diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2015-01-15 20:51:39 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2015-01-15 20:51:39 +0000 |
commit | ebfd0ba17e0d4b220725018d16e294e8e22a1745 (patch) | |
tree | 4b29683050ce9e8f24f1920f1be38b2f837ef5ad /doc/s6-tcpserver-access.html | |
parent | 20c7d8e1b328155145ce9e8648435e127b60c208 (diff) | |
download | s6-networking-ebfd0ba17e0d4b220725018d16e294e8e22a1745.tar.xz |
Move Unix domain socket and access control stuff to s6.
Move seekablepipe to s6-portable-utils.
Version: 2.0.1.0, release candidate
Diffstat (limited to 'doc/s6-tcpserver-access.html')
-rw-r--r-- | doc/s6-tcpserver-access.html | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/doc/s6-tcpserver-access.html b/doc/s6-tcpserver-access.html index a89d9e3..435c92d 100644 --- a/doc/s6-tcpserver-access.html +++ b/doc/s6-tcpserver-access.html @@ -163,13 +163,13 @@ needed to perform searches in a CDB than in the filesystem. </li> <p> The exact format of the ruleset is described on the -<a href="s6-accessrules-cdb-from-fs.html">s6-accessrules-cdb-from-fs</a> page. +<a href="http://skarnet.org/software/s6/s6-accessrules-cdb-from-fs.html">s6-accessrules-cdb-from-fs</a> page. </p> <p> s6-tcpserver-access first gets the remote address <em>ip</em> of the client and converts it to canonical form. Then it checks it with the -<a href="libs6net/accessrules.html#ip4">s6net_accessrules_keycheck_ip46()</a> +<a href="http://skarnet.org/software/s6/libs6/accessrules.html#ip4">s6_accessrules_keycheck_ip46()</a> function. In other words, it tries to match broader and broader network prefixes of <em>ip</em>, from <tt>ip4/</tt><em>ip</em><tt>_32</tt> to <tt>ip4/0.0.0.0_0</tt> if <em>ip</em> is v4, or from @@ -177,10 +177,10 @@ prefixes of <em>ip</em>, from <tt>ip4/</tt><em>ip</em><tt>_32</tt> to is v6. If the result is: </p> - <li> S6NET_ACCESSRULES_ERROR: it immediately exits 111. </li> - <li> S6NET_ACCESSRULES_DENY: it immediately exits 1. </li> - <li> S6NET_ACCESSRULES_ALLOW: it grants access. </li> - <li> S6NET_ACCESSRULES_NOTFOUND: more information is needed. </li> + <li> S6_ACCESSRULES_ERROR: it immediately exits 111. </li> + <li> S6_ACCESSRULES_DENY: it immediately exits 1. </li> + <li> S6_ACCESSRULES_ALLOW: it grants access. </li> + <li> S6_ACCESSRULES_NOTFOUND: more information is needed. </li> </ul> <p> @@ -188,12 +188,12 @@ is v6. If the result is: is denied. But if s6-tcpserver-access is authorized to perform DNS lookups, then it gets the remote name of the client, <em>remotehost</em>, and checks it with the -<a href="libs6net/accessrules.html#reversedns">s6net_accessrules_keycheck_reversedns()</a> +<a href="http://skarnet.org/software/s6/libs6/accessrules.html#reversedns">s6_accessrules_keycheck_reversedns()</a> function. In other words, it tries to match shorter and shorter suffixes of <em>remotehost</em>, from <tt>reversedns/</tt><em>remotehost</em> to <tt>reversedns/@</tt>. This time, the connection is denied is the result is anything else than -S6NET_ACCESSRULES_ALLOW. +S6_ACCESSRULES_ALLOW. </p> <p> @@ -208,7 +208,7 @@ query on <em>remotehost</em> does not match <em>ip</em>. s6-tcpserver-access interprets non-empty <tt>env</tt> subdirectories and <tt>exec</tt> files it finds in the matching rule of the ruleset, as explained -in the <a href="s6-accessrules-cdb-from-fs.html">s6-accessrules-cdb-from-fs</a> +in the <a href="http://skarnet.org/software/s6/s6-accessrules-cdb-from-fs.html">s6-accessrules-cdb-from-fs</a> page. </p> |