ilb_status_t ilbd_retrieve_rule(ilbd_name_t rl_name, uint32_t *rbuf, size_t *rbufsz) { ilbd_rule_t *irl = NULL; ilb_status_t rc; ilb_rule_info_t *rinfo; irl = i_find_rule_byname(rl_name); if (irl == NULL) return (ILB_STATUS_ENOENT); ilbd_reply_ok(rbuf, rbufsz); rinfo = (ilb_rule_info_t *)&((ilb_comm_t *)rbuf)->ic_data; bcopy(&irl->irl_info, rinfo, sizeof (*rinfo)); /* * Check if the various timeout values are 0. If one is, get the * default values from kernel. */ if (rinfo->rl_conndrain == 0 || rinfo->rl_nat_timeout == 0 || rinfo->rl_sticky_timeout == 0) { ilb_rule_info_t tmp_info; (void) strcpy(tmp_info.rl_name, rinfo->rl_name); rc = ilb_get_krule(&tmp_info); if (rc != ILB_STATUS_OK) return (rc); if (rinfo->rl_conndrain == 0) rinfo->rl_conndrain = tmp_info.rl_conndrain; if ((rinfo->rl_topo == ILB_TOPO_NAT || rinfo->rl_topo == ILB_TOPO_HALF_NAT) && rinfo->rl_nat_timeout == 0) { rinfo->rl_nat_timeout = tmp_info.rl_nat_timeout; } if ((rinfo->rl_flags & ILB_FLAGS_RULE_STICKY) && rinfo->rl_sticky_timeout == 0) { rinfo->rl_sticky_timeout = tmp_info.rl_sticky_timeout; } } *rbufsz += sizeof (ilb_rule_info_t); return (ILB_STATUS_OK); }
/* * To show the kernel NAT table. * * cli: the client pointer making the request. * ic: the client request. * rbuf: reply buffer to be filled in. * rbufsz: reply buffer size. */ ilb_status_t ilbd_show_nat(void *cli, const ilb_comm_t *ic, uint32_t *rbuf, size_t *rbufsz) { ilb_show_info_t *req_si = (ilb_show_info_t *)&ic->ic_data; ilb_list_nat_cmd_t *kcmd; boolean_t start; size_t tmp_rbufsz, kbufsz; uint32_t max_num; ilb_status_t ret; int i; ilb_show_info_t *reply; ilb_nat_info_t *nat_ret; /* For new client request, start from the beginning of the table. */ if (nat_cur_cli == NULL) { nat_cur_cli = cli; start = B_TRUE; } else if (cli == nat_cur_cli) { /* * Another request from client. If the client does not * want to continue, reset the current client and reply OK. */ if (ic->ic_flags & ILB_COMM_END) { ilbd_show_nat_cleanup(); ilbd_reply_ok(rbuf, rbufsz); return (ILB_STATUS_OK); } start = B_FALSE; } else { /* A request is on-going, so reject a new client. */ return (ILB_STATUS_INPROGRESS); } tmp_rbufsz = *rbufsz; ilbd_reply_ok(rbuf, rbufsz); reply = (ilb_show_info_t *)&((ilb_comm_t *)rbuf)->ic_data; /* * Calculate the max number of ilb_nat_info_t can be fitted in the * reply. */ *rbufsz += sizeof (ilb_show_info_t *); tmp_rbufsz -= *rbufsz; max_num = tmp_rbufsz / sizeof (ilb_nat_info_t); /* * Calculate the exact number of entries we should request from kernel. */ max_num = min(req_si->sn_num, min(NUM_ENTRIES, max_num)); kbufsz = max_num * sizeof (ilb_nat_entry_t) + offsetof(ilb_list_nat_cmd_t, entries); if ((kcmd = malloc(kbufsz)) == NULL) { logdebug("ilbd_show_nat: malloc(cmd)"); ilbd_reply_err(rbuf, rbufsz, ILB_STATUS_ENOMEM); return (ILB_STATUS_ENOMEM); } kcmd->cmd = ILB_LIST_NAT_TABLE; kcmd->flags = start ? ILB_LIST_BEGIN : ILB_LIST_CONT; kcmd->num_nat = max_num; if ((ret = do_ioctl(kcmd, kbufsz)) != ILB_STATUS_OK) { logperror("ilbd_show_nat: ioctl(ILB_LIST_NAT_TABLE)"); ilbd_reply_err(rbuf, rbufsz, ret); free(kcmd); return (ret); } reply->sn_num = kcmd->num_nat; *rbufsz += reply->sn_num * sizeof (ilb_nat_info_t); /* * It is the end of table, let the client know. And the transaction * is done. */ if (kcmd->flags & ILB_LIST_END) { nat_cur_cli = NULL; } else { /* * ilbd_reply_ok() sets ic_flags to ILB_COMM_END by default. * Need to clear it here. */ ((ilb_comm_t *)rbuf)->ic_flags = 0; } nat_ret = (ilb_nat_info_t *)&reply->sn_data; for (i = 0; i < kcmd->num_nat; i++) { ilb_nat_entry_t *nat; nat = &kcmd->entries[i]; nat_ret->nat_proto = nat->proto; nat_ret->nat_in_local = nat->in_local; nat_ret->nat_in_global = nat->in_global; nat_ret->nat_out_local = nat->out_local; nat_ret->nat_out_global = nat->out_global; nat_ret->nat_in_local_port = nat->in_local_port; nat_ret->nat_in_global_port = nat->in_global_port; nat_ret->nat_out_local_port = nat->out_local_port; nat_ret->nat_out_global_port = nat->out_global_port; nat_ret++; } end: free(kcmd); return (ret); }
/* * this function *relies* on a complete message/data struct * being passed in (currently via the SOCK_SEQPACKET socket type). * * Note that the size of ip is at most ILBD_MSG_SIZE. */ static ilb_status_t consume_common_struct(ilb_comm_t *ic, size_t ic_sz, ilbd_client_t *cli, int ev_port) { ilb_status_t rc; struct passwd *ps; size_t rbufsz; ssize_t ret; boolean_t standard_reply = B_TRUE; ilbd_name_t name; /* * cli_ev must be overridden during handling of individual commands, * if there's a special need; otherwise, leave this for * the "default" case */ cli->cli_ev = ILBD_EVENT_REQ; ps = &cli->cli_pw; rbufsz = ILBD_MSG_SIZE; /* Sanity check on the size of the static part of a request. */ if (ic_sz < ilbd_cmd_size(ic)) { rc = ILB_STATUS_EINVAL; goto out; } switch (ic->ic_cmd) { case ILBD_CREATE_SERVERGROUP: { ilb_sg_info_t sg_info; /* * ilbd_create_sg() only needs the sg_name field. But it * takes in a ilb_sg_info_t because it is used as a callback * in ilbd_walk_sg_pgs(). */ (void) strlcpy(sg_info.sg_name, (char *)&(ic->ic_data), sizeof (sg_info.sg_name)); rc = ilbd_create_sg(&sg_info, ev_port, ps, cli->cli_peer_ucredp); break; } case ILBD_DESTROY_SERVERGROUP: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_destroy_sg(name, ps, cli->cli_peer_ucredp); break; case ILBD_ADD_SERVER_TO_GROUP: if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK) break; rc = ilbd_add_server_to_group((ilb_sg_info_t *)&ic->ic_data, ev_port, ps, cli->cli_peer_ucredp); break; case ILBD_REM_SERVER_FROM_GROUP: if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK) break; rc = ilbd_rem_server_from_group((ilb_sg_info_t *)&ic->ic_data, ev_port, ps, cli->cli_peer_ucredp); break; case ILBD_ENABLE_SERVER: if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK) break; rc = ilbd_enable_server((ilb_sg_info_t *)&ic->ic_data, ps, cli->cli_peer_ucredp); break; case ILBD_DISABLE_SERVER: if ((rc = ilbd_check_req_size(ic, ic_sz)) != ILB_STATUS_OK) break; rc = ilbd_disable_server((ilb_sg_info_t *)&ic->ic_data, ps, cli->cli_peer_ucredp); break; case ILBD_SRV_ADDR2ID: rc = ilbd_address_to_srvID((ilb_sg_info_t *)&ic->ic_data, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_SRV_ID2ADDR: rc = ilbd_srvID_to_address((ilb_sg_info_t *)&ic->ic_data, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_RETRIEVE_SG_HOSTS: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_retrieve_sg_hosts(name, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_RETRIEVE_SG_NAMES: case ILBD_RETRIEVE_RULE_NAMES: case ILBD_RETRIEVE_HC_NAMES: rc = ilbd_retrieve_names(ic->ic_cmd, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_CREATE_RULE: rc = ilbd_create_rule((ilb_rule_info_t *)&ic->ic_data, ev_port, ps, cli->cli_peer_ucredp); break; case ILBD_DESTROY_RULE: /* Copy the name to ensure that name is NULL terminated. */ (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_destroy_rule(name, ps, cli->cli_peer_ucredp); break; case ILBD_ENABLE_RULE: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_enable_rule(name, ps, cli->cli_peer_ucredp); break; case ILBD_DISABLE_RULE: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_disable_rule(name, ps, cli->cli_peer_ucredp); break; case ILBD_RETRIEVE_RULE: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_retrieve_rule(name, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_CREATE_HC: rc = ilbd_create_hc((ilb_hc_info_t *)&ic->ic_data, ev_port, ps, cli->cli_peer_ucredp); break; case ILBD_DESTROY_HC: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_destroy_hc(name, ps, cli->cli_peer_ucredp); break; case ILBD_GET_HC_INFO: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_get_hc_info(name, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_GET_HC_SRVS: (void) strlcpy(name, (char *)&(ic->ic_data), sizeof (name)); rc = ilbd_get_hc_srvs(name, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_SHOW_NAT: rc = ilbd_show_nat(cli, ic, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; case ILBD_SHOW_PERSIST: rc = ilbd_show_sticky(cli, ic, reply_buf, &rbufsz); if (rc == ILB_STATUS_OK) standard_reply = B_FALSE; break; default: logdebug("consume_common_struct: unknown command"); rc = ILB_STATUS_INVAL_CMD; break; } out: /* * The message exchange is always in pairs, request/response. If * a transaction requires multiple exchanges, the client will send * in multiple requests to get multiple responses. The show-nat and * show-persist request are examples of this. The end of transaction * is marked with ic_flags set to ILB_COMM_END. */ /* This is the standard reply. */ if (standard_reply) { if (rc == ILB_STATUS_OK) ilbd_reply_ok(reply_buf, &rbufsz); else ilbd_reply_err(reply_buf, &rbufsz, rc); } if ((ret = send(cli->cli_sd, reply_buf, rbufsz, 0)) != rbufsz) { if (ret == -1) { if (errno != EWOULDBLOCK) { logdebug("consume_common_struct: send: %s", strerror(errno)); rc = ILB_STATUS_SEND; goto err_out; } /* * The reply is blocked, save the reply. handle_req() * will associate the event port for the re-send. */ assert(cli->cli_saved_reply == NULL); if ((cli->cli_saved_reply = malloc(rbufsz)) == NULL) { /* * Set the error to ILB_STATUS_SEND so that * handle_req() will free the client. */ logdebug("consume_common_struct: failure to " "allocate memory to save reply"); rc = ILB_STATUS_SEND; goto err_out; } bcopy(reply_buf, cli->cli_saved_reply, rbufsz); cli->cli_saved_size = rbufsz; return (ILB_STATUS_EWOULDBLOCK); } } err_out: return (rc); }