GitHub - spc476/ipacld: Provides a way for usercode to bind to priviledged ports via a daemon

spc476 / ipacld Public

Notifications You must be signed in to change notification settings
Fork 0
Star 2

Provides a way for usercode to bind to priviledged ports via a daemon

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 91 Commits
LICENSE		LICENSE
Makefile		Makefile
README		README
client.lua		client.lua
ipacl-client.c		ipacl-client.c
ipacl-proto.h		ipacl-proto.h
ipacl-server.c		ipacl-server.c
ipacl-server.h		ipacl-server.h
ipacl.h		ipacl.h
ipacl.lua		ipacl.lua
ipacld		ipacld
ipacllua-s.c		ipacllua-s.c
ipacllua.c		ipacllua.c
ipaclsrv.c		ipaclsrv.c
ipacltest.c		ipacltest.c

Repository files navigation

IP ACL Daemon.

This daemon reads the configuration file (defaults to ipacl.conf in the
current working directory; you can specify a configuration file on the 
command line) specifying which users can bind to which IP (or IPv6) ports.

It then listens for datagrams on /dev/ipacl.  When it receives one, it
checks the credentials of the sending process, and if allowed, will create
and bind to the requested IP port and send it to the requesting process.

Known limitations at this point:

	* only IP and IPv6 addresses allowed.
	* the existing Lua bindings are still pretty raw
	* only Lua 5.1 is supported
	* only runs in the foreground (but there's a reason for this)

This is more of a proof-of-concept at this stage, but it works, and I'm
surprised that nothing like this hasn't already been written.  What an odd
omission.

You'll need to install the Conman Lua packages, available at

	https://github.com/spc476/lua-conmanorg

Anyway, check ipacl.lua to see how this work.