -- <service-args>...
#
# Config file is a series of lines.
#
#   permit <keyword>....
#
#      if caller, local addr, all remote addrs and networks, and
#      ifname, all match, permits the request (and stops reading
#      the config)
#
#          group <groupname>|<gid>
#              matches caller if they are in that group
#          user <username>|<uid>
#              matches caller if they are that user
#          everyone
#              always matches caller
#
#          hostnet <ipaddr>/<prefixlen>
#              equivalent to   local <ipv4addr> remote <ipv4addr&prefix>
#          local <ipaddr>
#              matches local address when it is <ipv4addr>
#          remote <ipnetnet>/<prefixlen>
#              matches aplicable remote addrs (including p-t-p)
#          addrs <ipaddr>|<ipnetnet>/<prefixlen>
#              matches applicable local ore remote addrs
#
#          ifname <ifname>
#              matches interface name if it is exactly <ifname>
#              (<ifname> may contain %d, which is interpreted by
#              the kernel)
#              wildcards are not supported
#              if a permit has no ifname at all, it is as if
#              `ifname userv%d' was specified
#
#   v0config <v0configfile>
#
#     If none of the `permit' lines match, will read <v0configfile>
#     in old format.  Must be the last line in the file.     
#
#   <config> --

use strict;
Commit	Line	Data
08e5c1c8 IJ	1	#!/usr/bin/perl -w
	2	#
	3	# When invoked appropriately, it creates a point-to-point network
	4	# interface with specified parameters. It arranges for packets sent out
	5	# via that interface by the kernel to appear on its own stdout in SLIP or
	6	# CSLIP encoding, and packets injected into its own stdin to be given to
	7	# the kernel as if received on that interface. Optionally, additional
	8	# routes can be set up to arrange for traffic for other address ranges to
	9	# be routed through the new interface.
	10	#
	11	# This is the access control wrapper for the service program.
	12	# Arrangments should be made to invoke this as root from userv.
	13	#
	14	# Usage:
	15	#
	16	# .../ipif1 <v1config> -- <service-args>...
	17	#
	18	# Config file is a series of lines.
	19	#
	20	# permit <keyword>....
	21	#
	22	# if caller, local addr, all remote addrs and networks, and
	23	# ifname, all match, permits the request (and stops reading
	24	# the config)
	25	#
	26	# group <groupname>\|<gid>
	27	# matches caller if they are in that group
	28	# user <username>\|<uid>
	29	# matches caller if they are that user
	30	# everyone
	31	# always matches caller
	32	#
	33	# hostnet <ipaddr>/<prefixlen>
	34	# equivalent to local <ipv4addr> remote <ipv4addr&prefix>
	35	# local <ipaddr>
	36	# matches local address when it is <ipv4addr>
	37	# remote <ipnetnet>/<prefixlen>
	38	# matches aplicable remote addrs (including p-t-p)
	39	# addrs <ipaddr>\|<ipnetnet>/<prefixlen>
	40	# matches applicable local ore remote addrs
	41	#
	42	# ifname <ifname>
	43	# matches interface name if it is exactly <ifname>
	44	# (<ifname> may contain %d, which is interpreted by
	45	# the kernel)
	46	# wildcards are not supported
	47	# if a permit has no ifname at all, it is as if
	48	# `ifname userv%d' was specified
	49	#
	50	# v0config <v0configfile>
	51	#
	52	# If none of the `permit' lines match, will read <v0configfile>
	53	# in old format. Must be the last line in the file.
	54	#
	55	# <config> --
	56
	57	use strict;