xref: /onnv-gate/usr/src/lib/libilb/common/ilb_rules.c (revision 10946:324bab2b3370) 
1*10946SSangeeta.Misra@Sun.COM /*
2*10946SSangeeta.Misra@Sun.COM  * CDDL HEADER START
3*10946SSangeeta.Misra@Sun.COM  *
4*10946SSangeeta.Misra@Sun.COM  * The contents of this file are subject to the terms of the
5*10946SSangeeta.Misra@Sun.COM  * Common Development and Distribution License (the "License").
6*10946SSangeeta.Misra@Sun.COM  * You may not use this file except in compliance with the License.
7*10946SSangeeta.Misra@Sun.COM  *
8*10946SSangeeta.Misra@Sun.COM  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*10946SSangeeta.Misra@Sun.COM  * or http://www.opensolaris.org/os/licensing.
10*10946SSangeeta.Misra@Sun.COM  * See the License for the specific language governing permissions
11*10946SSangeeta.Misra@Sun.COM  * and limitations under the License.
12*10946SSangeeta.Misra@Sun.COM  *
13*10946SSangeeta.Misra@Sun.COM  * When distributing Covered Code, include this CDDL HEADER in each
14*10946SSangeeta.Misra@Sun.COM  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*10946SSangeeta.Misra@Sun.COM  * If applicable, add the following below this CDDL HEADER, with the
16*10946SSangeeta.Misra@Sun.COM  * fields enclosed by brackets "[]" replaced with your own identifying
17*10946SSangeeta.Misra@Sun.COM  * information: Portions Copyright [yyyy] [name of copyright owner]
18*10946SSangeeta.Misra@Sun.COM  *
19*10946SSangeeta.Misra@Sun.COM  * CDDL HEADER END
20*10946SSangeeta.Misra@Sun.COM  */
21*10946SSangeeta.Misra@Sun.COM 
22*10946SSangeeta.Misra@Sun.COM /*
23*10946SSangeeta.Misra@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24*10946SSangeeta.Misra@Sun.COM  * Use is subject to license terms.
25*10946SSangeeta.Misra@Sun.COM  */
26*10946SSangeeta.Misra@Sun.COM 
27*10946SSangeeta.Misra@Sun.COM 
28*10946SSangeeta.Misra@Sun.COM #include <stdlib.h>
29*10946SSangeeta.Misra@Sun.COM #include <strings.h>
30*10946SSangeeta.Misra@Sun.COM #include <sys/types.h>
31*10946SSangeeta.Misra@Sun.COM #include <sys/socket.h>
32*10946SSangeeta.Misra@Sun.COM #include <sys/stropts.h>
33*10946SSangeeta.Misra@Sun.COM #include <netinet/in.h>
34*10946SSangeeta.Misra@Sun.COM #include <stddef.h>
35*10946SSangeeta.Misra@Sun.COM #include "libilb.h"
36*10946SSangeeta.Misra@Sun.COM #include "libilb_impl.h"
37*10946SSangeeta.Misra@Sun.COM 
38*10946SSangeeta.Misra@Sun.COM /* ARGSUSED */
39*10946SSangeeta.Misra@Sun.COM static ilb_status_t
i_drop_hc(ilb_handle_t h,ilb_hc_info_t * hc,void * arg)40*10946SSangeeta.Misra@Sun.COM i_drop_hc(ilb_handle_t h, ilb_hc_info_t *hc, void *arg)
41*10946SSangeeta.Misra@Sun.COM {
42*10946SSangeeta.Misra@Sun.COM 	return (ilb_destroy_hc(h, hc->hci_name));
43*10946SSangeeta.Misra@Sun.COM }
44*10946SSangeeta.Misra@Sun.COM 
45*10946SSangeeta.Misra@Sun.COM /* ARGSUSED */
46*10946SSangeeta.Misra@Sun.COM static ilb_status_t
i_drop_rule(ilb_handle_t h,ilb_rule_data_t * rd,void * arg)47*10946SSangeeta.Misra@Sun.COM i_drop_rule(ilb_handle_t h, ilb_rule_data_t *rd, void *arg)
48*10946SSangeeta.Misra@Sun.COM {
49*10946SSangeeta.Misra@Sun.COM 	return (ilb_destroy_rule(h, rd->r_name));
50*10946SSangeeta.Misra@Sun.COM }
51*10946SSangeeta.Misra@Sun.COM 
52*10946SSangeeta.Misra@Sun.COM /* ARGSUSED */
53*10946SSangeeta.Misra@Sun.COM static ilb_status_t
i_drop_sg_srvs(ilb_handle_t h,ilb_server_data_t * srv,const char * sgname,void * arg)54*10946SSangeeta.Misra@Sun.COM i_drop_sg_srvs(ilb_handle_t h, ilb_server_data_t *srv, const char *sgname,
55*10946SSangeeta.Misra@Sun.COM     void *arg)
56*10946SSangeeta.Misra@Sun.COM {
57*10946SSangeeta.Misra@Sun.COM 	return (ilb_rem_server_from_group(h, sgname, srv));
58*10946SSangeeta.Misra@Sun.COM }
59*10946SSangeeta.Misra@Sun.COM 
60*10946SSangeeta.Misra@Sun.COM /* ARGSUSED */
61*10946SSangeeta.Misra@Sun.COM static ilb_status_t
i_drop_sg(ilb_handle_t h,ilb_sg_data_t * sg,void * arg)62*10946SSangeeta.Misra@Sun.COM i_drop_sg(ilb_handle_t h, ilb_sg_data_t *sg, void *arg)
63*10946SSangeeta.Misra@Sun.COM {
64*10946SSangeeta.Misra@Sun.COM 	ilb_status_t	rc;
65*10946SSangeeta.Misra@Sun.COM 
66*10946SSangeeta.Misra@Sun.COM 	rc = ilb_walk_servers(h, i_drop_sg_srvs, sg->sgd_name, (void *)sg);
67*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
68*10946SSangeeta.Misra@Sun.COM 		return (rc);
69*10946SSangeeta.Misra@Sun.COM 
70*10946SSangeeta.Misra@Sun.COM 	return (ilb_destroy_servergroup(h, sg->sgd_name));
71*10946SSangeeta.Misra@Sun.COM }
72*10946SSangeeta.Misra@Sun.COM 
73*10946SSangeeta.Misra@Sun.COM ilb_status_t
ilb_reset_config(ilb_handle_t h)74*10946SSangeeta.Misra@Sun.COM ilb_reset_config(ilb_handle_t h)
75*10946SSangeeta.Misra@Sun.COM {
76*10946SSangeeta.Misra@Sun.COM 	ilb_status_t	rc;
77*10946SSangeeta.Misra@Sun.COM 
78*10946SSangeeta.Misra@Sun.COM 	if (h == NULL)
79*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_EINVAL);
80*10946SSangeeta.Misra@Sun.COM 
81*10946SSangeeta.Misra@Sun.COM 	rc = ilb_walk_rules(h, i_drop_rule, NULL, NULL);
82*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
83*10946SSangeeta.Misra@Sun.COM 		goto out;
84*10946SSangeeta.Misra@Sun.COM 
85*10946SSangeeta.Misra@Sun.COM 	rc = ilb_walk_servergroups(h, i_drop_sg, NULL, NULL);
86*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
87*10946SSangeeta.Misra@Sun.COM 		goto out;
88*10946SSangeeta.Misra@Sun.COM 
89*10946SSangeeta.Misra@Sun.COM 	rc = ilb_walk_hc(h, i_drop_hc, NULL);
90*10946SSangeeta.Misra@Sun.COM out:
91*10946SSangeeta.Misra@Sun.COM 	return (rc);
92*10946SSangeeta.Misra@Sun.COM }
93*10946SSangeeta.Misra@Sun.COM 
94*10946SSangeeta.Misra@Sun.COM ilb_status_t
ilb_create_rule(ilb_handle_t h,const ilb_rule_data_t * rd)95*10946SSangeeta.Misra@Sun.COM ilb_create_rule(ilb_handle_t h, const ilb_rule_data_t *rd)
96*10946SSangeeta.Misra@Sun.COM {
97*10946SSangeeta.Misra@Sun.COM 	ilb_status_t	rc;
98*10946SSangeeta.Misra@Sun.COM 	ilb_comm_t	*ic;
99*10946SSangeeta.Misra@Sun.COM 	size_t		ic_sz;
100*10946SSangeeta.Misra@Sun.COM 	ilb_rule_info_t	*rl;
101*10946SSangeeta.Misra@Sun.COM 
102*10946SSangeeta.Misra@Sun.COM 	if (h == ILB_INVALID_HANDLE || rd == NULL || *rd->r_name == '\0')
103*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_EINVAL);
104*10946SSangeeta.Misra@Sun.COM 
105*10946SSangeeta.Misra@Sun.COM 	if ((ic = i_ilb_alloc_req(ILBD_CREATE_RULE, &ic_sz)) == NULL)
106*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_ENOMEM);
107*10946SSangeeta.Misra@Sun.COM 	rl = (ilb_rule_info_t *)&ic->ic_data;
108*10946SSangeeta.Misra@Sun.COM 
109*10946SSangeeta.Misra@Sun.COM 	/*
110*10946SSangeeta.Misra@Sun.COM 	 * Since the IP address representation in ilb_rule_data_t and
111*10946SSangeeta.Misra@Sun.COM 	 * ilb_rule_info_t is different, we need to convert between
112*10946SSangeeta.Misra@Sun.COM 	 * them.
113*10946SSangeeta.Misra@Sun.COM 	 */
114*10946SSangeeta.Misra@Sun.COM 	(void) strlcpy(rl->rl_name, rd->r_name, sizeof (rl->rl_name));
115*10946SSangeeta.Misra@Sun.COM 	(void) strlcpy(rl->rl_sgname, rd->r_sgname, sizeof (rl->rl_sgname));
116*10946SSangeeta.Misra@Sun.COM 	(void) strlcpy(rl->rl_hcname, rd->r_hcname, sizeof (rl->rl_hcname));
117*10946SSangeeta.Misra@Sun.COM 	rl->rl_flags = rd->r_flags;
118*10946SSangeeta.Misra@Sun.COM 	rl->rl_proto = rd->r_proto;
119*10946SSangeeta.Misra@Sun.COM 	rl->rl_ipversion = rd->r_vip.ia_af;
120*10946SSangeeta.Misra@Sun.COM 	rl->rl_minport = rd->r_minport;
121*10946SSangeeta.Misra@Sun.COM 	if (ntohs(rd->r_maxport) < ntohs(rd->r_minport))
122*10946SSangeeta.Misra@Sun.COM 		rl->rl_maxport = rd->r_minport;
123*10946SSangeeta.Misra@Sun.COM 	else
124*10946SSangeeta.Misra@Sun.COM 		rl->rl_maxport = rd->r_maxport;
125*10946SSangeeta.Misra@Sun.COM 	rl->rl_algo = rd->r_algo;
126*10946SSangeeta.Misra@Sun.COM 	rl->rl_topo = rd->r_topo;
127*10946SSangeeta.Misra@Sun.COM 	rl->rl_conndrain = rd->r_conndrain;
128*10946SSangeeta.Misra@Sun.COM 	rl->rl_nat_timeout = rd->r_nat_timeout;
129*10946SSangeeta.Misra@Sun.COM 	rl->rl_sticky_timeout = rd->r_sticky_timeout;
130*10946SSangeeta.Misra@Sun.COM 	rl->rl_hcport = rd->r_hcport;
131*10946SSangeeta.Misra@Sun.COM 	rl->rl_hcpflag = rd->r_hcpflag;
132*10946SSangeeta.Misra@Sun.COM 
133*10946SSangeeta.Misra@Sun.COM 	IP_COPY_CLI_2_IMPL(&rd->r_vip, &rl->rl_vip);
134*10946SSangeeta.Misra@Sun.COM 	IP_COPY_CLI_2_IMPL(&rd->r_stickymask, &rl->rl_stickymask);
135*10946SSangeeta.Misra@Sun.COM 	IP_COPY_CLI_2_IMPL(&rd->r_nat_src_start, &rl->rl_nat_src_start);
136*10946SSangeeta.Misra@Sun.COM 	IP_COPY_CLI_2_IMPL(&rd->r_nat_src_end, &rl->rl_nat_src_end);
137*10946SSangeeta.Misra@Sun.COM 
138*10946SSangeeta.Misra@Sun.COM 	rc = i_ilb_do_comm(h, ic, ic_sz, ic, &ic_sz);
139*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
140*10946SSangeeta.Misra@Sun.COM 		goto out;
141*10946SSangeeta.Misra@Sun.COM 
142*10946SSangeeta.Misra@Sun.COM 	if (ic->ic_cmd != ILBD_CMD_OK)
143*10946SSangeeta.Misra@Sun.COM 		rc = *(ilb_status_t *)&ic->ic_data;
144*10946SSangeeta.Misra@Sun.COM 
145*10946SSangeeta.Misra@Sun.COM out:
146*10946SSangeeta.Misra@Sun.COM 	free(ic);
147*10946SSangeeta.Misra@Sun.COM 	return (rc);
148*10946SSangeeta.Misra@Sun.COM }
149*10946SSangeeta.Misra@Sun.COM 
150*10946SSangeeta.Misra@Sun.COM static ilb_status_t
i_ilb_rule_action(ilb_handle_t h,const char * name,ilbd_cmd_t cmd)151*10946SSangeeta.Misra@Sun.COM i_ilb_rule_action(ilb_handle_t h, const char *name, ilbd_cmd_t cmd)
152*10946SSangeeta.Misra@Sun.COM {
153*10946SSangeeta.Misra@Sun.COM 	ilb_status_t	rc;
154*10946SSangeeta.Misra@Sun.COM 	ilb_comm_t	*ic;
155*10946SSangeeta.Misra@Sun.COM 	size_t		ic_sz;
156*10946SSangeeta.Misra@Sun.COM 
157*10946SSangeeta.Misra@Sun.COM 	if (h == ILB_INVALID_HANDLE)
158*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_EINVAL);
159*10946SSangeeta.Misra@Sun.COM 
160*10946SSangeeta.Misra@Sun.COM 	if ((ic = i_ilb_alloc_req(cmd, &ic_sz)) == NULL)
161*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_ENOMEM);
162*10946SSangeeta.Misra@Sun.COM 
163*10946SSangeeta.Misra@Sun.COM 	if (name == NULL) {
164*10946SSangeeta.Misra@Sun.COM 		bzero(&ic->ic_data, sizeof (ilbd_name_t));
165*10946SSangeeta.Misra@Sun.COM 	} else {
166*10946SSangeeta.Misra@Sun.COM 		(void) strlcpy((char *)&ic->ic_data, name,
167*10946SSangeeta.Misra@Sun.COM 		    sizeof (ilbd_name_t));
168*10946SSangeeta.Misra@Sun.COM 	}
169*10946SSangeeta.Misra@Sun.COM 
170*10946SSangeeta.Misra@Sun.COM 	rc = i_ilb_do_comm(h, ic, ic_sz, ic, &ic_sz);
171*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
172*10946SSangeeta.Misra@Sun.COM 		goto out;
173*10946SSangeeta.Misra@Sun.COM 
174*10946SSangeeta.Misra@Sun.COM 	if (ic->ic_cmd != ILBD_CMD_OK)
175*10946SSangeeta.Misra@Sun.COM 		rc = *(ilb_status_t *)&ic->ic_data;
176*10946SSangeeta.Misra@Sun.COM 
177*10946SSangeeta.Misra@Sun.COM out:
178*10946SSangeeta.Misra@Sun.COM 	free(ic);
179*10946SSangeeta.Misra@Sun.COM 	return (rc);
180*10946SSangeeta.Misra@Sun.COM }
181*10946SSangeeta.Misra@Sun.COM 
182*10946SSangeeta.Misra@Sun.COM ilb_status_t
ilb_destroy_rule(ilb_handle_t h,const char * name)183*10946SSangeeta.Misra@Sun.COM ilb_destroy_rule(ilb_handle_t h, const char *name)
184*10946SSangeeta.Misra@Sun.COM {
185*10946SSangeeta.Misra@Sun.COM 	return (i_ilb_rule_action(h, name, ILBD_DESTROY_RULE));
186*10946SSangeeta.Misra@Sun.COM }
187*10946SSangeeta.Misra@Sun.COM 
188*10946SSangeeta.Misra@Sun.COM ilb_status_t
ilb_enable_rule(ilb_handle_t h,const char * name)189*10946SSangeeta.Misra@Sun.COM ilb_enable_rule(ilb_handle_t h, const char *name)
190*10946SSangeeta.Misra@Sun.COM {
191*10946SSangeeta.Misra@Sun.COM 	return (i_ilb_rule_action(h, name, ILBD_ENABLE_RULE));
192*10946SSangeeta.Misra@Sun.COM }
193*10946SSangeeta.Misra@Sun.COM 
194*10946SSangeeta.Misra@Sun.COM ilb_status_t
ilb_disable_rule(ilb_handle_t h,const char * name)195*10946SSangeeta.Misra@Sun.COM ilb_disable_rule(ilb_handle_t h, const char *name)
196*10946SSangeeta.Misra@Sun.COM {
197*10946SSangeeta.Misra@Sun.COM 	return (i_ilb_rule_action(h, name, ILBD_DISABLE_RULE));
198*10946SSangeeta.Misra@Sun.COM }
199*10946SSangeeta.Misra@Sun.COM 
200*10946SSangeeta.Misra@Sun.COM ilb_status_t
i_ilb_retrieve_rule_names(ilb_handle_t h,ilb_comm_t ** rbuf,size_t * rbufsz)201*10946SSangeeta.Misra@Sun.COM i_ilb_retrieve_rule_names(ilb_handle_t h, ilb_comm_t **rbuf, size_t *rbufsz)
202*10946SSangeeta.Misra@Sun.COM {
203*10946SSangeeta.Misra@Sun.COM 	ilb_status_t	rc;
204*10946SSangeeta.Misra@Sun.COM 	ilb_comm_t	ic, *tmp_rbuf;
205*10946SSangeeta.Misra@Sun.COM 
206*10946SSangeeta.Misra@Sun.COM 	*rbufsz = ILBD_MSG_SIZE;
207*10946SSangeeta.Misra@Sun.COM 	if ((tmp_rbuf = malloc(*rbufsz)) == NULL)
208*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_ENOMEM);
209*10946SSangeeta.Misra@Sun.COM 
210*10946SSangeeta.Misra@Sun.COM 	ic.ic_cmd = ILBD_RETRIEVE_RULE_NAMES;
211*10946SSangeeta.Misra@Sun.COM 
212*10946SSangeeta.Misra@Sun.COM 	rc = i_ilb_do_comm(h, &ic, sizeof (ic), tmp_rbuf, rbufsz);
213*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
214*10946SSangeeta.Misra@Sun.COM 		goto out;
215*10946SSangeeta.Misra@Sun.COM 
216*10946SSangeeta.Misra@Sun.COM 	if (tmp_rbuf->ic_cmd == ILBD_CMD_OK) {
217*10946SSangeeta.Misra@Sun.COM 		*rbuf = tmp_rbuf;
218*10946SSangeeta.Misra@Sun.COM 		return (rc);
219*10946SSangeeta.Misra@Sun.COM 	}
220*10946SSangeeta.Misra@Sun.COM 	rc = *(ilb_status_t *)&tmp_rbuf->ic_data;
221*10946SSangeeta.Misra@Sun.COM out:
222*10946SSangeeta.Misra@Sun.COM 	free(tmp_rbuf);
223*10946SSangeeta.Misra@Sun.COM 	*rbuf = NULL;
224*10946SSangeeta.Misra@Sun.COM 	return (rc);
225*10946SSangeeta.Misra@Sun.COM }
226*10946SSangeeta.Misra@Sun.COM 
227*10946SSangeeta.Misra@Sun.COM static ilb_status_t
i_ilb_walk_one_rule(ilb_handle_t h,rule_walkerfunc_t f,const char * name,void * arg)228*10946SSangeeta.Misra@Sun.COM i_ilb_walk_one_rule(ilb_handle_t h, rule_walkerfunc_t f, const char *name,
229*10946SSangeeta.Misra@Sun.COM     void *arg)
230*10946SSangeeta.Misra@Sun.COM {
231*10946SSangeeta.Misra@Sun.COM 	ilb_status_t		rc = ILB_STATUS_OK;
232*10946SSangeeta.Misra@Sun.COM 	ilb_rule_info_t		*rl = NULL;
233*10946SSangeeta.Misra@Sun.COM 	ilb_rule_data_t		rd;
234*10946SSangeeta.Misra@Sun.COM 	ilb_comm_t		*ic, *rbuf;
235*10946SSangeeta.Misra@Sun.COM 	size_t			ic_sz, rbufsz;
236*10946SSangeeta.Misra@Sun.COM 
237*10946SSangeeta.Misra@Sun.COM 
238*10946SSangeeta.Misra@Sun.COM 	if ((ic = i_ilb_alloc_req(ILBD_RETRIEVE_RULE, &ic_sz)) == NULL)
239*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_ENOMEM);
240*10946SSangeeta.Misra@Sun.COM 	rbufsz = sizeof (ilb_comm_t) + sizeof (ilb_rule_info_t);
241*10946SSangeeta.Misra@Sun.COM 	if ((rbuf = malloc(rbufsz)) == NULL) {
242*10946SSangeeta.Misra@Sun.COM 		free(ic);
243*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_ENOMEM);
244*10946SSangeeta.Misra@Sun.COM 	}
245*10946SSangeeta.Misra@Sun.COM 
246*10946SSangeeta.Misra@Sun.COM 	(void) strlcpy((char *)&ic->ic_data,  name, sizeof (ilbd_name_t));
247*10946SSangeeta.Misra@Sun.COM 	rc = i_ilb_do_comm(h, ic, ic_sz, rbuf, &rbufsz);
248*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
249*10946SSangeeta.Misra@Sun.COM 		goto out;
250*10946SSangeeta.Misra@Sun.COM 	if (rbuf->ic_cmd != ILBD_CMD_OK) {
251*10946SSangeeta.Misra@Sun.COM 		rc = *(ilb_status_t *)&rbuf->ic_data;
252*10946SSangeeta.Misra@Sun.COM 		goto out;
253*10946SSangeeta.Misra@Sun.COM 	}
254*10946SSangeeta.Misra@Sun.COM 	rl = (ilb_rule_info_t *)&rbuf->ic_data;
255*10946SSangeeta.Misra@Sun.COM 
256*10946SSangeeta.Misra@Sun.COM 	/*
257*10946SSangeeta.Misra@Sun.COM 	 * Since the IP address representation in ilb_rule_data_t and
258*10946SSangeeta.Misra@Sun.COM 	 * ilb_rule_info_t is different, we need to convert between
259*10946SSangeeta.Misra@Sun.COM 	 * them.
260*10946SSangeeta.Misra@Sun.COM 	 */
261*10946SSangeeta.Misra@Sun.COM 	(void) strlcpy(rd.r_name, rl->rl_name, sizeof (rd.r_name));
262*10946SSangeeta.Misra@Sun.COM 	(void) strlcpy(rd.r_hcname, rl->rl_hcname, sizeof (rd.r_hcname));
263*10946SSangeeta.Misra@Sun.COM 	(void) strlcpy(rd.r_sgname, rl->rl_sgname, sizeof (rd.r_sgname));
264*10946SSangeeta.Misra@Sun.COM 	rd.r_flags = rl->rl_flags;
265*10946SSangeeta.Misra@Sun.COM 	rd.r_proto = rl->rl_proto;
266*10946SSangeeta.Misra@Sun.COM 	rd.r_minport = rl->rl_minport;
267*10946SSangeeta.Misra@Sun.COM 	rd.r_maxport = rl->rl_maxport;
268*10946SSangeeta.Misra@Sun.COM 	rd.r_algo = rl->rl_algo;
269*10946SSangeeta.Misra@Sun.COM 	rd.r_topo = rl->rl_topo;
270*10946SSangeeta.Misra@Sun.COM 	rd.r_conndrain = rl->rl_conndrain;
271*10946SSangeeta.Misra@Sun.COM 	rd.r_nat_timeout = rl->rl_nat_timeout;
272*10946SSangeeta.Misra@Sun.COM 	rd.r_sticky_timeout = rl->rl_sticky_timeout;
273*10946SSangeeta.Misra@Sun.COM 	rd.r_hcport = rl->rl_hcport;
274*10946SSangeeta.Misra@Sun.COM 	rd.r_hcpflag = rl->rl_hcpflag;
275*10946SSangeeta.Misra@Sun.COM 
276*10946SSangeeta.Misra@Sun.COM 	IP_COPY_IMPL_2_CLI(&rl->rl_vip, &rd.r_vip);
277*10946SSangeeta.Misra@Sun.COM 	IP_COPY_IMPL_2_CLI(&rl->rl_nat_src_start, &rd.r_nat_src_start);
278*10946SSangeeta.Misra@Sun.COM 	IP_COPY_IMPL_2_CLI(&rl->rl_nat_src_end, &rd.r_nat_src_end);
279*10946SSangeeta.Misra@Sun.COM 	IP_COPY_IMPL_2_CLI(&rl->rl_stickymask, &rd.r_stickymask);
280*10946SSangeeta.Misra@Sun.COM 
281*10946SSangeeta.Misra@Sun.COM 	rc = f(h, &rd, arg);
282*10946SSangeeta.Misra@Sun.COM 
283*10946SSangeeta.Misra@Sun.COM out:
284*10946SSangeeta.Misra@Sun.COM 	free(ic);
285*10946SSangeeta.Misra@Sun.COM 	free(rbuf);
286*10946SSangeeta.Misra@Sun.COM 	return (rc);
287*10946SSangeeta.Misra@Sun.COM }
288*10946SSangeeta.Misra@Sun.COM 
289*10946SSangeeta.Misra@Sun.COM ilb_status_t
ilb_walk_rules(ilb_handle_t h,rule_walkerfunc_t f,const char * name,void * arg)290*10946SSangeeta.Misra@Sun.COM ilb_walk_rules(ilb_handle_t h, rule_walkerfunc_t f, const char *name,
291*10946SSangeeta.Misra@Sun.COM     void *arg)
292*10946SSangeeta.Misra@Sun.COM {
293*10946SSangeeta.Misra@Sun.COM 	ilb_status_t	rc;
294*10946SSangeeta.Misra@Sun.COM 	ilbd_namelist_t	*names;
295*10946SSangeeta.Misra@Sun.COM 	ilb_comm_t	*rbuf;
296*10946SSangeeta.Misra@Sun.COM 	size_t		rbufsz;
297*10946SSangeeta.Misra@Sun.COM 	int		i;
298*10946SSangeeta.Misra@Sun.COM 
299*10946SSangeeta.Misra@Sun.COM 	if (h == NULL)
300*10946SSangeeta.Misra@Sun.COM 		return (ILB_STATUS_EINVAL);
301*10946SSangeeta.Misra@Sun.COM 
302*10946SSangeeta.Misra@Sun.COM 	if (name != NULL)
303*10946SSangeeta.Misra@Sun.COM 		return (i_ilb_walk_one_rule(h, f, name, arg));
304*10946SSangeeta.Misra@Sun.COM 
305*10946SSangeeta.Misra@Sun.COM 	rc = i_ilb_retrieve_rule_names(h, &rbuf, &rbufsz);
306*10946SSangeeta.Misra@Sun.COM 	if (rc != ILB_STATUS_OK)
307*10946SSangeeta.Misra@Sun.COM 		return (rc);
308*10946SSangeeta.Misra@Sun.COM 
309*10946SSangeeta.Misra@Sun.COM 	names = (ilbd_namelist_t *)&rbuf->ic_data;
310*10946SSangeeta.Misra@Sun.COM 	for (i = 0; i < names->ilbl_count; i++) {
311*10946SSangeeta.Misra@Sun.COM 		rc = i_ilb_walk_one_rule(h, f, names->ilbl_name[i], arg);
312*10946SSangeeta.Misra@Sun.COM 		/*
313*10946SSangeeta.Misra@Sun.COM 		 * The rule may have been removed by another process since
314*10946SSangeeta.Misra@Sun.COM 		 * we retrieve all the rule names, just continue.
315*10946SSangeeta.Misra@Sun.COM 		 */
316*10946SSangeeta.Misra@Sun.COM 		if (rc == ILB_STATUS_ENOENT) {
317*10946SSangeeta.Misra@Sun.COM 			rc = ILB_STATUS_OK;
318*10946SSangeeta.Misra@Sun.COM 			continue;
319*10946SSangeeta.Misra@Sun.COM 		}
320*10946SSangeeta.Misra@Sun.COM 		if (rc != ILB_STATUS_OK)
321*10946SSangeeta.Misra@Sun.COM 			break;
322*10946SSangeeta.Misra@Sun.COM 	}
323*10946SSangeeta.Misra@Sun.COM 
324*10946SSangeeta.Misra@Sun.COM 	free(rbuf);
325*10946SSangeeta.Misra@Sun.COM 	return (rc);
326*10946SSangeeta.Misra@Sun.COM }
327