xref: /illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/ipqosconf/ipqosconf.c (revision 4c28a617e3922d92a58e813a5b955eb526b9c386)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /* enable debug output and some debug asserts */
28 #undef	_IPQOS_CONF_DEBUG
29 
30 #include <stdlib.h>
31 #include <unistd.h>
32 #include <libintl.h>
33 #include <signal.h>
34 #include <strings.h>
35 #include <sys/nvpair.h>
36 #include <stdio.h>
37 #include <netinet/in.h>
38 #include <arpa/inet.h>
39 #include <ctype.h>
40 #include <sys/socket.h>
41 #include <limits.h>
42 #include <netdb.h>
43 #include <fcntl.h>
44 #include <sys/types.h>
45 #include <sys/stat.h>
46 #include <errno.h>
47 #include <libipp.h>
48 #include <ipp/ipp_config.h>
49 #include <ipp/ipgpc/ipgpc.h>
50 #include <ipp/ipp.h>
51 #ifdef	_IPQOS_CONF_DEBUG
52 #include <assert.h>
53 #endif
54 #include <sys/sockio.h>
55 #include <syslog.h>
56 #include <stdarg.h>
57 #include <libintl.h>
58 #include <locale.h>
59 #include <pwd.h>
60 #include "ipqosconf.h"
61 
62 #if	defined(_IPQOS_CONF_DEBUG)
63 
64 /* debug level */
65 static int ipqosconf_dbg_flgs =
66 /*
67  */
68 RBK |
69 MHME |
70 KRET |
71 DIFF |
72 APPLY |
73 L2 |
74 L1 |
75 L0 |
76 0;
77 
78 
79 
80 #define	IPQOSCDBG0(lvl, x)\
81 	if (lvl & ipqosconf_dbg_flgs)\
82 		(void) fprintf(stderr, x)
83 
84 #define	IPQOSCDBG1(lvl, x, y)\
85 	if (lvl & ipqosconf_dbg_flgs)\
86 		(void) fprintf(stderr, x, y)
87 
88 #define	IPQOSCDBG2(lvl, x, y, z)\
89 	if (lvl & ipqosconf_dbg_flgs)\
90 		(void) fprintf(stderr, x, y, z)
91 
92 #define	IPQOSCDBG3(lvl, x, y, z, a)\
93 	if (lvl & ipqosconf_dbg_flgs)\
94 		(void) fprintf(stderr, x, y, z, a)
95 
96 #define	IPQOSCDBG4(lvl, x, y, z, a, b)\
97 	if (lvl & ipqosconf_dbg_flgs)\
98 		(void) fprintf(stderr, x, y, z, a, b)
99 
100 #define	IPQOSCDBG5(lvl, x, y, z, a, b, c)\
101 	if (lvl & ipqosconf_dbg_flgs)\
102 		(void) fprintf(stderr, x, y, z, a, b, c)
103 
104 #else	/* defined(_IPQOS_CONF_DEBUG) && !defined(lint) */
105 
106 #define	IPQOSCDBG0(lvl, x)
107 #define	IPQOSCDBG1(lvl, x, y)
108 #define	IPQOSCDBG2(lvl, x, y, z)
109 #define	IPQOSCDBG3(lvl, x, y, z, a)
110 #define	IPQOSCDBG4(lvl, x, y, z, a, b)
111 #define	IPQOSCDBG5(lvl, x, y, z, a, b, c)
112 
113 #endif	/* defined(_IPQOS_CONF_DEBUG) */
114 
115 
116 
117 /* function prototypes */
118 
119 static int modify_params(char *, nvlist_t **, int, boolean_t);
120 static int add_class(char *, char *, int, boolean_t, char *);
121 static int modify_class(char *, char *, int, boolean_t, char *,
122     enum ipp_flags);
123 static int remove_class(char *, char *, int, enum ipp_flags);
124 static int add_filter(char *, ipqos_conf_filter_t *, int);
125 static int modify_filter(char *, ipqos_conf_filter_t *, int);
126 static int remove_filter(char *, char *, int, int);
127 static boolean_t arrays_equal(int *, int *, uint32_t);
128 static int diffclass(ipqos_conf_class_t *, ipqos_conf_class_t *);
129 static int diffparams(ipqos_conf_params_t *, ipqos_conf_params_t *, char *);
130 static int difffilter(ipqos_conf_filter_t *, ipqos_conf_filter_t *, char *);
131 static int add_filters(ipqos_conf_filter_t *, char *, int, boolean_t);
132 static int add_classes(ipqos_conf_class_t *, char *,  int, boolean_t);
133 static int modify_items(ipqos_conf_action_t *);
134 static int add_items(ipqos_conf_action_t *, boolean_t);
135 static int add_item(ipqos_conf_action_t *, boolean_t);
136 static int remove_items(ipqos_conf_action_t *, boolean_t);
137 static int remove_item(ipqos_conf_action_t *, boolean_t);
138 static int undo_modifys(ipqos_conf_action_t *, ipqos_conf_action_t *);
139 static int applydiff(ipqos_conf_action_t *, ipqos_conf_action_t *);
140 static int rollback(ipqos_conf_action_t *, ipqos_conf_action_t *);
141 static int rollback_recover(ipqos_conf_action_t *);
142 static ipqos_conf_class_t *classexist(char *, ipqos_conf_class_t *);
143 static ipqos_conf_filter_t *filterexist(char *, int, ipqos_conf_filter_t *);
144 static ipqos_conf_action_t *actionexist(char *, ipqos_conf_action_t *);
145 static int diffnvlists(nvlist_t *, nvlist_t *, char *, int *, place_t);
146 static int diffaction(ipqos_conf_action_t *, ipqos_conf_action_t *);
147 static int diffconf(ipqos_conf_action_t *, ipqos_conf_action_t *);
148 static int readllong(char *, long long *, char **);
149 static int readuint8(char *, uint8_t *, char **);
150 static int readuint16(char *, uint16_t *, char **);
151 static int readint16(char *, int16_t *, char **);
152 static int readint32(char *, int *, char **);
153 static int readuint32(char *, uint32_t *, char **);
154 static int readbool(char *, boolean_t *);
155 static void setmask(int, in6_addr_t *, int);
156 static int readtoken(FILE *, char **);
157 static nvpair_t *find_nvpair(nvlist_t *, char *);
158 static char *prepend_module_name(char *, char *);
159 static int readnvpair(FILE *, FILE *, nvlist_t **, nvpair_t **,
160     ipqos_nvtype_t *, place_t, char *);
161 static int add_aref(ipqos_conf_act_ref_t **, char *, char *);
162 static int readparams(FILE *, FILE *, char *, ipqos_conf_params_t *);
163 static int readclass(FILE *, char *, ipqos_conf_class_t **, char **, int);
164 static int readfilter(FILE *, FILE *, char *, ipqos_conf_filter_t **, char **,
165     int);
166 static FILE *validmod(char *, int *);
167 static int readaction(FILE *, ipqos_conf_action_t **);
168 static int actions_unique(ipqos_conf_action_t *, char **);
169 static int validconf(ipqos_conf_action_t *, int);
170 static int readconf(FILE *, ipqos_conf_action_t **);
171 static int flush(boolean_t *);
172 static int atomic_flush(boolean_t);
173 static int flushconf();
174 static int writeconf(ipqos_conf_action_t *, char *);
175 static int commitconf();
176 static int applyconf(char *ifile);
177 static int block_all_signals();
178 static int restore_all_signals();
179 static int unlock(int fd);
180 static int lock();
181 static int viewconf(int);
182 static void usage();
183 static int valid_name(char *);
184 static int in_cycle(ipqos_conf_action_t *);
185 static int readtype(FILE *, char *, char *, ipqos_nvtype_t *, str_val_nd_t **,
186     char *, boolean_t, place_t *);
187 static int read_int_array_info(char *, str_val_nd_t **, uint32_t *, int *,
188     int *, char *);
189 static str_val_nd_t *read_enum_nvs(char *, char *);
190 static int add_str_val_entry(str_val_nd_t **, char *, uint32_t);
191 static void free_str_val_entrys(str_val_nd_t *);
192 static void get_str_val_value_range(str_val_nd_t *, int *, int *);
193 static int read_enum_value(FILE *, char *, str_val_nd_t *, uint32_t *);
194 static int read_mapped_values(FILE *, nvlist_t **, char *, char *,
195     int);
196 static int read_int_array(FILE *, char *, int **, uint32_t, int, int,
197     str_val_nd_t *);
198 static int str_val_list_lookup(str_val_nd_t *, char *, uint32_t *);
199 static int parse_kparams(char *, ipqos_conf_params_t *, nvlist_t *);
200 static int parse_kclass(ipqos_conf_class_t *, nvlist_t *);
201 static int parse_kfilter(ipqos_conf_filter_t *, nvlist_t *);
202 static int parse_kaction(nvlist_t *, ipqos_actinfo_prm_t *);
203 static int readkconf(ipqos_conf_action_t **);
204 static void print_int_array(FILE *, int *, uint32_t, int, int, str_val_nd_t *,
205     int);
206 static void printrange(FILE *fp, uint32_t, uint32_t);
207 static void printenum(FILE *, uint32_t, str_val_nd_t *);
208 static void printproto(FILE *, uint8_t);
209 static void printport(FILE *, uint16_t);
210 static int printnvlist(FILE *, char *, nvlist_t *, int, ipqos_conf_filter_t *,
211     int, place_t);
212 static int virtual_action(char *);
213 static void free_arefs(ipqos_conf_act_ref_t *);
214 static void print_action_nm(FILE *, char *);
215 static int add_orig_ipqosconf(nvlist_t *);
216 static char *get_originator_nm(uint32_t);
217 static void mark_classes_filters_new(ipqos_conf_action_t *);
218 static void mark_classes_filters_del(ipqos_conf_action_t *);
219 static void mark_config_new(ipqos_conf_action_t *);
220 static int printifname(FILE *, int);
221 static int readifindex(char *, int *);
222 static void cleanup_string_table(char **, int);
223 static int domultihome(ipqos_conf_filter_t *, ipqos_conf_filter_t **,
224     boolean_t);
225 static int dup_filter(ipqos_conf_filter_t *, ipqos_conf_filter_t **, int, int,
226     void *, void *, int);
227 static void free_actions(ipqos_conf_action_t *);
228 static ipqos_conf_filter_t *alloc_filter();
229 static void free_filter(ipqos_conf_filter_t *);
230 static int read_curl_begin(FILE *);
231 static ipqos_conf_class_t *alloc_class(void);
232 static int diffclasses(ipqos_conf_action_t *old, ipqos_conf_action_t *new);
233 static int difffilters(ipqos_conf_action_t *old, ipqos_conf_action_t *new);
234 static int dup_class(ipqos_conf_class_t *src, ipqos_conf_class_t **dst);
235 static int add_action(ipqos_conf_action_t *act);
236 static int masktocidr(int af, in6_addr_t *mask);
237 static int read_perm_items(int, FILE *, char *, char ***, int *);
238 static int in_string_table(char *stable[], int size, char *string);
239 static void list_end(ipqos_list_el_t **listp, ipqos_list_el_t ***lendpp);
240 static void add_to_list(ipqos_list_el_t **listp, ipqos_list_el_t *el);
241 static int read_cfile_ver(FILE *, char *);
242 static char *quote_ws_string(const char *);
243 static int read_tfile_ver(FILE *, char *, char *);
244 static int ver_str_to_int(char *);
245 static void printuser(FILE *fp, uid_t uid);
246 static int readuser(char *str, uid_t *uid);
247 
248 /*
249  * macros to call list functions with the more complex list element type
250  * cast to the skeletal type iqpos_list_el_t.
251  */
252 #define	LIST_END(list, end)\
253 	list_end((ipqos_list_el_t **)list,  (ipqos_list_el_t ***)end)
254 #define	ADD_TO_LIST(list, el)\
255 	add_to_list((ipqos_list_el_t **)list, (ipqos_list_el_t *)el)
256 
257 /*
258  *	Macros to produce a quoted string containing the value of a
259  *	preprocessor macro. For example, if SIZE is defined to be 256,
260  *	VAL2STR(SIZE) is "256". This is used to construct format
261  *	strings for scanf-family functions below.
262  */
263 #define	QUOTE(x)	#x
264 #define	VAL2STR(x)	QUOTE(x)
265 
266 
267 /* globals */
268 
269 /* table of supported parameter types and enum value */
270 static str_val_t nv_types[] = {
271 {"uint8",		IPQOS_DATA_TYPE_UINT8},
272 {"int16",		IPQOS_DATA_TYPE_INT16},
273 {"uint16",		IPQOS_DATA_TYPE_UINT16},
274 {"int32",		IPQOS_DATA_TYPE_INT32},
275 {"uint32",		IPQOS_DATA_TYPE_UINT32},
276 {"boolean",		IPQOS_DATA_TYPE_BOOLEAN},
277 {"string",		IPQOS_DATA_TYPE_STRING},
278 {"action",		IPQOS_DATA_TYPE_ACTION},
279 {"address",		IPQOS_DATA_TYPE_ADDRESS},
280 {"port",		IPQOS_DATA_TYPE_PORT},
281 {"protocol",		IPQOS_DATA_TYPE_PROTO},
282 {"enum",		IPQOS_DATA_TYPE_ENUM},
283 {"ifname",		IPQOS_DATA_TYPE_IFNAME},
284 {"mindex",		IPQOS_DATA_TYPE_M_INDEX},
285 {"int_array",		IPQOS_DATA_TYPE_INT_ARRAY},
286 {"user",		IPQOS_DATA_TYPE_USER},
287 {"",			0}
288 };
289 
290 /* table of name to id mappings for originator field */
291 
292 static str_val_t originators[] = {
293 {IPP_CONFIG_NAME_PERMANENT,	IPP_CONFIG_PERMANENT},
294 {IPP_CONFIG_NAME_IPQOSCONF,	IPP_CONFIG_IPQOSCONF},
295 {IPP_CONFIG_NAME_FTPCL,		IPP_CONFIG_FTPCL},
296 {"", -1}
297 };
298 
299 /* current parse line */
300 static int lineno;
301 
302 /* verbose output flag */
303 static int verbose;
304 
305 /* use syslog for msg reporting flag */
306 static int use_syslog;
307 
308 #ifdef	_IPQOS_CONF_DEBUG
309 /*
310  * flag used to indicate that a rollback should be carried out regardless.
311  * Only settable during debug.
312  */
313 static int force_rback = 0;
314 #endif	/* _IPQOS_CONF_DEBUG */
315 
316 /*
317  * delivers messages to either syslog or stderr, dependant upon the
318  * the state of the flags use_syslog and verbose. The type
319  * of the msg as given in msg_type is indicated in the output msg.
320  *
321  * valid message types are:
322  * o  MT_ERROR (standard error message)
323  * o  MT_ENOSTR (error message with system error string appended)
324  * o  MT_WARNING (warning message)
325  * o  MT_LOG (logging message)
326  *
327  * Log messages only go to syslog. Warning messages only go to stderr
328  * and only when the verbose flag is set. All other messages go by default
329  * to the console; to syslog if syslog flag set, and to both if both
330  * syslog and verbose are set.
331  *
332  */
333 /*PRINTFLIKE2*/
334 static void
335 ipqos_msg(enum msg_type msgt, char *format, ...)
336 {
337 	va_list ap;
338 	char str_buf[IPQOS_MSG_BUF_SZ];
339 	char fmt_buf[IPQOS_MSG_BUF_SZ];
340 	char *cp;
341 
342 	IPQOSCDBG0(L1, "In ipqos_msg:\n");
343 
344 	va_start(ap, format);
345 
346 	/*
347 	 * send msgs to syslog if use_syslog set (except warning msgs),
348 	 * or a log msg.
349 	 */
350 	if ((use_syslog && (msgt != MT_WARNING)) || msgt == MT_LOG) {
351 
352 		/* fill in format string */
353 		(void) vsnprintf(str_buf, IPQOS_MSG_BUF_SZ, format, ap);
354 
355 		/*
356 		 * print message to syslog with appropriate severity
357 		 */
358 		if (msgt == MT_ERROR) {
359 			syslog(LOG_ERR, str_buf);
360 		} else if (msgt == MT_LOG) {
361 			syslog(LOG_INFO, str_buf);
362 		/*
363 		 * for errno message type suffix with %m for syslog to
364 		 * interpret.
365 		 */
366 		} else if (msgt == MT_ENOSTR) {
367 			/*
368 			 * remove any newline in message parameter.
369 			 * syslog will reapply a newline for us later.
370 			 */
371 			if ((cp = strchr(str_buf, '\n')) != NULL)
372 				*cp = '\0';
373 			(void) strlcat(str_buf, ": %m", IPQOS_MSG_BUF_SZ);
374 			syslog(LOG_ERR, str_buf);
375 		}
376 	}
377 
378 	/*
379 	 * send msgs to stderr if use_syslog not set (except log msgs), or
380 	 * if verbose set.
381 	 */
382 	if ((!use_syslog && (msgt != MT_LOG)) || (verbose)) {
383 
384 		/*
385 		 * prefix message with appropriate severity string
386 		 */
387 		if (msgt == MT_ERROR) {
388 			(void) strlcpy(fmt_buf, gettext("Error: "),
389 			    IPQOS_MSG_BUF_SZ);
390 		} else if (msgt == MT_WARNING) {
391 			if (!verbose) { /* don't show warn msg if !verbose */
392 				va_end(ap);
393 				return;
394 			}
395 			(void) strlcpy(fmt_buf, gettext("Warning: "),
396 			    IPQOS_MSG_BUF_SZ);
397 		} else if (msgt == MT_ENOSTR) {
398 			(void) strlcpy(fmt_buf, gettext("Error: "),
399 			    IPQOS_MSG_BUF_SZ);
400 		} else if (msgt == MT_LOG) {
401 			(void) strlcpy(fmt_buf, gettext("Notice: "),
402 			    IPQOS_MSG_BUF_SZ);
403 		}
404 		(void) strlcat(fmt_buf, format, IPQOS_MSG_BUF_SZ);
405 
406 		/*
407 		 * for errno message type suffix message with errno string
408 		 */
409 		if (msgt == MT_ENOSTR) {
410 			/*
411 			 * get rid of any newline in passed message.
412 			 * we'll apply another later.
413 			 */
414 			if ((cp = strchr(fmt_buf, '\n')) != NULL)
415 				*cp = '\0';
416 			(void) strlcat(fmt_buf, ": ", IPQOS_MSG_BUF_SZ);
417 			(void) strlcat(fmt_buf, strerror(errno),
418 			    IPQOS_MSG_BUF_SZ);
419 		}
420 
421 		/*
422 		 * append a newline to message if not one already.
423 		 */
424 		if ((cp = strchr(fmt_buf, '\n')) == NULL)
425 			(void) strlcat(fmt_buf, "\n", IPQOS_MSG_BUF_SZ);
426 
427 		(void) vfprintf(stderr, fmt_buf, ap);
428 	}
429 
430 	va_end(ap);
431 }
432 
433 /* **************** kernel filter/class/params manipulation fns *********** */
434 
435 
436 /*
437  * modify the kernel parameters of the action action_nm using the nvlist
438  * parameter nvl and setting the stats according to stats_enable.
439  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
440  */
441 
442 static int
443 modify_params(
444 char *action_name,
445 nvlist_t **nvl,
446 int module_version,
447 boolean_t stats_enable)
448 {
449 
450 	int res;
451 	int created = 0;
452 
453 	IPQOSCDBG1(APPLY, "In modify_params: action: %s\n", action_name);
454 
455 	/* create nvlist if NULL */
456 	if (*nvl == NULL) {
457 		created++;
458 		res = nvlist_alloc(nvl, NV_UNIQUE_NAME, 0);
459 		if (res != 0) {
460 			ipqos_msg(MT_ENOSTR, "nvlist_alloc");
461 			return (IPQOS_CONF_ERR);
462 		}
463 	}
464 
465 	/* add params modify config type */
466 	res = nvlist_add_byte(*nvl, IPP_CONFIG_TYPE, IPP_SET);
467 	if (res != 0) {
468 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
469 		goto fail;
470 	}
471 
472 	/*
473 	 * add module version
474 	 */
475 	if (nvlist_add_uint32(*nvl, IPP_MODULE_VERSION,
476 	    (uint32_t)module_version) != 0) {
477 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
478 		goto fail;
479 	}
480 
481 	/* add stats_enable */
482 	res = nvlist_add_uint32(*nvl, IPP_ACTION_STATS_ENABLE,
483 	    (uint32_t)stats_enable);
484 	if (res != 0) {
485 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
486 		goto fail;
487 	}
488 
489 	/* add ipqosconf as originator */
490 	res = add_orig_ipqosconf(*nvl);
491 	if (res != IPQOS_CONF_SUCCESS) {
492 		goto fail;
493 	}
494 
495 	/* call lib to do modify */
496 	res = ipp_action_modify(action_name, nvl, 0);
497 	if (res != 0) {
498 
499 		/* invalid parameters */
500 
501 		if (errno == EINVAL) {
502 			ipqos_msg(MT_ERROR,
503 			    gettext("Invalid parameters for action %s.\n"),
504 			    action_name);
505 
506 
507 		} else if (errno == ENOENT) {
508 			ipqos_msg(MT_ERROR,
509 			    gettext("Mandatory parameter missing for "
510 			    "action %s.\n"), action_name);
511 
512 
513 		} else {	/* unexpected error */
514 			ipqos_msg(MT_ERROR, gettext("Failed to modify action "
515 			    "%s parameters: %s.\n"), action_name,
516 			    strerror(errno));
517 		}
518 
519 		goto fail;
520 	}
521 
522 	return (IPQOS_CONF_SUCCESS);
523 fail:
524 	if (created && *nvl != NULL) {
525 		nvlist_free(*nvl);
526 		*nvl = NULL;
527 	}
528 	return (IPQOS_CONF_ERR);
529 }
530 
531 /*
532  * add a class to the kernel action action_name called class_name with
533  * stats set according to stats_enable and the first action set to
534  * first_action.
535  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
536  */
537 static int
538 add_class(
539 char *action_name,
540 char *class_name,
541 int module_version,
542 boolean_t stats_enable,
543 char *first_action)
544 {
545 
546 	nvlist_t *nvl;
547 
548 	IPQOSCDBG4(APPLY, "add_class: action: %s, class: %s, "
549 	    "first_action: %s, stats: %s\n", action_name, class_name,
550 	    first_action, (stats_enable == B_TRUE ? "true" : "false"));
551 
552 
553 	/* create nvlist */
554 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
555 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
556 		return (IPQOS_CONF_ERR);
557 	}
558 
559 	/* add 'add class' config type */
560 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_ADD_CLASS) != 0) {
561 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
562 		goto fail;
563 	}
564 
565 	/*
566 	 * add module version
567 	 */
568 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
569 	    (uint32_t)module_version) != 0) {
570 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
571 		goto fail;
572 	}
573 
574 	/* add class name */
575 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, class_name) != 0) {
576 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
577 		goto fail;
578 	}
579 
580 	/* add next action */
581 	if (nvlist_add_string(nvl, CLASSIFIER_NEXT_ACTION, first_action) != 0) {
582 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
583 		goto fail;
584 	}
585 
586 	/* add stats_enable */
587 	if (nvlist_add_uint32(nvl, CLASSIFIER_CLASS_STATS_ENABLE,
588 	    (uint32_t)stats_enable) != 0) {
589 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
590 		goto fail;
591 	}
592 
593 	/* add ipqosconf as originator */
594 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
595 		goto fail;
596 	}
597 
598 	/* call lib to do modify */
599 	if (ipp_action_modify(action_name, &nvl, 0) != 0) {
600 
601 		/* ipgpc max classes */
602 
603 		if (errno == ENOSPC &&
604 		    strcmp(action_name, IPGPC_CLASSIFY) == 0) {
605 			ipqos_msg(MT_ERROR,
606 			    gettext("Max number of classes reached in %s.\n"),
607 			    IPGPC_NAME);
608 
609 		/* other errors */
610 
611 		} else {
612 			ipqos_msg(MT_ERROR,
613 			    gettext("Failed to create class %s in action "
614 			    "%s: %s.\n"), class_name, action_name,
615 			    strerror(errno));
616 		}
617 
618 		goto fail;
619 	}
620 
621 	return (IPQOS_CONF_SUCCESS);
622 fail:
623 	nvlist_free(nvl);
624 	return (IPQOS_CONF_ERR);
625 }
626 
627 
628 /*
629  * modify the class in the kernel action action_name called class_name with
630  * stats set according to stats_enable and the first action set to
631  * first_action.
632  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
633  */
634 static int
635 modify_class(
636 char *action_name,
637 char *class_name,
638 int module_version,
639 boolean_t stats_enable,
640 char *first_action,
641 enum ipp_flags flags)
642 {
643 
644 	nvlist_t *nvl;
645 
646 	IPQOSCDBG5(APPLY, "modify_class: action: %s, class: %s, first: %s, "
647 	    "stats: %s, flags: %x\n", action_name, class_name, first_action,
648 	    stats_enable == B_TRUE ? "true" : "false", flags);
649 
650 
651 	/* create nvlist */
652 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
653 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
654 		return (IPQOS_CONF_ERR);
655 	}
656 
657 	/* add 'modify class' config type */
658 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_MODIFY_CLASS) !=
659 	    0) {
660 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
661 		goto fail;
662 	}
663 
664 	/*
665 	 * add module version
666 	 */
667 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
668 	    (uint32_t)module_version) != 0) {
669 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
670 		goto fail;
671 	}
672 
673 	/* add class name */
674 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, class_name) != 0) {
675 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
676 		goto fail;
677 	}
678 
679 	/* add next action */
680 	if (nvlist_add_string(nvl, CLASSIFIER_NEXT_ACTION, first_action) != 0) {
681 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
682 		goto fail;
683 	}
684 
685 	/* add stats enable */
686 	if (nvlist_add_uint32(nvl, CLASSIFIER_CLASS_STATS_ENABLE,
687 	    (uint32_t)stats_enable) != 0) {
688 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
689 		goto fail;
690 	}
691 
692 	/* add originator ipqosconf */
693 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
694 		goto fail;
695 	}
696 
697 	/* call lib to do modify */
698 	if (ipp_action_modify(action_name, &nvl, flags) != 0) {
699 
700 		/* generic error message */
701 
702 		ipqos_msg(MT_ERROR,
703 		    gettext("Modifying class %s in action %s failed: %s.\n"),
704 		    class_name, action_name, strerror(errno));
705 
706 		goto fail;
707 	}
708 
709 	return (IPQOS_CONF_SUCCESS);
710 fail:
711 	nvlist_free(nvl);
712 	return (IPQOS_CONF_ERR);
713 }
714 
715 /*
716  * removes the class class_name from the kernel action action_name. The
717  * flags argument can currently be set to IPP_ACTION_DESTROY which will
718  * result in the action this class references being destroyed.
719  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
720  */
721 static int
722 remove_class(
723 char *action_name,
724 char *class_name,
725 int module_version,
726 enum ipp_flags flags)
727 {
728 
729 	nvlist_t *nvl;
730 
731 	IPQOSCDBG3(APPLY, "remove_class: action: %s, class: %s, "
732 	    "flags: %x\n", action_name, class_name, flags);
733 
734 	/* allocate nvlist */
735 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
736 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
737 		return (IPQOS_CONF_ERR);
738 	}
739 
740 	/* add 'remove class' config type */
741 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_REMOVE_CLASS) !=
742 	    0) {
743 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
744 		goto fail;
745 	}
746 
747 	/*
748 	 * add module version
749 	 */
750 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
751 	    (uint32_t)module_version) != 0) {
752 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
753 		goto fail;
754 	}
755 
756 	/* add class name */
757 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, class_name) != 0) {
758 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
759 		goto fail;
760 	}
761 
762 	if (ipp_action_modify(action_name, &nvl, flags) != 0) {
763 
764 		/* generic error message */
765 
766 		ipqos_msg(MT_ERROR,
767 		    gettext("Removing class %s in action %s failed: %s.\n"),
768 		    class_name, action_name, strerror(errno));
769 
770 		goto fail;
771 	}
772 
773 	return (IPQOS_CONF_SUCCESS);
774 fail:
775 	nvlist_free(nvl);
776 	return (IPQOS_CONF_ERR);
777 }
778 
779 /*
780  * add the filter flt to the kernel action named action_name.
781  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
782  */
783 static int
784 add_filter(
785 char *action_name,
786 ipqos_conf_filter_t *flt,
787 int module_version)
788 {
789 
790 	nvlist_t *nvl = flt->nvlist;
791 	char ipvsbuf[IPQOS_INT_STR_LEN];
792 
793 	IPQOSCDBG4(APPLY, "add_filter: action: %s, filter: %s, "
794 	    "instance: %d, class: %s\n", action_name, flt->name,
795 	    flt->instance, flt->class_name);
796 
797 
798 	/* add 'add filter' config type to filter nvlist */
799 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_ADD_FILTER) != 0) {
800 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
801 		return (IPQOS_CONF_ERR);
802 	}
803 
804 	/*
805 	 * add module version
806 	 */
807 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
808 	    (uint32_t)module_version) != 0) {
809 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
810 		return (IPQOS_CONF_ERR);
811 	}
812 
813 	/* add filter name to nvlist */
814 	if (nvlist_add_string(nvl, CLASSIFIER_FILTER_NAME, flt->name) != 0) {
815 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
816 		return (IPQOS_CONF_ERR);
817 	}
818 
819 	/* add class name to nvlist */
820 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, flt->class_name) !=
821 	    0) {
822 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
823 		return (IPQOS_CONF_ERR);
824 	}
825 
826 	/* add ipqosconf as originator to nvlist */
827 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
828 		return (IPQOS_CONF_ERR);
829 	}
830 
831 	/* add ipgpc specific nv entrys */
832 	if (strcmp(action_name, IPGPC_CLASSIFY) == 0) {
833 
834 		/* add src and dst nodes to nvlist if present */
835 
836 		if (flt->src_nd_name != NULL &&
837 		    nvlist_add_string(nvl, IPGPC_SADDR_HOSTNAME,
838 		    flt->src_nd_name) != 0) {
839 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
840 			return (IPQOS_CONF_ERR);
841 		}
842 		if (flt->dst_nd_name != NULL &&
843 		    nvlist_add_string(nvl, IPGPC_DADDR_HOSTNAME,
844 		    flt->dst_nd_name) != 0) {
845 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
846 			return (IPQOS_CONF_ERR);
847 		}
848 
849 		/*
850 		 * add ip_version to private list element if present.
851 		 * NOTE: this value is of only real use to ipqosconf so
852 		 * it is placed in this opaque private field.
853 		 */
854 		if (flt->ip_versions != 0) {
855 			(void) sprintf(ipvsbuf, "%d", flt->ip_versions);
856 			if (nvlist_add_string(nvl, IPGPC_FILTER_PRIVATE,
857 			    ipvsbuf) != 0) {
858 				ipqos_msg(MT_ENOSTR, "nvlist_add_string");
859 				return (IPQOS_CONF_ERR);
860 			}
861 		}
862 
863 		/* add filter instance if present */
864 
865 		if (nvlist_add_int32(nvl, IPGPC_FILTER_INSTANCE,
866 		    flt->instance) != 0) {
867 			ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
868 			return (IPQOS_CONF_ERR);
869 		}
870 	}
871 
872 	if (ipp_action_modify(action_name, &flt->nvlist, 0) != 0) {
873 
874 		/* invalid parameters */
875 
876 		if (errno == EINVAL) {
877 			ipqos_msg(MT_ERROR,
878 			    gettext("Invalid/missing parameters for filter "
879 			    "%s in action %s.\n"), flt->name, action_name);
880 
881 		/* max ipgpc filters/classes */
882 
883 		} else if (errno == ENOSPC &&
884 		    strcmp(action_name, IPGPC_CLASSIFY) == 0) {
885 			ipqos_msg(MT_ERROR, gettext("Max number of filters "
886 			    "reached in action %s.\n"), IPGPC_NAME);
887 
888 		/* anything other errnos */
889 		} else {
890 			ipqos_msg(MT_ERROR,
891 			    gettext("Failed to create filter %s in action "
892 			    "%s: %s.\n"), flt->name, action_name,
893 			    strerror(errno));
894 		}
895 
896 		return (IPQOS_CONF_ERR);
897 	}
898 
899 	return (IPQOS_CONF_SUCCESS);
900 }
901 
902 
903 /*
904  * modify the filter flt in the kernel action named action_name.
905  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
906  */
907 static int
908 modify_filter(
909 char *action_name,
910 ipqos_conf_filter_t *flt,
911 int module_version)
912 {
913 
914 	nvlist_t *nvl = flt->nvlist;
915 	char ipvsbuf[IPQOS_INT_STR_LEN];
916 
917 	IPQOSCDBG4(APPLY, "modify_filter: action: %s, filter: %s, "
918 	    "instance: %d, class: %s\n", action_name, flt->name,
919 	    flt->instance, flt->class_name);
920 
921 /* show src address and dst address if present */
922 #ifdef	_IPQOS_CONF_DEBUG
923 	if (ipqosconf_dbg_flgs & APPLY) {
924 		uint_t tmp;
925 		in6_addr_t *add;
926 		char st[100];
927 
928 		if (nvlist_lookup_uint32_array(nvl, IPGPC_SADDR,
929 		    (uint32_t **)&add, &tmp) == 0) {
930 			(void) fprintf(stderr, "saddr: %s\n",
931 			    inet_ntop(AF_INET6, add, st, 100));
932 		}
933 
934 		if (nvlist_lookup_uint32_array(nvl, IPGPC_DADDR,
935 		    (uint32_t **)&add, &tmp) == 0) {
936 			(void) fprintf(stderr, "daddr: %s\n",
937 			    inet_ntop(AF_INET6, add, st, 100));
938 		}
939 	}
940 #endif	/* _IPQOS_CONF_DEBUG */
941 
942 	/* add 'modify filter' config type to filters nvlist */
943 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE,
944 	    CLASSIFIER_MODIFY_FILTER) != 0) {
945 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
946 		return (IPQOS_CONF_ERR);
947 	}
948 
949 	/*
950 	 * add module version
951 	 */
952 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
953 	    (uint32_t)module_version) != 0) {
954 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
955 		return (IPQOS_CONF_ERR);
956 	}
957 
958 	/* add filter name to nvlist */
959 	if (nvlist_add_string(nvl, CLASSIFIER_FILTER_NAME, flt->name) != 0) {
960 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
961 		return (IPQOS_CONF_ERR);
962 	}
963 
964 	/* add class name to nvlist */
965 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, flt->class_name) !=
966 	    0) {
967 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
968 		return (IPQOS_CONF_ERR);
969 	}
970 
971 	/* add originator ipqosconf to nvlist */
972 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
973 		return (IPQOS_CONF_ERR);
974 	}
975 
976 	/* add ipgpc specific nvpairs */
977 	if (strcmp(action_name, IPGPC_CLASSIFY) == 0) {
978 
979 		/* add src and dst nodes to nvlist if present */
980 
981 		if (flt->src_nd_name &&
982 		    nvlist_add_string(nvl, IPGPC_SADDR_HOSTNAME,
983 		    flt->src_nd_name) != 0) {
984 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
985 			return (IPQOS_CONF_ERR);
986 		}
987 		if (flt->dst_nd_name &&
988 		    nvlist_add_string(nvl, IPGPC_DADDR_HOSTNAME,
989 		    flt->dst_nd_name) != 0) {
990 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
991 			return (IPQOS_CONF_ERR);
992 		}
993 
994 		/*
995 		 * add ip_version to private list element if present.
996 		 * NOTE: this value is of only real use to ipqosconf so
997 		 * it is placed in this opaque private field.
998 		 */
999 		if (flt->ip_versions != 0) {
1000 			(void) sprintf(ipvsbuf, "%d", flt->ip_versions);
1001 			if (nvlist_add_string(nvl, IPGPC_FILTER_PRIVATE,
1002 			    ipvsbuf) != 0) {
1003 				ipqos_msg(MT_ENOSTR, "nvlist_add_string");
1004 				return (IPQOS_CONF_ERR);
1005 			}
1006 		}
1007 
1008 		/* add filter instance if present */
1009 
1010 		if (nvlist_add_int32(nvl, IPGPC_FILTER_INSTANCE,
1011 		    flt->instance) != 0) {
1012 			ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
1013 			return (IPQOS_CONF_ERR);
1014 		}
1015 	}
1016 
1017 	if (ipp_action_modify(action_name, &flt->nvlist, 0) != 0) {
1018 
1019 		/* invalid parameters */
1020 
1021 		if (errno == EINVAL) {
1022 			ipqos_msg(MT_ERROR, gettext("Missing/Invalid "
1023 			    "parameter for filter %s in action %s.\n"),
1024 			    flt->name, action_name);
1025 
1026 		/* any other errnos */
1027 
1028 		} else {
1029 			ipqos_msg(MT_ERROR,
1030 			    gettext("Failed to modify filter %s in action %s: "
1031 			    "%s.\n"), flt->name, action_name, strerror(errno));
1032 		}
1033 
1034 		return (IPQOS_CONF_ERR);
1035 	}
1036 
1037 	return (IPQOS_CONF_SUCCESS);
1038 }
1039 
1040 /*
1041  * remove the filter named filter_name instance number instance from the
1042  * kernel action action_name.
1043  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
1044  */
1045 static int
1046 remove_filter(
1047 char *action_name,
1048 char *filter_name,
1049 int instance,
1050 int module_version)
1051 {
1052 
1053 	nvlist_t *nvl;
1054 
1055 	IPQOSCDBG2(APPLY, "remove_filter: action: %s, filter: %s\n",
1056 	    action_name, filter_name);
1057 
1058 	/* create nvlist */
1059 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
1060 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
1061 		return (IPQOS_CONF_ERR);
1062 	}
1063 
1064 	/* add 'remove filter' config type to list */
1065 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_REMOVE_FILTER)
1066 	!= 0) {
1067 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
1068 		return (IPQOS_CONF_ERR);
1069 	}
1070 
1071 	/*
1072 	 * add module version
1073 	 */
1074 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
1075 	    (uint32_t)module_version) != 0) {
1076 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
1077 		return (IPQOS_CONF_ERR);
1078 	}
1079 
1080 	/* add filter name to list */
1081 	if (nvlist_add_string(nvl, CLASSIFIER_FILTER_NAME, filter_name) != 0) {
1082 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
1083 		return (IPQOS_CONF_ERR);
1084 	}
1085 
1086 	/* add instance number if part of multi-instance filter */
1087 	if (instance != -1 && nvlist_add_int32(nvl, IPGPC_FILTER_INSTANCE,
1088 	    instance) != 0) {
1089 		ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
1090 		return (IPQOS_CONF_ERR);
1091 	}
1092 
1093 	/* call into lib to remove */
1094 	if (ipp_action_modify(action_name, &nvl, 0) != 0) {
1095 
1096 		/* generic error message */
1097 
1098 		ipqos_msg(MT_ERROR,
1099 		    gettext("Removing filter %s in action %s failed: %s.\n"),
1100 		    filter_name, action_name, strerror(errno));
1101 
1102 		return (IPQOS_CONF_ERR);
1103 	}
1104 
1105 	return (IPQOS_CONF_SUCCESS);
1106 }
1107 
1108 /* ******************************************************************* */
1109 
1110 
1111 /*
1112  * add originator nvpair set to ipqosconf to nvl.
1113  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
1114  */
1115 static int
1116 add_orig_ipqosconf(nvlist_t *nvl)
1117 {
1118 
1119 	if (nvlist_add_uint32(nvl, IPP_CONFIG_ORIGINATOR,
1120 	    IPP_CONFIG_IPQOSCONF) != 0) {
1121 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32: originator:");
1122 		return (IPQOS_CONF_ERR);
1123 	}
1124 
1125 	return (IPQOS_CONF_SUCCESS);
1126 }
1127 
1128 /* ************************* differencing functions ************************ */
1129 
1130 
1131 /*
1132  * compares the contents of arrays array1 and array2, both of size size, and
1133  * returns B_TRUE or B_FALSE if they're equal or not respectively.
1134  * RETURNS: B_TRUE if equal, else B_FALSE.
1135  */
1136 static boolean_t
1137 arrays_equal(
1138 int array1[],
1139 int array2[],
1140 uint32_t size)
1141 {
1142 	int x;
1143 
1144 	for (x = 0; x < size; x++) {
1145 		if (array1[x] != array2[x])
1146 			return (B_FALSE);
1147 	}
1148 	return (B_TRUE);
1149 }
1150 
1151 /*
1152  * difference class old against class new. It marks the new class as
1153  * modified if it is different.
1154  * RETURNS: IPQOS_CONF_SUCCESS.
1155  */
1156 static int
1157 diffclass(
1158 ipqos_conf_class_t *old,
1159 ipqos_conf_class_t *new)
1160 {
1161 
1162 	IPQOSCDBG0(L0, "In diffclass:\n");
1163 
1164 	/* two different spec'd actions */
1165 	if (strcmp(old->alist->name, new->alist->name) != 0) {
1166 		IPQOSCDBG1(DIFF, "marking class %s as modified\n", new->name);
1167 
1168 		new->modified = B_TRUE;
1169 		return (IPQOS_CONF_SUCCESS);
1170 	}
1171 
1172 	/* different stats values */
1173 	if (old->stats_enable != new->stats_enable) {
1174 		IPQOSCDBG1(DIFF, "marking class %s as modified\n", new->name);
1175 
1176 		new->modified = B_TRUE;
1177 		return (IPQOS_CONF_SUCCESS);
1178 	}
1179 
1180 	return (IPQOS_CONF_SUCCESS);
1181 }
1182 
1183 /*
1184  * difference params set old against params set new of module module_name. It
1185  * marks the new params as modified if different.
1186  * RETURNS: if error IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
1187  */
1188 static int
1189 diffparams(
1190 ipqos_conf_params_t *old,
1191 ipqos_conf_params_t *new,
1192 char *module_name)
1193 {
1194 
1195 	int diff;
1196 	int res;
1197 
1198 	IPQOSCDBG0(L0, "In diffparams\n");
1199 
1200 	/* diff stats */
1201 	if (old->stats_enable != new->stats_enable) {
1202 
1203 		new->modified = B_TRUE;
1204 		return (IPQOS_CONF_SUCCESS);
1205 	}
1206 
1207 	/* diff module specific params */
1208 	res = diffnvlists(old->nvlist, new->nvlist, module_name, &diff,
1209 	    PL_PARAMS);
1210 	if (res != IPQOS_CONF_SUCCESS) {
1211 		return (res);
1212 	}
1213 	if (diff) {
1214 
1215 		new->modified = B_TRUE;
1216 	}
1217 
1218 	return (IPQOS_CONF_SUCCESS);
1219 }
1220 
1221 /*
1222  * differences filter old against filter new of module module_name. It marks
1223  * filter new as different if so.
1224  * RETURNS: if error IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
1225  */
1226 static int
1227 difffilter(
1228 ipqos_conf_filter_t *old,
1229 ipqos_conf_filter_t *new,
1230 char *module_name)
1231 {
1232 
1233 	int res;
1234 	int diff;
1235 
1236 	IPQOSCDBG0(L0, "In difffilter\n");
1237 
1238 	/* compare class name */
1239 
1240 	if (strcmp(old->class_name, new->class_name) != 0) {
1241 		IPQOSCDBG1(DIFF, "Marking filter %s as modified\n", new->name);
1242 
1243 		new->modified = B_TRUE;
1244 		return (IPQOS_CONF_SUCCESS);
1245 	}
1246 
1247 	/* compare module specific params */
1248 
1249 	res = diffnvlists(old->nvlist, new->nvlist, module_name, &diff,
1250 	    PL_FILTER);
1251 	if (res != IPQOS_CONF_SUCCESS) {
1252 		return (res);
1253 	}
1254 
1255 	if (diff) {
1256 		IPQOSCDBG1(DIFF, "Marking filter %s as modified\n", new->name);
1257 		new->modified = B_TRUE;
1258 	}
1259 
1260 	return (IPQOS_CONF_SUCCESS);
1261 }
1262 
1263 
1264 /*
1265  * mark all the filters and classes in parameter action either
1266  * for deletion (if they are ipqosconf originated) or for modification.
1267  */
1268 static void
1269 mark_classes_filters_del(ipqos_conf_action_t *action)
1270 {
1271 
1272 	ipqos_conf_filter_t *flt;
1273 	ipqos_conf_class_t *cls;
1274 
1275 	IPQOSCDBG1(L1, "In mark_classes_filters_del: action: %s\n",
1276 	    action->name);
1277 
1278 	/* mark all non-permanent filters for del and permanent to modify */
1279 	for (flt = action->filters; flt; flt = flt->next) {
1280 		if (flt->originator == IPP_CONFIG_PERMANENT) {
1281 			IPQOSCDBG1(DIFF, "Marking prm filter %s as modified.\n",
1282 			    flt->name);
1283 
1284 			flt->modified = B_TRUE;
1285 		} else {
1286 			IPQOSCDBG1(DIFF, "Marking filter %s as del.\n",
1287 			    flt->name);
1288 
1289 			flt->todel = B_TRUE;
1290 		}
1291 	}
1292 
1293 	/* mark all non-permanent classes for del and permanent to modify */
1294 	for (cls = action->classes; cls; cls = cls->next) {
1295 		if (cls->originator == IPP_CONFIG_PERMANENT) {
1296 			IPQOSCDBG1(DIFF, "Marking prm class %s as modified.\n",
1297 			    cls->name);
1298 
1299 			cls->modified = B_TRUE;
1300 		} else {
1301 			IPQOSCDBG1(DIFF, "Marking class %s as del.\n",
1302 			    cls->name);
1303 
1304 			cls->todel = B_TRUE;
1305 		}
1306 	}
1307 }
1308 
1309 /*
1310  * mark all classes and filters either new (non-permanent) or modified.
1311  */
1312 static void
1313 mark_classes_filters_new(ipqos_conf_action_t *action)
1314 {
1315 
1316 	ipqos_conf_filter_t *flt;
1317 	ipqos_conf_class_t *cls;
1318 
1319 	IPQOSCDBG1(L1, "In mark_classes_filters_new: action: %s\n",
1320 	    action->name);
1321 
1322 	/* mark all permanent filters as modified and all others new */
1323 
1324 	for (flt = action->filters; flt; flt = flt->next) {
1325 		if (flt->originator == IPP_CONFIG_PERMANENT) {
1326 			IPQOSCDBG1(DIFF, "Marking prm filter %s as modified.\n",
1327 			    flt->name);
1328 
1329 			flt->modified = B_TRUE;
1330 			action->modified = B_TRUE;
1331 		} else {
1332 			IPQOSCDBG1(DIFF, "Marking filter %s as new.\n",
1333 			    flt->name);
1334 
1335 			flt->new = B_TRUE;
1336 		}
1337 	}
1338 
1339 	/* mark all permanent classes as modified and all others new */
1340 	for (cls = action->classes; cls; cls = cls->next) {
1341 		if (cls->originator == IPP_CONFIG_PERMANENT) {
1342 			IPQOSCDBG1(DIFF, "Marking prm class %s as modified.\n",
1343 			    cls->name);
1344 
1345 			cls->modified = B_TRUE;
1346 			action->modified = B_TRUE;
1347 		} else {
1348 			IPQOSCDBG1(DIFF, "Marking class %s as new.\n",
1349 			    cls->name);
1350 
1351 			cls->new = B_TRUE;
1352 		}
1353 	}
1354 }
1355 
1356 /*
1357  * Marks all the actions and their constituent elements in conf
1358  * as new.
1359  */
1360 static void
1361 mark_config_new(
1362 ipqos_conf_action_t *conf)
1363 {
1364 	while (conf != NULL) {
1365 		IPQOSCDBG1(DIFF, "Marking action %s as new\n", conf->name);
1366 		mark_classes_filters_new(conf);
1367 		conf->new = B_TRUE;
1368 		conf->visited = 0;
1369 		conf = conf->next;
1370 	}
1371 }
1372 
1373 /*
1374  * differences the configuration  in new against old marking the actions
1375  * and their contents appropriately.
1376  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
1377  */
1378 static int
1379 diffconf(
1380 ipqos_conf_action_t *old,
1381 ipqos_conf_action_t *new)
1382 {
1383 
1384 	int res;
1385 	ipqos_conf_action_t *act;
1386 	ipqos_conf_action_t *tmp;
1387 
1388 	IPQOSCDBG0((L0 | DIFF), "In diffconf\n");
1389 
1390 	/* check the new actions against the old */
1391 
1392 	for (act = new; act; act = act->next) {
1393 
1394 		/* if action not in old mark it and it's contents as new */
1395 
1396 		if ((tmp = actionexist(act->name, old)) == NULL) {
1397 			IPQOSCDBG1(DIFF, "marking act %s as new\n", act->name);
1398 
1399 			act->new = B_TRUE;
1400 			mark_classes_filters_new(act);
1401 			continue;
1402 		}
1403 
1404 		/* if action in old diff old against new */
1405 
1406 		res = diffaction(tmp, act);
1407 		if (res != IPQOS_CONF_SUCCESS) {
1408 			return (res);
1409 		}
1410 	}
1411 
1412 	/*
1413 	 * mark actions, and their contents, in old but not new that were
1414 	 * created by us for del.
1415 	 */
1416 
1417 	for (act = old; act; act = act->next) {
1418 		if (act->params->originator == IPP_CONFIG_IPQOSCONF &&
1419 		    actionexist(act->name, new) == NULL) {
1420 			IPQOSCDBG1(DIFF, "marking act %s for del\n", act->name);
1421 
1422 			act->todel = B_TRUE;
1423 			mark_classes_filters_del(act);
1424 		}
1425 	}
1426 
1427 	return (IPQOS_CONF_SUCCESS);
1428 }
1429 
1430 /*
1431  * differences action old against action new, comparing its classes, filters
1432  * and parameters. If it is different the new action is marked as modified
1433  * and it's different sub-objects are also marked approriately.
1434  * RETURNS: IPQOS_CONF_ERR if error, else IPQOS_CONF_SUCCESS.
1435  */
1436 static int
1437 diffaction(
1438 ipqos_conf_action_t *old,
1439 ipqos_conf_action_t *new)
1440 {
1441 
1442 	int res;
1443 
1444 	IPQOSCDBG0(L0, "In diffaction\n");
1445 
1446 	/* compare and mark classes */
1447 	res = diffclasses(old, new);
1448 	if (res != IPQOS_CONF_SUCCESS) {
1449 		return (res);
1450 	}
1451 
1452 	/* compare and mark filters */
1453 	res = difffilters(old, new);
1454 	if (res != IPQOS_CONF_SUCCESS) {
1455 		return (res);
1456 	}
1457 
1458 	/* compare and mark parameters */
1459 	res = diffparams(old->params, new->params, old->module);
1460 	if (res != IPQOS_CONF_SUCCESS) {
1461 		return (res);
1462 	}
1463 
1464 	/* mark action as modified if params are */
1465 	if (new->params->modified == B_TRUE) {
1466 		IPQOSCDBG1(DIFF, "Marking params for action %s modified\n",
1467 		    new->name);
1468 
1469 		new->modified = B_TRUE;
1470 	}
1471 
1472 	return (IPQOS_CONF_SUCCESS);
1473 }
1474 
1475 /*
1476  * differences the set of classes in new against those in old, marking any
1477  * that are new/modified, approriately in the new class, and any removed
1478  * in the old class appropriately. Also marks the action which has had an
1479  * object within marked, as modified.
1480  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
1481  */
1482 
1483 static int
1484 diffclasses(
1485 ipqos_conf_action_t *old,
1486 ipqos_conf_action_t *new)
1487 {
1488 
1489 
1490 	ipqos_conf_class_t *cls;
1491 	ipqos_conf_class_t *tmpc;
1492 	ipqos_conf_class_t *ncls;
1493 	int res;
1494 
1495 
1496 	/* loop through old classes checking for classes not present in new */
1497 
1498 	for (cls = old->classes; cls; cls = cls->next) {
1499 
1500 		if (classexist(cls->name, new->classes) == NULL) {
1501 
1502 			/* if we created original class mark for deletion */
1503 
1504 			if (cls->originator == IPP_CONFIG_IPQOSCONF) {
1505 				IPQOSCDBG1(DIFF, "marking class %s for del\n",
1506 				    cls->name);
1507 
1508 				cls->todel = B_TRUE;
1509 
1510 				/* mark old action */
1511 				old->modified = B_TRUE;
1512 
1513 			/*
1514 			 * if permanent class and next action created by us
1515 			 * copy it, set it's next action to continue and
1516 			 * add it to new action. This will cause the class
1517 			 * to be marked as and modified. This returns the class
1518 			 * to an assumed default state and prevents the
1519 			 * case where the class is pointing at an action
1520 			 * we want to remove and therefore couldn't without
1521 			 * this forced modify.
1522 			 */
1523 			} else if (cls->originator == IPP_CONFIG_PERMANENT &&
1524 			    cls->alist->action &&	/* not virtual action */
1525 			    cls->alist->action->params->originator ==
1526 			    IPP_CONFIG_IPQOSCONF) {
1527 
1528 				/* copy class */
1529 
1530 				res = dup_class(cls, &ncls);
1531 				if (res != IPQOS_CONF_SUCCESS) {
1532 					return (IPQOS_CONF_ERR);
1533 				}
1534 
1535 				/* set next action to continue */
1536 
1537 				(void) strcpy(ncls->alist->name,
1538 				    IPP_ANAME_CONT);
1539 
1540 				/* add to news classes to be diffed below */
1541 				ADD_TO_LIST(&new->classes, ncls);
1542 			}
1543 		}
1544 	}
1545 
1546 	/* loop through new classes checking for new / modified classes */
1547 
1548 	for (cls = new->classes; cls; cls = cls->next) {
1549 
1550 		/* new ipqosconf class */
1551 
1552 		if ((tmpc = classexist(cls->name, old->classes)) == NULL ||
1553 		    (tmpc->originator != IPP_CONFIG_IPQOSCONF &&
1554 		    tmpc->originator != IPP_CONFIG_PERMANENT)) {
1555 			IPQOSCDBG1(DIFF, "marking class %s new\n",
1556 			    cls->name);
1557 
1558 			cls->new = B_TRUE;
1559 
1560 			new->modified = B_TRUE;	/* mark new action */
1561 			continue;
1562 
1563 		/* existing ipqosconf/perm class */
1564 		} else {
1565 			res = diffclass(tmpc, cls);
1566 			if (res != IPQOS_CONF_SUCCESS) {
1567 				return (res);
1568 			}
1569 
1570 			if (cls->modified == B_TRUE) {
1571 				new->modified = B_TRUE;
1572 			}
1573 		}
1574 	}
1575 
1576 	return (IPQOS_CONF_SUCCESS);
1577 }
1578 
1579 /*
1580  * differences the set of filters in new against those in old, marking any
1581  * that are new/modified, approriately in the new filter/s, and any removed
1582  * in the old filter appropriately. Also marks the action which has had an
1583  * object within marked, as modified.
1584  * RETURNS: IPQOS_CONF_SUCCESS (we return an int for symmetry with diffclasses
1585  * and difffparams).
1586  */
1587 static int
1588 difffilters(
1589 ipqos_conf_action_t *old,
1590 ipqos_conf_action_t *new)
1591 {
1592 
1593 	ipqos_conf_filter_t *flt;
1594 	ipqos_conf_filter_t *tmpf;
1595 	int maxi;
1596 	int newi;
1597 	int res;
1598 
1599 	/* check for new/modified filters */
1600 
1601 	for (flt = new->filters; flt; flt = flt->next) {
1602 
1603 		/* new ipqosconf filter */
1604 
1605 		if ((tmpf = filterexist(flt->name, -1, old->filters)) == NULL) {
1606 
1607 			/* mark all instances of this filter as new */
1608 			for (;;) {
1609 				IPQOSCDBG1(DIFF, "Marking filter %s as "
1610 				    "new\n", flt->name);
1611 
1612 				flt->new = B_TRUE;
1613 
1614 
1615 				if (flt->next == NULL ||
1616 				    strcmp(flt->next->name, flt->name) != 0) {
1617 					break;
1618 				}
1619 				flt = flt->next;
1620 			}
1621 			new->modified = B_TRUE;	/* mark new action */
1622 
1623 		/* ipqosconf/permanent filter existed */
1624 		} else {
1625 			/*
1626 			 * if ip node name force filter refresh - ie. mark
1627 			 * all old filter instances as todel and all new new.
1628 			 */
1629 			if (tmpf->src_nd_name || tmpf->dst_nd_name ||
1630 			    flt->src_nd_name || flt->dst_nd_name) {
1631 
1632 				/* init max previous filter instance */
1633 				maxi = tmpf->instance;
1634 
1635 				/* mark old instances for deletion */
1636 				do {
1637 					IPQOSCDBG2(DIFF, "Marking filter "
1638 					    "%s, instance %d for del\n",
1639 					    tmpf->name, tmpf->instance);
1640 
1641 					tmpf->todel = B_TRUE;
1642 
1643 					/*
1644 					 * check and update previous instance
1645 					 * max.
1646 					 */
1647 					if (tmpf->instance > maxi) {
1648 						maxi = tmpf->instance;
1649 					}
1650 
1651 					tmpf = tmpf->next;
1652 				} while (tmpf != NULL &&
1653 					strcmp(tmpf->name, flt->name) == 0);
1654 
1655 				/*
1656 				 * use the max previous instance + 1 for
1657 				 * the start of the new instance numbers.
1658 				 */
1659 				newi = (uint32_t)++maxi % INT_MAX;
1660 
1661 				/*
1662 				 * mark new instances for addition and
1663 				 * give new instance number.
1664 				 */
1665 				for (;;) {
1666 					IPQOSCDBG2(DIFF, "Marking filter "
1667 					    "%s, instance %d as new\n",
1668 					    flt->name, newi);
1669 
1670 					flt->new = B_TRUE;
1671 					flt->instance = newi++;
1672 					if (flt->next == NULL ||
1673 					    strcmp(flt->next->name,
1674 					    flt->name) != 0) {
1675 						break;
1676 					}
1677 					flt = flt->next;
1678 				}
1679 				new->modified = B_TRUE; /* mark new action */
1680 
1681 				/* mark old action */
1682 				old->modified = B_TRUE;
1683 
1684 			/* non-node name filter */
1685 			} else {
1686 				/* compare and mark as modified if diff */
1687 
1688 				res = difffilter(tmpf, flt, new->module);
1689 				if (res != IPQOS_CONF_SUCCESS) {
1690 					return (res);
1691 				}
1692 				if (flt->modified == B_TRUE) {
1693 					/* mark action if diff */
1694 					new->modified = B_TRUE;
1695 				}
1696 			}
1697 		}
1698 	}
1699 
1700 	/*
1701 	 * Check for deleted ipqosconf created filters and mark
1702 	 * any found for deletion.
1703 	 * For non-ipqosconf generated filters, including permanent
1704 	 * ones (none of these exist at the moment) we just leave
1705 	 * the filter unmarked.
1706 	 */
1707 	for (flt = old->filters; flt; flt = flt->next) {
1708 
1709 		if (flt->originator == IPP_CONFIG_IPQOSCONF &&
1710 		    filterexist(flt->name, -1, new->filters) == NULL) {
1711 
1712 			/* mark all old instances for deletions */
1713 			for (;;) {
1714 				IPQOSCDBG2(DIFF, "marking flt %s, inst %d "
1715 				    "for del\n", flt->name, flt->instance);
1716 
1717 				flt->todel = B_TRUE;
1718 				old->modified = B_TRUE; /* mark old action */
1719 
1720 				if (flt->next == NULL ||
1721 				    strcmp(flt->next->name, flt->name) != 0) {
1722 					break;
1723 				}
1724 				flt = flt->next;
1725 			}
1726 		}
1727 	}
1728 
1729 	return (IPQOS_CONF_SUCCESS);
1730 }
1731 
1732 
1733 /*
1734  * differences the elements of nvlists old and new using the types file
1735  * for module name to interpret the element types. It sets pdiff to either
1736  * 0 or 1 if they are the same or different respectively.
1737  * RETURNS: IPQOS_CONF_ERR if any errors, else IPQOS_CONF_SUCCESS.
1738  */
1739 static int
1740 diffnvlists(
1741 nvlist_t *old,
1742 nvlist_t *new,
1743 char *module_name,
1744 int *pdiff,
1745 place_t place)
1746 {
1747 
1748 	int first_pass = 1;
1749 	nvlist_t *tmp;
1750 	int res;
1751 	nvpair_t *nvp;
1752 	FILE *tfp;
1753 	str_val_nd_t *enum_nvs;
1754 	char dfltst[IPQOS_VALST_MAXLEN+1] = "";
1755 	char *lo;
1756 	ipqos_nvtype_t type;
1757 	char *nme;
1758 	int diff;
1759 	int openerr;
1760 
1761 
1762 	IPQOSCDBG0(L0, "In diffnvlists\n");
1763 
1764 	/* open stream to types file */
1765 
1766 	tfp = validmod(module_name, &openerr);
1767 	if (tfp == NULL) {
1768 		if (openerr) {
1769 			ipqos_msg(MT_ENOSTR, "fopen");
1770 		}
1771 		return (IPQOS_CONF_ERR);
1772 	}
1773 start:
1774 	/*
1775 	 * loop through each of the elements of the new list comparing
1776 	 * it with the old one if present. If the old one isn't present
1777 	 * then it is compared with the default value for that type (if
1778 	 * set). Any time the values are determined to be different
1779 	 * or the default value is to be used but isn't present the diff
1780 	 * param is set to 1 and we return.
1781 	 *
1782 	 * If the loop runs its course then the new and old nvlists are
1783 	 * reversed and the loop is entered for a second time.
1784 	 */
1785 	nvp = nvlist_next_nvpair(new, NULL);
1786 	while (nvp != NULL) {
1787 
1788 		/* get name */
1789 		nme = nvpair_name(nvp);
1790 
1791 		/*
1792 		 * get type.
1793 		 */
1794 		place = PL_ANY;
1795 		res = readtype(tfp, module_name, SHORT_NAME(nme), &type,
1796 		    &enum_nvs, dfltst, B_TRUE, &place);
1797 		if (res != IPQOS_CONF_SUCCESS) {
1798 			return (res);
1799 		}
1800 
1801 		/* init diff to 1 */
1802 		diff = 1;
1803 
1804 		switch (type) {
1805 
1806 		/* interface name */
1807 		case IPQOS_DATA_TYPE_IFINDEX: {
1808 			uint32_t ifidx;
1809 			uint32_t oifidx;
1810 
1811 			/* get new value */
1812 			(void) nvpair_value_uint32(nvp, &ifidx);
1813 
1814 			/* compare against old if present */
1815 
1816 			res = nvlist_lookup_uint32(old, nme, &oifidx);
1817 			if (res == 0) {
1818 				/* diff values */
1819 				diff = (ifidx != oifidx);
1820 
1821 			/* not in old so see if new value is default */
1822 
1823 			} else {
1824 				diff = (ifidx != 0);
1825 			}
1826 			break;
1827 		}
1828 		/* protocol */
1829 		case IPQOS_DATA_TYPE_PROTO: {
1830 			uchar_t proto;
1831 			uchar_t oproto;
1832 
1833 			(void) nvpair_value_byte(nvp, &proto);
1834 
1835 			res = nvlist_lookup_byte(old, nme, &oproto);
1836 			if (res == 0) {
1837 				diff = (proto != oproto);
1838 			} else {
1839 				diff = (proto != 0);
1840 			}
1841 			break;
1842 		}
1843 		/* port */
1844 		case IPQOS_DATA_TYPE_PORT: {
1845 			uint16_t port;
1846 			uint16_t oport;
1847 
1848 			(void) nvpair_value_uint16(nvp, &port);
1849 			res = nvlist_lookup_uint16(old, nme, &oport);
1850 			if (res == 0) {
1851 				diff = (port != oport);
1852 			} else {
1853 				diff = (port != 0);
1854 			}
1855 			break;
1856 		}
1857 		/* action name / string */
1858 		case IPQOS_DATA_TYPE_ACTION:
1859 		case IPQOS_DATA_TYPE_STRING: {
1860 			char *str;
1861 			char *ostr;
1862 
1863 			(void) nvpair_value_string(nvp, &str);
1864 			res = nvlist_lookup_string(old, nme, &ostr);
1865 			if (res == 0) {
1866 				diff = strcmp(str, ostr);
1867 			} else if (*dfltst) {
1868 				diff = strcmp(str, dfltst);
1869 			}
1870 			break;
1871 		}
1872 		/* address mask / address */
1873 		case IPQOS_DATA_TYPE_ADDRESS_MASK:
1874 		case IPQOS_DATA_TYPE_ADDRESS: {
1875 			in6_addr_t *in6;
1876 			in6_addr_t *oin6;
1877 			uint_t x;
1878 
1879 			/*
1880 			 * all addresses are stored as v6 addresses, so
1881 			 * a uint32_t[4] array is used.
1882 			 */
1883 
1884 			/* lookup new value */
1885 
1886 			(void) nvpair_value_uint32_array(nvp,
1887 			    (uint32_t **)&in6, &x);
1888 
1889 			/* see if there's an old value and diff it */
1890 
1891 			res = nvlist_lookup_uint32_array(old, nme,
1892 			    (uint32_t **)&oin6, &x);
1893 			if (res == 0) {
1894 				/* diff each of the 16 v6 address bytes */
1895 
1896 				for (x = 0; x < 16; x++) {
1897 					if (in6->s6_addr[x] !=
1898 					    oin6->s6_addr[x]) {
1899 						diff++;
1900 						break;
1901 					}
1902 				}
1903 			}
1904 			break;
1905 		}
1906 		/* boolean */
1907 		case IPQOS_DATA_TYPE_BOOLEAN: {
1908 			boolean_t bl;
1909 			boolean_t obl;
1910 
1911 			(void) nvpair_value_uint32(nvp, (uint32_t *)&bl);
1912 
1913 			/* see if there's an old value and diff it */
1914 			res = nvlist_lookup_uint32(old, nme, (uint32_t *)&obl);
1915 			if (res == 0) {
1916 				diff = (bl != obl);
1917 
1918 			/* compare against default if present */
1919 			} else if (*dfltst) {
1920 				res = readbool(dfltst, &obl);
1921 				if (res == IPQOS_CONF_SUCCESS) {
1922 					diff = (bl != obl);
1923 				}
1924 			}
1925 			break;
1926 		}
1927 		/* uint 8 */
1928 		case IPQOS_DATA_TYPE_UINT8: {
1929 			uint8_t u8;
1930 			uint8_t ou8;
1931 
1932 			(void) nvpair_value_byte(nvp, (uchar_t *)&u8);
1933 			res = nvlist_lookup_byte(old, nme, (uchar_t *)&ou8);
1934 			if (res == 0) {
1935 				diff = (u8 != ou8);
1936 			} else if (*dfltst) {
1937 				res = readuint8(dfltst, &ou8, &lo);
1938 				if (res == IPQOS_CONF_SUCCESS) {
1939 					diff = (u8 != ou8);
1940 				}
1941 			}
1942 			break;
1943 		}
1944 		/* int 16 */
1945 		case IPQOS_DATA_TYPE_INT16: {
1946 			int16_t i16;
1947 			int16_t oi16;
1948 
1949 			(void) nvpair_value_int16(nvp, &i16);
1950 			res = nvlist_lookup_int16(old, nme, &oi16);
1951 			if (res == 0) {
1952 				diff = (i16 != oi16);
1953 			} else if (*dfltst) {
1954 				res = readint16(dfltst, &oi16, &lo);
1955 				if (res == IPQOS_CONF_SUCCESS) {
1956 					diff = (i16 != oi16);
1957 				}
1958 			}
1959 			break;
1960 		}
1961 		/* uint16 */
1962 		case IPQOS_DATA_TYPE_UINT16: {
1963 			uint16_t ui16;
1964 			uint16_t oui16;
1965 
1966 			(void) nvpair_value_uint16(nvp, &ui16);
1967 			res = nvlist_lookup_uint16(old, nme, &oui16);
1968 			if (res == 0) {
1969 				diff = (ui16 != oui16);
1970 			} else if (*dfltst) {
1971 				res = readuint16(dfltst, &oui16, &lo);
1972 				if (res == IPQOS_CONF_SUCCESS) {
1973 					diff = (ui16 != oui16);
1974 				}
1975 			}
1976 			break;
1977 		}
1978 		/*
1979 		 * int32 and user.
1980 		 * Since user uids are stored in an int32 nvpair we can use
1981 		 * the same comparison code.
1982 		 */
1983 		case IPQOS_DATA_TYPE_USER:
1984 		case IPQOS_DATA_TYPE_INT32: {
1985 			int32_t i32;
1986 			int32_t oi32;
1987 
1988 			(void) nvpair_value_int32(nvp, &i32);
1989 			res = nvlist_lookup_int32(old, nme, &oi32);
1990 			if (res == 0) {
1991 				diff = (i32 != oi32);
1992 			} else if (*dfltst) {
1993 				res = readint32(dfltst, &oi32, &lo);
1994 				if (res == IPQOS_CONF_SUCCESS) {
1995 					diff = (i32 != oi32);
1996 				}
1997 			}
1998 			break;
1999 		}
2000 		/* uint32 */
2001 		case IPQOS_DATA_TYPE_UINT32: {
2002 			uint32_t ui32;
2003 			uint32_t oui32;
2004 
2005 			(void) nvpair_value_uint32(nvp, &ui32);
2006 			res = nvlist_lookup_uint32(old, nme, &oui32);
2007 			if (res == 0) {
2008 				diff = (ui32 != oui32);
2009 			} else if (*dfltst) {
2010 				res = readuint32(dfltst, &oui32, &lo);
2011 				if (res == IPQOS_CONF_SUCCESS) {
2012 					diff = (ui32 != oui32);
2013 				}
2014 			}
2015 			break;
2016 		}
2017 		/* enumeration */
2018 		case IPQOS_DATA_TYPE_ENUM: {
2019 			uint32_t eval;
2020 			uint32_t oeval;
2021 
2022 			(void) nvpair_value_uint32(nvp, &eval);
2023 			res = nvlist_lookup_uint32(old, nme, &oeval);
2024 			if (res == 0) {
2025 				diff = (eval != oeval);
2026 			} else if (*dfltst) {
2027 				res = readuint32(dfltst, &oeval, &lo);
2028 				if (res == IPQOS_CONF_SUCCESS) {
2029 					diff = (eval != oeval);
2030 				}
2031 			}
2032 			break;
2033 		}
2034 		case IPQOS_DATA_TYPE_M_INDEX: {
2035 			uint8_t idx, oidx;
2036 
2037 			(void) nvpair_value_byte(nvp, &idx);
2038 			res = nvlist_lookup_byte(old, nme, &oidx);
2039 			if (res == 0)
2040 				diff = (idx != oidx);
2041 			break;
2042 		}
2043 		case IPQOS_DATA_TYPE_INT_ARRAY: {
2044 			int *oarr, *arr;
2045 			uint32_t osize, size;
2046 
2047 			(void) nvpair_value_int32_array(nvp, &arr, &size);
2048 			res = nvlist_lookup_int32_array(old, nme, &oarr,
2049 			    &osize);
2050 			if (res == 0)
2051 				diff = (arrays_equal(arr, oarr, size) ==
2052 				    B_FALSE);
2053 			break;
2054 		}
2055 #ifdef	_IPQOS_CONF_DEBUG
2056 		default: {
2057 			/* shouldn't get here as all types should be covered */
2058 			assert(1);
2059 		}
2060 #endif
2061 		}	/* switch */
2062 		if (diff != 0) {
2063 			IPQOSCDBG1(DIFF, "parameter %s different\n", nme);
2064 			*pdiff = 1;
2065 			(void) fclose(tfp);
2066 			return (IPQOS_CONF_SUCCESS);
2067 		}
2068 
2069 
2070 		nvp = nvlist_next_nvpair(new, nvp);
2071 
2072 	}
2073 
2074 	/* now compare all the stuff in the second list with the first */
2075 	if (first_pass) {
2076 		tmp = old;
2077 		old = new;
2078 		new = tmp;
2079 		first_pass = 0;
2080 		goto start;
2081 	}
2082 
2083 	(void) fclose(tfp);
2084 
2085 	*pdiff = 0;
2086 	return (IPQOS_CONF_SUCCESS);
2087 }
2088 
2089 
2090 
2091 /* ************************** difference application *********************** */
2092 
2093 
2094 
2095 /*
2096  * causes all items marked as requiring change in actions and old_actions
2097  * to have the change applied.
2098  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2099  */
2100 static int
2101 applydiff(
2102 ipqos_conf_action_t *actions,
2103 ipqos_conf_action_t *old_actions)
2104 {
2105 
2106 	int res;
2107 
2108 	IPQOSCDBG0(L1, "In applydiff:\n");
2109 
2110 
2111 	/* add each item marked as new */
2112 
2113 	res = add_items(actions, B_FALSE);
2114 	if (res != IPQOS_CONF_SUCCESS) {
2115 		return (res);
2116 	}
2117 
2118 	/* modify items marked for modification */
2119 
2120 	res = modify_items(actions);
2121 	if (res != IPQOS_CONF_SUCCESS) {
2122 		return (res);
2123 	}
2124 
2125 	/* delete items marked for deletion */
2126 
2127 	res = remove_items(old_actions, B_FALSE);
2128 	if (res != IPQOS_CONF_SUCCESS) {
2129 		return (res);
2130 	}
2131 
2132 	return (IPQOS_CONF_SUCCESS);
2133 }
2134 
2135 static int
2136 add_items(
2137 ipqos_conf_action_t *actions,
2138 boolean_t rem_undo)
2139 {
2140 
2141 	int res;
2142 	ipqos_conf_action_t *act;
2143 
2144 	IPQOSCDBG1(L1, "In add_items, rem_undo: %u\n", rem_undo);
2145 
2146 	/*
2147 	 * we need to create ipgpc action before any others as some actions
2148 	 * such as ftpcl which make calls to it depend on it being there on
2149 	 * their creation.
2150 	 */
2151 	act = actionexist(IPGPC_CLASSIFY, actions);
2152 	if (act &&
2153 	    (rem_undo == B_FALSE && act->new == B_TRUE ||
2154 	    rem_undo == B_TRUE && act->deleted == B_TRUE)) {
2155 
2156 		res = add_action(act);
2157 		if (res != IPQOS_CONF_SUCCESS) {
2158 			return (res);
2159 		}
2160 	}
2161 
2162 	/*
2163 	 * loop though action list and add any actions marked as
2164 	 * new/modified action and apply any additions there, then return.
2165 	 */
2166 
2167 	for (act = actions; act; act = act->next) {
2168 		res = add_item(act, rem_undo);
2169 		if (res != IPQOS_CONF_SUCCESS) {
2170 			return (IPQOS_CONF_ERR);
2171 		}
2172 	}
2173 
2174 	return (IPQOS_CONF_SUCCESS);
2175 }
2176 
2177 
2178 /*
2179  *
2180  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2181  */
2182 static int
2183 add_item(
2184 ipqos_conf_action_t *actions,
2185 boolean_t rem_undo)
2186 {
2187 
2188 	ipqos_conf_action_t *act = actions;
2189 	int res;
2190 	ipqos_conf_class_t *cls;
2191 	ipqos_conf_act_ref_t *pact;
2192 
2193 	IPQOSCDBG2(L1, "In add_item: action: %s, rem_undo: %u\n",
2194 	    actions->name, rem_undo);
2195 
2196 	/* if already visited return immediately */
2197 
2198 	if (act->visited == ADD_VISITED) {
2199 		IPQOSCDBG0(L1, "Early exit due to visited\n");
2200 		return (IPQOS_CONF_SUCCESS);
2201 	}
2202 	act->visited = ADD_VISITED;
2203 
2204 
2205 	/* recurse to last action in tree */
2206 
2207 	for (cls = act->classes; cls; cls = cls->next) {
2208 
2209 		/* if not virtual action */
2210 
2211 		if (cls->alist->action) {
2212 			res = add_item(cls->alist->action, rem_undo);
2213 			if (res != IPQOS_CONF_SUCCESS) {
2214 				return (res);
2215 			}
2216 		}
2217 	}
2218 
2219 	for (pact = act->params->actions; pact; pact = pact->next) {
2220 
2221 		/* if not virtual */
2222 
2223 		if (pact->action) {
2224 			res = add_item(pact->action, rem_undo);
2225 			if (res != IPQOS_CONF_SUCCESS) {
2226 				return (res);
2227 			}
2228 		}
2229 	}
2230 
2231 
2232 	/* if action marked as new and not ipgpc, create */
2233 
2234 	if (((rem_undo == B_FALSE && act->new == B_TRUE) ||
2235 	    (rem_undo == B_TRUE && act->deleted == B_TRUE)) &&
2236 	    strcmp(act->name, IPGPC_CLASSIFY) != 0) {
2237 		res = add_action(act);
2238 		if (res != IPQOS_CONF_SUCCESS) {
2239 			return (res);
2240 		}
2241 	}
2242 
2243 	/* add any classes and filters marked as new */
2244 
2245 	if (add_classes(act->classes, act->name, act->module_version,
2246 	    rem_undo) != IPQOS_CONF_SUCCESS ||
2247 	    add_filters(act->filters, act->name, act->module_version,
2248 	    rem_undo) != IPQOS_CONF_SUCCESS) {
2249 		return (IPQOS_CONF_ERR);
2250 	}
2251 
2252 	return (IPQOS_CONF_SUCCESS);
2253 }
2254 
2255 
2256 /*
2257  * Uses the contents of acts params nvlist and adds an originator
2258  * element set to ipqosconf and the stats parameter. This list
2259  * is then used as the parameter to a call to ipp_action_create to create
2260  * this action in the kernel.
2261  * RETURNS: IPQOS_CONF_ERR on err, else IPQOS_CONF_SUCCESS.
2262  */
2263 static int
2264 add_action(ipqos_conf_action_t *act)
2265 {
2266 
2267 	int res;
2268 	nvlist_t **nvl;
2269 
2270 	IPQOSCDBG2(APPLY, "add_action: action: %s, module: %s\n", act->name,
2271 	    act->module);
2272 
2273 	nvl = &act->params->nvlist;
2274 
2275 	/* alloc params nvlist if not already one */
2276 
2277 	if (*nvl == NULL) {
2278 		res = nvlist_alloc(nvl, NV_UNIQUE_NAME, 0);
2279 		if (res != 0) {
2280 			ipqos_msg(MT_ENOSTR, "nvlist_alloc");
2281 			return (IPQOS_CONF_ERR);
2282 		}
2283 	}
2284 
2285 	/*
2286 	 * add module version
2287 	 */
2288 	if (nvlist_add_uint32(*nvl, IPP_MODULE_VERSION,
2289 	    (uint32_t)act->module_version) != 0) {
2290 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
2291 		return (IPQOS_CONF_ERR);
2292 	}
2293 
2294 	/* add action stats */
2295 
2296 	if (nvlist_add_uint32(*nvl, IPP_ACTION_STATS_ENABLE,
2297 	    (uint32_t)act->params->stats_enable) != 0) {
2298 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32: action stats");
2299 		return (IPQOS_CONF_ERR);
2300 	}
2301 
2302 	/* add ipqosconf originator id */
2303 
2304 	if (add_orig_ipqosconf(*nvl) != IPQOS_CONF_SUCCESS) {
2305 		return (IPQOS_CONF_ERR);
2306 	}
2307 
2308 	/* call into lib to create action */
2309 
2310 	res = ipp_action_create(act->module, act->name, nvl, 0);
2311 	if (res != 0) {
2312 		IPQOSCDBG2(APPLY, "Create action %s, module %s failed\n",
2313 		    act->name, act->module);
2314 
2315 		/* invalid params */
2316 
2317 		if (errno == EINVAL) {
2318 			ipqos_msg(MT_ERROR,
2319 			    gettext("Invalid Parameters for action %s.\n"),
2320 			    act->name);
2321 
2322 		} else if (errno == ENOENT) {
2323 			ipqos_msg(MT_ERROR,
2324 			    gettext("Missing required parameter for action "
2325 			    "%s.\n"), act->name);
2326 
2327 		} else {	/* unexpected error */
2328 			ipqos_msg(MT_ERROR, gettext("Failed to create action "
2329 			    "%s: %s.\n"), act->name, strerror(errno));
2330 		}
2331 
2332 		return (IPQOS_CONF_ERR);
2333 	}
2334 
2335 	/* mark action as created */
2336 	act->cr_mod = B_TRUE;
2337 
2338 	return (IPQOS_CONF_SUCCESS);
2339 }
2340 
2341 /*
2342  * for each of the filters in parameter filters if rem_undo is false and
2343  * the filter is marked as new or if rem_undo is true and the filter is
2344  * marked as deleted then add the filter to the kernel action named by action
2345  * and if successful mark as created.
2346  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
2347  */
2348 static int
2349 add_filters(
2350 ipqos_conf_filter_t *filters,
2351 char *action,
2352 int module_version,
2353 boolean_t rem_undo)
2354 {
2355 
2356 	ipqos_conf_filter_t *flt;
2357 
2358 	IPQOSCDBG0(L1, "In add_filters\n");
2359 
2360 	/* loop through filters in filters param */
2361 	for (flt = filters; flt; flt = flt->next) {
2362 		/*
2363 		 * skip filter if in normal mode and not new filter or
2364 		 * if doing rollback and filter wasn't previously deleted.
2365 		 */
2366 		if ((rem_undo == B_FALSE && flt->new == B_FALSE) ||
2367 		    (rem_undo == B_TRUE && flt->deleted == B_FALSE)) {
2368 			continue;
2369 		}
2370 
2371 		/* add filter to action */
2372 		if (add_filter(action, flt, module_version) !=
2373 		    IPQOS_CONF_SUCCESS) {
2374 			return (IPQOS_CONF_ERR);
2375 		}
2376 
2377 		/* mark as created */
2378 		flt->cr_mod = B_TRUE;
2379 	}
2380 
2381 	return (IPQOS_CONF_SUCCESS);
2382 }
2383 
2384 /*
2385  * for each of the classes in parameter classes if rem_undo is false and
2386  * the class is marked as new or if rem_undo is true and the class is
2387  * marked as deleted then add the class to the kernel action named by action
2388  * and if successful mark as created.
2389  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
2390  */
2391 int
2392 add_classes(
2393 ipqos_conf_class_t *classes,
2394 char *action,
2395 int module_version,
2396 boolean_t rem_undo) {
2397 
2398 	int res;
2399 	ipqos_conf_class_t *cls;
2400 
2401 	IPQOSCDBG0(L1, "In add_classes\n");
2402 
2403 	/* for each class */
2404 	for (cls = classes; cls; cls = cls->next) {
2405 		/*
2406 		 * skip class if in normal mode and not new class or
2407 		 * if doing rollback and class wasn't deleted.
2408 		 */
2409 		if ((rem_undo == B_FALSE && cls->new == B_FALSE) ||
2410 		(rem_undo == B_TRUE && cls->deleted == B_FALSE)) {
2411 			continue;
2412 		}
2413 
2414 		/* add class to action */
2415 		res = add_class(action, cls->name, module_version,
2416 		    cls->stats_enable, cls->alist->name);
2417 		if (res != IPQOS_CONF_SUCCESS) {
2418 			return (IPQOS_CONF_ERR);
2419 		}
2420 
2421 		/* mark class as created */
2422 		cls->cr_mod = B_TRUE;
2423 	}
2424 
2425 	return (IPQOS_CONF_SUCCESS);
2426 }
2427 
2428 /*
2429  * For each of the actions in actions remove the action if marked as
2430  * such or remove any objects within marked as such.
2431  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2432  */
2433 static int
2434 remove_items(
2435 ipqos_conf_action_t *actions,
2436 boolean_t add_undo)
2437 {
2438 
2439 	int res;
2440 	ipqos_conf_action_t *act;
2441 
2442 	IPQOSCDBG1(L0, "In remove_items, add_undo: %u\n", add_undo);
2443 
2444 	/*
2445 	 * loop through actions removing any actions, or action contents
2446 	 * that are marked as such.
2447 	 */
2448 	for (act = actions; act; act = act->next) {
2449 		res = remove_item(act, add_undo);
2450 		if (res != IPQOS_CONF_SUCCESS) {
2451 			return (res);
2452 		}
2453 	}
2454 
2455 	return (IPQOS_CONF_SUCCESS);
2456 }
2457 
2458 /*
2459  * Deletes this action if marked for deletion or any of it's contents marked
2460  * for deletion. If the action is marked for deletion any actions referencing
2461  * this action are destroyed first if marked or have their contents destroyed
2462  * if marked. This is recursive.
2463  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2464  */
2465 static int
2466 remove_item(
2467 ipqos_conf_action_t *act,
2468 boolean_t add_undo)
2469 {
2470 
2471 	ipqos_conf_class_t *cls;
2472 	ipqos_conf_filter_t *flt;
2473 	ipqos_conf_act_ref_t *dep;
2474 	int res;
2475 
2476 	IPQOSCDBG3(L1, "In remove_item: action: %s, add_undo: %u, mod: %u\n",
2477 	    act->name, add_undo, act->modified);
2478 
2479 
2480 	/* return immmediately if previously visited in remove phase */
2481 
2482 	if (act->visited == REM_VISITED) {
2483 		IPQOSCDBG0(L1, "Exit due to REM_VISITED set\n");
2484 		return (IPQOS_CONF_SUCCESS);
2485 	}
2486 	act->visited = REM_VISITED;
2487 
2488 
2489 	/* if this action is to be deleted */
2490 
2491 	if (add_undo == B_FALSE && act->todel == B_TRUE ||
2492 	    add_undo == B_TRUE && act->new == B_TRUE &&
2493 	    act->cr_mod == B_TRUE) {
2494 
2495 		/* modify parent actions first */
2496 
2497 		for (dep = act->dependencies; dep; dep = dep->next) {
2498 			res = remove_item(dep->action, add_undo);
2499 			if (res != IPQOS_CONF_SUCCESS) {
2500 				return (res);
2501 			}
2502 		}
2503 
2504 		/* delete this action */
2505 
2506 			IPQOSCDBG1(APPLY, "deleting action %s\n", act->name);
2507 		res = ipp_action_destroy(act->name, 0);
2508 		if (res != 0) {
2509 			IPQOSCDBG1(APPLY, "failed to destroy action %s\n",
2510 			    act->name);
2511 			return (IPQOS_CONF_ERR);
2512 		}
2513 
2514 		/* flag as deleted */
2515 
2516 		act->deleted = B_TRUE;
2517 
2518 	/* if modified action */
2519 
2520 	} else if (act->modified == B_TRUE) {
2521 
2522 		/* loop through removing any filters marked for del */
2523 
2524 		for (flt = act->filters; flt; flt = flt->next) {
2525 			if ((add_undo == B_FALSE && flt->todel == B_TRUE) ||
2526 			    (add_undo == B_TRUE && flt->new == B_TRUE &&
2527 			    flt->cr_mod == B_TRUE)) {
2528 
2529 				/* do deletion */
2530 
2531 				res = remove_filter(act->name, flt->name,
2532 				    flt->instance, act->module_version);
2533 				if (res != IPQOS_CONF_SUCCESS) {
2534 					IPQOSCDBG2(APPLY, "failed to destroy "
2535 					    "filter %s, inst: %d\n", flt->name,
2536 					    flt->instance);
2537 
2538 					return (IPQOS_CONF_ERR);
2539 				}
2540 
2541 				/* flag deleted */
2542 
2543 				flt->deleted = B_TRUE;
2544 			}
2545 		}
2546 
2547 		/* remove any classes marked for del */
2548 
2549 		for (cls = act->classes; cls; cls = cls->next) {
2550 			if ((add_undo == B_FALSE && cls->todel == B_TRUE) ||
2551 			    (add_undo == B_TRUE && cls->new == B_TRUE &&
2552 			    cls->cr_mod == B_TRUE)) {
2553 
2554 				/* do deletion */
2555 
2556 				res = remove_class(act->name, cls->name,
2557 				    act->module_version, 0);
2558 				if (res != IPQOS_CONF_SUCCESS) {
2559 					IPQOSCDBG1(APPLY, "failed to destroy "
2560 					    "class %s\n", cls->name);
2561 
2562 					return (IPQOS_CONF_ERR);
2563 				}
2564 
2565 				/* flag deleted */
2566 
2567 				cls->deleted = B_TRUE;
2568 			}
2569 		}
2570 
2571 		/* mark action as having been modified */
2572 
2573 		act->cr_mod = B_TRUE;
2574 	}
2575 
2576 	return (IPQOS_CONF_SUCCESS);
2577 }
2578 
2579 /*
2580  * for each of the actions in parameter actions apply any objects marked as
2581  * modified as a modification to the kernel action represented.
2582  * RETURNS: IPQOS_CONF_ERR on err, else IPQOS_CONF_SUCCESS.
2583  */
2584 static int
2585 modify_items(ipqos_conf_action_t *actions)
2586 {
2587 
2588 	ipqos_conf_action_t *act;
2589 	int res;
2590 	ipqos_conf_filter_t *flt;
2591 	ipqos_conf_class_t *cls;
2592 
2593 
2594 	IPQOSCDBG0(L1, "In modify_items\n");
2595 
2596 	/* loop through actions in parameter actions */
2597 
2598 	for (act = actions; act; act = act->next) {
2599 
2600 		/* skip unchanged actions */
2601 
2602 		if (act->modified == B_FALSE) {
2603 			continue;
2604 		}
2605 
2606 		/* apply any parameter mods */
2607 
2608 		if (act->params->modified) {
2609 			res = modify_params(act->name,
2610 			    &act->params->nvlist,
2611 			    act->module_version, act->params->stats_enable);
2612 			if (res != IPQOS_CONF_SUCCESS) {
2613 				return (IPQOS_CONF_ERR);
2614 			}
2615 
2616 			act->params->cr_mod = B_TRUE;
2617 		}
2618 
2619 		/* apply any class mods */
2620 
2621 		for (cls = act->classes; cls; cls = cls->next) {
2622 			if (cls->modified) {
2623 				res = modify_class(act->name, cls->name,
2624 				    act->module_version, cls->stats_enable,
2625 				    cls->alist->name, 0);
2626 				if (res != IPQOS_CONF_SUCCESS) {
2627 					return (IPQOS_CONF_ERR);
2628 				}
2629 
2630 				/* mark modification done */
2631 				cls->cr_mod = B_TRUE;
2632 			}
2633 		}
2634 
2635 		/* apply any filter mods */
2636 
2637 		for (flt = act->filters; flt; flt = flt->next) {
2638 			if (flt->modified) {
2639 				res = modify_filter(act->name, flt,
2640 				    act->module_version);
2641 				if (res != 0) {
2642 					return (IPQOS_CONF_ERR);
2643 				}
2644 
2645 				/* mark modification done */
2646 				flt->cr_mod = B_TRUE;
2647 			}
2648 		}
2649 
2650 		/* mark action modified */
2651 
2652 		act->cr_mod = B_TRUE;
2653 	}
2654 
2655 	return (IPQOS_CONF_SUCCESS);
2656 }
2657 
2658 /*
2659  * For each of the objects of each of the actions in nactions that are
2660  * marked as having been modified the object modification is done in
2661  * reverse using the same named object from oactions.
2662  * RETURNS: IPQOS_CONF_ERR on error, IPQOS_CONF_SUCCESS otherwise.
2663  */
2664 static int
2665 undo_modifys(
2666 ipqos_conf_action_t *oactions,
2667 ipqos_conf_action_t *nactions)
2668 {
2669 
2670 	ipqos_conf_filter_t *flt;
2671 	ipqos_conf_class_t *cls;
2672 	ipqos_conf_action_t *act;
2673 	ipqos_conf_action_t *oldact;
2674 	ipqos_conf_filter_t *oldflt;
2675 	ipqos_conf_class_t *oldcls;
2676 	int res;
2677 
2678 	IPQOSCDBG0(L1, "In undo_modifys:\n");
2679 
2680 	/* loop throught new actions */
2681 
2682 	for (act = nactions; act; act = act->next) {
2683 		oldact = actionexist(act->name, oactions);
2684 
2685 		/*
2686 		 * if the action was new then it will be removed and
2687 		 * any permamanent items that were marked for modify
2688 		 * will dissappear, so ignore action.
2689 		 */
2690 		if (oldact == NULL) {
2691 			continue;
2692 		}
2693 
2694 		/* if parameters were modified switch them back */
2695 
2696 		if (act->params->modified == B_TRUE &&
2697 		    act->params->cr_mod == B_TRUE) {
2698 			res = modify_params(act->name,
2699 			    &oldact->params->nvlist,
2700 			    act->module_version, act->params->stats_enable);
2701 			if (res != IPQOS_CONF_SUCCESS) {
2702 				return (res);
2703 			}
2704 		}
2705 
2706 		/* for each filter in action if filter modified switch back */
2707 
2708 		for (flt = act->filters; flt; flt = flt->next) {
2709 			if (flt->modified == B_TRUE &&
2710 			    flt->cr_mod == B_TRUE) {
2711 				oldflt = filterexist(flt->name, -1,
2712 				    oldact->filters);
2713 				res = modify_filter(act->name, oldflt,
2714 				    act->module_version);
2715 				if (res != IPQOS_CONF_SUCCESS) {
2716 					return (res);
2717 				}
2718 			}
2719 		}
2720 
2721 		/* for each class in action if class modified switch back */
2722 
2723 		for (cls = act->classes; cls; cls = cls->next) {
2724 			if (cls->modified == B_TRUE &&
2725 			    cls->cr_mod == B_TRUE) {
2726 				oldcls = classexist(cls->name, oldact->classes);
2727 				if (oldcls->alist) {
2728 					res = modify_class(act->name,
2729 					    cls->name, act->module_version,
2730 					    oldcls->stats_enable,
2731 					    oldcls->alist->name, 0);
2732 				}
2733 				if (res != IPQOS_CONF_SUCCESS) {
2734 					return (res);
2735 				}
2736 			}
2737 		}
2738 	}
2739 
2740 	/*
2741 	 * Go through the old actions modifying perm filters and classes
2742 	 * whose action was deleted.
2743 	 *
2744 	 */
2745 	for (act = oactions; act != NULL; act = act->next) {
2746 
2747 		if (act->deleted == B_FALSE) {
2748 			continue;
2749 		}
2750 
2751 		for (flt = act->filters; flt != NULL; flt = flt->next) {
2752 			if (flt->originator == IPP_CONFIG_PERMANENT) {
2753 				res = modify_filter(act->name, flt,
2754 				    act->module_version);
2755 				if (res != IPQOS_CONF_SUCCESS) {
2756 					return (res);
2757 				}
2758 			}
2759 		}
2760 
2761 		for (cls = act->classes; cls != NULL; cls = cls->next) {
2762 			if (cls->originator == IPP_CONFIG_PERMANENT) {
2763 				res = modify_class(act->name, cls->name,
2764 				    act->module_version, cls->stats_enable,
2765 				    cls->alist->name, 0);
2766 				if (res != IPQOS_CONF_SUCCESS) {
2767 					return (res);
2768 				}
2769 			}
2770 
2771 		}
2772 	}
2773 
2774 	return (IPQOS_CONF_SUCCESS);
2775 }
2776 
2777 
2778 /*
2779  * causes all changes marked as being done in actions and old_actions
2780  * to be undone.
2781  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2782  */
2783 static int
2784 rollback(
2785 ipqos_conf_action_t *actions,
2786 ipqos_conf_action_t *old_actions)
2787 {
2788 
2789 	int res;
2790 
2791 	IPQOSCDBG0(RBK, "In rollback:\n");
2792 
2793 	/* re-add items that were deleted */
2794 
2795 	res = add_items(old_actions, B_TRUE);
2796 	if (res != IPQOS_CONF_SUCCESS) {
2797 		return (res);
2798 	}
2799 
2800 	/* change modified items back how they were */
2801 
2802 	res = undo_modifys(old_actions, actions);
2803 	if (res != IPQOS_CONF_SUCCESS) {
2804 		return (res);
2805 	}
2806 
2807 	/* remove new items that were added */
2808 
2809 	res = remove_items(actions, B_TRUE);
2810 	if (res != IPQOS_CONF_SUCCESS) {
2811 		return (res);
2812 	}
2813 
2814 	return (IPQOS_CONF_SUCCESS);
2815 }
2816 
2817 /* ******************************* print config **************************** */
2818 
2819 /*
2820  * Prints the username of the user with uid 'uid' to 'fp' if the uid belongs
2821  * to a known user on the system, otherwise just print 'uid'.
2822  */
2823 static void
2824 printuser(
2825 FILE *fp,
2826 uid_t uid)
2827 {
2828 	struct passwd *pwd;
2829 
2830 	IPQOSCDBG0(L0, "In printuser\n");
2831 
2832 	pwd = getpwuid(uid);
2833 	if (pwd != NULL) {
2834 		(void) fprintf(fp, "%s\n", pwd->pw_name);
2835 	} else {
2836 		(void) fprintf(fp, "%u\n", (int)uid);
2837 	}
2838 }
2839 
2840 /*
2841  * print either a single value of start to fp (if start equals end), else
2842  * print start'-'end if start is the smaller of the two values, otherwise
2843  * print end'-'start.
2844  */
2845 static void
2846 printrange(
2847 FILE *fp,
2848 uint32_t start,
2849 uint32_t end)
2850 {
2851 	uint32_t tmp;
2852 
2853 	if (start > end) {
2854 		tmp = start;
2855 		start = end;
2856 		end = tmp;
2857 	}
2858 
2859 	(void) fprintf(fp, "%u", start);
2860 	if (end != start)
2861 		(void) fprintf(fp, "-%u", end);
2862 }
2863 
2864 /*
2865  * print the contents of the array arr to fp in the form:
2866  * {0-6:1;7-12:2;13:3.....} or {0-6:GREEN;7-12:YELLOW:...}
2867  * dependant upon whether this is an integer or enumerated array resectively
2868  * (if enum_nvs isn't set to NULL this is assumed to be an enumerated array);
2869  * where 0-6 is the range of indexes with value 1 (or GREEN), 7-12 the range
2870  * with value 2 (or YELLOW), and so forth. size is the array size and llimit
2871  * and ulimit are the lower and upper limits of the array values printed
2872  * respectively. For enumerated arrays enum_nvs carries the list of name
2873  * and value pairs and ulimit and llimit parameters are ignored and instead
2874  * determined from the enum_nvs list.
2875  */
2876 static void
2877 print_int_array(
2878 FILE *fp,
2879 int arr[],
2880 uint32_t size,
2881 int llimit,
2882 int ulimit,
2883 str_val_nd_t *enum_nvs,
2884 int tab_inserts)
2885 {
2886 	int x, y;
2887 	uint32_t first, last;
2888 	boolean_t first_entry;	/* first 'ranges:value' to be printed ? */
2889 	boolean_t first_range;	/* first range for a value to be printed ? */
2890 	boolean_t found_range;	/* did we find a range for this value ? */
2891 
2892 	IPQOSCDBG4(L0, "In print_int_array: size: %u, llimit: %u, ulimit: %u, "
2893 	    "enum_nvs: %x \n", size, llimit, ulimit, enum_nvs);
2894 
2895 	/*
2896 	 * if an enumeration retrieve value range.
2897 	 */
2898 	if (enum_nvs != NULL)
2899 		get_str_val_value_range(enum_nvs, &llimit, &ulimit);
2900 
2901 	/*
2902 	 * print opening curl.
2903 	 */
2904 	(void) fprintf(fp, "%c\n", CURL_BEGIN);
2905 	PRINT_TABS(fp, tab_inserts + 1);
2906 
2907 	first_entry = B_TRUE;
2908 	/*
2909 	 * for each value in range.
2910 	 */
2911 	for (x = llimit; x <= ulimit; x++) {
2912 		found_range = B_FALSE;
2913 		first_range = B_TRUE;
2914 		y = 0;
2915 		/*
2916 		 * scan array and print ranges of indexes with value x.
2917 		 */
2918 		while (y < size) {
2919 			/*
2920 			 * get first occurence of value for this range.
2921 			 */
2922 			while ((arr[y] != x) && (y < size))
2923 				y++;
2924 			if (y == size) {
2925 				break;
2926 			} else {
2927 				found_range = B_TRUE;
2928 			}
2929 			first = y;
2930 
2931 			/*
2932 			 * get last occurence of value for this range.
2933 			 */
2934 			while ((arr[y] == x) && (y < size))
2935 				y++;
2936 			last = y - 1;
2937 
2938 			/*
2939 			 * print entry delimiter (semi-colon)? It must be
2940 			 * the first range for this value and this mustn't
2941 			 * be the first 'ranges:value' entry.
2942 			 */
2943 			if (!first_entry && first_range) {
2944 				(void) fprintf(fp, ";\n");
2945 				PRINT_TABS(fp, tab_inserts + 1);
2946 			} else {
2947 				first_entry = B_FALSE;
2948 			}
2949 
2950 			/*
2951 			 * print comma (range delimeter) only if there was
2952 			 * a previous range for this value.
2953 			 */
2954 			if (!first_range) {
2955 				(void) fprintf(fp, ",");
2956 			} else {
2957 				first_range = B_FALSE;
2958 			}
2959 
2960 			/*
2961 			 * print range.
2962 			 */
2963 			printrange(fp, first, last);
2964 		}
2965 		/*
2966 		 * only print a colon and value if we found a range with
2967 		 * this value.
2968 		 */
2969 		if (found_range) {
2970 			(void) fprintf(fp, ":");
2971 
2972 			/*
2973 			 * print numeric/symbolic value.
2974 			 */
2975 			if (enum_nvs) {
2976 				printenum(fp, x, enum_nvs);
2977 			} else {
2978 				(void) fprintf(fp, "%d", x);
2979 			}
2980 		}
2981 	}
2982 
2983 	/*
2984 	 * print closing curl.
2985 	 */
2986 	(void) fprintf(fp, "\n");
2987 	PRINT_TABS(fp, tab_inserts);
2988 	(void) fprintf(fp, "%c\n", CURL_END);
2989 }
2990 
2991 /* print the protocol name for proto, or if unknown protocol number proto. */
2992 static void
2993 printproto(
2994 FILE *fp,
2995 uint8_t proto)
2996 {
2997 
2998 	struct protoent *pent;
2999 
3000 	pent = getprotobynumber(proto);
3001 	if (pent != NULL) {
3002 		(void) fprintf(fp, "%s\n", pent->p_name);
3003 	} else {
3004 		(void) fprintf(fp, "%u\n", proto);
3005 	}
3006 }
3007 
3008 /*
3009  * prints the name associated with interface with index ifindex to fp.
3010  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
3011  */
3012 static int
3013 printifname(
3014 FILE *fp,
3015 int ifindex)
3016 {
3017 
3018 	int s;
3019 	struct lifconf lc;
3020 	struct lifnum ln;
3021 	struct lifreq *lr;
3022 	char *buf;
3023 	int len;
3024 	char *cp;
3025 	int ret;
3026 	int x;
3027 	int idx;
3028 
3029 	/* open socket */
3030 
3031 	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
3032 		ipqos_msg(MT_ENOSTR, gettext("opening AF_INET socket"));
3033 		return (IPQOS_CONF_ERR);
3034 	}
3035 
3036 	/* get number of lifreq structs that need to be alloc'd for */
3037 
3038 	ln.lifn_family = AF_UNSPEC;
3039 	ln.lifn_flags = 0;
3040 	ret = ioctl(s, SIOCGLIFNUM, &ln);
3041 	if (ret < 0) {
3042 		ipqos_msg(MT_ENOSTR, "SIOCLIFNUM ioctl");
3043 		(void) close(s);
3044 		return (IPQOS_CONF_ERR);
3045 	}
3046 
3047 	/* allocate buffer for SIOGLIFCONF ioctl */
3048 
3049 	len = ln.lifn_count * sizeof (struct lifreq);
3050 	buf = malloc(len);
3051 	if (buf == NULL) {
3052 		ipqos_msg(MT_ENOSTR, "malloc");
3053 		(void) close(s);
3054 		return (IPQOS_CONF_ERR);
3055 	}
3056 
3057 	/* setup lifconf params for ioctl */
3058 
3059 	lc.lifc_family = AF_UNSPEC;
3060 	lc.lifc_flags = 0;
3061 	lc.lifc_len = len;
3062 	lc.lifc_buf = buf;
3063 
3064 	/* do SIOCGLIFCONF ioctl */
3065 
3066 	ret = ioctl(s, SIOCGLIFCONF, &lc);
3067 	if (ret < 0) {
3068 		ipqos_msg(MT_ENOSTR, "SIGLIFCONF");
3069 		(void) close(s);
3070 		free(buf);
3071 		return (IPQOS_CONF_ERR);
3072 	}
3073 	(void) close(s);
3074 
3075 	/*
3076 	 * for each interface name given in the returned lifreq list get
3077 	 * it's index and compare with ifindex param. Break if equal.
3078 	 */
3079 	for (x = ln.lifn_count, lr = lc.lifc_req; x > 0; x--, lr++) {
3080 		ret = readifindex(lr->lifr_name, &idx);
3081 		if (ret != IPQOS_CONF_SUCCESS) {
3082 			free(buf);
3083 			return (IPQOS_CONF_ERR);
3084 		}
3085 		if (idx == ifindex) {
3086 			break;
3087 		}
3088 	}
3089 	free(buf);
3090 
3091 	if (x == 0) {
3092 		IPQOSCDBG1(L1, "Failed to find if index %u in returned "
3093 		    "if list.\n", ifindex);
3094 		return (IPQOS_CONF_ERR);
3095 	}
3096 	/* truncate any logical suffix */
3097 
3098 	if ((cp = strchr(lr->lifr_name, '@')) != NULL) {
3099 		*cp = NULL;
3100 	}
3101 
3102 	/* print interface name */
3103 	(void) fprintf(fp, "%s\n", lr->lifr_name);
3104 
3105 	return (IPQOS_CONF_SUCCESS);
3106 }
3107 
3108 /*
3109  * print to fp the enumeration clause evaluating to the value val using the
3110  * names/values given in enum_nvs.
3111  */
3112 static void
3113 printenum(
3114 FILE *fp,
3115 uint32_t val,
3116 str_val_nd_t *enum_nvs)
3117 {
3118 
3119 	boolean_t isfirstval = B_TRUE;
3120 	str_val_nd_t *name_val = enum_nvs;
3121 
3122 	/* for each value in enum_nvs if same bit set in val print name */
3123 
3124 	while (name_val) {
3125 		if ((name_val->sv.value & val) == name_val->sv.value) {
3126 			if (isfirstval == B_TRUE) {
3127 				(void) fprintf(fp, "%s", name_val->sv.string);
3128 				isfirstval = B_FALSE;
3129 			} else {
3130 				(void) fprintf(fp, ", %s", name_val->sv.string);
3131 			}
3132 		}
3133 		name_val = name_val->next;
3134 	}
3135 }
3136 
3137 
3138 /* prints the service name of port, or if unknown the number to fp. */
3139 static void
3140 printport(
3141 FILE *fp,
3142 uint16_t port)
3143 {
3144 
3145 	struct servent *sent;
3146 
3147 	sent = getservbyport(port, NULL);
3148 	if (sent != NULL) {
3149 		(void) fprintf(fp, "%s\n", sent->s_name);
3150 	} else {
3151 		(void) fprintf(fp, "%u\n", ntohs(port));
3152 	}
3153 }
3154 
3155 /*
3156  * prints tp fp the name and value of all user specifiable parameters in the
3157  * nvlist.
3158  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
3159  */
3160 static int
3161 printnvlist(
3162 FILE *fp,
3163 char *module,
3164 nvlist_t *nvl,
3165 int printall,	/* are we want ip addresses printing if node name */
3166 ipqos_conf_filter_t *flt,	/* used to determine if node name set */
3167 int tab_inserts,
3168 place_t place)
3169 {
3170 	FILE *tfp;
3171 	nvpair_t *nvp;
3172 	char *name;
3173 	ipqos_nvtype_t type;
3174 	str_val_nd_t *enum_nvs;
3175 	int ret;
3176 	char dfltst[IPQOS_VALST_MAXLEN+1];
3177 	char *param;
3178 	int openerr;
3179 	int res;
3180 
3181 	IPQOSCDBG0(L1, "In printnvlist\n");
3182 
3183 
3184 	/* open stream to types file */
3185 
3186 	tfp = validmod(module, &openerr);
3187 	if (tfp == NULL) {
3188 		if (openerr) {
3189 			ipqos_msg(MT_ENOSTR, "fopen");
3190 		}
3191 		return (IPQOS_CONF_ERR);
3192 	}
3193 
3194 
3195 	/* go through list getting param name and type and printing it */
3196 
3197 	nvp = nvlist_next_nvpair(nvl, NULL);
3198 	while (nvp) {
3199 
3200 		/* get nvpair name */
3201 		name = nvpair_name(nvp);
3202 		IPQOSCDBG1(L0, "processing element %s.\n", name);
3203 
3204 		/* skip ipgpc params that are not explicitly user settable */
3205 
3206 		if (strcmp(name, IPGPC_FILTER_TYPE) == 0 ||
3207 		    strcmp(name, IPGPC_SADDR_MASK) == 0 ||
3208 		    strcmp(name, IPGPC_DADDR_MASK) == 0 ||
3209 		    strcmp(name, IPGPC_SPORT_MASK) == 0 ||
3210 		    strcmp(name, IPGPC_DPORT_MASK) == 0) {
3211 			nvp = nvlist_next_nvpair(nvl, nvp);
3212 			continue;
3213 		}
3214 
3215 		param = SHORT_NAME(name);
3216 
3217 		/*
3218 		 * get parameter type from types file.
3219 		 */
3220 		place = PL_ANY;
3221 		ret = readtype(tfp, module, param, &type, &enum_nvs, dfltst,
3222 		    B_TRUE, &place);
3223 		if (ret != IPQOS_CONF_SUCCESS) {
3224 			return (ret);
3225 		}
3226 
3227 		/*
3228 		 * for map entries we don't print the map value, only
3229 		 * the index value it was derived from.
3230 		 */
3231 		if (place == PL_MAP) {
3232 			nvp = nvlist_next_nvpair(nvl, nvp);
3233 			continue;
3234 		}
3235 
3236 		/*
3237 		 * the ifindex is converted to the name and printed out
3238 		 * so print the parameter name as ifname.
3239 		 */
3240 		if (strcmp(name, IPGPC_IF_INDEX) == 0) {
3241 			PRINT_TABS(fp, tab_inserts);
3242 			(void) fprintf(fp, "%s ", IPQOS_IFNAME_STR);
3243 		/*
3244 		 * we may not print the address due to us instead printing
3245 		 * the node name in printfilter, therefore we leave the
3246 		 * printing of the parameter in the addresses switch case code.
3247 		 */
3248 		} else if ((strcmp(name, IPGPC_SADDR) != 0 &&
3249 		    strcmp(name, IPGPC_DADDR) != 0)) {
3250 			PRINT_TABS(fp, tab_inserts);
3251 			(void) fprintf(fp, "%s ", param);
3252 		}
3253 
3254 		switch (type) {
3255 			case IPQOS_DATA_TYPE_IFINDEX: {
3256 				uint32_t ifidx;
3257 
3258 				(void) nvpair_value_uint32(nvp, &ifidx);
3259 				(void) printifname(fp, ifidx);
3260 				break;
3261 			}
3262 			case IPQOS_DATA_TYPE_BOOLEAN: {
3263 				boolean_t bl;
3264 
3265 				(void) nvpair_value_uint32(nvp,
3266 				    (uint32_t *)&bl);
3267 				(void) fprintf(fp, "%s\n",
3268 				    bl == B_TRUE ? "true" : "false");
3269 				break;
3270 			}
3271 			case IPQOS_DATA_TYPE_ACTION: {
3272 				char *strval;
3273 
3274 				(void) nvpair_value_string(nvp, &strval);
3275 				print_action_nm(fp, strval);
3276 				break;
3277 			}
3278 			case IPQOS_DATA_TYPE_STRING: {
3279 				char *strval;
3280 
3281 				(void) nvpair_value_string(nvp, &strval);
3282 				(void) fprintf(fp, "%s\n",
3283 				    quote_ws_string(strval));
3284 				break;
3285 			}
3286 			case IPQOS_DATA_TYPE_ADDRESS: {
3287 				uint_t tmp;
3288 				in6_addr_t *addr;
3289 				char addrstr[INET6_ADDRSTRLEN];
3290 				uchar_t ftype;
3291 				int af;
3292 				in6_addr_t *mask;
3293 
3294 				/*
3295 				 * skip addresses that have node names for
3296 				 * non printall listings.
3297 				 */
3298 				if (printall == 0 &&
3299 				    (strcmp(nvpair_name(nvp), IPGPC_SADDR) ==
3300 				    0 && flt->src_nd_name ||
3301 				    strcmp(nvpair_name(nvp), IPGPC_DADDR) ==
3302 				    0 && flt->dst_nd_name)) {
3303 					break;
3304 				}
3305 
3306 				/* we skipped this above */
3307 
3308 				PRINT_TABS(fp, tab_inserts);
3309 				(void) fprintf(fp, "%s ", param);
3310 
3311 				(void) nvpair_value_uint32_array(nvp,
3312 				    (uint32_t **)&addr, &tmp);
3313 
3314 				/* get filter type */
3315 
3316 				(void) nvlist_lookup_byte(nvl,
3317 				    IPGPC_FILTER_TYPE, &ftype);
3318 				if (ftype == IPGPC_V4_FLTR) {
3319 					af = AF_INET;
3320 					addr = (in6_addr_t *)
3321 					&V4_PART_OF_V6((*addr));
3322 				} else {
3323 					af = AF_INET6;
3324 				}
3325 				/* get mask */
3326 
3327 				if (strcmp(nvpair_name(nvp), IPGPC_SADDR) ==
3328 				    0) {
3329 					ret = nvlist_lookup_uint32_array(nvl,
3330 					    IPGPC_SADDR_MASK,
3331 					    (uint32_t **)&mask, &tmp);
3332 				} else {
3333 					ret = nvlist_lookup_uint32_array(nvl,
3334 					    IPGPC_DADDR_MASK,
3335 					    (uint32_t **)&mask, &tmp);
3336 				}
3337 
3338 				/* print address/mask to fp */
3339 
3340 				(void) fprintf(fp, "%s/%u\n",
3341 				    inet_ntop(af, addr, addrstr,
3342 				    INET6_ADDRSTRLEN), masktocidr(af, mask));
3343 				break;
3344 			}
3345 			case IPQOS_DATA_TYPE_ENUM: {
3346 				uint32_t val;
3347 
3348 				(void) nvpair_value_uint32(nvp, &val);
3349 
3350 				/*
3351 				 * print list of tokens resulting in val
3352 				 */
3353 				(void) fprintf(fp, "{ ");
3354 				printenum(fp, val, enum_nvs);
3355 				(void) fprintf(fp, " }\n");
3356 				break;
3357 			}
3358 			case IPQOS_DATA_TYPE_PORT: {
3359 				uint16_t port;
3360 
3361 				(void) nvpair_value_uint16(nvp, &port);
3362 				printport(fp, port);
3363 				break;
3364 			}
3365 			case IPQOS_DATA_TYPE_PROTO: {
3366 				uint8_t proto;
3367 
3368 				(void) nvpair_value_byte(nvp, &proto);
3369 				printproto(fp, proto);
3370 				break;
3371 			}
3372 			case IPQOS_DATA_TYPE_M_INDEX:
3373 			case IPQOS_DATA_TYPE_UINT8: {
3374 				uchar_t u8;
3375 
3376 				(void) nvpair_value_byte(nvp, &u8);
3377 				(void) fprintf(fp, "%u\n", u8);
3378 				break;
3379 			}
3380 			case IPQOS_DATA_TYPE_UINT16: {
3381 				uint16_t u16;
3382 
3383 				(void) nvpair_value_uint16(nvp, &u16);
3384 				(void) fprintf(fp, "%u\n", u16);
3385 				break;
3386 			}
3387 			case IPQOS_DATA_TYPE_INT16: {
3388 				int16_t i16;
3389 
3390 				(void) nvpair_value_int16(nvp, &i16);
3391 				(void) fprintf(fp, "%d\n", i16);
3392 				break;
3393 			}
3394 			case IPQOS_DATA_TYPE_UINT32: {
3395 				uint32_t u32;
3396 
3397 				(void) nvpair_value_uint32(nvp, &u32);
3398 				(void) fprintf(fp, "%u\n", u32);
3399 				break;
3400 			}
3401 			case IPQOS_DATA_TYPE_INT32: {
3402 				int i32;
3403 
3404 				(void) nvpair_value_int32(nvp, &i32);
3405 				(void) fprintf(fp, "%d\n", i32);
3406 				break;
3407 			}
3408 			case IPQOS_DATA_TYPE_INT_ARRAY: {
3409 				str_val_nd_t *arr_enum_nvs = NULL;
3410 				uint32_t size;
3411 				int llimit, ulimit;
3412 				int *arr;
3413 
3414 				(void) nvpair_value_int32_array(nvp, &arr,
3415 				    &size);
3416 
3417 				/*
3418 				 * read array info from types file.
3419 				 */
3420 				res = read_int_array_info(dfltst,
3421 				    &arr_enum_nvs, &size, &llimit, &ulimit,
3422 				    module);
3423 
3424 				/*
3425 				 * print array with numbers, or symbols
3426 				 * if enumerated.
3427 				 */
3428 				if (res == IPQOS_CONF_SUCCESS) {
3429 					print_int_array(fp, arr, size,
3430 					    llimit, ulimit, arr_enum_nvs,
3431 					    tab_inserts);
3432 					if (arr_enum_nvs != NULL) {
3433 						free_str_val_entrys(
3434 						    arr_enum_nvs);
3435 					}
3436 				}
3437 				break;
3438 			}
3439 			case IPQOS_DATA_TYPE_USER: {
3440 				uid_t uid;
3441 
3442 				(void) nvpair_value_int32(nvp, (int *)&uid);
3443 				printuser(fp, uid);
3444 				break;
3445 			}
3446 #ifdef	_IPQOS_CONF_DEBUG
3447 			default: {
3448 				/*
3449 				 * we should have catered for all used data
3450 				 * types that readtype returns.
3451 				 */
3452 				assert(1);
3453 			}
3454 #endif
3455 		}
3456 
3457 		nvp = nvlist_next_nvpair(nvl, nvp);
3458 	}
3459 
3460 	(void) fclose(tfp);
3461 	return (IPQOS_CONF_SUCCESS);
3462 }
3463 
3464 /*
3465  * print a parameter clause for the parmeters given in params to fp.
3466  * If printall is set, then the originator of the parameter object is printed.
3467  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
3468  */
3469 static int
3470 printparams(
3471 FILE *fp,
3472 char *module,
3473 ipqos_conf_params_t *params,
3474 int printall,
3475 int tab_inserts)
3476 {
3477 
3478 	int res;
3479 
3480 	/* print opening clause */
3481 
3482 	PRINT_TABS(fp, tab_inserts);
3483 	(void) fprintf(fp, IPQOS_CONF_PARAMS_STR " {\n");
3484 
3485 	/* print originator name if printall flag set */
3486 
3487 	if (printall) {
3488 		PRINT_TABS(fp, tab_inserts + 1);
3489 		(void) fprintf(stdout, "Originator %s\n",
3490 		    quote_ws_string(get_originator_nm(params->originator)));
3491 	}
3492 
3493 	/* print global stats */
3494 
3495 	PRINT_TABS(fp, tab_inserts + 1);
3496 	(void) fprintf(fp, IPQOS_CONF_GLOBAL_STATS_STR " %s\n",
3497 	    params->stats_enable == B_TRUE ? "true" : "false");
3498 
3499 	/* print module specific parameters */
3500 	res = printnvlist(fp, module, params->nvlist, printall, NULL,
3501 	    tab_inserts + 1, PL_PARAMS);
3502 	if (res != IPQOS_CONF_SUCCESS) {
3503 		return (res);
3504 	}
3505 
3506 	PRINT_TABS(fp, tab_inserts);
3507 	(void) fprintf(fp, "}\n");
3508 
3509 	return (IPQOS_CONF_SUCCESS);
3510 }
3511 
3512 /*
3513  * print the interpreted name of the action_nm parameter if it is a special
3514  * action, else action_nm verbatim to fp parameter.
3515  */
3516 static void
3517 print_action_nm(FILE *fp, char *action_nm)
3518 {
3519 
3520 	if (strcmp(action_nm, IPP_ANAME_CONT) == 0) {
3521 		(void) fprintf(fp, IPQOS_CONF_CONT_STR "\n");
3522 	} else if (strcmp(action_nm, IPP_ANAME_DEFER) == 0) {
3523 		(void) fprintf(fp, IPQOS_CONF_DEFER_STR "\n");
3524 	} else if (strcmp(action_nm, IPP_ANAME_DROP) == 0) {
3525 		(void) fprintf(fp, IPQOS_CONF_DROP_STR "\n");
3526 	} else {
3527 		(void) fprintf(fp, "%s\n", quote_ws_string(action_nm));
3528 	}
3529 }
3530 
3531 /*
3532  * print a class clause for class to fp. If printall is set the originator
3533  * is printed.
3534  */
3535 static void
3536 printclass(
3537 FILE *fp,
3538 ipqos_conf_class_t *class,
3539 int printall,
3540 int tab_inserts)
3541 {
3542 
3543 	/* print opening clause */
3544 
3545 	PRINT_TABS(fp, tab_inserts);
3546 	(void) fprintf(fp, IPQOS_CONF_CLASS_STR " {\n");
3547 
3548 
3549 	/* if printall flag print originator name */
3550 
3551 	if (printall) {
3552 		PRINT_TABS(fp, tab_inserts + 1);
3553 		(void) fprintf(stdout, "Originator %s\n",
3554 		    get_originator_nm(class->originator));
3555 	}
3556 
3557 	/* print name, next action and stats enable */
3558 
3559 	PRINT_TABS(fp, tab_inserts + 1);
3560 	(void) fprintf(fp, IPQOS_CONF_NAME_STR " %s\n",
3561 	    quote_ws_string(class->name));
3562 	PRINT_TABS(fp, tab_inserts + 1);
3563 	(void) fprintf(fp, IPQOS_CONF_NEXT_ACTION_STR " ");
3564 	    print_action_nm(fp, class->alist->name);
3565 	PRINT_TABS(fp, tab_inserts + 1);
3566 	(void) fprintf(fp, IPQOS_CONF_STATS_ENABLE_STR " %s\n",
3567 	    class->stats_enable == B_TRUE ? "true" : "false");
3568 
3569 	PRINT_TABS(fp, tab_inserts);
3570 	(void) fprintf(fp, "}\n");
3571 }
3572 
3573 /*
3574  * Returns a ptr to the originator name associated with origid. If unknown
3575  * id returns ptr to "unknown".
3576  * RETURNS: ptr to originator name, or if id not known "unknown".
3577  */
3578 static char *
3579 get_originator_nm(uint32_t origid)
3580 {
3581 
3582 	int x;
3583 
3584 	/* scan originators table for origid */
3585 
3586 	for (x = 0; originators[x].value != -1 &&
3587 	    originators[x].value != origid; x++) {}
3588 
3589 	/* if we've reached end of array due to unknown type return "unknown" */
3590 
3591 	if (originators[x].value == -1) {
3592 		return ("unknown");
3593 	}
3594 
3595 	return (originators[x].string);
3596 }
3597 
3598 /*
3599  * print a filter clause for filter pointed to by filter out to fp. If printall
3600  * is set then the originator is printed, for filters with node names instance
3601  * numbers are printed, and the filter pointer isn't advanced to point at the
3602  * last instance of the printed filter.
3603  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
3604  */
3605 static int
3606 printfilter(
3607 FILE *fp,
3608 char *module,
3609 ipqos_conf_filter_t **filter,
3610 int printall,
3611 int tab_inserts)
3612 {
3613 
3614 	int res;
3615 
3616 	/* print opening clause */
3617 
3618 	PRINT_TABS(fp, tab_inserts);
3619 	(void) fprintf(fp, IPQOS_CONF_FILTER_STR " {\n");
3620 
3621 	/* print originator if printall flag set */
3622 
3623 	if (printall) {
3624 		PRINT_TABS(fp, tab_inserts + 1);
3625 		(void) fprintf(stdout, "Originator %s\n",
3626 		    quote_ws_string(get_originator_nm((*filter)->originator)));
3627 	}
3628 
3629 	/* print name and class */
3630 
3631 	PRINT_TABS(fp, tab_inserts + 1);
3632 	(void) fprintf(fp, IPQOS_CONF_NAME_STR " %s\n",
3633 	    quote_ws_string((*filter)->name));
3634 	PRINT_TABS(fp, tab_inserts + 1);
3635 	(void) fprintf(fp, IPQOS_CONF_CLASS_STR " %s\n",
3636 	    quote_ws_string((*filter)->class_name));
3637 
3638 	/* print the instance if printall and potential mhomed addresses */
3639 
3640 	if (printall && ((*filter)->src_nd_name || (*filter)->dst_nd_name)) {
3641 		PRINT_TABS(fp, tab_inserts + 1);
3642 		(void) fprintf(fp, "Instance %u\n", (*filter)->instance);
3643 	}
3644 
3645 	/* print node names if any */
3646 
3647 	if ((*filter)->src_nd_name) {
3648 		PRINT_TABS(fp, tab_inserts + 1);
3649 		(void) fprintf(fp, "%s %s\n", strchr(IPGPC_SADDR, '.') + 1,
3650 		    (*filter)->src_nd_name);
3651 	}
3652 	if ((*filter)->dst_nd_name) {
3653 		PRINT_TABS(fp, tab_inserts + 1);
3654 		(void) fprintf(fp, "%s %s\n", strchr(IPGPC_DADDR, '.') + 1,
3655 		    (*filter)->dst_nd_name);
3656 	}
3657 
3658 	/* print ip_version enumeration if set */
3659 
3660 	if ((*filter)->ip_versions != 0) {
3661 		PRINT_TABS(fp, tab_inserts + 1);
3662 		(void) fprintf(fp, IPQOS_CONF_IP_VERSION_STR " {");
3663 		if (VERSION_IS_V4(*filter)) {
3664 			(void) fprintf(fp, " V4");
3665 		}
3666 		if (VERSION_IS_V6(*filter)) {
3667 			(void) fprintf(fp, " V6");
3668 		}
3669 		(void) fprintf(fp, " }\n");
3670 	}
3671 
3672 	/* print other module specific parameters parameters */
3673 
3674 	res = printnvlist(fp, module, (*filter)->nvlist, printall, *filter,
3675 	    tab_inserts + 1, PL_FILTER);
3676 	if (res != IPQOS_CONF_SUCCESS) {
3677 		return (res);
3678 	}
3679 
3680 	PRINT_TABS(fp, tab_inserts);
3681 	(void) fprintf(fp, "}\n");
3682 
3683 	/*
3684 	 * if not printall advance filter parameter to last instance of this
3685 	 * filter.
3686 	 */
3687 
3688 	if (!printall) {
3689 		for (;;) {
3690 			if ((*filter)->next == NULL ||
3691 			    strcmp((*filter)->name, (*filter)->next->name) !=
3692 			    0) {
3693 				break;
3694 			}
3695 			*filter = (*filter)->next;
3696 		}
3697 	}
3698 
3699 	return (IPQOS_CONF_SUCCESS);
3700 }
3701 
3702 /*
3703  * Returns a pointer to str if no whitespace is present, else it returns
3704  * a pointer to a string with the contents of str enclose in double quotes.
3705  * This returned strings contents may change in subsequent calls so a copy
3706  * should be made of it if the caller wishes to retain it.
3707  */
3708 static char *
3709 quote_ws_string(const char *str)
3710 {
3711 	static char *buf = NULL;
3712 	const char *cp;	/* we don't modify the contents of str so const */
3713 
3714 	IPQOSCDBG0(L0, "In quote_ws_string\n");
3715 
3716 	/*
3717 	 * Just return str if no whitespace.
3718 	 */
3719 	for (cp = str; (*cp != '\0') && !isspace(*cp); cp++)
3720 		;
3721 	if (*cp == '\0')
3722 		return ((char *)str);
3723 
3724 	if (buf == NULL) {
3725 		/*
3726 		 * if first run just allocate buffer of
3727 		 * strlen(str) + 2 quote characters + NULL terminator.
3728 		 */
3729 		buf = malloc(strlen(str) + 3);
3730 	} else if ((strlen(str) + 2) > strlen(buf)) {
3731 		/*
3732 		 * Not first run, so check if we have a big enough buffer
3733 		 * and if not reallocate the buffer to a sufficient size.
3734 		 */
3735 		buf = realloc(buf, strlen(str) + 3);
3736 	}
3737 	if (buf == NULL)
3738 		return ("");
3739 
3740 	/*
3741 	 * copy string into buffer with quotes.
3742 	 */
3743 	(void) strcpy(buf, "\"");
3744 	(void) strcat(buf, str);
3745 	(void) strcat(buf, "\"");
3746 
3747 	return (buf);
3748 }
3749 
3750 /*
3751  * print an action clause for action to fp. If the printall flag is set
3752  * then all filters and classes (regardless of their originator) and
3753  * their originators are displayed.
3754  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
3755  */
3756 static int
3757 printaction(
3758 FILE *fp,
3759 ipqos_conf_action_t *action,
3760 int printall,
3761 int tab_inserts)
3762 {
3763 
3764 	ipqos_conf_filter_t *flt;
3765 	ipqos_conf_class_t *cls;
3766 	int res;
3767 
3768 	/* print opening clause, module and name */
3769 
3770 	PRINT_TABS(fp, tab_inserts);
3771 	(void) fprintf(fp, IPQOS_CONF_ACTION_STR " {\n");
3772 	PRINT_TABS(fp, tab_inserts + 1);
3773 	(void) fprintf(fp, IPQOS_CONF_MODULE_STR " %s\n",
3774 	    quote_ws_string(action->module));
3775 	PRINT_TABS(fp, tab_inserts + 1);
3776 	(void) fprintf(fp, "name %s\n", quote_ws_string(action->name));
3777 
3778 	/* print params clause */
3779 
3780 	(void) fprintf(fp, "\n");
3781 	res = printparams(fp, action->module, action->params, printall,
3782 	    tab_inserts + 1);
3783 	if (res != IPQOS_CONF_SUCCESS) {
3784 		return (res);
3785 	}
3786 
3787 	/*
3788 	 * print classes clause for each class if printall is set, else
3789 	 * just ipqosconf created or permanent classes.
3790 	 */
3791 	for (cls = action->classes; cls != NULL; cls = cls->next) {
3792 		if (printall ||
3793 		    cls->originator == IPP_CONFIG_IPQOSCONF ||
3794 		    cls->originator == IPP_CONFIG_PERMANENT) {
3795 			(void) fprintf(fp, "\n");
3796 			printclass(fp, cls, printall, tab_inserts + 1);
3797 		}
3798 	}
3799 
3800 	/*
3801 	 * print filter clause for each filter if printall is set, else
3802 	 * just ipqosconf created or permanent filters.
3803 	 */
3804 	for (flt = action->filters; flt != NULL; flt = flt->next) {
3805 		if (printall ||
3806 		    flt->originator == IPP_CONFIG_IPQOSCONF ||
3807 		    flt->originator == IPP_CONFIG_PERMANENT) {
3808 			(void) fprintf(fp, "\n");
3809 			res = printfilter(fp, action->module, &flt, printall,
3810 			    tab_inserts + 1);
3811 			if (res != IPQOS_CONF_SUCCESS) {
3812 				return (res);
3813 			}
3814 		}
3815 	}
3816 
3817 	PRINT_TABS(fp, tab_inserts);
3818 	(void) fprintf(fp, "}\n");
3819 
3820 	return (IPQOS_CONF_SUCCESS);
3821 }
3822 
3823 
3824 
3825 /* *************************************************************** */
3826 
3827 
3828 static void
3829 list_end(
3830 ipqos_list_el_t **listp,
3831 ipqos_list_el_t ***lendpp)
3832 {
3833 	*lendpp = listp;
3834 	while (**lendpp != NULL) {
3835 		*lendpp = &(**lendpp)->next;
3836 	}
3837 }
3838 
3839 static void
3840 add_to_list(
3841 ipqos_list_el_t **listp,
3842 ipqos_list_el_t *el)
3843 {
3844 	el->next = *listp;
3845 	*listp = el;
3846 }
3847 
3848 /*
3849  * given mask calculates the number of bits it spans. The mask must be
3850  * continuous.
3851  * RETURNS: number of bits spanned.
3852  */
3853 static int
3854 masktocidr(
3855 int af,
3856 in6_addr_t *mask)
3857 {
3858 	int zeros = 0;
3859 	int byte;
3860 	int cidr;
3861 
3862 	/*
3863 	 * loop through from lowest byte to highest byte counting the
3864 	 * number of zero bits till hitting a one bit.
3865 	 */
3866 	for (byte = 15; byte >= 0; byte--) {
3867 		/*
3868 		 * zero byte, so add 8 to zeros.
3869 		 */
3870 		if (mask->s6_addr[byte] == 0) {
3871 			zeros += 8;
3872 		/*
3873 		 * non-zero byte, add zero count to zeros.
3874 		 */
3875 		} else {
3876 			zeros += (ffs((int)mask->s6_addr[byte]) - 1);
3877 			break;
3878 		}
3879 	}
3880 	/*
3881 	 * translate zero bits to 32 or 128 bit mask based on af.
3882 	 */
3883 	if (af == AF_INET) {
3884 		cidr = 32 - zeros;
3885 	} else {
3886 		cidr = 128 - zeros;
3887 	}
3888 
3889 	return (cidr);
3890 }
3891 
3892 /*
3893  * Sets the first prefix_len bits in the v4 or v6 address (based upon af)
3894  * contained in the v6 address referenced by addr to 1.
3895  */
3896 static void
3897 setmask(int prefix_len, in6_addr_t *addr, int af)
3898 {
3899 
3900 	int i;
3901 	int shift;
3902 	int maskstartbit = 128 - prefix_len;
3903 	int end_u32;
3904 
3905 	IPQOSCDBG2(L1, "In setmask, prefix_len: %u, af: %s\n", prefix_len,
3906 	    af == AF_INET ? "AF_INET" : "AF_INET6");
3907 
3908 	/* zero addr */
3909 	bzero(addr, sizeof (in6_addr_t));
3910 
3911 
3912 	/* set which 32bits in *addr are relevant to this af */
3913 
3914 	if (af == AF_INET) {
3915 		end_u32 = 3;
3916 		maskstartbit = 32 - prefix_len;
3917 	/* AF_INET6 */
3918 	} else {
3919 		end_u32 = 0;
3920 	}
3921 	/*
3922 	 * go through each of the 32bit quantities in 128 bit in6_addr_t
3923 	 * and set appropriate bits according to prefix_len.
3924 	 */
3925 	for (i = 3; i >= end_u32; i--) {
3926 
3927 		/* does the prefix apply to this 32bits? */
3928 
3929 		if (maskstartbit < ((4 - i) * 32)) {
3930 
3931 			/* is this 32bits fully masked? */
3932 
3933 			if (maskstartbit <= ((3 - i) * 32)) {
3934 				shift = 0;
3935 			} else {
3936 				shift = maskstartbit % 32;
3937 			}
3938 			addr->_S6_un._S6_u32[i] = (uint32_t)~0;
3939 			addr->_S6_un._S6_u32[i] =
3940 			    addr->_S6_un._S6_u32[i] >> shift;
3941 			addr->_S6_un._S6_u32[i] =
3942 			    addr->_S6_un._S6_u32[i] << shift;
3943 		}
3944 
3945 		/* translate to NBO */
3946 		addr->_S6_un._S6_u32[i] = htonl(addr->_S6_un._S6_u32[i]);
3947 	}
3948 }
3949 
3950 /*
3951  * search nvlist for an element with the name specified and return a ptr
3952  * to it if found.
3953  * RETURNS: pointer to nvpair named name if found, else NULL.
3954  */
3955 static nvpair_t *
3956 find_nvpair(nvlist_t *nvl, char *name)
3957 {
3958 
3959 	nvpair_t *nvp;
3960 	nvpair_t *match = NULL;
3961 	char *nvp_name;
3962 
3963 	IPQOSCDBG0(L1, "In find_nvpair\n");
3964 
3965 	nvp = nvlist_next_nvpair(nvl, NULL);
3966 	while (nvp) {
3967 		nvp_name = nvpair_name(nvp);
3968 		if (strcmp(name, nvp_name) == 0) {
3969 			match = nvp;
3970 		}
3971 		nvp = nvlist_next_nvpair(nvl, nvp);
3972 	}
3973 
3974 	return (match);
3975 }
3976 
3977 /*
3978  * returns a string containing module_name '.' name.
3979  * RETURNS: IPQOS_CONF_ERR if error, else IPQOS_CONF_SUCCESS.
3980  */
3981 static char *
3982 prepend_module_name(
3983 char *name,
3984 char *module)
3985 {
3986 
3987 	char *ret;
3988 
3989 	IPQOSCDBG0(L2, "In prepend_module_name\n");
3990 
3991 	ret = malloc(strlen(module) + strlen(".") + strlen(name) + 1);
3992 	if (ret == NULL) {
3993 		ipqos_msg(MT_ENOSTR, "malloc");
3994 		return (NULL);
3995 	}
3996 
3997 	(void) strcpy(ret, module);
3998 	(void) strcat(ret, ".");
3999 	(void) strcat(ret, name);
4000 
4001 	return (ret);
4002 }
4003 
4004 #if 0
4005 
4006 /*
4007  * check if element with matching s1 and s2 string is in table table.
4008  * RETURNS: 1 if found else 0.
4009  */
4010 static int
4011 in_str_str_table(
4012 str_str_t *table,
4013 char *s1,
4014 char *s2)
4015 {
4016 
4017 	str_str_t *ss = table;
4018 
4019 	/* loop through table till matched or end */
4020 
4021 	while (ss->s1[0] != '\0' &&
4022 	    (strcmp(ss->s1, s1) != 0 || strcmp(ss->s2, s2) != 0)) {
4023 		ss++;
4024 	}
4025 
4026 	if (ss->s1[0] != '\0') {
4027 		return (1);
4028 	}
4029 
4030 	return (0);
4031 }
4032 #endif	/* 0 */
4033 
4034 /*
4035  * check whether name is a valid action/class/filter name.
4036  * RETURNS: IPQOS_CONF_ERR if invalid name else IPQOS_CONF_SUCCESS.
4037  */
4038 static int
4039 valid_name(char *name)
4040 {
4041 
4042 	IPQOSCDBG1(L1, "In valid_name: name: %s\n", name);
4043 
4044 	/* first char can't be '!' */
4045 	if (name[0] == '!') {
4046 		ipqos_msg(MT_ERROR, gettext("Name not allowed to start with "
4047 		    "'!', line %u.\n"), lineno);
4048 		return (IPQOS_CONF_ERR);
4049 	}
4050 
4051 	/* can't exceed IPQOS_CONF_NAME_LEN size */
4052 	if (strlen(name) >= IPQOS_CONF_NAME_LEN) {
4053 		ipqos_msg(MT_ERROR, gettext("Name exceeds maximum name length "
4054 		    "line %u.\n"), lineno);
4055 		return (IPQOS_CONF_ERR);
4056 	}
4057 
4058 	return (IPQOS_CONF_SUCCESS);
4059 }
4060 
4061 /* ********************* string value manip fns ************************** */
4062 
4063 
4064 /*
4065  * searches through the str_val_nd_t list of string value pairs finding
4066  * the minimum and maximum values for value and places them in the
4067  * integers pointed at by min and max.
4068  */
4069 static void
4070 get_str_val_value_range(
4071 str_val_nd_t *svnp,
4072 int *min,
4073 int *max)
4074 {
4075 	if (svnp != NULL) {
4076 		*min = *max = svnp->sv.value;
4077 		svnp = svnp->next;
4078 	}
4079 	while (svnp != NULL) {
4080 		if (svnp->sv.value > *max)
4081 			*max = svnp->sv.value;
4082 		if (svnp->sv.value < *min)
4083 			*min = svnp->sv.value;
4084 		svnp = svnp->next;
4085 	}
4086 }
4087 
4088 /*
4089  * add an entry with string string and value val to sv_entrys.
4090  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
4091  */
4092 static int
4093 add_str_val_entry(
4094 str_val_nd_t **sv_entrys,
4095 char *string,
4096 uint32_t val)
4097 {
4098 
4099 	str_val_nd_t *sv_entry;
4100 
4101 	IPQOSCDBG2(L1, "In add_str_val_entry: string: %s, val: %u\n", string,
4102 	    val);
4103 
4104 	/* alloc new node */
4105 
4106 	sv_entry = malloc(sizeof (str_val_nd_t));
4107 	if (sv_entry == NULL) {
4108 		return (IPQOS_CONF_ERR);
4109 	}
4110 
4111 	/* populate node */
4112 
4113 	sv_entry->sv.string = malloc(strlen(string) + 1);
4114 	if (sv_entry->sv.string == NULL) {
4115 		free(sv_entry);
4116 		ipqos_msg(MT_ENOSTR, "malloc");
4117 		return (IPQOS_CONF_ERR);
4118 	} else {
4119 		(void) strcpy(sv_entry->sv.string, string);
4120 	}
4121 	sv_entry->sv.value = val;
4122 
4123 	/* place at start of sv_entrys list */
4124 
4125 	sv_entry->next = *sv_entrys;
4126 	*sv_entrys = sv_entry;
4127 
4128 	return (IPQOS_CONF_SUCCESS);
4129 }
4130 
4131 
4132 /* frees all the elements of sv_entrys. */
4133 static void
4134 free_str_val_entrys(
4135 str_val_nd_t *sv_entrys)
4136 {
4137 
4138 	str_val_nd_t *sve = sv_entrys;
4139 	str_val_nd_t *tmp;
4140 
4141 	IPQOSCDBG0(L1, "In free_str_val_entrys\n");
4142 
4143 	while (sve) {
4144 		free(sve->sv.string);
4145 		tmp = sve->next;
4146 		free(sve);
4147 		sve = tmp;
4148 	}
4149 }
4150 
4151 /*
4152  * finds the value associated with string and assigns it to value ref'd by
4153  * val.
4154  * RETURNS: IPQOS_CONF_ERR if string not found, else IPQOS_CONF_SUCCESS.
4155  */
4156 static int
4157 str_val_list_lookup(
4158 str_val_nd_t *svs,
4159 char *string,
4160 uint32_t *val)
4161 {
4162 
4163 	str_val_nd_t *sv = svs;
4164 
4165 	IPQOSCDBG1(L1, "In str_val_list_lookup: %s\n", string);
4166 
4167 	/* loop through list and exit when found or list end */
4168 
4169 	while (sv != NULL) {
4170 		if (strcmp(sv->sv.string, string) == 0) {
4171 			break;
4172 		}
4173 		sv = sv->next;
4174 	}
4175 
4176 	/* ret error if not found */
4177 
4178 	if (sv == NULL) {
4179 		return (IPQOS_CONF_ERR);
4180 	}
4181 
4182 	*val = sv->sv.value;
4183 
4184 	IPQOSCDBG1(L1, "svll: Value returned is %u\n", *val);
4185 	return (IPQOS_CONF_SUCCESS);
4186 }
4187 
4188 
4189 /* ************************ conf file read fns ***************************** */
4190 
4191 /*
4192  * Reads a uid or username from string 'str' and assigns either the uid
4193  * or associated uid respectively to storage pointed at by 'uid'. The
4194  * function determines whether to read a uid by checking whether the first
4195  * character of 'str' is numeric, in which case it reads a uid; otherwise it
4196  * assumes a username.
4197  * RETURNS: IPQOS_CONF_ERR if a NULL string pointer is passed, the read uid
4198  * doesn't have an entry on the system, or the read username doesn't have an
4199  * entry on the system.
4200  */
4201 static int
4202 readuser(
4203 char *str,
4204 uid_t *uid)
4205 {
4206 	struct passwd *pwd;
4207 	char *lo;
4208 
4209 	IPQOSCDBG1(L0, "In readuser, str: %s\n", str);
4210 
4211 	if (str == NULL)
4212 		return (IPQOS_CONF_ERR);
4213 	/*
4214 	 * Check if this appears to be a uid, and if so check that a
4215 	 * corresponding user exists.
4216 	 */
4217 	if (isdigit((int)str[0])) {
4218 		/*
4219 		 * Read a 32bit integer and check in doing so that
4220 		 * we have consumed the whole string.
4221 		 */
4222 		if (readint32(str, (int *)uid, &lo) != IPQOS_CONF_SUCCESS ||
4223 		    *lo != '\0')
4224 			return (IPQOS_CONF_ERR);
4225 		if (getpwuid(*uid) == NULL)
4226 			return (IPQOS_CONF_ERR);
4227 
4228 	} else {	/* This must be a username, so lookup the uid. */
4229 		pwd = getpwnam(str);
4230 		if (pwd == NULL) {
4231 			return (IPQOS_CONF_ERR);
4232 		} else {
4233 			*uid = pwd->pw_uid;
4234 		}
4235 	}
4236 	return (IPQOS_CONF_SUCCESS);
4237 }
4238 
4239 /*
4240  * Reads a range from range_st, either of form 'a-b' or simply 'a'.
4241  * In the former case lower and upper have their values set to a
4242  * and b respectively; in the later lower and upper have both
4243  * their values set to a.
4244  * RETURNS: IPQOS_CONF_ERR if there's a parse error, else IPQOS_CONF_SUCCESS.
4245  */
4246 static int
4247 readrange(
4248 char *range_st,
4249 int *lower,
4250 int *upper)
4251 {
4252 	char *cp;
4253 	char *end, *end2;
4254 
4255 	IPQOSCDBG1(L0, "In readrange: string: %s\n", range_st);
4256 
4257 	/*
4258 	 * get range boundarys.
4259 	 */
4260 	cp = strchr(range_st, '-');
4261 
4262 	if (cp != NULL) {	/* we have a range */
4263 		*cp++ = '\0';
4264 		*lower = (int)strtol(range_st, &end, 10);
4265 		*upper = (int)strtol(cp, &end2, 10);
4266 		SKIPWS(end);
4267 		SKIPWS(end2);
4268 		if ((range_st == end) || (*end != NULL) ||
4269 		    (cp == end) || (*end2 != NULL)) {
4270 			IPQOSCDBG0(L0, "Failed reading a-b\n");
4271 			return (IPQOS_CONF_ERR);
4272 		}
4273 
4274 	} else {		/* single value */
4275 
4276 		*lower = *upper = (int)strtol(range_st, &end, 10);
4277 		SKIPWS(end);
4278 		if ((range_st == end) || (*end != NULL)) {
4279 			IPQOSCDBG0(L0, "Failed reading a\n");
4280 			return (IPQOS_CONF_ERR);
4281 		}
4282 	}
4283 
4284 	return (IPQOS_CONF_SUCCESS);
4285 }
4286 
4287 /*
4288  * Reads the values of an integer array from fp whose format is:
4289  * '{'RANGE[,RANGE[..]]:VALUE[;RANGE:VALUE[..]]'}', creates an array of size
4290  * arr_size, applies the values to it and points arrp at this array.
4291  * RANGE is one set of array indexes over which this value is to
4292  * be applied, and VALUE either an integer within the range
4293  * llimit - ulimit, or if enum_nvs isn't NULL, an enumeration value
4294  * found in the list enum_nvs. Those values which aren't explicity set
4295  * will be set to -1.
4296  *
4297  * RETURNS: IPQOS_CONF_ERR on resource or parse error, else IPQOS_CONF_SUCCESS.
4298  */
4299 static int
4300 read_int_array(
4301 FILE *fp,
4302 char *first_token,
4303 int **arrp,
4304 uint32_t arr_size,
4305 int llimit,
4306 int ulimit,
4307 str_val_nd_t *enum_nvs)
4308 {
4309 
4310 	char buf[5 * IPQOS_CONF_LINEBUF_SZ];
4311 	char *token;
4312 	char *range;
4313 	char *ranges;
4314 	char *svalue;
4315 	int value;
4316 	int res;
4317 	char *entry;
4318 	char *tmp;
4319 	char *end;
4320 	int lower, upper;
4321 	int x;
4322 	uint32_t startln;
4323 
4324 	IPQOSCDBG4(L0, "In read_int_array: size: %u, lower: %u, upper: %u, "
4325 	    "first_token: %s\n", arr_size, llimit, ulimit, first_token);
4326 
4327 	/*
4328 	 * read beginning curl.
4329 	 */
4330 	if (first_token[0] != CURL_BEGIN) {
4331 		ipqos_msg(MT_ERROR, gettext("\'{\' missing at line "
4332 		    "%u.\n"), lineno);
4333 		return (IPQOS_CONF_ERR);
4334 	}
4335 
4336 	/*
4337 	 * allocate and initialise array for holding read values.
4338 	 */
4339 	*arrp = malloc(arr_size * sizeof (int));
4340 	if (*arrp == NULL) {
4341 		ipqos_msg(MT_ENOSTR, "malloc");
4342 		return (IPQOS_CONF_ERR);
4343 	}
4344 	(void) memset(*arrp, -1, arr_size * sizeof (int));
4345 
4346 	/*
4347 	 * read whole array declaration string into buffer.
4348 	 * this is because readtoken doesn't interpret our
4349 	 * delimeter values specially and may return them
4350 	 * within another string.
4351 	 */
4352 	startln = lineno;	/* store starting lineno for error reports */
4353 	buf[0] = '\0';
4354 	res = readtoken(fp, &token);
4355 	while ((res != IPQOS_CONF_CURL_END) && (res != IPQOS_CONF_ERR) &&
4356 	    (res != IPQOS_CONF_EOF)) {
4357 		(void) strlcat(buf, token, sizeof (buf));
4358 		free(token);
4359 		res = readtoken(fp, &token);
4360 	}
4361 	if (res != IPQOS_CONF_CURL_END) {
4362 		goto array_err;
4363 	}
4364 	IPQOSCDBG1(L0, "array declaration buffer contains: %s\n", buf);
4365 
4366 	/*
4367 	 * loop reading "ranges ':' value;" till end of buffer.
4368 	 */
4369 	entry = strtok(buf, ";");
4370 	while (entry != NULL) {
4371 		svalue = strchr(entry, ':');
4372 		if (svalue == NULL) {	/* missing value string */
4373 			IPQOSCDBG0(L0, "Missing value string\n");
4374 			goto array_err;
4375 		}
4376 		*svalue++ = '\0';
4377 		ranges = entry;
4378 
4379 		/*
4380 		 * get value of number or enumerated symbol.
4381 		 */
4382 		if (enum_nvs) {
4383 			/*
4384 			 * get rid of surrounding whitespace so as not to
4385 			 * confuse read_enum_value.
4386 			 */
4387 			SKIPWS(svalue);
4388 			tmp = svalue;
4389 			while (*tmp != '\0') {
4390 				if (isspace(*tmp)) {
4391 					*tmp = '\0';
4392 					break;
4393 				} else {
4394 					tmp++;
4395 				}
4396 			}
4397 
4398 			/*
4399 			 * read enumeration value.
4400 			 */
4401 			res = read_enum_value(NULL, svalue, enum_nvs,
4402 			    (uint32_t *)&value);
4403 			if (res != IPQOS_CONF_SUCCESS)
4404 				goto array_err;
4405 		} else {
4406 			value = (int)strtol(svalue, &end, 10);
4407 			SKIPWS(end);
4408 			if ((svalue == end) || (*end != NULL)) {
4409 				IPQOSCDBG0(L0, "Invalid value\n");
4410 				goto array_err;
4411 			}
4412 			IPQOSCDBG1(L0, "value: %u\n", value);
4413 
4414 			/*
4415 			 * check value within valid range.
4416 			 */
4417 			if ((value < llimit) || (value > ulimit)) {
4418 				IPQOSCDBG0(L0, "value out of range\n");
4419 				goto array_err;
4420 			}
4421 		}
4422 
4423 		/*
4424 		 * loop reading ranges for this value.
4425 		 */
4426 		range = strtok_r(ranges, ",", &tmp);
4427 		while (range != NULL) {
4428 			res = readrange(range, &lower, &upper);
4429 			if (res != IPQOS_CONF_SUCCESS)
4430 				goto array_err;
4431 			IPQOSCDBG2(L0, "range: %u - %u\n", lower, upper);
4432 
4433 
4434 			if (upper < lower) {
4435 				uint32_t u = lower;
4436 				lower = upper;
4437 				upper = u;
4438 			}
4439 
4440 			/*
4441 			 * check range valid for array size.
4442 			 */
4443 			if ((lower < 0) || (upper > arr_size)) {
4444 				IPQOSCDBG0(L0, "Range out of array "
4445 				    "dimensions\n");
4446 				goto array_err;
4447 			}
4448 
4449 			/*
4450 			 * add this value to array indexes within range.
4451 			 */
4452 			for (x = lower; x <= upper; x++)
4453 				(*arrp)[x] = value;
4454 
4455 			/*
4456 			 * get next range.
4457 			 */
4458 			range = strtok_r(NULL, ",", &tmp);
4459 		}
4460 
4461 		entry = strtok(NULL, ";");
4462 	}
4463 
4464 	return (IPQOS_CONF_SUCCESS);
4465 
4466 array_err:
4467 	ipqos_msg(MT_ERROR,
4468 	    gettext("Array declaration line %u is invalid.\n"), startln);
4469 	free(*arrp);
4470 	return (IPQOS_CONF_ERR);
4471 }
4472 
4473 static int
4474 readllong(char *str, long long *llp, char **lo)
4475 {
4476 
4477 	*llp = strtoll(str, lo, 0);
4478 	if (*lo == str) {
4479 		return (IPQOS_CONF_ERR);
4480 	}
4481 	return (IPQOS_CONF_SUCCESS);
4482 }
4483 
4484 static int
4485 readuint8(char *str, uint8_t *ui8, char **lo)
4486 {
4487 
4488 	long long tmp;
4489 
4490 	if (readllong(str, &tmp, lo) != 0) {
4491 		return (IPQOS_CONF_ERR);
4492 	}
4493 	if (tmp > UCHAR_MAX || tmp < 0) {
4494 		return (IPQOS_CONF_ERR);
4495 	}
4496 	*ui8 = (uint8_t)tmp;
4497 	return (IPQOS_CONF_SUCCESS);
4498 }
4499 
4500 static int
4501 readuint16(char *str, uint16_t *ui16, char **lo)
4502 {
4503 	long long tmp;
4504 
4505 	if (readllong(str, &tmp, lo) != IPQOS_CONF_SUCCESS) {
4506 		return (IPQOS_CONF_ERR);
4507 	}
4508 	if (tmp > USHRT_MAX || tmp < 0) {
4509 		return (IPQOS_CONF_ERR);
4510 	}
4511 	*ui16 = (uint16_t)tmp;
4512 	return (IPQOS_CONF_SUCCESS);
4513 }
4514 
4515 static int
4516 readint16(char *str, int16_t *i16, char **lo)
4517 {
4518 	long long tmp;
4519 
4520 	if (readllong(str, &tmp, lo) != 0) {
4521 		return (IPQOS_CONF_ERR);
4522 	}
4523 	if (tmp > SHRT_MAX || tmp < SHRT_MIN) {
4524 		return (IPQOS_CONF_ERR);
4525 	}
4526 	*i16 = (int16_t)tmp;
4527 	return (IPQOS_CONF_SUCCESS);
4528 }
4529 
4530 static int
4531 readint32(char *str, int *i32, char **lo)
4532 {
4533 	long long tmp;
4534 
4535 	if (readllong(str, &tmp, lo) != IPQOS_CONF_SUCCESS) {
4536 		return (IPQOS_CONF_ERR);
4537 	}
4538 	if (tmp > INT_MAX || tmp < INT_MIN) {
4539 		return (IPQOS_CONF_ERR);
4540 	}
4541 	*i32 = tmp;
4542 	return (IPQOS_CONF_SUCCESS);
4543 }
4544 
4545 static int
4546 readuint32(char *str, uint32_t *ui32, char **lo)
4547 {
4548 	long long tmp;
4549 
4550 	if (readllong(str, &tmp, lo) != IPQOS_CONF_SUCCESS) {
4551 		return (IPQOS_CONF_ERR);
4552 	}
4553 	if (tmp > UINT_MAX || tmp < 0) {
4554 		return (IPQOS_CONF_ERR);
4555 	}
4556 	*ui32 = (uint32_t)tmp;
4557 	return (IPQOS_CONF_SUCCESS);
4558 }
4559 
4560 /*
4561  * retrieves the index associated with the interface named ifname and assigns
4562  * it to the int pointed to by ifindex.
4563  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
4564  */
4565 static int
4566 readifindex(
4567 char *ifname,
4568 int *ifindex)
4569 {
4570 
4571 	int s;
4572 	struct lifreq lifrq;
4573 
4574 
4575 	/* open socket */
4576 
4577 	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
4578 		ipqos_msg(MT_ENOSTR, gettext("opening AF_INET socket"));
4579 		return (IPQOS_CONF_ERR);
4580 	}
4581 
4582 	/* copy ifname into lifreq */
4583 
4584 	(void) strlcpy(lifrq.lifr_name, ifname, LIFNAMSIZ);
4585 
4586 	/* do SIOGLIFINDEX ioctl */
4587 
4588 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifrq) == -1) {
4589 		(void) close(s);
4590 		return (IPQOS_CONF_ERR);
4591 	}
4592 
4593 	/* Warn if a virtual interface is specified */
4594 	if ((ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrq) != -1) &&
4595 	    (lifrq.lifr_flags & IFF_VIRTUAL)) {
4596 		ipqos_msg(MT_WARNING, gettext("Invalid interface"));
4597 	}
4598 	(void) close(s);
4599 	*ifindex = lifrq.lifr_index;
4600 	return (IPQOS_CONF_SUCCESS);
4601 }
4602 
4603 /*
4604  * Case insensitively compares the string in str with IPQOS_CONF_TRUE_STR
4605  * and IPQOS_CONF_FALSE_STR and sets boolean pointed to by bool accordingly.
4606  * RETURNS: if failure to match either IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
4607  */
4608 static int
4609 readbool(char *str, boolean_t *bool)
4610 {
4611 
4612 	if (strcasecmp(str, IPQOS_CONF_TRUE_STR) == 0) {
4613 		*bool = B_TRUE;
4614 	} else if (strcasecmp(str, IPQOS_CONF_FALSE_STR) == 0) {
4615 		*bool = B_FALSE;
4616 	} else {
4617 		return (IPQOS_CONF_ERR);
4618 	}
4619 
4620 	return (IPQOS_CONF_SUCCESS);
4621 }
4622 
4623 /*
4624  * reads a protocol name/number from proto_str and assigns the number
4625  * to the uint8 ref'd by proto.
4626  * RETURNS: If not a valid name or protocol number IPQOS_CONF_ERR, else
4627  * IPQOS_CONF_SUCCESS.
4628  */
4629 static int
4630 readproto(char *proto_str, uint8_t *proto)
4631 {
4632 
4633 	struct protoent *pent;
4634 	char *lo;
4635 	int res;
4636 
4637 	IPQOSCDBG1(L1, "In readproto: string: %s\n", proto_str);
4638 
4639 	/* try name lookup */
4640 
4641 	pent = getprotobyname(proto_str);
4642 	if (pent) {
4643 		*proto = pent->p_proto;
4644 
4645 	/* check valid protocol number */
4646 	} else {
4647 		res = readuint8(proto_str, proto, &lo);
4648 		if (res != IPQOS_CONF_SUCCESS || proto == 0) {
4649 			return (IPQOS_CONF_ERR);
4650 		}
4651 	}
4652 
4653 	return (IPQOS_CONF_SUCCESS);
4654 }
4655 
4656 /*
4657  * reads either a port service, or a port number from port_str and assigns
4658  * the associated port number to short ref'd by port.
4659  * RETURNS: If invalid name and number IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
4660  */
4661 static int
4662 readport(char *port_str, uint16_t *port)
4663 {
4664 
4665 	struct servent *sent;
4666 	char *tmp;
4667 
4668 	IPQOSCDBG1(L1, "In readport: string: %s\n", port_str);
4669 
4670 	/* try service name lookup */
4671 	sent = getservbyname(port_str, NULL);
4672 
4673 	/* failed name lookup so read port number */
4674 	if (sent == NULL) {
4675 		if (readuint16(port_str, port, &tmp) != IPQOS_CONF_SUCCESS ||
4676 		    *port == 0) {
4677 			return (IPQOS_CONF_ERR);
4678 		}
4679 		*port = htons(*port);
4680 	} else {
4681 		*port = sent->s_port;
4682 	}
4683 
4684 	return (IPQOS_CONF_SUCCESS);
4685 }
4686 
4687 
4688 /*
4689  * Reads a curly brace, a string enclosed in double quotes, or a whitespace/
4690  * curly brace delimited string. If a double quote enclosed string the
4691  * closing quotes need to be on the same line.
4692  * RETURNS:
4693  * on reading a CURL_BEGIN token it returns IPQOS_CONF_CURL_BEGIN,
4694  * on reading a CURL_END token it returns IPQOS_CONF_CURL_END,
4695  * on reading another valid token it returns IPQOS_CONF_SUCCESS.
4696  * for each of these token is set to point at the read string.
4697  * at EOF it returns IPQOS_CONF_EOF and if errors it returns IPQOS_CONF_ERR.
4698  */
4699 static int
4700 readtoken(
4701 FILE *fp,
4702 char **token)
4703 {
4704 
4705 	char *st, *tmp;
4706 	int len;
4707 	int quoted = 0;
4708 	char *cmnt;
4709 	char *bpos;
4710 	int rembuf;
4711 
4712 	static char *lo;
4713 	static char *buf = NULL;
4714 	static int bufsize;
4715 
4716 	/* if first call initialize line buf to default size */
4717 
4718 	if (buf == NULL) {
4719 		bufsize = IPQOS_CONF_LINEBUF_SZ;
4720 		buf = malloc(bufsize);
4721 		if (buf == NULL) {
4722 			ipqos_msg(MT_ENOSTR, "malloc");
4723 			return (IPQOS_CONF_ERR);
4724 		}
4725 	}
4726 
4727 	/* set buffer postition and size to use whole buffer */
4728 
4729 	bpos = buf;
4730 	rembuf = bufsize;
4731 
4732 
4733 	/*
4734 	 * loop reading lines until we've read a line with a non-whitespace
4735 	 * char.
4736 	 */
4737 
4738 	do {
4739 		/* if no leftover from previous invocation */
4740 
4741 		if (lo == NULL) {
4742 
4743 			/*
4744 			 * loop reading into buffer doubling if necessary until
4745 			 * we have either read a complete line or reached the
4746 			 * end of file.
4747 			 */
4748 			for (;;) {
4749 				st = fgets(bpos, rembuf, fp);
4750 
4751 				if (st == NULL) {
4752 
4753 					/* if read error */
4754 					if (ferror(fp)) {
4755 						free(buf);
4756 						buf = NULL;
4757 						ipqos_msg(MT_ENOSTR,
4758 						    "fgets");
4759 						return (IPQOS_CONF_ERR);
4760 
4761 					/* end of file */
4762 					} else {
4763 						free(buf);
4764 						buf = NULL;
4765 						*token = NULL;
4766 						return (IPQOS_CONF_EOF);
4767 					}
4768 				} else {
4769 					/* if read a newline */
4770 
4771 					if (buf[strlen(buf) - 1] == '\n') {
4772 						lineno++;
4773 						break;
4774 
4775 					/* if read the last line */
4776 
4777 					} else if (feof(fp)) {
4778 						break;
4779 
4780 					/*
4781 					 * not read a full line so buffer size
4782 					 * is too small, double it and retry.
4783 					 */
4784 					} else {
4785 						bufsize *= 2;
4786 						tmp = realloc(buf, bufsize);
4787 						if (tmp == NULL) {
4788 							ipqos_msg(MT_ENOSTR,
4789 							    "realloc");
4790 							free(buf);
4791 							return (IPQOS_CONF_ERR);
4792 						} else {
4793 							buf = tmp;
4794 						}
4795 
4796 						/*
4797 						 * make parameters to fgets read
4798 						 * into centre of doubled buffer
4799 						 * so we retain what we've
4800 						 * already read.
4801 						 */
4802 						bpos = &buf[(bufsize / 2) - 1];
4803 						rembuf = (bufsize / 2) + 1;
4804 					}
4805 				}
4806 			}
4807 
4808 			st = buf;
4809 
4810 		/* previous leftover, assign to st */
4811 
4812 		} else {
4813 			st = lo;
4814 			lo = NULL;
4815 		}
4816 
4817 		/* truncate at comment */
4818 
4819 		cmnt = strchr(st, '#');
4820 		if (cmnt) {
4821 			*cmnt = '\0';
4822 		}
4823 
4824 		/* Skip any whitespace */
4825 
4826 		while (isspace(*st) && *st != '\0') {
4827 			st++;
4828 		}
4829 
4830 	} while (*st == '\0');
4831 
4832 
4833 	/* find end of token */
4834 
4835 	tmp = st;
4836 
4837 	/* if curl advance 1 char */
4838 
4839 	if (*tmp == CURL_BEGIN || *tmp == CURL_END) {
4840 		tmp++;
4841 
4842 
4843 	/* if dbl quote read until matching quote */
4844 
4845 	} else if (*tmp == '"') {
4846 		quoted++;
4847 		tmp = ++st;
4848 
4849 		while (*tmp != '"' && *tmp != '\n' && *tmp != '\0') {
4850 			tmp++;
4851 		}
4852 		if (*tmp != '"') {
4853 			ipqos_msg(MT_ERROR, gettext("Quoted string exceeds "
4854 			    "line, line %u.\n"), lineno);
4855 			free(buf);
4856 			return (IPQOS_CONF_ERR);
4857 		}
4858 
4859 	/* normal token */
4860 	} else {
4861 		/* find first whitespace, curl, newline or string end */
4862 
4863 		while (!isspace(*tmp) && *tmp != CURL_BEGIN &&
4864 		    *tmp != CURL_END && *tmp != '\n' && *tmp != '\0') {
4865 			tmp++;
4866 		}
4867 	}
4868 
4869 	/* copy token to return */
4870 	len = tmp - st;
4871 	*token = malloc(len + 1);
4872 	if (!*token) {
4873 		free(buf);
4874 		ipqos_msg(MT_ENOSTR, "malloc");
4875 		return (IPQOS_CONF_ERR);
4876 	}
4877 	bcopy(st, *token, len);
4878 	(*token)[len] = '\0';
4879 
4880 	/* if just read quoted string remove quote from remaining string */
4881 
4882 	if (quoted) {
4883 		tmp++;
4884 	}
4885 
4886 	/* if not end of string, store rest for latter parsing */
4887 
4888 	if (*tmp != '\0' && *tmp != '\n') {
4889 		lo = tmp;
4890 	}
4891 
4892 	/* for curl_end and curl_begin return special ret codes */
4893 
4894 	if ((*token)[1] == '\0') {
4895 		if (**token == CURL_BEGIN) {
4896 			return (IPQOS_CONF_CURL_BEGIN);
4897 		} else if (**token == CURL_END) {
4898 			return (IPQOS_CONF_CURL_END);
4899 		}
4900 	}
4901 
4902 	return (IPQOS_CONF_SUCCESS);
4903 }
4904 
4905 /*
4906  * Reads an enumeration bitmask definition from line. The format is:
4907  * { NAME=VAL, NAME2=VAL2 }. The resulting names and values are returned.
4908  * RETURNS: NULL on error, else ptr to name/values.
4909  */
4910 static str_val_nd_t *
4911 read_enum_nvs(char *line, char *module_name)
4912 {
4913 
4914 	str_val_nd_t *enum_vals = NULL;
4915 	char *cp;
4916 	char *start;
4917 	char *name = NULL;
4918 	int len;
4919 	uint32_t val;
4920 	int ret;
4921 	int readc;
4922 
4923 	IPQOSCDBG1(L1, "In read_enum_nvs, line: %s\n", line);
4924 
4925 	/* read opening brace */
4926 
4927 	cp = strchr(line, CURL_BEGIN);
4928 	if (cp == NULL) {
4929 		IPQOSCDBG0(L1, "missing curl begin\n");
4930 		goto fail;
4931 	} else {
4932 		start = cp + 1;
4933 	}
4934 
4935 	/*
4936 	 * loop reading 'name = value' entrys seperated by comma until
4937 	 * reach closing brace.
4938 	 */
4939 
4940 	for (;;) {
4941 		SKIPWS(start);
4942 		if (*start == '\0') {
4943 			IPQOSCDBG0(L1, "missing closing bracket\n");
4944 			goto fail;
4945 		}
4946 
4947 		/*
4948 		 * read name - read until whitespace, '=', closing curl,
4949 		 * or string end.
4950 		 */
4951 
4952 		for (cp = start;
4953 		    !isspace(*cp) && *cp != '=' && *cp != CURL_END &&
4954 		    *cp != '\0'; cp++) {}
4955 
4956 		if (*cp == '\0') {
4957 			IPQOSCDBG0(L1, "Unexpected line end in enum def'n\n");
4958 			goto fail;
4959 
4960 		/* finished definition, exit loop */
4961 		} else if (*cp == CURL_END) {
4962 			break;
4963 		}
4964 
4965 		/* store name */
4966 
4967 		len = cp - start;
4968 		name = malloc(len + 1);
4969 		if (name == NULL) {
4970 			ipqos_msg(MT_ENOSTR, "malloc");
4971 			goto fail;
4972 		}
4973 		bcopy(start, name, len);
4974 		name[len] = NULL;
4975 		IPQOSCDBG1(L0, "Stored name: %s\n", name);
4976 
4977 		/* read assignment */
4978 
4979 		start = strchr(cp, '=');
4980 		if (start == NULL) {
4981 			IPQOSCDBG0(L1, "Missing = in enum def'n\n");
4982 			goto fail;
4983 		}
4984 
4985 		/* read value */
4986 
4987 		ret = sscanf(++start, "%x%n", &val, &readc);
4988 		if (ret != 1) {
4989 			IPQOSCDBG1(L1, "sscanf of value failed, string: %s\n",
4990 			    cp);
4991 			goto fail;
4992 		}
4993 
4994 		/* add name value to set */
4995 
4996 		ret = add_str_val_entry(&enum_vals, name, val);
4997 		if (ret != IPQOS_CONF_SUCCESS) {
4998 			IPQOSCDBG0(L1, "Failed to add str_val entry\n");
4999 			goto fail;
5000 		}
5001 		free(name);
5002 		name = NULL;
5003 
5004 		/* try reading comma */
5005 		cp = strchr(start, ',');
5006 
5007 		if (cp != NULL) {
5008 			start = cp + 1;
5009 
5010 		/* no comma, advance to char past value last read */
5011 		} else {
5012 			start += readc;
5013 		}
5014 	}
5015 
5016 	return (enum_vals);
5017 fail:
5018 	free_str_val_entrys(enum_vals);
5019 	if (name != NULL)
5020 		free(name);
5021 
5022 	/* if a parse error */
5023 
5024 	if (errno == 0) {
5025 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
5026 		    "corrupt.\n"), module_name);
5027 	}
5028 
5029 	return (NULL);
5030 }
5031 
5032 /*
5033  * Given mapped_list with is a comma seperated list of map names, and value,
5034  * which is used to index into these maps, the function creates x new entries
5035  * in nvpp, where x is the number of map names specified. Each of these
5036  * entries has the value from the map in the position indexed by value and
5037  * with name module.${MAP_NAME}. The maps are contained in the modules config
5038  * file and have the form:
5039  * map map1 uint32 1,23,32,45,3
5040  * As you can see the map values are uint32, and along with uint8 are the
5041  * only supported types at the moment.
5042  *
5043  * RETURNS: IPQOS_CONF_ERR if one of the maps specified in mapped_list
5044  * doesn't exist, if value is not a valid map position for a map, or if
5045  * there's a resource failure. otherwise IPQOS_CONF_SUCCESS is returned.
5046  */
5047 static int
5048 read_mapped_values(
5049 FILE *tfp,
5050 nvlist_t **nvlp,
5051 char *module,
5052 char *mapped_list,
5053 int value)
5054 {
5055 	char *map_name, *lastparam, *tmpname;
5056 	int res;
5057 	ipqos_nvtype_t type;
5058 	char dfltst[IPQOS_VALST_MAXLEN+1] = "";
5059 	str_val_nd_t *enum_nvs;
5060 	place_t place;
5061 
5062 	IPQOSCDBG0(L1, "In read_mapped_values\n");
5063 
5064 	map_name = (char *)strtok_r(mapped_list, ",", &lastparam);
5065 	while (map_name != NULL) {
5066 		char *tokval, *lastval;
5067 		int index = 0;
5068 
5069 		/*
5070 		 * get map info from types file.
5071 		 */
5072 		place = PL_MAP;
5073 		res = readtype(tfp, module, map_name, &type, &enum_nvs,
5074 		    dfltst, B_FALSE, &place);
5075 		if (res != IPQOS_CONF_SUCCESS) {
5076 			return (IPQOS_CONF_ERR);
5077 		}
5078 
5079 		/*
5080 		 * Just keep browsing the list till we get to the element
5081 		 * with the index from the value parameter or the end.
5082 		 */
5083 		tokval = (char *)strtok_r(dfltst, ",", &lastval);
5084 		for (;;) {
5085 			if (tokval == NULL) {
5086 				ipqos_msg(MT_ERROR,
5087 				    gettext("Invalid value, %u, line %u.\n"),
5088 				    value, lineno);
5089 				return (IPQOS_CONF_ERR);
5090 			}
5091 			if (index++ == value) {
5092 				break;
5093 			}
5094 			tokval = (char *)strtok_r(NULL, ",", &lastval);
5095 		}
5096 
5097 
5098 		/*
5099 		 * create fully qualified parameter name for map value.
5100 		 */
5101 		tmpname = prepend_module_name(map_name, module);
5102 		if (tmpname == NULL) {
5103 			return (IPQOS_CONF_ERR);
5104 		}
5105 
5106 		/*
5107 		 * add map value with fqn to parameter nvlist.
5108 		 */
5109 		IPQOSCDBG2(L0, "Adding map %s, value %u to nvlist\n",
5110 		    tmpname, atoi(tokval));
5111 		switch (type) {
5112 			case IPQOS_DATA_TYPE_UINT8: {
5113 				res = nvlist_add_byte(*nvlp, tmpname,
5114 				    (uint8_t)atoi(tokval));
5115 				if (res != 0)  {
5116 					free(tmpname);
5117 					ipqos_msg(MT_ENOSTR,
5118 					    "nvlist_add_uint8");
5119 					return (IPQOS_CONF_ERR);
5120 				}
5121 				break;
5122 			}
5123 			case IPQOS_DATA_TYPE_UINT32: {
5124 				res = nvlist_add_uint32(*nvlp, tmpname,
5125 				    (uint32_t)atoi(tokval));
5126 				if (res != 0)  {
5127 					free(tmpname);
5128 					ipqos_msg(MT_ENOSTR,
5129 					    "nvlist_add_uint32");
5130 					return (IPQOS_CONF_ERR);
5131 				}
5132 				break;
5133 			}
5134 			default: {
5135 				ipqos_msg(MT_ERROR,
5136 				    gettext("Types file for module %s is "
5137 				    "corrupt.\n"), module);
5138 				IPQOSCDBG1(L0, "Unsupported map type for "
5139 				    "parameter %s given in types file.\n",
5140 				    map_name);
5141 				return (IPQOS_CONF_ERR);
5142 			}
5143 		}
5144 		free(tmpname);
5145 
5146 		map_name = (char *)strtok_r(NULL, ",", &lastparam);
5147 	}
5148 
5149 	return (IPQOS_CONF_SUCCESS);
5150 }
5151 
5152 /*
5153  * Parses the string info_str into it's components. Its format is:
5154  * SIZE','[ENUM_DEF | RANGE], where SIZE is the size of the array,
5155  * ENUM_DEF is the definition of the enumeration for this array,
5156  * and RANGE is the set of values this array can accept. In
5157  * the event this array has an enumeration definition enum_nvs is
5158  * set to point at a str_val_nd_t structure which stores the names
5159  * and values associated with this enumeration. Otherwise, if this
5160  * is not an enumerated array, lower and upper are set to the lower
5161  * and upper values of RANGE.
5162  * RETURNS: IPQOS_CONF_ERR due to unexpected parse errors, else
5163  * IPQOS_CONF_SUCCESS.
5164  */
5165 static int
5166 read_int_array_info(
5167 char *info_str,
5168 str_val_nd_t **enum_nvs,
5169 uint32_t *size,
5170 int *lower,
5171 int *upper,
5172 char *module)
5173 {
5174 	int res;
5175 	char *end;
5176 	char *token;
5177 	char *tmp;
5178 
5179 	IPQOSCDBG1(L0, "In read_array_info: info_str: %s\n",
5180 	    (info_str != NULL) ? info_str : "NULL");
5181 
5182 	if (info_str == NULL) {
5183 		IPQOSCDBG0(L0, "Null info string\n");
5184 		goto fail;
5185 	}
5186 
5187 	/*
5188 	 * read size.
5189 	 */
5190 	token = strtok(info_str, ",");
5191 	*size = (uint32_t)strtol(token, &end, 10);
5192 	SKIPWS(end);
5193 	if ((end == token) || (*end != NULL)) {
5194 		IPQOSCDBG0(L0, "Invalid size\n");
5195 		goto fail;
5196 	}
5197 	IPQOSCDBG1(L0, "read size: %u\n", *size);
5198 
5199 	/*
5200 	 * check we have another string.
5201 	 */
5202 	token = strtok(NULL, "\n");
5203 	if (token == NULL) {
5204 		IPQOSCDBG0(L0, "Missing range/enum def\n");
5205 		goto fail;
5206 	}
5207 	IPQOSCDBG1(L0, "range/enum def: %s\n", token);
5208 
5209 	/*
5210 	 * check if enumeration set or integer set and read enumeration
5211 	 * definition or integer range respectively.
5212 	 */
5213 	tmp = strchr(token, CURL_BEGIN);
5214 	if (tmp == NULL) {	/* a numeric range */
5215 		res = readrange(token, lower, upper);
5216 		if (res != IPQOS_CONF_SUCCESS) {
5217 			IPQOSCDBG0(L0, "Failed reading range\n");
5218 			goto fail;
5219 		}
5220 	} else {		/* an enumeration */
5221 		*enum_nvs = read_enum_nvs(token, module);
5222 		if (*enum_nvs == NULL) {
5223 			IPQOSCDBG0(L0, "Failed reading enum def\n");
5224 			goto fail;
5225 		}
5226 	}
5227 
5228 	return (IPQOS_CONF_SUCCESS);
5229 fail:
5230 	ipqos_msg(MT_ERROR,
5231 	    gettext("Types file for module %s is corrupt.\n"), module);
5232 	return (IPQOS_CONF_ERR);
5233 }
5234 
5235 /*
5236  * reads the value of an enumeration parameter from first_token and fp.
5237  * first_token is the first token of the value.
5238  * The format expected is NAME | { NAME1 [, NAME2 ] [, NAME3 ]  }.
5239  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
5240  */
5241 static int
5242 read_enum_value(
5243 FILE *fp,
5244 char *first_token,
5245 str_val_nd_t *enum_vals,
5246 uint32_t *val)
5247 {
5248 
5249 	uint32_t u32;
5250 	int ret;
5251 	char *tk;
5252 	char *lo = NULL;
5253 	char *cm;
5254 	int name_expected = 0;
5255 
5256 	IPQOSCDBG0(L1, "In read_enum_value\n");
5257 
5258 	/* init param val */
5259 	*val = 0;
5260 
5261 	/* first token not curl_begin, so lookup its value */
5262 
5263 	if (*first_token != CURL_BEGIN) {
5264 		ret = str_val_list_lookup(enum_vals, first_token, val);
5265 		if (ret != IPQOS_CONF_SUCCESS) {
5266 			ipqos_msg(MT_ERROR,
5267 			    gettext("Unrecognized value, %s, line %u.\n"),
5268 			    first_token, lineno);
5269 			return (ret);
5270 		}
5271 
5272 	/* curl_begin, so read values till curl_end, dicing at ',' */
5273 	} else {
5274 
5275 		name_expected++;
5276 
5277 		for (;;) {
5278 
5279 			/*
5280 			 * no leftover from pervious iteration so read new
5281 			 * token. This leftover happens because readtoken
5282 			 * doesn't interpret comma's as special characters
5283 			 * and thus could return 'val1,val2' as one token.
5284 			 * If this happens the val1 will be used in the
5285 			 * current iteration and what follows saved in lo
5286 			 * for processing by successive iterations.
5287 			 */
5288 
5289 			if (lo == NULL) {
5290 				ret = readtoken(fp, &tk);
5291 				if (ret == IPQOS_CONF_ERR) {
5292 					return (ret);
5293 				} else if (ret == IPQOS_CONF_EOF) {
5294 					ipqos_msg(MT_ERROR,
5295 					    gettext("Unexpected EOF.\n"));
5296 					return (IPQOS_CONF_ERR);
5297 
5298 				}
5299 			} else {	/* previous leftover, so use it */
5300 
5301 				IPQOSCDBG1(L1, "Using leftover %s.\n", lo);
5302 				tk = lo;
5303 				lo = NULL;
5304 			}
5305 
5306 			if (name_expected) {
5307 				if (ret == IPQOS_CONF_CURL_END ||
5308 				    tk[0] == ',') {
5309 					ipqos_msg(MT_ERROR,
5310 					    gettext("Malformed value list "
5311 					    "line %u.\n"), lineno);
5312 					free(tk);
5313 					return (IPQOS_CONF_ERR);
5314 				}
5315 
5316 				/*
5317 				 * check if this token contains a ',' and
5318 				 * if so store it and what follows for next
5319 				 * iteration.
5320 				 */
5321 				cm = strchr(tk, ',');
5322 				if (cm != NULL) {
5323 					lo = malloc(strlen(cm) + 1);
5324 					if (lo == NULL) {
5325 						ipqos_msg(MT_ENOSTR, "malloc");
5326 						free(tk);
5327 						return (IPQOS_CONF_ERR);
5328 					}
5329 
5330 					(void) strcpy(lo, cm);
5331 					*cm = '\0';
5332 				}
5333 
5334 
5335 				/* get name value and add to total val */
5336 
5337 				ret = str_val_list_lookup(enum_vals, tk, &u32);
5338 				if (ret != IPQOS_CONF_SUCCESS) {
5339 					ipqos_msg(MT_ERROR,
5340 					    gettext("Unrecognized value, %s, "
5341 					    "line %u.\n"), tk, lineno);
5342 					free(tk);
5343 					return (IPQOS_CONF_ERR);
5344 				}
5345 
5346 				*val = *val | u32;
5347 				name_expected--;
5348 
5349 			/* comma or curl end accepted */
5350 			} else {
5351 
5352 				/* we've reached curl_end so break */
5353 
5354 				if (ret == IPQOS_CONF_CURL_END) {
5355 					free(tk);
5356 					break;
5357 
5358 				/* not curl end and not comma */
5359 
5360 				} else if (tk[0] != ',') {
5361 					ipqos_msg(MT_ERROR,
5362 					    gettext("Malformed value list "
5363 					    "line %u.\n"), lineno);
5364 					free(tk);
5365 					return (IPQOS_CONF_ERR);
5366 				}
5367 
5368 				/*
5369 				 * store anything after the comma for next
5370 				 * iteration.
5371 				 */
5372 				if (tk[1] != '\0') {
5373 					lo = malloc(strlen(&tk[1]) + 1);
5374 					if (lo == NULL) {
5375 						ipqos_msg(MT_ENOSTR, "malloc");
5376 						free(tk);
5377 						return (IPQOS_CONF_ERR);
5378 					}
5379 					(void) strcpy(lo, &tk[1]);
5380 				}
5381 
5382 				name_expected++;
5383 			}
5384 
5385 			free(tk);
5386 		}
5387 	}
5388 
5389 	IPQOSCDBG1(L1, "value returned is: %u\n", *val);
5390 
5391 	return (IPQOS_CONF_SUCCESS);
5392 }
5393 
5394 /*
5395  * read the set of permanent classes/filter from the types file ref'd by tfp
5396  * and store them in a string table pointed to by perm_items,
5397  * with *nitems getting set to number of items read. perm_filters is set
5398  * to 1 if we're searching for permanent filters, else 0 for classes.
5399  * RETURNS: IPQOS_CONF_ERR if any errors, else IPQOS_CONF_SUCCESS.
5400  */
5401 static int
5402 read_perm_items(
5403 int perm_filters,
5404 FILE *tfp,
5405 char *module_name,
5406 char ***perm_items,
5407 int *nitems)
5408 {
5409 
5410 	char lbuf[IPQOS_CONF_TYPE_LINE_LEN];
5411 	int cnt = 0;
5412 	char name[IPQOS_CONF_NAME_LEN+1];
5413 	char foo[IPQOS_CONF_NAME_LEN+1];
5414 	int res;
5415 	char **items = NULL;
5416 	char **tmp;
5417 	char *marker;
5418 
5419 	IPQOSCDBG0(L1, "In read_perm_items\n");
5420 
5421 
5422 	/* seek to start of types file */
5423 
5424 	if (fseek(tfp, 0, SEEK_SET) != 0) {
5425 		ipqos_msg(MT_ENOSTR, "fseek");
5426 		return (IPQOS_CONF_ERR);
5427 	}
5428 
5429 	/* select which marker were looking for */
5430 
5431 	if (perm_filters) {
5432 		marker = IPQOS_CONF_PERM_FILTER_MK;
5433 	} else {
5434 		marker = IPQOS_CONF_PERM_CLASS_MK;
5435 	}
5436 
5437 	/* scan file line by line till end */
5438 
5439 	while (fgets(lbuf, IPQOS_CONF_TYPE_LINE_LEN, tfp) != NULL) {
5440 
5441 		/*
5442 		 * if the line is marked as containing a default item name
5443 		 * read the name, extend the items string array
5444 		 * and store the string off the array.
5445 		 */
5446 		if (strncmp(lbuf, marker, strlen(marker)) == 0) {
5447 
5448 			res = sscanf(lbuf,
5449 			    "%" VAL2STR(IPQOS_CONF_NAME_LEN) "s"
5450 			    "%" VAL2STR(IPQOS_CONF_NAME_LEN) "s",
5451 			    foo, name);
5452 			if (res < 2) {
5453 				ipqos_msg(MT_ERROR,
5454 				    gettext("Types file for module %s is "
5455 				    "corrupt.\n"), module_name);
5456 				IPQOSCDBG1(L0, "Missing name with a %s.\n",
5457 				    marker);
5458 				goto fail;
5459 			}
5460 
5461 			/* extend items array to accomodate new item */
5462 
5463 			tmp = realloc(items, (cnt + 1) * sizeof (char *));
5464 			if (tmp == NULL) {
5465 				ipqos_msg(MT_ENOSTR, "realloc");
5466 				goto fail;
5467 			} else {
5468 				items = tmp;
5469 			}
5470 
5471 			/* copy and store item name */
5472 
5473 			items[cnt] = malloc(strlen(name) + 1);
5474 			if (items[cnt] == NULL) {
5475 				ipqos_msg(MT_ENOSTR, "malloc");
5476 				goto fail;
5477 			}
5478 
5479 			(void) strcpy(items[cnt], name);
5480 			cnt++;
5481 
5482 
5483 			IPQOSCDBG1(L1, "stored %s in perm items array\n",
5484 			    name);
5485 		}
5486 	}
5487 
5488 	*perm_items = items;
5489 	*nitems = cnt;
5490 
5491 	return (IPQOS_CONF_SUCCESS);
5492 fail:
5493 	for (cnt--; cnt >= 0; cnt--)
5494 		free(items[cnt]);
5495 	free(items);
5496 	return (IPQOS_CONF_ERR);
5497 }
5498 
5499 /*
5500  * Searches types file ref'd by tfp for the parameter named name
5501  * with the place corresponding with place parameter. The format
5502  * of the lines in the file are:
5503  * PLACE NAME TYPE [ ENUM_DEF ] [ DEFAULT_STR ]
5504  * The ENUM_DEF is an enumeration definition and is only present
5505  * for parameters of type enum. DEFAULT_STR is a default value for
5506  * this parameter. If present type is set to the appropriate type
5507  * enumeration and dfltst filled with DEFAULT_STR if one was set.
5508  * Also if the type is enum enum_nvps is made to point at a
5509  * set of name value pairs representing ENUM_DEF.
5510  *
5511  * RETURNS: If any resource errors occur, or a matching parameter
5512  * isn't found IPQOS_CONF_ERR is returned, else IPQOS_CONF_SUCCESS.
5513  */
5514 static int
5515 readtype(
5516 FILE *tfp,
5517 char *module_name,
5518 char *name,
5519 ipqos_nvtype_t *type,
5520 str_val_nd_t **enum_nvps,
5521 char *dfltst,
5522 boolean_t allow_ipgpc_priv,
5523 place_t *place)
5524 {
5525 
5526 	int ac;
5527 	char lbuf[IPQOS_CONF_TYPE_LINE_LEN];
5528 	char param[IPQOS_CONF_PNAME_LEN+1];
5529 	char typest[IPQOS_CONF_TYPE_LEN+1];
5530 	char place_st[IPQOS_CONF_TYPE_LEN+1];
5531 	char *cp;
5532 	int x;
5533 	char *ipgpc_nm;
5534 	int found = 0;
5535 
5536 	IPQOSCDBG1(L1, "In readtype: param: %s\n", name);
5537 
5538 
5539 	/*
5540 	 * if allow_ipgpc_priv is true then we allow ipgpc parameters that are
5541 	 * private between ipqosconf and ipgpc. eg. address masks, port masks.
5542 	 */
5543 	if (allow_ipgpc_priv && strcmp(module_name, IPGPC_NAME) == 0) {
5544 		ipgpc_nm = prepend_module_name(name, IPGPC_NAME);
5545 		if (ipgpc_nm == NULL) {
5546 			return (IPQOS_CONF_ERR);
5547 		}
5548 
5549 		if (strcmp(ipgpc_nm, IPGPC_SADDR_MASK) == 0 ||
5550 		    strcmp(ipgpc_nm, IPGPC_DADDR_MASK) == 0) {
5551 			*type = IPQOS_DATA_TYPE_ADDRESS_MASK;
5552 			return (IPQOS_CONF_SUCCESS);
5553 		} else if (strcmp(ipgpc_nm, IPGPC_SPORT_MASK) == 0 ||
5554 		    strcmp(ipgpc_nm, IPGPC_DPORT_MASK) == 0) {
5555 			*type = IPQOS_DATA_TYPE_UINT16;
5556 			return (IPQOS_CONF_SUCCESS);
5557 		} else if (strcmp(ipgpc_nm, IPGPC_FILTER_TYPE) == 0) {
5558 			*type = IPQOS_DATA_TYPE_UINT32;
5559 			return (IPQOS_CONF_SUCCESS);
5560 		} else if (strcmp(ipgpc_nm, IPGPC_IF_INDEX) == 0) {
5561 			*type = IPQOS_DATA_TYPE_IFINDEX;
5562 			return (IPQOS_CONF_SUCCESS);
5563 		}
5564 
5565 		free(ipgpc_nm);
5566 	}
5567 
5568 	/*
5569 	 * read upto and including module version line.
5570 	 */
5571 	if (read_tfile_ver(tfp, IPQOS_MOD_STR, module_name) == -1)
5572 		return (IPQOS_CONF_ERR);
5573 
5574 
5575 	/*
5576 	 * loop reading lines of the types file until named parameter
5577 	 * found or EOF.
5578 	 */
5579 	while (fgets(lbuf, IPQOS_CONF_TYPE_LINE_LEN, tfp) != NULL) {
5580 
5581 		/*
5582 		 * check whether blank or commented line; if so skip
5583 		 */
5584 		for (cp = lbuf; isspace(*cp) && *cp != '\0'; cp++) {}
5585 		if (*cp == '\0' || *cp == '#') {
5586 			continue;
5587 		}
5588 
5589 		dfltst[0] = '\0';
5590 
5591 		/*
5592 		 * read place, param, type and if present default str
5593 		 * from line.
5594 		 */
5595 		ac = sscanf(lbuf,
5596 		    "%" VAL2STR(IPQOS_CONF_TYPE_LEN) "s "
5597 		    "%" VAL2STR(IPQOS_CONF_PNAME_LEN) "s "
5598 		    "%" VAL2STR(IPQOS_CONF_TYPE_LEN) "s "
5599 		    "%" VAL2STR(IPQOS_VALST_MAXLEN) "s",
5600 		    place_st, param, typest, dfltst);
5601 		if (ac < 3) {
5602 			ipqos_msg(MT_ERROR,
5603 			    gettext("Types file for module %s is corrupt.\n"),
5604 			    module_name);
5605 			IPQOSCDBG0(L0, "sscanf failed to read 3 strings.\n");
5606 			return (IPQOS_CONF_ERR);
5607 		}
5608 
5609 		/*
5610 		 * if the place and name match no need to look any further.
5611 		 */
5612 		if ((*place == PL_ANY) ||
5613 		    ((*place == PL_PARAMS) &&
5614 		    strcmp(place_st, IPQOS_PLACE_PRM_STR) == 0) ||
5615 		    ((*place == PL_FILTER) &&
5616 		    strcmp(place_st, IPQOS_PLACE_FILTER_STR) == 0) ||
5617 		    ((*place == PL_MAP) &&
5618 		    strcmp(place_st, IPQOS_PLACE_MAP_STR) == 0)) {
5619 			if (strcmp(param, name) == 0) {
5620 				found++;
5621 				break;
5622 			}
5623 		}
5624 	}
5625 	if (found == 0) {
5626 		ipqos_msg(MT_ERROR,
5627 		    gettext("Invalid parameter, %s, line %u.\n"), name,
5628 		    lineno);
5629 		return (IPQOS_CONF_ERR);
5630 	}
5631 
5632 	/*
5633 	 * set the place parameter to the actual place when the PL_ANY flag
5634 	 * was set.
5635 	 */
5636 	if (*place == PL_ANY) {
5637 		if (strcmp(place_st, IPQOS_PLACE_PRM_STR) == 0) {
5638 			*place = PL_PARAMS;
5639 		} else if (strcmp(place_st, IPQOS_PLACE_FILTER_STR) == 0) {
5640 			*place = PL_FILTER;
5641 		} else if (strcmp(place_st, IPQOS_PLACE_MAP_STR) == 0) {
5642 			*place = PL_MAP;
5643 		}
5644 	}
5645 
5646 	/*
5647 	 * get type enumeration
5648 	 */
5649 	for (x = 0; nv_types[x].string[0]; x++) {
5650 		if (strcmp(nv_types[x].string, typest) == 0) {
5651 			break;
5652 		}
5653 	}
5654 	/*
5655 	 * check that we have a type corresponding with the one the types
5656 	 * file specifies.
5657 	 */
5658 	if (nv_types[x].string[0] == '\0') {
5659 		ipqos_msg(MT_ERROR,
5660 		    gettext("Types file for module %s is corrupt.\n"),
5661 		    module_name);
5662 		return (IPQOS_CONF_ERR);
5663 	}
5664 	*type = nv_types[x].value;
5665 
5666 	/*
5667 	 * if enumeration type get set of name/vals and any default value
5668 	 */
5669 	if (*type == IPQOS_DATA_TYPE_ENUM) {
5670 		*enum_nvps = read_enum_nvs(lbuf, module_name);
5671 		if (*enum_nvps == NULL) {
5672 			return (IPQOS_CONF_ERR);
5673 		}
5674 
5675 		dfltst[0] = '\0';
5676 		cp = strchr(lbuf, CURL_END);
5677 		(void) sscanf(++cp,
5678 		    "%" VAL2STR(IPQOS_VALST_MAXLEN) "s", dfltst);
5679 	}
5680 
5681 
5682 	IPQOSCDBG2(L1, "read type: %s default: %s\n", nv_types[x].string,
5683 	    *dfltst ? dfltst : "None");
5684 	return (IPQOS_CONF_SUCCESS);
5685 }
5686 
5687 
5688 /*
5689  * Reads a name and a value from file ref'd by cfp into list indirectly
5690  * ref'd by nvlp; If this list is NULL it will be created to accomodate
5691  * the name/value. The name must be either a special token for
5692  * for the place, or be present in the module types file ref'd by tfp.
5693  * *type is set to the enumeration of the type of the parameter and
5694  * nvp to point at the element with the nvlp ref'd list.
5695  * RETURNS: IPQOS_CONF_CURL_END if read CURL_END as name,
5696  * IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
5697  */
5698 static int
5699 readnvpair(
5700 FILE *cfp,
5701 FILE *tfp,
5702 nvlist_t **nvlp,
5703 nvpair_t **nvp,
5704 ipqos_nvtype_t *type,
5705 place_t place,
5706 char *module_name)
5707 {
5708 
5709 	char *name = NULL;
5710 	char *valst = NULL;
5711 	int res;
5712 	char *tmp;
5713 	str_val_nd_t *enum_nvs = NULL;
5714 	char dfltst[IPQOS_VALST_MAXLEN+1];
5715 
5716 	IPQOSCDBG0(L1, "in readnvpair\n");
5717 
5718 	/*
5719 	 * read nvpair name
5720 	 */
5721 	res = readtoken(cfp, &name);
5722 
5723 	/*
5724 	 * if reached eof, curl end or error encountered return to caller
5725 	 */
5726 	if (res == IPQOS_CONF_EOF) {
5727 		ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
5728 		return (IPQOS_CONF_ERR);
5729 	} else if (res == IPQOS_CONF_ERR) {
5730 		return (res);
5731 	} else if (res == IPQOS_CONF_CURL_END) {
5732 		free(name);
5733 		return (res);
5734 	}
5735 
5736 	/*
5737 	 * read nvpair value
5738 	 */
5739 	res = readtoken(cfp, &valst);
5740 
5741 	/*
5742 	 * check we've read a valid value
5743 	 */
5744 	if (res != IPQOS_CONF_SUCCESS && res != IPQOS_CONF_CURL_BEGIN) {
5745 		if (res == IPQOS_CONF_EOF) {
5746 			ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
5747 		} else if (res == IPQOS_CONF_CURL_END) {
5748 			ipqos_msg(MT_ERROR,
5749 			    gettext("Missing parameter value line %u.\n"),
5750 			    lineno);
5751 			free(valst);
5752 		}	/* we do nothing special for IPQOS_CONF_ERR */
5753 		free(name);
5754 		return (IPQOS_CONF_ERR);
5755 	}
5756 
5757 	/*
5758 	 * check for generic parameters.
5759 	 */
5760 
5761 	if ((place == PL_CLASS) &&
5762 	    strcmp(name, IPQOS_CONF_NEXT_ACTION_STR) == 0) {
5763 		*type = IPQOS_DATA_TYPE_ACTION;
5764 
5765 	} else if (place == PL_PARAMS &&
5766 	    strcmp(name, IPQOS_CONF_GLOBAL_STATS_STR) == 0 ||
5767 	    place == PL_CLASS &&
5768 	    strcmp(name, IPQOS_CONF_STATS_ENABLE_STR) == 0) {
5769 		*type = IPQOS_DATA_TYPE_BOOLEAN;
5770 
5771 	} else if (tfp == NULL ||
5772 	    ((place != PL_PARAMS) && strcmp(name, IPQOS_CONF_NAME_STR) == 0) ||
5773 	    (place == PL_FILTER) && (strcmp(name, IPQOS_CONF_CLASS_STR) ==
5774 	    0) ||
5775 	    (place == PL_ACTION) && (strcmp(name, IPQOS_CONF_MODULE_STR) ==
5776 	    0)) {
5777 		*type = IPQOS_DATA_TYPE_STRING;
5778 
5779 	} else {	/* if not generic parameter */
5780 		/*
5781 		 * get type from types file
5782 		 */
5783 		if (readtype(tfp, module_name, name, type, &enum_nvs, dfltst,
5784 		    B_FALSE, &place) != IPQOS_CONF_SUCCESS) {
5785 			free(name);
5786 			free(valst);
5787 			return (IPQOS_CONF_ERR);
5788 		}
5789 
5790 		/*
5791 		 * get full module prefix parameter name
5792 		 */
5793 		tmp = name;
5794 		if ((name = prepend_module_name(name, module_name)) == NULL) {
5795 			name = tmp;
5796 			goto fail;
5797 		}
5798 		free(tmp);
5799 	}
5800 
5801 	IPQOSCDBG3(L1, "NVP, name: %s, str_value: %s, type: %s\n", name,
5802 	    valst, nv_types[*type].string);
5803 
5804 
5805 	/*
5806 	 * create nvlist if not present already
5807 	 */
5808 	if (*nvlp == NULL) {
5809 		res = nvlist_alloc(nvlp, NV_UNIQUE_NAME, 0);
5810 		if (res != 0) {
5811 			ipqos_msg(MT_ENOSTR, "nvlist_alloc");
5812 			free(name);
5813 			free(valst);
5814 			return (IPQOS_CONF_ERR);
5815 		}
5816 	}
5817 
5818 	/*
5819 	 * check we haven't already read this parameter
5820 	 */
5821 	if (find_nvpair(*nvlp, name)) {
5822 		ipqos_msg(MT_ERROR, gettext("Duplicate parameter line %u.\n"),
5823 		    lineno);
5824 		goto fail;
5825 	}
5826 
5827 	/*
5828 	 * convert value string to appropriate type and add to nvlist
5829 	 */
5830 
5831 	switch (*type) {
5832 		case IPQOS_DATA_TYPE_IFNAME: {
5833 			uint32_t ifidx;
5834 
5835 			res = readifindex(valst, (int *)&ifidx);
5836 			if (res == IPQOS_CONF_SUCCESS) {
5837 				res = nvlist_add_uint32(*nvlp, IPGPC_IF_INDEX,
5838 				    ifidx);
5839 				if (res != 0) {
5840 					ipqos_msg(MT_ENOSTR,
5841 					    "nvlist_add_uint32");
5842 					goto fail;
5843 				}
5844 				(void) nvlist_remove_all(*nvlp, name);
5845 				/*
5846 				 * change name to point at the name of the
5847 				 * new ifindex nvlist entry as name is used
5848 				 * later in the function.
5849 				 */
5850 				free(name);
5851 				name = malloc(strlen(IPGPC_IF_INDEX) + 1);
5852 				if (name == NULL) {
5853 					ipqos_msg(MT_ENOSTR, "malloc");
5854 					goto fail;
5855 				}
5856 				(void) strcpy(name, IPGPC_IF_INDEX);
5857 			}
5858 			break;
5859 		}
5860 		case IPQOS_DATA_TYPE_PROTO: {
5861 			uint8_t proto;
5862 
5863 			res = readproto(valst, &proto);
5864 			if (res == IPQOS_CONF_SUCCESS) {
5865 				res = nvlist_add_byte(*nvlp, name, proto);
5866 				if (res != 0) {
5867 					ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
5868 					goto fail;
5869 				}
5870 			}
5871 			break;
5872 		}
5873 		case IPQOS_DATA_TYPE_PORT: {
5874 			uint16_t port;
5875 
5876 			res = readport(valst, &port);
5877 			if (res == IPQOS_CONF_SUCCESS) {
5878 
5879 				/* add port */
5880 
5881 				res = nvlist_add_uint16(*nvlp, name, port);
5882 				if (res != 0) {
5883 					ipqos_msg(MT_ENOSTR,
5884 					    "nvlist_add_uint16");
5885 					goto fail;
5886 				}
5887 
5888 				/* add appropriate all ones port mask */
5889 
5890 				if (strcmp(name, IPGPC_DPORT) == 0) {
5891 					res = nvlist_add_uint16(*nvlp,
5892 					    IPGPC_DPORT_MASK, ~0);
5893 
5894 				} else if (strcmp(name, IPGPC_SPORT) == 0) {
5895 					res = nvlist_add_uint16(*nvlp,
5896 					    IPGPC_SPORT_MASK, ~0);
5897 				}
5898 				if (res != 0) {
5899 					ipqos_msg(MT_ENOSTR,
5900 					    "nvlist_add_uint16");
5901 					goto fail;
5902 				}
5903 			}
5904 			break;
5905 		}
5906 		case IPQOS_DATA_TYPE_ADDRESS:
5907 		case IPQOS_DATA_TYPE_ACTION:
5908 		case IPQOS_DATA_TYPE_STRING:
5909 			res = nvlist_add_string(*nvlp, name, valst);
5910 			if (res != 0) {
5911 				ipqos_msg(MT_ENOSTR, "nvlist_add_string");
5912 				goto fail;
5913 			}
5914 			break;
5915 		case IPQOS_DATA_TYPE_BOOLEAN: {
5916 			boolean_t b;
5917 
5918 			res = readbool(valst, &b);
5919 			if (res == IPQOS_CONF_SUCCESS) {
5920 				res = nvlist_add_uint32(*nvlp, name,
5921 				    (uint32_t)b);
5922 				if (res != 0) {
5923 					ipqos_msg(MT_ENOSTR,
5924 					    "nvlist_add_uint32");
5925 					goto fail;
5926 				}
5927 			}
5928 			break;
5929 		}
5930 		case IPQOS_DATA_TYPE_UINT8: {
5931 			uint8_t u8;
5932 
5933 			res = readuint8(valst, &u8, &tmp);
5934 			if (res == IPQOS_CONF_SUCCESS) {
5935 				res = nvlist_add_byte(*nvlp, name, u8);
5936 				if (res != 0) {
5937 					ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
5938 					goto fail;
5939 				}
5940 			}
5941 			break;
5942 		}
5943 		case IPQOS_DATA_TYPE_INT16: {
5944 			int16_t i16;
5945 
5946 			res = readint16(valst, &i16, &tmp);
5947 			if (res == IPQOS_CONF_SUCCESS) {
5948 				res = nvlist_add_int16(*nvlp, name, i16);
5949 				if (res != 0) {
5950 					ipqos_msg(MT_ENOSTR,
5951 					    "nvlist_add_int16");
5952 					goto fail;
5953 				}
5954 			}
5955 			break;
5956 		}
5957 		case IPQOS_DATA_TYPE_UINT16: {
5958 			uint16_t u16;
5959 
5960 			res = readuint16(valst, &u16, &tmp);
5961 			if (res == IPQOS_CONF_SUCCESS) {
5962 				res = nvlist_add_uint16(*nvlp, name, u16);
5963 				if (res != 0) {
5964 					ipqos_msg(MT_ENOSTR,
5965 					    "nvlist_add_int16");
5966 					goto fail;
5967 				}
5968 			}
5969 			break;
5970 		}
5971 		case IPQOS_DATA_TYPE_INT32: {
5972 			int i32;
5973 
5974 			res = readint32(valst, &i32, &tmp);
5975 			if (res == IPQOS_CONF_SUCCESS) {
5976 				res = nvlist_add_int32(*nvlp, name, i32);
5977 				if (res != 0) {
5978 					ipqos_msg(MT_ENOSTR,
5979 					    "nvlist_add_int32");
5980 					goto fail;
5981 				}
5982 			}
5983 			break;
5984 		}
5985 		case IPQOS_DATA_TYPE_UINT32: {
5986 			uint32_t u32;
5987 
5988 			res = readuint32(valst, &u32, &tmp);
5989 			if (res == IPQOS_CONF_SUCCESS) {
5990 				res = nvlist_add_uint32(*nvlp, name, u32);
5991 				if (res != 0) {
5992 					ipqos_msg(MT_ENOSTR,
5993 					    "nvlist_add_uint32");
5994 					goto fail;
5995 				}
5996 			}
5997 			break;
5998 		}
5999 		case IPQOS_DATA_TYPE_ENUM: {
6000 			uint32_t val;
6001 
6002 			res = read_enum_value(cfp, valst, enum_nvs, &val);
6003 			if (res == IPQOS_CONF_SUCCESS) {
6004 				res = nvlist_add_uint32(*nvlp, name, val);
6005 				if (res != 0) {
6006 					ipqos_msg(MT_ENOSTR,
6007 					    "nvlist_add_uint32");
6008 					goto fail;
6009 				}
6010 			} else {
6011 				goto fail;
6012 			}
6013 			break;
6014 		}
6015 		/*
6016 		 * For now the dfltst contains a comma separated list of the
6017 		 * type we need this parameter to be mapped to.
6018 		 * read_mapped_values will fill in all the mapped parameters
6019 		 * and their values in the nvlist.
6020 		 */
6021 		case IPQOS_DATA_TYPE_M_INDEX: {
6022 			uint8_t u8;
6023 
6024 			res = readuint8(valst, &u8, &tmp);
6025 			if (res == IPQOS_CONF_SUCCESS) {
6026 				res = nvlist_add_byte(*nvlp, name, u8);
6027 				if (res != 0) {
6028 					ipqos_msg(MT_ENOSTR,
6029 					    "nvlist_add_uint8");
6030 					goto fail;
6031 				}
6032 			} else {
6033 				*type = IPQOS_DATA_TYPE_UINT8;
6034 				break;
6035 			}
6036 			res = read_mapped_values(tfp, nvlp, module_name,
6037 			    dfltst, u8);
6038 			if (res != IPQOS_CONF_SUCCESS) {
6039 				goto fail;
6040 			}
6041 			break;
6042 		}
6043 		case IPQOS_DATA_TYPE_INT_ARRAY: {
6044 			str_val_nd_t *arr_enum_nvs = NULL;
6045 			uint32_t size;
6046 			int llimit = 0, ulimit = 0;
6047 			int *arr;
6048 
6049 			/*
6050 			 * read array info from types file.
6051 			 */
6052 			res = read_int_array_info(dfltst, &arr_enum_nvs, &size,
6053 			    &llimit, &ulimit, module_name);
6054 			if (res != IPQOS_CONF_SUCCESS) {
6055 				goto fail;
6056 			}
6057 
6058 			/*
6059 			 * read array contents from config file and construct
6060 			 * array with them.
6061 			 */
6062 			res = read_int_array(cfp, valst, &arr, size, llimit,
6063 			    ulimit, arr_enum_nvs);
6064 			if (res != IPQOS_CONF_SUCCESS) {
6065 				goto fail;
6066 			}
6067 
6068 			/*
6069 			 * add array to nvlist.
6070 			 */
6071 			res = nvlist_add_int32_array(*nvlp, name, arr, size);
6072 			if (res != 0) {
6073 				ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
6074 				goto fail;
6075 			}
6076 
6077 			/*
6078 			 * free uneeded resources.
6079 			 */
6080 			free(arr);
6081 			if (arr_enum_nvs)
6082 				free_str_val_entrys(arr_enum_nvs);
6083 
6084 			break;
6085 		}
6086 		case IPQOS_DATA_TYPE_USER: {
6087 			uid_t uid;
6088 
6089 			res = readuser(valst, &uid);
6090 			if (res == IPQOS_CONF_SUCCESS) {
6091 				res = nvlist_add_int32(*nvlp, name, (int)uid);
6092 				if (res != 0) {
6093 					ipqos_msg(MT_ENOSTR,
6094 					    "nvlist_add_int32");
6095 					goto fail;
6096 				}
6097 			}
6098 			break;
6099 		}
6100 #ifdef	_IPQOS_CONF_DEBUG
6101 		default: {
6102 			/*
6103 			 * we shouldn't have a type that doesn't have a switch
6104 			 * entry.
6105 			 */
6106 			assert(1);
6107 		}
6108 #endif
6109 	}
6110 	if (res != 0) {
6111 		ipqos_msg(MT_ERROR, gettext("Invalid %s, line %u.\n"),
6112 		    nv_types[*type].string, lineno);
6113 		goto fail;
6114 	}
6115 
6116 	/* set the nvp parameter to point at the newly added nvlist entry */
6117 
6118 	*nvp = find_nvpair(*nvlp, name);
6119 
6120 	free(name);
6121 	free(valst);
6122 	if (enum_nvs)
6123 		free_str_val_entrys(enum_nvs);
6124 	return (IPQOS_CONF_SUCCESS);
6125 fail:
6126 	if (name != NULL)
6127 		free(name);
6128 	if (valst != NULL)
6129 		free(valst);
6130 	if (enum_nvs != NULL)
6131 		free_str_val_entrys(enum_nvs);
6132 	return (IPQOS_CONF_ERR);
6133 }
6134 
6135 /*
6136  * read a parameter clause from cfp into *params.
6137  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
6138  */
6139 static int
6140 readparams(
6141 FILE *cfp,
6142 FILE *tfp,
6143 char *module_name,
6144 ipqos_conf_params_t *params)
6145 {
6146 
6147 	int res;
6148 	nvpair_t *nvp;
6149 	ipqos_nvtype_t type;
6150 	boolean_t bl;
6151 	char *nm;
6152 	char *action;
6153 	char tmp[IPQOS_CONF_PNAME_LEN];
6154 	int read_stats = 0;
6155 
6156 	IPQOSCDBG0(L0, "in readparams\n");
6157 
6158 	/* read beginning curl */
6159 
6160 	res = read_curl_begin(cfp);
6161 	if (res != IPQOS_CONF_SUCCESS) {
6162 		return (res);
6163 	}
6164 
6165 	/*
6166 	 * loop reading nvpairs, adding to params nvlist until encounter
6167 	 * CURL_END.
6168 	 */
6169 	for (;;) {
6170 		/* read nvpair */
6171 
6172 		res = readnvpair(cfp, tfp, &params->nvlist,
6173 		    &nvp, &type, PL_PARAMS, module_name);
6174 		if (res == IPQOS_CONF_ERR) {
6175 			goto fail;
6176 
6177 		/* we have finished reading params */
6178 
6179 		} else if (res == IPQOS_CONF_CURL_END) {
6180 			break;
6181 		}
6182 
6183 		/*
6184 		 * read global stats - place into params struct and remove
6185 		 * from nvlist.
6186 		 */
6187 		if (strcmp(nvpair_name(nvp), IPQOS_CONF_GLOBAL_STATS_STR) ==
6188 		    0) {
6189 			/* check we haven't read stats before */
6190 
6191 			if (read_stats) {
6192 				ipqos_msg(MT_ERROR,
6193 				    gettext("Duplicate parameter line %u.\n"),
6194 				    lineno);
6195 				goto fail;
6196 			}
6197 			read_stats++;
6198 
6199 			(void) nvpair_value_uint32(nvp, (uint32_t *)&bl);
6200 			params->stats_enable = bl;
6201 			(void) nvlist_remove_all(params->nvlist,
6202 			    IPQOS_CONF_GLOBAL_STATS_STR);
6203 
6204 
6205 		/*
6206 		 * read action type parameter - add it to list of action refs.
6207 		 * also, if it's one of continue or drop virtual actions
6208 		 * change the action name to their special ipp names in
6209 		 * the action ref list and the nvlist.
6210 		 */
6211 		} else if (type == IPQOS_DATA_TYPE_ACTION) {
6212 
6213 			/* get name and value from nvlist */
6214 
6215 			nm = nvpair_name(nvp);
6216 			(void) nvpair_value_string(nvp, &action);
6217 
6218 			/* if virtual action names change to ipp name */
6219 
6220 			if ((strcmp(action, IPQOS_CONF_CONT_STR) == 0) ||
6221 			    strcmp(action, IPQOS_CONF_DROP_STR) == 0) {
6222 				/*
6223 				 * we copy nm to a seperate buffer as nv_pair
6224 				 * name above gave us a ptr to internal
6225 				 * memory which causes strange behaviour
6226 				 * when we re-value that nvlist element.
6227 				 */
6228 				(void) strlcpy(tmp, nm, sizeof (tmp));
6229 				nm = tmp;
6230 
6231 
6232 				/* modify nvlist entry and change action */
6233 
6234 				if (strcmp(action, IPQOS_CONF_CONT_STR) == 0) {
6235 					action = IPP_ANAME_CONT;
6236 					res = nvlist_add_string(params->nvlist,
6237 					    nm, action);
6238 				} else {
6239 					action = IPP_ANAME_DROP;
6240 					res = nvlist_add_string(params->nvlist,
6241 					    nm, action);
6242 				}
6243 				if (res != 0) {
6244 					ipqos_msg(MT_ENOSTR,
6245 					    "nvlist_add_string");
6246 					goto fail;
6247 				}
6248 			}
6249 
6250 			/* add action reference to params */
6251 
6252 			res = add_aref(&params->actions, nm, action);
6253 		}
6254 	}
6255 
6256 	return (IPQOS_CONF_SUCCESS);
6257 fail:
6258 
6259 	if (params->nvlist) {
6260 		nvlist_free(params->nvlist);
6261 		params->nvlist = NULL;
6262 	}
6263 	if (params->actions) {
6264 		free_arefs(params->actions);
6265 		params->actions = NULL;
6266 	}
6267 	return (IPQOS_CONF_ERR);
6268 }
6269 
6270 /* ************************* class manip fns ****************************** */
6271 
6272 
6273 
6274 /*
6275  * make dst point at a dupicate class struct with duplicate elements to src.
6276  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
6277  */
6278 static int
6279 dup_class(
6280 ipqos_conf_class_t *src,
6281 ipqos_conf_class_t **dst)
6282 {
6283 
6284 	ipqos_conf_class_t *cls;
6285 	int res;
6286 
6287 	IPQOSCDBG1(DIFF, "In dup_class: class: %s\n", src->name);
6288 	cls = alloc_class();
6289 	if (cls == NULL) {
6290 		return (IPQOS_CONF_ERR);
6291 	}
6292 
6293 	/* struct copy */
6294 	*cls = *src;
6295 
6296 	/* we're not interested in the nvlist for a class */
6297 	cls->nvlist = NULL;
6298 
6299 
6300 	/* copy first action reference */
6301 	cls->alist = NULL;
6302 	res = add_aref(&cls->alist, src->alist->field, src->alist->name);
6303 	if (res != IPQOS_CONF_SUCCESS) {
6304 		free(cls);
6305 		return (res);
6306 	}
6307 
6308 	*dst = cls;
6309 
6310 	return (IPQOS_CONF_SUCCESS);
6311 }
6312 
6313 /*
6314  * create a zero'd class struct and return a ptr to it.
6315  * RETURNS: ptr to struct on success, NULL otherwise.
6316  */
6317 static ipqos_conf_class_t *
6318 alloc_class()
6319 {
6320 
6321 	ipqos_conf_class_t *class;
6322 
6323 	class = malloc(sizeof (ipqos_conf_class_t));
6324 	if (class) {
6325 		bzero(class, sizeof (ipqos_conf_class_t));
6326 	} else {
6327 		ipqos_msg(MT_ENOSTR, "malloc");
6328 	}
6329 
6330 	return (class);
6331 }
6332 
6333 /* frees up all memory occupied by a filter struct and its contents. */
6334 static void
6335 free_class(ipqos_conf_class_t *cls)
6336 {
6337 
6338 	if (cls == NULL)
6339 		return;
6340 
6341 	/* free its nvlist if present */
6342 
6343 	nvlist_free(cls->nvlist);
6344 
6345 	/* free its action refs if present */
6346 
6347 	if (cls->alist)
6348 		free_arefs(cls->alist);
6349 
6350 	/* finally free class itself */
6351 	free(cls);
6352 }
6353 
6354 /*
6355  * Checks whether there is a class called class_nm  in classes list.
6356  * RETURNS: ptr to first matched class, else if not matched NULL.
6357  */
6358 static ipqos_conf_class_t *
6359 classexist(
6360 char *class_nm,
6361 ipqos_conf_class_t *classes)
6362 {
6363 
6364 	ipqos_conf_class_t *cls;
6365 
6366 	IPQOSCDBG1(L1, "In classexist: name: %s\n", class_nm);
6367 
6368 	for (cls = classes; cls; cls = cls->next) {
6369 		if (strcmp(class_nm, cls->name) == 0) {
6370 			break;
6371 		}
6372 	}
6373 
6374 	return (cls);
6375 }
6376 
6377 
6378 
6379 /* ************************** filter manip fns **************************** */
6380 
6381 
6382 
6383 /*
6384  * Checks whether there is a filter called filter_nm with instance number
6385  * instance in filters list created by us or permanent. Instance value -1
6386  * is a wildcard.
6387  * RETURNS: ptr to first matched filter, else if not matched NULL.
6388  */
6389 static ipqos_conf_filter_t *
6390 filterexist(
6391 char *filter_nm,
6392 int instance,
6393 ipqos_conf_filter_t *filters)
6394 {
6395 
6396 	IPQOSCDBG2(L1, "In filterexist: name :%s, inst: %d\n", filter_nm,
6397 	    instance);
6398 
6399 	while (filters) {
6400 		if (strcmp(filters->name, filter_nm) == 0 &&
6401 		    (instance == -1 || filters->instance == instance) &&
6402 		    (filters->originator == IPP_CONFIG_IPQOSCONF ||
6403 		    filters->originator == IPP_CONFIG_PERMANENT)) {
6404 			break;
6405 		}
6406 		filters = filters->next;
6407 	}
6408 	return (filters);
6409 }
6410 
6411 /*
6412  * allocate and zero a filter structure.
6413  * RETURNS: NULL on error, else ptr to filter struct.
6414  */
6415 static ipqos_conf_filter_t *
6416 alloc_filter()
6417 {
6418 
6419 	ipqos_conf_filter_t *flt;
6420 
6421 	flt = malloc(sizeof (ipqos_conf_filter_t));
6422 	if (flt) {
6423 		bzero(flt, sizeof (ipqos_conf_filter_t));
6424 		flt->instance = -1;
6425 	} else {
6426 		ipqos_msg(MT_ENOSTR, "malloc");
6427 	}
6428 
6429 	return (flt);
6430 }
6431 
6432 /* free flt and all it's contents. */
6433 
6434 static void
6435 free_filter(ipqos_conf_filter_t *flt)
6436 {
6437 
6438 	IPQOSCDBG2(L1, "In free_filter: filter: %s, inst: %d\n", flt->name,
6439 	    flt->instance);
6440 
6441 	if (flt == NULL)
6442 		return;
6443 
6444 	if (flt->src_nd_name)
6445 		free(flt->src_nd_name);
6446 	if (flt->dst_nd_name)
6447 		free(flt->dst_nd_name);
6448 	if (flt->nvlist) {
6449 		nvlist_free(flt->nvlist);
6450 	}
6451 	free(flt);
6452 }
6453 
6454 /*
6455  * makes a copy of ofilter and its contents and points nfilter at it. It
6456  * also adds an instance number to the filter and if either saddr or
6457  * daddr are non-null that address to the filters nvlist along with
6458  * an all 1s address mask and the af.
6459  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
6460  */
6461 static int
6462 dup_filter(
6463 ipqos_conf_filter_t *ofilter,
6464 ipqos_conf_filter_t **nfilter,
6465 int af,
6466 int inv6,	/* if saddr or daddr set and v4 filter are they in v6 addr */
6467 void *saddr,
6468 void *daddr,
6469 int inst)
6470 {
6471 
6472 	ipqos_conf_filter_t *nf;
6473 	int res;
6474 	in6_addr_t v6addr;
6475 	in6_addr_t all_1s_v6;
6476 
6477 	IPQOSCDBG4(MHME, "In dup_filter: name: %s, af: %u, inv6: %u, ins: %d\n",
6478 	    ofilter->name, af, inv6, inst);
6479 
6480 /* show src address and dst address if present */
6481 #ifdef	_IPQOS_CONF_DEBUG
6482 	if (ipqosconf_dbg_flgs & MHME) {
6483 		char st[100];
6484 
6485 		if (saddr) {
6486 			(void) fprintf(stderr, "saddr: %s\n",
6487 			    inet_ntop(inv6 ? AF_INET6 : AF_INET, saddr, st,
6488 			    100));
6489 		}
6490 
6491 		if (daddr) {
6492 			(void) fprintf(stderr, "daddr: %s\n",
6493 			    inet_ntop(inv6 ? AF_INET6 : AF_INET, daddr, st,
6494 			    100));
6495 		}
6496 	}
6497 #endif	/* _IPQOS_CONF_DEBUG */
6498 
6499 	/* init local v6 address to 0 */
6500 	(void) bzero(&v6addr, sizeof (in6_addr_t));
6501 
6502 	/* create an all 1s address for use as mask */
6503 	(void) memset(&all_1s_v6, ~0, sizeof (in6_addr_t));
6504 
6505 	/* create a new filter */
6506 
6507 	nf = alloc_filter();
6508 	if (nf == NULL) {
6509 		return (IPQOS_CONF_ERR);
6510 	}
6511 
6512 	/* struct copy old filter to new */
6513 	*nf = *ofilter;
6514 
6515 	/* copy src filters nvlist if there is one to copy */
6516 
6517 	if (ofilter->nvlist) {
6518 		res = nvlist_dup(ofilter->nvlist, &nf->nvlist, 0);
6519 		if (res != 0) {
6520 			ipqos_msg(MT_ENOSTR, "nvlist_dup");
6521 			goto fail;
6522 		}
6523 	}
6524 
6525 	/* copy src and dst node names if present */
6526 
6527 	if (ofilter->src_nd_name) {
6528 		nf->src_nd_name = malloc(strlen(ofilter->src_nd_name) + 1);
6529 		if (nf->src_nd_name == NULL) {
6530 			ipqos_msg(MT_ENOSTR, "malloc");
6531 			goto fail;
6532 		}
6533 		(void) strcpy(nf->src_nd_name, ofilter->src_nd_name);
6534 	}
6535 	if (ofilter->dst_nd_name) {
6536 		nf->dst_nd_name = malloc(strlen(ofilter->dst_nd_name) + 1);
6537 		if (nf->dst_nd_name == NULL) {
6538 			ipqos_msg(MT_ENOSTR, "malloc");
6539 			goto fail;
6540 		}
6541 		(void) strcpy(nf->dst_nd_name, ofilter->dst_nd_name);
6542 	}
6543 
6544 	/* add filter addresses type */
6545 
6546 	res = nvlist_add_byte(nf->nvlist, IPGPC_FILTER_TYPE,
6547 	    af == AF_INET ? IPGPC_V4_FLTR : IPGPC_V6_FLTR);
6548 	if (res != 0) {
6549 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
6550 		goto fail;
6551 	}
6552 	IPQOSCDBG1(MHME, "adding address type %s in dup filter\n",
6553 	    af == AF_INET ? "AF_INET" : "AF_INET6");
6554 
6555 	/* add saddr if present */
6556 
6557 	if (saddr) {
6558 		if (af == AF_INET && !inv6) {
6559 			V4_PART_OF_V6(v6addr) = *(uint32_t *)saddr;
6560 			saddr = &v6addr;
6561 		}
6562 
6563 		/* add address and all 1's mask */
6564 
6565 		if (nvlist_add_uint32_array(nf->nvlist, IPGPC_SADDR,
6566 		    (uint32_t *)saddr, 4) != 0 ||
6567 		    nvlist_add_uint32_array(nf->nvlist, IPGPC_SADDR_MASK,
6568 		    (uint32_t *)&all_1s_v6, 4) != 0) {
6569 			ipqos_msg(MT_ENOSTR, "nvlist_add_uint32_array");
6570 			goto fail;
6571 		}
6572 
6573 	}
6574 
6575 	/* add daddr if present */
6576 
6577 	if (daddr) {
6578 		if (af == AF_INET && !inv6) {
6579 			V4_PART_OF_V6(v6addr) = *(uint32_t *)daddr;
6580 			daddr = &v6addr;
6581 		}
6582 
6583 		/* add address and all 1's mask */
6584 
6585 		if (nvlist_add_uint32_array(nf->nvlist, IPGPC_DADDR,
6586 		    (uint32_t *)daddr, 4) != 0 ||
6587 		    nvlist_add_uint32_array(nf->nvlist, IPGPC_DADDR_MASK,
6588 		    (uint32_t *)&all_1s_v6, 4) != 0) {
6589 			ipqos_msg(MT_ENOSTR, "nvlist_add_uint32_array");
6590 			goto fail;
6591 		}
6592 	}
6593 
6594 	/* add filter instance */
6595 
6596 	nf->instance = inst;
6597 
6598 	*nfilter = nf;
6599 	return (IPQOS_CONF_SUCCESS);
6600 fail:
6601 	free_filter(nf);
6602 	return (IPQOS_CONF_ERR);
6603 }
6604 
6605 
6606 
6607 /* ************************* action manip fns ********************** */
6608 
6609 
6610 
6611 /*
6612  * create and zero action structure and a params structure hung off of it.
6613  * RETURNS: ptr to allocated action on success, else NULL.
6614  */
6615 static ipqos_conf_action_t *
6616 alloc_action()
6617 {
6618 
6619 	ipqos_conf_action_t *action;
6620 
6621 	action = (ipqos_conf_action_t *)malloc(sizeof (ipqos_conf_action_t));
6622 	if (action == NULL) {
6623 		ipqos_msg(MT_ENOSTR, "malloc");
6624 		return (action);
6625 	}
6626 	bzero(action, sizeof (ipqos_conf_action_t));
6627 
6628 	action->params = (ipqos_conf_params_t *)
6629 			malloc(sizeof (ipqos_conf_params_t));
6630 	if (action->params == NULL) {
6631 		free(action);
6632 		return (NULL);
6633 	}
6634 	bzero(action->params, sizeof (ipqos_conf_params_t));
6635 	action->params->stats_enable = B_FALSE;
6636 
6637 	return (action);
6638 }
6639 
6640 /*
6641  * free all the memory used in all the actions in actions list.
6642  */
6643 static void
6644 free_actions(
6645 ipqos_conf_action_t *actions)
6646 {
6647 
6648 	ipqos_conf_action_t *act = actions;
6649 	ipqos_conf_action_t *next;
6650 	ipqos_conf_filter_t *flt, *nf;
6651 	ipqos_conf_class_t *cls, *nc;
6652 
6653 	while (act != NULL) {
6654 		/* free parameters */
6655 
6656 		if (act->params != NULL) {
6657 			free_arefs(act->params->actions);
6658 			if (act->params->nvlist != NULL) {
6659 				nvlist_free(act->params->nvlist);
6660 			}
6661 			free(act->params);
6662 		}
6663 
6664 		/* free action nvlist */
6665 
6666 		if (act->nvlist != NULL)
6667 			free(act->nvlist);
6668 
6669 		/* free filters */
6670 
6671 		flt = act->filters;
6672 		while (flt != NULL) {
6673 			nf = flt->next;
6674 			free_filter(flt);
6675 			flt = nf;
6676 		}
6677 
6678 		/* free classes */
6679 
6680 		cls = act->classes;
6681 		while (cls != NULL) {
6682 			nc = cls->next;
6683 			free_class(cls);
6684 			cls = nc;
6685 		}
6686 
6687 		/* free permanent classes table */
6688 		cleanup_string_table(act->perm_classes, act->num_perm_classes);
6689 
6690 		/* free filters to retry */
6691 
6692 		flt = act->retry_filters;
6693 		while (flt != NULL) {
6694 			nf = flt->next;
6695 			free_filter(flt);
6696 			flt = nf;
6697 		}
6698 
6699 		/* free dependency pointers */
6700 		free_arefs(act->dependencies);
6701 
6702 		next = act->next;
6703 		free(act);
6704 		act = next;
6705 	}
6706 }
6707 
6708 /*
6709  * Checks whether there is an action called action_name in actions list.
6710  * RETURNS: ptr to first matched action, else if not matched NULL.
6711  *
6712  */
6713 static ipqos_conf_action_t *
6714 actionexist(
6715 char *action_name,
6716 ipqos_conf_action_t *actions)
6717 {
6718 
6719 	IPQOSCDBG1(L1, "In actionexist: name: %s\n", action_name);
6720 
6721 	while (actions) {
6722 		if (strcmp(action_name, actions->name) == 0) {
6723 			break;
6724 		}
6725 		actions = actions->next;
6726 	}
6727 
6728 	return (actions);
6729 }
6730 
6731 /* **************************** act ref manip fns ******************** */
6732 
6733 
6734 /*
6735  * add an action reference element with parameter field and action
6736  * action_name to arefs.
6737  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
6738  */
6739 static int
6740 add_aref(
6741 ipqos_conf_act_ref_t **arefs,
6742 char *field,
6743 char *action_name)
6744 {
6745 
6746 	ipqos_conf_act_ref_t *aref;
6747 
6748 	IPQOSCDBG1(L1, "add_aref: action: %s.\n", action_name);
6749 
6750 	/* allocate zero'd aref */
6751 
6752 	aref = malloc(sizeof (ipqos_conf_act_ref_t));
6753 	if (aref == NULL) {
6754 		ipqos_msg(MT_ENOSTR, "malloc");
6755 		return (IPQOS_CONF_ERR);
6756 	}
6757 	(void) bzero(aref, sizeof (ipqos_conf_act_ref_t));
6758 
6759 	/* copy parameter name if present */
6760 
6761 	if (field)
6762 		(void) strlcpy(aref->field, field, IPQOS_CONF_PNAME_LEN);
6763 
6764 	/* copy action name */
6765 	(void) strlcpy(aref->name, action_name, IPQOS_CONF_NAME_LEN);
6766 
6767 	/* place at head of list */
6768 
6769 	aref->next = *arefs;
6770 	*arefs = aref;
6771 
6772 	return (IPQOS_CONF_SUCCESS);
6773 }
6774 
6775 /*
6776  * free all the memory used by the action references in arefs.
6777  */
6778 static void
6779 free_arefs(
6780 ipqos_conf_act_ref_t *arefs)
6781 {
6782 
6783 	ipqos_conf_act_ref_t *aref = arefs;
6784 	ipqos_conf_act_ref_t *next;
6785 
6786 	while (aref) {
6787 		nvlist_free(aref->nvlist);
6788 		next = aref->next;
6789 		free(aref);
6790 		aref = next;
6791 	}
6792 }
6793 
6794 
6795 
6796 /* *************************************************************** */
6797 
6798 
6799 
6800 /*
6801  * checks whether aname is a valid action name.
6802  * RETURNS: IPQOS_CONF_ERR if invalid, else IPQOS_CONF_SUCCESS.
6803  */
6804 static int
6805 valid_aname(char *aname)
6806 {
6807 
6808 	/*
6809 	 * dissallow the use of the name of a virtual action, either
6810 	 * the ipqosconf name, or the longer ipp names.
6811 	 */
6812 	if (strcmp(aname, IPQOS_CONF_CONT_STR) == 0 ||
6813 	    strcmp(aname, IPQOS_CONF_DEFER_STR) == 0 ||
6814 	    strcmp(aname, IPQOS_CONF_DROP_STR) == 0 ||
6815 	    virtual_action(aname)) {
6816 		ipqos_msg(MT_ERROR, gettext("Invalid action name line %u.\n"),
6817 		    lineno);
6818 		return (IPQOS_CONF_ERR);
6819 	}
6820 
6821 	return (IPQOS_CONF_SUCCESS);
6822 }
6823 
6824 /*
6825  * Opens a stream to the types file for module module_name (assuming
6826  * that the file path is TYPES_FILE_DIR/module_name.types). if
6827  * a file open failure occurs, *openerr is set to 1.
6828  * RETURNS: NULL on error, else stream ptr to module types file.
6829  */
6830 static FILE *
6831 validmod(
6832 char *module_name,
6833 int *openerr)
6834 {
6835 
6836 	FILE *fp;
6837 	char *path;
6838 
6839 	IPQOSCDBG1(L1, "In validmod: module_name: %s\n", module_name);
6840 
6841 	*openerr = 0;
6842 
6843 	/* create modules type file path */
6844 
6845 	path = malloc(strlen(TYPES_FILE_DIR) + strlen(module_name) +
6846 	    strlen(".types") + 1);
6847 	if (path == NULL) {
6848 		ipqos_msg(MT_ENOSTR, "malloc");
6849 		return (NULL);
6850 	}
6851 	(void) strcpy(path, TYPES_FILE_DIR);
6852 	(void) strcat(path, module_name);
6853 	(void) strcat(path, ".types");
6854 
6855 
6856 	IPQOSCDBG1(L1, "opening file %s\n", path);
6857 
6858 	/* open stream to types file */
6859 
6860 	fp = fopen(path, "r");
6861 	if (fp == NULL) {
6862 		(*openerr)++;
6863 	}
6864 
6865 	free(path);
6866 	return (fp);
6867 }
6868 
6869 
6870 /*
6871  * read a class clause from cfp into a class struct and point class at this.
6872  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
6873  */
6874 static int
6875 readclass(
6876 FILE *cfp,
6877 char *module_name,
6878 ipqos_conf_class_t **class,
6879 char **perm_classes,
6880 int num_perm_classes)
6881 {
6882 
6883 	int nm, act;
6884 	int res;
6885 	nvpair_t *nvp;
6886 	ipqos_nvtype_t type;
6887 	char *name;
6888 	char *action;
6889 	int stats;
6890 
6891 	IPQOSCDBG0(L0, "in readclass\n");
6892 
6893 	/* create and zero class struct */
6894 
6895 	*class = alloc_class();
6896 	if (!*class) {
6897 		return (IPQOS_CONF_ERR);
6898 	}
6899 	(*class)->originator = IPP_CONFIG_IPQOSCONF;
6900 
6901 	/* get starting line for error reporting */
6902 	(*class)->lineno = lineno;
6903 
6904 	/* read curl_begin */
6905 
6906 	res = read_curl_begin(cfp);
6907 	if (res != IPQOS_CONF_SUCCESS) {
6908 		goto fail;
6909 	}
6910 
6911 	/* loop reading parameters till read curl_end */
6912 
6913 	stats = nm = act = 0;
6914 	for (;;) {
6915 		/* read nvpair */
6916 		res = readnvpair(cfp, NULL, &(*class)->nvlist,
6917 		    &nvp, &type, PL_CLASS, module_name);
6918 		if (res == IPQOS_CONF_ERR) {
6919 			goto fail;
6920 
6921 		/* reached end of class clause */
6922 		} else if (res == IPQOS_CONF_CURL_END) {
6923 			break;
6924 		}
6925 
6926 		/*
6927 		 * catch name and action nv pairs and stats if present
6928 		 * and place values in class structure.
6929 		 */
6930 
6931 		/* name */
6932 
6933 		if (nm == 0 &&
6934 		    strcmp(nvpair_name(nvp), IPQOS_CONF_NAME_STR) == 0) {
6935 
6936 			(void) nvpair_value_string(nvp, &name);
6937 
6938 			if (valid_name(name) != IPQOS_CONF_SUCCESS) {
6939 				goto fail;
6940 			}
6941 			(void) strcpy((*class)->name, name);
6942 			nm++;
6943 
6944 		/* next action */
6945 
6946 		} else if (act == 0 &&
6947 		    strcmp(nvpair_name(nvp), IPQOS_CONF_NEXT_ACTION_STR) == 0) {
6948 
6949 			(void) nvpair_value_string(nvp, &action);
6950 
6951 			/*
6952 			 * if next action string continue string set action to
6953 			 * IPP_ANAME_CONT, else if drop string IPP_ANAME_DROP
6954 			 */
6955 			if (strcmp(action, IPQOS_CONF_CONT_STR) == 0) {
6956 				action = IPP_ANAME_CONT;
6957 			} else if (strcmp(action, IPQOS_CONF_DROP_STR) == 0) {
6958 				action = IPP_ANAME_DROP;
6959 			}
6960 
6961 			/* add an action reference to action list */
6962 
6963 			res = add_aref(&(*class)->alist,
6964 			    IPQOS_CONF_NEXT_ACTION_STR, action);
6965 			if (res != IPQOS_CONF_SUCCESS) {
6966 				goto fail;
6967 			}
6968 			act++;
6969 
6970 		/* class stats enable */
6971 
6972 		} else if (stats == 0 &&
6973 		    strcmp(nvpair_name(nvp), IPQOS_CONF_STATS_ENABLE_STR) ==
6974 		    0) {
6975 			boolean_t bl;
6976 
6977 			(void) nvpair_value_uint32(nvp, (uint32_t *)&bl);
6978 			(*class)->stats_enable = bl;
6979 
6980 			stats++;
6981 
6982 		/* no other / duplicate parameters allowed */
6983 
6984 		} else {
6985 			ipqos_msg(MT_ERROR,
6986 			    gettext("Unexpected parameter line %u.\n"), lineno);
6987 			goto fail;
6988 		}
6989 	}
6990 	if (nm == 0 || act == 0) {
6991 		ipqos_msg(MT_ERROR,
6992 		    gettext("Missing class name/next action before line %u.\n"),
6993 		    lineno);
6994 		goto fail;
6995 	}
6996 
6997 	/* change class originator field to permanent if permanent class */
6998 
6999 	if (in_string_table(perm_classes, num_perm_classes, (*class)->name)) {
7000 	    IPQOSCDBG1(L0, "Setting class %s as permanent.\n", (*class)->name);
7001 		(*class)->originator = IPP_CONFIG_PERMANENT;
7002 	}
7003 
7004 	return (IPQOS_CONF_SUCCESS);
7005 fail:
7006 	if (*class)
7007 		free_class(*class);
7008 	return (IPQOS_CONF_ERR);
7009 }
7010 
7011 /*
7012  * This function assumes either src_nd_name or dst_node_nm are set in filter.
7013  *
7014  * Creates one of more copies of filter according to the ip versions
7015  * requested (or assumed) and the resolution of the src and dst address
7016  * node names if spec'd. If both node names are spec'd then a filter is
7017  * created for each pair of addresses (one from each node name) that is
7018  * compatible with the chosen address family, otherwise a filter copy is
7019  * created for just each address of the single node name that is
7020  * compatible.
7021  * If filter->ip_versions has been set that is used to determine the
7022  * af's we will create filters for, else if a numeric address was
7023  * added the family of that will be used, otherwise we fall back
7024  * to both v4 and v6 addresses.
7025  *
7026  * Any name lookup failures that occur are checked to see whether the failure
7027  * was a soft or hard failure and the nlerr field of filter set accordingly
7028  * before the error is returned.
7029  *
7030  * RETURNS: IPQOS_CONF_ERR on any error, else IPQOS_CONF_SUCCESS.
7031  */
7032 
7033 static int
7034 domultihome(
7035 ipqos_conf_filter_t *filter,
7036 ipqos_conf_filter_t **flist,
7037 boolean_t last_retry)
7038 {
7039 
7040 	uint32_t ftype;
7041 	int v4 = 1, v6 = 1;	/* default lookup family is v4 and v6 */
7042 	int saf, daf;
7043 	struct hostent *shp = NULL;
7044 	struct hostent *dhp = NULL;
7045 	in6_addr_t daddr, saddr;
7046 	int idx = 0;
7047 	ipqos_conf_filter_t *nfilter;
7048 	int res;
7049 	int ernum;
7050 	int in32b = 0;
7051 	char **sp, **dp;
7052 
7053 	IPQOSCDBG3(MHME, "In domultihome: filter: %s, src_node: %s, "
7054 	    "dst_node: %s\n", filter->name,
7055 	    (filter->src_nd_name ? filter->src_nd_name : "NULL"),
7056 	    (filter->dst_nd_name ? filter->dst_nd_name : "NULL"));
7057 
7058 	/* check if we've read an ip_version request to get the versions */
7059 
7060 	if (filter->ip_versions != 0) {
7061 		v4 = VERSION_IS_V4(filter);
7062 		v6 = VERSION_IS_V6(filter);
7063 
7064 	/* otherwise check if we've read a numeric address and get versions */
7065 
7066 	} else if (nvlist_lookup_uint32(filter->nvlist, IPGPC_FILTER_TYPE,
7067 	    &ftype) == 0) {
7068 		if (ftype == IPGPC_V4_FLTR) {
7069 			v6--;
7070 		} else {
7071 			v4--;
7072 		}
7073 	}
7074 
7075 	/* read saddrs if src node name */
7076 
7077 	if (filter->src_nd_name) {
7078 
7079 		/* v4 only address */
7080 
7081 		if (v4 && !v6) {
7082 			in32b++;
7083 			shp = getipnodebyname(filter->src_nd_name, AF_INET,
7084 			    AI_ADDRCONFIG, &ernum);
7085 
7086 		/* v6 only  */
7087 
7088 		} else if (v6 && !v4) {
7089 			shp = getipnodebyname(filter->src_nd_name, AF_INET6,
7090 			    AI_DEFAULT, &ernum);
7091 
7092 		/* v4 and v6 */
7093 
7094 		} else if (v6 && v4) {
7095 			shp = getipnodebyname(filter->src_nd_name, AF_INET6,
7096 			    AI_DEFAULT|AI_ALL, &ernum);
7097 		}
7098 
7099 #ifdef	TESTING_RETRY
7100 if (!last_retry) {
7101 	filter->nlerr = IPQOS_LOOKUP_RETRY;
7102 	goto fail;
7103 }
7104 #endif
7105 
7106 		/*
7107 		 * if lookup error determine whether it was a soft or hard
7108 		 * failure and mark as such in filter.
7109 		 */
7110 		if (shp == NULL) {
7111 			if (ernum != TRY_AGAIN) {
7112 				ipqos_msg(MT_ERROR, gettext("Failed to "
7113 				    "resolve src host name for filter at "
7114 				    "line %u, ignoring filter.\n"),
7115 				    filter->lineno);
7116 				filter->nlerr = IPQOS_LOOKUP_FAIL;
7117 			} else {
7118 				if (last_retry) {
7119 					ipqos_msg(MT_ERROR, gettext("Failed "
7120 					    "to resolve src host name for "
7121 					    "filter at line %u, ignoring "
7122 					    "filter.\n"), filter->lineno);
7123 				}
7124 				filter->nlerr = IPQOS_LOOKUP_RETRY;
7125 			}
7126 			goto fail;
7127 		}
7128 	}
7129 
7130 	/* read daddrs if dst node name */
7131 	if (filter->dst_nd_name) {
7132 
7133 		/* v4 only address */
7134 
7135 		if (v4 && !v6) {
7136 			in32b++;
7137 			dhp = getipnodebyname(filter->dst_nd_name, AF_INET,
7138 			    AI_ADDRCONFIG, &ernum);
7139 
7140 		/* v6 only */
7141 
7142 		} else if (v6 && !v4) {
7143 			dhp = getipnodebyname(filter->dst_nd_name, AF_INET6,
7144 			    AI_DEFAULT, &ernum);
7145 
7146 		/*  v6 and v4 addresses */
7147 
7148 		} else {
7149 			dhp = getipnodebyname(filter->dst_nd_name, AF_INET6,
7150 			    AI_DEFAULT|AI_ALL, &ernum);
7151 		}
7152 
7153 		if (dhp == NULL) {
7154 			if (ernum != TRY_AGAIN) {
7155 				ipqos_msg(MT_ERROR, gettext("Failed to "
7156 				    "resolve dst host name for filter at "
7157 				    "line %u, ignoring filter.\n"),
7158 				    filter->lineno);
7159 				filter->nlerr = IPQOS_LOOKUP_FAIL;
7160 			} else {
7161 				if (last_retry) {
7162 					ipqos_msg(MT_ERROR, gettext("Failed "
7163 					    "to resolve dst host name for "
7164 					    "filter at line %u, ignoring "
7165 					    "filter.\n"), filter->lineno);
7166 				}
7167 				filter->nlerr = IPQOS_LOOKUP_RETRY;
7168 			}
7169 			goto fail;
7170 		}
7171 	}
7172 
7173 	/*
7174 	 * if src and dst node name, create set of filters; one for each
7175 	 * src and dst address of matching types.
7176 	 */
7177 	if (filter->src_nd_name && filter->dst_nd_name) {
7178 
7179 		for (sp = shp->h_addr_list; *sp != NULL; sp++) {
7180 			(void) bcopy(*sp, &saddr, shp->h_length);
7181 
7182 			/* get saddr family */
7183 
7184 			if (in32b || IN6_IS_ADDR_V4MAPPED(&saddr)) {
7185 				saf = AF_INET;
7186 			} else {
7187 				saf = AF_INET6;
7188 			}
7189 
7190 			for (dp = dhp->h_addr_list; *dp != NULL; dp++) {
7191 				(void) bcopy(*dp, &daddr, dhp->h_length);
7192 
7193 				/* get daddr family */
7194 
7195 				if (in32b || IN6_IS_ADDR_V4MAPPED(&daddr)) {
7196 					daf = AF_INET;
7197 				} else {
7198 					daf = AF_INET6;
7199 				}
7200 
7201 				/*
7202 				 * if saddr and daddr same af duplicate
7203 				 * filter adding addresses and new instance
7204 				 * number and add to flist filter list.
7205 				 */
7206 
7207 				if (daf == saf) {
7208 
7209 					res = dup_filter(filter, &nfilter, saf,
7210 					    !in32b, &saddr, &daddr, ++idx);
7211 					if (res != IPQOS_CONF_SUCCESS) {
7212 						goto fail;
7213 					}
7214 					ADD_TO_LIST(flist, nfilter);
7215 				}
7216 			}
7217 		}
7218 
7219 	/* if src name only create set of filters, one for each node address */
7220 
7221 	} else if (filter->src_nd_name) {
7222 
7223 		for (sp = shp->h_addr_list; *sp != NULL; sp++) {
7224 			(void) bcopy(*sp, &saddr, shp->h_length);
7225 
7226 			/* get af */
7227 
7228 			if (in32b || IN6_IS_ADDR_V4MAPPED(&saddr)) {
7229 				saf = AF_INET;
7230 			} else {
7231 				saf = AF_INET6;
7232 			}
7233 
7234 
7235 			/*
7236 			 * dup filter adding saddr and new instance num and
7237 			 * add to flist filter list.
7238 			 */
7239 			res = dup_filter(filter, &nfilter, saf, !in32b, &saddr,
7240 			    NULL, ++idx);
7241 			if (res != IPQOS_CONF_SUCCESS) {
7242 				goto fail;
7243 			}
7244 
7245 			ADD_TO_LIST(flist, nfilter);
7246 
7247 		}
7248 
7249 	/* if dname only create set of filters, one for each node address */
7250 
7251 	} else {
7252 		for (dp = dhp->h_addr_list; *dp != NULL; dp++) {
7253 			(void) bcopy(*dp, &daddr, dhp->h_length);
7254 
7255 			/* get af */
7256 
7257 			if (in32b || IN6_IS_ADDR_V4MAPPED(&daddr)) {
7258 				daf = AF_INET;
7259 			} else {
7260 				daf = AF_INET6;
7261 			}
7262 
7263 			/*
7264 			 * dup filter adding daddr and new instance num and
7265 			 * add to flist filter list.
7266 			 */
7267 			res = dup_filter(filter, &nfilter, daf, !in32b, NULL,
7268 			    &daddr, ++idx);
7269 			if (res != IPQOS_CONF_SUCCESS) {
7270 				goto fail;
7271 			}
7272 
7273 			ADD_TO_LIST(flist, nfilter);
7274 		}
7275 	}
7276 
7277 	if (shp)
7278 		freehostent(shp);
7279 	if (dhp)
7280 		freehostent(dhp);
7281 	return (IPQOS_CONF_SUCCESS);
7282 fail:
7283 	/*
7284 	 * should really clean up any filters that we have created,
7285 	 * however, free_actions called from readaction will cleam them up.
7286 	 */
7287 	if (shp)
7288 		freehostent(shp);
7289 	if (dhp)
7290 		freehostent(dhp);
7291 	return (IPQOS_CONF_ERR);
7292 }
7293 
7294 
7295 /*
7296  * read a filter clause from cfp into a filter struct and point filter
7297  * at this.
7298  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
7299  */
7300 static int
7301 readfilter(
7302 FILE *cfp,
7303 FILE *tfp,
7304 char *module_name,
7305 ipqos_conf_filter_t **filter,
7306 char **perm_filters,
7307 int num_perm_filters)
7308 {
7309 
7310 	int res;
7311 	int nm, cls, ipv;
7312 	in6_addr_t mask;
7313 	char *addr_str;
7314 	char *sl = NULL;
7315 	in6_addr_t addr;
7316 	int sa;
7317 	struct hostent *hp;
7318 	int err_num;
7319 	int v4 = 0, v6 = 0;
7320 	uchar_t mlen;
7321 	char *tmp;
7322 	nvpair_t *nvp;
7323 	ipqos_nvtype_t type;
7324 	char *name;
7325 	char *class;
7326 	uchar_t b;
7327 	in6_addr_t v6addr;
7328 
7329 	IPQOSCDBG0(L0, "in readfilter\n");
7330 
7331 
7332 	/* create and zero filter struct */
7333 
7334 	*filter = alloc_filter();
7335 	if (*filter == NULL) {
7336 		return (IPQOS_CONF_ERR);
7337 	}
7338 	(*filter)->originator = IPP_CONFIG_IPQOSCONF;
7339 
7340 	/* get starting line for error reporting */
7341 	(*filter)->lineno = lineno;
7342 
7343 	/* read beginning curl */
7344 
7345 	res = read_curl_begin(cfp);
7346 	if (res != IPQOS_CONF_SUCCESS) {
7347 		goto fail;
7348 	}
7349 
7350 
7351 	/*
7352 	 * loop reading nvpairs onto nvlist until encounter CURL_END
7353 	 */
7354 	ipv = nm = cls = 0;
7355 	for (;;) {
7356 		/* read nvpair */
7357 
7358 		res = readnvpair(cfp, tfp, &(*filter)->nvlist,
7359 		    &nvp, &type, PL_FILTER, module_name);
7360 		if (res == IPQOS_CONF_ERR) {
7361 			goto fail;
7362 
7363 		/* reached the end of filter definition */
7364 
7365 		} else if (res == IPQOS_CONF_CURL_END) {
7366 			break;
7367 		}
7368 
7369 		/*
7370 		 * catch name and class and place value into filter
7371 		 * structure.
7372 		 */
7373 
7374 		/* read filter name */
7375 
7376 		if (strcmp(nvpair_name(nvp), IPQOS_CONF_NAME_STR) == 0) {
7377 			if (nm != 0) {
7378 				ipqos_msg(MT_ERROR,
7379 				    gettext("Duplicate parameter line %u.\n"),
7380 				    lineno);
7381 				goto fail;
7382 			}
7383 
7384 			(void) nvpair_value_string(nvp, &name);
7385 			if (valid_name(name) != IPQOS_CONF_SUCCESS) {
7386 				goto fail;
7387 			}
7388 
7389 			(void) strcpy((*filter)->name, name);
7390 			(void) nvlist_remove_all((*filter)->nvlist,
7391 			    IPQOS_CONF_NAME_STR);
7392 			nm++;
7393 
7394 		/* read class name */
7395 
7396 		} else if (strcmp(nvpair_name(nvp), IPQOS_CONF_CLASS_STR) ==
7397 		    0) {
7398 			if (cls != 0) {
7399 				ipqos_msg(MT_ERROR,
7400 				    gettext("Duplicate parameter line %u.\n"),
7401 				    lineno);
7402 				goto fail;
7403 			}
7404 
7405 			if (nvpair_value_string(nvp, &class) != 0) {
7406 				ipqos_msg(MT_ENOSTR, "nvpair_value_string");
7407 				break;
7408 			}
7409 			if (valid_name(class) != IPQOS_CONF_SUCCESS) {
7410 				goto fail;
7411 			}
7412 			(void) strcpy((*filter)->class_name, class);
7413 			(void) nvlist_remove_all((*filter)->nvlist,
7414 			    IPQOS_CONF_CLASS_STR);
7415 			cls++;
7416 
7417 		/*
7418 		 * if a src or dst ip node name/address. For those that
7419 		 * are determined to be addresses we convert them from
7420 		 * strings here and add to the filter nvlist; for node names
7421 		 * we add the name to the filter struct for readaction to
7422 		 * process.
7423 		 */
7424 		} else if (strcmp(nvpair_name(nvp), IPGPC_SADDR) == 0 ||
7425 		    strcmp(nvpair_name(nvp), IPGPC_DADDR) == 0) {
7426 
7427 			sa = 0;
7428 
7429 			if (strcmp(nvpair_name(nvp), IPGPC_SADDR) == 0) {
7430 				sa++;
7431 			}
7432 
7433 			(void) nvpair_value_string(nvp, &addr_str);
7434 
7435 			/*
7436 			 * get the address mask if present.
7437 			 * make a copy so that the nvlist element that
7438 			 * it is part of doesn't dissapear and causes probs.
7439 			 */
7440 			sl = strchr(addr_str, '/');
7441 			if (sl) {
7442 				*sl = '\0';
7443 				tmp = malloc(strlen(++sl) + 1);
7444 				if (tmp == NULL) {
7445 					ipqos_msg(MT_ENOSTR, "malloc");
7446 					goto fail;
7447 				}
7448 				(void) strcpy(tmp, sl);
7449 				sl = tmp;
7450 			}
7451 
7452 
7453 			/* if a numeric address */
7454 
7455 			if (inet_pton(AF_INET, addr_str, &addr) == 1 ||
7456 			    inet_pton(AF_INET6, addr_str, &addr) == 1) {
7457 
7458 				/* get address */
7459 
7460 				hp = getipnodebyname(addr_str, AF_INET6,
7461 				    AI_DEFAULT, &err_num);
7462 				if (hp == NULL) {
7463 					ipqos_msg(MT_ENOSTR,
7464 					    "getipnodebyname");
7465 					goto fail;
7466 				}
7467 
7468 				(void) bcopy(hp->h_addr_list[0], &v6addr,
7469 				    hp->h_length);
7470 				freehostent(hp);
7471 
7472 				/* determine address type */
7473 
7474 				v4 = IN6_IS_ADDR_V4MAPPED(&v6addr);
7475 				if (!v4) {
7476 					v6++;
7477 				}
7478 
7479 				/*
7480 				 * check any previous addresses have same
7481 				 * version.
7482 				 */
7483 				if (nvlist_lookup_byte((*filter)->nvlist,
7484 				    IPGPC_FILTER_TYPE, &b) == 0) {
7485 					if (v4 && b != IPGPC_V4_FLTR ||
7486 					    v6 && b != IPGPC_V6_FLTR) {
7487 						ipqos_msg(MT_ERROR,
7488 						    gettext("Incompatible "
7489 						    "address version line "
7490 						    "%u.\n"), lineno);
7491 						goto fail;
7492 					}
7493 				}
7494 
7495 				/*
7496 				 * check that if ip_version spec'd it
7497 				 * corresponds.
7498 				 */
7499 				if ((*filter)->ip_versions != 0) {
7500 					if (v4 && !VERSION_IS_V4(*filter) ||
7501 					    v6 && !VERSION_IS_V6(*filter)) {
7502 						ipqos_msg(MT_ERROR,
7503 						    gettext("Incompatible "
7504 						    "address version line %u"
7505 						    ".\n"), lineno);
7506 						goto fail;
7507 					}
7508 				}
7509 
7510 				/* add the address type */
7511 
7512 				res = nvlist_add_byte(
7513 				(*filter)->nvlist, IPGPC_FILTER_TYPE,
7514 				    v4 ? IPGPC_V4_FLTR : IPGPC_V6_FLTR);
7515 				if (res != 0) {
7516 					ipqos_msg(MT_ENOSTR,
7517 					    "nvlist_add_byte");
7518 					goto fail;
7519 				}
7520 
7521 				/* add address to list */
7522 
7523 				res = nvlist_add_uint32_array((*filter)->nvlist,
7524 				    sa ? IPGPC_SADDR : IPGPC_DADDR,
7525 				    (uint32_t *)&v6addr, 4);
7526 				if (res != 0) {
7527 					ipqos_msg(MT_ENOSTR,
7528 					    "nvlist_add_uint32_array");
7529 					goto fail;
7530 				}
7531 
7532 
7533 				/*
7534 				 * add mask entry in list.
7535 				 */
7536 
7537 				if (sl) {	/* have CIDR mask */
7538 					char *lo;
7539 					res = readuint8(sl, &mlen, &lo);
7540 					if (res != IPQOS_CONF_SUCCESS ||
7541 					    v4 && mlen > 32 ||
7542 					    !v4 && mlen > 128 ||
7543 					    mlen == 0) {
7544 						ipqos_msg(MT_ERROR,
7545 						    gettext("Invalid CIDR "
7546 						    "mask line %u.\n"), lineno);
7547 						goto fail;
7548 					}
7549 					setmask(mlen, &mask,
7550 					    v4 ? AF_INET : AF_INET6);
7551 					free(sl);
7552 				} else {
7553 					/* no CIDR mask spec'd - use all 1s */
7554 
7555 					(void) memset(&mask, ~0,
7556 					    sizeof (in6_addr_t));
7557 				}
7558 				res = nvlist_add_uint32_array((*filter)->nvlist,
7559 				    sa ? IPGPC_SADDR_MASK : IPGPC_DADDR_MASK,
7560 				    (uint32_t *)&mask, 4);
7561 				if (res != 0) {
7562 					ipqos_msg(MT_ENOSTR,
7563 					    "nvlist_add_uint32_arr");
7564 					goto fail;
7565 				}
7566 
7567 			/* inet_pton returns fail - we assume a node name */
7568 
7569 			} else {
7570 				/*
7571 				 * doesn't make sense to have a mask
7572 				 * with a node name.
7573 				 */
7574 				if (sl) {
7575 					ipqos_msg(MT_ERROR,
7576 					    gettext("Address masks aren't "
7577 					    "allowed for host names line "
7578 					    "%u.\n"), lineno);
7579 					goto fail;
7580 				}
7581 
7582 				/*
7583 				 * store node name in filter struct for
7584 				 * later resolution.
7585 				 */
7586 				if (sa) {
7587 					(*filter)->src_nd_name =
7588 					    malloc(strlen(addr_str) + 1);
7589 					(void) strcpy((*filter)->src_nd_name,
7590 					    addr_str);
7591 				} else {
7592 					(*filter)->dst_nd_name =
7593 					    malloc(strlen(addr_str) + 1);
7594 					(void) strcpy((*filter)->dst_nd_name,
7595 					    addr_str);
7596 				}
7597 			}
7598 
7599 		/* ip_version enumeration */
7600 
7601 		} else if (strcmp(nvpair_name(nvp), IPQOS_CONF_IP_VERSION) ==
7602 		    0) {
7603 			/* check we haven't read ip_version before */
7604 			if (ipv) {
7605 				ipqos_msg(MT_ERROR,
7606 				    gettext("Duplicate parameter line %u.\n"),
7607 				    lineno);
7608 				goto fail;
7609 			}
7610 			ipv++;
7611 
7612 			/* get bitmask value */
7613 
7614 			(void) nvpair_value_uint32(nvp,
7615 			    &(*filter)->ip_versions);
7616 
7617 			/*
7618 			 * check that if either ip address is spec'd it
7619 			 * corresponds.
7620 			 */
7621 			if (v4 && !VERSION_IS_V4(*filter) ||
7622 			    v6 && !VERSION_IS_V6(*filter)) {
7623 				ipqos_msg(MT_ERROR, gettext("Incompatible "
7624 				    "address version line %u.\n"), lineno);
7625 				goto fail;
7626 			}
7627 
7628 			/* remove ip_version from nvlist */
7629 
7630 			(void) nvlist_remove_all((*filter)->nvlist,
7631 			    IPQOS_CONF_IP_VERSION);
7632 		}
7633 	}
7634 	if (nm == 0 || cls == 0) {
7635 		ipqos_msg(MT_ERROR, gettext("Missing filter/class name "
7636 		    "before line %u.\n"), lineno);
7637 		goto fail;
7638 	}
7639 
7640 	if (in_string_table(perm_filters, num_perm_filters, (*filter)->name)) {
7641 		IPQOSCDBG1(L0, "Setting filter %s as permanent.\n",
7642 		    (*filter)->name);
7643 
7644 		(*filter)->originator = IPP_CONFIG_PERMANENT;
7645 	}
7646 
7647 	return (IPQOS_CONF_SUCCESS);
7648 fail:
7649 	if (*filter)
7650 		free_filter(*filter);
7651 	if (hp)
7652 		freehostent(hp);
7653 	if (sl)
7654 		free(sl);
7655 
7656 	return (IPQOS_CONF_ERR);
7657 }
7658 
7659 /*
7660  * reads the curl begin token from cfp stream.
7661  * RETURNS: IPQOS_CONF_ERR if not read successfully, else IPQOS_CONF_SUCCES.
7662  */
7663 static int
7664 read_curl_begin(FILE *cfp)
7665 {
7666 
7667 	int res;
7668 	char *st;
7669 
7670 	res = readtoken(cfp, &st);
7671 
7672 	if (res != IPQOS_CONF_CURL_BEGIN) {
7673 		if (res == IPQOS_CONF_EOF) {
7674 			ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
7675 
7676 		/* if CURL_END or something else */
7677 		} else if (res != IPQOS_CONF_ERR) {
7678 			free(st);
7679 			ipqos_msg(MT_ERROR, gettext("\'{\' missing at line "
7680 			    "%u.\n"), lineno);
7681 		}
7682 		return (IPQOS_CONF_ERR);
7683 	}
7684 
7685 	free(st);
7686 	return (IPQOS_CONF_SUCCESS);
7687 }
7688 
7689 /*
7690  * This function parses the parameter string version into a version of the
7691  * form "%u.%u" (as a sscanf format string). It then encodes this into an
7692  * int and returns this encoding.
7693  * RETURNS: -1 if an invalid string, else the integer encoding.
7694  */
7695 static int
7696 ver_str_to_int(
7697 char *version)
7698 {
7699 	uint32_t major, minor;
7700 	int ver;
7701 
7702 	if (sscanf(version, "%u.%u", &major, &minor) != 2) {
7703 		IPQOSCDBG0(L0, "Failed to process version number string\n");
7704 		return (-1);
7705 	}
7706 
7707 	ver = (int)((major * 10000) + minor);
7708 	return (ver);
7709 }
7710 
7711 /*
7712  * This function scans through the stream fp line by line looking for
7713  * a line beginning with version_tag and returns a integer encoding of
7714  * the version following it.
7715  *
7716  * RETURNS: If the version definition isn't found or the version is not
7717  * a valid version (%u.%u) then -1 is returned, else an integer encoding
7718  * of the read version.
7719  */
7720 static int
7721 read_tfile_ver(
7722 FILE *fp,
7723 char *version_tag,
7724 char *module_name)
7725 {
7726 	char lbuf[IPQOS_CONF_LINEBUF_SZ];
7727 	char buf[IPQOS_CONF_LINEBUF_SZ+1];
7728 	char buf2[IPQOS_CONF_LINEBUF_SZ+1];
7729 	int found = 0;
7730 	int version;
7731 
7732 	/*
7733 	 * reset to file start
7734 	 */
7735 	if (fseek(fp, 0, SEEK_SET) != 0) {
7736 		ipqos_msg(MT_ENOSTR, "fseek");
7737 		return (-1);
7738 	}
7739 
7740 	/*
7741 	 * loop reading lines till found the one beginning with version_tag.
7742 	 */
7743 	while (fgets(lbuf, IPQOS_CONF_LINEBUF_SZ, fp) != NULL) {
7744 		if ((sscanf(lbuf,
7745 		    "%" VAL2STR(IPQOS_CONF_LINEBUF_SZ) "s"
7746 		    "%" VAL2STR(IPQOS_CONF_LINEBUF_SZ) "s",
7747 		    buf, buf2) == 2) &&
7748 		    (strcmp(buf, version_tag) == 0)) {
7749 			found++;
7750 			break;
7751 		}
7752 	}
7753 	if (found == 0) {
7754 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
7755 		    "corrupt.\n"), module_name);
7756 		IPQOSCDBG1(L1, "Couldn't find %s in types file\n",
7757 		    version_tag);
7758 		return (-1);
7759 	}
7760 
7761 	/*
7762 	 * convert version string into int.
7763 	 */
7764 	if ((version = ver_str_to_int(buf2)) == -1) {
7765 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
7766 		    "corrupt.\n"), module_name);
7767 		return (-1);
7768 	}
7769 
7770 	return (version);
7771 }
7772 
7773 /*
7774  * read action clause and params/classes/filters clauses within and
7775  * store in and hang off an action structure, and point action at it.
7776  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
7777  */
7778 static int
7779 readaction(
7780 FILE *cfp,
7781 ipqos_conf_action_t **action)
7782 {
7783 
7784 	char *st;
7785 	FILE *tfp = NULL;
7786 	int nm, md;
7787 	int readprms = 0;
7788 	int res;
7789 	char *strval;
7790 	char *name;
7791 	nvpair_t *nvp;
7792 	ipqos_nvtype_t type;
7793 	ipqos_conf_filter_t *filter;
7794 	ipqos_conf_class_t *class;
7795 	int oe;
7796 	char **perm_filters;
7797 	int num_perm_filters;
7798 	int tf_fmt_ver;
7799 
7800 	IPQOSCDBG0(L0, "in readaction\n");
7801 
7802 	res = readtoken(cfp, &st);
7803 	if (res == IPQOS_CONF_ERR || res == IPQOS_CONF_EOF) {
7804 		return (res);
7805 	} else if (strcmp(st, IPQOS_CONF_ACTION_STR) != 0) {
7806 			ipqos_msg(MT_ERROR, gettext("Missing %s token line "
7807 			    "%u.\n"), IPQOS_CONF_ACTION_STR, lineno);
7808 			free(st);
7809 			return (IPQOS_CONF_ERR);
7810 	}
7811 	free(st);
7812 
7813 	/* create action structure */
7814 
7815 	*action = alloc_action();
7816 	if (*action == NULL) {
7817 		return (IPQOS_CONF_ERR);
7818 	}
7819 	(*action)->params->originator = IPP_CONFIG_IPQOSCONF;
7820 
7821 
7822 	/* get starting line for error reporting */
7823 	(*action)->lineno = lineno;
7824 
7825 	/* read beginning curl */
7826 
7827 	res = read_curl_begin(cfp);
7828 	if (res != IPQOS_CONF_SUCCESS) {
7829 		goto fail;
7830 	}
7831 
7832 	/* loop till read both action name and module */
7833 
7834 	nm = md = 0;
7835 	do {
7836 		/* read nvpair */
7837 
7838 		res = readnvpair(cfp, NULL, &(*action)->nvlist, &nvp, &type,
7839 		    PL_ACTION, NULL);
7840 		if (res == IPQOS_CONF_ERR) {
7841 			goto fail;
7842 
7843 		/* read curl_end */
7844 
7845 		} else if (res == IPQOS_CONF_CURL_END) {
7846 			if (nm == 0 || md == 0) {
7847 				ipqos_msg(MT_ERROR,
7848 				    gettext("Missing action name/ module "
7849 				    "before line %u.\n"), lineno);
7850 				goto fail;
7851 			}
7852 		}
7853 
7854 
7855 		/* store name and module in action structure */
7856 
7857 		name = nvpair_name(nvp);
7858 
7859 		/* read action name */
7860 
7861 		if (nm == 0 && strcmp(name, IPQOS_CONF_NAME_STR) == 0) {
7862 
7863 			(void) nvpair_value_string(nvp, &strval);
7864 
7865 			/* check name is valid */
7866 
7867 			if (valid_name(strval) != IPQOS_CONF_SUCCESS ||
7868 			    valid_aname(strval) != IPQOS_CONF_SUCCESS) {
7869 				goto fail;
7870 			}
7871 
7872 			/* store and remove from list */
7873 
7874 			(void) strcpy((*action)->name, strval);
7875 			/* remove name from nvlist */
7876 			(void) nvlist_remove_all((*action)->nvlist,
7877 			    IPQOS_CONF_NAME_STR);
7878 
7879 			nm++;
7880 
7881 		/* read module name */
7882 
7883 		} else if (md == 0 &&
7884 		    strcmp(name, IPQOS_CONF_MODULE_STR) == 0) {
7885 			/*
7886 			 * check that module has a type file and get
7887 			 * open stream to it.
7888 			 */
7889 			(void) nvpair_value_string(nvp, &strval);
7890 			if ((tfp = validmod(strval, &oe)) == NULL) {
7891 				if (oe) {
7892 					if (errno == ENOENT) {
7893 						ipqos_msg(MT_ERROR,
7894 						    gettext("Invalid "
7895 						    "module name line %u.\n"),
7896 						    lineno);
7897 					} else {
7898 						ipqos_msg(MT_ENOSTR, "fopen");
7899 					}
7900 				}
7901 				goto fail;
7902 			}
7903 
7904 			/*
7905 			 * move module name to action struct
7906 			 */
7907 			(void) strlcpy((*action)->module, strval,
7908 			    IPQOS_CONF_NAME_LEN);
7909 			(void) nvlist_remove_all((*action)->nvlist,
7910 			    IPQOS_CONF_MODULE_STR);
7911 			md++;
7912 
7913 		/* duplicate/other parameter */
7914 
7915 		} else {
7916 			ipqos_msg(MT_ERROR,
7917 			    gettext("Unexpected parameter line %u.\n"),
7918 			    lineno);
7919 			goto fail;
7920 		}
7921 
7922 	} while (nm == 0 || md == 0);
7923 
7924 	/*
7925 	 * check that if the ipgpc action it is named correctly
7926 	 */
7927 	if ((strcmp((*action)->module, IPGPC_NAME) == 0) &&
7928 	    (strcmp((*action)->name, IPGPC_CLASSIFY) != 0)) {
7929 		ipqos_msg(MT_ERROR,
7930 		    gettext("%s action has incorrect name line %u.\n"),
7931 		    IPGPC_NAME, (*action)->lineno);
7932 		goto fail;
7933 	}
7934 
7935 	/* get list of permanent classes */
7936 
7937 	res = read_perm_items(0, tfp, (*action)->module,
7938 	    &(*action)->perm_classes, &(*action)->num_perm_classes);
7939 	if (res != IPQOS_CONF_SUCCESS) {
7940 		goto fail;
7941 	}
7942 
7943 	/* get list of permanent filters */
7944 
7945 	res = read_perm_items(1, tfp, (*action)->module,
7946 	    &perm_filters, &num_perm_filters);
7947 	if (res != IPQOS_CONF_SUCCESS) {
7948 		goto fail;
7949 	}
7950 
7951 	/*
7952 	 * get types file format version and check its supported.
7953 	 */
7954 	if ((tf_fmt_ver = read_tfile_ver(tfp, IPQOS_FMT_STR,
7955 	    (*action)->module)) == -1)
7956 		goto fail;
7957 	if (IPP_MAJOR_MODULE_VER(tf_fmt_ver) > 1 ||
7958 	    IPP_MINOR_MODULE_VER(tf_fmt_ver) > 0) {
7959 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
7960 		    "incompatible.\n"), (*action)->module);
7961 		IPQOSCDBG0(L1, "Unsupported fmt major/minor version\n");
7962 		goto fail;
7963 	}
7964 
7965 	/*
7966 	 * get module version
7967 	 */
7968 	if (((*action)->module_version = read_tfile_ver(tfp, IPQOS_MOD_STR,
7969 	    (*action)->module)) == -1)
7970 		goto fail;
7971 
7972 	/* read filter/class/params blocks until CURL_END */
7973 
7974 	for (;;) {
7975 		/* read token */
7976 		res = readtoken(cfp, &st);
7977 
7978 		if (res == IPQOS_CONF_ERR) {
7979 			goto fail;
7980 		} else if (res == IPQOS_CONF_EOF) {
7981 			ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
7982 			goto fail;
7983 
7984 		/* read CURL_END - end of action definition */
7985 
7986 		} else if (res == IPQOS_CONF_CURL_END) {
7987 			free(st);
7988 			break;
7989 		}
7990 
7991 
7992 		/*
7993 		 * read in either a filter/class or parameter block.
7994 		 */
7995 
7996 		/* read filter */
7997 
7998 		if (strcmp(st, IPQOS_CONF_FILTER_STR) == 0) {
7999 			free(st);
8000 
8001 			res = readfilter(cfp, tfp, (*action)->module, &filter,
8002 			    perm_filters, num_perm_filters);
8003 			if (res != IPQOS_CONF_SUCCESS) {
8004 				goto fail;
8005 			}
8006 
8007 			/*
8008 			 * if we read a host name for either src or dst addr
8009 			 * resolve the hostnames and create the appropriate
8010 			 * number of filters.
8011 			 */
8012 
8013 			if (filter->src_nd_name || filter->dst_nd_name) {
8014 
8015 				res = domultihome(filter, &(*action)->filters,
8016 				    B_FALSE);
8017 				/*
8018 				 * if a lookup fails and the filters
8019 				 * marked as retry we add it to a list
8020 				 * for another attempt later, otherwise
8021 				 * it is thrown away.
8022 				 */
8023 				if (res != IPQOS_CONF_SUCCESS) {
8024 
8025 					/* if not name lookup problem */
8026 
8027 					if (filter->nlerr == 0) {
8028 						free_filter(filter);
8029 						goto fail;
8030 
8031 					/* name lookup problem */
8032 
8033 					/*
8034 					 * if intermitent lookup failure
8035 					 * add to list of filters to
8036 					 * retry later.
8037 					 */
8038 					} else if (filter->nlerr ==
8039 					    IPQOS_LOOKUP_RETRY) {
8040 						filter->nlerr = 0;
8041 						ADD_TO_LIST(
8042 						    &(*action)->retry_filters,
8043 						    filter);
8044 					/*
8045 					 * for non-existing names
8046 					 * ignore the filter.
8047 					 */
8048 					} else {
8049 						free_filter(filter);
8050 					}
8051 
8052 				/* creation of new filters successful */
8053 
8054 				} else {
8055 					free_filter(filter);
8056 				}
8057 
8058 			/* non-node name filter */
8059 
8060 			} else {
8061 				ADD_TO_LIST(&(*action)->filters, filter);
8062 			}
8063 
8064 		/* read class */
8065 
8066 		} else if (strcmp(st, IPQOS_CONF_CLASS_STR) == 0) {
8067 			free(st);
8068 			res = readclass(cfp, (*action)->module, &class,
8069 			    (*action)->perm_classes,
8070 			    (*action)->num_perm_classes);
8071 			if (res != IPQOS_CONF_SUCCESS) {
8072 				goto fail;
8073 			}
8074 
8075 			ADD_TO_LIST(&(*action)->classes, class);
8076 
8077 		/* read params */
8078 
8079 		} else if (strcmp(st, IPQOS_CONF_PARAMS_STR) == 0) {
8080 			free(st);
8081 			if (readprms) {
8082 				ipqos_msg(MT_ERROR,
8083 				    gettext("Second parameter clause not "
8084 				    "supported line %u.\n"), lineno);
8085 				goto fail;
8086 			}
8087 			res = readparams(cfp, tfp, (*action)->module,
8088 			    (*action)->params);
8089 			if (res != IPQOS_CONF_SUCCESS) {
8090 				goto fail;
8091 			}
8092 			readprms++;
8093 
8094 		/* something unexpected */
8095 		} else {
8096 			free(st);
8097 			ipqos_msg(MT_ERROR,
8098 			    gettext("Params/filter/class clause expected "
8099 			    "line %u.\n"), lineno);
8100 			goto fail;
8101 		}
8102 	}
8103 
8104 	(void) fclose(tfp);
8105 	return (IPQOS_CONF_SUCCESS);
8106 
8107 fail:
8108 	if (tfp)
8109 		(void) fclose(tfp);
8110 	if (*action) {
8111 		free_actions(*action);
8112 		*action = NULL;
8113 	}
8114 	return (IPQOS_CONF_ERR);
8115 }
8116 
8117 /*
8118  * check that each of the actions in actions is uniquely named. If one isn't
8119  * set *name to point at the name of the duplicate action.
8120  * RETURNS: IPQOS_CONF_ERR if a non-unique action, else IPQOS_CONF_SUCCESS.
8121  */
8122 static int
8123 actions_unique(ipqos_conf_action_t *actions, char **name)
8124 {
8125 
8126 	IPQOSCDBG0(L1, "In actions_unique.\n");
8127 
8128 	while (actions) {
8129 		if (actionexist(actions->name, actions->next)) {
8130 			*name = actions->name;
8131 			return (IPQOS_CONF_ERR);
8132 		}
8133 		actions = actions->next;
8134 	}
8135 
8136 	return (IPQOS_CONF_SUCCESS);
8137 }
8138 
8139 /*
8140  * checks whether the action parameter is involved in an action cycle.
8141  * RETURNS: 1 if involved in a cycle, 0 otherwise.
8142  */
8143 static int
8144 in_cycle(
8145 ipqos_conf_action_t *action)
8146 {
8147 
8148 	ipqos_conf_act_ref_t *aref;
8149 	ipqos_conf_class_t *c;
8150 
8151 	IPQOSCDBG1(L0, "in_cycle: visiting action %s\n", action->name);
8152 
8153 
8154 	/* have we visited this action before? */
8155 
8156 	if (action->visited == INCYCLE_VISITED) {
8157 		action->visited = 0;
8158 		return (1);
8159 	}
8160 	action->visited = INCYCLE_VISITED;
8161 
8162 	/*
8163 	 * recurse down the child actions of this action through the
8164 	 * classes next action and parameter actions.
8165 	 */
8166 
8167 	for (aref = action->params->actions; aref != NULL; aref = aref->next) {
8168 
8169 		/* skip virtual actions - they can't be in a cycle */
8170 
8171 		if (virtual_action(aref->name)) {
8172 			continue;
8173 		}
8174 
8175 		if (in_cycle(aref->action)) {
8176 			action->visited = 0;
8177 			return (1);
8178 		}
8179 	}
8180 
8181 	for (c = action->classes; c != NULL; c = c->next) {
8182 		aref = c->alist;
8183 
8184 		if (virtual_action(aref->name)) {
8185 			continue;
8186 		}
8187 
8188 		if (in_cycle(aref->action)) {
8189 			action->visited = 0;
8190 			return (1);
8191 		}
8192 	}
8193 
8194 	IPQOSCDBG0(L0, "in_cycle: return\n");
8195 	action->visited = 0;
8196 	return (0);
8197 }
8198 
8199 /*
8200  * checks that the configuration in actions is a valid whole, that
8201  * all actions are unique, all filters and classes are unique within
8202  * their action, that classes referenced by filters exist and actions
8203  * referenced by classes and params exist. Also checks that there are no root
8204  * actions but ipgpc and that no actions are involved in cycles. As
8205  * a consequence of checking that the actions exist two way pointers
8206  * are created between the dependee and dependant actions.
8207  *
8208  * In the case the the userconf flag is zero only this link creation is
8209  * set as we trust the kernel to return a valid configuration.
8210  *
8211  * RETURNS: IPQOS_CONF_ERR if config isn't valid, else IPQOS_CONF_SUCCESS.
8212  *
8213  */
8214 
8215 static int
8216 validconf(
8217 ipqos_conf_action_t *actions,
8218 int userconf)			/* are we checking a conf file ? */
8219 {
8220 	char *name;
8221 	ipqos_conf_action_t *act;
8222 	int res;
8223 	ipqos_conf_action_t *dact;
8224 	ipqos_conf_filter_t *flt;
8225 	ipqos_conf_class_t *cls;
8226 	ipqos_conf_params_t *params;
8227 	ipqos_conf_act_ref_t *aref;
8228 
8229 	IPQOSCDBG0(L0, "In validconf\n");
8230 
8231 	/* check actions are unique */
8232 
8233 	if (userconf && actions_unique(actions, &name) != IPQOS_CONF_SUCCESS) {
8234 		ipqos_msg(MT_ERROR, gettext("Duplicate named action %s.\n"),
8235 		    name);
8236 		return (IPQOS_CONF_ERR);
8237 	}
8238 
8239 	for (act = actions; act; act = act->next) {
8240 
8241 		/*
8242 		 * check filters (for user land configs only).
8243 		 * check they are unique in this action and their class exists.
8244 		 */
8245 		if (userconf) {
8246 			for (flt = act->filters; flt; flt = flt->next) {
8247 
8248 				/* check unique name */
8249 
8250 				if (filterexist(flt->name, flt->instance,
8251 				    flt->next)) {
8252 					ipqos_msg(MT_ERROR,
8253 					    gettext("Duplicate named filter "
8254 					    "%s in action %s.\n"), flt->name,
8255 					    act->name);
8256 					return (IPQOS_CONF_ERR);
8257 				}
8258 
8259 				/*
8260 				 * check existence of class and error if
8261 				 * class doesn't exist and not a perm class
8262 				 */
8263 
8264 				if (!classexist(flt->class_name,
8265 				    act->classes)) {
8266 					if (!in_string_table(act->perm_classes,
8267 					    act->num_perm_classes,
8268 					    flt->class_name)) {
8269 						ipqos_msg(MT_ERROR,
8270 						    gettext("Undefined "
8271 						    "class in filter %s, "
8272 						    "action %s.\n"), flt->name,
8273 						    act->name);
8274 						return (IPQOS_CONF_ERR);
8275 					}
8276 				}
8277 			}
8278 		}
8279 
8280 		/* check classes */
8281 
8282 		for (cls = act->classes; cls; cls = cls->next) {
8283 
8284 			/* check if class name unique (userland only) */
8285 
8286 			if (userconf && classexist(cls->name, cls->next)) {
8287 				ipqos_msg(MT_ERROR,
8288 				    gettext("Duplicate named class %s in "
8289 				    "action %s.\n"), cls->name, act->name);
8290 				return (IPQOS_CONF_ERR);
8291 			}
8292 
8293 			/*
8294 			 * virtual actions always exist so don't check for next
8295 			 * action.
8296 			 */
8297 			if (virtual_action(cls->alist->name)) {
8298 				continue;
8299 			}
8300 
8301 			/*
8302 			 * check existance of next action and create link to
8303 			 * it.
8304 			 */
8305 			if ((cls->alist->action =
8306 			    actionexist(cls->alist->name, actions)) == NULL) {
8307 				ipqos_msg(MT_ERROR,
8308 				    gettext("Undefined action in class %s, "
8309 				    "action %s.\n"), cls->name, act->name);
8310 				return (IPQOS_CONF_ERR);
8311 			}
8312 
8313 			/* create backwards link - used for deletions */
8314 
8315 			dact = cls->alist->action;
8316 			res = add_aref(&dact->dependencies, NULL, act->name);
8317 			if (res != IPQOS_CONF_SUCCESS) {
8318 				return (IPQOS_CONF_ERR);
8319 			}
8320 			dact->dependencies->action = act;
8321 		}
8322 
8323 
8324 		/* check actions exist for action type parameters */
8325 
8326 		params = act->params;
8327 		for (aref = params->actions; aref; aref = aref->next) {
8328 
8329 			/* skip virtuals */
8330 
8331 			if (virtual_action(aref->name)) {
8332 				continue;
8333 			}
8334 
8335 			/*
8336 			 * check existance of action in this ref
8337 			 * and if present create a ptr to it.
8338 			 */
8339 			aref->action = actionexist(aref->name, actions);
8340 			if (aref->action == NULL) {
8341 				ipqos_msg(MT_ERROR,
8342 				    gettext("Undefined action in parameter "
8343 				    "%s, action %s.\n"),
8344 				    SHORT_NAME(aref->field), act->name);
8345 				return (IPQOS_CONF_ERR);
8346 			}
8347 
8348 			/* create backwards link */
8349 
8350 			dact = aref->action;
8351 			res = add_aref(&dact->dependencies, NULL,
8352 			    act->name);
8353 			if (res != IPQOS_CONF_SUCCESS) {
8354 				return (IPQOS_CONF_ERR);
8355 			}
8356 			dact->dependencies->action = act;
8357 		}
8358 	}
8359 
8360 	/* for kernel retrieved configs we don't do the following checks. */
8361 	if (!userconf) {
8362 		return (IPQOS_CONF_SUCCESS);
8363 	}
8364 
8365 	/* check for cycles in config and orphaned actions other than ipgpc */
8366 
8367 	for (act = actions; act; act = act->next) {
8368 
8369 		/* check if involved in cycle */
8370 
8371 		if (in_cycle(act)) {
8372 			ipqos_msg(MT_ERROR,
8373 			    gettext("Action %s involved in cycle.\n"),
8374 			    act->name);
8375 			return (IPQOS_CONF_ERR);
8376 		}
8377 
8378 		/* check that this action has a parent (except ipgpc) */
8379 
8380 		if (act->dependencies == NULL &&
8381 		    strcmp(act->name, IPGPC_CLASSIFY) != 0) {
8382 			ipqos_msg(MT_ERROR, gettext("Action %s isn't "
8383 			    "referenced by any other actions.\n"), act->name);
8384 			return (IPQOS_CONF_ERR);
8385 		}
8386 	}
8387 
8388 	return (IPQOS_CONF_SUCCESS);
8389 }
8390 
8391 /*
8392  * Read the version from the config file with stream cfp with
8393  * the tag version_tag. The tag-value pair should be the first tokens
8394  * encountered.
8395  *
8396  * RETURNS: -1 if a missing or invalid version or a read error,
8397  * else an integer encoding of the version.
8398  */
8399 static int
8400 read_cfile_ver(
8401 FILE *cfp,
8402 char *version_tag)
8403 {
8404 	char *sp = NULL;
8405 	int res;
8406 	int version;
8407 
8408 	IPQOSCDBG0(L1, "In read_cfile_ver:\n");
8409 
8410 	/*
8411 	 * read version tag string.
8412 	 */
8413 	res = readtoken(cfp, &sp);
8414 	if (res != IPQOS_CONF_SUCCESS) {
8415 		goto fail;
8416 	} else if (strcasecmp(sp, version_tag) != 0) {
8417 		goto fail;
8418 	}
8419 	free(sp);
8420 	sp = NULL;
8421 
8422 	/*
8423 	 * read version number string.
8424 	 */
8425 	res = readtoken(cfp, &sp);
8426 	if (res != IPQOS_CONF_SUCCESS) {
8427 		goto fail;
8428 	}
8429 
8430 	/*
8431 	 * encode version into int.
8432 	 */
8433 	if ((version = ver_str_to_int(sp)) == -1) {
8434 		goto fail;
8435 	}
8436 	free(sp);
8437 
8438 	return (version);
8439 fail:
8440 	ipqos_msg(MT_ERROR,
8441 	    gettext("Missing/Invalid config file %s.\n"), version_tag);
8442 	if (sp != NULL)
8443 		free(sp);
8444 	return (-1);
8445 }
8446 
8447 /*
8448  * read the set of actions definitions from the stream cfp and store
8449  * them in a list pointed to by conf.
8450  * RETURNS: IPQOS_CONF_ERR if any errors, else IPQOS_CONF_SUCCESS.
8451  */
8452 static int
8453 readconf(
8454 FILE *cfp,
8455 ipqos_conf_action_t **conf)
8456 {
8457 
8458 	int res;
8459 	ipqos_conf_action_t *action;
8460 	boolean_t ipgpc_action = B_FALSE;
8461 	int fmt_ver;
8462 
8463 	IPQOSCDBG0(L0, "In readconf\n");
8464 
8465 	*conf = NULL;
8466 
8467 	/*
8468 	 * get config file format version.
8469 	 */
8470 	fmt_ver = read_cfile_ver(cfp, IPQOS_FMT_VERSION_STR);
8471 	if (fmt_ver == -1) {
8472 		return (IPQOS_CONF_ERR);
8473 	} else {
8474 		/*
8475 		 * check version is valid
8476 		 */
8477 		if ((IPP_MAJOR_MODULE_VER(fmt_ver) > 1) ||
8478 		    (IPP_MINOR_MODULE_VER(fmt_ver) > 0)) {
8479 			ipqos_msg(MT_ERROR, gettext("Unsupported config file "
8480 			    "format version.\n"));
8481 			return (IPQOS_CONF_ERR);
8482 		}
8483 	}
8484 
8485 	/* loop reading actions adding to conf till EOF */
8486 
8487 	for (;;) {
8488 		action = NULL;
8489 
8490 		/* readaction */
8491 
8492 		res = readaction(cfp, &action);
8493 		if (res == IPQOS_CONF_ERR) {
8494 			goto fail;
8495 		}
8496 
8497 		/* reached eof, finish */
8498 
8499 		if (res == IPQOS_CONF_EOF) {
8500 			break;
8501 		}
8502 
8503 		ADD_TO_LIST(conf, action);
8504 
8505 		/* check if we just read an ipgpc action */
8506 
8507 		if (strcmp(action->name, IPGPC_CLASSIFY) == 0)
8508 			ipgpc_action = B_TRUE;
8509 	}
8510 
8511 	/* check that there is one or more actions and that one is ipgpc */
8512 
8513 	if (ipgpc_action == B_FALSE) {
8514 		ipqos_msg(MT_ERROR, gettext("No %s action defined.\n"),
8515 		    IPGPC_NAME);
8516 		goto fail;
8517 	}
8518 
8519 	return (IPQOS_CONF_SUCCESS);
8520 fail:
8521 	free_actions(*conf);
8522 	*conf = NULL;
8523 	return (IPQOS_CONF_ERR);
8524 }
8525 
8526 /* ************************ kernel config retrieval ************************ */
8527 
8528 
8529 /*
8530  * read the current configuration from the kernel and make *conf a ptr to it.
8531  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8532  */
8533 static int
8534 readkconf(ipqos_conf_action_t **conf)
8535 {
8536 
8537 	int res;
8538 	char **modnames = NULL;
8539 	int nmods;
8540 	char **actnames = NULL;
8541 	int nacts;
8542 	int x, y;
8543 	FILE *tfp;
8544 	int openerr;
8545 	ipqos_actinfo_prm_t ai_prm;
8546 
8547 
8548 	IPQOSCDBG0(L0, "In readkconf\n");
8549 
8550 	/* initialise conf to NULL */
8551 	*conf = NULL;
8552 
8553 	/* get list of modules currently loaded */
8554 
8555 	res = ipp_list_mods(&modnames, &nmods);
8556 	if (res != 0) {
8557 		ipqos_msg(MT_ENOSTR, "ipp_list_mods");
8558 		return (IPQOS_CONF_ERR);
8559 	}
8560 
8561 	/*
8562 	 * iterate through all loaded modules retrieving their list of actions
8563 	 * and then retrieving the configuration of each of these
8564 	 * and attatching it to conf.
8565 	 */
8566 	for (x = 0; x < nmods; x++) {
8567 
8568 		/* skip actions of modules that we can't open types file of */
8569 
8570 		if ((tfp = validmod(modnames[x], &openerr)) == NULL) {
8571 
8572 			/* mem error */
8573 
8574 			if (!openerr) {
8575 				goto fail;
8576 
8577 			/*
8578 			 * fopen fail - if we failed because the file didn't
8579 			 * exist we assume this is an unknown module and
8580 			 * ignore this module, otherwise error.
8581 			 */
8582 			} else {
8583 				if (errno == ENOENT) {
8584 					continue;
8585 				} else {
8586 					ipqos_msg(MT_ENOSTR, "fopen");
8587 					goto fail;
8588 				}
8589 			}
8590 		}
8591 		(void) fclose(tfp);
8592 
8593 		/* get action list for this module */
8594 
8595 		res = ipp_mod_list_actions(modnames[x], &actnames, &nacts);
8596 		if (res != 0) {
8597 			ipqos_msg(MT_ENOSTR, "ipp_mod_list_actions");
8598 			goto fail;
8599 		}
8600 
8601 		/* read config of each action of this module */
8602 
8603 		for (y = 0; y < nacts; y++) {
8604 			ai_prm.action = alloc_action();
8605 			if (ai_prm.action == NULL) {
8606 				goto fail;
8607 			}
8608 
8609 			/* copy action name into action struct */
8610 
8611 			(void) strlcpy(ai_prm.action->name, actnames[y],
8612 			    IPQOS_CONF_NAME_LEN);
8613 
8614 			/* copy module name into action struct */
8615 
8616 			(void) strlcpy(ai_prm.action->module, modnames[x],
8617 			    IPQOS_CONF_NAME_LEN);
8618 
8619 			/* get action info */
8620 
8621 			res = ipp_action_info(actnames[y],
8622 			    (int (*)(nvlist_t *, void *))parse_kaction,
8623 			    (void *)&ai_prm, 0);
8624 			if (res != 0) {
8625 				/* was this an ipp error */
8626 				if (ai_prm.intl_ret == IPQOS_CONF_SUCCESS) {
8627 					ipqos_msg(MT_ENOSTR,
8628 					    "ipp_action_info");
8629 				}
8630 				goto fail;
8631 			}
8632 
8633 			ADD_TO_LIST(conf, ai_prm.action);
8634 		}
8635 
8636 		cleanup_string_table(actnames, nacts);
8637 	}
8638 
8639 	cleanup_string_table(modnames, nmods);
8640 	return (IPQOS_CONF_SUCCESS);
8641 fail:
8642 	free_actions(*conf);
8643 	*conf = NULL;
8644 	cleanup_string_table(modnames, nmods);
8645 	cleanup_string_table(actnames, nacts);
8646 	return (IPQOS_CONF_ERR);
8647 }
8648 
8649 /*
8650  * This is passed as a parameter to ipp_action_info() in readkaction and
8651  * is called back one for each configuration element within the action
8652  * specified. This results in filters and classes being created and chained
8653  * off of action, and action having its params set.
8654  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
8655  */
8656 static int
8657 parse_kaction(
8658 nvlist_t *nvl,
8659 ipqos_actinfo_prm_t *ai_prm)
8660 {
8661 
8662 	int ret;
8663 	uint8_t cfgtype;
8664 	ipqos_conf_filter_t *filter = NULL;
8665 	ipqos_conf_class_t *class = NULL;
8666 	ipqos_conf_action_t *action = ai_prm->action;
8667 
8668 
8669 	IPQOSCDBG1(KRET, "In parse_kaction: action_name: %s\n", action->name);
8670 
8671 	/* get config type */
8672 
8673 	(void) nvlist_lookup_byte(nvl, IPP_CONFIG_TYPE, &cfgtype);
8674 	(void) nvlist_remove_all(nvl, IPP_CONFIG_TYPE);
8675 
8676 	switch (cfgtype) {
8677 		case CLASSIFIER_ADD_FILTER: {
8678 			/*
8679 			 * parse the passed filter nvlist
8680 			 * and add result to action's filter list.
8681 			 */
8682 			filter = alloc_filter();
8683 			if (filter == NULL) {
8684 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8685 				return (IPQOS_CONF_ERR);
8686 			}
8687 
8688 			ret = parse_kfilter(filter, nvl);
8689 			if (ret != IPQOS_CONF_SUCCESS) {
8690 				free_filter(filter);
8691 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8692 				return (ret);
8693 			}
8694 
8695 			ADD_TO_LIST(&action->filters, filter);
8696 			break;
8697 		}
8698 		case CLASSIFIER_ADD_CLASS:
8699 		case CLASSIFIER_MODIFY_CLASS: {
8700 			/*
8701 			 * parse the passed class nvlist
8702 			 * and add result to action's class list.
8703 			 */
8704 			class = alloc_class();
8705 			if (class == NULL) {
8706 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8707 				return (IPQOS_CONF_ERR);
8708 			}
8709 
8710 			ret = parse_kclass(class, nvl);
8711 			if (ret != IPQOS_CONF_SUCCESS) {
8712 				free_class(class);
8713 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8714 				return (ret);
8715 			}
8716 
8717 			ADD_TO_LIST(&action->classes, class);
8718 			break;
8719 		}
8720 		case IPP_SET: {
8721 			/*
8722 			 * we don't alloc a params struct as it is created
8723 			 * as part of an action.
8724 			 */
8725 
8726 			/* parse the passed params nvlist */
8727 
8728 			ret = parse_kparams(action->module, action->params,
8729 			    nvl);
8730 			if (ret != IPQOS_CONF_SUCCESS) {
8731 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8732 				return (ret);
8733 			}
8734 		}
8735 	}
8736 
8737 	ai_prm->intl_ret = IPQOS_CONF_SUCCESS;
8738 	return (IPQOS_CONF_SUCCESS);
8739 }
8740 
8741 /*
8742  * parses a params nvlist returned from the kernel.
8743  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8744  */
8745 int
8746 parse_kparams(
8747 char *module,
8748 ipqos_conf_params_t *params,
8749 nvlist_t *nvl) {
8750 
8751 	int ret;
8752 	ipqos_nvtype_t type;
8753 	str_val_nd_t *tmp;
8754 	char *act;
8755 	uint32_t u32;
8756 	nvpair_t *nvp;
8757 	FILE *tfp;
8758 	char dfltst[IPQOS_VALST_MAXLEN];
8759 	char *param;
8760 	nvlist_t *nvlcp;
8761 	int openerr;
8762 	place_t place;
8763 
8764 	IPQOSCDBG0(KRET, "In parse_kparams:\n");
8765 
8766 	/* get stream to module types file */
8767 
8768 	tfp = validmod(module, &openerr);
8769 	if (tfp == NULL) {
8770 		if (openerr) {
8771 			ipqos_msg(MT_ENOSTR, "fopen");
8772 		}
8773 		return (IPQOS_CONF_ERR);
8774 	}
8775 
8776 	/* make copy of passed in nvlist as it is freed by the caller */
8777 
8778 	ret = nvlist_dup(nvl, &nvlcp, 0);
8779 	if (ret != 0) {
8780 		return (IPQOS_CONF_ERR);
8781 	}
8782 
8783 	/*
8784 	 * get config originator and remove from nvlist. If no owner we
8785 	 * assume ownership.
8786 	 */
8787 	ret = nvlist_lookup_uint32(nvlcp, IPP_CONFIG_ORIGINATOR, &u32);
8788 	if (ret == 0) {
8789 		params->originator = u32;
8790 		(void) nvlist_remove_all(nvlcp, IPP_CONFIG_ORIGINATOR);
8791 	} else {
8792 		params->originator = IPP_CONFIG_IPQOSCONF;
8793 	}
8794 
8795 	/* get action stats and remove from nvlist */
8796 
8797 	ret = nvlist_lookup_uint32(nvlcp, IPP_ACTION_STATS_ENABLE, &u32);
8798 	if (ret == 0) {
8799 		params->stats_enable = *(boolean_t *)&u32;
8800 		(void) nvlist_remove_all(nvlcp, IPP_ACTION_STATS_ENABLE);
8801 	}
8802 
8803 	/*
8804 	 * loop throught nvlist elements and for those that are actions create
8805 	 * action ref entrys for them.
8806 	 */
8807 	nvp = nvlist_next_nvpair(nvlcp, NULL);
8808 	while (nvp != NULL) {
8809 		param = SHORT_NAME(nvpair_name(nvp));
8810 		place = PL_ANY;
8811 		ret = readtype(tfp, module, param, &type, &tmp, dfltst,
8812 		    B_FALSE, &place);
8813 		if (ret != IPQOS_CONF_SUCCESS) {
8814 			goto fail;
8815 		}
8816 
8817 		if ((place == PL_PARAMS) &&	/* avoid map entries */
8818 		    (type == IPQOS_DATA_TYPE_ACTION)) {
8819 			(void) nvpair_value_string(nvp, &act);
8820 			ret = add_aref(&params->actions, nvpair_name(nvp), act);
8821 			if (ret != IPQOS_CONF_SUCCESS) {
8822 				goto fail;
8823 			}
8824 		}
8825 
8826 		nvp = nvlist_next_nvpair(nvlcp, nvp);
8827 	}
8828 
8829 	/* assign copied nvlist to params struct */
8830 
8831 	params->nvlist = nvlcp;
8832 
8833 	(void) fclose(tfp);
8834 	return (IPQOS_CONF_SUCCESS);
8835 fail:
8836 	(void) fclose(tfp);
8837 	free_arefs(params->actions);
8838 	params->actions = NULL;
8839 	nvlist_free(nvlcp);
8840 	return (IPQOS_CONF_ERR);
8841 }
8842 
8843 /*
8844  * parses a classes nvlist returned from the kernel.
8845  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8846  */
8847 static int
8848 parse_kclass(
8849 ipqos_conf_class_t *class,
8850 nvlist_t *nvl)
8851 {
8852 
8853 	int ret;
8854 	uint32_t u32;
8855 	char *str;
8856 
8857 	IPQOSCDBG0(KRET, "In parse_kclass:\n");
8858 
8859 	/* lookup object originator */
8860 
8861 	ret = nvlist_lookup_uint32(nvl, IPP_CONFIG_ORIGINATOR, &u32);
8862 	if (ret == 0) {
8863 		class->originator = u32;
8864 	} else {
8865 		class->originator = IPP_CONFIG_IPQOSCONF;
8866 	}
8867 
8868 	/* lookup name */
8869 
8870 	(void) nvlist_lookup_string(nvl, CLASSIFIER_CLASS_NAME, &str);
8871 	(void) strlcpy(class->name, str, IPQOS_CONF_NAME_LEN);
8872 	IPQOSCDBG1(KRET, "reading class %s\n", class->name);
8873 
8874 	/* lookup next action */
8875 
8876 	(void) nvlist_lookup_string(nvl, CLASSIFIER_NEXT_ACTION, &str);
8877 	ret = add_aref(&class->alist, NULL, str);
8878 	if (ret != IPQOS_CONF_SUCCESS) {
8879 		return (IPQOS_CONF_ERR);
8880 	}
8881 
8882 	/* lookup stats enable */
8883 
8884 	ret = nvlist_lookup_uint32(nvl, CLASSIFIER_CLASS_STATS_ENABLE, &u32);
8885 	if (ret == 0) {
8886 		class->stats_enable = *(boolean_t *)&u32;
8887 	}
8888 
8889 	return (IPQOS_CONF_SUCCESS);
8890 }
8891 
8892 /*
8893  * parses a filters nvlist returned from the kernel.
8894  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8895  */
8896 static int
8897 parse_kfilter(
8898 ipqos_conf_filter_t *filter,
8899 nvlist_t *nvl)
8900 {
8901 
8902 	int ret;
8903 	char *str;
8904 	uint32_t u32;
8905 	nvlist_t *nvlcp;
8906 	char *end;
8907 
8908 	IPQOSCDBG0(KRET, "In parse_kfilter:\n");
8909 
8910 	/* make copy of passed in nvlist as it is freed by the caller */
8911 
8912 	ret = nvlist_dup(nvl, &nvlcp, 0);
8913 	if (ret != 0) {
8914 		return (IPQOS_CONF_ERR);
8915 	}
8916 
8917 	/* lookup originator */
8918 
8919 	ret = nvlist_lookup_uint32(nvlcp, IPP_CONFIG_ORIGINATOR, &u32);
8920 	if (ret == 0) {
8921 		filter->originator = u32;
8922 		(void) nvlist_remove_all(nvlcp, IPP_CONFIG_ORIGINATOR);
8923 	} else {
8924 		filter->originator = IPP_CONFIG_IPQOSCONF;
8925 	}
8926 
8927 	/* lookup filter name */
8928 
8929 	(void) nvlist_lookup_string(nvlcp, CLASSIFIER_FILTER_NAME, &str);
8930 	(void) strlcpy(filter->name, str, IPQOS_CONF_NAME_LEN);
8931 	(void) nvlist_remove_all(nvlcp, CLASSIFIER_FILTER_NAME);
8932 
8933 	/* lookup class name */
8934 
8935 	(void) nvlist_lookup_string(nvlcp, CLASSIFIER_CLASS_NAME, &str);
8936 	(void) strlcpy(filter->class_name, str, IPQOS_CONF_NAME_LEN);
8937 	(void) nvlist_remove_all(nvlcp, CLASSIFIER_CLASS_NAME);
8938 
8939 	/* lookup src and dst host names if present */
8940 
8941 	if (nvlist_lookup_string(nvlcp, IPGPC_SADDR_HOSTNAME, &str) == 0) {
8942 		filter->src_nd_name = malloc(strlen(str) + 1);
8943 		if (filter->src_nd_name) {
8944 			(void) strcpy(filter->src_nd_name, str);
8945 			(void) nvlist_remove_all(nvlcp, IPGPC_SADDR_HOSTNAME);
8946 		} else {
8947 			ipqos_msg(MT_ENOSTR, "malloc");
8948 			nvlist_free(nvlcp);
8949 			return (IPQOS_CONF_ERR);
8950 		}
8951 	}
8952 	if (nvlist_lookup_string(nvlcp, IPGPC_DADDR_HOSTNAME, &str) == 0) {
8953 		filter->dst_nd_name = malloc(strlen(str) + 1);
8954 		if (filter->dst_nd_name) {
8955 			(void) strcpy(filter->dst_nd_name, str);
8956 			(void) nvlist_remove_all(nvlcp, IPGPC_DADDR_HOSTNAME);
8957 		} else {
8958 			ipqos_msg(MT_ENOSTR, "malloc");
8959 			nvlist_free(nvlcp);
8960 			return (IPQOS_CONF_ERR);
8961 		}
8962 	}
8963 
8964 	/* lookup ip_version if present */
8965 
8966 	if (nvlist_lookup_string(nvlcp, IPGPC_FILTER_PRIVATE, &str) == 0) {
8967 		filter->ip_versions = (uint32_t)strtol(str, &end, 0);
8968 		if (end != str) {
8969 			(void) nvlist_remove_all(nvlcp, IPGPC_FILTER_PRIVATE);
8970 		} else {
8971 			ipqos_msg(MT_ERROR,
8972 			    gettext("Corrupted ip_version returned from "
8973 			    "kernel.\n"));
8974 			nvlist_free(nvlcp);
8975 			return (IPQOS_CONF_ERR);
8976 		}
8977 	}
8978 
8979 	/* lookup filter instance if present */
8980 
8981 	ret = nvlist_lookup_int32(nvlcp, IPGPC_FILTER_INSTANCE,
8982 	    &filter->instance);
8983 	if (ret != 0) {
8984 		filter->instance = -1;
8985 	} else {
8986 		(void) nvlist_remove_all(nvlcp, IPGPC_FILTER_INSTANCE);
8987 	}
8988 
8989 	/* attach new trimmed nvlist to filter */
8990 	filter->nvlist = nvlcp;
8991 
8992 	return (IPQOS_CONF_SUCCESS);
8993 }
8994 
8995 
8996 /*
8997  * determines whether action_name is a virtual action name.
8998  * RETURNS: if virtual action 1, else 0.
8999  */
9000 static int
9001 virtual_action(char *action_name)
9002 {
9003 
9004 	if (strcmp(action_name, IPP_ANAME_CONT) == 0 ||
9005 	    strcmp(action_name, IPP_ANAME_DEFER) == 0 ||
9006 	    strcmp(action_name, IPP_ANAME_DROP) == 0) {
9007 		return (1);
9008 	}
9009 
9010 	return (0);
9011 }
9012 
9013 /*
9014  * remove all the actions within the kernel. If there is a failure
9015  * modified is set to represent whether the attempt to flush modified
9016  * the configuration in any way.
9017  * RETURNS: IPQOS_CONF_ERR if the ipp_* functions return any errors,
9018  * else IPQOS_CONF_SUCCESS.
9019  */
9020 static int
9021 flush(
9022 boolean_t *modified)
9023 {
9024 
9025 	int res;
9026 	char **modnames = NULL;
9027 	int nmods;
9028 	char **actnames = NULL;
9029 	int nacts;
9030 	int x, y;
9031 
9032 	IPQOSCDBG0(L0, "In flush\n");
9033 
9034 	*modified = B_FALSE;
9035 
9036 	/*
9037 	 * get list of modules currently loaded.
9038 	 */
9039 	res = ipp_list_mods(&modnames, &nmods);
9040 	if (res != 0) {
9041 		ipqos_msg(MT_ENOSTR, "ipp_list_mods");
9042 		return (IPQOS_CONF_ERR);
9043 	}
9044 
9045 	/*
9046 	 * iterate through all the modules listing their actions and
9047 	 * deleting all of them.
9048 	 */
9049 	for (x = 0; x < nmods; x++) {
9050 		IPQOSCDBG1(APPLY, "Getting actions of module %s.\n",
9051 		    modnames[x]);
9052 		res = ipp_mod_list_actions(modnames[x], &actnames, &nacts);
9053 		if (res != 0) {
9054 			ipqos_msg(MT_ENOSTR, "ipp_mod_list_actions");
9055 			cleanup_string_table(modnames, nmods);
9056 			return (IPQOS_CONF_ERR);
9057 		}
9058 
9059 		for (y = 0; y < nacts; y++) {
9060 			IPQOSCDBG1(APPLY, "deleting action %s\n", actnames[y]);
9061 			res = ipp_action_destroy(actnames[y], IPP_DESTROY_REF);
9062 			/*
9063 			 * if fails for reason other than action doesn't
9064 			 * exist or action has dependency.
9065 			 */
9066 			if (res != 0 && errno != ENOENT && errno != EBUSY) {
9067 				ipqos_msg(MT_ENOSTR, "ipp_action_destroy");
9068 				cleanup_string_table(modnames, nmods);
9069 				cleanup_string_table(actnames, nacts);
9070 				return (IPQOS_CONF_ERR);
9071 			}
9072 
9073 			if (res == 0)
9074 				*modified = B_TRUE;
9075 		}
9076 		cleanup_string_table(actnames, nacts);
9077 	}
9078 	cleanup_string_table(modnames, nmods);
9079 
9080 	return (IPQOS_CONF_SUCCESS);
9081 }
9082 
9083 /*
9084  * Trys to flush the configuration. If it fails and nothing has been modified
9085  * and force_flush is false just return an error, otherwise persist trying to
9086  * completion.
9087  * RETURNS: IPQOS_CONF_ERR if flush attempt failed without modifying anything
9088  * and force_flush was set to false, otherwise IPQOS_CONF_SUCCESS.
9089  */
9090 static int
9091 atomic_flush(
9092 boolean_t force_flush)
9093 {
9094 	int x = 0;
9095 	int res;
9096 	boolean_t modified = B_FALSE;
9097 
9098 	/*
9099 	 * attempt first flush of config.
9100 	 */
9101 	res = flush(&modified);
9102 	if ((force_flush == B_FALSE) && (res != IPQOS_CONF_SUCCESS) &&
9103 	    (modified == B_FALSE)) {
9104 		return (IPQOS_CONF_ERR);
9105 	} else if (res == IPQOS_CONF_SUCCESS) {
9106 		return (IPQOS_CONF_SUCCESS);
9107 	}
9108 
9109 	/*
9110 	 * failed flush that modified config, or force flush set; loop till
9111 	 * successful flush.
9112 	 */
9113 	while (res != IPQOS_CONF_SUCCESS) {
9114 		if (x == 5) {	/* 10 secs since start/last message. */
9115 			ipqos_msg(MT_ERROR,
9116 			    gettext("Retrying configuration flush.\n"));
9117 			x = 0;
9118 		}
9119 		(void) sleep(2);
9120 		x++;
9121 		res = flush(&modified);
9122 	}
9123 
9124 	return (IPQOS_CONF_SUCCESS);
9125 }
9126 
9127 /*
9128  * Performs a flush of the configuration within a signal blocking region
9129  * so that there's minimal chance of it being killed and the flush only
9130  * partially completing.
9131  * RETURNS: IPQOS_CONF_SUCCESS (for symmetry with the other main functions).
9132  */
9133 static int
9134 flushconf()
9135 {
9136 	int res;
9137 
9138 	/*
9139 	 * make sure that flush is as atomic as possible.
9140 	 */
9141 	if ((res = block_all_signals()) == -1)
9142 		return (IPQOS_CONF_ERR);
9143 
9144 	res = atomic_flush(B_FALSE);
9145 
9146 	/*
9147 	 * restore signals.
9148 	 */
9149 	(void) restore_all_signals();
9150 
9151 	if (res == IPQOS_CONF_SUCCESS) {
9152 		ipqos_msg(MT_LOG, gettext("Configuration flushed.\n"));
9153 	} else {
9154 		ipqos_msg(MT_ENOSTR, "atomic_flush");
9155 	}
9156 
9157 	return (res);
9158 }
9159 
9160 static int
9161 in_string_table(char *stable[], int size, char *string)
9162 {
9163 
9164 	IPQOSCDBG1(L1, "In in_string_table: search string %s\n", string);
9165 
9166 	for (--size; size >= 0; size--) {
9167 		if (strcmp(stable[size], string) == 0) {
9168 			IPQOSCDBG1(L1, "Found %s in string table\n", string);
9169 			return (1);
9170 		}
9171 	}
9172 
9173 	return (0);
9174 }
9175 
9176 /* free the memory occupied by the string table ctable and its contents. */
9177 static void
9178 cleanup_string_table(char *ctable[], int size)
9179 {
9180 
9181 	int x;
9182 
9183 	if (ctable) {
9184 		for (x = 0; x < size; x++) {
9185 			free(ctable[x]);
9186 		}
9187 		free(ctable);
9188 	}
9189 }
9190 
9191 #if 0
9192 
9193 /*
9194  * makes a copy of a string table and returns a ptr to it.
9195  * RETURNS: NULL on error or if size was 0, else ptr to copied table.
9196  */
9197 static char **
9198 copy_string_table(char *stable1[], int size)
9199 {
9200 
9201 	char **st = NULL;
9202 	int pos;
9203 
9204 	/* create char ptr array */
9205 
9206 	st = malloc(size * sizeof (char *));
9207 	if (st == NULL) {
9208 		ipqos_msg(MT_ENOSTR, "malloc");
9209 		return (st);
9210 	}
9211 
9212 	/* create copy of each string from stable1 in array */
9213 
9214 	for (pos = size - 1; pos >= 0; pos--) {
9215 		st[pos] = malloc(strlen(stable1[pos] + 1));
9216 		if (st[pos] == NULL) {
9217 			for (pos++; pos < size; pos++)
9218 				free(st[pos]);
9219 			free(st);
9220 			ipqos_msg(MT_ENOSTR, "malloc");
9221 			return (NULL);
9222 		}
9223 
9224 		(void) strcpy(st[pos], stable1[pos]);
9225 	}
9226 
9227 	return (st);
9228 }
9229 #endif	/* 0 */
9230 
9231 /*
9232  * retry lookups on filters that soft failed a previous lookup and
9233  * were put on the retry list.
9234  * RETURNS: IPQOS_CONF_ERR on any errors, else IPQOS_CONF_SUCCESS.
9235  */
9236 static int
9237 retry_name_lookups(
9238 ipqos_conf_action_t *actions)
9239 {
9240 
9241 	ipqos_conf_action_t *act;
9242 	ipqos_conf_filter_t **new_filters;
9243 	ipqos_conf_filter_t *flt;
9244 
9245 	IPQOSCDBG0(APPLY, "In retry_name_lookups:\n");
9246 
9247 	for (act = actions; act != NULL; act = act->next) {
9248 
9249 		/* store start of new resolved filters */
9250 		LIST_END(&act->filters, &new_filters);
9251 
9252 		/*
9253 		 * do name resolution on retry list adding resolved filters
9254 		 * to end of actions filters.
9255 		 */
9256 		for (flt = act->retry_filters; flt != NULL; flt = flt->next) {
9257 
9258 			if (domultihome(flt, new_filters, B_TRUE) !=
9259 			    IPQOS_CONF_SUCCESS) {
9260 
9261 				/* if resource failure */
9262 
9263 				if (flt->nlerr == 0) {
9264 					return (IPQOS_CONF_ERR);
9265 				}
9266 			}
9267 		}
9268 
9269 		/* add the newly resolved filters to the kernel action */
9270 
9271 		for (flt = *new_filters; flt != NULL; flt = flt->next) {
9272 			if (add_filter(act->name, flt, act->module_version) !=
9273 			    IPQOS_CONF_SUCCESS) {
9274 				return (IPQOS_CONF_ERR);
9275 			}
9276 		}
9277 	}
9278 
9279 	return (IPQOS_CONF_SUCCESS);
9280 }
9281 
9282 /*
9283  * write the configuration in conf to the file given in dstpath. This
9284  * is done by writing first to a temporary file and then renaming that
9285  * file to dstpath. This assures an atomic write.
9286  * RETURNS: IPQOS_CONF_ERR on any errors, else IPQOS_CONF_SUCCESS.
9287  */
9288 static int
9289 writeconf(
9290 ipqos_conf_action_t *conf,
9291 char *dstpath)
9292 {
9293 
9294 	FILE *tmpfp;
9295 	char *tmppath;
9296 	char *pathend;
9297 	ipqos_conf_action_t *act;
9298 	int res;
9299 
9300 	IPQOSCDBG0(L0, "in writeconf\n");
9301 
9302 	/* construct tmp file path so we can use rename() */
9303 
9304 	pathend = strrchr(dstpath, '/');
9305 
9306 	/* dstpath in current dir */
9307 
9308 	if (pathend == NULL) {
9309 		tmppath = malloc(strlen("ipqosconf.tmp") + 1);
9310 		if (tmppath == NULL) {
9311 			ipqos_msg(MT_ENOSTR, "malloc");
9312 			return (IPQOS_CONF_ERR);
9313 		}
9314 		(void) strcpy(tmppath, "ipqosconf.tmp");
9315 
9316 	/* dstpath in root dir */
9317 
9318 	} else if (pathend == dstpath) {
9319 		tmppath = malloc(strlen("/ipqosconf.tmp") + 1);
9320 		if (tmppath == NULL) {
9321 			ipqos_msg(MT_ENOSTR, "malloc");
9322 			return (IPQOS_CONF_ERR);
9323 		}
9324 		(void) strcpy(tmppath, "/ipqosconf.tmp");
9325 
9326 	/* not pwd or root */
9327 
9328 	} else {
9329 		*pathend = NULL;
9330 		tmppath = malloc(strlen(dstpath) + strlen("/ipqosconf.tmp") +
9331 		    1);
9332 		if (tmppath == NULL) {
9333 			ipqos_msg(MT_ENOSTR, "malloc");
9334 			return (IPQOS_CONF_ERR);
9335 		}
9336 		(void) strcpy(tmppath, dstpath);
9337 		(void) strcat(tmppath, "/ipqosconf.tmp");
9338 		*pathend = '/';
9339 	}
9340 
9341 
9342 	/* open tmp file */
9343 
9344 	tmpfp = fopen(tmppath, "w");
9345 	if (tmpfp == NULL) {
9346 		ipqos_msg(MT_ENOSTR, "fopen");
9347 		free(tmppath);
9348 		return (IPQOS_CONF_ERR);
9349 	}
9350 
9351 	/* write out format version */
9352 
9353 	(void) fprintf(tmpfp, "%s %d.%d\n\n", IPQOS_FMT_VERSION_STR,
9354 	    IPQOS_CUR_FMT_MAJOR_VER, IPQOS_CUR_FMT_MINOR_VER);
9355 
9356 	/*
9357 	 * loop through actions in list writing ipqosconf originated
9358 	 * ones out to the tmp file.
9359 	 */
9360 	for (act = conf; act != NULL; act = act->next) {
9361 		if (act->params->originator == IPP_CONFIG_IPQOSCONF) {
9362 			res = printaction(tmpfp, act, 0, 0);
9363 			if (res != IPQOS_CONF_SUCCESS) {
9364 				free(tmppath);
9365 				(void) fclose(tmpfp);
9366 				return (res);
9367 			}
9368 		}
9369 	}
9370 	(void) fclose(tmpfp);
9371 
9372 	/* rename tmp file to dst file */
9373 
9374 	if (rename(tmppath, dstpath) != 0) {
9375 		ipqos_msg(MT_ENOSTR, "rename");
9376 		free(tmppath);
9377 		return (IPQOS_CONF_ERR);
9378 	}
9379 	free(tmppath);
9380 
9381 	return (IPQOS_CONF_SUCCESS);
9382 }
9383 
9384 /*
9385  * read the configuration back from the kernel and then write each of the
9386  * actions read to IPQOS_CONF_INIT_PATH.
9387  * RETURNS: IPQOS_CONF_ERR if error, else IPQOS_CONF_SUCCESS.
9388  */
9389 static int
9390 commitconf()
9391 {
9392 
9393 	int ret;
9394 	ipqos_conf_action_t *conf;
9395 
9396 	IPQOSCDBG0(L0, "In commitconf\n");
9397 
9398 	/* read the configuration from the kernel */
9399 
9400 	ret = readkconf(&conf);
9401 	if (ret != IPQOS_CONF_SUCCESS) {
9402 		return (IPQOS_CONF_ERR);
9403 	}
9404 
9405 	/* dissallow a null config to be stored (we can't read one in) */
9406 
9407 	if (conf == NULL) {
9408 		ipqos_msg(MT_ERROR,
9409 		    gettext("Can't commit a null configuration.\n"));
9410 		return (IPQOS_CONF_ERR);
9411 	}
9412 
9413 	/* make sure if we create file that perms are 644 */
9414 
9415 	(void) umask(S_IXUSR | S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH);
9416 
9417 	/* write the configuration to the init file */
9418 
9419 	ret = writeconf(conf, IPQOS_CONF_INIT_PATH);
9420 	if (ret != IPQOS_CONF_SUCCESS) {
9421 		return (IPQOS_CONF_ERR);
9422 	}
9423 
9424 	ipqos_msg(MT_LOG,
9425 	    gettext("Current configuration saved to init file.\n"));
9426 
9427 	return (IPQOS_CONF_SUCCESS);
9428 }
9429 
9430 /*
9431  * Called in the event of a failed rollback. It first flushes the
9432  * current configuration, then attempts to apply the oconf (the old
9433  * one), and if that fails flushes again.
9434  *
9435  * RETURNS: IPQOS_CONF_ERR if the application of old config fails,
9436  * else IPQOS_CONF_SUCCESS.
9437  */
9438 static int
9439 rollback_recover(
9440 ipqos_conf_action_t *oconf)
9441 {
9442 	int res;
9443 
9444 	IPQOSCDBG0(RBK, "In rollback_recover\n");
9445 
9446 	/*
9447 	 * flush configuration.
9448 	 */
9449 	(void) atomic_flush(B_TRUE);
9450 
9451 	/*
9452 	 * mark all elements of old config for application.
9453 	 */
9454 	mark_config_new(oconf);
9455 
9456 	/*
9457 	 * attempt to apply old config.
9458 	 */
9459 	res = applydiff(oconf, NULL);
9460 	/*
9461 	 * if failed force flush of config.
9462 	 */
9463 	if (res != IPQOS_CONF_SUCCESS) {
9464 		(void) atomic_flush(B_TRUE);
9465 		return (IPQOS_CONF_ERR);
9466 	}
9467 
9468 	return (IPQOS_CONF_SUCCESS);
9469 }
9470 
9471 /*
9472  * read and apply the configuration contained if file ifile to the kernel.
9473  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
9474  */
9475 static int
9476 applyconf(char *ifile)
9477 {
9478 
9479 	FILE *ifp;
9480 	ipqos_conf_action_t *conf = NULL;
9481 	ipqos_conf_action_t *oconf = NULL;
9482 	ipqos_conf_action_t *act, *oact;
9483 	int res;
9484 
9485 	IPQOSCDBG0(L0, "In applyconf:\n");
9486 
9487 
9488 	/* if filename '-' read from stdin */
9489 
9490 	if (strcmp(ifile, "-") == 0) {
9491 		ifp = stdin;
9492 	} else {
9493 		ifp = fopen(ifile, "r");
9494 		if (ifp == NULL) {
9495 			ipqos_msg(MT_ERROR,
9496 			    gettext("Opening file %s for read: %s.\n"),
9497 			    ifile, strerror(errno));
9498 			return (IPQOS_CONF_ERR);
9499 		}
9500 	}
9501 
9502 	/* read in new configuration */
9503 
9504 	res = readconf(ifp, &conf);
9505 	if (res != IPQOS_CONF_SUCCESS) {
9506 		goto fail;
9507 	}
9508 
9509 	/* check configuration is valid */
9510 
9511 	res = validconf(conf, 1);
9512 	if (res != IPQOS_CONF_SUCCESS) {
9513 		goto fail;
9514 	}
9515 
9516 	/* read in kernel configuration */
9517 
9518 	res = readkconf(&oconf);
9519 	if (res != IPQOS_CONF_SUCCESS) {
9520 		goto fail;
9521 	}
9522 
9523 	/*
9524 	 * check there are no same named actions in both config file and the
9525 	 * the kernel that are for a different module. The application
9526 	 * system can't handle these as we would try to add the new
9527 	 * action before we deleted the old one and because actions
9528 	 * in the kernel are indexed solely on their name (their module
9529 	 * isn't included) the kernel would return an error. We want
9530 	 * to avoid this error and the resulting rollback.
9531 	 */
9532 	for (act = conf; act != NULL; act = act->next) {
9533 		for (oact = oconf; oact != NULL; oact = oact->next) {
9534 			/* found action */
9535 			if (strcmp(act->name, oact->name) == 0) {
9536 				/* different module */
9537 				if (strcmp(act->module, oact->module) != 0) {
9538 					ipqos_msg(MT_ERROR,
9539 					    gettext("Action at line %u has "
9540 					    "same name as currently "
9541 					    "installed action, but is for a "
9542 					    "different module.\n"),
9543 					    act->lineno);
9544 					goto fail;
9545 				/* same module - stop search */
9546 				} else {
9547 					break;
9548 				}
9549 			}
9550 		}
9551 	}
9552 
9553 
9554 	/* create links between actions for use with deletions etc.. */
9555 
9556 	res = validconf(oconf, 0);
9557 	if (res != IPQOS_CONF_SUCCESS) {
9558 		goto fail;
9559 	}
9560 
9561 	/* diff conf file against kernel */
9562 
9563 	res = diffconf(oconf, conf);
9564 	if (res != IPQOS_CONF_SUCCESS) {
9565 		goto fail;
9566 	}
9567 
9568 	/* make kernel mods as atomic as possible */
9569 
9570 	if ((res = block_all_signals()) == -1) {
9571 		res = IPQOS_CONF_ERR;
9572 		goto fail;
9573 	}
9574 
9575 	/* apply difference to kernel */
9576 
9577 	res = applydiff(conf, oconf);
9578 #ifdef	_IPQOS_CONF_DEBUG
9579 	if (force_rback || res != IPQOS_CONF_SUCCESS) {
9580 #else
9581 	if (res != IPQOS_CONF_SUCCESS) {
9582 #endif	/* _IPQOS_CONF_DEBUG */
9583 
9584 		res = rollback(conf, oconf);
9585 		if (res != IPQOS_CONF_SUCCESS) {
9586 			res = rollback_recover(oconf);
9587 			if (res != IPQOS_CONF_SUCCESS) {
9588 				/* system left flushed */
9589 				ipqos_msg(MT_ERROR,
9590 				    gettext("Failed to rollback from failed "
9591 				    "configuration, configuration flushed.\n"));
9592 				res = IPQOS_CONF_RECOVER_ERR;
9593 			} else {	/* old config re-applied */
9594 				ipqos_msg(MT_ERROR,
9595 				    gettext("Configuration failed, system "
9596 				    "state unchanged.\n"));
9597 				res = IPQOS_CONF_ERR;
9598 			}
9599 		} else {
9600 			ipqos_msg(MT_ERROR,
9601 			    gettext("Configuration failed, system "
9602 			    "state unchanged.\n"));
9603 			res = IPQOS_CONF_ERR;
9604 		}
9605 		goto fail;
9606 	}
9607 
9608 	/* retry any soft name lookup failures */
9609 
9610 	res = retry_name_lookups(conf);
9611 	if (res != IPQOS_CONF_SUCCESS) {
9612 		res = rollback(conf, oconf);
9613 		if (res != IPQOS_CONF_SUCCESS) {
9614 			res = rollback_recover(oconf);
9615 			if (res != IPQOS_CONF_SUCCESS) {
9616 			/* system left flushed */
9617 				ipqos_msg(MT_ERROR,
9618 				    gettext("Failed to rollback from failed "
9619 				    "configuration, configuration flushed.\n"));
9620 				res = IPQOS_CONF_RECOVER_ERR;
9621 			} else {	/* old config re-applied */
9622 				ipqos_msg(MT_ERROR,
9623 				    gettext("Configuration failed, system "
9624 				    "state unchanged.\n"));
9625 				res = IPQOS_CONF_ERR;
9626 			}
9627 		} else {
9628 			ipqos_msg(MT_ERROR,
9629 			    gettext("Configuration failed, system "
9630 			    "state unchanged.\n"));
9631 			res = IPQOS_CONF_ERR;
9632 		}
9633 		goto fail;
9634 
9635 	}
9636 
9637 	ipqos_msg(MT_LOG, gettext("IPQoS configuration applied.\n"));
9638 
9639 	/* re-enable signals */
9640 	(void) restore_all_signals();
9641 
9642 	(void) fclose(ifp);
9643 	free_actions(conf);
9644 	free_actions(oconf);
9645 	return (IPQOS_CONF_SUCCESS);
9646 fail:
9647 	(void) fclose(ifp);
9648 	(void) restore_all_signals();
9649 	if (conf)
9650 		free_actions(conf);
9651 	if (oconf)
9652 		free_actions(oconf);
9653 	if (res == IPQOS_CONF_RECOVER_ERR)
9654 		ipqos_msg(MT_LOG, gettext("Configuration flushed.\n"));
9655 	return (res);
9656 }
9657 
9658 static sigset_t set, oset;
9659 
9660 static int
9661 block_all_signals()
9662 {
9663 	if (sigfillset(&set) == -1) {
9664 		ipqos_msg(MT_ENOSTR, "sigfillset");
9665 		return (-1);
9666 	}
9667 	if (sigprocmask(SIG_SETMASK, &set, &oset) == -1) {
9668 		ipqos_msg(MT_ENOSTR, "sigprocmask");
9669 		return (-1);
9670 	}
9671 	return (0);
9672 }
9673 
9674 static int
9675 restore_all_signals()
9676 {
9677 	if (sigprocmask(SIG_SETMASK, &oset, NULL) == -1) {
9678 		ipqos_msg(MT_ENOSTR, "sigprocmask");
9679 		return (-1);
9680 	}
9681 	return (0);
9682 }
9683 
9684 static int
9685 unlock(int fd)
9686 {
9687 	if (lockf(fd, F_ULOCK, 0) == -1) {
9688 		ipqos_msg(MT_ENOSTR, "lockf");
9689 		return (-1);
9690 	}
9691 	return (0);
9692 }
9693 
9694 static int
9695 lock()
9696 {
9697 	int fd;
9698 	struct stat sbuf1;
9699 	struct stat sbuf2;
9700 
9701 	/*
9702 	 * Open the file with O_CREAT|O_EXCL. If it exists already, it
9703 	 * will fail. If it already exists, check whether it looks like
9704 	 * the one we created.
9705 	 */
9706 	(void) umask(0077);
9707 	if ((fd = open(IPQOS_CONF_LOCK_FILE, O_EXCL|O_CREAT|O_RDWR,
9708 	    S_IRUSR|S_IWUSR)) == -1) {
9709 		if (errno != EEXIST) {
9710 			/* Some other problem. */
9711 			ipqos_msg(MT_ENOSTR,
9712 			    gettext("Cannot open lock file %s"),
9713 			    IPQOS_CONF_LOCK_FILE);
9714 			return (-1);
9715 		}
9716 
9717 		/*
9718 		 * open() returned an EEXIST error. We don't fail yet
9719 		 * as it could be a residual from a previous
9720 		 * execution. However, we need to clear errno here.
9721 		 * If we don't and print_cmd_buf() is later invoked
9722 		 * as the result of a parsing error, it
9723 		 * will assume that the current error is EEXIST and
9724 		 * that a corresponding error message has already been
9725 		 * printed, which results in an incomplete error
9726 		 * message. If errno is zero, print_cmd_buf() will
9727 		 * assume that it is called as a result of a
9728 		 * parsing error and will print the appropriate
9729 		 * error message.
9730 		 */
9731 		errno = 0;
9732 
9733 		/*
9734 		 * File exists. make sure it is OK. We need to lstat()
9735 		 * as fstat() stats the file pointed to by the symbolic
9736 		 * link.
9737 		 */
9738 		if (lstat(IPQOS_CONF_LOCK_FILE, &sbuf1) == -1) {
9739 			ipqos_msg(MT_ENOSTR,
9740 			    gettext("Cannot lstat lock file %s\n"),
9741 			    IPQOS_CONF_LOCK_FILE);
9742 			return (-1);
9743 		}
9744 		/*
9745 		 * Check whether it is a regular file and not a symbolic
9746 		 * link. Its link count should be 1. The owner should be
9747 		 * root and the file should be empty.
9748 		 */
9749 		if (!S_ISREG(sbuf1.st_mode) ||
9750 		    sbuf1.st_nlink != 1 ||
9751 		    sbuf1.st_uid != 0 ||
9752 		    sbuf1.st_size != 0) {
9753 			ipqos_msg(MT_ERROR, gettext("Bad lock file %s.\n"),
9754 			    IPQOS_CONF_LOCK_FILE);
9755 			return (-1);
9756 		}
9757 		if ((fd = open(IPQOS_CONF_LOCK_FILE, O_CREAT|O_RDWR,
9758 		    S_IRUSR|S_IWUSR)) == -1) {
9759 			ipqos_msg(MT_ENOSTR,
9760 			    gettext("Cannot open lock file %s"),
9761 			    IPQOS_CONF_LOCK_FILE);
9762 			return (-1);
9763 		}
9764 
9765 		/* Check whether we opened the file that we lstat()ed. */
9766 		if (fstat(fd, &sbuf2) == -1) {
9767 			ipqos_msg(MT_ENOSTR,
9768 			    gettext("Cannot fstat lock file %s\n"),
9769 			    IPQOS_CONF_LOCK_FILE);
9770 			return (-1);
9771 		}
9772 		if (sbuf1.st_dev != sbuf2.st_dev ||
9773 		    sbuf1.st_ino != sbuf2.st_ino) {
9774 			/* File changed after we did the lstat() above */
9775 			ipqos_msg(MT_ERROR, gettext("Bad lock file %s.\n"),
9776 			    IPQOS_CONF_LOCK_FILE);
9777 			return (-1);
9778 		}
9779 	}
9780 	if (lockf(fd, F_LOCK, 0) == -1) {
9781 		ipqos_msg(MT_ENOSTR, "lockf");
9782 		return (-1);
9783 	}
9784 	return (fd);
9785 }
9786 
9787 /*
9788  * print the current kernel configuration out to stdout. If viewall
9789  * is set this causes more verbose configuration listing including
9790  * showing objects we didn't create, each instance of a mhome filter,
9791  * etc.. see printaction().
9792  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
9793  */
9794 
9795 static int
9796 viewconf(int viewall)
9797 {
9798 
9799 	ipqos_conf_action_t *conf = NULL;
9800 	ipqos_conf_action_t *act;
9801 	int ret;
9802 
9803 	IPQOSCDBG0(L0, "In viewconf\n");
9804 
9805 	/* get kernel configuration */
9806 
9807 	ret = readkconf(&conf);
9808 	if (ret != IPQOS_CONF_SUCCESS) {
9809 		return (IPQOS_CONF_ERR);
9810 	}
9811 
9812 	/* write out format version */
9813 
9814 	if (conf != NULL) {
9815 		(void) fprintf(stdout, "%s %d.%d\n\n", IPQOS_FMT_VERSION_STR,
9816 		    IPQOS_CUR_FMT_MAJOR_VER, IPQOS_CUR_FMT_MINOR_VER);
9817 	}
9818 
9819 	/* print each of the actions in the kernel config to stdout */
9820 
9821 	for (act = conf; act != NULL; act = act->next) {
9822 		ret = printaction(stdout, act, viewall, 0);
9823 		if (ret != IPQOS_CONF_SUCCESS) {
9824 			free_actions(conf);
9825 			return (ret);
9826 		}
9827 		(void) fprintf(stdout, "\n");
9828 	}
9829 
9830 	free_actions(conf);
9831 
9832 	return (IPQOS_CONF_SUCCESS);
9833 }
9834 
9835 
9836 /*
9837  * debug function that reads the config file and prints it out after
9838  * interpreting to stdout.
9839  */
9840 #ifdef	_IPQOS_CONF_DEBUG
9841 static int
9842 viewcfile(char *cfile)
9843 {
9844 
9845 	ipqos_conf_action_t *conf;
9846 	ipqos_conf_action_t *act;
9847 	int res;
9848 	FILE *ifp;
9849 	int viewall = 1;
9850 
9851 	IPQOSCDBG0(L0, "In viewcfile\n");
9852 	ifp = fopen(cfile, "r");
9853 	if (ifp == NULL) {
9854 		ipqos_msg(MT_ERROR, gettext("Opening file %s for read: %s.\n"),
9855 		    cfile, strerror(errno));
9856 		return (IPQOS_CONF_ERR);
9857 	}
9858 
9859 	res = readconf(ifp, &conf);
9860 	if (res != IPQOS_CONF_SUCCESS) {
9861 		free(ifp);
9862 		return (IPQOS_CONF_ERR);
9863 	}
9864 
9865 	/* print each of the actions in the kernel config to stdout */
9866 	for (act = conf; act != NULL; act = act->next) {
9867 		res = printaction(stdout, act, viewall, 0);
9868 		if (res != IPQOS_CONF_SUCCESS) {
9869 			free(ifp);
9870 			return (res);
9871 		}
9872 
9873 		(void) fprintf(stdout, "\n");
9874 	}
9875 
9876 	(void) fprintf(stdout, "\n");
9877 
9878 
9879 	return (IPQOS_CONF_SUCCESS);
9880 }
9881 #endif	/* _IPQOS_CONF_DEBUG */
9882 
9883 static void
9884 usage(void)
9885 {
9886 	(void) fprintf(stderr, gettext("usage:\n"
9887 	    "\tipqosconf [-sv] -a file|-\n"
9888 	    "\tipqosconf -c\n"
9889 	    "\tipqosconf -l\n"
9890 	    "\tipqosconf -L\n"
9891 	    "\tipqosconf -f\n"));
9892 }
9893 
9894 int
9895 main(int argc, char *argv[])
9896 {
9897 
9898 	int c;
9899 	char *ifile = NULL;
9900 	int args;
9901 	int ret;
9902 	int cmd;
9903 	int viewall = 0;
9904 	int lfp;
9905 
9906 	/* init global flags */
9907 	use_syslog = verbose = 0;
9908 
9909 	/* init current line number */
9910 	lineno = 0;
9911 
9912 	/* setup internationalisation */
9913 
9914 	(void) setlocale(LC_ALL, "");
9915 #if	!defined(TEXT_DOMAIN)
9916 #define	TEXT_DOMAIN "SYS_TEST"
9917 #endif
9918 	(void) textdomain(TEXT_DOMAIN);
9919 
9920 	/* setup syslog parameters */
9921 	openlog("ipqosconf", 0, LOG_USER);
9922 
9923 	args = 0;
9924 
9925 /* enable debug options */
9926 
9927 #ifdef	_IPQOS_CONF_DEBUG
9928 #define	DBGOPTS	"rz:"
9929 #else
9930 #define	DBGOPTS
9931 #endif	/* _IPQOS_CONF_DEBUG */
9932 
9933 	while ((c = getopt(argc, argv, "sca:vflL" DBGOPTS)) != EOF) {
9934 		switch (c) {
9935 #ifdef	_IPQOS_CONF_DEBUG
9936 			case 'z':
9937 				cmd = -1;
9938 				ifile = optarg;
9939 				if (*ifile == '\0') {
9940 					usage();
9941 					exit(1);
9942 				}
9943 				args++;
9944 				break;
9945 			case 'r':
9946 				force_rback++;
9947 				break;
9948 #endif	/* _IPQOS_CONF_DEBUG */
9949 			case 'c':
9950 				cmd = IPQOS_CONF_COMMIT;
9951 				args++;
9952 				break;
9953 			case 'a':
9954 				cmd = IPQOS_CONF_APPLY;
9955 				ifile = optarg;
9956 				if (*ifile == '\0') {
9957 					usage();
9958 					exit(1);
9959 				}
9960 				args++;
9961 				break;
9962 			case 'f':
9963 				cmd = IPQOS_CONF_FLUSH;
9964 				args++;
9965 				break;
9966 			case 'l':
9967 				cmd = IPQOS_CONF_VIEW;
9968 				args++;
9969 				break;
9970 			case 'L':
9971 				cmd = IPQOS_CONF_VIEW;
9972 				viewall++;
9973 				args++;
9974 				break;
9975 			case 'v':
9976 				verbose++;
9977 				break;
9978 			case 's':
9979 				use_syslog++;
9980 				break;
9981 			case '?':
9982 				usage();
9983 				return (1);
9984 		}
9985 	}
9986 
9987 	/*
9988 	 * dissallow non-option args, > 1 cmd args and syslog/verbose flags set
9989 	 * for anything but apply.
9990 	 */
9991 	if (optind != argc || args > 1 ||
9992 	    use_syslog && cmd != IPQOS_CONF_APPLY ||
9993 	    verbose && cmd != IPQOS_CONF_APPLY) {
9994 		usage();
9995 		exit(1);
9996 	}
9997 
9998 	/* if no cmd option then show config */
9999 
10000 	if (args == 0) {
10001 		cmd = IPQOS_CONF_VIEW;
10002 	}
10003 
10004 	/* stop concurrent ipqosconf invocations */
10005 	lfp = lock();
10006 	if (lfp == -1) {
10007 		exit(1);
10008 	}
10009 
10010 	switch (cmd) {
10011 #ifdef	_IPQOS_CONF_DEBUG
10012 		case -1:
10013 			ret = viewcfile(ifile);
10014 			break;
10015 #endif	/* _IPQOS_CONF_DEBUG */
10016 		case IPQOS_CONF_APPLY:
10017 			ret = applyconf(ifile);
10018 			break;
10019 		case IPQOS_CONF_COMMIT:
10020 			ret = commitconf();
10021 			break;
10022 		case IPQOS_CONF_VIEW:
10023 			ret = viewconf(viewall);
10024 			break;
10025 		case IPQOS_CONF_FLUSH:
10026 			ret = flushconf();
10027 			break;
10028 	}
10029 
10030 	(void) unlock(lfp);
10031 
10032 	return (ret);
10033 
10034 }
10035