TABLE OF CONTENTS

libram-ipacl/libram-ipacl [ Generics ]

[ Top ] [ Generics ]

NAME

libram-ipacl - ipacl backend to libram

DESCRIPTION

libram-ipacl is a backend module for libram, that passes or blocks all incoming requests depending on an IP whitelist.

The libram-ipacl connection string consists of:

See libram-ipacl(5) for a description of the IP whitelist format.

SEE ALSO

libram(3), libramipacl(3), libram_init(3), libram-ipacl-whitelist(5)

libram-ipacl/libram-ipacl-whitelist [ Generics ]

[ Top ] [ libram-ipacl ] [ Generics ]

NAME

libram-ipacl-whitelist - libram-ipacl IP whilelist format

DESCRIPTION

The whitelist is organized in lines. Empty lines are ignored. Lines beginning with a hash sign are comments and are ignored. Non-empty and non commentary lines are ip rules. ip rules consist of three parts. the first part is the source address and source ports, the second part ist the destination address and destination ports. and the third part is the protocol part.

The source or destination address is either a single ip address, or an ip subnet consisting of the network address and the network mask delimited by a slash. The port is eihter a single port or a range of ports of the form [min-max]. Both, ip address and port can be specified with an asterisk, meaning any ip address or any port. Both IPv4 and IPv6 addresses are valid, but a rule may contain only IPv4 or IPv6 addresses.

The protocol part consists of the ip protocol (tcp or udp) and the protocol name. The protocol name is a freetext name, that is checked against the connect component of the connection header of libram_open(3).

EXAMPLE

# src_addr[/mask] src_port  dst_addr[/mask] dst_port  [tcp/udp] [name]
* *                         10.0.0.1 *                 * *
10.0.0.0/8 [100-200]        * *                        * *
0:1:0:1:0:1:0:0/96 21       8:8::/31 20                tcp http

SEE ALSO

libram(3), libramipacl(3), libram-ipacl(3)

libram-ipacl/libramipacl [ Variables ]

[ Top ] [ libram-ipacl ] [ Variables ]

NAME

libramipacl - libram_module structure for libram-ipacl module

DESCRIPTION

This variable define the libram_module(3) structure of the libram-ipacl(3) module.

SOURCE

struct libram_module libramipacl = {
        "ipacl",
        NULL,

        libramipacl_init,
        libramipacl_exit,

        libramipacl_open,
        libramipacl_data,
        libramipacl_close,

        libramipacl_fd,
        libramipacl_process,
        libramipacl_wait,
        libramipacl_free,
};

SEE ALSO

libram(3), libram_module(3), libram-ipacl(3)

libram-ipacl/libramipacl_close [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_close - libram_close function for libram-ipacl

SYNOPSIS

struct reply *libramipacl_close(ram_bh bh, int flags, long id, conn_payloadp d)

DESCRIPTION

libramipacl_close implements the libram_close function for the libram-ipacl module.

It returns libram_action_pass via libramipacl_result or NULL if flags contain LIBRAM_DISCARD_RESULT.

ARGUMENTS

RETURN

SEE ALSO

libramipacl_init(3), libramipacl_exit(3), libramipacl_open(3), libramipacl_data(3), libramipacl_result(3), ram_bh(3), conn_payload(3), libram_flags(3)

libram-ipacl/libramipacl_data [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_data - libram_data function for libram-ipacl

SYNOPSIS

struct reply *libramipacl_data(ram_bh bh, int flags, long id, conn_payload* d)

DESCRIPTION

libramipacl_data implements the libram_data function for the libram-ipacl module.

It returns libram_action_pass via libramipacl_result or NULL if flags contain LIBRAM_DISCARD_RESULT.

ARGUMENTS

RETURN

SEE ALSO

libramipacl_init(3), libramipacl_exit(3), libramipacl_result(3), ram_bh(3), conn_payload(3), libram_flags(3)

libram-ipacl/libramipacl_exit [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_exit - libram_exit function for libram-ipacl

SYNOPSIS

int libramipacl_exit(ram_bh bh)

DESCRIPTION

libramipacl_exit implements the libram_exit function for the libram-ipacl module. It frees the memory allocated by libramipacl_init(3)

ARGUMENTS

RETURN

0

SEE ALSO

libram-ipacl(3), libram(3), libram_exit(3), ramipacl_bh(3), libram_ipacl_free_rulelist(3)

libram-ipacl/libramipacl_fd [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_fd - get filedescriptor used by libramipacl

SYNOPSIS

int libramipacl_fd(ram_bh bh)

DESCRIPTION

libramipacl_fd is used to get the file descriptor used internally in libram-ipacl. No filedescriptor is used and libramipacl_fd() return -1.

Handling of asynchronous calls is handled within libram(3).

ARGUMENTS

RETURN

SEE ALSO

libram-ipacl(3), libramipacl_process(3), libramipacl_wait(3), libram(3)

libram-ipacl/libramipacl_free [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_free - free reply strucutre from libram_process and libram_wait

SYNOPSIS

void libramipacl_free(ram_bh bh, struct reply *res)

DESCRIPTION

libramipacl_free frees the memory allocated with libramipacl_process or libramipacl_wait.

ARGUMENTS

SEE ALSO

libram-ipacl(3), libramipacl_process(3), libramipacl_fd(3), libramipacl_wait(3), libram(3)

libram-ipacl/libramipacl_free_rulelist [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_free_rulelist - free ipacl rule_list

SYNOPSIS

void libramipacl_free_rulelist(struct libram_list *list)

DESCRIPTION

libramipacl_free_rulelist frees the list of struct iprule rules parsed by libramipacl_init()

ARGUMENTS

SEE ALSO

libram-ipacl(3), libram(3), ramipacl_bh(3), libramipacl_init(3), libramipacl_free(3)

libram-ipacl/libramipacl_init [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_init - libram_init function for libram-ipacl

SYNOPSIS

ram_bh libramipacl_init(char *connect, int *flags)

DESCRIPTION

libramipacl_init implements the libram_init function for the libram-ipacl module. It reads the whitelist file and creates a linked list containing the ruleset. See libram_init(3) for a general description of the connect and flags parameter. See libram-ipacl(3) for the description of the connect and flag parameters specific for the libram-ipacl(3) module.

ARGUMENTS

RETURN

NOTES

connect is parsed with strtok(3). strtok(3) alters the string and adds null characters to the string.

SEE ALSO

libram-ipacl(3), libram(3), libram_init(3), strtok(3), ramipacl_bh(3) libram_ipacl_free_rulelist(3)

libram-ipacl/libramipacl_open [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_open - libram_open function for libram-ipacl

SYNOPSIS

struct reply *libramipacl_open(ram_bh bh, int flags, 
                long id, conn_hdr* hdr, conn_payload* d)

DESCRIPTION

libramipacl_open implements the libram_open function for the libram-ipacl module.

It returns a result structure with libram_action_pass or libram_action_block depending on the IP whitelist rulesets. It returns NULL if the caller is not interested in any result, see LIBRAM_DISCARD_RESULT flag.

The blocking of connection has to be handled in the libram client that needs to check if libram_open returns libram_action_block. If libram_action_block is passed, the client has to implicitly close the connection and do not pass data with libram_data or libram_close.

Once a connection is allowed, the libram_data and libram_close functions allow the data by returning libram_action_pass via libramipacl_result to the caller.

ARGUMENTS

RETURN

SEE ALSO

libramipacl_init(3), libramipacl_exit(3), libramipacl_data(3), libramipacl_close(3), libramipacl_result(3), ram_bh(3), conn_hdr(3), conn_payload(3), libram_flags(3)

libram-ipacl/libramipacl_process [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_process - process input on libramipacl file descriptor

SYNOPSIS

struct reply *libramipacl_process(ram_bh bh, fd_set *fds)

DESCRIPTION

libramipacl_process handles input on the libramipacl file descriptor.

Since libram-ipacl is a synchronous module, it just returns NULL.

Handling of asynchronous calls is handled within libram(3).

ARGUMENTS

RETURN

SEE ALSO

libram-ipacl(3), libramipacl_fd(3), libramipacl_wait(3), libram(3)

libram-ipacl/libramipacl_result [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_result - result postprecessing for libramipacl callbacks

SYNOPSIS

struct reply * libramipacl_result(ram_bh bh, int flags, long id)

DESCRIPTION

libramipacl_result does postprocessing for some libramipacl callbacks. The decision if a connection may pass is handled in libramipacl_open. If the libramipacl_open callback returned acion_pass, all following libramipacl_data or libramipacl_close callbacks also return libram_action_pass by using this libramipacl_result function.

The postprocessing includes:

ARGUMENTS

RETURN

SEE ALSO

libramipacl_init(3), libramipacl_exit(3), ram_bh(3), libramipacl_open(3), libramipacl_data(3), libramipacl_close(3), libramipacl_wait(3), libramipacl_process(3), libramipacl_free(3), libram_flags(3)

libram-ipacl/libramipacl_wait [ Functions ]

[ Top ] [ libram-ipacl ] [ Functions ]

NAME

libramipacl_wait - wait for answer from libramipacl call

SYNOPSIS

struct reply *libramipacl_wait(ram_bh bh, int timeout)

DESCRIPTION

libramipacl_wait waits for an answer from a libramipacl remote procedure call.

Since libram-ipacl is a synchronous module, it just returns NULL.

Handling of asynchronous calls is handled within libram(3).

ARGUMENTS

RETURN

NOTES

The timeout is used for each select(3) call. This it gives no upper limit for the timeout in libramipacl_wait(3)

SEE ALSO

libram-ipacl(3), libramipacl_process(3), libramipacl_fd(3), libram(3)