ilb_status_t
ilbd_retrieve_rule(ilbd_name_t rl_name, uint32_t *rbuf, size_t *rbufsz)
{
ilbd_rule_t *irl = NULL;
ilb_status_t rc;
ilb_rule_info_t *rinfo;
irl = i_find_rule_byname(rl_name);
if (irl == NULL)
return (ILB_STATUS_ENOENT);
ilbd_reply_ok(rbuf, rbufsz);
rinfo = (ilb_rule_info_t *)&((ilb_comm_t *)rbuf)->ic_data;
bcopy(&irl->irl_info, rinfo, sizeof (*rinfo));
/*
* Check if the various timeout values are 0. If one is, get the
* default values from kernel.
*/
if (rinfo->rl_conndrain == 0 || rinfo->rl_nat_timeout == 0 ||
rinfo->rl_sticky_timeout == 0) {
ilb_rule_info_t tmp_info;
(void) strcpy(tmp_info.rl_name, rinfo->rl_name);
rc = ilb_get_krule(&tmp_info);
if (rc != ILB_STATUS_OK)
return (rc);
if (rinfo->rl_conndrain == 0)
rinfo->rl_conndrain = tmp_info.rl_conndrain;
if ((rinfo->rl_topo == ILB_TOPO_NAT ||
rinfo->rl_topo == ILB_TOPO_HALF_NAT) &&
rinfo->rl_nat_timeout == 0) {
rinfo->rl_nat_timeout = tmp_info.rl_nat_timeout;
}
if ((rinfo->rl_flags & ILB_FLAGS_RULE_STICKY) &&
rinfo->rl_sticky_timeout == 0) {
rinfo->rl_sticky_timeout = tmp_info.rl_sticky_timeout;
}
}
*rbufsz += sizeof (ilb_rule_info_t);
return (ILB_STATUS_OK);
}
/*
* To show the kernel NAT table.
*
* cli: the client pointer making the request.
* ic: the client request.
* rbuf: reply buffer to be filled in.
* rbufsz: reply buffer size.
*/
ilb_status_t
ilbd_show_nat(void *cli, const ilb_comm_t *ic, uint32_t *rbuf, size_t *rbufsz)
{
ilb_show_info_t *req_si = (ilb_show_info_t *)&ic->ic_data;
ilb_list_nat_cmd_t *kcmd;
boolean_t start;
size_t tmp_rbufsz, kbufsz;
uint32_t max_num;
ilb_status_t ret;
int i;
ilb_show_info_t *reply;
ilb_nat_info_t *nat_ret;
/* For new client request, start from the beginning of the table. */
if (nat_cur_cli == NULL) {
nat_cur_cli = cli;
start = B_TRUE;
} else if (cli == nat_cur_cli) {
/*
* Another request from client. If the client does not
* want to continue, reset the current client and reply OK.
*/
if (ic->ic_flags & ILB_COMM_END) {
ilbd_show_nat_cleanup();
ilbd_reply_ok(rbuf, rbufsz);
return (ILB_STATUS_OK);
}
start = B_FALSE;
} else {
/* A request is on-going, so reject a new client. */
return (ILB_STATUS_INPROGRESS);
}
tmp_rbufsz = *rbufsz;
ilbd_reply_ok(rbuf, rbufsz);
reply = (ilb_show_info_t *)&((ilb_comm_t *)rbuf)->ic_data;
/*
* Calculate the max number of ilb_nat_info_t can be fitted in the
* reply.
*/
*rbufsz += sizeof (ilb_show_info_t *);
tmp_rbufsz -= *rbufsz;
max_num = tmp_rbufsz / sizeof (ilb_nat_info_t);
/*
* Calculate the exact number of entries we should request from kernel.
*/
max_num = min(req_si->sn_num, min(NUM_ENTRIES, max_num));
kbufsz = max_num * sizeof (ilb_nat_entry_t) +
offsetof(ilb_list_nat_cmd_t, entries);
if ((kcmd = malloc(kbufsz)) == NULL) {
logdebug("ilbd_show_nat: malloc(cmd)");
ilbd_reply_err(rbuf, rbufsz, ILB_STATUS_ENOMEM);
return (ILB_STATUS_ENOMEM);
}
kcmd->cmd = ILB_LIST_NAT_TABLE;
kcmd->flags = start ? ILB_LIST_BEGIN : ILB_LIST_CONT;
kcmd->num_nat = max_num;
if ((ret = do_ioctl(kcmd, kbufsz)) != ILB_STATUS_OK) {
logperror("ilbd_show_nat: ioctl(ILB_LIST_NAT_TABLE)");
ilbd_reply_err(rbuf, rbufsz, ret);
free(kcmd);
return (ret);
}
reply->sn_num = kcmd->num_nat;
*rbufsz += reply->sn_num * sizeof (ilb_nat_info_t);
/*
* It is the end of table, let the client know. And the transaction
* is done.
*/
if (kcmd->flags & ILB_LIST_END) {
nat_cur_cli = NULL;
} else {
/*
* ilbd_reply_ok() sets ic_flags to ILB_COMM_END by default.
* Need to clear it here.
*/
((ilb_comm_t *)rbuf)->ic_flags = 0;
}
nat_ret = (ilb_nat_info_t *)&reply->sn_data;
for (i = 0; i < kcmd->num_nat; i++) {
ilb_nat_entry_t *nat;
nat = &kcmd->entries[i];
nat_ret->nat_proto = nat->proto;
nat_ret->nat_in_local = nat->in_local;
nat_ret->nat_in_global = nat->in_global;
nat_ret->nat_out_local = nat->out_local;
nat_ret->nat_out_global = nat->out_global;
nat_ret->nat_in_local_port = nat->in_local_port;
nat_ret->nat_in_global_port = nat->in_global_port;
nat_ret->nat_out_local_port = nat->out_local_port;
nat_ret->nat_out_global_port = nat->out_global_port;
nat_ret++;
}
end:
free(kcmd);
return (ret);
}
/*
* this function *relies* on a complete message/data struct
* being passed in (currently via the SOCK_SEQPACKET socket type).
*
* Note that the size of ip is at most ILBD_MSG_SIZE.
*/
static ilb_status_t
consume_common_struct(ilb_comm_t *ic, size_t ic_sz, ilbd_client_t *cli,
int ev_port)
{
ilb_status_t rc;
struct passwd *ps;
size_t rbufsz;
ssize_t ret;
boolean_t standard_reply = B_TRUE;
ilbd_name_t name;
/*
* cli_ev must be overridden during handling of individual commands,
* if there's a special need; otherwise, leave this for
* the "default" case
*/
cli->cli_ev = ILBD_EVENT_REQ;
ps = &cli->cli_pw;
rbufsz = ILBD_MSG_SIZE;
/* Sanity check on the size of the static part of a request. */
if (ic_sz < ilbd_cmd_size(ic)) {
rc = ILB_STATUS_EINVAL;
goto out;
}
switch (ic->ic_cmd) {
case ILBD_CREATE_SERVERGROUP: {
ilb_sg_info_t sg_info;
/*
* ilbd_create_sg() only needs the sg_name field. But it
* takes in a ilb_sg_info_t because it is used as a callback
* in ilbd_walk_sg_pgs().
*/
(void) strlcpy(sg_info.sg_name, (char *)&(ic->ic_data),
sizeof (sg_info.sg_name));
rc = ilbd_create_sg(&sg_info, ev_port, ps,
cli->cli_peer_ucredp);
break;
}
case ILBD_DESTROY_SERVERGROUP:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_destroy_sg(name, ps, cli->cli_peer_ucredp);
break;
case ILBD_ADD_SERVER_TO_GROUP:
if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK)
break;
rc = ilbd_add_server_to_group((ilb_sg_info_t *)&ic->ic_data,
ev_port, ps, cli->cli_peer_ucredp);
break;
case ILBD_REM_SERVER_FROM_GROUP:
if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK)
break;
rc = ilbd_rem_server_from_group((ilb_sg_info_t *)&ic->ic_data,
ev_port, ps, cli->cli_peer_ucredp);
break;
case ILBD_ENABLE_SERVER:
if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK)
break;
rc = ilbd_enable_server((ilb_sg_info_t *)&ic->ic_data, ps,
cli->cli_peer_ucredp);
break;
case ILBD_DISABLE_SERVER:
if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK)
break;
rc = ilbd_disable_server((ilb_sg_info_t *)&ic->ic_data, ps,
cli->cli_peer_ucredp);
break;
case ILBD_SRV_ADDR2ID:
rc = ilbd_address_to_srvID((ilb_sg_info_t *)&ic->ic_data,
reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_SRV_ID2ADDR:
rc = ilbd_srvID_to_address((ilb_sg_info_t *)&ic->ic_data,
reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_RETRIEVE_SG_HOSTS:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_retrieve_sg_hosts(name, reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_RETRIEVE_SG_NAMES:
case ILBD_RETRIEVE_RULE_NAMES:
case ILBD_RETRIEVE_HC_NAMES:
rc = ilbd_retrieve_names(ic->ic_cmd, reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_CREATE_RULE:
rc = ilbd_create_rule((ilb_rule_info_t *)&ic->ic_data, ev_port,
ps, cli->cli_peer_ucredp);
break;
case ILBD_DESTROY_RULE:
/* Copy the name to ensure that name is NULL terminated. */
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_destroy_rule(name, ps, cli->cli_peer_ucredp);
break;
case ILBD_ENABLE_RULE:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_enable_rule(name, ps, cli->cli_peer_ucredp);
break;
case ILBD_DISABLE_RULE:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_disable_rule(name, ps, cli->cli_peer_ucredp);
break;
case ILBD_RETRIEVE_RULE:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_retrieve_rule(name, reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_CREATE_HC:
rc = ilbd_create_hc((ilb_hc_info_t *)&ic->ic_data, ev_port, ps,
cli->cli_peer_ucredp);
break;
case ILBD_DESTROY_HC:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_destroy_hc(name, ps, cli->cli_peer_ucredp);
break;
case ILBD_GET_HC_INFO:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_get_hc_info(name, reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_GET_HC_SRVS:
(void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name));
rc = ilbd_get_hc_srvs(name, reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_SHOW_NAT:
rc = ilbd_show_nat(cli, ic, reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
case ILBD_SHOW_PERSIST:
rc = ilbd_show_sticky(cli, ic, reply_buf, &rbufsz);
if (rc == ILB_STATUS_OK)
standard_reply = B_FALSE;
break;
default:
logdebug("consume_common_struct: unknown command");
rc = ILB_STATUS_INVAL_CMD;
break;
}
out:
/*
* The message exchange is always in pairs, request/response. If
* a transaction requires multiple exchanges, the client will send
* in multiple requests to get multiple responses. The show-nat and
* show-persist request are examples of this. The end of transaction
* is marked with ic_flags set to ILB_COMM_END.
*/
/* This is the standard reply. */
if (standard_reply) {
if (rc == ILB_STATUS_OK)
ilbd_reply_ok(reply_buf, &rbufsz);
else
ilbd_reply_err(reply_buf, &rbufsz, rc);
}
if ((ret = send(cli->cli_sd, reply_buf, rbufsz, 0)) != rbufsz) {
if (ret == -1) {
if (errno != EWOULDBLOCK) {
logdebug("consume_common_struct: send: %s",
strerror(errno));
rc = ILB_STATUS_SEND;
goto err_out;
}
/*
* The reply is blocked, save the reply. handle_req()
* will associate the event port for the re-send.
*/
assert(cli->cli_saved_reply == NULL);
if ((cli->cli_saved_reply = malloc(rbufsz)) == NULL) {
/*
* Set the error to ILB_STATUS_SEND so that
* handle_req() will free the client.
*/
logdebug("consume_common_struct: failure to "
"allocate memory to save reply");
rc = ILB_STATUS_SEND;
goto err_out;
}
bcopy(reply_buf, cli->cli_saved_reply, rbufsz);
cli->cli_saved_size = rbufsz;
return (ILB_STATUS_EWOULDBLOCK);
}
}
err_out:
return (rc);
}
