| 1 | #!/usr/bin/perl -w |
| 2 | # |
| 3 | # When invoked appropriately, it creates a point-to-point network |
| 4 | # interface with specified parameters. It arranges for packets sent out |
| 5 | # via that interface by the kernel to appear on its own stdout in SLIP or |
| 6 | # CSLIP encoding, and packets injected into its own stdin to be given to |
| 7 | # the kernel as if received on that interface. Optionally, additional |
| 8 | # routes can be set up to arrange for traffic for other address ranges to |
| 9 | # be routed through the new interface. |
| 10 | # |
| 11 | # This is the access control wrapper for the service program. |
| 12 | # Arrangments should be made to invoke this as root from userv. |
| 13 | # |
| 14 | # Usage: |
| 15 | # |
| 16 | # .../ipif1 <v1config> -- <service-args>... |
| 17 | # |
| 18 | # Config file is a series of lines. |
| 19 | # |
| 20 | # permit <keyword>.... |
| 21 | # |
| 22 | # if caller, local addr, all remote addrs and networks, and |
| 23 | # ifname, all match, permits the request (and stops reading |
| 24 | # the config) |
| 25 | # |
| 26 | # group <groupname>|<gid> |
| 27 | # matches caller if they are in that group |
| 28 | # user <username>|<uid> |
| 29 | # matches caller if they are that user |
| 30 | # everyone |
| 31 | # always matches caller |
| 32 | # |
| 33 | # hostnet <ipaddr>/<prefixlen> |
| 34 | # equivalent to local <ipv4addr> remote <ipv4addr&prefix> |
| 35 | # local <ipaddr> |
| 36 | # matches local address when it is <ipv4addr> |
| 37 | # remote <ipnetnet>/<prefixlen> |
| 38 | # matches aplicable remote addrs (including p-t-p) |
| 39 | # addrs <ipaddr>|<ipnetnet>/<prefixlen> |
| 40 | # matches applicable local ore remote addrs |
| 41 | # |
| 42 | # ifname <ifname> |
| 43 | # matches interface name if it is exactly <ifname> |
| 44 | # (<ifname> may contain %d, which is interpreted by |
| 45 | # the kernel) |
| 46 | # wildcards are not supported |
| 47 | # if a permit has no ifname at all, it is as if |
| 48 | # `ifname userv%d' was specified |
| 49 | # |
| 50 | # v0config <v0configfile> |
| 51 | # |
| 52 | # If none of the `permit' lines match, will read <v0configfile> |
| 53 | # in old format. Must be the last line in the file. |
| 54 | # |
| 55 | # <config> -- |
| 56 | |
| 57 | use strict; |