/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
* Copyright 2012 Milan Jurik. All rights reserved.
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <strings.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/list.h>
#include <netdb.h>
#include <ofmt.h>
#include <assert.h>
#include <libilb.h>
#include "ilbadm.h"
static ilbadm_key_name_t rl_incoming_keys[] = {
{ILB_KEY_VIP, "vip", ""},
{ILB_KEY_PORT, "port", ""},
{ILB_KEY_PROTOCOL, "protocol", "prot"},
{ILB_KEY_BAD, "", ""}
};
static ilbadm_key_name_t rl_method_keys[] = {
{ILB_KEY_ALGORITHM, "lbalg", "algo"},
{ILB_KEY_TYPE, "type", "topo"},
{ILB_KEY_SRC, "proxy-src", "nat-src"},
{ILB_KEY_STICKY, "pmask", "persist"},
{ILB_KEY_BAD, "", ""}
};
static ilbadm_key_name_t rl_outgoing_keys[] = {
{ILB_KEY_SERVERGROUP, "servergroup", "sg"},
{ILB_KEY_BAD, "", ""}
};
static ilbadm_key_name_t rl_healthchk_keys[] = {
{ILB_KEY_HEALTHCHECK, "hc-name", "hcn"},
{ILB_KEY_HCPORT, "hc-port", "hcp"},
{ILB_KEY_BAD, "", ""}
};
static ilbadm_key_name_t rl_timer_keys[] = {
{ILB_KEY_CONNDRAIN, "conn-drain", ""},
{ILB_KEY_NAT_TO, "nat-timeout", ""},
{ILB_KEY_STICKY_TO, "persist-timeout", ""},
{ILB_KEY_BAD, "", ""}
};
static ilbadm_key_name_t *all_keys[] = {
rl_incoming_keys, rl_method_keys, rl_outgoing_keys,
rl_healthchk_keys, rl_timer_keys, NULL
};
/* field ids for of_* functions */
#define OF_IP_VIP 0
#define OF_IP_PROXYSRC 1
#define OF_IP_STICKYMASK 2
#define OF_STR_RNAME 0
#define OF_STR_HCNAME 1
#define OF_STR_SGNAME 2
#define OF_STR_INTERFACE 3
#define OF_PORT 0
#define OF_HCPORT 1
#define OF_T_CONN 0
#define OF_T_NAT 1
#define OF_T_STICKY 2
#define OF_SRV_ID 0
#define OF_SRV_ADDR 1
#define OF_SRV_PORT 2
#define OF_SRV_STATUS 3
#define OF_SRV_RNAME 4
#define OF_SRV_SGNAME 5
#define OF_SRV_HOSTNAME 6
/* some field sizes of ofmt_field_t arrays */
#define IPv4_FIELDWIDTH 16
#define IPv6_FIELDWIDTH 39
#define ILB_HOSTNAMELEN 20
#define ILB_STATUSFIELD_LEN 7
typedef struct arg_struct {
int flags;
char *o_str;
ofmt_field_t *o_fields;
ofmt_handle_t oh;
} ilbadm_sh_rl_arg_t;
typedef struct ilbadm_rl_exp_arg {
FILE *fp;
} ilbadm_rl_exp_arg_t;
typedef struct ilbadm_rl_list_arg {
ilb_handle_t h;
ilb_rule_data_t *rd;
} ilbadm_rl_list_arg_t;
typedef struct ilbadm_rl_srvlist_arg {
char *sgname;
ilb_server_data_t *sd;
ilb_rule_data_t *rd;
int flags;
char *o_str;
ofmt_field_t *o_fields;
ofmt_handle_t oh;
} ilbadm_rl_srvlist_arg_t;
static ofmt_cb_t of_algo;
static ofmt_cb_t of_proto;
static ofmt_cb_t of_rl_ip;
static ofmt_cb_t of_rl_mask;
static ofmt_cb_t of_rport;
static ofmt_cb_t of_rstatus;
static ofmt_cb_t of_str;
static ofmt_cb_t of_time;
static ofmt_cb_t of_topo;
static ofmt_cb_t of_rl_srvlist;
static boolean_t of_srv2str(ofmt_arg_t *, char *, uint_t);
static boolean_t of_port2str(in_port_t, in_port_t, char *, uint_t);
static ofmt_field_t rfields_v4[] = {
{"RULENAME", ILB_NAMESZ, OF_STR_RNAME, of_str},
{"STATUS", ILB_STATUSFIELD_LEN, 0, of_rstatus},
{"PORT", 10, OF_PORT, of_rport},
{"PROTOCOL", 5, 0, of_proto},
{"LBALG", 12, 0, of_algo},
{"TYPE", 8, 0, of_topo},
{"PROXY-SRC", 2*IPv4_FIELDWIDTH+1, OF_IP_PROXYSRC, of_rl_ip},
{"PMASK", 6, OF_IP_STICKYMASK, of_rl_mask},
{"HC-NAME", ILB_NAMESZ, OF_STR_HCNAME, of_str},
{"HC-PORT", 8, OF_HCPORT, of_rport},
{"CONN-DRAIN", 11, OF_T_CONN, of_time},
{"NAT-TIMEOUT", 12, OF_T_NAT, of_time},
{"PERSIST-TIMEOUT", 16, OF_T_STICKY, of_time},
{"SERVERGROUP", ILB_SGNAME_SZ, OF_STR_SGNAME, of_str},
{"VIP", IPv4_FIELDWIDTH, OF_IP_VIP, of_rl_ip},
{"SERVERS", 20, 0, of_rl_srvlist},
{NULL, 0, 0, NULL}
};
static ofmt_field_t rfields_v6[] = {
{"RULENAME", ILB_NAMESZ, OF_STR_RNAME, of_str},
{"STATUS", ILB_STATUSFIELD_LEN, 0, of_rstatus},
{"PORT", 10, OF_PORT, of_rport},
{"PROTOCOL", 5, 0, of_proto},
{"LBALG", 12, 0, of_algo},
{"TYPE", 8, 0, of_topo},
{"PROXY-SRC", IPv6_FIELDWIDTH, OF_IP_PROXYSRC, of_rl_ip},
{"PMASK", 6, OF_IP_STICKYMASK, of_rl_mask},
{"HC-NAME", ILB_NAMESZ, OF_STR_HCNAME, of_str},
{"HC-PORT", 8, OF_HCPORT, of_rport},
{"CONN-DRAIN", 11, OF_T_CONN, of_time},
{"NAT-TIMEOUT", 12, OF_T_NAT, of_time},
{"PERSIST-TIMEOUT", 16, OF_T_STICKY, of_time},
{"SERVERGROUP", ILB_SGNAME_SZ, OF_STR_SGNAME, of_str},
{"VIP", IPv6_FIELDWIDTH, OF_IP_VIP, of_rl_ip},
{"SERVERS", 20, 0, of_rl_srvlist},
{NULL, 0, 0, NULL}
};
static ofmt_field_t ssfields_v4[] = {
{"SERVERID", ILB_NAMESZ, OF_SRV_ID, of_srv2str},
{"ADDRESS", IPv4_FIELDWIDTH, OF_SRV_ADDR, of_srv2str},
{"PORT", 5, OF_SRV_PORT, of_srv2str},
{"RULENAME", ILB_NAMESZ, OF_SRV_RNAME, of_srv2str},
{"STATUS", ILB_STATUSFIELD_LEN, OF_SRV_STATUS, of_srv2str},
{"SERVERGROUP", ILB_SGNAME_SZ, OF_SRV_SGNAME, of_srv2str},
{"HOSTNAME", ILB_HOSTNAMELEN, OF_SRV_HOSTNAME, of_srv2str},
{NULL, 0, 0, NULL}
};
static ofmt_field_t ssfields_v6[] = {
{"SERVERID", ILB_NAMESZ, OF_SRV_ID, of_srv2str},
{"ADDRESS", IPv6_FIELDWIDTH, OF_SRV_ADDR, of_srv2str},
{"PORT", 5, OF_SRV_PORT, of_srv2str},
{"RULENAME", ILB_NAMESZ, OF_SRV_RNAME, of_srv2str},
{"STATUS", ILB_STATUSFIELD_LEN, OF_SRV_STATUS, of_srv2str},
{"SERVERGROUP", ILB_SGNAME_SZ, OF_SRV_SGNAME, of_srv2str},
{"HOSTNAME", ILB_HOSTNAMELEN, OF_SRV_HOSTNAME, of_srv2str},
{NULL, 0, 0, NULL}
};
extern int optind, optopt, opterr;
extern char *optarg;
extern ilbadm_val_type_t algo_types[];
extern ilbadm_val_type_t topo_types[];
static char *
i_key_to_opt(ilbadm_key_name_t *n, ilbadm_key_code_t k)
{
int i;
for (i = 0; n[i].k_key != ILB_KEY_BAD; i++)
if (n[i].k_key == k)
break;
return (n[i].k_name);
}
char *
ilbadm_key_to_opt(ilbadm_key_code_t k)
{
char *name;
int i;
for (i = 0; all_keys[i] != NULL; i++) {
name = i_key_to_opt(all_keys[i], k);
if (*name != '\0')
return (name);
}
return (NULL);
}
/*
* ports are in HOST byte order
*/
static void
ports2str(short port1, short port2, char *buf, const int sz)
{
if (port2 <= port1)
(void) snprintf(buf, sz, "port=%d", port1);
else
(void) snprintf(buf, sz, "port=%d-%d", port1, port2);
}
static void
proto2str(short proto, char *buf, int sz)
{
struct protoent *pe;
pe = getprotobynumber((int)proto);
if (pe != NULL)
(void) snprintf(buf, sz, "protocol=%s", pe->p_name);
else
(void) sprintf(buf, "(bad proto %d)", proto);
}
static void
algo2str(ilb_algo_t algo, char *buf, int sz)
{
char *s = i_str_from_val((int)algo, &algo_types[0]);
(void) snprintf(buf, sz, "lbalg=%s", (s && *s) ? s : "(bad algo)");
}
static int
algo2bare_str(ilb_algo_t algo, char *buf, int sz)
{
char *s = i_str_from_val((int)algo, &algo_types[0]);
return (snprintf(buf, sz, "%s", (s && *s) ? s : ""));
}
static void
topo2str(ilb_topo_t topo, char *buf, int sz)
{
char *s = i_str_from_val((int)topo, &topo_types[0]);
(void) snprintf(buf, sz, "type=%s", (s && *s) ? s : "(bad type)");
}
static int
topo2bare_str(ilb_topo_t topo, char *buf, int sz)
{
char *s = i_str_from_val((int)topo, &topo_types[0]);
return (snprintf(buf, sz, "%s", (s && *s) ? s : ""));
}
static boolean_t
of_str(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
switch (of_arg->ofmt_id) {
case OF_STR_RNAME:
(void) strlcpy(buf, rd->r_name, bufsize);
break;
case OF_STR_SGNAME:
(void) strlcpy(buf, rd->r_sgname, bufsize);
break;
case OF_STR_HCNAME:
if (rd->r_hcname != NULL && *(rd->r_hcname) != '\0')
(void) strlcpy(buf, rd->r_hcname, bufsize);
break;
}
return (B_TRUE);
}
/* ARGSUSED */
static boolean_t
of_proto(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
if (rd->r_proto == IPPROTO_TCP)
(void) strlcpy(buf, "TCP", bufsize);
else if (rd->r_proto == IPPROTO_UDP)
(void) strlcpy(buf, "UDP", bufsize);
else
return (B_FALSE);
return (B_TRUE);
}
static boolean_t
of_rl_ip(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
ilb_ip_addr_t *ip = NULL, *ip2 = NULL;
switch (of_arg->ofmt_id) {
case OF_IP_VIP:
ip = &rd->r_vip;
break;
case OF_IP_PROXYSRC:
ip = &rd->r_nat_src_start;
ip2 = &rd->r_nat_src_end;
break;
case OF_IP_STICKYMASK:
ip = &rd->r_stickymask;
break;
}
/* only print something valid */
if (ip != NULL && (ip->ia_af == AF_INET || ip->ia_af == AF_INET6))
ip2str(ip, buf, bufsize, V6_ADDRONLY);
if (ip2 != NULL && (ip2->ia_af == AF_INET || ip2->ia_af == AF_INET6) &&
buf[0] != '\0') {
int sl = strlen(buf);
buf += sl; bufsize -= sl;
*buf++ = '-'; bufsize--;
ip2str(ip2, buf, bufsize, V6_ADDRONLY);
}
return (B_TRUE);
}
static boolean_t
of_rl_mask(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
ilb_ip_addr_t *ip = NULL;
assert(of_arg->ofmt_id == OF_IP_STICKYMASK);
if (!(rd->r_flags & ILB_FLAGS_RULE_STICKY))
return (B_TRUE);
ip = &rd->r_stickymask;
(void) snprintf(buf, bufsize, "/%d", ilbadm_mask_to_prefixlen(ip));
return (B_TRUE);
}
static void
hcport_print(ilb_rule_data_t *rd, char *buf, uint_t bufsize)
{
if (rd->r_hcport != 0)
(void) snprintf(buf, bufsize, "%d", ntohs(rd->r_hcport));
else if (rd->r_hcpflag == ILB_HCI_PROBE_ANY)
(void) snprintf(buf, bufsize, "ANY");
else
buf[0] = '\0';
}
static boolean_t
of_rport(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
if (of_arg->ofmt_id == OF_PORT)
return (of_port2str(rd->r_minport, rd->r_maxport, buf,
bufsize));
/* only print a hcport if there's a hc name as well */
if (of_arg->ofmt_id == OF_HCPORT && rd->r_hcname[0] != '\0')
hcport_print(rd, buf, bufsize);
return (B_TRUE);
}
/* ARGSUSED */
static boolean_t
of_rstatus(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
if ((rd->r_flags & ILB_FLAGS_RULE_ENABLED) == ILB_FLAGS_RULE_ENABLED)
buf[0] = 'E';
else
buf[0] = 'D';
buf[1] = '\0';
return (B_TRUE);
}
static boolean_t
of_algo(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
if (algo2bare_str(rd->r_algo, buf, bufsize) == 0)
return (B_FALSE);
return (B_TRUE);
}
static boolean_t
of_topo(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
if (topo2bare_str(rd->r_topo, buf, bufsize) == 0)
return (B_FALSE);
return (B_TRUE);
}
static boolean_t
of_time(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
switch (of_arg->ofmt_id) {
case OF_T_CONN:
(void) snprintf(buf, bufsize, "%u", rd->r_conndrain);
break;
case OF_T_NAT:
(void) snprintf(buf, bufsize, "%u", rd->r_nat_timeout);
break;
case OF_T_STICKY:
(void) snprintf(buf, bufsize, "%u", rd->r_sticky_timeout);
break;
}
return (B_TRUE);
}
typedef struct rl_showlist_arg {
char *buf;
uint_t bufsize;
} rl_showlist_arg_t;
/* ARGSUSED */
/* called by ilb_walk_servers(), cannot get rid of unused args */
static ilb_status_t
srv2srvID(ilb_handle_t h, ilb_server_data_t *sd, const char *sgname, void *arg)
{
rl_showlist_arg_t *sla = (rl_showlist_arg_t *)arg;
int len;
(void) snprintf(sla->buf, sla->bufsize, "%s,", sd->sd_srvID);
len = strlen(sd->sd_srvID) + 1;
sla->buf += len;
sla->bufsize -= len;
return (ILB_STATUS_OK);
}
static boolean_t
of_rl_srvlist(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_list_arg_t *ra = (ilbadm_rl_list_arg_t *)of_arg->ofmt_cbarg;
ilb_rule_data_t *rd = (ilb_rule_data_t *)ra->rd;
rl_showlist_arg_t sla;
sla.buf = buf;
sla.bufsize = bufsize;
(void) ilb_walk_servers(ra->h, srv2srvID, rd->r_sgname,
(void *)&sla);
/* we're trailing a ',' which we need to remove */
*--sla.buf = '\0';
return (B_TRUE);
}
#define RMAXCOLS 120 /* enough? */
#define SERVER_WIDTH (ILB_NAMESZ+1) /* 1st guess */
static boolean_t
of_port2str(in_port_t minport, in_port_t maxport, char *buf, uint_t bufsize)
{
in_port_t h_min, h_max;
int len;
h_min = ntohs(minport);
h_max = ntohs(maxport);
if (h_min == 0)
return (B_FALSE); /* print "unspec" == "all ports" */
len = snprintf(buf, bufsize, "%d", h_min);
if (h_max > h_min)
(void) snprintf(buf + len, bufsize - len, "-%d", h_max);
return (B_TRUE);
}
static ilbadm_status_t
ip2hostname(ilb_ip_addr_t *ip, char *buf, uint_t bufsize)
{
int ret;
struct hostent *he;
switch (ip->ia_af) {
case AF_INET:
he = getipnodebyaddr((char *)&ip->ia_v4, sizeof (ip->ia_v4),
ip->ia_af, &ret);
break;
case AF_INET6:
he = getipnodebyaddr((char *)&ip->ia_v6, sizeof (ip->ia_v6),
ip->ia_af, &ret);
break;
default: return (ILBADM_INVAL_AF);
}
/* if we can't resolve this, just return an empty name */
if (he == NULL)
buf[0] = '\0';
else
(void) strlcpy(buf, he->h_name, bufsize);
return (ILBADM_OK);
}
/* ARGSUSED */
/*
* Since this function is used by libilb routine ilb_walk_rules()
* it must return libilb errors
*/
static ilb_status_t
ilbadm_show_onerule(ilb_handle_t h, ilb_rule_data_t *rd, void *arg)
{
ilbadm_sh_rl_arg_t *larg = (ilbadm_sh_rl_arg_t *)arg;
ofmt_status_t oerr;
int oflags = 0;
int ocols = RMAXCOLS;
ilbadm_rl_list_arg_t ra;
static ofmt_handle_t oh = (ofmt_handle_t)NULL;
ofmt_field_t *fields;
boolean_t r_enabled = rd->r_flags & ILB_FLAGS_RULE_ENABLED;
if (larg->o_str == NULL) {
ilbadm_err(gettext("internal error"));
return (ILB_STATUS_GENERIC);
}
/*
* only print rules (enabled/dis-) we're asked to
* note: both LIST_**ABLED flags can be set at the same time,
* whereas a rule has one state only. therefore the complicated
* statement.
*/
if (!((r_enabled && (larg->flags & ILBADM_LIST_ENABLED)) ||
(!r_enabled && (larg->flags & ILBADM_LIST_DISABLED))))
return (ILB_STATUS_OK);
if (larg->flags & ILBADM_LIST_PARSE)
oflags |= OFMT_PARSABLE;
if (larg->flags & ILBADM_LIST_FULL)
oflags |= OFMT_MULTILINE;
bzero(&ra, sizeof (ra));
ra.rd = rd;
ra.h = h;
if (oh == NULL) {
if (rd->r_vip.ia_af == AF_INET)
fields = rfields_v4;
else
fields = rfields_v6;
oerr = ofmt_open(larg->o_str, fields, oflags, ocols, &oh);
if (oerr != OFMT_SUCCESS) {
char e[80];
ilbadm_err(gettext("ofmt_open failed: %s"),
ofmt_strerror(oh, oerr, e, sizeof (e)));
return (ILB_STATUS_GENERIC);
}
}
ofmt_print(oh, &ra);
return (ILB_STATUS_OK);
}
static char *full_list_rule_hdrs =
"RULENAME,STATUS,PORT,PROTOCOL,LBALG,TYPE,PROXY-SRC,PMASK,"
"HC-NAME,HC-PORT,CONN-DRAIN,NAT-TIMEOUT,"
"PERSIST-TIMEOUT,SERVERGROUP,VIP,SERVERS";
static char *def_list_rule_hdrs =
"RULENAME,STATUS,LBALG,TYPE,PROTOCOL,VIP,PORT";
/* ARGSUSED */
ilbadm_status_t
ilbadm_show_rules(int argc, char *argv[])
{
ilb_handle_t h = ILB_INVALID_HANDLE;
int c;
ilb_status_t rclib = ILB_STATUS_OK;
ilbadm_status_t rc = ILBADM_OK;
boolean_t o_opt = B_FALSE, p_opt = B_FALSE;
boolean_t f_opt = B_FALSE;
ilbadm_sh_rl_arg_t larg = {0, NULL, NULL, NULL};
larg.flags = ILBADM_LIST_ENABLED | ILBADM_LIST_DISABLED;
while ((c = getopt(argc, argv, ":fpedo:")) != -1) {
switch ((char)c) {
case 'f': larg.flags |= ILBADM_LIST_FULL;
larg.o_str = full_list_rule_hdrs;
f_opt = B_TRUE;
break;
case 'p': larg.flags |= ILBADM_LIST_PARSE;
p_opt = B_TRUE;
break;
case 'o': larg.o_str = optarg;
o_opt = B_TRUE;
break;
/* -e and -d may be repeated - make sure the last one wins */
case 'e': larg.flags &= ILBADM_LIST_NODISABLED;
larg.flags |= ILBADM_LIST_ENABLED;
break;
case 'd': larg.flags &= ILBADM_LIST_NOENABLED;
larg.flags |= ILBADM_LIST_DISABLED;
break;
case ':': ilbadm_err(gettext("missing option argument for %c"),
(char)optopt);
rc = ILBADM_LIBERR;
goto out;
case '?':
default:
unknown_opt(argv, optind-1);
/* not reached */
break;
}
}
if (f_opt && o_opt) {
ilbadm_err(gettext("options -o and -f are mutually"
" exclusive"));
exit(1);
}
if (p_opt && !o_opt) {
ilbadm_err(gettext("option -p requires -o"));
exit(1);
}
if (p_opt && larg.o_str != NULL &&
(strcasecmp(larg.o_str, "all") == 0)) {
ilbadm_err(gettext("option -p requires explicit field"
" names for -o"));
exit(1);
}
/* no -o option, so we use std. fields */
if (!o_opt && !f_opt)
larg.o_str = def_list_rule_hdrs;
rclib = ilb_open(&h);
if (rclib != ILB_STATUS_OK)
goto out;
if (optind >= argc) {
rclib = ilb_walk_rules(h, ilbadm_show_onerule, NULL,
(void*)&larg);
} else {
while (optind < argc) {
rclib = ilb_walk_rules(h, ilbadm_show_onerule,
argv[optind++], (void*)&larg);
if (rclib != ILB_STATUS_OK)
break;
}
}
out:
if (h != ILB_INVALID_HANDLE)
(void) ilb_close(h);
if (rclib != ILB_STATUS_OK) {
/*
* The show function returns ILB_STATUS_GENERIC after printing
* out an error message. So we don't need to print it again.
*/
if (rclib != ILB_STATUS_GENERIC)
ilbadm_err(ilb_errstr(rclib));
rc = ILBADM_LIBERR;
}
return (rc);
}
static boolean_t
of_srv2str(ofmt_arg_t *of_arg, char *buf, uint_t bufsize)
{
ilbadm_rl_srvlist_arg_t *larg =
(ilbadm_rl_srvlist_arg_t *)of_arg->ofmt_cbarg;
ilb_server_data_t *sd = larg->sd;
uint_t op = of_arg->ofmt_id;
boolean_t ret = B_TRUE;
ilbadm_status_t rc;
if (sd == NULL)
return (B_FALSE);
switch (op) {
case OF_SRV_ID:
(void) strlcpy(buf, sd->sd_srvID, bufsize);
break;
case OF_SRV_STATUS:
if (ILB_IS_SRV_ENABLED(sd->sd_flags))
buf[0] = 'E';
else
buf[0] = 'D';
buf[1] = '\0';
break;
case OF_SRV_RNAME:
(void) strlcpy(buf, larg->rd->r_name, bufsize);
break;
case OF_SRV_SGNAME:
(void) strlcpy(buf, larg->sgname, bufsize);
break;
case OF_SRV_HOSTNAME:
rc = ip2hostname(&sd->sd_addr, buf, bufsize);
if (rc != ILBADM_OK) {
buf[0] = '\0';
ret = B_FALSE;
}
break;
case OF_SRV_PORT:
ret = of_port2str(sd->sd_minport, sd->sd_maxport,
buf, bufsize);
break;
case OF_SRV_ADDR:
ip2str(&sd->sd_addr, buf, bufsize, V6_ADDRONLY);
break;
}
return (ret);
}
/* ARGSUSED */
static ilb_status_t
i_show_rl_srv(ilb_handle_t h, ilb_server_data_t *sd, const char *sgname,
void *arg)
{
ilbadm_rl_srvlist_arg_t *larg = (ilbadm_rl_srvlist_arg_t *)arg;
larg->sd = sd;
ofmt_print(larg->oh, larg);
return (ILB_STATUS_OK);
}
/* ARGSUSED */
/*
* Since this function is used by libilb routine ilb_walk_rules()
* it must return libilb errors
*/
ilb_status_t
ilbadm_show_rl_servers(ilb_handle_t h, ilb_rule_data_t *rd, void *arg)
{
ofmt_status_t oerr;
int oflags = 0;
int ocols = RMAXCOLS;
ofmt_field_t *fields;
static ofmt_handle_t oh = (ofmt_handle_t)NULL;
ilbadm_rl_srvlist_arg_t *larg = (ilbadm_rl_srvlist_arg_t *)arg;
/*
* in full mode, we currently re-open ofmt() for every rule; we use
* a variable number of lines, as we print one for every server
* attached to a rule.
*/
if (larg->o_str == NULL) {
ilbadm_err(gettext("internal error"));
return (ILB_STATUS_GENERIC);
}
if (larg->flags & ILBADM_LIST_PARSE)
oflags |= OFMT_PARSABLE;
if (rd->r_vip.ia_af == AF_INET)
fields = ssfields_v4;
else
fields = ssfields_v6;
if (oh == NULL) {
oerr = ofmt_open(larg->o_str, fields, oflags, ocols, &oh);
if (oerr != OFMT_SUCCESS) {
char e[80];
ilbadm_err(gettext("ofmt_open failed: %s"),
ofmt_strerror(oh, oerr, e, sizeof (e)));
return (ILB_STATUS_GENERIC);
}
larg->oh = oh;
}
larg->rd = rd;
larg->sgname = rd->r_sgname;
return (ilb_walk_servers(h, i_show_rl_srv, rd->r_sgname, (void *)larg));
}
static char *def_show_srv_hdrs =
"SERVERID,ADDRESS,PORT,RULENAME,STATUS,SERVERGROUP";
/* ARGSUSED */
ilbadm_status_t
ilbadm_show_server(int argc, char *argv[])
{
ilb_handle_t h = ILB_INVALID_HANDLE;
int c;
ilb_status_t rclib = ILB_STATUS_OK;
ilbadm_status_t rc = ILBADM_OK;
boolean_t o_opt = B_FALSE, p_opt = B_FALSE;
ilbadm_rl_srvlist_arg_t larg;
bzero(&larg, sizeof (larg));
while ((c = getopt(argc, argv, ":po:")) != -1) {
switch ((char)c) {
case 'p': larg.flags |= ILBADM_LIST_PARSE;
p_opt = B_TRUE;
break;
case 'o': larg.o_str = optarg;
o_opt = B_TRUE;
break;
case ':': ilbadm_err(gettext("missing option argument for %c"),
(char)optopt);
rc = ILBADM_LIBERR;
goto out;
case '?':
default:
unknown_opt(argv, optind-1);
/* not reached */
break;
}
}
if (p_opt && !o_opt) {
ilbadm_err(gettext("option -p requires -o"));
exit(1);
}
if (p_opt && larg.o_str != NULL &&
(strcasecmp(larg.o_str, "all") == 0)) {
ilbadm_err(gettext("option -p requires explicit"
" field names for -o"));
exit(1);
}
/* no -o option, so we use default fields */
if (!o_opt)
larg.o_str = def_show_srv_hdrs;
rclib = ilb_open(&h);
if (rclib != ILB_STATUS_OK)
goto out;
if (optind >= argc) {
rclib = ilb_walk_rules(h, ilbadm_show_rl_servers, NULL,
(void*)&larg);
} else {
while (optind < argc) {
rclib = ilb_walk_rules(h, ilbadm_show_rl_servers,
argv[optind++], (void*)&larg);
if (rclib != ILB_STATUS_OK)
break;
}
}
out:
if (h != ILB_INVALID_HANDLE)
(void) ilb_close(h);
if (rclib != ILB_STATUS_OK) {
/*
* The show function returns ILB_STATUS_GENERIC after printing
* out an error message. So we don't need to print it again.
*/
if (rclib != ILB_STATUS_GENERIC)
ilbadm_err(ilb_errstr(rclib));
rc = ILBADM_LIBERR;
}
return (rc);
}
static ilbadm_status_t
i_parse_rl_arg(char *arg, ilb_rule_data_t *rd, ilbadm_key_name_t *keylist)
{
ilbadm_status_t rc;
rc = i_parse_optstring(arg, (void *) rd, keylist,
OPT_PORTS, NULL);
return (rc);
}
static void
i_ilbadm_alloc_rule(ilb_rule_data_t **rdp)
{
ilb_rule_data_t *rd;
*rdp = rd = (ilb_rule_data_t *)calloc(sizeof (*rd), 1);
if (rd == NULL)
return;
rd->r_proto = IPPROTO_TCP;
}
static void
i_ilbadm_free_rule(ilb_rule_data_t *rd)
{
free(rd);
}
/* ARGSUSED */
ilbadm_status_t
ilbadm_destroy_rule(int argc, char *argv[])
{
ilb_handle_t h = ILB_INVALID_HANDLE;
ilbadm_status_t rc = ILBADM_OK;
ilb_status_t rclib = ILB_STATUS_OK;
boolean_t all_rules = B_FALSE;
int c, i;
while ((c = getopt(argc, argv, ":a")) != -1) {
switch ((char)c) {
case 'a':
all_rules = B_TRUE;
break;
case '?':
default:
unknown_opt(argv, optind-1);
/* not reached */
break;
}
}
if (optind >= argc && !all_rules) {
ilbadm_err(gettext("usage: delete-rule -a | name"));
return (ILBADM_LIBERR);
}
/* either "-a" or rulename, not both */
if (optind < argc && all_rules) {
rc = ILBADM_INVAL_ARGS;
goto out;
}
rclib = ilb_open(&h);
if (rclib != ILB_STATUS_OK)
goto out;
if (all_rules) {
rclib = ilb_destroy_rule(h, NULL);
goto out;
}
for (i = optind; i < argc && rclib == ILB_STATUS_OK; i++)
rclib = ilb_destroy_rule(h, argv[i]);
out:
if (h != ILB_INVALID_HANDLE)
(void) ilb_close(h);
/* This prints the specific errors */
if (rclib != ILB_STATUS_OK) {
ilbadm_err(ilb_errstr(rclib));
rc = ILBADM_LIBERR;
}
/* This prints the generic errors */
if ((rc != ILBADM_OK) && (rc != ILBADM_LIBERR))
ilbadm_err(ilbadm_errstr(rc));
return (rc);
}
/* ARGSUSED */
static ilbadm_status_t
ilbadm_Xable_rule(int argc, char *argv[], ilbadm_cmd_t cmd)
{
ilb_handle_t h = ILB_INVALID_HANDLE;
ilb_status_t rclib = ILB_STATUS_OK;
ilbadm_status_t rc = ILBADM_OK;
int i;
rclib = ilb_open(&h);
if (rclib != ILB_STATUS_OK)
goto out;
/*
* by default, en/disable-rule mean "all", and not using
* a rule name will cause this behaviour to kick in
*/
if (argc < 2) {
if (cmd == cmd_enable_rule)
rclib = ilb_enable_rule(h, NULL);
else
rclib = ilb_disable_rule(h, NULL);
} else {
for (i = optind; i < argc && rc == ILBADM_OK; i++) {
if (cmd == cmd_enable_rule)
rclib = ilb_enable_rule(h, argv[i]);
else
rclib = ilb_disable_rule(h, argv[i]);
}
}
out:
if (h != ILB_INVALID_HANDLE)
(void) ilb_close(h);
if (rclib != ILB_STATUS_OK) {
ilbadm_err(ilb_errstr(rclib));
rc = ILBADM_LIBERR;
}
return (rc);
}
ilbadm_status_t
ilbadm_enable_rule(int argc, char *argv[])
{
return (ilbadm_Xable_rule(argc, argv, cmd_enable_rule));
}
ilbadm_status_t
ilbadm_disable_rule(int argc, char *argv[])
{
return (ilbadm_Xable_rule(argc, argv, cmd_disable_rule));
}
/*
* parse and create a rule
*/
ilbadm_status_t
ilbadm_create_rule(int argc, char *argv[])
{
ilb_handle_t h = ILB_INVALID_HANDLE;
int c;
ilb_status_t rclib = ILB_STATUS_OK;
ilbadm_status_t rc = ILBADM_OK;
ilb_rule_data_t *rd;
boolean_t p_opt = B_FALSE;
i_ilbadm_alloc_rule(&rd);
while ((c = getopt(argc, argv, ":ei:m:o:t:h:p")) != -1) {
switch ((char)c) {
case 'e':
rd->r_flags |= ILB_FLAGS_RULE_ENABLED;
break;
case 'h':
/*
* Default value of of r_hcpflag means that if there
* is a port range, probe any port. If there is only
* one port, probe that port.
*/
rd->r_hcpflag = ILB_HCI_PROBE_ANY;
rc = i_parse_rl_arg(optarg, rd, &rl_healthchk_keys[0]);
break;
case 'o':
rc = i_parse_rl_arg(optarg, rd, &rl_outgoing_keys[0]);
break;
case 'm':
rc = i_parse_rl_arg(optarg, rd, &rl_method_keys[0]);
break;
case 't':
rc = i_parse_rl_arg(optarg, rd, &rl_timer_keys[0]);
break;
case 'i':
rc = i_parse_rl_arg(optarg, rd, &rl_incoming_keys[0]);
break;
case 'p':
p_opt = B_TRUE;
break;
case ':':
ilbadm_err(gettext("missing option-argument"
" for %c"), (char)optopt);
rc = ILBADM_LIBERR;
break;
case '?':
default:
unknown_opt(argv, optind-1);
/* not reached */
break;
}
if (rc != ILBADM_OK)
goto out;
}
if (optind >= argc) {
ilbadm_err(gettext("missing mandatory arguments - please refer"
" to 'ilbadm create-rule' subcommand description in"
" ilbadm(1M)"));
rc = ILBADM_LIBERR;
goto out;
}
if (p_opt) {
/*
* if user hasn't specified a mask, apply default
*/
if ((rd->r_flags & ILB_FLAGS_RULE_STICKY) == 0) {
char *maskstr;
switch (rd->r_vip.ia_af) {
case AF_INET:
maskstr = "32";
break;
case AF_INET6:
maskstr = "128";
break;
}
rc = ilbadm_set_netmask(maskstr, &rd->r_stickymask,
rd->r_vip.ia_af);
if (rc != ILBADM_OK) {
ilbadm_err(gettext("trouble seting default"
" persistence mask"));
rc = ILBADM_LIBERR;
goto out;
}
}
} else {
/* use of sticky mask currently mandates "-p" */
if ((rd->r_flags & ILB_FLAGS_RULE_STICKY) != 0) {
ilbadm_err(gettext("use of stickymask requires"
" -p option"));
rc = ILBADM_LIBERR;
goto out;
}
}
if (strlen(argv[optind]) > ILBD_NAMESZ -1) {
ilbadm_err(gettext("rule name %s is too long -"
" must not exceed %d chars"), argv[optind],
ILBD_NAMESZ - 1);
rc = ILBADM_LIBERR;
goto out;
}
(void) strlcpy(rd->r_name, argv[optind], sizeof (rd->r_name));
rc = i_check_rule_spec(rd);
if (rc != ILBADM_OK)
goto out;
rclib = ilb_open(&h);
if (rclib != ILB_STATUS_OK)
goto out;
rclib = ilb_create_rule(h, rd);
out:
i_ilbadm_free_rule(rd);
if (h != ILB_INVALID_HANDLE)
(void) ilb_close(h);
if (rclib != ILB_STATUS_OK) {
ilbadm_err(ilb_errstr(rclib));
rc = ILBADM_LIBERR;
}
if ((rc != ILBADM_OK) && (rc != ILBADM_LIBERR))
ilbadm_err(ilbadm_errstr(rc));
return (rc);
}
/* ARGSUSED */
/*
* Since this function is used by libilb function, ilb_walk_rules()
* it must return libilb errors
*/
static ilb_status_t
ilbadm_export_rl(ilb_handle_t h, ilb_rule_data_t *rd, void *arg)
{
char linebuf[128]; /* should be enough */
int sz = sizeof (linebuf);
FILE *fp = ((ilbadm_rl_exp_arg_t *)arg)->fp;
uint32_t conndrain, nat_timeout, sticky_timeout;
(void) fprintf(fp, "create-rule ");
if (rd->r_flags & ILB_FLAGS_RULE_ENABLED)
(void) fprintf(fp, "-e ");
if (rd->r_flags & ILB_FLAGS_RULE_STICKY)
(void) fprintf(fp, "-p ");
ip2str(&rd->r_vip, linebuf, sz, V6_ADDRONLY);
(void) fprintf(fp, "-i vip=%s,", linebuf);
(void) ports2str(ntohs(rd->r_minport), ntohs(rd->r_maxport),
linebuf, sz);
(void) fprintf(fp, "%s,", linebuf);
proto2str(rd->r_proto, linebuf, sz);
(void) fprintf(fp, "%s ", linebuf);
algo2str(rd->r_algo, linebuf, sz);
(void) fprintf(fp, "-m %s,", linebuf);
topo2str(rd->r_topo, linebuf, sz);
(void) fprintf(fp, "%s", linebuf);
if (rd->r_nat_src_start.ia_af != AF_UNSPEC) {
ip2str(&rd->r_nat_src_start, linebuf, sz, V6_ADDRONLY);
/* if the address is unspecified, skip it */
if (linebuf[0] != '\0') {
(void) fprintf(fp, ",proxy-src=%s", linebuf);
ip2str(&rd->r_nat_src_end, linebuf, sz, V6_ADDRONLY);
(void) fprintf(fp, "-%s", linebuf);
}
}
if (rd->r_flags & ILB_FLAGS_RULE_STICKY) {
(void) fprintf(fp, ",pmask=/%d",
ilbadm_mask_to_prefixlen(&rd->r_stickymask));
}
(void) fprintf(fp, " ");
if (*rd->r_hcname != '\0') {
(void) fprintf(fp, "-h hc-name=%s", rd->r_hcname);
hcport_print(rd, linebuf, sizeof (linebuf));
if (linebuf[0] != '\0')
(void) fprintf(fp, ",hc-port=%s", linebuf);
(void) fprintf(fp, " ");
}
conndrain = rd->r_conndrain;
nat_timeout = rd->r_nat_timeout;
sticky_timeout = rd->r_sticky_timeout;
if (conndrain != 0 || nat_timeout != 0 || sticky_timeout != 0) {
int cnt = 0;
(void) fprintf(fp, "-t ");
if (conndrain != 0) {
cnt++;
(void) fprintf(fp, "conn-drain=%u", conndrain);
}
if (nat_timeout != 0) {
if (cnt > 0)
(void) fprintf(fp, ",");
cnt++;
(void) fprintf(fp, "nat-timeout=%u", nat_timeout);
}
if (sticky_timeout != 0) {
if (cnt > 0)
(void) fprintf(fp, ",");
(void) fprintf(fp, "persist-timeout=%u",
sticky_timeout);
}
(void) fprintf(fp, " ");
}
if (fprintf(fp, "-o servergroup=%s %s\n", rd->r_sgname, rd->r_name)
< 0 || fflush(fp) == EOF)
return (ILB_STATUS_WRITE);
return (ILB_STATUS_OK);
}
ilbadm_status_t
ilbadm_export_rules(ilb_handle_t h, FILE *fp)
{
ilb_status_t rclib;
ilbadm_status_t rc = ILBADM_OK;
ilbadm_rl_exp_arg_t arg;
arg.fp = fp;
rclib = ilb_walk_rules(h, ilbadm_export_rl, NULL, (void *)&arg);
if (rclib != ILB_STATUS_OK)
rc = ILBADM_LIBERR;
return (rc);
}