xref: /titanic_50/usr/src/cmd/cmd-inet/usr.sbin/ipqosconf/ipqosconf.c (revision 8461248208fabd3a8230615f8615e5bf1b4dcdcb)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /* enable debug output and some debug asserts */
30 #undef	_IPQOS_CONF_DEBUG
31 
32 #include <stdlib.h>
33 #include <unistd.h>
34 #include <libintl.h>
35 #include <signal.h>
36 #include <strings.h>
37 #include <sys/nvpair.h>
38 #include <stdio.h>
39 #include <netinet/in.h>
40 #include <arpa/inet.h>
41 #include <ctype.h>
42 #include <sys/socket.h>
43 #include <limits.h>
44 #include <netdb.h>
45 #include <fcntl.h>
46 #include <sys/types.h>
47 #include <sys/stat.h>
48 #include <errno.h>
49 #include <libipp.h>
50 #include <ipp/ipp_config.h>
51 #include <ipp/ipgpc/ipgpc.h>
52 #include <ipp/ipp.h>
53 #ifdef	_IPQOS_CONF_DEBUG
54 #include <assert.h>
55 #endif
56 #include <sys/sockio.h>
57 #include <syslog.h>
58 #include <stdarg.h>
59 #include <libintl.h>
60 #include <locale.h>
61 #include <pwd.h>
62 #include "ipqosconf.h"
63 
64 #if	defined(_IPQOS_CONF_DEBUG)
65 
66 /* debug level */
67 static int ipqosconf_dbg_flgs =
68 /*
69  */
70 RBK |
71 MHME |
72 KRET |
73 DIFF |
74 APPLY |
75 L2 |
76 L1 |
77 L0 |
78 0;
79 
80 
81 
82 #define	IPQOSCDBG0(lvl, x)\
83 	if (lvl & ipqosconf_dbg_flgs)\
84 		(void) fprintf(stderr, x)
85 
86 #define	IPQOSCDBG1(lvl, x, y)\
87 	if (lvl & ipqosconf_dbg_flgs)\
88 		(void) fprintf(stderr, x, y)
89 
90 #define	IPQOSCDBG2(lvl, x, y, z)\
91 	if (lvl & ipqosconf_dbg_flgs)\
92 		(void) fprintf(stderr, x, y, z)
93 
94 #define	IPQOSCDBG3(lvl, x, y, z, a)\
95 	if (lvl & ipqosconf_dbg_flgs)\
96 		(void) fprintf(stderr, x, y, z, a)
97 
98 #define	IPQOSCDBG4(lvl, x, y, z, a, b)\
99 	if (lvl & ipqosconf_dbg_flgs)\
100 		(void) fprintf(stderr, x, y, z, a, b)
101 
102 #define	IPQOSCDBG5(lvl, x, y, z, a, b, c)\
103 	if (lvl & ipqosconf_dbg_flgs)\
104 		(void) fprintf(stderr, x, y, z, a, b, c)
105 
106 #else	/* defined(_IPQOS_CONF_DEBUG) && !defined(lint) */
107 
108 #define	IPQOSCDBG0(lvl, x)
109 #define	IPQOSCDBG1(lvl, x, y)
110 #define	IPQOSCDBG2(lvl, x, y, z)
111 #define	IPQOSCDBG3(lvl, x, y, z, a)
112 #define	IPQOSCDBG4(lvl, x, y, z, a, b)
113 #define	IPQOSCDBG5(lvl, x, y, z, a, b, c)
114 
115 #endif	/* defined(_IPQOS_CONF_DEBUG) */
116 
117 
118 
119 /* function prototypes */
120 
121 static int modify_params(char *, nvlist_t **, int, boolean_t);
122 static int add_class(char *, char *, int, boolean_t, char *);
123 static int modify_class(char *, char *, int, boolean_t, char *,
124     enum ipp_flags);
125 static int remove_class(char *, char *, int, enum ipp_flags);
126 static int add_filter(char *, ipqos_conf_filter_t *, int);
127 static int modify_filter(char *, ipqos_conf_filter_t *, int);
128 static int remove_filter(char *, char *, int, int);
129 static boolean_t arrays_equal(int *, int *, uint32_t);
130 static int diffclass(ipqos_conf_class_t *, ipqos_conf_class_t *);
131 static int diffparams(ipqos_conf_params_t *, ipqos_conf_params_t *, char *);
132 static int difffilter(ipqos_conf_filter_t *, ipqos_conf_filter_t *, char *);
133 static int add_filters(ipqos_conf_filter_t *, char *, int, boolean_t);
134 static int add_classes(ipqos_conf_class_t *, char *,  int, boolean_t);
135 static int modify_items(ipqos_conf_action_t *);
136 static int add_items(ipqos_conf_action_t *, boolean_t);
137 static int add_item(ipqos_conf_action_t *, boolean_t);
138 static int remove_items(ipqos_conf_action_t *, boolean_t);
139 static int remove_item(ipqos_conf_action_t *, boolean_t);
140 static int undo_modifys(ipqos_conf_action_t *, ipqos_conf_action_t *);
141 static int applydiff(ipqos_conf_action_t *, ipqos_conf_action_t *);
142 static int rollback(ipqos_conf_action_t *, ipqos_conf_action_t *);
143 static int rollback_recover(ipqos_conf_action_t *);
144 static ipqos_conf_class_t *classexist(char *, ipqos_conf_class_t *);
145 static ipqos_conf_filter_t *filterexist(char *, int, ipqos_conf_filter_t *);
146 static ipqos_conf_action_t *actionexist(char *, ipqos_conf_action_t *);
147 static int diffnvlists(nvlist_t *, nvlist_t *, char *, int *, place_t);
148 static int diffaction(ipqos_conf_action_t *, ipqos_conf_action_t *);
149 static int diffconf(ipqos_conf_action_t *, ipqos_conf_action_t *);
150 static int readllong(char *, long long *, char **);
151 static int readuint8(char *, uint8_t *, char **);
152 static int readuint16(char *, uint16_t *, char **);
153 static int readint16(char *, int16_t *, char **);
154 static int readint32(char *, int *, char **);
155 static int readuint32(char *, uint32_t *, char **);
156 static int readbool(char *, boolean_t *);
157 static void setmask(int, in6_addr_t *, int);
158 static int readtoken(FILE *, char **);
159 static nvpair_t *find_nvpair(nvlist_t *, char *);
160 static char *prepend_module_name(char *, char *);
161 static int readnvpair(FILE *, FILE *, nvlist_t **, nvpair_t **,
162     ipqos_nvtype_t *, place_t, char *);
163 static int add_aref(ipqos_conf_act_ref_t **, char *, char *);
164 static int readparams(FILE *, FILE *, char *, ipqos_conf_params_t *);
165 static int readclass(FILE *, char *, ipqos_conf_class_t **, char **, int);
166 static int readfilter(FILE *, FILE *, char *, ipqos_conf_filter_t **, char **,
167     int);
168 static FILE *validmod(char *, int *);
169 static int readaction(FILE *, ipqos_conf_action_t **);
170 static int actions_unique(ipqos_conf_action_t *, char **);
171 static int validconf(ipqos_conf_action_t *, int);
172 static int readconf(FILE *, ipqos_conf_action_t **);
173 static int flush(boolean_t *);
174 static int atomic_flush(boolean_t);
175 static int flushconf();
176 static int writeconf(ipqos_conf_action_t *, char *);
177 static int commitconf();
178 static int applyconf(char *ifile);
179 static int block_all_signals();
180 static int restore_all_signals();
181 static int unlock(int fd);
182 static int lock();
183 static int viewconf(int);
184 static void usage();
185 static int valid_name(char *);
186 static int in_cycle(ipqos_conf_action_t *);
187 static int readtype(FILE *, char *, char *, ipqos_nvtype_t *, str_val_nd_t **,
188     char *, boolean_t, place_t *);
189 static int read_int_array_info(char *, str_val_nd_t **, uint32_t *, int *,
190     int *, char *);
191 static str_val_nd_t *read_enum_nvs(char *, char *);
192 static int add_str_val_entry(str_val_nd_t **, char *, uint32_t);
193 static void free_str_val_entrys(str_val_nd_t *);
194 static void get_str_val_value_range(str_val_nd_t *, int *, int *);
195 static int read_enum_value(FILE *, char *, str_val_nd_t *, uint32_t *);
196 static int read_mapped_values(FILE *, nvlist_t **, char *, char *,
197     int);
198 static int read_int_array(FILE *, char *, int **, uint32_t, int, int,
199     str_val_nd_t *);
200 static int str_val_list_lookup(str_val_nd_t *, char *, uint32_t *);
201 static int parse_kparams(char *, ipqos_conf_params_t *, nvlist_t *);
202 static int parse_kclass(ipqos_conf_class_t *, nvlist_t *);
203 static int parse_kfilter(ipqos_conf_filter_t *, nvlist_t *);
204 static int parse_kaction(nvlist_t *, ipqos_actinfo_prm_t *);
205 static int readkconf(ipqos_conf_action_t **);
206 static void print_int_array(FILE *, int *, uint32_t, int, int, str_val_nd_t *,
207     int);
208 static void printrange(FILE *fp, uint32_t, uint32_t);
209 static void printenum(FILE *, uint32_t, str_val_nd_t *);
210 static void printproto(FILE *, uint8_t);
211 static void printport(FILE *, uint16_t);
212 static int printnvlist(FILE *, char *, nvlist_t *, int, ipqos_conf_filter_t *,
213     int, place_t);
214 static int virtual_action(char *);
215 static void free_arefs(ipqos_conf_act_ref_t *);
216 static void print_action_nm(FILE *, char *);
217 static int add_orig_ipqosconf(nvlist_t *);
218 static char *get_originator_nm(uint32_t);
219 static void mark_classes_filters_new(ipqos_conf_action_t *);
220 static void mark_classes_filters_del(ipqos_conf_action_t *);
221 static void mark_config_new(ipqos_conf_action_t *);
222 static int printifname(FILE *, int);
223 static int readifindex(char *, int *);
224 static void cleanup_string_table(char **, int);
225 static int domultihome(ipqos_conf_filter_t *, ipqos_conf_filter_t **,
226     boolean_t);
227 static int dup_filter(ipqos_conf_filter_t *, ipqos_conf_filter_t **, int, int,
228     void *, void *, int);
229 static void free_actions(ipqos_conf_action_t *);
230 static ipqos_conf_filter_t *alloc_filter();
231 static void free_filter(ipqos_conf_filter_t *);
232 static int read_curl_begin(FILE *);
233 static ipqos_conf_class_t *alloc_class(void);
234 static int diffclasses(ipqos_conf_action_t *old, ipqos_conf_action_t *new);
235 static int difffilters(ipqos_conf_action_t *old, ipqos_conf_action_t *new);
236 static int dup_class(ipqos_conf_class_t *src, ipqos_conf_class_t **dst);
237 static int add_action(ipqos_conf_action_t *act);
238 static int masktocidr(int af, in6_addr_t *mask);
239 static int read_perm_items(int, FILE *, char *, char ***, int *);
240 static int in_string_table(char *stable[], int size, char *string);
241 static void list_end(ipqos_list_el_t **listp, ipqos_list_el_t ***lendpp);
242 static void add_to_list(ipqos_list_el_t **listp, ipqos_list_el_t *el);
243 static int read_cfile_ver(FILE *, char *);
244 static char *quote_ws_string(const char *);
245 static int read_tfile_ver(FILE *, char *, char *);
246 static int ver_str_to_int(char *);
247 static void printuser(FILE *fp, uid_t uid);
248 static int readuser(char *str, uid_t *uid);
249 
250 /*
251  * macros to call list functions with the more complex list element type
252  * cast to the skeletal type iqpos_list_el_t.
253  */
254 #define	LIST_END(list, end)\
255 	list_end((ipqos_list_el_t **)list,  (ipqos_list_el_t ***)end)
256 #define	ADD_TO_LIST(list, el)\
257 	add_to_list((ipqos_list_el_t **)list, (ipqos_list_el_t *)el)
258 
259 /*
260  *	Macros to produce a quoted string containing the value of a
261  *	preprocessor macro. For example, if SIZE is defined to be 256,
262  *	VAL2STR(SIZE) is "256". This is used to construct format
263  *	strings for scanf-family functions below.
264  */
265 #define	QUOTE(x)	#x
266 #define	VAL2STR(x)	QUOTE(x)
267 
268 
269 /* globals */
270 
271 /* table of supported parameter types and enum value */
272 static str_val_t nv_types[] = {
273 {"uint8",		IPQOS_DATA_TYPE_UINT8},
274 {"int16",		IPQOS_DATA_TYPE_INT16},
275 {"uint16",		IPQOS_DATA_TYPE_UINT16},
276 {"int32",		IPQOS_DATA_TYPE_INT32},
277 {"uint32",		IPQOS_DATA_TYPE_UINT32},
278 {"boolean",		IPQOS_DATA_TYPE_BOOLEAN},
279 {"string",		IPQOS_DATA_TYPE_STRING},
280 {"action",		IPQOS_DATA_TYPE_ACTION},
281 {"address",		IPQOS_DATA_TYPE_ADDRESS},
282 {"port",		IPQOS_DATA_TYPE_PORT},
283 {"protocol",		IPQOS_DATA_TYPE_PROTO},
284 {"enum",		IPQOS_DATA_TYPE_ENUM},
285 {"ifname",		IPQOS_DATA_TYPE_IFNAME},
286 {"mindex",		IPQOS_DATA_TYPE_M_INDEX},
287 {"int_array",		IPQOS_DATA_TYPE_INT_ARRAY},
288 {"user",		IPQOS_DATA_TYPE_USER},
289 {"",			0}
290 };
291 
292 /* table of name to id mappings for originator field */
293 
294 static str_val_t originators[] = {
295 {IPP_CONFIG_NAME_PERMANENT,	IPP_CONFIG_PERMANENT},
296 {IPP_CONFIG_NAME_IPQOSCONF,	IPP_CONFIG_IPQOSCONF},
297 {IPP_CONFIG_NAME_FTPCL,		IPP_CONFIG_FTPCL},
298 {"", -1}
299 };
300 
301 /* current parse line */
302 static int lineno;
303 
304 /* verbose output flag */
305 static int verbose;
306 
307 /* use syslog for msg reporting flag */
308 static int use_syslog;
309 
310 #ifdef	_IPQOS_CONF_DEBUG
311 /*
312  * flag used to indicate that a rollback should be carried out regardless.
313  * Only settable during debug.
314  */
315 static int force_rback = 0;
316 #endif	/* _IPQOS_CONF_DEBUG */
317 
318 /*
319  * delivers messages to either syslog or stderr, dependant upon the
320  * the state of the flags use_syslog and verbose. The type
321  * of the msg as given in msg_type is indicated in the output msg.
322  *
323  * valid message types are:
324  * o  MT_ERROR (standard error message)
325  * o  MT_ENOSTR (error message with system error string appended)
326  * o  MT_WARNING (warning message)
327  * o  MT_LOG (logging message)
328  *
329  * Log messages only go to syslog. Warning messages only go to stderr
330  * and only when the verbose flag is set. All other messages go by default
331  * to the console; to syslog if syslog flag set, and to both if both
332  * syslog and verbose are set.
333  *
334  */
335 /*PRINTFLIKE2*/
336 static void
337 ipqos_msg(enum msg_type msgt, char *format, ...)
338 {
339 	va_list ap;
340 	char str_buf[IPQOS_MSG_BUF_SZ];
341 	char fmt_buf[IPQOS_MSG_BUF_SZ];
342 	char *cp;
343 
344 	IPQOSCDBG0(L1, "In ipqos_msg:\n");
345 
346 	va_start(ap, format);
347 
348 	/*
349 	 * send msgs to syslog if use_syslog set (except warning msgs),
350 	 * or a log msg.
351 	 */
352 	if ((use_syslog && (msgt != MT_WARNING)) || msgt == MT_LOG) {
353 
354 		/* fill in format string */
355 		(void) vsnprintf(str_buf, IPQOS_MSG_BUF_SZ, format, ap);
356 
357 		/*
358 		 * print message to syslog with appropriate severity
359 		 */
360 		if (msgt == MT_ERROR) {
361 			syslog(LOG_ERR, str_buf);
362 		} else if (msgt == MT_LOG) {
363 			syslog(LOG_INFO, str_buf);
364 		/*
365 		 * for errno message type suffix with %m for syslog to
366 		 * interpret.
367 		 */
368 		} else if (msgt == MT_ENOSTR) {
369 			/*
370 			 * remove any newline in message parameter.
371 			 * syslog will reapply a newline for us later.
372 			 */
373 			if ((cp = strchr(str_buf, '\n')) != NULL)
374 				*cp = '\0';
375 			(void) strlcat(str_buf, ": %m", IPQOS_MSG_BUF_SZ);
376 			syslog(LOG_ERR, str_buf);
377 		}
378 	}
379 
380 	/*
381 	 * send msgs to stderr if use_syslog not set (except log msgs), or
382 	 * if verbose set.
383 	 */
384 	if ((!use_syslog && (msgt != MT_LOG)) || (verbose)) {
385 
386 		/*
387 		 * prefix message with appropriate severity string
388 		 */
389 		if (msgt == MT_ERROR) {
390 			(void) strlcpy(fmt_buf, gettext("Error: "),
391 			    IPQOS_MSG_BUF_SZ);
392 		} else if (msgt == MT_WARNING) {
393 			if (!verbose) { /* don't show warn msg if !verbose */
394 				va_end(ap);
395 				return;
396 			}
397 			(void) strlcpy(fmt_buf, gettext("Warning: "),
398 			    IPQOS_MSG_BUF_SZ);
399 		} else if (msgt == MT_ENOSTR) {
400 			(void) strlcpy(fmt_buf, gettext("Error: "),
401 			    IPQOS_MSG_BUF_SZ);
402 		} else if (msgt == MT_LOG) {
403 			(void) strlcpy(fmt_buf, gettext("Notice: "),
404 			    IPQOS_MSG_BUF_SZ);
405 		}
406 		(void) strlcat(fmt_buf, format, IPQOS_MSG_BUF_SZ);
407 
408 		/*
409 		 * for errno message type suffix message with errno string
410 		 */
411 		if (msgt == MT_ENOSTR) {
412 			/*
413 			 * get rid of any newline in passed message.
414 			 * we'll apply another later.
415 			 */
416 			if ((cp = strchr(fmt_buf, '\n')) != NULL)
417 				*cp = '\0';
418 			(void) strlcat(fmt_buf, ": ", IPQOS_MSG_BUF_SZ);
419 			(void) strlcat(fmt_buf, strerror(errno),
420 			    IPQOS_MSG_BUF_SZ);
421 		}
422 
423 		/*
424 		 * append a newline to message if not one already.
425 		 */
426 		if ((cp = strchr(fmt_buf, '\n')) == NULL)
427 			(void) strlcat(fmt_buf, "\n", IPQOS_MSG_BUF_SZ);
428 
429 		(void) vfprintf(stderr, fmt_buf, ap);
430 	}
431 
432 	va_end(ap);
433 }
434 
435 /* **************** kernel filter/class/params manipulation fns *********** */
436 
437 
438 /*
439  * modify the kernel parameters of the action action_nm using the nvlist
440  * parameter nvl and setting the stats according to stats_enable.
441  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
442  */
443 
444 static int
445 modify_params(
446 char *action_name,
447 nvlist_t **nvl,
448 int module_version,
449 boolean_t stats_enable)
450 {
451 
452 	int res;
453 	int created = 0;
454 
455 	IPQOSCDBG1(APPLY, "In modify_params: action: %s\n", action_name);
456 
457 	/* create nvlist if NULL */
458 	if (*nvl == NULL) {
459 		created++;
460 		res = nvlist_alloc(nvl, NV_UNIQUE_NAME, 0);
461 		if (res != 0) {
462 			ipqos_msg(MT_ENOSTR, "nvlist_alloc");
463 			return (IPQOS_CONF_ERR);
464 		}
465 	}
466 
467 	/* add params modify config type */
468 	res = nvlist_add_byte(*nvl, IPP_CONFIG_TYPE, IPP_SET);
469 	if (res != 0) {
470 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
471 		goto fail;
472 	}
473 
474 	/*
475 	 * add module version
476 	 */
477 	if (nvlist_add_uint32(*nvl, IPP_MODULE_VERSION,
478 	    (uint32_t)module_version) != 0) {
479 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
480 		goto fail;
481 	}
482 
483 	/* add stats_enable */
484 	res = nvlist_add_uint32(*nvl, IPP_ACTION_STATS_ENABLE,
485 	    (uint32_t)stats_enable);
486 	if (res != 0) {
487 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
488 		goto fail;
489 	}
490 
491 	/* add ipqosconf as originator */
492 	res = add_orig_ipqosconf(*nvl);
493 	if (res != IPQOS_CONF_SUCCESS) {
494 		goto fail;
495 	}
496 
497 	/* call lib to do modify */
498 	res = ipp_action_modify(action_name, nvl, 0);
499 	if (res != 0) {
500 
501 		/* invalid parameters */
502 
503 		if (errno == EINVAL) {
504 			ipqos_msg(MT_ERROR,
505 			    gettext("Invalid parameters for action %s.\n"),
506 			    action_name);
507 
508 
509 		} else if (errno == ENOENT) {
510 			ipqos_msg(MT_ERROR,
511 			    gettext("Mandatory parameter missing for "
512 			    "action %s.\n"), action_name);
513 
514 
515 		} else {	/* unexpected error */
516 			ipqos_msg(MT_ERROR, gettext("Failed to modify action "
517 			    "%s parameters: %s.\n"), action_name,
518 			    strerror(errno));
519 		}
520 
521 		goto fail;
522 	}
523 
524 	return (IPQOS_CONF_SUCCESS);
525 fail:
526 	if (created && *nvl != NULL) {
527 		nvlist_free(*nvl);
528 		*nvl = NULL;
529 	}
530 	return (IPQOS_CONF_ERR);
531 }
532 
533 /*
534  * add a class to the kernel action action_name called class_name with
535  * stats set according to stats_enable and the first action set to
536  * first_action.
537  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
538  */
539 static int
540 add_class(
541 char *action_name,
542 char *class_name,
543 int module_version,
544 boolean_t stats_enable,
545 char *first_action)
546 {
547 
548 	nvlist_t *nvl;
549 
550 	IPQOSCDBG4(APPLY, "add_class: action: %s, class: %s, "
551 	    "first_action: %s, stats: %s\n", action_name, class_name,
552 	    first_action, (stats_enable == B_TRUE ? "true" : "false"));
553 
554 
555 	/* create nvlist */
556 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
557 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
558 		return (IPQOS_CONF_ERR);
559 	}
560 
561 	/* add 'add class' config type */
562 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_ADD_CLASS) != 0) {
563 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
564 		goto fail;
565 	}
566 
567 	/*
568 	 * add module version
569 	 */
570 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
571 	    (uint32_t)module_version) != 0) {
572 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
573 		goto fail;
574 	}
575 
576 	/* add class name */
577 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, class_name) != 0) {
578 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
579 		goto fail;
580 	}
581 
582 	/* add next action */
583 	if (nvlist_add_string(nvl, CLASSIFIER_NEXT_ACTION, first_action) != 0) {
584 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
585 		goto fail;
586 	}
587 
588 	/* add stats_enable */
589 	if (nvlist_add_uint32(nvl, CLASSIFIER_CLASS_STATS_ENABLE,
590 	    (uint32_t)stats_enable) != 0) {
591 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
592 		goto fail;
593 	}
594 
595 	/* add ipqosconf as originator */
596 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
597 		goto fail;
598 	}
599 
600 	/* call lib to do modify */
601 	if (ipp_action_modify(action_name, &nvl, 0) != 0) {
602 
603 		/* ipgpc max classes */
604 
605 		if (errno == ENOSPC &&
606 		    strcmp(action_name, IPGPC_CLASSIFY) == 0) {
607 			ipqos_msg(MT_ERROR,
608 			    gettext("Max number of classes reached in %s.\n"),
609 			    IPGPC_NAME);
610 
611 		/* other errors */
612 
613 		} else {
614 			ipqos_msg(MT_ERROR,
615 			    gettext("Failed to create class %s in action "
616 			    "%s: %s.\n"), class_name, action_name,
617 			    strerror(errno));
618 		}
619 
620 		goto fail;
621 	}
622 
623 	return (IPQOS_CONF_SUCCESS);
624 fail:
625 	if (nvl != NULL)
626 		nvlist_free(nvl);
627 	return (IPQOS_CONF_ERR);
628 }
629 
630 
631 /*
632  * modify the class in the kernel action action_name called class_name with
633  * stats set according to stats_enable and the first action set to
634  * first_action.
635  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
636  */
637 static int
638 modify_class(
639 char *action_name,
640 char *class_name,
641 int module_version,
642 boolean_t stats_enable,
643 char *first_action,
644 enum ipp_flags flags)
645 {
646 
647 	nvlist_t *nvl;
648 
649 	IPQOSCDBG5(APPLY, "modify_class: action: %s, class: %s, first: %s, "
650 	    "stats: %s, flags: %x\n", action_name, class_name, first_action,
651 	    stats_enable == B_TRUE ? "true" : "false", flags);
652 
653 
654 	/* create nvlist */
655 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
656 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
657 		return (IPQOS_CONF_ERR);
658 	}
659 
660 	/* add 'modify class' config type */
661 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_MODIFY_CLASS) !=
662 	    0) {
663 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
664 		goto fail;
665 	}
666 
667 	/*
668 	 * add module version
669 	 */
670 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
671 	    (uint32_t)module_version) != 0) {
672 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
673 		goto fail;
674 	}
675 
676 	/* add class name */
677 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, class_name) != 0) {
678 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
679 		goto fail;
680 	}
681 
682 	/* add next action */
683 	if (nvlist_add_string(nvl, CLASSIFIER_NEXT_ACTION, first_action) != 0) {
684 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
685 		goto fail;
686 	}
687 
688 	/* add stats enable */
689 	if (nvlist_add_uint32(nvl, CLASSIFIER_CLASS_STATS_ENABLE,
690 	    (uint32_t)stats_enable) != 0) {
691 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
692 		goto fail;
693 	}
694 
695 	/* add originator ipqosconf */
696 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
697 		goto fail;
698 	}
699 
700 	/* call lib to do modify */
701 	if (ipp_action_modify(action_name, &nvl, flags) != 0) {
702 
703 		/* generic error message */
704 
705 		ipqos_msg(MT_ERROR,
706 		    gettext("Modifying class %s in action %s failed: %s.\n"),
707 		    class_name, action_name, strerror(errno));
708 
709 		goto fail;
710 	}
711 
712 	return (IPQOS_CONF_SUCCESS);
713 fail:
714 	if (nvl != NULL)
715 		nvlist_free(nvl);
716 	return (IPQOS_CONF_ERR);
717 }
718 
719 /*
720  * removes the class class_name from the kernel action action_name. The
721  * flags argument can currently be set to IPP_ACTION_DESTROY which will
722  * result in the action this class references being destroyed.
723  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
724  */
725 static int
726 remove_class(
727 char *action_name,
728 char *class_name,
729 int module_version,
730 enum ipp_flags flags)
731 {
732 
733 	nvlist_t *nvl;
734 
735 	IPQOSCDBG3(APPLY, "remove_class: action: %s, class: %s, "
736 	    "flags: %x\n", action_name, class_name, flags);
737 
738 	/* allocate nvlist */
739 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
740 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
741 		return (IPQOS_CONF_ERR);
742 	}
743 
744 	/* add 'remove class' config type */
745 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_REMOVE_CLASS) !=
746 	    0) {
747 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
748 		goto fail;
749 	}
750 
751 	/*
752 	 * add module version
753 	 */
754 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
755 	    (uint32_t)module_version) != 0) {
756 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
757 		goto fail;
758 	}
759 
760 	/* add class name */
761 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, class_name) != 0) {
762 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
763 		goto fail;
764 	}
765 
766 	if (ipp_action_modify(action_name, &nvl, flags) != 0) {
767 
768 		/* generic error message */
769 
770 		ipqos_msg(MT_ERROR,
771 		    gettext("Removing class %s in action %s failed: %s.\n"),
772 		    class_name, action_name, strerror(errno));
773 
774 		goto fail;
775 	}
776 
777 	return (IPQOS_CONF_SUCCESS);
778 fail:
779 	if (nvl != NULL)
780 		nvlist_free(nvl);
781 	return (IPQOS_CONF_ERR);
782 }
783 
784 /*
785  * add the filter flt to the kernel action named action_name.
786  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
787  */
788 static int
789 add_filter(
790 char *action_name,
791 ipqos_conf_filter_t *flt,
792 int module_version)
793 {
794 
795 	nvlist_t *nvl = flt->nvlist;
796 	char ipvsbuf[IPQOS_INT_STR_LEN];
797 
798 	IPQOSCDBG4(APPLY, "add_filter: action: %s, filter: %s, "
799 	    "instance: %d, class: %s\n", action_name, flt->name,
800 	    flt->instance, flt->class_name);
801 
802 
803 	/* add 'add filter' config type to filter nvlist */
804 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_ADD_FILTER) != 0) {
805 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
806 		return (IPQOS_CONF_ERR);
807 	}
808 
809 	/*
810 	 * add module version
811 	 */
812 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
813 	    (uint32_t)module_version) != 0) {
814 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
815 		return (IPQOS_CONF_ERR);
816 	}
817 
818 	/* add filter name to nvlist */
819 	if (nvlist_add_string(nvl, CLASSIFIER_FILTER_NAME, flt->name) != 0) {
820 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
821 		return (IPQOS_CONF_ERR);
822 	}
823 
824 	/* add class name to nvlist */
825 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, flt->class_name) !=
826 	    0) {
827 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
828 		return (IPQOS_CONF_ERR);
829 	}
830 
831 	/* add ipqosconf as originator to nvlist */
832 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
833 		return (IPQOS_CONF_ERR);
834 	}
835 
836 	/* add ipgpc specific nv entrys */
837 	if (strcmp(action_name, IPGPC_CLASSIFY) == 0) {
838 
839 		/* add src and dst nodes to nvlist if present */
840 
841 		if (flt->src_nd_name != NULL &&
842 		    nvlist_add_string(nvl, IPGPC_SADDR_HOSTNAME,
843 		    flt->src_nd_name) != 0) {
844 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
845 			return (IPQOS_CONF_ERR);
846 		}
847 		if (flt->dst_nd_name != NULL &&
848 		    nvlist_add_string(nvl, IPGPC_DADDR_HOSTNAME,
849 		    flt->dst_nd_name) != 0) {
850 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
851 			return (IPQOS_CONF_ERR);
852 		}
853 
854 		/*
855 		 * add ip_version to private list element if present.
856 		 * NOTE: this value is of only real use to ipqosconf so
857 		 * it is placed in this opaque private field.
858 		 */
859 		if (flt->ip_versions != 0) {
860 			(void) sprintf(ipvsbuf, "%d", flt->ip_versions);
861 			if (nvlist_add_string(nvl, IPGPC_FILTER_PRIVATE,
862 			    ipvsbuf) != 0) {
863 				ipqos_msg(MT_ENOSTR, "nvlist_add_string");
864 				return (IPQOS_CONF_ERR);
865 			}
866 		}
867 
868 		/* add filter instance if present */
869 
870 		if (nvlist_add_int32(nvl, IPGPC_FILTER_INSTANCE,
871 		    flt->instance) != 0) {
872 			ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
873 			return (IPQOS_CONF_ERR);
874 		}
875 	}
876 
877 	if (ipp_action_modify(action_name, &flt->nvlist, 0) != 0) {
878 
879 		/* invalid parameters */
880 
881 		if (errno == EINVAL) {
882 			ipqos_msg(MT_ERROR,
883 			    gettext("Invalid/missing parameters for filter "
884 			    "%s in action %s.\n"), flt->name, action_name);
885 
886 		/* max ipgpc filters/classes */
887 
888 		} else if (errno == ENOSPC &&
889 		    strcmp(action_name, IPGPC_CLASSIFY) == 0) {
890 			ipqos_msg(MT_ERROR, gettext("Max number of filters "
891 			    "reached in action %s.\n"), IPGPC_NAME);
892 
893 		/* anything other errnos */
894 		} else {
895 			ipqos_msg(MT_ERROR,
896 			    gettext("Failed to create filter %s in action "
897 			    "%s: %s.\n"), flt->name, action_name,
898 			    strerror(errno));
899 		}
900 
901 		return (IPQOS_CONF_ERR);
902 	}
903 
904 	return (IPQOS_CONF_SUCCESS);
905 }
906 
907 
908 /*
909  * modify the filter flt in the kernel action named action_name.
910  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
911  */
912 static int
913 modify_filter(
914 char *action_name,
915 ipqos_conf_filter_t *flt,
916 int module_version)
917 {
918 
919 	nvlist_t *nvl = flt->nvlist;
920 	char ipvsbuf[IPQOS_INT_STR_LEN];
921 
922 	IPQOSCDBG4(APPLY, "modify_filter: action: %s, filter: %s, "
923 	    "instance: %d, class: %s\n", action_name, flt->name,
924 	    flt->instance, flt->class_name);
925 
926 /* show src address and dst address if present */
927 #ifdef	_IPQOS_CONF_DEBUG
928 	if (ipqosconf_dbg_flgs & APPLY) {
929 		uint_t tmp;
930 		in6_addr_t *add;
931 		char st[100];
932 
933 		if (nvlist_lookup_uint32_array(nvl, IPGPC_SADDR,
934 		    (uint32_t **)&add, &tmp) == 0) {
935 			(void) fprintf(stderr, "saddr: %s\n",
936 			    inet_ntop(AF_INET6, add, st, 100));
937 		}
938 
939 		if (nvlist_lookup_uint32_array(nvl, IPGPC_DADDR,
940 		    (uint32_t **)&add, &tmp) == 0) {
941 			(void) fprintf(stderr, "daddr: %s\n",
942 			    inet_ntop(AF_INET6, add, st, 100));
943 		}
944 	}
945 #endif	/* _IPQOS_CONF_DEBUG */
946 
947 	/* add 'modify filter' config type to filters nvlist */
948 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE,
949 	    CLASSIFIER_MODIFY_FILTER) != 0) {
950 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
951 		return (IPQOS_CONF_ERR);
952 	}
953 
954 	/*
955 	 * add module version
956 	 */
957 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
958 	    (uint32_t)module_version) != 0) {
959 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
960 		return (IPQOS_CONF_ERR);
961 	}
962 
963 	/* add filter name to nvlist */
964 	if (nvlist_add_string(nvl, CLASSIFIER_FILTER_NAME, flt->name) != 0) {
965 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
966 		return (IPQOS_CONF_ERR);
967 	}
968 
969 	/* add class name to nvlist */
970 	if (nvlist_add_string(nvl, CLASSIFIER_CLASS_NAME, flt->class_name) !=
971 	    0) {
972 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
973 		return (IPQOS_CONF_ERR);
974 	}
975 
976 	/* add originator ipqosconf to nvlist */
977 	if (add_orig_ipqosconf(nvl) != IPQOS_CONF_SUCCESS) {
978 		return (IPQOS_CONF_ERR);
979 	}
980 
981 	/* add ipgpc specific nvpairs */
982 	if (strcmp(action_name, IPGPC_CLASSIFY) == 0) {
983 
984 		/* add src and dst nodes to nvlist if present */
985 
986 		if (flt->src_nd_name &&
987 		    nvlist_add_string(nvl, IPGPC_SADDR_HOSTNAME,
988 		    flt->src_nd_name) != 0) {
989 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
990 			return (IPQOS_CONF_ERR);
991 		}
992 		if (flt->dst_nd_name &&
993 		    nvlist_add_string(nvl, IPGPC_DADDR_HOSTNAME,
994 		    flt->dst_nd_name) != 0) {
995 			ipqos_msg(MT_ENOSTR, "nvlist_add_string");
996 			return (IPQOS_CONF_ERR);
997 		}
998 
999 		/*
1000 		 * add ip_version to private list element if present.
1001 		 * NOTE: this value is of only real use to ipqosconf so
1002 		 * it is placed in this opaque private field.
1003 		 */
1004 		if (flt->ip_versions != 0) {
1005 			(void) sprintf(ipvsbuf, "%d", flt->ip_versions);
1006 			if (nvlist_add_string(nvl, IPGPC_FILTER_PRIVATE,
1007 			    ipvsbuf) != 0) {
1008 				ipqos_msg(MT_ENOSTR, "nvlist_add_string");
1009 				return (IPQOS_CONF_ERR);
1010 			}
1011 		}
1012 
1013 		/* add filter instance if present */
1014 
1015 		if (nvlist_add_int32(nvl, IPGPC_FILTER_INSTANCE,
1016 		    flt->instance) != 0) {
1017 			ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
1018 			return (IPQOS_CONF_ERR);
1019 		}
1020 	}
1021 
1022 	if (ipp_action_modify(action_name, &flt->nvlist, 0) != 0) {
1023 
1024 		/* invalid parameters */
1025 
1026 		if (errno == EINVAL) {
1027 			ipqos_msg(MT_ERROR, gettext("Missing/Invalid "
1028 			    "parameter for filter %s in action %s.\n"),
1029 			    flt->name, action_name);
1030 
1031 		/* any other errnos */
1032 
1033 		} else {
1034 			ipqos_msg(MT_ERROR,
1035 			    gettext("Failed to modify filter %s in action %s: "
1036 			    "%s.\n"), flt->name, action_name, strerror(errno));
1037 		}
1038 
1039 		return (IPQOS_CONF_ERR);
1040 	}
1041 
1042 	return (IPQOS_CONF_SUCCESS);
1043 }
1044 
1045 /*
1046  * remove the filter named filter_name instance number instance from the
1047  * kernel action action_name.
1048  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
1049  */
1050 static int
1051 remove_filter(
1052 char *action_name,
1053 char *filter_name,
1054 int instance,
1055 int module_version)
1056 {
1057 
1058 	nvlist_t *nvl;
1059 
1060 	IPQOSCDBG2(APPLY, "remove_filter: action: %s, filter: %s\n",
1061 	    action_name, filter_name);
1062 
1063 	/* create nvlist */
1064 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
1065 		ipqos_msg(MT_ENOSTR, "nvlist_alloc");
1066 		return (IPQOS_CONF_ERR);
1067 	}
1068 
1069 	/* add 'remove filter' config type to list */
1070 	if (nvlist_add_byte(nvl, IPP_CONFIG_TYPE, CLASSIFIER_REMOVE_FILTER)
1071 	!= 0) {
1072 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
1073 		return (IPQOS_CONF_ERR);
1074 	}
1075 
1076 	/*
1077 	 * add module version
1078 	 */
1079 	if (nvlist_add_uint32(nvl, IPP_MODULE_VERSION,
1080 	    (uint32_t)module_version) != 0) {
1081 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
1082 		return (IPQOS_CONF_ERR);
1083 	}
1084 
1085 	/* add filter name to list */
1086 	if (nvlist_add_string(nvl, CLASSIFIER_FILTER_NAME, filter_name) != 0) {
1087 		ipqos_msg(MT_ENOSTR, "nvlist_add_string");
1088 		return (IPQOS_CONF_ERR);
1089 	}
1090 
1091 	/* add instance number if part of multi-instance filter */
1092 	if (instance != -1 && nvlist_add_int32(nvl, IPGPC_FILTER_INSTANCE,
1093 	    instance) != 0) {
1094 		ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
1095 		return (IPQOS_CONF_ERR);
1096 	}
1097 
1098 	/* call into lib to remove */
1099 	if (ipp_action_modify(action_name, &nvl, 0) != 0) {
1100 
1101 		/* generic error message */
1102 
1103 		ipqos_msg(MT_ERROR,
1104 		    gettext("Removing filter %s in action %s failed: %s.\n"),
1105 		    filter_name, action_name, strerror(errno));
1106 
1107 		return (IPQOS_CONF_ERR);
1108 	}
1109 
1110 	return (IPQOS_CONF_SUCCESS);
1111 }
1112 
1113 /* ******************************************************************* */
1114 
1115 
1116 /*
1117  * add originator nvpair set to ipqosconf to nvl.
1118  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
1119  */
1120 static int
1121 add_orig_ipqosconf(nvlist_t *nvl)
1122 {
1123 
1124 	if (nvlist_add_uint32(nvl, IPP_CONFIG_ORIGINATOR,
1125 	    IPP_CONFIG_IPQOSCONF) != 0) {
1126 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32: originator:");
1127 		return (IPQOS_CONF_ERR);
1128 	}
1129 
1130 	return (IPQOS_CONF_SUCCESS);
1131 }
1132 
1133 /* ************************* differencing functions ************************ */
1134 
1135 
1136 /*
1137  * compares the contents of arrays array1 and array2, both of size size, and
1138  * returns B_TRUE or B_FALSE if they're equal or not respectively.
1139  * RETURNS: B_TRUE if equal, else B_FALSE.
1140  */
1141 static boolean_t
1142 arrays_equal(
1143 int array1[],
1144 int array2[],
1145 uint32_t size)
1146 {
1147 	int x;
1148 
1149 	for (x = 0; x < size; x++) {
1150 		if (array1[x] != array2[x])
1151 			return (B_FALSE);
1152 	}
1153 	return (B_TRUE);
1154 }
1155 
1156 /*
1157  * difference class old against class new. It marks the new class as
1158  * modified if it is different.
1159  * RETURNS: IPQOS_CONF_SUCCESS.
1160  */
1161 static int
1162 diffclass(
1163 ipqos_conf_class_t *old,
1164 ipqos_conf_class_t *new)
1165 {
1166 
1167 	IPQOSCDBG0(L0, "In diffclass:\n");
1168 
1169 	/* two different spec'd actions */
1170 	if (strcmp(old->alist->name, new->alist->name) != 0) {
1171 		IPQOSCDBG1(DIFF, "marking class %s as modified\n", new->name);
1172 
1173 		new->modified = B_TRUE;
1174 		return (IPQOS_CONF_SUCCESS);
1175 	}
1176 
1177 	/* different stats values */
1178 	if (old->stats_enable != new->stats_enable) {
1179 		IPQOSCDBG1(DIFF, "marking class %s as modified\n", new->name);
1180 
1181 		new->modified = B_TRUE;
1182 		return (IPQOS_CONF_SUCCESS);
1183 	}
1184 
1185 	return (IPQOS_CONF_SUCCESS);
1186 }
1187 
1188 /*
1189  * difference params set old against params set new of module module_name. It
1190  * marks the new params as modified if different.
1191  * RETURNS: if error IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
1192  */
1193 static int
1194 diffparams(
1195 ipqos_conf_params_t *old,
1196 ipqos_conf_params_t *new,
1197 char *module_name)
1198 {
1199 
1200 	int diff;
1201 	int res;
1202 
1203 	IPQOSCDBG0(L0, "In diffparams\n");
1204 
1205 	/* diff stats */
1206 	if (old->stats_enable != new->stats_enable) {
1207 
1208 		new->modified = B_TRUE;
1209 		return (IPQOS_CONF_SUCCESS);
1210 	}
1211 
1212 	/* diff module specific params */
1213 	res = diffnvlists(old->nvlist, new->nvlist, module_name, &diff,
1214 	    PL_PARAMS);
1215 	if (res != IPQOS_CONF_SUCCESS) {
1216 		return (res);
1217 	}
1218 	if (diff) {
1219 
1220 		new->modified = B_TRUE;
1221 	}
1222 
1223 	return (IPQOS_CONF_SUCCESS);
1224 }
1225 
1226 /*
1227  * differences filter old against filter new of module module_name. It marks
1228  * filter new as different if so.
1229  * RETURNS: if error IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
1230  */
1231 static int
1232 difffilter(
1233 ipqos_conf_filter_t *old,
1234 ipqos_conf_filter_t *new,
1235 char *module_name)
1236 {
1237 
1238 	int res;
1239 	int diff;
1240 
1241 	IPQOSCDBG0(L0, "In difffilter\n");
1242 
1243 	/* compare class name */
1244 
1245 	if (strcmp(old->class_name, new->class_name) != 0) {
1246 		IPQOSCDBG1(DIFF, "Marking filter %s as modified\n", new->name);
1247 
1248 		new->modified = B_TRUE;
1249 		return (IPQOS_CONF_SUCCESS);
1250 	}
1251 
1252 	/* compare module specific params */
1253 
1254 	res = diffnvlists(old->nvlist, new->nvlist, module_name, &diff,
1255 	    PL_FILTER);
1256 	if (res != IPQOS_CONF_SUCCESS) {
1257 		return (res);
1258 	}
1259 
1260 	if (diff) {
1261 		IPQOSCDBG1(DIFF, "Marking filter %s as modified\n", new->name);
1262 		new->modified = B_TRUE;
1263 	}
1264 
1265 	return (IPQOS_CONF_SUCCESS);
1266 }
1267 
1268 
1269 /*
1270  * mark all the filters and classes in parameter action either
1271  * for deletion (if they are ipqosconf originated) or for modification.
1272  */
1273 static void
1274 mark_classes_filters_del(ipqos_conf_action_t *action)
1275 {
1276 
1277 	ipqos_conf_filter_t *flt;
1278 	ipqos_conf_class_t *cls;
1279 
1280 	IPQOSCDBG1(L1, "In mark_classes_filters_del: action: %s\n",
1281 	    action->name);
1282 
1283 	/* mark all non-permanent filters for del and permanent to modify */
1284 	for (flt = action->filters; flt; flt = flt->next) {
1285 		if (flt->originator == IPP_CONFIG_PERMANENT) {
1286 			IPQOSCDBG1(DIFF, "Marking prm filter %s as modified.\n",
1287 			    flt->name);
1288 
1289 			flt->modified = B_TRUE;
1290 		} else {
1291 			IPQOSCDBG1(DIFF, "Marking filter %s as del.\n",
1292 			    flt->name);
1293 
1294 			flt->todel = B_TRUE;
1295 		}
1296 	}
1297 
1298 	/* mark all non-permanent classes for del and permanent to modify */
1299 	for (cls = action->classes; cls; cls = cls->next) {
1300 		if (cls->originator == IPP_CONFIG_PERMANENT) {
1301 			IPQOSCDBG1(DIFF, "Marking prm class %s as modified.\n",
1302 			    cls->name);
1303 
1304 			cls->modified = B_TRUE;
1305 		} else {
1306 			IPQOSCDBG1(DIFF, "Marking class %s as del.\n",
1307 			    cls->name);
1308 
1309 			cls->todel = B_TRUE;
1310 		}
1311 	}
1312 }
1313 
1314 /*
1315  * mark all classes and filters either new (non-permanent) or modified.
1316  */
1317 static void
1318 mark_classes_filters_new(ipqos_conf_action_t *action)
1319 {
1320 
1321 	ipqos_conf_filter_t *flt;
1322 	ipqos_conf_class_t *cls;
1323 
1324 	IPQOSCDBG1(L1, "In mark_classes_filters_new: action: %s\n",
1325 	    action->name);
1326 
1327 	/* mark all permanent filters as modified and all others new */
1328 
1329 	for (flt = action->filters; flt; flt = flt->next) {
1330 		if (flt->originator == IPP_CONFIG_PERMANENT) {
1331 			IPQOSCDBG1(DIFF, "Marking prm filter %s as modified.\n",
1332 			    flt->name);
1333 
1334 			flt->modified = B_TRUE;
1335 			action->modified = B_TRUE;
1336 		} else {
1337 			IPQOSCDBG1(DIFF, "Marking filter %s as new.\n",
1338 			    flt->name);
1339 
1340 			flt->new = B_TRUE;
1341 		}
1342 	}
1343 
1344 	/* mark all permanent classes as modified and all others new */
1345 	for (cls = action->classes; cls; cls = cls->next) {
1346 		if (cls->originator == IPP_CONFIG_PERMANENT) {
1347 			IPQOSCDBG1(DIFF, "Marking prm class %s as modified.\n",
1348 			    cls->name);
1349 
1350 			cls->modified = B_TRUE;
1351 			action->modified = B_TRUE;
1352 		} else {
1353 			IPQOSCDBG1(DIFF, "Marking class %s as new.\n",
1354 			    cls->name);
1355 
1356 			cls->new = B_TRUE;
1357 		}
1358 	}
1359 }
1360 
1361 /*
1362  * Marks all the actions and their constituent elements in conf
1363  * as new.
1364  */
1365 static void
1366 mark_config_new(
1367 ipqos_conf_action_t *conf)
1368 {
1369 	while (conf != NULL) {
1370 		IPQOSCDBG1(DIFF, "Marking action %s as new\n", conf->name);
1371 		mark_classes_filters_new(conf);
1372 		conf->new = B_TRUE;
1373 		conf->visited = 0;
1374 		conf = conf->next;
1375 	}
1376 }
1377 
1378 /*
1379  * differences the configuration  in new against old marking the actions
1380  * and their contents appropriately.
1381  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
1382  */
1383 static int
1384 diffconf(
1385 ipqos_conf_action_t *old,
1386 ipqos_conf_action_t *new)
1387 {
1388 
1389 	int res;
1390 	ipqos_conf_action_t *act;
1391 	ipqos_conf_action_t *tmp;
1392 
1393 	IPQOSCDBG0((L0 | DIFF), "In diffconf\n");
1394 
1395 	/* check the new actions against the old */
1396 
1397 	for (act = new; act; act = act->next) {
1398 
1399 		/* if action not in old mark it and it's contents as new */
1400 
1401 		if ((tmp = actionexist(act->name, old)) == NULL) {
1402 			IPQOSCDBG1(DIFF, "marking act %s as new\n", act->name);
1403 
1404 			act->new = B_TRUE;
1405 			mark_classes_filters_new(act);
1406 			continue;
1407 		}
1408 
1409 		/* if action in old diff old against new */
1410 
1411 		res = diffaction(tmp, act);
1412 		if (res != IPQOS_CONF_SUCCESS) {
1413 			return (res);
1414 		}
1415 	}
1416 
1417 	/*
1418 	 * mark actions, and their contents, in old but not new that were
1419 	 * created by us for del.
1420 	 */
1421 
1422 	for (act = old; act; act = act->next) {
1423 		if (act->params->originator == IPP_CONFIG_IPQOSCONF &&
1424 		    actionexist(act->name, new) == NULL) {
1425 			IPQOSCDBG1(DIFF, "marking act %s for del\n", act->name);
1426 
1427 			act->todel = B_TRUE;
1428 			mark_classes_filters_del(act);
1429 		}
1430 	}
1431 
1432 	return (IPQOS_CONF_SUCCESS);
1433 }
1434 
1435 /*
1436  * differences action old against action new, comparing its classes, filters
1437  * and parameters. If it is different the new action is marked as modified
1438  * and it's different sub-objects are also marked approriately.
1439  * RETURNS: IPQOS_CONF_ERR if error, else IPQOS_CONF_SUCCESS.
1440  */
1441 static int
1442 diffaction(
1443 ipqos_conf_action_t *old,
1444 ipqos_conf_action_t *new)
1445 {
1446 
1447 	int res;
1448 
1449 	IPQOSCDBG0(L0, "In diffaction\n");
1450 
1451 	/* compare and mark classes */
1452 	res = diffclasses(old, new);
1453 	if (res != IPQOS_CONF_SUCCESS) {
1454 		return (res);
1455 	}
1456 
1457 	/* compare and mark filters */
1458 	res = difffilters(old, new);
1459 	if (res != IPQOS_CONF_SUCCESS) {
1460 		return (res);
1461 	}
1462 
1463 	/* compare and mark parameters */
1464 	res = diffparams(old->params, new->params, old->module);
1465 	if (res != IPQOS_CONF_SUCCESS) {
1466 		return (res);
1467 	}
1468 
1469 	/* mark action as modified if params are */
1470 	if (new->params->modified == B_TRUE) {
1471 		IPQOSCDBG1(DIFF, "Marking params for action %s modified\n",
1472 		    new->name);
1473 
1474 		new->modified = B_TRUE;
1475 	}
1476 
1477 	return (IPQOS_CONF_SUCCESS);
1478 }
1479 
1480 /*
1481  * differences the set of classes in new against those in old, marking any
1482  * that are new/modified, approriately in the new class, and any removed
1483  * in the old class appropriately. Also marks the action which has had an
1484  * object within marked, as modified.
1485  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
1486  */
1487 
1488 static int
1489 diffclasses(
1490 ipqos_conf_action_t *old,
1491 ipqos_conf_action_t *new)
1492 {
1493 
1494 
1495 	ipqos_conf_class_t *cls;
1496 	ipqos_conf_class_t *tmpc;
1497 	ipqos_conf_class_t *ncls;
1498 	int res;
1499 
1500 
1501 	/* loop through old classes checking for classes not present in new */
1502 
1503 	for (cls = old->classes; cls; cls = cls->next) {
1504 
1505 		if (classexist(cls->name, new->classes) == NULL) {
1506 
1507 			/* if we created original class mark for deletion */
1508 
1509 			if (cls->originator == IPP_CONFIG_IPQOSCONF) {
1510 				IPQOSCDBG1(DIFF, "marking class %s for del\n",
1511 				    cls->name);
1512 
1513 				cls->todel = B_TRUE;
1514 
1515 				/* mark old action */
1516 				old->modified = B_TRUE;
1517 
1518 			/*
1519 			 * if permanent class and next action created by us
1520 			 * copy it, set it's next action to continue and
1521 			 * add it to new action. This will cause the class
1522 			 * to be marked as and modified. This returns the class
1523 			 * to an assumed default state and prevents the
1524 			 * case where the class is pointing at an action
1525 			 * we want to remove and therefore couldn't without
1526 			 * this forced modify.
1527 			 */
1528 			} else if (cls->originator == IPP_CONFIG_PERMANENT &&
1529 			    cls->alist->action &&	/* not virtual action */
1530 			    cls->alist->action->params->originator ==
1531 			    IPP_CONFIG_IPQOSCONF) {
1532 
1533 				/* copy class */
1534 
1535 				res = dup_class(cls, &ncls);
1536 				if (res != IPQOS_CONF_SUCCESS) {
1537 					return (IPQOS_CONF_ERR);
1538 				}
1539 
1540 				/* set next action to continue */
1541 
1542 				(void) strcpy(ncls->alist->name,
1543 				    IPP_ANAME_CONT);
1544 
1545 				/* add to news classes to be diffed below */
1546 				ADD_TO_LIST(&new->classes, ncls);
1547 			}
1548 		}
1549 	}
1550 
1551 	/* loop through new classes checking for new / modified classes */
1552 
1553 	for (cls = new->classes; cls; cls = cls->next) {
1554 
1555 		/* new ipqosconf class */
1556 
1557 		if ((tmpc = classexist(cls->name, old->classes)) == NULL ||
1558 		    (tmpc->originator != IPP_CONFIG_IPQOSCONF &&
1559 		    tmpc->originator != IPP_CONFIG_PERMANENT)) {
1560 			IPQOSCDBG1(DIFF, "marking class %s new\n",
1561 			    cls->name);
1562 
1563 			cls->new = B_TRUE;
1564 
1565 			new->modified = B_TRUE;	/* mark new action */
1566 			continue;
1567 
1568 		/* existing ipqosconf/perm class */
1569 		} else {
1570 			res = diffclass(tmpc, cls);
1571 			if (res != IPQOS_CONF_SUCCESS) {
1572 				return (res);
1573 			}
1574 
1575 			if (cls->modified == B_TRUE) {
1576 				new->modified = B_TRUE;
1577 			}
1578 		}
1579 	}
1580 
1581 	return (IPQOS_CONF_SUCCESS);
1582 }
1583 
1584 /*
1585  * differences the set of filters in new against those in old, marking any
1586  * that are new/modified, approriately in the new filter/s, and any removed
1587  * in the old filter appropriately. Also marks the action which has had an
1588  * object within marked, as modified.
1589  * RETURNS: IPQOS_CONF_SUCCESS (we return an int for symmetry with diffclasses
1590  * and difffparams).
1591  */
1592 static int
1593 difffilters(
1594 ipqos_conf_action_t *old,
1595 ipqos_conf_action_t *new)
1596 {
1597 
1598 	ipqos_conf_filter_t *flt;
1599 	ipqos_conf_filter_t *tmpf;
1600 	int maxi;
1601 	int newi;
1602 	int res;
1603 
1604 	/* check for new/modified filters */
1605 
1606 	for (flt = new->filters; flt; flt = flt->next) {
1607 
1608 		/* new ipqosconf filter */
1609 
1610 		if ((tmpf = filterexist(flt->name, -1, old->filters)) == NULL) {
1611 
1612 			/* mark all instances of this filter as new */
1613 			for (;;) {
1614 				IPQOSCDBG1(DIFF, "Marking filter %s as "
1615 				    "new\n", flt->name);
1616 
1617 				flt->new = B_TRUE;
1618 
1619 
1620 				if (flt->next == NULL ||
1621 				    strcmp(flt->next->name, flt->name) != 0) {
1622 					break;
1623 				}
1624 				flt = flt->next;
1625 			}
1626 			new->modified = B_TRUE;	/* mark new action */
1627 
1628 		/* ipqosconf/permanent filter existed */
1629 		} else {
1630 			/*
1631 			 * if ip node name force filter refresh - ie. mark
1632 			 * all old filter instances as todel and all new new.
1633 			 */
1634 			if (tmpf->src_nd_name || tmpf->dst_nd_name ||
1635 			    flt->src_nd_name || flt->dst_nd_name) {
1636 
1637 				/* init max previous filter instance */
1638 				maxi = tmpf->instance;
1639 
1640 				/* mark old instances for deletion */
1641 				do {
1642 					IPQOSCDBG2(DIFF, "Marking filter "
1643 					    "%s, instance %d for del\n",
1644 					    tmpf->name, tmpf->instance);
1645 
1646 					tmpf->todel = B_TRUE;
1647 
1648 					/*
1649 					 * check and update previous instance
1650 					 * max.
1651 					 */
1652 					if (tmpf->instance > maxi) {
1653 						maxi = tmpf->instance;
1654 					}
1655 
1656 					tmpf = tmpf->next;
1657 				} while (tmpf != NULL &&
1658 					strcmp(tmpf->name, flt->name) == 0);
1659 
1660 				/*
1661 				 * use the max previous instance + 1 for
1662 				 * the start of the new instance numbers.
1663 				 */
1664 				newi = (uint32_t)++maxi % INT_MAX;
1665 
1666 				/*
1667 				 * mark new instances for addition and
1668 				 * give new instance number.
1669 				 */
1670 				for (;;) {
1671 					IPQOSCDBG2(DIFF, "Marking filter "
1672 					    "%s, instance %d as new\n",
1673 					    flt->name, newi);
1674 
1675 					flt->new = B_TRUE;
1676 					flt->instance = newi++;
1677 					if (flt->next == NULL ||
1678 					    strcmp(flt->next->name,
1679 					    flt->name) != 0) {
1680 						break;
1681 					}
1682 					flt = flt->next;
1683 				}
1684 				new->modified = B_TRUE; /* mark new action */
1685 
1686 				/* mark old action */
1687 				old->modified = B_TRUE;
1688 
1689 			/* non-node name filter */
1690 			} else {
1691 				/* compare and mark as modified if diff */
1692 
1693 				res = difffilter(tmpf, flt, new->module);
1694 				if (res != IPQOS_CONF_SUCCESS) {
1695 					return (res);
1696 				}
1697 				if (flt->modified == B_TRUE) {
1698 					/* mark action if diff */
1699 					new->modified = B_TRUE;
1700 				}
1701 			}
1702 		}
1703 	}
1704 
1705 	/*
1706 	 * Check for deleted ipqosconf created filters and mark
1707 	 * any found for deletion.
1708 	 * For non-ipqosconf generated filters, including permanent
1709 	 * ones (none of these exist at the moment) we just leave
1710 	 * the filter unmarked.
1711 	 */
1712 	for (flt = old->filters; flt; flt = flt->next) {
1713 
1714 		if (flt->originator == IPP_CONFIG_IPQOSCONF &&
1715 		    filterexist(flt->name, -1, new->filters) == NULL) {
1716 
1717 			/* mark all old instances for deletions */
1718 			for (;;) {
1719 				IPQOSCDBG2(DIFF, "marking flt %s, inst %d "
1720 				    "for del\n", flt->name, flt->instance);
1721 
1722 				flt->todel = B_TRUE;
1723 				old->modified = B_TRUE; /* mark old action */
1724 
1725 				if (flt->next == NULL ||
1726 				    strcmp(flt->next->name, flt->name) != 0) {
1727 					break;
1728 				}
1729 				flt = flt->next;
1730 			}
1731 		}
1732 	}
1733 
1734 	return (IPQOS_CONF_SUCCESS);
1735 }
1736 
1737 
1738 /*
1739  * differences the elements of nvlists old and new using the types file
1740  * for module name to interpret the element types. It sets pdiff to either
1741  * 0 or 1 if they are the same or different respectively.
1742  * RETURNS: IPQOS_CONF_ERR if any errors, else IPQOS_CONF_SUCCESS.
1743  */
1744 static int
1745 diffnvlists(
1746 nvlist_t *old,
1747 nvlist_t *new,
1748 char *module_name,
1749 int *pdiff,
1750 place_t place)
1751 {
1752 
1753 	int first_pass = 1;
1754 	nvlist_t *tmp;
1755 	int res;
1756 	nvpair_t *nvp;
1757 	FILE *tfp;
1758 	str_val_nd_t *enum_nvs;
1759 	char dfltst[IPQOS_VALST_MAXLEN+1] = "";
1760 	char *lo;
1761 	ipqos_nvtype_t type;
1762 	char *nme;
1763 	int diff;
1764 	int openerr;
1765 
1766 
1767 	IPQOSCDBG0(L0, "In diffnvlists\n");
1768 
1769 	/* open stream to types file */
1770 
1771 	tfp = validmod(module_name, &openerr);
1772 	if (tfp == NULL) {
1773 		if (openerr) {
1774 			ipqos_msg(MT_ENOSTR, "fopen");
1775 		}
1776 		return (IPQOS_CONF_ERR);
1777 	}
1778 start:
1779 	/*
1780 	 * loop through each of the elements of the new list comparing
1781 	 * it with the old one if present. If the old one isn't present
1782 	 * then it is compared with the default value for that type (if
1783 	 * set). Any time the values are determined to be different
1784 	 * or the default value is to be used but isn't present the diff
1785 	 * param is set to 1 and we return.
1786 	 *
1787 	 * If the loop runs its course then the new and old nvlists are
1788 	 * reversed and the loop is entered for a second time.
1789 	 */
1790 	nvp = nvlist_next_nvpair(new, NULL);
1791 	while (nvp != NULL) {
1792 
1793 		/* get name */
1794 		nme = nvpair_name(nvp);
1795 
1796 		/*
1797 		 * get type.
1798 		 */
1799 		place = PL_ANY;
1800 		res = readtype(tfp, module_name, SHORT_NAME(nme), &type,
1801 		    &enum_nvs, dfltst, B_TRUE, &place);
1802 		if (res != IPQOS_CONF_SUCCESS) {
1803 			return (res);
1804 		}
1805 
1806 		/* init diff to 1 */
1807 		diff = 1;
1808 
1809 		switch (type) {
1810 
1811 		/* interface name */
1812 		case IPQOS_DATA_TYPE_IFINDEX: {
1813 			uint32_t ifidx;
1814 			uint32_t oifidx;
1815 
1816 			/* get new value */
1817 			(void) nvpair_value_uint32(nvp, &ifidx);
1818 
1819 			/* compare against old if present */
1820 
1821 			res = nvlist_lookup_uint32(old, nme, &oifidx);
1822 			if (res == 0) {
1823 				/* diff values */
1824 				diff = (ifidx != oifidx);
1825 
1826 			/* not in old so see if new value is default */
1827 
1828 			} else {
1829 				diff = (ifidx != 0);
1830 			}
1831 			break;
1832 		}
1833 		/* protocol */
1834 		case IPQOS_DATA_TYPE_PROTO: {
1835 			uchar_t proto;
1836 			uchar_t oproto;
1837 
1838 			(void) nvpair_value_byte(nvp, &proto);
1839 
1840 			res = nvlist_lookup_byte(old, nme, &oproto);
1841 			if (res == 0) {
1842 				diff = (proto != oproto);
1843 			} else {
1844 				diff = (proto != 0);
1845 			}
1846 			break;
1847 		}
1848 		/* port */
1849 		case IPQOS_DATA_TYPE_PORT: {
1850 			uint16_t port;
1851 			uint16_t oport;
1852 
1853 			(void) nvpair_value_uint16(nvp, &port);
1854 			res = nvlist_lookup_uint16(old, nme, &oport);
1855 			if (res == 0) {
1856 				diff = (port != oport);
1857 			} else {
1858 				diff = (port != 0);
1859 			}
1860 			break;
1861 		}
1862 		/* action name / string */
1863 		case IPQOS_DATA_TYPE_ACTION:
1864 		case IPQOS_DATA_TYPE_STRING: {
1865 			char *str;
1866 			char *ostr;
1867 
1868 			(void) nvpair_value_string(nvp, &str);
1869 			res = nvlist_lookup_string(old, nme, &ostr);
1870 			if (res == 0) {
1871 				diff = strcmp(str, ostr);
1872 			} else if (*dfltst) {
1873 				diff = strcmp(str, dfltst);
1874 			}
1875 			break;
1876 		}
1877 		/* address mask / address */
1878 		case IPQOS_DATA_TYPE_ADDRESS_MASK:
1879 		case IPQOS_DATA_TYPE_ADDRESS: {
1880 			in6_addr_t *in6;
1881 			in6_addr_t *oin6;
1882 			uint_t x;
1883 
1884 			/*
1885 			 * all addresses are stored as v6 addresses, so
1886 			 * a uint32_t[4] array is used.
1887 			 */
1888 
1889 			/* lookup new value */
1890 
1891 			(void) nvpair_value_uint32_array(nvp,
1892 			    (uint32_t **)&in6, &x);
1893 
1894 			/* see if there's an old value and diff it */
1895 
1896 			res = nvlist_lookup_uint32_array(old, nme,
1897 			    (uint32_t **)&oin6, &x);
1898 			if (res == 0) {
1899 				/* diff each of the 16 v6 address bytes */
1900 
1901 				for (x = 0; x < 16; x++) {
1902 					if (in6->s6_addr[x] !=
1903 					    oin6->s6_addr[x]) {
1904 						diff++;
1905 						break;
1906 					}
1907 				}
1908 			}
1909 			break;
1910 		}
1911 		/* boolean */
1912 		case IPQOS_DATA_TYPE_BOOLEAN: {
1913 			boolean_t bl;
1914 			boolean_t obl;
1915 
1916 			(void) nvpair_value_uint32(nvp, (uint32_t *)&bl);
1917 
1918 			/* see if there's an old value and diff it */
1919 			res = nvlist_lookup_uint32(old, nme, (uint32_t *)&obl);
1920 			if (res == 0) {
1921 				diff = (bl != obl);
1922 
1923 			/* compare against default if present */
1924 			} else if (*dfltst) {
1925 				res = readbool(dfltst, &obl);
1926 				if (res == IPQOS_CONF_SUCCESS) {
1927 					diff = (bl != obl);
1928 				}
1929 			}
1930 			break;
1931 		}
1932 		/* uint 8 */
1933 		case IPQOS_DATA_TYPE_UINT8: {
1934 			uint8_t u8;
1935 			uint8_t ou8;
1936 
1937 			(void) nvpair_value_byte(nvp, (uchar_t *)&u8);
1938 			res = nvlist_lookup_byte(old, nme, (uchar_t *)&ou8);
1939 			if (res == 0) {
1940 				diff = (u8 != ou8);
1941 			} else if (*dfltst) {
1942 				res = readuint8(dfltst, &ou8, &lo);
1943 				if (res == IPQOS_CONF_SUCCESS) {
1944 					diff = (u8 != ou8);
1945 				}
1946 			}
1947 			break;
1948 		}
1949 		/* int 16 */
1950 		case IPQOS_DATA_TYPE_INT16: {
1951 			int16_t i16;
1952 			int16_t oi16;
1953 
1954 			(void) nvpair_value_int16(nvp, &i16);
1955 			res = nvlist_lookup_int16(old, nme, &oi16);
1956 			if (res == 0) {
1957 				diff = (i16 != oi16);
1958 			} else if (*dfltst) {
1959 				res = readint16(dfltst, &oi16, &lo);
1960 				if (res == IPQOS_CONF_SUCCESS) {
1961 					diff = (i16 != oi16);
1962 				}
1963 			}
1964 			break;
1965 		}
1966 		/* uint16 */
1967 		case IPQOS_DATA_TYPE_UINT16: {
1968 			uint16_t ui16;
1969 			uint16_t oui16;
1970 
1971 			(void) nvpair_value_uint16(nvp, &ui16);
1972 			res = nvlist_lookup_uint16(old, nme, &oui16);
1973 			if (res == 0) {
1974 				diff = (ui16 != oui16);
1975 			} else if (*dfltst) {
1976 				res = readuint16(dfltst, &oui16, &lo);
1977 				if (res == IPQOS_CONF_SUCCESS) {
1978 					diff = (ui16 != oui16);
1979 				}
1980 			}
1981 			break;
1982 		}
1983 		/*
1984 		 * int32 and user.
1985 		 * Since user uids are stored in an int32 nvpair we can use
1986 		 * the same comparison code.
1987 		 */
1988 		case IPQOS_DATA_TYPE_USER:
1989 		case IPQOS_DATA_TYPE_INT32: {
1990 			int32_t i32;
1991 			int32_t oi32;
1992 
1993 			(void) nvpair_value_int32(nvp, &i32);
1994 			res = nvlist_lookup_int32(old, nme, &oi32);
1995 			if (res == 0) {
1996 				diff = (i32 != oi32);
1997 			} else if (*dfltst) {
1998 				res = readint32(dfltst, &oi32, &lo);
1999 				if (res == IPQOS_CONF_SUCCESS) {
2000 					diff = (i32 != oi32);
2001 				}
2002 			}
2003 			break;
2004 		}
2005 		/* uint32 */
2006 		case IPQOS_DATA_TYPE_UINT32: {
2007 			uint32_t ui32;
2008 			uint32_t oui32;
2009 
2010 			(void) nvpair_value_uint32(nvp, &ui32);
2011 			res = nvlist_lookup_uint32(old, nme, &oui32);
2012 			if (res == 0) {
2013 				diff = (ui32 != oui32);
2014 			} else if (*dfltst) {
2015 				res = readuint32(dfltst, &oui32, &lo);
2016 				if (res == IPQOS_CONF_SUCCESS) {
2017 					diff = (ui32 != oui32);
2018 				}
2019 			}
2020 			break;
2021 		}
2022 		/* enumeration */
2023 		case IPQOS_DATA_TYPE_ENUM: {
2024 			uint32_t eval;
2025 			uint32_t oeval;
2026 
2027 			(void) nvpair_value_uint32(nvp, &eval);
2028 			res = nvlist_lookup_uint32(old, nme, &oeval);
2029 			if (res == 0) {
2030 				diff = (eval != oeval);
2031 			} else if (*dfltst) {
2032 				res = readuint32(dfltst, &oeval, &lo);
2033 				if (res == IPQOS_CONF_SUCCESS) {
2034 					diff = (eval != oeval);
2035 				}
2036 			}
2037 			break;
2038 		}
2039 		case IPQOS_DATA_TYPE_M_INDEX: {
2040 			uint8_t idx, oidx;
2041 
2042 			(void) nvpair_value_byte(nvp, &idx);
2043 			res = nvlist_lookup_byte(old, nme, &oidx);
2044 			if (res == 0)
2045 				diff = (idx != oidx);
2046 			break;
2047 		}
2048 		case IPQOS_DATA_TYPE_INT_ARRAY: {
2049 			int *oarr, *arr;
2050 			uint32_t osize, size;
2051 
2052 			(void) nvpair_value_int32_array(nvp, &arr, &size);
2053 			res = nvlist_lookup_int32_array(old, nme, &oarr,
2054 			    &osize);
2055 			if (res == 0)
2056 				diff = (arrays_equal(arr, oarr, size) ==
2057 				    B_FALSE);
2058 			break;
2059 		}
2060 #ifdef	_IPQOS_CONF_DEBUG
2061 		default: {
2062 			/* shouldn't get here as all types should be covered */
2063 			assert(1);
2064 		}
2065 #endif
2066 		}	/* switch */
2067 		if (diff != 0) {
2068 			IPQOSCDBG1(DIFF, "parameter %s different\n", nme);
2069 			*pdiff = 1;
2070 			(void) fclose(tfp);
2071 			return (IPQOS_CONF_SUCCESS);
2072 		}
2073 
2074 
2075 		nvp = nvlist_next_nvpair(new, nvp);
2076 
2077 	}
2078 
2079 	/* now compare all the stuff in the second list with the first */
2080 	if (first_pass) {
2081 		tmp = old;
2082 		old = new;
2083 		new = tmp;
2084 		first_pass = 0;
2085 		goto start;
2086 	}
2087 
2088 	(void) fclose(tfp);
2089 
2090 	*pdiff = 0;
2091 	return (IPQOS_CONF_SUCCESS);
2092 }
2093 
2094 
2095 
2096 /* ************************** difference application *********************** */
2097 
2098 
2099 
2100 /*
2101  * causes all items marked as requiring change in actions and old_actions
2102  * to have the change applied.
2103  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2104  */
2105 static int
2106 applydiff(
2107 ipqos_conf_action_t *actions,
2108 ipqos_conf_action_t *old_actions)
2109 {
2110 
2111 	int res;
2112 
2113 	IPQOSCDBG0(L1, "In applydiff:\n");
2114 
2115 
2116 	/* add each item marked as new */
2117 
2118 	res = add_items(actions, B_FALSE);
2119 	if (res != IPQOS_CONF_SUCCESS) {
2120 		return (res);
2121 	}
2122 
2123 	/* modify items marked for modification */
2124 
2125 	res = modify_items(actions);
2126 	if (res != IPQOS_CONF_SUCCESS) {
2127 		return (res);
2128 	}
2129 
2130 	/* delete items marked for deletion */
2131 
2132 	res = remove_items(old_actions, B_FALSE);
2133 	if (res != IPQOS_CONF_SUCCESS) {
2134 		return (res);
2135 	}
2136 
2137 	return (IPQOS_CONF_SUCCESS);
2138 }
2139 
2140 static int
2141 add_items(
2142 ipqos_conf_action_t *actions,
2143 boolean_t rem_undo)
2144 {
2145 
2146 	int res;
2147 	ipqos_conf_action_t *act;
2148 
2149 	IPQOSCDBG1(L1, "In add_items, rem_undo: %u\n", rem_undo);
2150 
2151 	/*
2152 	 * we need to create ipgpc action before any others as some actions
2153 	 * such as ftpcl which make calls to it depend on it being there on
2154 	 * their creation.
2155 	 */
2156 	act = actionexist(IPGPC_CLASSIFY, actions);
2157 	if (act &&
2158 	    (rem_undo == B_FALSE && act->new == B_TRUE ||
2159 	    rem_undo == B_TRUE && act->deleted == B_TRUE)) {
2160 
2161 		res = add_action(act);
2162 		if (res != IPQOS_CONF_SUCCESS) {
2163 			return (res);
2164 		}
2165 	}
2166 
2167 	/*
2168 	 * loop though action list and add any actions marked as
2169 	 * new/modified action and apply any additions there, then return.
2170 	 */
2171 
2172 	for (act = actions; act; act = act->next) {
2173 		res = add_item(act, rem_undo);
2174 		if (res != IPQOS_CONF_SUCCESS) {
2175 			return (IPQOS_CONF_ERR);
2176 		}
2177 	}
2178 
2179 	return (IPQOS_CONF_SUCCESS);
2180 }
2181 
2182 
2183 /*
2184  *
2185  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2186  */
2187 static int
2188 add_item(
2189 ipqos_conf_action_t *actions,
2190 boolean_t rem_undo)
2191 {
2192 
2193 	ipqos_conf_action_t *act = actions;
2194 	int res;
2195 	ipqos_conf_class_t *cls;
2196 	ipqos_conf_act_ref_t *pact;
2197 
2198 	IPQOSCDBG2(L1, "In add_item: action: %s, rem_undo: %u\n",
2199 	    actions->name, rem_undo);
2200 
2201 	/* if already visited return immediately */
2202 
2203 	if (act->visited == ADD_VISITED) {
2204 		IPQOSCDBG0(L1, "Early exit due to visited\n");
2205 		return (IPQOS_CONF_SUCCESS);
2206 	}
2207 	act->visited = ADD_VISITED;
2208 
2209 
2210 	/* recurse to last action in tree */
2211 
2212 	for (cls = act->classes; cls; cls = cls->next) {
2213 
2214 		/* if not virtual action */
2215 
2216 		if (cls->alist->action) {
2217 			res = add_item(cls->alist->action, rem_undo);
2218 			if (res != IPQOS_CONF_SUCCESS) {
2219 				return (res);
2220 			}
2221 		}
2222 	}
2223 
2224 	for (pact = act->params->actions; pact; pact = pact->next) {
2225 
2226 		/* if not virtual */
2227 
2228 		if (pact->action) {
2229 			res = add_item(pact->action, rem_undo);
2230 			if (res != IPQOS_CONF_SUCCESS) {
2231 				return (res);
2232 			}
2233 		}
2234 	}
2235 
2236 
2237 	/* if action marked as new and not ipgpc, create */
2238 
2239 	if (((rem_undo == B_FALSE && act->new == B_TRUE) ||
2240 	    (rem_undo == B_TRUE && act->deleted == B_TRUE)) &&
2241 	    strcmp(act->name, IPGPC_CLASSIFY) != 0) {
2242 		res = add_action(act);
2243 		if (res != IPQOS_CONF_SUCCESS) {
2244 			return (res);
2245 		}
2246 	}
2247 
2248 	/* add any classes and filters marked as new */
2249 
2250 	if (add_classes(act->classes, act->name, act->module_version,
2251 	    rem_undo) != IPQOS_CONF_SUCCESS ||
2252 	    add_filters(act->filters, act->name, act->module_version,
2253 	    rem_undo) != IPQOS_CONF_SUCCESS) {
2254 		return (IPQOS_CONF_ERR);
2255 	}
2256 
2257 	return (IPQOS_CONF_SUCCESS);
2258 }
2259 
2260 
2261 /*
2262  * Uses the contents of acts params nvlist and adds an originator
2263  * element set to ipqosconf and the stats parameter. This list
2264  * is then used as the parameter to a call to ipp_action_create to create
2265  * this action in the kernel.
2266  * RETURNS: IPQOS_CONF_ERR on err, else IPQOS_CONF_SUCCESS.
2267  */
2268 static int
2269 add_action(ipqos_conf_action_t *act)
2270 {
2271 
2272 	int res;
2273 	nvlist_t **nvl;
2274 
2275 	IPQOSCDBG2(APPLY, "add_action: action: %s, module: %s\n", act->name,
2276 	    act->module);
2277 
2278 	nvl = &act->params->nvlist;
2279 
2280 	/* alloc params nvlist if not already one */
2281 
2282 	if (*nvl == NULL) {
2283 		res = nvlist_alloc(nvl, NV_UNIQUE_NAME, 0);
2284 		if (res != 0) {
2285 			ipqos_msg(MT_ENOSTR, "nvlist_alloc");
2286 			return (IPQOS_CONF_ERR);
2287 		}
2288 	}
2289 
2290 	/*
2291 	 * add module version
2292 	 */
2293 	if (nvlist_add_uint32(*nvl, IPP_MODULE_VERSION,
2294 	    (uint32_t)act->module_version) != 0) {
2295 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32");
2296 		return (IPQOS_CONF_ERR);
2297 	}
2298 
2299 	/* add action stats */
2300 
2301 	if (nvlist_add_uint32(*nvl, IPP_ACTION_STATS_ENABLE,
2302 	    (uint32_t)act->params->stats_enable) != 0) {
2303 		ipqos_msg(MT_ENOSTR, "nvlist_add_uint32: action stats");
2304 		return (IPQOS_CONF_ERR);
2305 	}
2306 
2307 	/* add ipqosconf originator id */
2308 
2309 	if (add_orig_ipqosconf(*nvl) != IPQOS_CONF_SUCCESS) {
2310 		return (IPQOS_CONF_ERR);
2311 	}
2312 
2313 	/* call into lib to create action */
2314 
2315 	res = ipp_action_create(act->module, act->name, nvl, 0);
2316 	if (res != 0) {
2317 		IPQOSCDBG2(APPLY, "Create action %s, module %s failed\n",
2318 		    act->name, act->module);
2319 
2320 		/* invalid params */
2321 
2322 		if (errno == EINVAL) {
2323 			ipqos_msg(MT_ERROR,
2324 			    gettext("Invalid Parameters for action %s.\n"),
2325 			    act->name);
2326 
2327 		} else if (errno == ENOENT) {
2328 			ipqos_msg(MT_ERROR,
2329 			    gettext("Missing required parameter for action "
2330 			    "%s.\n"), act->name);
2331 
2332 		} else {	/* unexpected error */
2333 			ipqos_msg(MT_ERROR, gettext("Failed to create action "
2334 			    "%s: %s.\n"), act->name, strerror(errno));
2335 		}
2336 
2337 		return (IPQOS_CONF_ERR);
2338 	}
2339 
2340 	/* mark action as created */
2341 	act->cr_mod = B_TRUE;
2342 
2343 	return (IPQOS_CONF_SUCCESS);
2344 }
2345 
2346 /*
2347  * for each of the filters in parameter filters if rem_undo is false and
2348  * the filter is marked as new or if rem_undo is true and the filter is
2349  * marked as deleted then add the filter to the kernel action named by action
2350  * and if successful mark as created.
2351  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
2352  */
2353 static int
2354 add_filters(
2355 ipqos_conf_filter_t *filters,
2356 char *action,
2357 int module_version,
2358 boolean_t rem_undo)
2359 {
2360 
2361 	ipqos_conf_filter_t *flt;
2362 
2363 	IPQOSCDBG0(L1, "In add_filters\n");
2364 
2365 	/* loop through filters in filters param */
2366 	for (flt = filters; flt; flt = flt->next) {
2367 		/*
2368 		 * skip filter if in normal mode and not new filter or
2369 		 * if doing rollback and filter wasn't previously deleted.
2370 		 */
2371 		if ((rem_undo == B_FALSE && flt->new == B_FALSE) ||
2372 		    (rem_undo == B_TRUE && flt->deleted == B_FALSE)) {
2373 			continue;
2374 		}
2375 
2376 		/* add filter to action */
2377 		if (add_filter(action, flt, module_version) !=
2378 		    IPQOS_CONF_SUCCESS) {
2379 			return (IPQOS_CONF_ERR);
2380 		}
2381 
2382 		/* mark as created */
2383 		flt->cr_mod = B_TRUE;
2384 	}
2385 
2386 	return (IPQOS_CONF_SUCCESS);
2387 }
2388 
2389 /*
2390  * for each of the classes in parameter classes if rem_undo is false and
2391  * the class is marked as new or if rem_undo is true and the class is
2392  * marked as deleted then add the class to the kernel action named by action
2393  * and if successful mark as created.
2394  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
2395  */
2396 int
2397 add_classes(
2398 ipqos_conf_class_t *classes,
2399 char *action,
2400 int module_version,
2401 boolean_t rem_undo) {
2402 
2403 	int res;
2404 	ipqos_conf_class_t *cls;
2405 
2406 	IPQOSCDBG0(L1, "In add_classes\n");
2407 
2408 	/* for each class */
2409 	for (cls = classes; cls; cls = cls->next) {
2410 		/*
2411 		 * skip class if in normal mode and not new class or
2412 		 * if doing rollback and class wasn't deleted.
2413 		 */
2414 		if ((rem_undo == B_FALSE && cls->new == B_FALSE) ||
2415 		(rem_undo == B_TRUE && cls->deleted == B_FALSE)) {
2416 			continue;
2417 		}
2418 
2419 		/* add class to action */
2420 		res = add_class(action, cls->name, module_version,
2421 		    cls->stats_enable, cls->alist->name);
2422 		if (res != IPQOS_CONF_SUCCESS) {
2423 			return (IPQOS_CONF_ERR);
2424 		}
2425 
2426 		/* mark class as created */
2427 		cls->cr_mod = B_TRUE;
2428 	}
2429 
2430 	return (IPQOS_CONF_SUCCESS);
2431 }
2432 
2433 /*
2434  * For each of the actions in actions remove the action if marked as
2435  * such or remove any objects within marked as such.
2436  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2437  */
2438 static int
2439 remove_items(
2440 ipqos_conf_action_t *actions,
2441 boolean_t add_undo)
2442 {
2443 
2444 	int res;
2445 	ipqos_conf_action_t *act;
2446 
2447 	IPQOSCDBG1(L0, "In remove_items, add_undo: %u\n", add_undo);
2448 
2449 	/*
2450 	 * loop through actions removing any actions, or action contents
2451 	 * that are marked as such.
2452 	 */
2453 	for (act = actions; act; act = act->next) {
2454 		res = remove_item(act, add_undo);
2455 		if (res != IPQOS_CONF_SUCCESS) {
2456 			return (res);
2457 		}
2458 	}
2459 
2460 	return (IPQOS_CONF_SUCCESS);
2461 }
2462 
2463 /*
2464  * Deletes this action if marked for deletion or any of it's contents marked
2465  * for deletion. If the action is marked for deletion any actions referencing
2466  * this action are destroyed first if marked or have their contents destroyed
2467  * if marked. This is recursive.
2468  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2469  */
2470 static int
2471 remove_item(
2472 ipqos_conf_action_t *act,
2473 boolean_t add_undo)
2474 {
2475 
2476 	ipqos_conf_class_t *cls;
2477 	ipqos_conf_filter_t *flt;
2478 	ipqos_conf_act_ref_t *dep;
2479 	int res;
2480 
2481 	IPQOSCDBG3(L1, "In remove_item: action: %s, add_undo: %u, mod: %u\n",
2482 	    act->name, add_undo, act->modified);
2483 
2484 
2485 	/* return immmediately if previously visited in remove phase */
2486 
2487 	if (act->visited == REM_VISITED) {
2488 		IPQOSCDBG0(L1, "Exit due to REM_VISITED set\n");
2489 		return (IPQOS_CONF_SUCCESS);
2490 	}
2491 	act->visited = REM_VISITED;
2492 
2493 
2494 	/* if this action is to be deleted */
2495 
2496 	if (add_undo == B_FALSE && act->todel == B_TRUE ||
2497 	    add_undo == B_TRUE && act->new == B_TRUE &&
2498 	    act->cr_mod == B_TRUE) {
2499 
2500 		/* modify parent actions first */
2501 
2502 		for (dep = act->dependencies; dep; dep = dep->next) {
2503 			res = remove_item(dep->action, add_undo);
2504 			if (res != IPQOS_CONF_SUCCESS) {
2505 				return (res);
2506 			}
2507 		}
2508 
2509 		/* delete this action */
2510 
2511 			IPQOSCDBG1(APPLY, "deleting action %s\n", act->name);
2512 		res = ipp_action_destroy(act->name, 0);
2513 		if (res != 0) {
2514 			IPQOSCDBG1(APPLY, "failed to destroy action %s\n",
2515 			    act->name);
2516 			return (IPQOS_CONF_ERR);
2517 		}
2518 
2519 		/* flag as deleted */
2520 
2521 		act->deleted = B_TRUE;
2522 
2523 	/* if modified action */
2524 
2525 	} else if (act->modified == B_TRUE) {
2526 
2527 		/* loop through removing any filters marked for del */
2528 
2529 		for (flt = act->filters; flt; flt = flt->next) {
2530 			if ((add_undo == B_FALSE && flt->todel == B_TRUE) ||
2531 			    (add_undo == B_TRUE && flt->new == B_TRUE &&
2532 			    flt->cr_mod == B_TRUE)) {
2533 
2534 				/* do deletion */
2535 
2536 				res = remove_filter(act->name, flt->name,
2537 				    flt->instance, act->module_version);
2538 				if (res != IPQOS_CONF_SUCCESS) {
2539 					IPQOSCDBG2(APPLY, "failed to destroy "
2540 					    "filter %s, inst: %d\n", flt->name,
2541 					    flt->instance);
2542 
2543 					return (IPQOS_CONF_ERR);
2544 				}
2545 
2546 				/* flag deleted */
2547 
2548 				flt->deleted = B_TRUE;
2549 			}
2550 		}
2551 
2552 		/* remove any classes marked for del */
2553 
2554 		for (cls = act->classes; cls; cls = cls->next) {
2555 			if ((add_undo == B_FALSE && cls->todel == B_TRUE) ||
2556 			    (add_undo == B_TRUE && cls->new == B_TRUE &&
2557 			    cls->cr_mod == B_TRUE)) {
2558 
2559 				/* do deletion */
2560 
2561 				res = remove_class(act->name, cls->name,
2562 				    act->module_version, 0);
2563 				if (res != IPQOS_CONF_SUCCESS) {
2564 					IPQOSCDBG1(APPLY, "failed to destroy "
2565 					    "class %s\n", cls->name);
2566 
2567 					return (IPQOS_CONF_ERR);
2568 				}
2569 
2570 				/* flag deleted */
2571 
2572 				cls->deleted = B_TRUE;
2573 			}
2574 		}
2575 
2576 		/* mark action as having been modified */
2577 
2578 		act->cr_mod = B_TRUE;
2579 	}
2580 
2581 	return (IPQOS_CONF_SUCCESS);
2582 }
2583 
2584 /*
2585  * for each of the actions in parameter actions apply any objects marked as
2586  * modified as a modification to the kernel action represented.
2587  * RETURNS: IPQOS_CONF_ERR on err, else IPQOS_CONF_SUCCESS.
2588  */
2589 static int
2590 modify_items(ipqos_conf_action_t *actions)
2591 {
2592 
2593 	ipqos_conf_action_t *act;
2594 	int res;
2595 	ipqos_conf_filter_t *flt;
2596 	ipqos_conf_class_t *cls;
2597 
2598 
2599 	IPQOSCDBG0(L1, "In modify_items\n");
2600 
2601 	/* loop through actions in parameter actions */
2602 
2603 	for (act = actions; act; act = act->next) {
2604 
2605 		/* skip unchanged actions */
2606 
2607 		if (act->modified == B_FALSE) {
2608 			continue;
2609 		}
2610 
2611 		/* apply any parameter mods */
2612 
2613 		if (act->params->modified) {
2614 			res = modify_params(act->name,
2615 			    &act->params->nvlist,
2616 			    act->module_version, act->params->stats_enable);
2617 			if (res != IPQOS_CONF_SUCCESS) {
2618 				return (IPQOS_CONF_ERR);
2619 			}
2620 
2621 			act->params->cr_mod = B_TRUE;
2622 		}
2623 
2624 		/* apply any class mods */
2625 
2626 		for (cls = act->classes; cls; cls = cls->next) {
2627 			if (cls->modified) {
2628 				res = modify_class(act->name, cls->name,
2629 				    act->module_version, cls->stats_enable,
2630 				    cls->alist->name, 0);
2631 				if (res != IPQOS_CONF_SUCCESS) {
2632 					return (IPQOS_CONF_ERR);
2633 				}
2634 
2635 				/* mark modification done */
2636 				cls->cr_mod = B_TRUE;
2637 			}
2638 		}
2639 
2640 		/* apply any filter mods */
2641 
2642 		for (flt = act->filters; flt; flt = flt->next) {
2643 			if (flt->modified) {
2644 				res = modify_filter(act->name, flt,
2645 				    act->module_version);
2646 				if (res != 0) {
2647 					return (IPQOS_CONF_ERR);
2648 				}
2649 
2650 				/* mark modification done */
2651 				flt->cr_mod = B_TRUE;
2652 			}
2653 		}
2654 
2655 		/* mark action modified */
2656 
2657 		act->cr_mod = B_TRUE;
2658 	}
2659 
2660 	return (IPQOS_CONF_SUCCESS);
2661 }
2662 
2663 /*
2664  * For each of the objects of each of the actions in nactions that are
2665  * marked as having been modified the object modification is done in
2666  * reverse using the same named object from oactions.
2667  * RETURNS: IPQOS_CONF_ERR on error, IPQOS_CONF_SUCCESS otherwise.
2668  */
2669 static int
2670 undo_modifys(
2671 ipqos_conf_action_t *oactions,
2672 ipqos_conf_action_t *nactions)
2673 {
2674 
2675 	ipqos_conf_filter_t *flt;
2676 	ipqos_conf_class_t *cls;
2677 	ipqos_conf_action_t *act;
2678 	ipqos_conf_action_t *oldact;
2679 	ipqos_conf_filter_t *oldflt;
2680 	ipqos_conf_class_t *oldcls;
2681 	int res;
2682 
2683 	IPQOSCDBG0(L1, "In undo_modifys:\n");
2684 
2685 	/* loop throught new actions */
2686 
2687 	for (act = nactions; act; act = act->next) {
2688 		oldact = actionexist(act->name, oactions);
2689 
2690 		/*
2691 		 * if the action was new then it will be removed and
2692 		 * any permamanent items that were marked for modify
2693 		 * will dissappear, so ignore action.
2694 		 */
2695 		if (oldact == NULL) {
2696 			continue;
2697 		}
2698 
2699 		/* if parameters were modified switch them back */
2700 
2701 		if (act->params->modified == B_TRUE &&
2702 		    act->params->cr_mod == B_TRUE) {
2703 			res = modify_params(act->name,
2704 			    &oldact->params->nvlist,
2705 			    act->module_version, act->params->stats_enable);
2706 			if (res != IPQOS_CONF_SUCCESS) {
2707 				return (res);
2708 			}
2709 		}
2710 
2711 		/* for each filter in action if filter modified switch back */
2712 
2713 		for (flt = act->filters; flt; flt = flt->next) {
2714 			if (flt->modified == B_TRUE &&
2715 			    flt->cr_mod == B_TRUE) {
2716 				oldflt = filterexist(flt->name, -1,
2717 				    oldact->filters);
2718 				res = modify_filter(act->name, oldflt,
2719 				    act->module_version);
2720 				if (res != IPQOS_CONF_SUCCESS) {
2721 					return (res);
2722 				}
2723 			}
2724 		}
2725 
2726 		/* for each class in action if class modified switch back */
2727 
2728 		for (cls = act->classes; cls; cls = cls->next) {
2729 			if (cls->modified == B_TRUE &&
2730 			    cls->cr_mod == B_TRUE) {
2731 				oldcls = classexist(cls->name, oldact->classes);
2732 				if (oldcls->alist) {
2733 					res = modify_class(act->name,
2734 					    cls->name, act->module_version,
2735 					    oldcls->stats_enable,
2736 					    oldcls->alist->name, 0);
2737 				}
2738 				if (res != IPQOS_CONF_SUCCESS) {
2739 					return (res);
2740 				}
2741 			}
2742 		}
2743 	}
2744 
2745 	/*
2746 	 * Go through the old actions modifying perm filters and classes
2747 	 * whose action was deleted.
2748 	 *
2749 	 */
2750 	for (act = oactions; act != NULL; act = act->next) {
2751 
2752 		if (act->deleted == B_FALSE) {
2753 			continue;
2754 		}
2755 
2756 		for (flt = act->filters; flt != NULL; flt = flt->next) {
2757 			if (flt->originator == IPP_CONFIG_PERMANENT) {
2758 				res = modify_filter(act->name, flt,
2759 				    act->module_version);
2760 				if (res != IPQOS_CONF_SUCCESS) {
2761 					return (res);
2762 				}
2763 			}
2764 		}
2765 
2766 		for (cls = act->classes; cls != NULL; cls = cls->next) {
2767 			if (cls->originator == IPP_CONFIG_PERMANENT) {
2768 				res = modify_class(act->name, cls->name,
2769 				    act->module_version, cls->stats_enable,
2770 				    cls->alist->name, 0);
2771 				if (res != IPQOS_CONF_SUCCESS) {
2772 					return (res);
2773 				}
2774 			}
2775 
2776 		}
2777 	}
2778 
2779 	return (IPQOS_CONF_SUCCESS);
2780 }
2781 
2782 
2783 /*
2784  * causes all changes marked as being done in actions and old_actions
2785  * to be undone.
2786  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
2787  */
2788 static int
2789 rollback(
2790 ipqos_conf_action_t *actions,
2791 ipqos_conf_action_t *old_actions)
2792 {
2793 
2794 	int res;
2795 
2796 	IPQOSCDBG0(RBK, "In rollback:\n");
2797 
2798 	/* re-add items that were deleted */
2799 
2800 	res = add_items(old_actions, B_TRUE);
2801 	if (res != IPQOS_CONF_SUCCESS) {
2802 		return (res);
2803 	}
2804 
2805 	/* change modified items back how they were */
2806 
2807 	res = undo_modifys(old_actions, actions);
2808 	if (res != IPQOS_CONF_SUCCESS) {
2809 		return (res);
2810 	}
2811 
2812 	/* remove new items that were added */
2813 
2814 	res = remove_items(actions, B_TRUE);
2815 	if (res != IPQOS_CONF_SUCCESS) {
2816 		return (res);
2817 	}
2818 
2819 	return (IPQOS_CONF_SUCCESS);
2820 }
2821 
2822 /* ******************************* print config **************************** */
2823 
2824 /*
2825  * Prints the username of the user with uid 'uid' to 'fp' if the uid belongs
2826  * to a known user on the system, otherwise just print 'uid'.
2827  */
2828 static void
2829 printuser(
2830 FILE *fp,
2831 uid_t uid)
2832 {
2833 	struct passwd *pwd;
2834 
2835 	IPQOSCDBG0(L0, "In printuser\n");
2836 
2837 	pwd = getpwuid(uid);
2838 	if (pwd != NULL) {
2839 		(void) fprintf(fp, "%s\n", pwd->pw_name);
2840 	} else {
2841 		(void) fprintf(fp, "%u\n", (int)uid);
2842 	}
2843 }
2844 
2845 /*
2846  * print either a single value of start to fp (if start equals end), else
2847  * print start'-'end if start is the smaller of the two values, otherwise
2848  * print end'-'start.
2849  */
2850 static void
2851 printrange(
2852 FILE *fp,
2853 uint32_t start,
2854 uint32_t end)
2855 {
2856 	uint32_t tmp;
2857 
2858 	if (start > end) {
2859 		tmp = start;
2860 		start = end;
2861 		end = tmp;
2862 	}
2863 
2864 	(void) fprintf(fp, "%u", start);
2865 	if (end != start)
2866 		(void) fprintf(fp, "-%u", end);
2867 }
2868 
2869 /*
2870  * print the contents of the array arr to fp in the form:
2871  * {0-6:1;7-12:2;13:3.....} or {0-6:GREEN;7-12:YELLOW:...}
2872  * dependant upon whether this is an integer or enumerated array resectively
2873  * (if enum_nvs isn't set to NULL this is assumed to be an enumerated array);
2874  * where 0-6 is the range of indexes with value 1 (or GREEN), 7-12 the range
2875  * with value 2 (or YELLOW), and so forth. size is the array size and llimit
2876  * and ulimit are the lower and upper limits of the array values printed
2877  * respectively. For enumerated arrays enum_nvs carries the list of name
2878  * and value pairs and ulimit and llimit parameters are ignored and instead
2879  * determined from the enum_nvs list.
2880  */
2881 static void
2882 print_int_array(
2883 FILE *fp,
2884 int arr[],
2885 uint32_t size,
2886 int llimit,
2887 int ulimit,
2888 str_val_nd_t *enum_nvs,
2889 int tab_inserts)
2890 {
2891 	int x, y;
2892 	uint32_t first, last;
2893 	boolean_t first_entry;	/* first 'ranges:value' to be printed ? */
2894 	boolean_t first_range;	/* first range for a value to be printed ? */
2895 	boolean_t found_range;	/* did we find a range for this value ? */
2896 
2897 	IPQOSCDBG4(L0, "In print_int_array: size: %u, llimit: %u, ulimit: %u, "
2898 	    "enum_nvs: %x \n", size, llimit, ulimit, enum_nvs);
2899 
2900 	/*
2901 	 * if an enumeration retrieve value range.
2902 	 */
2903 	if (enum_nvs != NULL)
2904 		get_str_val_value_range(enum_nvs, &llimit, &ulimit);
2905 
2906 	/*
2907 	 * print opening curl.
2908 	 */
2909 	(void) fprintf(fp, "%c\n", CURL_BEGIN);
2910 	PRINT_TABS(fp, tab_inserts + 1);
2911 
2912 	first_entry = B_TRUE;
2913 	/*
2914 	 * for each value in range.
2915 	 */
2916 	for (x = llimit; x <= ulimit; x++) {
2917 		found_range = B_FALSE;
2918 		first_range = B_TRUE;
2919 		y = 0;
2920 		/*
2921 		 * scan array and print ranges of indexes with value x.
2922 		 */
2923 		while (y < size) {
2924 			/*
2925 			 * get first occurence of value for this range.
2926 			 */
2927 			while ((arr[y] != x) && (y < size))
2928 				y++;
2929 			if (y == size) {
2930 				break;
2931 			} else {
2932 				found_range = B_TRUE;
2933 			}
2934 			first = y;
2935 
2936 			/*
2937 			 * get last occurence of value for this range.
2938 			 */
2939 			while ((arr[y] == x) && (y < size))
2940 				y++;
2941 			last = y - 1;
2942 
2943 			/*
2944 			 * print entry delimiter (semi-colon)? It must be
2945 			 * the first range for this value and this mustn't
2946 			 * be the first 'ranges:value' entry.
2947 			 */
2948 			if (!first_entry && first_range) {
2949 				(void) fprintf(fp, ";\n");
2950 				PRINT_TABS(fp, tab_inserts + 1);
2951 			} else {
2952 				first_entry = B_FALSE;
2953 			}
2954 
2955 			/*
2956 			 * print comma (range delimeter) only if there was
2957 			 * a previous range for this value.
2958 			 */
2959 			if (!first_range) {
2960 				(void) fprintf(fp, ",");
2961 			} else {
2962 				first_range = B_FALSE;
2963 			}
2964 
2965 			/*
2966 			 * print range.
2967 			 */
2968 			printrange(fp, first, last);
2969 		}
2970 		/*
2971 		 * only print a colon and value if we found a range with
2972 		 * this value.
2973 		 */
2974 		if (found_range) {
2975 			(void) fprintf(fp, ":");
2976 
2977 			/*
2978 			 * print numeric/symbolic value.
2979 			 */
2980 			if (enum_nvs) {
2981 				printenum(fp, x, enum_nvs);
2982 			} else {
2983 				(void) fprintf(fp, "%d", x);
2984 			}
2985 		}
2986 	}
2987 
2988 	/*
2989 	 * print closing curl.
2990 	 */
2991 	(void) fprintf(fp, "\n");
2992 	PRINT_TABS(fp, tab_inserts);
2993 	(void) fprintf(fp, "%c\n", CURL_END);
2994 }
2995 
2996 /* print the protocol name for proto, or if unknown protocol number proto. */
2997 static void
2998 printproto(
2999 FILE *fp,
3000 uint8_t proto)
3001 {
3002 
3003 	struct protoent *pent;
3004 
3005 	pent = getprotobynumber(proto);
3006 	if (pent != NULL) {
3007 		(void) fprintf(fp, "%s\n", pent->p_name);
3008 	} else {
3009 		(void) fprintf(fp, "%u\n", proto);
3010 	}
3011 }
3012 
3013 /*
3014  * prints the name associated with interface with index ifindex to fp.
3015  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
3016  */
3017 static int
3018 printifname(
3019 FILE *fp,
3020 int ifindex)
3021 {
3022 
3023 	int s;
3024 	struct lifconf lc;
3025 	struct lifnum ln;
3026 	struct lifreq *lr;
3027 	char *buf;
3028 	int len;
3029 	char *cp;
3030 	int ret;
3031 	int x;
3032 	int idx;
3033 
3034 	/* open socket */
3035 
3036 	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
3037 		ipqos_msg(MT_ENOSTR, gettext("opening AF_INET socket"));
3038 		return (IPQOS_CONF_ERR);
3039 	}
3040 
3041 	/* get number of lifreq structs that need to be alloc'd for */
3042 
3043 	ln.lifn_family = AF_UNSPEC;
3044 	ln.lifn_flags = 0;
3045 	ret = ioctl(s, SIOCGLIFNUM, &ln);
3046 	if (ret < 0) {
3047 		ipqos_msg(MT_ENOSTR, "SIOCLIFNUM ioctl");
3048 		(void) close(s);
3049 		return (IPQOS_CONF_ERR);
3050 	}
3051 
3052 	/* allocate buffer for SIOGLIFCONF ioctl */
3053 
3054 	len = ln.lifn_count * sizeof (struct lifreq);
3055 	buf = malloc(len);
3056 	if (buf == NULL) {
3057 		ipqos_msg(MT_ENOSTR, "malloc");
3058 		(void) close(s);
3059 		return (IPQOS_CONF_ERR);
3060 	}
3061 
3062 	/* setup lifconf params for ioctl */
3063 
3064 	lc.lifc_family = AF_UNSPEC;
3065 	lc.lifc_flags = 0;
3066 	lc.lifc_len = len;
3067 	lc.lifc_buf = buf;
3068 
3069 	/* do SIOCGLIFCONF ioctl */
3070 
3071 	ret = ioctl(s, SIOCGLIFCONF, &lc);
3072 	if (ret < 0) {
3073 		ipqos_msg(MT_ENOSTR, "SIGLIFCONF");
3074 		(void) close(s);
3075 		free(buf);
3076 		return (IPQOS_CONF_ERR);
3077 	}
3078 	(void) close(s);
3079 
3080 	/*
3081 	 * for each interface name given in the returned lifreq list get
3082 	 * it's index and compare with ifindex param. Break if equal.
3083 	 */
3084 	for (x = ln.lifn_count, lr = lc.lifc_req; x > 0; x--, lr++) {
3085 		ret = readifindex(lr->lifr_name, &idx);
3086 		if (ret != IPQOS_CONF_SUCCESS) {
3087 			free(buf);
3088 			return (IPQOS_CONF_ERR);
3089 		}
3090 		if (idx == ifindex) {
3091 			break;
3092 		}
3093 	}
3094 	free(buf);
3095 
3096 	if (x == 0) {
3097 		IPQOSCDBG1(L1, "Failed to find if index %u in returned "
3098 		    "if list.\n", ifindex);
3099 		return (IPQOS_CONF_ERR);
3100 	}
3101 	/* truncate any logical suffix */
3102 
3103 	if ((cp = strchr(lr->lifr_name, '@')) != NULL) {
3104 		*cp = NULL;
3105 	}
3106 
3107 	/* print interface name */
3108 	(void) fprintf(fp, "%s\n", lr->lifr_name);
3109 
3110 	return (IPQOS_CONF_SUCCESS);
3111 }
3112 
3113 /*
3114  * print to fp the enumeration clause evaluating to the value val using the
3115  * names/values given in enum_nvs.
3116  */
3117 static void
3118 printenum(
3119 FILE *fp,
3120 uint32_t val,
3121 str_val_nd_t *enum_nvs)
3122 {
3123 
3124 	boolean_t isfirstval = B_TRUE;
3125 	str_val_nd_t *name_val = enum_nvs;
3126 
3127 	/* for each value in enum_nvs if same bit set in val print name */
3128 
3129 	while (name_val) {
3130 		if ((name_val->sv.value & val) == name_val->sv.value) {
3131 			if (isfirstval == B_TRUE) {
3132 				(void) fprintf(fp, "%s", name_val->sv.string);
3133 				isfirstval = B_FALSE;
3134 			} else {
3135 				(void) fprintf(fp, ", %s", name_val->sv.string);
3136 			}
3137 		}
3138 		name_val = name_val->next;
3139 	}
3140 }
3141 
3142 
3143 /* prints the service name of port, or if unknown the number to fp. */
3144 static void
3145 printport(
3146 FILE *fp,
3147 uint16_t port)
3148 {
3149 
3150 	struct servent *sent;
3151 
3152 	sent = getservbyport(port, NULL);
3153 	if (sent != NULL) {
3154 		(void) fprintf(fp, "%s\n", sent->s_name);
3155 	} else {
3156 		(void) fprintf(fp, "%u\n", ntohs(port));
3157 	}
3158 }
3159 
3160 /*
3161  * prints tp fp the name and value of all user specifiable parameters in the
3162  * nvlist.
3163  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
3164  */
3165 static int
3166 printnvlist(
3167 FILE *fp,
3168 char *module,
3169 nvlist_t *nvl,
3170 int printall,	/* are we want ip addresses printing if node name */
3171 ipqos_conf_filter_t *flt,	/* used to determine if node name set */
3172 int tab_inserts,
3173 place_t place)
3174 {
3175 	FILE *tfp;
3176 	nvpair_t *nvp;
3177 	char *name;
3178 	ipqos_nvtype_t type;
3179 	str_val_nd_t *enum_nvs;
3180 	int ret;
3181 	char dfltst[IPQOS_VALST_MAXLEN+1];
3182 	char *param;
3183 	int openerr;
3184 	int res;
3185 
3186 	IPQOSCDBG0(L1, "In printnvlist\n");
3187 
3188 
3189 	/* open stream to types file */
3190 
3191 	tfp = validmod(module, &openerr);
3192 	if (tfp == NULL) {
3193 		if (openerr) {
3194 			ipqos_msg(MT_ENOSTR, "fopen");
3195 		}
3196 		return (IPQOS_CONF_ERR);
3197 	}
3198 
3199 
3200 	/* go through list getting param name and type and printing it */
3201 
3202 	nvp = nvlist_next_nvpair(nvl, NULL);
3203 	while (nvp) {
3204 
3205 		/* get nvpair name */
3206 		name = nvpair_name(nvp);
3207 		IPQOSCDBG1(L0, "processing element %s.\n", name);
3208 
3209 		/* skip ipgpc params that are not explicitly user settable */
3210 
3211 		if (strcmp(name, IPGPC_FILTER_TYPE) == 0 ||
3212 		    strcmp(name, IPGPC_SADDR_MASK) == 0 ||
3213 		    strcmp(name, IPGPC_DADDR_MASK) == 0 ||
3214 		    strcmp(name, IPGPC_SPORT_MASK) == 0 ||
3215 		    strcmp(name, IPGPC_DPORT_MASK) == 0) {
3216 			nvp = nvlist_next_nvpair(nvl, nvp);
3217 			continue;
3218 		}
3219 
3220 		param = SHORT_NAME(name);
3221 
3222 		/*
3223 		 * get parameter type from types file.
3224 		 */
3225 		place = PL_ANY;
3226 		ret = readtype(tfp, module, param, &type, &enum_nvs, dfltst,
3227 		    B_TRUE, &place);
3228 		if (ret != IPQOS_CONF_SUCCESS) {
3229 			return (ret);
3230 		}
3231 
3232 		/*
3233 		 * for map entries we don't print the map value, only
3234 		 * the index value it was derived from.
3235 		 */
3236 		if (place == PL_MAP) {
3237 			nvp = nvlist_next_nvpair(nvl, nvp);
3238 			continue;
3239 		}
3240 
3241 		/*
3242 		 * the ifindex is converted to the name and printed out
3243 		 * so print the parameter name as ifname.
3244 		 */
3245 		if (strcmp(name, IPGPC_IF_INDEX) == 0) {
3246 			PRINT_TABS(fp, tab_inserts);
3247 			(void) fprintf(fp, "%s ", IPQOS_IFNAME_STR);
3248 		/*
3249 		 * we may not print the address due to us instead printing
3250 		 * the node name in printfilter, therefore we leave the
3251 		 * printing of the parameter in the addresses switch case code.
3252 		 */
3253 		} else if ((strcmp(name, IPGPC_SADDR) != 0 &&
3254 		    strcmp(name, IPGPC_DADDR) != 0)) {
3255 			PRINT_TABS(fp, tab_inserts);
3256 			(void) fprintf(fp, "%s ", param);
3257 		}
3258 
3259 		switch (type) {
3260 			case IPQOS_DATA_TYPE_IFINDEX: {
3261 				uint32_t ifidx;
3262 
3263 				(void) nvpair_value_uint32(nvp, &ifidx);
3264 				(void) printifname(fp, ifidx);
3265 				break;
3266 			}
3267 			case IPQOS_DATA_TYPE_BOOLEAN: {
3268 				boolean_t bl;
3269 
3270 				(void) nvpair_value_uint32(nvp,
3271 				    (uint32_t *)&bl);
3272 				(void) fprintf(fp, "%s\n",
3273 				    bl == B_TRUE ? "true" : "false");
3274 				break;
3275 			}
3276 			case IPQOS_DATA_TYPE_ACTION: {
3277 				char *strval;
3278 
3279 				(void) nvpair_value_string(nvp, &strval);
3280 				print_action_nm(fp, strval);
3281 				break;
3282 			}
3283 			case IPQOS_DATA_TYPE_STRING: {
3284 				char *strval;
3285 
3286 				(void) nvpair_value_string(nvp, &strval);
3287 				(void) fprintf(fp, "%s\n",
3288 				    quote_ws_string(strval));
3289 				break;
3290 			}
3291 			case IPQOS_DATA_TYPE_ADDRESS: {
3292 				uint_t tmp;
3293 				in6_addr_t *addr;
3294 				char addrstr[INET6_ADDRSTRLEN];
3295 				uchar_t ftype;
3296 				int af;
3297 				in6_addr_t *mask;
3298 
3299 				/*
3300 				 * skip addresses that have node names for
3301 				 * non printall listings.
3302 				 */
3303 				if (printall == 0 &&
3304 				    (strcmp(nvpair_name(nvp), IPGPC_SADDR) ==
3305 				    0 && flt->src_nd_name ||
3306 				    strcmp(nvpair_name(nvp), IPGPC_DADDR) ==
3307 				    0 && flt->dst_nd_name)) {
3308 					break;
3309 				}
3310 
3311 				/* we skipped this above */
3312 
3313 				PRINT_TABS(fp, tab_inserts);
3314 				(void) fprintf(fp, "%s ", param);
3315 
3316 				(void) nvpair_value_uint32_array(nvp,
3317 				    (uint32_t **)&addr, &tmp);
3318 
3319 				/* get filter type */
3320 
3321 				(void) nvlist_lookup_byte(nvl,
3322 				    IPGPC_FILTER_TYPE, &ftype);
3323 				if (ftype == IPGPC_V4_FLTR) {
3324 					af = AF_INET;
3325 					addr = (in6_addr_t *)
3326 					&V4_PART_OF_V6((*addr));
3327 				} else {
3328 					af = AF_INET6;
3329 				}
3330 				/* get mask */
3331 
3332 				if (strcmp(nvpair_name(nvp), IPGPC_SADDR) ==
3333 				    0) {
3334 					ret = nvlist_lookup_uint32_array(nvl,
3335 					    IPGPC_SADDR_MASK,
3336 					    (uint32_t **)&mask, &tmp);
3337 				} else {
3338 					ret = nvlist_lookup_uint32_array(nvl,
3339 					    IPGPC_DADDR_MASK,
3340 					    (uint32_t **)&mask, &tmp);
3341 				}
3342 
3343 				/* print address/mask to fp */
3344 
3345 				(void) fprintf(fp, "%s/%u\n",
3346 				    inet_ntop(af, addr, addrstr,
3347 				    INET6_ADDRSTRLEN), masktocidr(af, mask));
3348 				break;
3349 			}
3350 			case IPQOS_DATA_TYPE_ENUM: {
3351 				uint32_t val;
3352 
3353 				(void) nvpair_value_uint32(nvp, &val);
3354 
3355 				/*
3356 				 * print list of tokens resulting in val
3357 				 */
3358 				(void) fprintf(fp, "{ ");
3359 				printenum(fp, val, enum_nvs);
3360 				(void) fprintf(fp, " }\n");
3361 				break;
3362 			}
3363 			case IPQOS_DATA_TYPE_PORT: {
3364 				uint16_t port;
3365 
3366 				(void) nvpair_value_uint16(nvp, &port);
3367 				printport(fp, port);
3368 				break;
3369 			}
3370 			case IPQOS_DATA_TYPE_PROTO: {
3371 				uint8_t proto;
3372 
3373 				(void) nvpair_value_byte(nvp, &proto);
3374 				printproto(fp, proto);
3375 				break;
3376 			}
3377 			case IPQOS_DATA_TYPE_M_INDEX:
3378 			case IPQOS_DATA_TYPE_UINT8: {
3379 				uchar_t u8;
3380 
3381 				(void) nvpair_value_byte(nvp, &u8);
3382 				(void) fprintf(fp, "%u\n", u8);
3383 				break;
3384 			}
3385 			case IPQOS_DATA_TYPE_UINT16: {
3386 				uint16_t u16;
3387 
3388 				(void) nvpair_value_uint16(nvp, &u16);
3389 				(void) fprintf(fp, "%u\n", u16);
3390 				break;
3391 			}
3392 			case IPQOS_DATA_TYPE_INT16: {
3393 				int16_t i16;
3394 
3395 				(void) nvpair_value_int16(nvp, &i16);
3396 				(void) fprintf(fp, "%d\n", i16);
3397 				break;
3398 			}
3399 			case IPQOS_DATA_TYPE_UINT32: {
3400 				uint32_t u32;
3401 
3402 				(void) nvpair_value_uint32(nvp, &u32);
3403 				(void) fprintf(fp, "%u\n", u32);
3404 				break;
3405 			}
3406 			case IPQOS_DATA_TYPE_INT32: {
3407 				int i32;
3408 
3409 				(void) nvpair_value_int32(nvp, &i32);
3410 				(void) fprintf(fp, "%d\n", i32);
3411 				break;
3412 			}
3413 			case IPQOS_DATA_TYPE_INT_ARRAY: {
3414 				str_val_nd_t *arr_enum_nvs = NULL;
3415 				uint32_t size;
3416 				int llimit, ulimit;
3417 				int *arr;
3418 
3419 				(void) nvpair_value_int32_array(nvp, &arr,
3420 				    &size);
3421 
3422 				/*
3423 				 * read array info from types file.
3424 				 */
3425 				res = read_int_array_info(dfltst,
3426 				    &arr_enum_nvs, &size, &llimit, &ulimit,
3427 				    module);
3428 
3429 				/*
3430 				 * print array with numbers, or symbols
3431 				 * if enumerated.
3432 				 */
3433 				if (res == IPQOS_CONF_SUCCESS) {
3434 					print_int_array(fp, arr, size,
3435 					    llimit, ulimit, arr_enum_nvs,
3436 					    tab_inserts);
3437 					if (arr_enum_nvs != NULL) {
3438 						free_str_val_entrys(
3439 						    arr_enum_nvs);
3440 					}
3441 				}
3442 				break;
3443 			}
3444 			case IPQOS_DATA_TYPE_USER: {
3445 				uid_t uid;
3446 
3447 				(void) nvpair_value_int32(nvp, (int *)&uid);
3448 				printuser(fp, uid);
3449 				break;
3450 			}
3451 #ifdef	_IPQOS_CONF_DEBUG
3452 			default: {
3453 				/*
3454 				 * we should have catered for all used data
3455 				 * types that readtype returns.
3456 				 */
3457 				assert(1);
3458 			}
3459 #endif
3460 		}
3461 
3462 		nvp = nvlist_next_nvpair(nvl, nvp);
3463 	}
3464 
3465 	(void) fclose(tfp);
3466 	return (IPQOS_CONF_SUCCESS);
3467 }
3468 
3469 /*
3470  * print a parameter clause for the parmeters given in params to fp.
3471  * If printall is set, then the originator of the parameter object is printed.
3472  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
3473  */
3474 static int
3475 printparams(
3476 FILE *fp,
3477 char *module,
3478 ipqos_conf_params_t *params,
3479 int printall,
3480 int tab_inserts)
3481 {
3482 
3483 	int res;
3484 
3485 	/* print opening clause */
3486 
3487 	PRINT_TABS(fp, tab_inserts);
3488 	(void) fprintf(fp, IPQOS_CONF_PARAMS_STR " {\n");
3489 
3490 	/* print originator name if printall flag set */
3491 
3492 	if (printall) {
3493 		PRINT_TABS(fp, tab_inserts + 1);
3494 		(void) fprintf(stdout, "Originator %s\n",
3495 		    quote_ws_string(get_originator_nm(params->originator)));
3496 	}
3497 
3498 	/* print global stats */
3499 
3500 	PRINT_TABS(fp, tab_inserts + 1);
3501 	(void) fprintf(fp, IPQOS_CONF_GLOBAL_STATS_STR " %s\n",
3502 	    params->stats_enable == B_TRUE ? "true" : "false");
3503 
3504 	/* print module specific parameters */
3505 	res = printnvlist(fp, module, params->nvlist, printall, NULL,
3506 	    tab_inserts + 1, PL_PARAMS);
3507 	if (res != IPQOS_CONF_SUCCESS) {
3508 		return (res);
3509 	}
3510 
3511 	PRINT_TABS(fp, tab_inserts);
3512 	(void) fprintf(fp, "}\n");
3513 
3514 	return (IPQOS_CONF_SUCCESS);
3515 }
3516 
3517 /*
3518  * print the interpreted name of the action_nm parameter if it is a special
3519  * action, else action_nm verbatim to fp parameter.
3520  */
3521 static void
3522 print_action_nm(FILE *fp, char *action_nm)
3523 {
3524 
3525 	if (strcmp(action_nm, IPP_ANAME_CONT) == 0) {
3526 		(void) fprintf(fp, IPQOS_CONF_CONT_STR "\n");
3527 	} else if (strcmp(action_nm, IPP_ANAME_DEFER) == 0) {
3528 		(void) fprintf(fp, IPQOS_CONF_DEFER_STR "\n");
3529 	} else if (strcmp(action_nm, IPP_ANAME_DROP) == 0) {
3530 		(void) fprintf(fp, IPQOS_CONF_DROP_STR "\n");
3531 	} else {
3532 		(void) fprintf(fp, "%s\n", quote_ws_string(action_nm));
3533 	}
3534 }
3535 
3536 /*
3537  * print a class clause for class to fp. If printall is set the originator
3538  * is printed.
3539  */
3540 static void
3541 printclass(
3542 FILE *fp,
3543 ipqos_conf_class_t *class,
3544 int printall,
3545 int tab_inserts)
3546 {
3547 
3548 	/* print opening clause */
3549 
3550 	PRINT_TABS(fp, tab_inserts);
3551 	(void) fprintf(fp, IPQOS_CONF_CLASS_STR " {\n");
3552 
3553 
3554 	/* if printall flag print originator name */
3555 
3556 	if (printall) {
3557 		PRINT_TABS(fp, tab_inserts + 1);
3558 		(void) fprintf(stdout, "Originator %s\n",
3559 		    get_originator_nm(class->originator));
3560 	}
3561 
3562 	/* print name, next action and stats enable */
3563 
3564 	PRINT_TABS(fp, tab_inserts + 1);
3565 	(void) fprintf(fp, IPQOS_CONF_NAME_STR " %s\n",
3566 	    quote_ws_string(class->name));
3567 	PRINT_TABS(fp, tab_inserts + 1);
3568 	(void) fprintf(fp, IPQOS_CONF_NEXT_ACTION_STR " ");
3569 	    print_action_nm(fp, class->alist->name);
3570 	PRINT_TABS(fp, tab_inserts + 1);
3571 	(void) fprintf(fp, IPQOS_CONF_STATS_ENABLE_STR " %s\n",
3572 	    class->stats_enable == B_TRUE ? "true" : "false");
3573 
3574 	PRINT_TABS(fp, tab_inserts);
3575 	(void) fprintf(fp, "}\n");
3576 }
3577 
3578 /*
3579  * Returns a ptr to the originator name associated with origid. If unknown
3580  * id returns ptr to "unknown".
3581  * RETURNS: ptr to originator name, or if id not known "unknown".
3582  */
3583 static char *
3584 get_originator_nm(uint32_t origid)
3585 {
3586 
3587 	int x;
3588 
3589 	/* scan originators table for origid */
3590 
3591 	for (x = 0; originators[x].value != -1 &&
3592 	    originators[x].value != origid; x++) {}
3593 
3594 	/* if we've reached end of array due to unknown type return "unknown" */
3595 
3596 	if (originators[x].value == -1) {
3597 		return ("unknown");
3598 	}
3599 
3600 	return (originators[x].string);
3601 }
3602 
3603 /*
3604  * print a filter clause for filter pointed to by filter out to fp. If printall
3605  * is set then the originator is printed, for filters with node names instance
3606  * numbers are printed, and the filter pointer isn't advanced to point at the
3607  * last instance of the printed filter.
3608  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
3609  */
3610 static int
3611 printfilter(
3612 FILE *fp,
3613 char *module,
3614 ipqos_conf_filter_t **filter,
3615 int printall,
3616 int tab_inserts)
3617 {
3618 
3619 	int res;
3620 
3621 	/* print opening clause */
3622 
3623 	PRINT_TABS(fp, tab_inserts);
3624 	(void) fprintf(fp, IPQOS_CONF_FILTER_STR " {\n");
3625 
3626 	/* print originator if printall flag set */
3627 
3628 	if (printall) {
3629 		PRINT_TABS(fp, tab_inserts + 1);
3630 		(void) fprintf(stdout, "Originator %s\n",
3631 		    quote_ws_string(get_originator_nm((*filter)->originator)));
3632 	}
3633 
3634 	/* print name and class */
3635 
3636 	PRINT_TABS(fp, tab_inserts + 1);
3637 	(void) fprintf(fp, IPQOS_CONF_NAME_STR " %s\n",
3638 	    quote_ws_string((*filter)->name));
3639 	PRINT_TABS(fp, tab_inserts + 1);
3640 	(void) fprintf(fp, IPQOS_CONF_CLASS_STR " %s\n",
3641 	    quote_ws_string((*filter)->class_name));
3642 
3643 	/* print the instance if printall and potential mhomed addresses */
3644 
3645 	if (printall && ((*filter)->src_nd_name || (*filter)->dst_nd_name)) {
3646 		PRINT_TABS(fp, tab_inserts + 1);
3647 		(void) fprintf(fp, "Instance %u\n", (*filter)->instance);
3648 	}
3649 
3650 	/* print node names if any */
3651 
3652 	if ((*filter)->src_nd_name) {
3653 		PRINT_TABS(fp, tab_inserts + 1);
3654 		(void) fprintf(fp, "%s %s\n", strchr(IPGPC_SADDR, '.') + 1,
3655 		    (*filter)->src_nd_name);
3656 	}
3657 	if ((*filter)->dst_nd_name) {
3658 		PRINT_TABS(fp, tab_inserts + 1);
3659 		(void) fprintf(fp, "%s %s\n", strchr(IPGPC_DADDR, '.') + 1,
3660 		    (*filter)->dst_nd_name);
3661 	}
3662 
3663 	/* print ip_version enumeration if set */
3664 
3665 	if ((*filter)->ip_versions != 0) {
3666 		PRINT_TABS(fp, tab_inserts + 1);
3667 		(void) fprintf(fp, IPQOS_CONF_IP_VERSION_STR " {");
3668 		if (VERSION_IS_V4(*filter)) {
3669 			(void) fprintf(fp, " V4");
3670 		}
3671 		if (VERSION_IS_V6(*filter)) {
3672 			(void) fprintf(fp, " V6");
3673 		}
3674 		(void) fprintf(fp, " }\n");
3675 	}
3676 
3677 	/* print other module specific parameters parameters */
3678 
3679 	res = printnvlist(fp, module, (*filter)->nvlist, printall, *filter,
3680 	    tab_inserts + 1, PL_FILTER);
3681 	if (res != IPQOS_CONF_SUCCESS) {
3682 		return (res);
3683 	}
3684 
3685 	PRINT_TABS(fp, tab_inserts);
3686 	(void) fprintf(fp, "}\n");
3687 
3688 	/*
3689 	 * if not printall advance filter parameter to last instance of this
3690 	 * filter.
3691 	 */
3692 
3693 	if (!printall) {
3694 		for (;;) {
3695 			if ((*filter)->next == NULL ||
3696 			    strcmp((*filter)->name, (*filter)->next->name) !=
3697 			    0) {
3698 				break;
3699 			}
3700 			*filter = (*filter)->next;
3701 		}
3702 	}
3703 
3704 	return (IPQOS_CONF_SUCCESS);
3705 }
3706 
3707 /*
3708  * Returns a pointer to str if no whitespace is present, else it returns
3709  * a pointer to a string with the contents of str enclose in double quotes.
3710  * This returned strings contents may change in subsequent calls so a copy
3711  * should be made of it if the caller wishes to retain it.
3712  */
3713 static char *
3714 quote_ws_string(const char *str)
3715 {
3716 	static char *buf = NULL;
3717 	const char *cp;	/* we don't modify the contents of str so const */
3718 
3719 	IPQOSCDBG0(L0, "In quote_ws_string\n");
3720 
3721 	/*
3722 	 * Just return str if no whitespace.
3723 	 */
3724 	for (cp = str; (*cp != '\0') && !isspace(*cp); cp++)
3725 		;
3726 	if (*cp == '\0')
3727 		return ((char *)str);
3728 
3729 	if (buf == NULL) {
3730 		/*
3731 		 * if first run just allocate buffer of
3732 		 * strlen(str) + 2 quote characters + NULL terminator.
3733 		 */
3734 		buf = malloc(strlen(str) + 3);
3735 	} else if ((strlen(str) + 2) > strlen(buf)) {
3736 		/*
3737 		 * Not first run, so check if we have a big enough buffer
3738 		 * and if not reallocate the buffer to a sufficient size.
3739 		 */
3740 		buf = realloc(buf, strlen(str) + 3);
3741 	}
3742 	if (buf == NULL)
3743 		return ("");
3744 
3745 	/*
3746 	 * copy string into buffer with quotes.
3747 	 */
3748 	(void) strcpy(buf, "\"");
3749 	(void) strcat(buf, str);
3750 	(void) strcat(buf, "\"");
3751 
3752 	return (buf);
3753 }
3754 
3755 /*
3756  * print an action clause for action to fp. If the printall flag is set
3757  * then all filters and classes (regardless of their originator) and
3758  * their originators are displayed.
3759  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
3760  */
3761 static int
3762 printaction(
3763 FILE *fp,
3764 ipqos_conf_action_t *action,
3765 int printall,
3766 int tab_inserts)
3767 {
3768 
3769 	ipqos_conf_filter_t *flt;
3770 	ipqos_conf_class_t *cls;
3771 	int res;
3772 
3773 	/* print opening clause, module and name */
3774 
3775 	PRINT_TABS(fp, tab_inserts);
3776 	(void) fprintf(fp, IPQOS_CONF_ACTION_STR " {\n");
3777 	PRINT_TABS(fp, tab_inserts + 1);
3778 	(void) fprintf(fp, IPQOS_CONF_MODULE_STR " %s\n",
3779 	    quote_ws_string(action->module));
3780 	PRINT_TABS(fp, tab_inserts + 1);
3781 	(void) fprintf(fp, "name %s\n", quote_ws_string(action->name));
3782 
3783 	/* print params clause */
3784 
3785 	(void) fprintf(fp, "\n");
3786 	res = printparams(fp, action->module, action->params, printall,
3787 	    tab_inserts + 1);
3788 	if (res != IPQOS_CONF_SUCCESS) {
3789 		return (res);
3790 	}
3791 
3792 	/*
3793 	 * print classes clause for each class if printall is set, else
3794 	 * just ipqosconf created or permanent classes.
3795 	 */
3796 	for (cls = action->classes; cls != NULL; cls = cls->next) {
3797 		if (printall ||
3798 		    cls->originator == IPP_CONFIG_IPQOSCONF ||
3799 		    cls->originator == IPP_CONFIG_PERMANENT) {
3800 			(void) fprintf(fp, "\n");
3801 			printclass(fp, cls, printall, tab_inserts + 1);
3802 		}
3803 	}
3804 
3805 	/*
3806 	 * print filter clause for each filter if printall is set, else
3807 	 * just ipqosconf created or permanent filters.
3808 	 */
3809 	for (flt = action->filters; flt != NULL; flt = flt->next) {
3810 		if (printall ||
3811 		    flt->originator == IPP_CONFIG_IPQOSCONF ||
3812 		    flt->originator == IPP_CONFIG_PERMANENT) {
3813 			(void) fprintf(fp, "\n");
3814 			res = printfilter(fp, action->module, &flt, printall,
3815 			    tab_inserts + 1);
3816 			if (res != IPQOS_CONF_SUCCESS) {
3817 				return (res);
3818 			}
3819 		}
3820 	}
3821 
3822 	PRINT_TABS(fp, tab_inserts);
3823 	(void) fprintf(fp, "}\n");
3824 
3825 	return (IPQOS_CONF_SUCCESS);
3826 }
3827 
3828 
3829 
3830 /* *************************************************************** */
3831 
3832 
3833 static void
3834 list_end(
3835 ipqos_list_el_t **listp,
3836 ipqos_list_el_t ***lendpp)
3837 {
3838 	*lendpp = listp;
3839 	while (**lendpp != NULL) {
3840 		*lendpp = &(**lendpp)->next;
3841 	}
3842 }
3843 
3844 static void
3845 add_to_list(
3846 ipqos_list_el_t **listp,
3847 ipqos_list_el_t *el)
3848 {
3849 	el->next = *listp;
3850 	*listp = el;
3851 }
3852 
3853 /*
3854  * given mask calculates the number of bits it spans. The mask must be
3855  * continuous.
3856  * RETURNS: number of bits spanned.
3857  */
3858 static int
3859 masktocidr(
3860 int af,
3861 in6_addr_t *mask)
3862 {
3863 	int zeros = 0;
3864 	int byte;
3865 	int cidr;
3866 
3867 	/*
3868 	 * loop through from lowest byte to highest byte counting the
3869 	 * number of zero bits till hitting a one bit.
3870 	 */
3871 	for (byte = 15; byte >= 0; byte--) {
3872 		/*
3873 		 * zero byte, so add 8 to zeros.
3874 		 */
3875 		if (mask->s6_addr[byte] == 0) {
3876 			zeros += 8;
3877 		/*
3878 		 * non-zero byte, add zero count to zeros.
3879 		 */
3880 		} else {
3881 			zeros += (ffs((int)mask->s6_addr[byte]) - 1);
3882 			break;
3883 		}
3884 	}
3885 	/*
3886 	 * translate zero bits to 32 or 128 bit mask based on af.
3887 	 */
3888 	if (af == AF_INET) {
3889 		cidr = 32 - zeros;
3890 	} else {
3891 		cidr = 128 - zeros;
3892 	}
3893 
3894 	return (cidr);
3895 }
3896 
3897 /*
3898  * Sets the first prefix_len bits in the v4 or v6 address (based upon af)
3899  * contained in the v6 address referenced by addr to 1.
3900  */
3901 static void
3902 setmask(int prefix_len, in6_addr_t *addr, int af)
3903 {
3904 
3905 	int i;
3906 	int shift;
3907 	int maskstartbit = 128 - prefix_len;
3908 	int end_u32;
3909 
3910 	IPQOSCDBG2(L1, "In setmask, prefix_len: %u, af: %s\n", prefix_len,
3911 	    af == AF_INET ? "AF_INET" : "AF_INET6");
3912 
3913 	/* zero addr */
3914 	bzero(addr, sizeof (in6_addr_t));
3915 
3916 
3917 	/* set which 32bits in *addr are relevant to this af */
3918 
3919 	if (af == AF_INET) {
3920 		end_u32 = 3;
3921 		maskstartbit = 32 - prefix_len;
3922 	/* AF_INET6 */
3923 	} else {
3924 		end_u32 = 0;
3925 	}
3926 	/*
3927 	 * go through each of the 32bit quantities in 128 bit in6_addr_t
3928 	 * and set appropriate bits according to prefix_len.
3929 	 */
3930 	for (i = 3; i >= end_u32; i--) {
3931 
3932 		/* does the prefix apply to this 32bits? */
3933 
3934 		if (maskstartbit < ((4 - i) * 32)) {
3935 
3936 			/* is this 32bits fully masked? */
3937 
3938 			if (maskstartbit <= ((3 - i) * 32)) {
3939 				shift = 0;
3940 			} else {
3941 				shift = maskstartbit % 32;
3942 			}
3943 			addr->_S6_un._S6_u32[i] = (uint32_t)~0;
3944 			addr->_S6_un._S6_u32[i] =
3945 			    addr->_S6_un._S6_u32[i] >> shift;
3946 			addr->_S6_un._S6_u32[i] =
3947 			    addr->_S6_un._S6_u32[i] << shift;
3948 		}
3949 
3950 		/* translate to NBO */
3951 		addr->_S6_un._S6_u32[i] = htonl(addr->_S6_un._S6_u32[i]);
3952 	}
3953 }
3954 
3955 /*
3956  * search nvlist for an element with the name specified and return a ptr
3957  * to it if found.
3958  * RETURNS: pointer to nvpair named name if found, else NULL.
3959  */
3960 static nvpair_t *
3961 find_nvpair(nvlist_t *nvl, char *name)
3962 {
3963 
3964 	nvpair_t *nvp;
3965 	nvpair_t *match = NULL;
3966 	char *nvp_name;
3967 
3968 	IPQOSCDBG0(L1, "In find_nvpair\n");
3969 
3970 	nvp = nvlist_next_nvpair(nvl, NULL);
3971 	while (nvp) {
3972 		nvp_name = nvpair_name(nvp);
3973 		if (strcmp(name, nvp_name) == 0) {
3974 			match = nvp;
3975 		}
3976 		nvp = nvlist_next_nvpair(nvl, nvp);
3977 	}
3978 
3979 	return (match);
3980 }
3981 
3982 /*
3983  * returns a string containing module_name '.' name.
3984  * RETURNS: IPQOS_CONF_ERR if error, else IPQOS_CONF_SUCCESS.
3985  */
3986 static char *
3987 prepend_module_name(
3988 char *name,
3989 char *module)
3990 {
3991 
3992 	char *ret;
3993 
3994 	IPQOSCDBG0(L2, "In prepend_module_name\n");
3995 
3996 	ret = malloc(strlen(module) + strlen(".") + strlen(name) + 1);
3997 	if (ret == NULL) {
3998 		ipqos_msg(MT_ENOSTR, "malloc");
3999 		return (NULL);
4000 	}
4001 
4002 	(void) strcpy(ret, module);
4003 	(void) strcat(ret, ".");
4004 	(void) strcat(ret, name);
4005 
4006 	return (ret);
4007 }
4008 
4009 #if 0
4010 
4011 /*
4012  * check if element with matching s1 and s2 string is in table table.
4013  * RETURNS: 1 if found else 0.
4014  */
4015 static int
4016 in_str_str_table(
4017 str_str_t *table,
4018 char *s1,
4019 char *s2)
4020 {
4021 
4022 	str_str_t *ss = table;
4023 
4024 	/* loop through table till matched or end */
4025 
4026 	while (ss->s1[0] != '\0' &&
4027 	    (strcmp(ss->s1, s1) != 0 || strcmp(ss->s2, s2) != 0)) {
4028 		ss++;
4029 	}
4030 
4031 	if (ss->s1[0] != '\0') {
4032 		return (1);
4033 	}
4034 
4035 	return (0);
4036 }
4037 #endif	/* 0 */
4038 
4039 /*
4040  * check whether name is a valid action/class/filter name.
4041  * RETURNS: IPQOS_CONF_ERR if invalid name else IPQOS_CONF_SUCCESS.
4042  */
4043 static int
4044 valid_name(char *name)
4045 {
4046 
4047 	IPQOSCDBG1(L1, "In valid_name: name: %s\n", name);
4048 
4049 	/* first char can't be '!' */
4050 	if (name[0] == '!') {
4051 		ipqos_msg(MT_ERROR, gettext("Name not allowed to start with "
4052 		    "'!', line %u.\n"), lineno);
4053 		return (IPQOS_CONF_ERR);
4054 	}
4055 
4056 	/* can't exceed IPQOS_CONF_NAME_LEN size */
4057 	if (strlen(name) >= IPQOS_CONF_NAME_LEN) {
4058 		ipqos_msg(MT_ERROR, gettext("Name exceeds maximum name length "
4059 		    "line %u.\n"), lineno);
4060 		return (IPQOS_CONF_ERR);
4061 	}
4062 
4063 	return (IPQOS_CONF_SUCCESS);
4064 }
4065 
4066 /* ********************* string value manip fns ************************** */
4067 
4068 
4069 /*
4070  * searches through the str_val_nd_t list of string value pairs finding
4071  * the minimum and maximum values for value and places them in the
4072  * integers pointed at by min and max.
4073  */
4074 static void
4075 get_str_val_value_range(
4076 str_val_nd_t *svnp,
4077 int *min,
4078 int *max)
4079 {
4080 	if (svnp != NULL) {
4081 		*min = *max = svnp->sv.value;
4082 		svnp = svnp->next;
4083 	}
4084 	while (svnp != NULL) {
4085 		if (svnp->sv.value > *max)
4086 			*max = svnp->sv.value;
4087 		if (svnp->sv.value < *min)
4088 			*min = svnp->sv.value;
4089 		svnp = svnp->next;
4090 	}
4091 }
4092 
4093 /*
4094  * add an entry with string string and value val to sv_entrys.
4095  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
4096  */
4097 static int
4098 add_str_val_entry(
4099 str_val_nd_t **sv_entrys,
4100 char *string,
4101 uint32_t val)
4102 {
4103 
4104 	str_val_nd_t *sv_entry;
4105 
4106 	IPQOSCDBG2(L1, "In add_str_val_entry: string: %s, val: %u\n", string,
4107 	    val);
4108 
4109 	/* alloc new node */
4110 
4111 	sv_entry = malloc(sizeof (str_val_nd_t));
4112 	if (sv_entry == NULL) {
4113 		return (IPQOS_CONF_ERR);
4114 	}
4115 
4116 	/* populate node */
4117 
4118 	sv_entry->sv.string = malloc(strlen(string) + 1);
4119 	if (sv_entry->sv.string == NULL) {
4120 		free(sv_entry);
4121 		ipqos_msg(MT_ENOSTR, "malloc");
4122 		return (IPQOS_CONF_ERR);
4123 	} else {
4124 		(void) strcpy(sv_entry->sv.string, string);
4125 	}
4126 	sv_entry->sv.value = val;
4127 
4128 	/* place at start of sv_entrys list */
4129 
4130 	sv_entry->next = *sv_entrys;
4131 	*sv_entrys = sv_entry;
4132 
4133 	return (IPQOS_CONF_SUCCESS);
4134 }
4135 
4136 
4137 /* frees all the elements of sv_entrys. */
4138 static void
4139 free_str_val_entrys(
4140 str_val_nd_t *sv_entrys)
4141 {
4142 
4143 	str_val_nd_t *sve = sv_entrys;
4144 	str_val_nd_t *tmp;
4145 
4146 	IPQOSCDBG0(L1, "In free_str_val_entrys\n");
4147 
4148 	while (sve) {
4149 		free(sve->sv.string);
4150 		tmp = sve->next;
4151 		free(sve);
4152 		sve = tmp;
4153 	}
4154 }
4155 
4156 /*
4157  * finds the value associated with string and assigns it to value ref'd by
4158  * val.
4159  * RETURNS: IPQOS_CONF_ERR if string not found, else IPQOS_CONF_SUCCESS.
4160  */
4161 static int
4162 str_val_list_lookup(
4163 str_val_nd_t *svs,
4164 char *string,
4165 uint32_t *val)
4166 {
4167 
4168 	str_val_nd_t *sv = svs;
4169 
4170 	IPQOSCDBG1(L1, "In str_val_list_lookup: %s\n", string);
4171 
4172 	/* loop through list and exit when found or list end */
4173 
4174 	while (sv != NULL) {
4175 		if (strcmp(sv->sv.string, string) == 0) {
4176 			break;
4177 		}
4178 		sv = sv->next;
4179 	}
4180 
4181 	/* ret error if not found */
4182 
4183 	if (sv == NULL) {
4184 		return (IPQOS_CONF_ERR);
4185 	}
4186 
4187 	*val = sv->sv.value;
4188 
4189 	IPQOSCDBG1(L1, "svll: Value returned is %u\n", *val);
4190 	return (IPQOS_CONF_SUCCESS);
4191 }
4192 
4193 
4194 /* ************************ conf file read fns ***************************** */
4195 
4196 /*
4197  * Reads a uid or username from string 'str' and assigns either the uid
4198  * or associated uid respectively to storage pointed at by 'uid'. The
4199  * function determines whether to read a uid by checking whether the first
4200  * character of 'str' is numeric, in which case it reads a uid; otherwise it
4201  * assumes a username.
4202  * RETURNS: IPQOS_CONF_ERR if a NULL string pointer is passed, the read uid
4203  * doesn't have an entry on the system, or the read username doesn't have an
4204  * entry on the system.
4205  */
4206 static int
4207 readuser(
4208 char *str,
4209 uid_t *uid)
4210 {
4211 	struct passwd *pwd;
4212 	char *lo;
4213 
4214 	IPQOSCDBG1(L0, "In readuser, str: %s\n", str);
4215 
4216 	if (str == NULL)
4217 		return (IPQOS_CONF_ERR);
4218 	/*
4219 	 * Check if this appears to be a uid, and if so check that a
4220 	 * corresponding user exists.
4221 	 */
4222 	if (isdigit((int)str[0])) {
4223 		/*
4224 		 * Read a 32bit integer and check in doing so that
4225 		 * we have consumed the whole string.
4226 		 */
4227 		if (readint32(str, (int *)uid, &lo) != IPQOS_CONF_SUCCESS ||
4228 		    *lo != '\0')
4229 			return (IPQOS_CONF_ERR);
4230 		if (getpwuid(*uid) == NULL)
4231 			return (IPQOS_CONF_ERR);
4232 
4233 	} else {	/* This must be a username, so lookup the uid. */
4234 		pwd = getpwnam(str);
4235 		if (pwd == NULL) {
4236 			return (IPQOS_CONF_ERR);
4237 		} else {
4238 			*uid = pwd->pw_uid;
4239 		}
4240 	}
4241 	return (IPQOS_CONF_SUCCESS);
4242 }
4243 
4244 /*
4245  * Reads a range from range_st, either of form 'a-b' or simply 'a'.
4246  * In the former case lower and upper have their values set to a
4247  * and b respectively; in the later lower and upper have both
4248  * their values set to a.
4249  * RETURNS: IPQOS_CONF_ERR if there's a parse error, else IPQOS_CONF_SUCCESS.
4250  */
4251 static int
4252 readrange(
4253 char *range_st,
4254 int *lower,
4255 int *upper)
4256 {
4257 	char *cp;
4258 	char *end, *end2;
4259 
4260 	IPQOSCDBG1(L0, "In readrange: string: %s\n", range_st);
4261 
4262 	/*
4263 	 * get range boundarys.
4264 	 */
4265 	cp = strchr(range_st, '-');
4266 
4267 	if (cp != NULL) {	/* we have a range */
4268 		*cp++ = '\0';
4269 		*lower = (int)strtol(range_st, &end, 10);
4270 		*upper = (int)strtol(cp, &end2, 10);
4271 		SKIPWS(end);
4272 		SKIPWS(end2);
4273 		if ((range_st == end) || (*end != NULL) ||
4274 		    (cp == end) || (*end2 != NULL)) {
4275 			IPQOSCDBG0(L0, "Failed reading a-b\n");
4276 			return (IPQOS_CONF_ERR);
4277 		}
4278 
4279 	} else {		/* single value */
4280 
4281 		*lower = *upper = (int)strtol(range_st, &end, 10);
4282 		SKIPWS(end);
4283 		if ((range_st == end) || (*end != NULL)) {
4284 			IPQOSCDBG0(L0, "Failed reading a\n");
4285 			return (IPQOS_CONF_ERR);
4286 		}
4287 	}
4288 
4289 	return (IPQOS_CONF_SUCCESS);
4290 }
4291 
4292 /*
4293  * Reads the values of an integer array from fp whose format is:
4294  * '{'RANGE[,RANGE[..]]:VALUE[;RANGE:VALUE[..]]'}', creates an array of size
4295  * arr_size, applies the values to it and points arrp at this array.
4296  * RANGE is one set of array indexes over which this value is to
4297  * be applied, and VALUE either an integer within the range
4298  * llimit - ulimit, or if enum_nvs isn't NULL, an enumeration value
4299  * found in the list enum_nvs. Those values which aren't explicity set
4300  * will be set to -1.
4301  *
4302  * RETURNS: IPQOS_CONF_ERR on resource or parse error, else IPQOS_CONF_SUCCESS.
4303  */
4304 static int
4305 read_int_array(
4306 FILE *fp,
4307 char *first_token,
4308 int **arrp,
4309 uint32_t arr_size,
4310 int llimit,
4311 int ulimit,
4312 str_val_nd_t *enum_nvs)
4313 {
4314 
4315 	char buf[5 * IPQOS_CONF_LINEBUF_SZ];
4316 	char *token;
4317 	char *range;
4318 	char *ranges;
4319 	char *svalue;
4320 	int value;
4321 	int res;
4322 	char *entry;
4323 	char *tmp;
4324 	char *end;
4325 	int lower, upper;
4326 	int x;
4327 	uint32_t startln;
4328 
4329 	IPQOSCDBG4(L0, "In read_int_array: size: %u, lower: %u, upper: %u, "
4330 	    "first_token: %s\n", arr_size, llimit, ulimit, first_token);
4331 
4332 	/*
4333 	 * read beginning curl.
4334 	 */
4335 	if (first_token[0] != CURL_BEGIN) {
4336 		ipqos_msg(MT_ERROR, gettext("\'{\' missing at line "
4337 		    "%u.\n"), lineno);
4338 		return (IPQOS_CONF_ERR);
4339 	}
4340 
4341 	/*
4342 	 * allocate and initialise array for holding read values.
4343 	 */
4344 	*arrp = malloc(arr_size * sizeof (int));
4345 	if (*arrp == NULL) {
4346 		ipqos_msg(MT_ENOSTR, "malloc");
4347 		return (IPQOS_CONF_ERR);
4348 	}
4349 	(void) memset(*arrp, -1, arr_size * sizeof (int));
4350 
4351 	/*
4352 	 * read whole array declaration string into buffer.
4353 	 * this is because readtoken doesn't interpret our
4354 	 * delimeter values specially and may return them
4355 	 * within another string.
4356 	 */
4357 	startln = lineno;	/* store starting lineno for error reports */
4358 	buf[0] = '\0';
4359 	res = readtoken(fp, &token);
4360 	while ((res != IPQOS_CONF_CURL_END) && (res != IPQOS_CONF_ERR) &&
4361 	    (res != IPQOS_CONF_EOF)) {
4362 		(void) strlcat(buf, token, sizeof (buf));
4363 		free(token);
4364 		res = readtoken(fp, &token);
4365 	}
4366 	if (res != IPQOS_CONF_CURL_END) {
4367 		goto array_err;
4368 	}
4369 	IPQOSCDBG1(L0, "array declaration buffer contains: %s\n", buf);
4370 
4371 	/*
4372 	 * loop reading "ranges ':' value;" till end of buffer.
4373 	 */
4374 	entry = strtok(buf, ";");
4375 	while (entry != NULL) {
4376 		svalue = strchr(entry, ':');
4377 		if (svalue == NULL) {	/* missing value string */
4378 			IPQOSCDBG0(L0, "Missing value string\n");
4379 			goto array_err;
4380 		}
4381 		*svalue++ = '\0';
4382 		ranges = entry;
4383 
4384 		/*
4385 		 * get value of number or enumerated symbol.
4386 		 */
4387 		if (enum_nvs) {
4388 			/*
4389 			 * get rid of surrounding whitespace so as not to
4390 			 * confuse read_enum_value.
4391 			 */
4392 			SKIPWS(svalue);
4393 			tmp = svalue;
4394 			while (*tmp != '\0') {
4395 				if (isspace(*tmp)) {
4396 					*tmp = '\0';
4397 					break;
4398 				} else {
4399 					tmp++;
4400 				}
4401 			}
4402 
4403 			/*
4404 			 * read enumeration value.
4405 			 */
4406 			res = read_enum_value(NULL, svalue, enum_nvs,
4407 			    (uint32_t *)&value);
4408 			if (res != IPQOS_CONF_SUCCESS)
4409 				goto array_err;
4410 		} else {
4411 			value = (int)strtol(svalue, &end, 10);
4412 			SKIPWS(end);
4413 			if ((svalue == end) || (*end != NULL)) {
4414 				IPQOSCDBG0(L0, "Invalid value\n");
4415 				goto array_err;
4416 			}
4417 			IPQOSCDBG1(L0, "value: %u\n", value);
4418 
4419 			/*
4420 			 * check value within valid range.
4421 			 */
4422 			if ((value < llimit) || (value > ulimit)) {
4423 				IPQOSCDBG0(L0, "value out of range\n");
4424 				goto array_err;
4425 			}
4426 		}
4427 
4428 		/*
4429 		 * loop reading ranges for this value.
4430 		 */
4431 		range = strtok_r(ranges, ",", &tmp);
4432 		while (range != NULL) {
4433 			res = readrange(range, &lower, &upper);
4434 			if (res != IPQOS_CONF_SUCCESS)
4435 				goto array_err;
4436 			IPQOSCDBG2(L0, "range: %u - %u\n", lower, upper);
4437 
4438 
4439 			if (upper < lower) {
4440 				uint32_t u = lower;
4441 				lower = upper;
4442 				upper = u;
4443 			}
4444 
4445 			/*
4446 			 * check range valid for array size.
4447 			 */
4448 			if ((lower < 0) || (upper > arr_size)) {
4449 				IPQOSCDBG0(L0, "Range out of array "
4450 				    "dimensions\n");
4451 				goto array_err;
4452 			}
4453 
4454 			/*
4455 			 * add this value to array indexes within range.
4456 			 */
4457 			for (x = lower; x <= upper; x++)
4458 				(*arrp)[x] = value;
4459 
4460 			/*
4461 			 * get next range.
4462 			 */
4463 			range = strtok_r(NULL, ",", &tmp);
4464 		}
4465 
4466 		entry = strtok(NULL, ";");
4467 	}
4468 
4469 	return (IPQOS_CONF_SUCCESS);
4470 
4471 array_err:
4472 	ipqos_msg(MT_ERROR,
4473 	    gettext("Array declaration line %u is invalid.\n"), startln);
4474 	free(*arrp);
4475 	return (IPQOS_CONF_ERR);
4476 }
4477 
4478 static int
4479 readllong(char *str, long long *llp, char **lo)
4480 {
4481 
4482 	*llp = strtoll(str, lo, 0);
4483 	if (*lo == str) {
4484 		return (IPQOS_CONF_ERR);
4485 	}
4486 	return (IPQOS_CONF_SUCCESS);
4487 }
4488 
4489 static int
4490 readuint8(char *str, uint8_t *ui8, char **lo)
4491 {
4492 
4493 	long long tmp;
4494 
4495 	if (readllong(str, &tmp, lo) != 0) {
4496 		return (IPQOS_CONF_ERR);
4497 	}
4498 	if (tmp > UCHAR_MAX || tmp < 0) {
4499 		return (IPQOS_CONF_ERR);
4500 	}
4501 	*ui8 = (uint8_t)tmp;
4502 	return (IPQOS_CONF_SUCCESS);
4503 }
4504 
4505 static int
4506 readuint16(char *str, uint16_t *ui16, char **lo)
4507 {
4508 	long long tmp;
4509 
4510 	if (readllong(str, &tmp, lo) != IPQOS_CONF_SUCCESS) {
4511 		return (IPQOS_CONF_ERR);
4512 	}
4513 	if (tmp > USHRT_MAX || tmp < 0) {
4514 		return (IPQOS_CONF_ERR);
4515 	}
4516 	*ui16 = (uint16_t)tmp;
4517 	return (IPQOS_CONF_SUCCESS);
4518 }
4519 
4520 static int
4521 readint16(char *str, int16_t *i16, char **lo)
4522 {
4523 	long long tmp;
4524 
4525 	if (readllong(str, &tmp, lo) != 0) {
4526 		return (IPQOS_CONF_ERR);
4527 	}
4528 	if (tmp > SHRT_MAX || tmp < SHRT_MIN) {
4529 		return (IPQOS_CONF_ERR);
4530 	}
4531 	*i16 = (int16_t)tmp;
4532 	return (IPQOS_CONF_SUCCESS);
4533 }
4534 
4535 static int
4536 readint32(char *str, int *i32, char **lo)
4537 {
4538 	long long tmp;
4539 
4540 	if (readllong(str, &tmp, lo) != IPQOS_CONF_SUCCESS) {
4541 		return (IPQOS_CONF_ERR);
4542 	}
4543 	if (tmp > INT_MAX || tmp < INT_MIN) {
4544 		return (IPQOS_CONF_ERR);
4545 	}
4546 	*i32 = tmp;
4547 	return (IPQOS_CONF_SUCCESS);
4548 }
4549 
4550 static int
4551 readuint32(char *str, uint32_t *ui32, char **lo)
4552 {
4553 	long long tmp;
4554 
4555 	if (readllong(str, &tmp, lo) != IPQOS_CONF_SUCCESS) {
4556 		return (IPQOS_CONF_ERR);
4557 	}
4558 	if (tmp > UINT_MAX || tmp < 0) {
4559 		return (IPQOS_CONF_ERR);
4560 	}
4561 	*ui32 = (uint32_t)tmp;
4562 	return (IPQOS_CONF_SUCCESS);
4563 }
4564 
4565 /*
4566  * retrieves the index associated with the interface named ifname and assigns
4567  * it to the int pointed to by ifindex.
4568  * RETURNS: IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
4569  */
4570 static int
4571 readifindex(
4572 char *ifname,
4573 int *ifindex)
4574 {
4575 
4576 	int s;
4577 	struct lifreq lifrq;
4578 
4579 
4580 	/* open socket */
4581 
4582 	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
4583 		ipqos_msg(MT_ENOSTR, gettext("opening AF_INET socket"));
4584 		return (IPQOS_CONF_ERR);
4585 	}
4586 
4587 	/* copy ifname into lifreq */
4588 
4589 	(void) strlcpy(lifrq.lifr_name, ifname, LIFNAMSIZ);
4590 
4591 	/* do SIOGLIFINDEX ioctl */
4592 
4593 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifrq) == -1) {
4594 		(void) close(s);
4595 		return (IPQOS_CONF_ERR);
4596 	}
4597 
4598 	/* Warn if a virtual interface is specified */
4599 	if ((ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrq) != -1) &&
4600 	    (lifrq.lifr_flags & IFF_VIRTUAL)) {
4601 		ipqos_msg(MT_WARNING, gettext("Invalid interface"));
4602 	}
4603 	(void) close(s);
4604 	*ifindex = lifrq.lifr_index;
4605 	return (IPQOS_CONF_SUCCESS);
4606 }
4607 
4608 /*
4609  * Case insensitively compares the string in str with IPQOS_CONF_TRUE_STR
4610  * and IPQOS_CONF_FALSE_STR and sets boolean pointed to by bool accordingly.
4611  * RETURNS: if failure to match either IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
4612  */
4613 static int
4614 readbool(char *str, boolean_t *bool)
4615 {
4616 
4617 	if (strcasecmp(str, IPQOS_CONF_TRUE_STR) == 0) {
4618 		*bool = B_TRUE;
4619 	} else if (strcasecmp(str, IPQOS_CONF_FALSE_STR) == 0) {
4620 		*bool = B_FALSE;
4621 	} else {
4622 		return (IPQOS_CONF_ERR);
4623 	}
4624 
4625 	return (IPQOS_CONF_SUCCESS);
4626 }
4627 
4628 /*
4629  * reads a protocol name/number from proto_str and assigns the number
4630  * to the uint8 ref'd by proto.
4631  * RETURNS: If not a valid name or protocol number IPQOS_CONF_ERR, else
4632  * IPQOS_CONF_SUCCESS.
4633  */
4634 static int
4635 readproto(char *proto_str, uint8_t *proto)
4636 {
4637 
4638 	struct protoent *pent;
4639 	char *lo;
4640 	int res;
4641 
4642 	IPQOSCDBG1(L1, "In readproto: string: %s\n", proto_str);
4643 
4644 	/* try name lookup */
4645 
4646 	pent = getprotobyname(proto_str);
4647 	if (pent) {
4648 		*proto = pent->p_proto;
4649 
4650 	/* check valid protocol number */
4651 	} else {
4652 		res = readuint8(proto_str, proto, &lo);
4653 		if (res != IPQOS_CONF_SUCCESS || proto == 0) {
4654 			return (IPQOS_CONF_ERR);
4655 		}
4656 	}
4657 
4658 	return (IPQOS_CONF_SUCCESS);
4659 }
4660 
4661 /*
4662  * reads either a port service, or a port number from port_str and assigns
4663  * the associated port number to short ref'd by port.
4664  * RETURNS: If invalid name and number IPQOS_CONF_ERR, else IPQOS_CONF_SUCCESS.
4665  */
4666 static int
4667 readport(char *port_str, uint16_t *port)
4668 {
4669 
4670 	struct servent *sent;
4671 	char *tmp;
4672 
4673 	IPQOSCDBG1(L1, "In readport: string: %s\n", port_str);
4674 
4675 	/* try service name lookup */
4676 	sent = getservbyname(port_str, NULL);
4677 
4678 	/* failed name lookup so read port number */
4679 	if (sent == NULL) {
4680 		if (readuint16(port_str, port, &tmp) != IPQOS_CONF_SUCCESS ||
4681 		    *port == 0) {
4682 			return (IPQOS_CONF_ERR);
4683 		}
4684 		*port = htons(*port);
4685 	} else {
4686 		*port = sent->s_port;
4687 	}
4688 
4689 	return (IPQOS_CONF_SUCCESS);
4690 }
4691 
4692 
4693 /*
4694  * Reads a curly brace, a string enclosed in double quotes, or a whitespace/
4695  * curly brace delimited string. If a double quote enclosed string the
4696  * closing quotes need to be on the same line.
4697  * RETURNS:
4698  * on reading a CURL_BEGIN token it returns IPQOS_CONF_CURL_BEGIN,
4699  * on reading a CURL_END token it returns IPQOS_CONF_CURL_END,
4700  * on reading another valid token it returns IPQOS_CONF_SUCCESS.
4701  * for each of these token is set to point at the read string.
4702  * at EOF it returns IPQOS_CONF_EOF and if errors it returns IPQOS_CONF_ERR.
4703  */
4704 static int
4705 readtoken(
4706 FILE *fp,
4707 char **token)
4708 {
4709 
4710 	char *st, *tmp;
4711 	int len;
4712 	int quoted = 0;
4713 	char *cmnt;
4714 	char *bpos;
4715 	int rembuf;
4716 
4717 	static char *lo;
4718 	static char *buf = NULL;
4719 	static int bufsize;
4720 
4721 	/* if first call initialize line buf to default size */
4722 
4723 	if (buf == NULL) {
4724 		bufsize = IPQOS_CONF_LINEBUF_SZ;
4725 		buf = malloc(bufsize);
4726 		if (buf == NULL) {
4727 			ipqos_msg(MT_ENOSTR, "malloc");
4728 			return (IPQOS_CONF_ERR);
4729 		}
4730 	}
4731 
4732 	/* set buffer postition and size to use whole buffer */
4733 
4734 	bpos = buf;
4735 	rembuf = bufsize;
4736 
4737 
4738 	/*
4739 	 * loop reading lines until we've read a line with a non-whitespace
4740 	 * char.
4741 	 */
4742 
4743 	do {
4744 		/* if no leftover from previous invocation */
4745 
4746 		if (lo == NULL) {
4747 
4748 			/*
4749 			 * loop reading into buffer doubling if necessary until
4750 			 * we have either read a complete line or reached the
4751 			 * end of file.
4752 			 */
4753 			for (;;) {
4754 				st = fgets(bpos, rembuf, fp);
4755 
4756 				if (st == NULL) {
4757 
4758 					/* if read error */
4759 					if (ferror(fp)) {
4760 						free(buf);
4761 						buf = NULL;
4762 						ipqos_msg(MT_ENOSTR,
4763 						    "fgets");
4764 						return (IPQOS_CONF_ERR);
4765 
4766 					/* end of file */
4767 					} else {
4768 						free(buf);
4769 						buf = NULL;
4770 						*token = NULL;
4771 						return (IPQOS_CONF_EOF);
4772 					}
4773 				} else {
4774 					/* if read a newline */
4775 
4776 					if (buf[strlen(buf) - 1] == '\n') {
4777 						lineno++;
4778 						break;
4779 
4780 					/* if read the last line */
4781 
4782 					} else if (feof(fp)) {
4783 						break;
4784 
4785 					/*
4786 					 * not read a full line so buffer size
4787 					 * is too small, double it and retry.
4788 					 */
4789 					} else {
4790 						bufsize *= 2;
4791 						tmp = realloc(buf, bufsize);
4792 						if (tmp == NULL) {
4793 							ipqos_msg(MT_ENOSTR,
4794 							    "realloc");
4795 							free(buf);
4796 							return (IPQOS_CONF_ERR);
4797 						} else {
4798 							buf = tmp;
4799 						}
4800 
4801 						/*
4802 						 * make parameters to fgets read
4803 						 * into centre of doubled buffer
4804 						 * so we retain what we've
4805 						 * already read.
4806 						 */
4807 						bpos = &buf[(bufsize / 2) - 1];
4808 						rembuf = (bufsize / 2) + 1;
4809 					}
4810 				}
4811 			}
4812 
4813 			st = buf;
4814 
4815 		/* previous leftover, assign to st */
4816 
4817 		} else {
4818 			st = lo;
4819 			lo = NULL;
4820 		}
4821 
4822 		/* truncate at comment */
4823 
4824 		cmnt = strchr(st, '#');
4825 		if (cmnt) {
4826 			*cmnt = '\0';
4827 		}
4828 
4829 		/* Skip any whitespace */
4830 
4831 		while (isspace(*st) && st != '\0') {
4832 			st++;
4833 		}
4834 
4835 	} while (*st == '\0');
4836 
4837 
4838 	/* find end of token */
4839 
4840 	tmp = st;
4841 
4842 	/* if curl advance 1 char */
4843 
4844 	if (*tmp == CURL_BEGIN || *tmp == CURL_END) {
4845 		tmp++;
4846 
4847 
4848 	/* if dbl quote read until matching quote */
4849 
4850 	} else if (*tmp == '"') {
4851 		quoted++;
4852 		tmp = ++st;
4853 
4854 		while (*tmp != '"' && *tmp != '\n' && *tmp != '\0') {
4855 			tmp++;
4856 		}
4857 		if (*tmp != '"') {
4858 			ipqos_msg(MT_ERROR, gettext("Quoted string exceeds "
4859 			    "line, line %u.\n"), lineno);
4860 			free(buf);
4861 			return (IPQOS_CONF_ERR);
4862 		}
4863 
4864 	/* normal token */
4865 	} else {
4866 		/* find first whitespace, curl, newline or string end */
4867 
4868 		while (!isspace(*tmp) && *tmp != CURL_BEGIN &&
4869 		    *tmp != CURL_END && *tmp != '\n' && *tmp != '\0') {
4870 			tmp++;
4871 		}
4872 	}
4873 
4874 	/* copy token to return */
4875 	len = tmp - st;
4876 	*token = malloc(len + 1);
4877 	if (!*token) {
4878 		free(buf);
4879 		ipqos_msg(MT_ENOSTR, "malloc");
4880 		return (IPQOS_CONF_ERR);
4881 	}
4882 	bcopy(st, *token, len);
4883 	(*token)[len] = '\0';
4884 
4885 	/* if just read quoted string remove quote from remaining string */
4886 
4887 	if (quoted) {
4888 		tmp++;
4889 	}
4890 
4891 	/* if not end of string, store rest for latter parsing */
4892 
4893 	if (*tmp != '\0' && *tmp != '\n') {
4894 		lo = tmp;
4895 	}
4896 
4897 	/* for curl_end and curl_begin return special ret codes */
4898 
4899 	if ((*token)[1] == '\0') {
4900 		if (**token == CURL_BEGIN) {
4901 			return (IPQOS_CONF_CURL_BEGIN);
4902 		} else if (**token == CURL_END) {
4903 			return (IPQOS_CONF_CURL_END);
4904 		}
4905 	}
4906 
4907 	return (IPQOS_CONF_SUCCESS);
4908 }
4909 
4910 /*
4911  * Reads an enumeration bitmask definition from line. The format is:
4912  * { NAME=VAL, NAME2=VAL2 }. The resulting names and values are returned.
4913  * RETURNS: NULL on error, else ptr to name/values.
4914  */
4915 static str_val_nd_t *
4916 read_enum_nvs(char *line, char *module_name)
4917 {
4918 
4919 	str_val_nd_t *enum_vals = NULL;
4920 	char *cp;
4921 	char *start;
4922 	char *name = NULL;
4923 	int len;
4924 	uint32_t val;
4925 	int ret;
4926 	int readc;
4927 
4928 	IPQOSCDBG1(L1, "In read_enum_nvs, line: %s\n", line);
4929 
4930 	/* read opening brace */
4931 
4932 	cp = strchr(line, CURL_BEGIN);
4933 	if (cp == NULL) {
4934 		IPQOSCDBG0(L1, "missing curl begin\n");
4935 		goto fail;
4936 	} else {
4937 		start = cp + 1;
4938 	}
4939 
4940 	/*
4941 	 * loop reading 'name = value' entrys seperated by comma until
4942 	 * reach closing brace.
4943 	 */
4944 
4945 	for (;;) {
4946 		SKIPWS(start);
4947 		if (*start == '\0') {
4948 			IPQOSCDBG0(L1, "missing closing bracket\n");
4949 			goto fail;
4950 		}
4951 
4952 		/*
4953 		 * read name - read until whitespace, '=', closing curl,
4954 		 * or string end.
4955 		 */
4956 
4957 		for (cp = start;
4958 		    !isspace(*cp) && *cp != '=' && *cp != CURL_END &&
4959 		    *cp != '\0'; cp++) {}
4960 
4961 		if (*cp == '\0') {
4962 			IPQOSCDBG0(L1, "Unexpected line end in enum def'n\n");
4963 			goto fail;
4964 
4965 		/* finished definition, exit loop */
4966 		} else if (*cp == CURL_END) {
4967 			break;
4968 		}
4969 
4970 		/* store name */
4971 
4972 		len = cp - start;
4973 		name = malloc(len + 1);
4974 		if (name == NULL) {
4975 			ipqos_msg(MT_ENOSTR, "malloc");
4976 			goto fail;
4977 		}
4978 		bcopy(start, name, len);
4979 		name[len] = NULL;
4980 		IPQOSCDBG1(L0, "Stored name: %s\n", name);
4981 
4982 		/* read assignment */
4983 
4984 		start = strchr(cp, '=');
4985 		if (start == NULL) {
4986 			IPQOSCDBG0(L1, "Missing = in enum def'n\n");
4987 			goto fail;
4988 		}
4989 
4990 		/* read value */
4991 
4992 		ret = sscanf(++start, "%x%n", &val, &readc);
4993 		if (ret != 1) {
4994 			IPQOSCDBG1(L1, "sscanf of value failed, string: %s\n",
4995 			    cp);
4996 			goto fail;
4997 		}
4998 
4999 		/* add name value to set */
5000 
5001 		ret = add_str_val_entry(&enum_vals, name, val);
5002 		if (ret != IPQOS_CONF_SUCCESS) {
5003 			IPQOSCDBG0(L1, "Failed to add str_val entry\n");
5004 			goto fail;
5005 		}
5006 		free(name);
5007 		name = NULL;
5008 
5009 		/* try reading comma */
5010 		cp = strchr(start, ',');
5011 
5012 		if (cp != NULL) {
5013 			start = cp + 1;
5014 
5015 		/* no comma, advance to char past value last read */
5016 		} else {
5017 			start += readc;
5018 		}
5019 	}
5020 
5021 	return (enum_vals);
5022 fail:
5023 	free_str_val_entrys(enum_vals);
5024 	if (name != NULL)
5025 		free(name);
5026 
5027 	/* if a parse error */
5028 
5029 	if (errno == 0) {
5030 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
5031 		    "corrupt.\n"), module_name);
5032 	}
5033 
5034 	return (NULL);
5035 }
5036 
5037 /*
5038  * Given mapped_list with is a comma seperated list of map names, and value,
5039  * which is used to index into these maps, the function creates x new entries
5040  * in nvpp, where x is the number of map names specified. Each of these
5041  * entries has the value from the map in the position indexed by value and
5042  * with name module.${MAP_NAME}. The maps are contained in the modules config
5043  * file and have the form:
5044  * map map1 uint32 1,23,32,45,3
5045  * As you can see the map values are uint32, and along with uint8 are the
5046  * only supported types at the moment.
5047  *
5048  * RETURNS: IPQOS_CONF_ERR if one of the maps specified in mapped_list
5049  * doesn't exist, if value is not a valid map position for a map, or if
5050  * there's a resource failure. otherwise IPQOS_CONF_SUCCESS is returned.
5051  */
5052 static int
5053 read_mapped_values(
5054 FILE *tfp,
5055 nvlist_t **nvlp,
5056 char *module,
5057 char *mapped_list,
5058 int value)
5059 {
5060 	char *map_name, *lastparam, *tmpname;
5061 	int res;
5062 	ipqos_nvtype_t type;
5063 	char dfltst[IPQOS_VALST_MAXLEN+1] = "";
5064 	str_val_nd_t *enum_nvs;
5065 	place_t place;
5066 
5067 	IPQOSCDBG0(L1, "In read_mapped_values\n");
5068 
5069 	map_name = (char *)strtok_r(mapped_list, ",", &lastparam);
5070 	while (map_name != NULL) {
5071 		char *tokval, *lastval;
5072 		int index = 0;
5073 
5074 		/*
5075 		 * get map info from types file.
5076 		 */
5077 		place = PL_MAP;
5078 		res = readtype(tfp, module, map_name, &type, &enum_nvs,
5079 		    dfltst, B_FALSE, &place);
5080 		if (res != IPQOS_CONF_SUCCESS) {
5081 			return (IPQOS_CONF_ERR);
5082 		}
5083 
5084 		/*
5085 		 * Just keep browsing the list till we get to the element
5086 		 * with the index from the value parameter or the end.
5087 		 */
5088 		tokval = (char *)strtok_r(dfltst, ",", &lastval);
5089 		for (;;) {
5090 			if (tokval == NULL) {
5091 				ipqos_msg(MT_ERROR,
5092 				    gettext("Invalid value, %u, line %u.\n"),
5093 				    value, lineno);
5094 				return (IPQOS_CONF_ERR);
5095 			}
5096 			if (index++ == value) {
5097 				break;
5098 			}
5099 			tokval = (char *)strtok_r(NULL, ",", &lastval);
5100 		}
5101 
5102 
5103 		/*
5104 		 * create fully qualified parameter name for map value.
5105 		 */
5106 		tmpname = prepend_module_name(map_name, module);
5107 		if (tmpname == NULL) {
5108 			return (IPQOS_CONF_ERR);
5109 		}
5110 
5111 		/*
5112 		 * add map value with fqn to parameter nvlist.
5113 		 */
5114 		IPQOSCDBG2(L0, "Adding map %s, value %u to nvlist\n",
5115 		    tmpname, atoi(tokval));
5116 		switch (type) {
5117 			case IPQOS_DATA_TYPE_UINT8: {
5118 				res = nvlist_add_byte(*nvlp, tmpname,
5119 				    (uint8_t)atoi(tokval));
5120 				if (res != 0)  {
5121 					free(tmpname);
5122 					ipqos_msg(MT_ENOSTR,
5123 					    "nvlist_add_uint8");
5124 					return (IPQOS_CONF_ERR);
5125 				}
5126 				break;
5127 			}
5128 			case IPQOS_DATA_TYPE_UINT32: {
5129 				res = nvlist_add_uint32(*nvlp, tmpname,
5130 				    (uint32_t)atoi(tokval));
5131 				if (res != 0)  {
5132 					free(tmpname);
5133 					ipqos_msg(MT_ENOSTR,
5134 					    "nvlist_add_uint32");
5135 					return (IPQOS_CONF_ERR);
5136 				}
5137 				break;
5138 			}
5139 			default: {
5140 				ipqos_msg(MT_ERROR,
5141 				    gettext("Types file for module %s is "
5142 				    "corrupt.\n"), module);
5143 				IPQOSCDBG1(L0, "Unsupported map type for "
5144 				    "parameter %s given in types file.\n",
5145 				    map_name);
5146 				return (IPQOS_CONF_ERR);
5147 			}
5148 		}
5149 		free(tmpname);
5150 
5151 		map_name = (char *)strtok_r(NULL, ",", &lastparam);
5152 	}
5153 
5154 	return (IPQOS_CONF_SUCCESS);
5155 }
5156 
5157 /*
5158  * Parses the string info_str into it's components. Its format is:
5159  * SIZE','[ENUM_DEF | RANGE], where SIZE is the size of the array,
5160  * ENUM_DEF is the definition of the enumeration for this array,
5161  * and RANGE is the set of values this array can accept. In
5162  * the event this array has an enumeration definition enum_nvs is
5163  * set to point at a str_val_nd_t structure which stores the names
5164  * and values associated with this enumeration. Otherwise, if this
5165  * is not an enumerated array, lower and upper are set to the lower
5166  * and upper values of RANGE.
5167  * RETURNS: IPQOS_CONF_ERR due to unexpected parse errors, else
5168  * IPQOS_CONF_SUCCESS.
5169  */
5170 static int
5171 read_int_array_info(
5172 char *info_str,
5173 str_val_nd_t **enum_nvs,
5174 uint32_t *size,
5175 int *lower,
5176 int *upper,
5177 char *module)
5178 {
5179 	int res;
5180 	char *end;
5181 	char *token;
5182 	char *tmp;
5183 
5184 	IPQOSCDBG1(L0, "In read_array_info: info_str: %s\n",
5185 	    (info_str != NULL) ? info_str : "NULL");
5186 
5187 	if (info_str == NULL) {
5188 		IPQOSCDBG0(L0, "Null info string\n");
5189 		goto fail;
5190 	}
5191 
5192 	/*
5193 	 * read size.
5194 	 */
5195 	token = strtok(info_str, ",");
5196 	*size = (uint32_t)strtol(token, &end, 10);
5197 	SKIPWS(end);
5198 	if ((end == token) || (*end != NULL)) {
5199 		IPQOSCDBG0(L0, "Invalid size\n");
5200 		goto fail;
5201 	}
5202 	IPQOSCDBG1(L0, "read size: %u\n", *size);
5203 
5204 	/*
5205 	 * check we have another string.
5206 	 */
5207 	token = strtok(NULL, "\n");
5208 	if (token == NULL) {
5209 		IPQOSCDBG0(L0, "Missing range/enum def\n");
5210 		goto fail;
5211 	}
5212 	IPQOSCDBG1(L0, "range/enum def: %s\n", token);
5213 
5214 	/*
5215 	 * check if enumeration set or integer set and read enumeration
5216 	 * definition or integer range respectively.
5217 	 */
5218 	tmp = strchr(token, CURL_BEGIN);
5219 	if (tmp == NULL) {	/* a numeric range */
5220 		res = readrange(token, lower, upper);
5221 		if (res != IPQOS_CONF_SUCCESS) {
5222 			IPQOSCDBG0(L0, "Failed reading range\n");
5223 			goto fail;
5224 		}
5225 	} else {		/* an enumeration */
5226 		*enum_nvs = read_enum_nvs(token, module);
5227 		if (*enum_nvs == NULL) {
5228 			IPQOSCDBG0(L0, "Failed reading enum def\n");
5229 			goto fail;
5230 		}
5231 	}
5232 
5233 	return (IPQOS_CONF_SUCCESS);
5234 fail:
5235 	ipqos_msg(MT_ERROR,
5236 	    gettext("Types file for module %s is corrupt.\n"), module);
5237 	return (IPQOS_CONF_ERR);
5238 }
5239 
5240 /*
5241  * reads the value of an enumeration parameter from first_token and fp.
5242  * first_token is the first token of the value.
5243  * The format expected is NAME | { NAME1 [, NAME2 ] [, NAME3 ]  }.
5244  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
5245  */
5246 static int
5247 read_enum_value(
5248 FILE *fp,
5249 char *first_token,
5250 str_val_nd_t *enum_vals,
5251 uint32_t *val)
5252 {
5253 
5254 	uint32_t u32;
5255 	int ret;
5256 	char *tk;
5257 	char *lo = NULL;
5258 	char *cm;
5259 	int name_expected = 0;
5260 
5261 	IPQOSCDBG0(L1, "In read_enum_value\n");
5262 
5263 	/* init param val */
5264 	*val = 0;
5265 
5266 	/* first token not curl_begin, so lookup its value */
5267 
5268 	if (*first_token != CURL_BEGIN) {
5269 		ret = str_val_list_lookup(enum_vals, first_token, val);
5270 		if (ret != IPQOS_CONF_SUCCESS) {
5271 			ipqos_msg(MT_ERROR,
5272 			    gettext("Unrecognized value, %s, line %u.\n"),
5273 			    first_token, lineno);
5274 			return (ret);
5275 		}
5276 
5277 	/* curl_begin, so read values till curl_end, dicing at ',' */
5278 	} else {
5279 
5280 		name_expected++;
5281 
5282 		for (;;) {
5283 
5284 			/*
5285 			 * no leftover from pervious iteration so read new
5286 			 * token. This leftover happens because readtoken
5287 			 * doesn't interpret comma's as special characters
5288 			 * and thus could return 'val1,val2' as one token.
5289 			 * If this happens the val1 will be used in the
5290 			 * current iteration and what follows saved in lo
5291 			 * for processing by successive iterations.
5292 			 */
5293 
5294 			if (lo == NULL) {
5295 				ret = readtoken(fp, &tk);
5296 				if (ret == IPQOS_CONF_ERR) {
5297 					return (ret);
5298 				} else if (ret == IPQOS_CONF_EOF) {
5299 					ipqos_msg(MT_ERROR,
5300 					    gettext("Unexpected EOF.\n"));
5301 					return (IPQOS_CONF_ERR);
5302 
5303 				}
5304 			} else {	/* previous leftover, so use it */
5305 
5306 				IPQOSCDBG1(L1, "Using leftover %s.\n", lo);
5307 				tk = lo;
5308 				lo = NULL;
5309 			}
5310 
5311 			if (name_expected) {
5312 				if (ret == IPQOS_CONF_CURL_END ||
5313 				    tk[0] == ',') {
5314 					ipqos_msg(MT_ERROR,
5315 					    gettext("Malformed value list "
5316 					    "line %u.\n"), lineno);
5317 					free(tk);
5318 					return (IPQOS_CONF_ERR);
5319 				}
5320 
5321 				/*
5322 				 * check if this token contains a ',' and
5323 				 * if so store it and what follows for next
5324 				 * iteration.
5325 				 */
5326 				cm = strchr(tk, ',');
5327 				if (cm != NULL) {
5328 					lo = malloc(strlen(cm) + 1);
5329 					if (lo == NULL) {
5330 						ipqos_msg(MT_ENOSTR, "malloc");
5331 						free(tk);
5332 						return (IPQOS_CONF_ERR);
5333 					}
5334 
5335 					(void) strcpy(lo, cm);
5336 					*cm = '\0';
5337 				}
5338 
5339 
5340 				/* get name value and add to total val */
5341 
5342 				ret = str_val_list_lookup(enum_vals, tk, &u32);
5343 				if (ret != IPQOS_CONF_SUCCESS) {
5344 					ipqos_msg(MT_ERROR,
5345 					    gettext("Unrecognized value, %s, "
5346 					    "line %u.\n"), tk, lineno);
5347 					free(tk);
5348 					return (IPQOS_CONF_ERR);
5349 				}
5350 
5351 				*val = *val | u32;
5352 				name_expected--;
5353 
5354 			/* comma or curl end accepted */
5355 			} else {
5356 
5357 				/* we've reached curl_end so break */
5358 
5359 				if (ret == IPQOS_CONF_CURL_END) {
5360 					free(tk);
5361 					break;
5362 
5363 				/* not curl end and not comma */
5364 
5365 				} else if (tk[0] != ',') {
5366 					ipqos_msg(MT_ERROR,
5367 					    gettext("Malformed value list "
5368 					    "line %u.\n"), lineno);
5369 					free(tk);
5370 					return (IPQOS_CONF_ERR);
5371 				}
5372 
5373 				/*
5374 				 * store anything after the comma for next
5375 				 * iteration.
5376 				 */
5377 				if (tk[1] != '\0') {
5378 					lo = malloc(strlen(&tk[1]) + 1);
5379 					if (lo == NULL) {
5380 						ipqos_msg(MT_ENOSTR, "malloc");
5381 						free(tk);
5382 						return (IPQOS_CONF_ERR);
5383 					}
5384 					(void) strcpy(lo, &tk[1]);
5385 				}
5386 
5387 				name_expected++;
5388 			}
5389 
5390 			free(tk);
5391 		}
5392 	}
5393 
5394 	IPQOSCDBG1(L1, "value returned is: %u\n", *val);
5395 
5396 	return (IPQOS_CONF_SUCCESS);
5397 }
5398 
5399 /*
5400  * read the set of permanent classes/filter from the types file ref'd by tfp
5401  * and store them in a string table pointed to by perm_items,
5402  * with *nitems getting set to number of items read. perm_filters is set
5403  * to 1 if we're searching for permanent filters, else 0 for classes.
5404  * RETURNS: IPQOS_CONF_ERR if any errors, else IPQOS_CONF_SUCCESS.
5405  */
5406 static int
5407 read_perm_items(
5408 int perm_filters,
5409 FILE *tfp,
5410 char *module_name,
5411 char ***perm_items,
5412 int *nitems)
5413 {
5414 
5415 	char lbuf[IPQOS_CONF_TYPE_LINE_LEN];
5416 	int cnt = 0;
5417 	char name[IPQOS_CONF_NAME_LEN+1];
5418 	char foo[IPQOS_CONF_NAME_LEN+1];
5419 	int res;
5420 	char **items = NULL;
5421 	char **tmp;
5422 	char *marker;
5423 
5424 	IPQOSCDBG0(L1, "In read_perm_items\n");
5425 
5426 
5427 	/* seek to start of types file */
5428 
5429 	if (fseek(tfp, 0, SEEK_SET) != 0) {
5430 		ipqos_msg(MT_ENOSTR, "fseek");
5431 		return (IPQOS_CONF_ERR);
5432 	}
5433 
5434 	/* select which marker were looking for */
5435 
5436 	if (perm_filters) {
5437 		marker = IPQOS_CONF_PERM_FILTER_MK;
5438 	} else {
5439 		marker = IPQOS_CONF_PERM_CLASS_MK;
5440 	}
5441 
5442 	/* scan file line by line till end */
5443 
5444 	while (fgets(lbuf, IPQOS_CONF_TYPE_LINE_LEN, tfp) != NULL) {
5445 
5446 		/*
5447 		 * if the line is marked as containing a default item name
5448 		 * read the name, extend the items string array
5449 		 * and store the string off the array.
5450 		 */
5451 		if (strncmp(lbuf, marker, strlen(marker)) == 0) {
5452 
5453 			res = sscanf(lbuf,
5454 			    "%" VAL2STR(IPQOS_CONF_NAME_LEN) "s"
5455 			    "%" VAL2STR(IPQOS_CONF_NAME_LEN) "s",
5456 			    foo, name);
5457 			if (res < 2) {
5458 				ipqos_msg(MT_ERROR,
5459 				    gettext("Types file for module %s is "
5460 				    "corrupt.\n"), module_name);
5461 				IPQOSCDBG1(L0, "Missing name with a %s.\n",
5462 				    marker);
5463 				goto fail;
5464 			}
5465 
5466 			/* extend items array to accomodate new item */
5467 
5468 			tmp = realloc(items, (cnt + 1) * sizeof (char *));
5469 			if (tmp == NULL) {
5470 				ipqos_msg(MT_ENOSTR, "realloc");
5471 				goto fail;
5472 			} else {
5473 				items = tmp;
5474 			}
5475 
5476 			/* copy and store item name */
5477 
5478 			items[cnt] = malloc(strlen(name) + 1);
5479 			if (items[cnt] == NULL) {
5480 				ipqos_msg(MT_ENOSTR, "malloc");
5481 				goto fail;
5482 			}
5483 
5484 			(void) strcpy(items[cnt], name);
5485 			cnt++;
5486 
5487 
5488 			IPQOSCDBG1(L1, "stored %s in perm items array\n",
5489 			    name);
5490 		}
5491 	}
5492 
5493 	*perm_items = items;
5494 	*nitems = cnt;
5495 
5496 	return (IPQOS_CONF_SUCCESS);
5497 fail:
5498 	for (cnt--; cnt >= 0; cnt--)
5499 		free(items[cnt]);
5500 	free(items);
5501 	return (IPQOS_CONF_ERR);
5502 }
5503 
5504 /*
5505  * Searches types file ref'd by tfp for the parameter named name
5506  * with the place corresponding with place parameter. The format
5507  * of the lines in the file are:
5508  * PLACE NAME TYPE [ ENUM_DEF ] [ DEFAULT_STR ]
5509  * The ENUM_DEF is an enumeration definition and is only present
5510  * for parameters of type enum. DEFAULT_STR is a default value for
5511  * this parameter. If present type is set to the appropriate type
5512  * enumeration and dfltst filled with DEFAULT_STR if one was set.
5513  * Also if the type is enum enum_nvps is made to point at a
5514  * set of name value pairs representing ENUM_DEF.
5515  *
5516  * RETURNS: If any resource errors occur, or a matching parameter
5517  * isn't found IPQOS_CONF_ERR is returned, else IPQOS_CONF_SUCCESS.
5518  */
5519 static int
5520 readtype(
5521 FILE *tfp,
5522 char *module_name,
5523 char *name,
5524 ipqos_nvtype_t *type,
5525 str_val_nd_t **enum_nvps,
5526 char *dfltst,
5527 boolean_t allow_ipgpc_priv,
5528 place_t *place)
5529 {
5530 
5531 	int ac;
5532 	char lbuf[IPQOS_CONF_TYPE_LINE_LEN];
5533 	char param[IPQOS_CONF_PNAME_LEN+1];
5534 	char typest[IPQOS_CONF_TYPE_LEN+1];
5535 	char place_st[IPQOS_CONF_TYPE_LEN+1];
5536 	char *cp;
5537 	int x;
5538 	char *ipgpc_nm;
5539 	int found = 0;
5540 
5541 	IPQOSCDBG1(L1, "In readtype: param: %s\n", name);
5542 
5543 
5544 	/*
5545 	 * if allow_ipgpc_priv is true then we allow ipgpc parameters that are
5546 	 * private between ipqosconf and ipgpc. eg. address masks, port masks.
5547 	 */
5548 	if (allow_ipgpc_priv && strcmp(module_name, IPGPC_NAME) == 0) {
5549 		ipgpc_nm = prepend_module_name(name, IPGPC_NAME);
5550 		if (ipgpc_nm == NULL) {
5551 			return (IPQOS_CONF_ERR);
5552 		}
5553 
5554 		if (strcmp(ipgpc_nm, IPGPC_SADDR_MASK) == 0 ||
5555 		    strcmp(ipgpc_nm, IPGPC_DADDR_MASK) == 0) {
5556 			*type = IPQOS_DATA_TYPE_ADDRESS_MASK;
5557 			return (IPQOS_CONF_SUCCESS);
5558 		} else if (strcmp(ipgpc_nm, IPGPC_SPORT_MASK) == 0 ||
5559 		    strcmp(ipgpc_nm, IPGPC_DPORT_MASK) == 0) {
5560 			*type = IPQOS_DATA_TYPE_UINT16;
5561 			return (IPQOS_CONF_SUCCESS);
5562 		} else if (strcmp(ipgpc_nm, IPGPC_FILTER_TYPE) == 0) {
5563 			*type = IPQOS_DATA_TYPE_UINT32;
5564 			return (IPQOS_CONF_SUCCESS);
5565 		} else if (strcmp(ipgpc_nm, IPGPC_IF_INDEX) == 0) {
5566 			*type = IPQOS_DATA_TYPE_IFINDEX;
5567 			return (IPQOS_CONF_SUCCESS);
5568 		}
5569 
5570 		free(ipgpc_nm);
5571 	}
5572 
5573 	/*
5574 	 * read upto and including module version line.
5575 	 */
5576 	if (read_tfile_ver(tfp, IPQOS_MOD_STR, module_name) == -1)
5577 		return (IPQOS_CONF_ERR);
5578 
5579 
5580 	/*
5581 	 * loop reading lines of the types file until named parameter
5582 	 * found or EOF.
5583 	 */
5584 	while (fgets(lbuf, IPQOS_CONF_TYPE_LINE_LEN, tfp) != NULL) {
5585 
5586 		/*
5587 		 * check whether blank or commented line; if so skip
5588 		 */
5589 		for (cp = lbuf; isspace(*cp) && *cp != '\0'; cp++) {}
5590 		if (*cp == '\0' || *cp == '#') {
5591 			continue;
5592 		}
5593 
5594 		dfltst[0] = '\0';
5595 
5596 		/*
5597 		 * read place, param, type and if present default str
5598 		 * from line.
5599 		 */
5600 		ac = sscanf(lbuf,
5601 		    "%" VAL2STR(IPQOS_CONF_TYPE_LEN) "s "
5602 		    "%" VAL2STR(IPQOS_CONF_PNAME_LEN) "s "
5603 		    "%" VAL2STR(IPQOS_CONF_TYPE_LEN) "s "
5604 		    "%" VAL2STR(IPQOS_VALST_MAXLEN) "s",
5605 		    place_st, param, typest, dfltst);
5606 		if (ac < 3) {
5607 			ipqos_msg(MT_ERROR,
5608 			    gettext("Types file for module %s is corrupt.\n"),
5609 			    module_name);
5610 			IPQOSCDBG0(L0, "sscanf failed to read 3 strings.\n");
5611 			return (IPQOS_CONF_ERR);
5612 		}
5613 
5614 		/*
5615 		 * if the place and name match no need to look any further.
5616 		 */
5617 		if ((*place == PL_ANY) ||
5618 		    ((*place == PL_PARAMS) &&
5619 		    strcmp(place_st, IPQOS_PLACE_PRM_STR) == 0) ||
5620 		    ((*place == PL_FILTER) &&
5621 		    strcmp(place_st, IPQOS_PLACE_FILTER_STR) == 0) ||
5622 		    ((*place == PL_MAP) &&
5623 		    strcmp(place_st, IPQOS_PLACE_MAP_STR) == 0)) {
5624 			if (strcmp(param, name) == 0) {
5625 				found++;
5626 				break;
5627 			}
5628 		}
5629 	}
5630 	if (found == 0) {
5631 		ipqos_msg(MT_ERROR,
5632 		    gettext("Invalid parameter, %s, line %u.\n"), name,
5633 		    lineno);
5634 		return (IPQOS_CONF_ERR);
5635 	}
5636 
5637 	/*
5638 	 * set the place parameter to the actual place when the PL_ANY flag
5639 	 * was set.
5640 	 */
5641 	if (*place == PL_ANY) {
5642 		if (strcmp(place_st, IPQOS_PLACE_PRM_STR) == 0) {
5643 			*place = PL_PARAMS;
5644 		} else if (strcmp(place_st, IPQOS_PLACE_FILTER_STR) == 0) {
5645 			*place = PL_FILTER;
5646 		} else if (strcmp(place_st, IPQOS_PLACE_MAP_STR) == 0) {
5647 			*place = PL_MAP;
5648 		}
5649 	}
5650 
5651 	/*
5652 	 * get type enumeration
5653 	 */
5654 	for (x = 0; nv_types[x].string[0]; x++) {
5655 		if (strcmp(nv_types[x].string, typest) == 0) {
5656 			break;
5657 		}
5658 	}
5659 	/*
5660 	 * check that we have a type corresponding with the one the types
5661 	 * file specifies.
5662 	 */
5663 	if (nv_types[x].string[0] == '\0') {
5664 		ipqos_msg(MT_ERROR,
5665 		    gettext("Types file for module %s is corrupt.\n"),
5666 		    module_name);
5667 		return (IPQOS_CONF_ERR);
5668 	}
5669 	*type = nv_types[x].value;
5670 
5671 	/*
5672 	 * if enumeration type get set of name/vals and any default value
5673 	 */
5674 	if (*type == IPQOS_DATA_TYPE_ENUM) {
5675 		*enum_nvps = read_enum_nvs(lbuf, module_name);
5676 		if (*enum_nvps == NULL) {
5677 			return (IPQOS_CONF_ERR);
5678 		}
5679 
5680 		dfltst[0] = '\0';
5681 		cp = strchr(lbuf, CURL_END);
5682 		(void) sscanf(++cp,
5683 		    "%" VAL2STR(IPQOS_VALST_MAXLEN) "s", dfltst);
5684 	}
5685 
5686 
5687 	IPQOSCDBG2(L1, "read type: %s default: %s\n", nv_types[x].string,
5688 	    *dfltst ? dfltst : "None");
5689 	return (IPQOS_CONF_SUCCESS);
5690 }
5691 
5692 
5693 /*
5694  * Reads a name and a value from file ref'd by cfp into list indirectly
5695  * ref'd by nvlp; If this list is NULL it will be created to accomodate
5696  * the name/value. The name must be either a special token for
5697  * for the place, or be present in the module types file ref'd by tfp.
5698  * *type is set to the enumeration of the type of the parameter and
5699  * nvp to point at the element with the nvlp ref'd list.
5700  * RETURNS: IPQOS_CONF_CURL_END if read CURL_END as name,
5701  * IPQOS_CONF_ERR on errors, else IPQOS_CONF_SUCCESS.
5702  */
5703 static int
5704 readnvpair(
5705 FILE *cfp,
5706 FILE *tfp,
5707 nvlist_t **nvlp,
5708 nvpair_t **nvp,
5709 ipqos_nvtype_t *type,
5710 place_t place,
5711 char *module_name)
5712 {
5713 
5714 	char *name = NULL;
5715 	char *valst = NULL;
5716 	int res;
5717 	char *tmp;
5718 	str_val_nd_t *enum_nvs = NULL;
5719 	char dfltst[IPQOS_VALST_MAXLEN+1];
5720 
5721 	IPQOSCDBG0(L1, "in readnvpair\n");
5722 
5723 	/*
5724 	 * read nvpair name
5725 	 */
5726 	res = readtoken(cfp, &name);
5727 
5728 	/*
5729 	 * if reached eof, curl end or error encountered return to caller
5730 	 */
5731 	if (res == IPQOS_CONF_EOF) {
5732 		ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
5733 		return (IPQOS_CONF_ERR);
5734 	} else if (res == IPQOS_CONF_ERR) {
5735 		return (res);
5736 	} else if (res == IPQOS_CONF_CURL_END) {
5737 		free(name);
5738 		return (res);
5739 	}
5740 
5741 	/*
5742 	 * read nvpair value
5743 	 */
5744 	res = readtoken(cfp, &valst);
5745 
5746 	/*
5747 	 * check we've read a valid value
5748 	 */
5749 	if (res != IPQOS_CONF_SUCCESS && res != IPQOS_CONF_CURL_BEGIN) {
5750 		if (res == IPQOS_CONF_EOF) {
5751 			ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
5752 		} else if (res == IPQOS_CONF_CURL_END) {
5753 			ipqos_msg(MT_ERROR,
5754 			    gettext("Missing parameter value line %u.\n"),
5755 			    lineno);
5756 			free(valst);
5757 		}	/* we do nothing special for IPQOS_CONF_ERR */
5758 		free(name);
5759 		return (IPQOS_CONF_ERR);
5760 	}
5761 
5762 	/*
5763 	 * check for generic parameters.
5764 	 */
5765 
5766 	if ((place == PL_CLASS) &&
5767 	    strcmp(name, IPQOS_CONF_NEXT_ACTION_STR) == 0) {
5768 		*type = IPQOS_DATA_TYPE_ACTION;
5769 
5770 	} else if (place == PL_PARAMS &&
5771 	    strcmp(name, IPQOS_CONF_GLOBAL_STATS_STR) == 0 ||
5772 	    place == PL_CLASS &&
5773 	    strcmp(name, IPQOS_CONF_STATS_ENABLE_STR) == 0) {
5774 		*type = IPQOS_DATA_TYPE_BOOLEAN;
5775 
5776 	} else if (tfp == NULL ||
5777 	    ((place != PL_PARAMS) && strcmp(name, IPQOS_CONF_NAME_STR) == 0) ||
5778 	    (place == PL_FILTER) && (strcmp(name, IPQOS_CONF_CLASS_STR) ==
5779 	    0) ||
5780 	    (place == PL_ACTION) && (strcmp(name, IPQOS_CONF_MODULE_STR) ==
5781 	    0)) {
5782 		*type = IPQOS_DATA_TYPE_STRING;
5783 
5784 	} else {	/* if not generic parameter */
5785 		/*
5786 		 * get type from types file
5787 		 */
5788 		if (readtype(tfp, module_name, name, type, &enum_nvs, dfltst,
5789 		    B_FALSE, &place) != IPQOS_CONF_SUCCESS) {
5790 			free(name);
5791 			free(valst);
5792 			return (IPQOS_CONF_ERR);
5793 		}
5794 
5795 		/*
5796 		 * get full module prefix parameter name
5797 		 */
5798 		tmp = name;
5799 		if ((name = prepend_module_name(name, module_name)) == NULL) {
5800 			name = tmp;
5801 			goto fail;
5802 		}
5803 		free(tmp);
5804 	}
5805 
5806 	IPQOSCDBG3(L1, "NVP, name: %s, str_value: %s, type: %s\n", name,
5807 	    valst, nv_types[*type].string);
5808 
5809 
5810 	/*
5811 	 * create nvlist if not present already
5812 	 */
5813 	if (*nvlp == NULL) {
5814 		res = nvlist_alloc(nvlp, NV_UNIQUE_NAME, 0);
5815 		if (res != 0) {
5816 			ipqos_msg(MT_ENOSTR, "nvlist_alloc");
5817 			free(name);
5818 			free(valst);
5819 			return (IPQOS_CONF_ERR);
5820 		}
5821 	}
5822 
5823 	/*
5824 	 * check we haven't already read this parameter
5825 	 */
5826 	if (find_nvpair(*nvlp, name)) {
5827 		ipqos_msg(MT_ERROR, gettext("Duplicate parameter line %u.\n"),
5828 		    lineno);
5829 		goto fail;
5830 	}
5831 
5832 	/*
5833 	 * convert value string to appropriate type and add to nvlist
5834 	 */
5835 
5836 	switch (*type) {
5837 		case IPQOS_DATA_TYPE_IFNAME: {
5838 			uint32_t ifidx;
5839 
5840 			res = readifindex(valst, (int *)&ifidx);
5841 			if (res == IPQOS_CONF_SUCCESS) {
5842 				res = nvlist_add_uint32(*nvlp, IPGPC_IF_INDEX,
5843 				    ifidx);
5844 				if (res != 0) {
5845 					ipqos_msg(MT_ENOSTR,
5846 					    "nvlist_add_uint32");
5847 					goto fail;
5848 				}
5849 				(void) nvlist_remove_all(*nvlp, name);
5850 				/*
5851 				 * change name to point at the name of the
5852 				 * new ifindex nvlist entry as name is used
5853 				 * later in the function.
5854 				 */
5855 				free(name);
5856 				name = malloc(strlen(IPGPC_IF_INDEX) + 1);
5857 				if (name == NULL) {
5858 					ipqos_msg(MT_ENOSTR, "malloc");
5859 					goto fail;
5860 				}
5861 				(void) strcpy(name, IPGPC_IF_INDEX);
5862 			}
5863 			break;
5864 		}
5865 		case IPQOS_DATA_TYPE_PROTO: {
5866 			uint8_t proto;
5867 
5868 			res = readproto(valst, &proto);
5869 			if (res == IPQOS_CONF_SUCCESS) {
5870 				res = nvlist_add_byte(*nvlp, name, proto);
5871 				if (res != 0) {
5872 					ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
5873 					goto fail;
5874 				}
5875 			}
5876 			break;
5877 		}
5878 		case IPQOS_DATA_TYPE_PORT: {
5879 			uint16_t port;
5880 
5881 			res = readport(valst, &port);
5882 			if (res == IPQOS_CONF_SUCCESS) {
5883 
5884 				/* add port */
5885 
5886 				res = nvlist_add_uint16(*nvlp, name, port);
5887 				if (res != 0) {
5888 					ipqos_msg(MT_ENOSTR,
5889 					    "nvlist_add_uint16");
5890 					goto fail;
5891 				}
5892 
5893 				/* add appropriate all ones port mask */
5894 
5895 				if (strcmp(name, IPGPC_DPORT) == 0) {
5896 					res = nvlist_add_uint16(*nvlp,
5897 					    IPGPC_DPORT_MASK, ~0);
5898 
5899 				} else if (strcmp(name, IPGPC_SPORT) == 0) {
5900 					res = nvlist_add_uint16(*nvlp,
5901 					    IPGPC_SPORT_MASK, ~0);
5902 				}
5903 				if (res != 0) {
5904 					ipqos_msg(MT_ENOSTR,
5905 					    "nvlist_add_uint16");
5906 					goto fail;
5907 				}
5908 			}
5909 			break;
5910 		}
5911 		case IPQOS_DATA_TYPE_ADDRESS:
5912 		case IPQOS_DATA_TYPE_ACTION:
5913 		case IPQOS_DATA_TYPE_STRING:
5914 			res = nvlist_add_string(*nvlp, name, valst);
5915 			if (res != 0) {
5916 				ipqos_msg(MT_ENOSTR, "nvlist_add_string");
5917 				goto fail;
5918 			}
5919 			break;
5920 		case IPQOS_DATA_TYPE_BOOLEAN: {
5921 			boolean_t b;
5922 
5923 			res = readbool(valst, &b);
5924 			if (res == IPQOS_CONF_SUCCESS) {
5925 				res = nvlist_add_uint32(*nvlp, name,
5926 				    (uint32_t)b);
5927 				if (res != 0) {
5928 					ipqos_msg(MT_ENOSTR,
5929 					    "nvlist_add_uint32");
5930 					goto fail;
5931 				}
5932 			}
5933 			break;
5934 		}
5935 		case IPQOS_DATA_TYPE_UINT8: {
5936 			uint8_t u8;
5937 
5938 			res = readuint8(valst, &u8, &tmp);
5939 			if (res == IPQOS_CONF_SUCCESS) {
5940 				res = nvlist_add_byte(*nvlp, name, u8);
5941 				if (res != 0) {
5942 					ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
5943 					goto fail;
5944 				}
5945 			}
5946 			break;
5947 		}
5948 		case IPQOS_DATA_TYPE_INT16: {
5949 			int16_t i16;
5950 
5951 			res = readint16(valst, &i16, &tmp);
5952 			if (res == IPQOS_CONF_SUCCESS) {
5953 				res = nvlist_add_int16(*nvlp, name, i16);
5954 				if (res != 0) {
5955 					ipqos_msg(MT_ENOSTR,
5956 					    "nvlist_add_int16");
5957 					goto fail;
5958 				}
5959 			}
5960 			break;
5961 		}
5962 		case IPQOS_DATA_TYPE_UINT16: {
5963 			uint16_t u16;
5964 
5965 			res = readuint16(valst, &u16, &tmp);
5966 			if (res == IPQOS_CONF_SUCCESS) {
5967 				res = nvlist_add_uint16(*nvlp, name, u16);
5968 				if (res != 0) {
5969 					ipqos_msg(MT_ENOSTR,
5970 					    "nvlist_add_int16");
5971 					goto fail;
5972 				}
5973 			}
5974 			break;
5975 		}
5976 		case IPQOS_DATA_TYPE_INT32: {
5977 			int i32;
5978 
5979 			res = readint32(valst, &i32, &tmp);
5980 			if (res == IPQOS_CONF_SUCCESS) {
5981 				res = nvlist_add_int32(*nvlp, name, i32);
5982 				if (res != 0) {
5983 					ipqos_msg(MT_ENOSTR,
5984 					    "nvlist_add_int32");
5985 					goto fail;
5986 				}
5987 			}
5988 			break;
5989 		}
5990 		case IPQOS_DATA_TYPE_UINT32: {
5991 			uint32_t u32;
5992 
5993 			res = readuint32(valst, &u32, &tmp);
5994 			if (res == IPQOS_CONF_SUCCESS) {
5995 				res = nvlist_add_uint32(*nvlp, name, u32);
5996 				if (res != 0) {
5997 					ipqos_msg(MT_ENOSTR,
5998 					    "nvlist_add_uint32");
5999 					goto fail;
6000 				}
6001 			}
6002 			break;
6003 		}
6004 		case IPQOS_DATA_TYPE_ENUM: {
6005 			uint32_t val;
6006 
6007 			res = read_enum_value(cfp, valst, enum_nvs, &val);
6008 			if (res == IPQOS_CONF_SUCCESS) {
6009 				res = nvlist_add_uint32(*nvlp, name, val);
6010 				if (res != 0) {
6011 					ipqos_msg(MT_ENOSTR,
6012 					    "nvlist_add_uint32");
6013 					goto fail;
6014 				}
6015 			} else {
6016 				goto fail;
6017 			}
6018 			break;
6019 		}
6020 		/*
6021 		 * For now the dfltst contains a comma separated list of the
6022 		 * type we need this parameter to be mapped to.
6023 		 * read_mapped_values will fill in all the mapped parameters
6024 		 * and their values in the nvlist.
6025 		 */
6026 		case IPQOS_DATA_TYPE_M_INDEX: {
6027 			uint8_t u8;
6028 
6029 			res = readuint8(valst, &u8, &tmp);
6030 			if (res == IPQOS_CONF_SUCCESS) {
6031 				res = nvlist_add_byte(*nvlp, name, u8);
6032 				if (res != 0) {
6033 					ipqos_msg(MT_ENOSTR,
6034 					    "nvlist_add_uint8");
6035 					goto fail;
6036 				}
6037 			} else {
6038 				*type = IPQOS_DATA_TYPE_UINT8;
6039 				break;
6040 			}
6041 			res = read_mapped_values(tfp, nvlp, module_name,
6042 			    dfltst, u8);
6043 			if (res != IPQOS_CONF_SUCCESS) {
6044 				goto fail;
6045 			}
6046 			break;
6047 		}
6048 		case IPQOS_DATA_TYPE_INT_ARRAY: {
6049 			str_val_nd_t *arr_enum_nvs = NULL;
6050 			uint32_t size;
6051 			int llimit = 0, ulimit = 0;
6052 			int *arr;
6053 
6054 			/*
6055 			 * read array info from types file.
6056 			 */
6057 			res = read_int_array_info(dfltst, &arr_enum_nvs, &size,
6058 			    &llimit, &ulimit, module_name);
6059 			if (res != IPQOS_CONF_SUCCESS) {
6060 				goto fail;
6061 			}
6062 
6063 			/*
6064 			 * read array contents from config file and construct
6065 			 * array with them.
6066 			 */
6067 			res = read_int_array(cfp, valst, &arr, size, llimit,
6068 			    ulimit, arr_enum_nvs);
6069 			if (res != IPQOS_CONF_SUCCESS) {
6070 				goto fail;
6071 			}
6072 
6073 			/*
6074 			 * add array to nvlist.
6075 			 */
6076 			res = nvlist_add_int32_array(*nvlp, name, arr, size);
6077 			if (res != 0) {
6078 				ipqos_msg(MT_ENOSTR, "nvlist_add_int32");
6079 				goto fail;
6080 			}
6081 
6082 			/*
6083 			 * free uneeded resources.
6084 			 */
6085 			free(arr);
6086 			if (arr_enum_nvs)
6087 				free_str_val_entrys(arr_enum_nvs);
6088 
6089 			break;
6090 		}
6091 		case IPQOS_DATA_TYPE_USER: {
6092 			uid_t uid;
6093 
6094 			res = readuser(valst, &uid);
6095 			if (res == IPQOS_CONF_SUCCESS) {
6096 				res = nvlist_add_int32(*nvlp, name, (int)uid);
6097 				if (res != 0) {
6098 					ipqos_msg(MT_ENOSTR,
6099 					    "nvlist_add_int32");
6100 					goto fail;
6101 				}
6102 			}
6103 			break;
6104 		}
6105 #ifdef	_IPQOS_CONF_DEBUG
6106 		default: {
6107 			/*
6108 			 * we shouldn't have a type that doesn't have a switch
6109 			 * entry.
6110 			 */
6111 			assert(1);
6112 		}
6113 #endif
6114 	}
6115 	if (res != 0) {
6116 		ipqos_msg(MT_ERROR, gettext("Invalid %s, line %u.\n"),
6117 		    nv_types[*type].string, lineno);
6118 		goto fail;
6119 	}
6120 
6121 	/* set the nvp parameter to point at the newly added nvlist entry */
6122 
6123 	*nvp = find_nvpair(*nvlp, name);
6124 
6125 	free(name);
6126 	free(valst);
6127 	if (enum_nvs)
6128 		free_str_val_entrys(enum_nvs);
6129 	return (IPQOS_CONF_SUCCESS);
6130 fail:
6131 	if (name != NULL)
6132 		free(name);
6133 	if (valst != NULL)
6134 		free(valst);
6135 	if (enum_nvs != NULL)
6136 		free_str_val_entrys(enum_nvs);
6137 	return (IPQOS_CONF_ERR);
6138 }
6139 
6140 /*
6141  * read a parameter clause from cfp into *params.
6142  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
6143  */
6144 static int
6145 readparams(
6146 FILE *cfp,
6147 FILE *tfp,
6148 char *module_name,
6149 ipqos_conf_params_t *params)
6150 {
6151 
6152 	int res;
6153 	nvpair_t *nvp;
6154 	ipqos_nvtype_t type;
6155 	boolean_t bl;
6156 	char *nm;
6157 	char *action;
6158 	char tmp[IPQOS_CONF_PNAME_LEN];
6159 	int read_stats = 0;
6160 
6161 	IPQOSCDBG0(L0, "in readparams\n");
6162 
6163 	/* read beginning curl */
6164 
6165 	res = read_curl_begin(cfp);
6166 	if (res != IPQOS_CONF_SUCCESS) {
6167 		return (res);
6168 	}
6169 
6170 	/*
6171 	 * loop reading nvpairs, adding to params nvlist until encounter
6172 	 * CURL_END.
6173 	 */
6174 	for (;;) {
6175 		/* read nvpair */
6176 
6177 		res = readnvpair(cfp, tfp, &params->nvlist,
6178 		    &nvp, &type, PL_PARAMS, module_name);
6179 		if (res == IPQOS_CONF_ERR) {
6180 			goto fail;
6181 
6182 		/* we have finished reading params */
6183 
6184 		} else if (res == IPQOS_CONF_CURL_END) {
6185 			break;
6186 		}
6187 
6188 		/*
6189 		 * read global stats - place into params struct and remove
6190 		 * from nvlist.
6191 		 */
6192 		if (strcmp(nvpair_name(nvp), IPQOS_CONF_GLOBAL_STATS_STR) ==
6193 		    0) {
6194 			/* check we haven't read stats before */
6195 
6196 			if (read_stats) {
6197 				ipqos_msg(MT_ERROR,
6198 				    gettext("Duplicate parameter line %u.\n"),
6199 				    lineno);
6200 				goto fail;
6201 			}
6202 			read_stats++;
6203 
6204 			(void) nvpair_value_uint32(nvp, (uint32_t *)&bl);
6205 			params->stats_enable = bl;
6206 			(void) nvlist_remove_all(params->nvlist,
6207 			    IPQOS_CONF_GLOBAL_STATS_STR);
6208 
6209 
6210 		/*
6211 		 * read action type parameter - add it to list of action refs.
6212 		 * also, if it's one of continue or drop virtual actions
6213 		 * change the action name to their special ipp names in
6214 		 * the action ref list and the nvlist.
6215 		 */
6216 		} else if (type == IPQOS_DATA_TYPE_ACTION) {
6217 
6218 			/* get name and value from nvlist */
6219 
6220 			nm = nvpair_name(nvp);
6221 			(void) nvpair_value_string(nvp, &action);
6222 
6223 			/* if virtual action names change to ipp name */
6224 
6225 			if ((strcmp(action, IPQOS_CONF_CONT_STR) == 0) ||
6226 			    strcmp(action, IPQOS_CONF_DROP_STR) == 0) {
6227 				/*
6228 				 * we copy nm to a seperate buffer as nv_pair
6229 				 * name above gave us a ptr to internal
6230 				 * memory which causes strange behaviour
6231 				 * when we re-value that nvlist element.
6232 				 */
6233 				(void) strlcpy(tmp, nm, sizeof (tmp));
6234 				nm = tmp;
6235 
6236 
6237 				/* modify nvlist entry and change action */
6238 
6239 				if (strcmp(action, IPQOS_CONF_CONT_STR) == 0) {
6240 					action = IPP_ANAME_CONT;
6241 					res = nvlist_add_string(params->nvlist,
6242 					    nm, action);
6243 				} else {
6244 					action = IPP_ANAME_DROP;
6245 					res = nvlist_add_string(params->nvlist,
6246 					    nm, action);
6247 				}
6248 				if (res != 0) {
6249 					ipqos_msg(MT_ENOSTR,
6250 					    "nvlist_add_string");
6251 					goto fail;
6252 				}
6253 			}
6254 
6255 			/* add action reference to params */
6256 
6257 			res = add_aref(&params->actions, nm, action);
6258 		}
6259 	}
6260 
6261 	return (IPQOS_CONF_SUCCESS);
6262 fail:
6263 
6264 	if (params->nvlist) {
6265 		nvlist_free(params->nvlist);
6266 		params->nvlist = NULL;
6267 	}
6268 	if (params->actions) {
6269 		free_arefs(params->actions);
6270 		params->actions = NULL;
6271 	}
6272 	return (IPQOS_CONF_ERR);
6273 }
6274 
6275 /* ************************* class manip fns ****************************** */
6276 
6277 
6278 
6279 /*
6280  * make dst point at a dupicate class struct with duplicate elements to src.
6281  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
6282  */
6283 static int
6284 dup_class(
6285 ipqos_conf_class_t *src,
6286 ipqos_conf_class_t **dst)
6287 {
6288 
6289 	ipqos_conf_class_t *cls;
6290 	int res;
6291 
6292 	IPQOSCDBG1(DIFF, "In dup_class: class: %s\n", src->name);
6293 	cls = alloc_class();
6294 	if (cls == NULL) {
6295 		return (IPQOS_CONF_ERR);
6296 	}
6297 
6298 	/* struct copy */
6299 	*cls = *src;
6300 
6301 	/* we're not interested in the nvlist for a class */
6302 	cls->nvlist = NULL;
6303 
6304 
6305 	/* copy first action reference */
6306 	cls->alist = NULL;
6307 	res = add_aref(&cls->alist, src->alist->field, src->alist->name);
6308 	if (res != IPQOS_CONF_SUCCESS) {
6309 		free(cls);
6310 		return (res);
6311 	}
6312 
6313 	*dst = cls;
6314 
6315 	return (IPQOS_CONF_SUCCESS);
6316 }
6317 
6318 /*
6319  * create a zero'd class struct and return a ptr to it.
6320  * RETURNS: ptr to struct on success, NULL otherwise.
6321  */
6322 static ipqos_conf_class_t *
6323 alloc_class()
6324 {
6325 
6326 	ipqos_conf_class_t *class;
6327 
6328 	class = malloc(sizeof (ipqos_conf_class_t));
6329 	if (class) {
6330 		bzero(class, sizeof (ipqos_conf_class_t));
6331 	} else {
6332 		ipqos_msg(MT_ENOSTR, "malloc");
6333 	}
6334 
6335 	return (class);
6336 }
6337 
6338 /* frees up all memory occupied by a filter struct and its contents. */
6339 static void
6340 free_class(ipqos_conf_class_t *cls)
6341 {
6342 
6343 	if (cls == NULL)
6344 		return;
6345 
6346 	/* free its nvlist if present */
6347 
6348 	if (cls->nvlist)
6349 		nvlist_free(cls->nvlist);
6350 
6351 	/* free its action refs if present */
6352 
6353 	if (cls->alist)
6354 		free_arefs(cls->alist);
6355 
6356 	/* finally free class itself */
6357 	free(cls);
6358 }
6359 
6360 /*
6361  * Checks whether there is a class called class_nm  in classes list.
6362  * RETURNS: ptr to first matched class, else if not matched NULL.
6363  */
6364 static ipqos_conf_class_t *
6365 classexist(
6366 char *class_nm,
6367 ipqos_conf_class_t *classes)
6368 {
6369 
6370 	ipqos_conf_class_t *cls;
6371 
6372 	IPQOSCDBG1(L1, "In classexist: name: %s\n", class_nm);
6373 
6374 	for (cls = classes; cls; cls = cls->next) {
6375 		if (strcmp(class_nm, cls->name) == 0) {
6376 			break;
6377 		}
6378 	}
6379 
6380 	return (cls);
6381 }
6382 
6383 
6384 
6385 /* ************************** filter manip fns **************************** */
6386 
6387 
6388 
6389 /*
6390  * Checks whether there is a filter called filter_nm with instance number
6391  * instance in filters list created by us or permanent. Instance value -1
6392  * is a wildcard.
6393  * RETURNS: ptr to first matched filter, else if not matched NULL.
6394  */
6395 static ipqos_conf_filter_t *
6396 filterexist(
6397 char *filter_nm,
6398 int instance,
6399 ipqos_conf_filter_t *filters)
6400 {
6401 
6402 	IPQOSCDBG2(L1, "In filterexist: name :%s, inst: %d\n", filter_nm,
6403 	    instance);
6404 
6405 	while (filters) {
6406 		if (strcmp(filters->name, filter_nm) == 0 &&
6407 		    (instance == -1 || filters->instance == instance) &&
6408 		    (filters->originator == IPP_CONFIG_IPQOSCONF ||
6409 		    filters->originator == IPP_CONFIG_PERMANENT)) {
6410 			break;
6411 		}
6412 		filters = filters->next;
6413 	}
6414 	return (filters);
6415 }
6416 
6417 /*
6418  * allocate and zero a filter structure.
6419  * RETURNS: NULL on error, else ptr to filter struct.
6420  */
6421 static ipqos_conf_filter_t *
6422 alloc_filter()
6423 {
6424 
6425 	ipqos_conf_filter_t *flt;
6426 
6427 	flt = malloc(sizeof (ipqos_conf_filter_t));
6428 	if (flt) {
6429 		bzero(flt, sizeof (ipqos_conf_filter_t));
6430 		flt->instance = -1;
6431 	} else {
6432 		ipqos_msg(MT_ENOSTR, "malloc");
6433 	}
6434 
6435 	return (flt);
6436 }
6437 
6438 /* free flt and all it's contents. */
6439 
6440 static void
6441 free_filter(ipqos_conf_filter_t *flt)
6442 {
6443 
6444 	IPQOSCDBG2(L1, "In free_filter: filter: %s, inst: %d\n", flt->name,
6445 	    flt->instance);
6446 
6447 	if (flt == NULL)
6448 		return;
6449 
6450 	if (flt->src_nd_name)
6451 		free(flt->src_nd_name);
6452 	if (flt->dst_nd_name)
6453 		free(flt->dst_nd_name);
6454 	if (flt->nvlist) {
6455 		nvlist_free(flt->nvlist);
6456 	}
6457 	free(flt);
6458 }
6459 
6460 /*
6461  * makes a copy of ofilter and its contents and points nfilter at it. It
6462  * also adds an instance number to the filter and if either saddr or
6463  * daddr are non-null that address to the filters nvlist along with
6464  * an all 1s address mask and the af.
6465  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
6466  */
6467 static int
6468 dup_filter(
6469 ipqos_conf_filter_t *ofilter,
6470 ipqos_conf_filter_t **nfilter,
6471 int af,
6472 int inv6,	/* if saddr or daddr set and v4 filter are they in v6 addr */
6473 void *saddr,
6474 void *daddr,
6475 int inst)
6476 {
6477 
6478 	ipqos_conf_filter_t *nf;
6479 	int res;
6480 	in6_addr_t v6addr;
6481 	in6_addr_t all_1s_v6;
6482 
6483 	IPQOSCDBG4(MHME, "In dup_filter: name: %s, af: %u, inv6: %u, ins: %d\n",
6484 	    ofilter->name, af, inv6, inst);
6485 
6486 /* show src address and dst address if present */
6487 #ifdef	_IPQOS_CONF_DEBUG
6488 	if (ipqosconf_dbg_flgs & MHME) {
6489 		char st[100];
6490 
6491 		if (saddr) {
6492 			(void) fprintf(stderr, "saddr: %s\n",
6493 			    inet_ntop(inv6 ? AF_INET6 : AF_INET, saddr, st,
6494 			    100));
6495 		}
6496 
6497 		if (daddr) {
6498 			(void) fprintf(stderr, "daddr: %s\n",
6499 			    inet_ntop(inv6 ? AF_INET6 : AF_INET, daddr, st,
6500 			    100));
6501 		}
6502 	}
6503 #endif	/* _IPQOS_CONF_DEBUG */
6504 
6505 	/* init local v6 address to 0 */
6506 	(void) bzero(&v6addr, sizeof (in6_addr_t));
6507 
6508 	/* create an all 1s address for use as mask */
6509 	(void) memset(&all_1s_v6, ~0, sizeof (in6_addr_t));
6510 
6511 	/* create a new filter */
6512 
6513 	nf = alloc_filter();
6514 	if (nf == NULL) {
6515 		return (IPQOS_CONF_ERR);
6516 	}
6517 
6518 	/* struct copy old filter to new */
6519 	*nf = *ofilter;
6520 
6521 	/* copy src filters nvlist if there is one to copy */
6522 
6523 	if (ofilter->nvlist) {
6524 		res = nvlist_dup(ofilter->nvlist, &nf->nvlist, 0);
6525 		if (res != 0) {
6526 			ipqos_msg(MT_ENOSTR, "nvlist_dup");
6527 			goto fail;
6528 		}
6529 	}
6530 
6531 	/* copy src and dst node names if present */
6532 
6533 	if (ofilter->src_nd_name) {
6534 		nf->src_nd_name = malloc(strlen(ofilter->src_nd_name) + 1);
6535 		if (nf->src_nd_name == NULL) {
6536 			ipqos_msg(MT_ENOSTR, "malloc");
6537 			goto fail;
6538 		}
6539 		(void) strcpy(nf->src_nd_name, ofilter->src_nd_name);
6540 	}
6541 	if (ofilter->dst_nd_name) {
6542 		nf->dst_nd_name = malloc(strlen(ofilter->dst_nd_name) + 1);
6543 		if (nf->dst_nd_name == NULL) {
6544 			ipqos_msg(MT_ENOSTR, "malloc");
6545 			goto fail;
6546 		}
6547 		(void) strcpy(nf->dst_nd_name, ofilter->dst_nd_name);
6548 	}
6549 
6550 	/* add filter addresses type */
6551 
6552 	res = nvlist_add_byte(nf->nvlist, IPGPC_FILTER_TYPE,
6553 	    af == AF_INET ? IPGPC_V4_FLTR : IPGPC_V6_FLTR);
6554 	if (res != 0) {
6555 		ipqos_msg(MT_ENOSTR, "nvlist_add_byte");
6556 		goto fail;
6557 	}
6558 	IPQOSCDBG1(MHME, "adding address type %s in dup filter\n",
6559 	    af == AF_INET ? "AF_INET" : "AF_INET6");
6560 
6561 	/* add saddr if present */
6562 
6563 	if (saddr) {
6564 		if (af == AF_INET && !inv6) {
6565 			V4_PART_OF_V6(v6addr) = *(uint32_t *)saddr;
6566 			saddr = &v6addr;
6567 		}
6568 
6569 		/* add address and all 1's mask */
6570 
6571 		if (nvlist_add_uint32_array(nf->nvlist, IPGPC_SADDR,
6572 		    (uint32_t *)saddr, 4) != 0 ||
6573 		    nvlist_add_uint32_array(nf->nvlist, IPGPC_SADDR_MASK,
6574 		    (uint32_t *)&all_1s_v6, 4) != 0) {
6575 			ipqos_msg(MT_ENOSTR, "nvlist_add_uint32_array");
6576 			goto fail;
6577 		}
6578 
6579 	}
6580 
6581 	/* add daddr if present */
6582 
6583 	if (daddr) {
6584 		if (af == AF_INET && !inv6) {
6585 			V4_PART_OF_V6(v6addr) = *(uint32_t *)daddr;
6586 			daddr = &v6addr;
6587 		}
6588 
6589 		/* add address and all 1's mask */
6590 
6591 		if (nvlist_add_uint32_array(nf->nvlist, IPGPC_DADDR,
6592 		    (uint32_t *)daddr, 4) != 0 ||
6593 		    nvlist_add_uint32_array(nf->nvlist, IPGPC_DADDR_MASK,
6594 		    (uint32_t *)&all_1s_v6, 4) != 0) {
6595 			ipqos_msg(MT_ENOSTR, "nvlist_add_uint32_array");
6596 			goto fail;
6597 		}
6598 	}
6599 
6600 	/* add filter instance */
6601 
6602 	nf->instance = inst;
6603 
6604 	*nfilter = nf;
6605 	return (IPQOS_CONF_SUCCESS);
6606 fail:
6607 	free_filter(nf);
6608 	return (IPQOS_CONF_ERR);
6609 }
6610 
6611 
6612 
6613 /* ************************* action manip fns ********************** */
6614 
6615 
6616 
6617 /*
6618  * create and zero action structure and a params structure hung off of it.
6619  * RETURNS: ptr to allocated action on success, else NULL.
6620  */
6621 static ipqos_conf_action_t *
6622 alloc_action()
6623 {
6624 
6625 	ipqos_conf_action_t *action;
6626 
6627 	action = (ipqos_conf_action_t *)malloc(sizeof (ipqos_conf_action_t));
6628 	if (action == NULL) {
6629 		ipqos_msg(MT_ENOSTR, "malloc");
6630 		return (action);
6631 	}
6632 	bzero(action, sizeof (ipqos_conf_action_t));
6633 
6634 	action->params = (ipqos_conf_params_t *)
6635 			malloc(sizeof (ipqos_conf_params_t));
6636 	if (action->params == NULL) {
6637 		free(action);
6638 		return (NULL);
6639 	}
6640 	bzero(action->params, sizeof (ipqos_conf_params_t));
6641 	action->params->stats_enable = B_FALSE;
6642 
6643 	return (action);
6644 }
6645 
6646 /*
6647  * free all the memory used in all the actions in actions list.
6648  */
6649 static void
6650 free_actions(
6651 ipqos_conf_action_t *actions)
6652 {
6653 
6654 	ipqos_conf_action_t *act = actions;
6655 	ipqos_conf_action_t *next;
6656 	ipqos_conf_filter_t *flt, *nf;
6657 	ipqos_conf_class_t *cls, *nc;
6658 
6659 	while (act != NULL) {
6660 		/* free parameters */
6661 
6662 		if (act->params != NULL) {
6663 			free_arefs(act->params->actions);
6664 			if (act->params->nvlist != NULL) {
6665 				nvlist_free(act->params->nvlist);
6666 			}
6667 			free(act->params);
6668 		}
6669 
6670 		/* free action nvlist */
6671 
6672 		if (act->nvlist != NULL)
6673 			free(act->nvlist);
6674 
6675 		/* free filters */
6676 
6677 		flt = act->filters;
6678 		while (flt != NULL) {
6679 			nf = flt->next;
6680 			free_filter(flt);
6681 			flt = nf;
6682 		}
6683 
6684 		/* free classes */
6685 
6686 		cls = act->classes;
6687 		while (cls != NULL) {
6688 			nc = cls->next;
6689 			free_class(cls);
6690 			cls = nc;
6691 		}
6692 
6693 		/* free permanent classes table */
6694 		cleanup_string_table(act->perm_classes, act->num_perm_classes);
6695 
6696 		/* free filters to retry */
6697 
6698 		flt = act->retry_filters;
6699 		while (flt != NULL) {
6700 			nf = flt->next;
6701 			free_filter(flt);
6702 			flt = nf;
6703 		}
6704 
6705 		/* free dependency pointers */
6706 		free_arefs(act->dependencies);
6707 
6708 		next = act->next;
6709 		free(act);
6710 		act = next;
6711 	}
6712 }
6713 
6714 /*
6715  * Checks whether there is an action called action_name in actions list.
6716  * RETURNS: ptr to first matched action, else if not matched NULL.
6717  *
6718  */
6719 static ipqos_conf_action_t *
6720 actionexist(
6721 char *action_name,
6722 ipqos_conf_action_t *actions)
6723 {
6724 
6725 	IPQOSCDBG1(L1, "In actionexist: name: %s\n", action_name);
6726 
6727 	while (actions) {
6728 		if (strcmp(action_name, actions->name) == 0) {
6729 			break;
6730 		}
6731 		actions = actions->next;
6732 	}
6733 
6734 	return (actions);
6735 }
6736 
6737 /* **************************** act ref manip fns ******************** */
6738 
6739 
6740 /*
6741  * add an action reference element with parameter field and action
6742  * action_name to arefs.
6743  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
6744  */
6745 static int
6746 add_aref(
6747 ipqos_conf_act_ref_t **arefs,
6748 char *field,
6749 char *action_name)
6750 {
6751 
6752 	ipqos_conf_act_ref_t *aref;
6753 
6754 	IPQOSCDBG1(L1, "add_aref: action: %s.\n", action_name);
6755 
6756 	/* allocate zero'd aref */
6757 
6758 	aref = malloc(sizeof (ipqos_conf_act_ref_t));
6759 	if (aref == NULL) {
6760 		ipqos_msg(MT_ENOSTR, "malloc");
6761 		return (IPQOS_CONF_ERR);
6762 	}
6763 	(void) bzero(aref, sizeof (ipqos_conf_act_ref_t));
6764 
6765 	/* copy parameter name if present */
6766 
6767 	if (field)
6768 		(void) strlcpy(aref->field, field, IPQOS_CONF_PNAME_LEN);
6769 
6770 	/* copy action name */
6771 	(void) strlcpy(aref->name, action_name, IPQOS_CONF_NAME_LEN);
6772 
6773 	/* place at head of list */
6774 
6775 	aref->next = *arefs;
6776 	*arefs = aref;
6777 
6778 	return (IPQOS_CONF_SUCCESS);
6779 }
6780 
6781 /*
6782  * free all the memory used by the action references in arefs.
6783  */
6784 static void
6785 free_arefs(
6786 ipqos_conf_act_ref_t *arefs)
6787 {
6788 
6789 	ipqos_conf_act_ref_t *aref = arefs;
6790 	ipqos_conf_act_ref_t *next;
6791 
6792 	while (aref) {
6793 		if (aref->nvlist)
6794 			nvlist_free(aref->nvlist);
6795 		next = aref->next;
6796 		free(aref);
6797 		aref = next;
6798 	}
6799 }
6800 
6801 
6802 
6803 /* *************************************************************** */
6804 
6805 
6806 
6807 /*
6808  * checks whether aname is a valid action name.
6809  * RETURNS: IPQOS_CONF_ERR if invalid, else IPQOS_CONF_SUCCESS.
6810  */
6811 static int
6812 valid_aname(char *aname)
6813 {
6814 
6815 	/*
6816 	 * dissallow the use of the name of a virtual action, either
6817 	 * the ipqosconf name, or the longer ipp names.
6818 	 */
6819 	if (strcmp(aname, IPQOS_CONF_CONT_STR) == 0 ||
6820 	    strcmp(aname, IPQOS_CONF_DEFER_STR) == 0 ||
6821 	    strcmp(aname, IPQOS_CONF_DROP_STR) == 0 ||
6822 	    virtual_action(aname)) {
6823 		ipqos_msg(MT_ERROR, gettext("Invalid action name line %u.\n"),
6824 		    lineno);
6825 		return (IPQOS_CONF_ERR);
6826 	}
6827 
6828 	return (IPQOS_CONF_SUCCESS);
6829 }
6830 
6831 /*
6832  * Opens a stream to the types file for module module_name (assuming
6833  * that the file path is TYPES_FILE_DIR/module_name.types). if
6834  * a file open failure occurs, *openerr is set to 1.
6835  * RETURNS: NULL on error, else stream ptr to module types file.
6836  */
6837 static FILE *
6838 validmod(
6839 char *module_name,
6840 int *openerr)
6841 {
6842 
6843 	FILE *fp;
6844 	char *path;
6845 
6846 	IPQOSCDBG1(L1, "In validmod: module_name: %s\n", module_name);
6847 
6848 	*openerr = 0;
6849 
6850 	/* create modules type file path */
6851 
6852 	path = malloc(strlen(TYPES_FILE_DIR) + strlen(module_name) +
6853 	    strlen(".types") + 1);
6854 	if (path == NULL) {
6855 		ipqos_msg(MT_ENOSTR, "malloc");
6856 		return (NULL);
6857 	}
6858 	(void) strcpy(path, TYPES_FILE_DIR);
6859 	(void) strcat(path, module_name);
6860 	(void) strcat(path, ".types");
6861 
6862 
6863 	IPQOSCDBG1(L1, "opening file %s\n", path);
6864 
6865 	/* open stream to types file */
6866 
6867 	fp = fopen(path, "r");
6868 	if (fp == NULL) {
6869 		(*openerr)++;
6870 	}
6871 
6872 	free(path);
6873 	return (fp);
6874 }
6875 
6876 
6877 /*
6878  * read a class clause from cfp into a class struct and point class at this.
6879  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
6880  */
6881 static int
6882 readclass(
6883 FILE *cfp,
6884 char *module_name,
6885 ipqos_conf_class_t **class,
6886 char **perm_classes,
6887 int num_perm_classes)
6888 {
6889 
6890 	int nm, act;
6891 	int res;
6892 	nvpair_t *nvp;
6893 	ipqos_nvtype_t type;
6894 	char *name;
6895 	char *action;
6896 	int stats;
6897 
6898 	IPQOSCDBG0(L0, "in readclass\n");
6899 
6900 	/* create and zero class struct */
6901 
6902 	*class = alloc_class();
6903 	if (!*class) {
6904 		return (IPQOS_CONF_ERR);
6905 	}
6906 	(*class)->originator = IPP_CONFIG_IPQOSCONF;
6907 
6908 	/* get starting line for error reporting */
6909 	(*class)->lineno = lineno;
6910 
6911 	/* read curl_begin */
6912 
6913 	res = read_curl_begin(cfp);
6914 	if (res != IPQOS_CONF_SUCCESS) {
6915 		goto fail;
6916 	}
6917 
6918 	/* loop reading parameters till read curl_end */
6919 
6920 	stats = nm = act = 0;
6921 	for (;;) {
6922 		/* read nvpair */
6923 		res = readnvpair(cfp, NULL, &(*class)->nvlist,
6924 		    &nvp, &type, PL_CLASS, module_name);
6925 		if (res == IPQOS_CONF_ERR) {
6926 			goto fail;
6927 
6928 		/* reached end of class clause */
6929 		} else if (res == IPQOS_CONF_CURL_END) {
6930 			break;
6931 		}
6932 
6933 		/*
6934 		 * catch name and action nv pairs and stats if present
6935 		 * and place values in class structure.
6936 		 */
6937 
6938 		/* name */
6939 
6940 		if (nm == 0 &&
6941 		    strcmp(nvpair_name(nvp), IPQOS_CONF_NAME_STR) == 0) {
6942 
6943 			(void) nvpair_value_string(nvp, &name);
6944 
6945 			if (valid_name(name) != IPQOS_CONF_SUCCESS) {
6946 				goto fail;
6947 			}
6948 			(void) strcpy((*class)->name, name);
6949 			nm++;
6950 
6951 		/* next action */
6952 
6953 		} else if (act == 0 &&
6954 		    strcmp(nvpair_name(nvp), IPQOS_CONF_NEXT_ACTION_STR) == 0) {
6955 
6956 			(void) nvpair_value_string(nvp, &action);
6957 
6958 			/*
6959 			 * if next action string continue string set action to
6960 			 * IPP_ANAME_CONT, else if drop string IPP_ANAME_DROP
6961 			 */
6962 			if (strcmp(action, IPQOS_CONF_CONT_STR) == 0) {
6963 				action = IPP_ANAME_CONT;
6964 			} else if (strcmp(action, IPQOS_CONF_DROP_STR) == 0) {
6965 				action = IPP_ANAME_DROP;
6966 			}
6967 
6968 			/* add an action reference to action list */
6969 
6970 			res = add_aref(&(*class)->alist,
6971 			    IPQOS_CONF_NEXT_ACTION_STR, action);
6972 			if (res != IPQOS_CONF_SUCCESS) {
6973 				goto fail;
6974 			}
6975 			act++;
6976 
6977 		/* class stats enable */
6978 
6979 		} else if (stats == 0 &&
6980 		    strcmp(nvpair_name(nvp), IPQOS_CONF_STATS_ENABLE_STR) ==
6981 		    0) {
6982 			boolean_t bl;
6983 
6984 			(void) nvpair_value_uint32(nvp, (uint32_t *)&bl);
6985 			(*class)->stats_enable = bl;
6986 
6987 			stats++;
6988 
6989 		/* no other / duplicate parameters allowed */
6990 
6991 		} else {
6992 			ipqos_msg(MT_ERROR,
6993 			    gettext("Unexpected parameter line %u.\n"), lineno);
6994 			goto fail;
6995 		}
6996 	}
6997 	if (nm == 0 || act == 0) {
6998 		ipqos_msg(MT_ERROR,
6999 		    gettext("Missing class name/next action before line %u.\n"),
7000 		    lineno);
7001 		goto fail;
7002 	}
7003 
7004 	/* change class originator field to permanent if permanent class */
7005 
7006 	if (in_string_table(perm_classes, num_perm_classes, (*class)->name)) {
7007 	    IPQOSCDBG1(L0, "Setting class %s as permanent.\n", (*class)->name);
7008 		(*class)->originator = IPP_CONFIG_PERMANENT;
7009 	}
7010 
7011 	return (IPQOS_CONF_SUCCESS);
7012 fail:
7013 	if (*class)
7014 		free_class(*class);
7015 	return (IPQOS_CONF_ERR);
7016 }
7017 
7018 /*
7019  * This function assumes either src_nd_name or dst_node_nm are set in filter.
7020  *
7021  * Creates one of more copies of filter according to the ip versions
7022  * requested (or assumed) and the resolution of the src and dst address
7023  * node names if spec'd. If both node names are spec'd then a filter is
7024  * created for each pair of addresses (one from each node name) that is
7025  * compatible with the chosen address family, otherwise a filter copy is
7026  * created for just each address of the single node name that is
7027  * compatible.
7028  * If filter->ip_versions has been set that is used to determine the
7029  * af's we will create filters for, else if a numeric address was
7030  * added the family of that will be used, otherwise we fall back
7031  * to both v4 and v6 addresses.
7032  *
7033  * Any name lookup failures that occur are checked to see whether the failure
7034  * was a soft or hard failure and the nlerr field of filter set accordingly
7035  * before the error is returned.
7036  *
7037  * RETURNS: IPQOS_CONF_ERR on any error, else IPQOS_CONF_SUCCESS.
7038  */
7039 
7040 static int
7041 domultihome(
7042 ipqos_conf_filter_t *filter,
7043 ipqos_conf_filter_t **flist,
7044 boolean_t last_retry)
7045 {
7046 
7047 	uint32_t ftype;
7048 	int v4 = 1, v6 = 1;	/* default lookup family is v4 and v6 */
7049 	int saf, daf;
7050 	struct hostent *shp = NULL;
7051 	struct hostent *dhp = NULL;
7052 	in6_addr_t daddr, saddr;
7053 	int idx = 0;
7054 	ipqos_conf_filter_t *nfilter;
7055 	int res;
7056 	int ernum;
7057 	int in32b = 0;
7058 	char **sp, **dp;
7059 
7060 	IPQOSCDBG3(MHME, "In domultihome: filter: %s, src_node: %s, "
7061 	    "dst_node: %s\n", filter->name,
7062 	    (filter->src_nd_name ? filter->src_nd_name : "NULL"),
7063 	    (filter->dst_nd_name ? filter->dst_nd_name : "NULL"));
7064 
7065 	/* check if we've read an ip_version request to get the versions */
7066 
7067 	if (filter->ip_versions != 0) {
7068 		v4 = VERSION_IS_V4(filter);
7069 		v6 = VERSION_IS_V6(filter);
7070 
7071 	/* otherwise check if we've read a numeric address and get versions */
7072 
7073 	} else if (nvlist_lookup_uint32(filter->nvlist, IPGPC_FILTER_TYPE,
7074 	    &ftype) == 0) {
7075 		if (ftype == IPGPC_V4_FLTR) {
7076 			v6--;
7077 		} else {
7078 			v4--;
7079 		}
7080 	}
7081 
7082 	/* read saddrs if src node name */
7083 
7084 	if (filter->src_nd_name) {
7085 
7086 		/* v4 only address */
7087 
7088 		if (v4 && !v6) {
7089 			in32b++;
7090 			shp = getipnodebyname(filter->src_nd_name, AF_INET,
7091 			    AI_ADDRCONFIG, &ernum);
7092 
7093 		/* v6 only  */
7094 
7095 		} else if (v6 && !v4) {
7096 			shp = getipnodebyname(filter->src_nd_name, AF_INET6,
7097 			    AI_DEFAULT, &ernum);
7098 
7099 		/* v4 and v6 */
7100 
7101 		} else if (v6 && v4) {
7102 			shp = getipnodebyname(filter->src_nd_name, AF_INET6,
7103 			    AI_DEFAULT|AI_ALL, &ernum);
7104 		}
7105 
7106 #ifdef	TESTING_RETRY
7107 if (!last_retry) {
7108 	filter->nlerr = IPQOS_LOOKUP_RETRY;
7109 	goto fail;
7110 }
7111 #endif
7112 
7113 		/*
7114 		 * if lookup error determine whether it was a soft or hard
7115 		 * failure and mark as such in filter.
7116 		 */
7117 		if (shp == NULL) {
7118 			if (ernum != TRY_AGAIN) {
7119 				ipqos_msg(MT_ERROR, gettext("Failed to "
7120 				    "resolve src host name for filter at "
7121 				    "line %u, ignoring filter.\n"),
7122 				    filter->lineno);
7123 				filter->nlerr = IPQOS_LOOKUP_FAIL;
7124 			} else {
7125 				if (last_retry) {
7126 					ipqos_msg(MT_ERROR, gettext("Failed "
7127 					    "to resolve src host name for "
7128 					    "filter at line %u, ignoring "
7129 					    "filter.\n"), filter->lineno);
7130 				}
7131 				filter->nlerr = IPQOS_LOOKUP_RETRY;
7132 			}
7133 			goto fail;
7134 		}
7135 	}
7136 
7137 	/* read daddrs if dst node name */
7138 	if (filter->dst_nd_name) {
7139 
7140 		/* v4 only address */
7141 
7142 		if (v4 && !v6) {
7143 			in32b++;
7144 			dhp = getipnodebyname(filter->dst_nd_name, AF_INET,
7145 			    AI_ADDRCONFIG, &ernum);
7146 
7147 		/* v6 only */
7148 
7149 		} else if (v6 && !v4) {
7150 			dhp = getipnodebyname(filter->dst_nd_name, AF_INET6,
7151 			    AI_DEFAULT, &ernum);
7152 
7153 		/*  v6 and v4 addresses */
7154 
7155 		} else {
7156 			dhp = getipnodebyname(filter->dst_nd_name, AF_INET6,
7157 			    AI_DEFAULT|AI_ALL, &ernum);
7158 		}
7159 
7160 		if (dhp == NULL) {
7161 			if (ernum != TRY_AGAIN) {
7162 				ipqos_msg(MT_ERROR, gettext("Failed to "
7163 				    "resolve dst host name for filter at "
7164 				    "line %u, ignoring filter.\n"),
7165 				    filter->lineno);
7166 				filter->nlerr = IPQOS_LOOKUP_FAIL;
7167 			} else {
7168 				if (last_retry) {
7169 					ipqos_msg(MT_ERROR, gettext("Failed "
7170 					    "to resolve dst host name for "
7171 					    "filter at line %u, ignoring "
7172 					    "filter.\n"), filter->lineno);
7173 				}
7174 				filter->nlerr = IPQOS_LOOKUP_RETRY;
7175 			}
7176 			goto fail;
7177 		}
7178 	}
7179 
7180 	/*
7181 	 * if src and dst node name, create set of filters; one for each
7182 	 * src and dst address of matching types.
7183 	 */
7184 	if (filter->src_nd_name && filter->dst_nd_name) {
7185 
7186 		for (sp = shp->h_addr_list; *sp != NULL; sp++) {
7187 			(void) bcopy(*sp, &saddr, shp->h_length);
7188 
7189 			/* get saddr family */
7190 
7191 			if (in32b || IN6_IS_ADDR_V4MAPPED(&saddr)) {
7192 				saf = AF_INET;
7193 			} else {
7194 				saf = AF_INET6;
7195 			}
7196 
7197 			for (dp = dhp->h_addr_list; *dp != NULL; dp++) {
7198 				(void) bcopy(*dp, &daddr, dhp->h_length);
7199 
7200 				/* get daddr family */
7201 
7202 				if (in32b || IN6_IS_ADDR_V4MAPPED(&daddr)) {
7203 					daf = AF_INET;
7204 				} else {
7205 					daf = AF_INET6;
7206 				}
7207 
7208 				/*
7209 				 * if saddr and daddr same af duplicate
7210 				 * filter adding addresses and new instance
7211 				 * number and add to flist filter list.
7212 				 */
7213 
7214 				if (daf == saf) {
7215 
7216 					res = dup_filter(filter, &nfilter, saf,
7217 					    !in32b, &saddr, &daddr, ++idx);
7218 					if (res != IPQOS_CONF_SUCCESS) {
7219 						goto fail;
7220 					}
7221 					ADD_TO_LIST(flist, nfilter);
7222 				}
7223 			}
7224 		}
7225 
7226 	/* if src name only create set of filters, one for each node address */
7227 
7228 	} else if (filter->src_nd_name) {
7229 
7230 		for (sp = shp->h_addr_list; *sp != NULL; sp++) {
7231 			(void) bcopy(*sp, &saddr, shp->h_length);
7232 
7233 			/* get af */
7234 
7235 			if (in32b || IN6_IS_ADDR_V4MAPPED(&saddr)) {
7236 				saf = AF_INET;
7237 			} else {
7238 				saf = AF_INET6;
7239 			}
7240 
7241 
7242 			/*
7243 			 * dup filter adding saddr and new instance num and
7244 			 * add to flist filter list.
7245 			 */
7246 			res = dup_filter(filter, &nfilter, saf, !in32b, &saddr,
7247 			    NULL, ++idx);
7248 			if (res != IPQOS_CONF_SUCCESS) {
7249 				goto fail;
7250 			}
7251 
7252 			ADD_TO_LIST(flist, nfilter);
7253 
7254 		}
7255 
7256 	/* if dname only create set of filters, one for each node address */
7257 
7258 	} else {
7259 		for (dp = dhp->h_addr_list; *dp != NULL; dp++) {
7260 			(void) bcopy(*dp, &daddr, dhp->h_length);
7261 
7262 			/* get af */
7263 
7264 			if (in32b || IN6_IS_ADDR_V4MAPPED(&daddr)) {
7265 				daf = AF_INET;
7266 			} else {
7267 				daf = AF_INET6;
7268 			}
7269 
7270 			/*
7271 			 * dup filter adding daddr and new instance num and
7272 			 * add to flist filter list.
7273 			 */
7274 			res = dup_filter(filter, &nfilter, daf, !in32b, NULL,
7275 			    &daddr, ++idx);
7276 			if (res != IPQOS_CONF_SUCCESS) {
7277 				goto fail;
7278 			}
7279 
7280 			ADD_TO_LIST(flist, nfilter);
7281 		}
7282 	}
7283 
7284 	if (shp)
7285 		freehostent(shp);
7286 	if (dhp)
7287 		freehostent(dhp);
7288 	return (IPQOS_CONF_SUCCESS);
7289 fail:
7290 	/*
7291 	 * should really clean up any filters that we have created,
7292 	 * however, free_actions called from readaction will cleam them up.
7293 	 */
7294 	if (shp)
7295 		freehostent(shp);
7296 	if (dhp)
7297 		freehostent(dhp);
7298 	return (IPQOS_CONF_ERR);
7299 }
7300 
7301 
7302 /*
7303  * read a filter clause from cfp into a filter struct and point filter
7304  * at this.
7305  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
7306  */
7307 static int
7308 readfilter(
7309 FILE *cfp,
7310 FILE *tfp,
7311 char *module_name,
7312 ipqos_conf_filter_t **filter,
7313 char **perm_filters,
7314 int num_perm_filters)
7315 {
7316 
7317 	int res;
7318 	int nm, cls, ipv;
7319 	in6_addr_t mask;
7320 	char *addr_str;
7321 	char *sl = NULL;
7322 	in6_addr_t addr;
7323 	int sa;
7324 	struct hostent *hp;
7325 	int err_num;
7326 	int v4 = 0, v6 = 0;
7327 	uchar_t mlen;
7328 	char *tmp;
7329 	nvpair_t *nvp;
7330 	ipqos_nvtype_t type;
7331 	char *name;
7332 	char *class;
7333 	uchar_t b;
7334 	in6_addr_t v6addr;
7335 
7336 	IPQOSCDBG0(L0, "in readfilter\n");
7337 
7338 
7339 	/* create and zero filter struct */
7340 
7341 	*filter = alloc_filter();
7342 	if (*filter == NULL) {
7343 		return (IPQOS_CONF_ERR);
7344 	}
7345 	(*filter)->originator = IPP_CONFIG_IPQOSCONF;
7346 
7347 	/* get starting line for error reporting */
7348 	(*filter)->lineno = lineno;
7349 
7350 	/* read beginning curl */
7351 
7352 	res = read_curl_begin(cfp);
7353 	if (res != IPQOS_CONF_SUCCESS) {
7354 		goto fail;
7355 	}
7356 
7357 
7358 	/*
7359 	 * loop reading nvpairs onto nvlist until encounter CURL_END
7360 	 */
7361 	ipv = nm = cls = 0;
7362 	for (;;) {
7363 		/* read nvpair */
7364 
7365 		res = readnvpair(cfp, tfp, &(*filter)->nvlist,
7366 		    &nvp, &type, PL_FILTER, module_name);
7367 		if (res == IPQOS_CONF_ERR) {
7368 			goto fail;
7369 
7370 		/* reached the end of filter definition */
7371 
7372 		} else if (res == IPQOS_CONF_CURL_END) {
7373 			break;
7374 		}
7375 
7376 		/*
7377 		 * catch name and class and place value into filter
7378 		 * structure.
7379 		 */
7380 
7381 		/* read filter name */
7382 
7383 		if (strcmp(nvpair_name(nvp), IPQOS_CONF_NAME_STR) == 0) {
7384 			if (nm != 0) {
7385 				ipqos_msg(MT_ERROR,
7386 				    gettext("Duplicate parameter line %u.\n"),
7387 				    lineno);
7388 				goto fail;
7389 			}
7390 
7391 			(void) nvpair_value_string(nvp, &name);
7392 			if (valid_name(name) != IPQOS_CONF_SUCCESS) {
7393 				goto fail;
7394 			}
7395 
7396 			(void) strcpy((*filter)->name, name);
7397 			(void) nvlist_remove_all((*filter)->nvlist,
7398 			    IPQOS_CONF_NAME_STR);
7399 			nm++;
7400 
7401 		/* read class name */
7402 
7403 		} else if (strcmp(nvpair_name(nvp), IPQOS_CONF_CLASS_STR) ==
7404 		    0) {
7405 			if (cls != 0) {
7406 				ipqos_msg(MT_ERROR,
7407 				    gettext("Duplicate parameter line %u.\n"),
7408 				    lineno);
7409 				goto fail;
7410 			}
7411 
7412 			if (nvpair_value_string(nvp, &class) != 0) {
7413 				ipqos_msg(MT_ENOSTR, "nvpair_value_string");
7414 				break;
7415 			}
7416 			if (valid_name(class) != IPQOS_CONF_SUCCESS) {
7417 				goto fail;
7418 			}
7419 			(void) strcpy((*filter)->class_name, class);
7420 			(void) nvlist_remove_all((*filter)->nvlist,
7421 			    IPQOS_CONF_CLASS_STR);
7422 			cls++;
7423 
7424 		/*
7425 		 * if a src or dst ip node name/address. For those that
7426 		 * are determined to be addresses we convert them from
7427 		 * strings here and add to the filter nvlist; for node names
7428 		 * we add the name to the filter struct for readaction to
7429 		 * process.
7430 		 */
7431 		} else if (strcmp(nvpair_name(nvp), IPGPC_SADDR) == 0 ||
7432 		    strcmp(nvpair_name(nvp), IPGPC_DADDR) == 0) {
7433 
7434 			sa = 0;
7435 
7436 			if (strcmp(nvpair_name(nvp), IPGPC_SADDR) == 0) {
7437 				sa++;
7438 			}
7439 
7440 			(void) nvpair_value_string(nvp, &addr_str);
7441 
7442 			/*
7443 			 * get the address mask if present.
7444 			 * make a copy so that the nvlist element that
7445 			 * it is part of doesn't dissapear and causes probs.
7446 			 */
7447 			sl = strchr(addr_str, '/');
7448 			if (sl) {
7449 				*sl = '\0';
7450 				tmp = malloc(strlen(++sl) + 1);
7451 				if (tmp == NULL) {
7452 					ipqos_msg(MT_ENOSTR, "malloc");
7453 					goto fail;
7454 				}
7455 				(void) strcpy(tmp, sl);
7456 				sl = tmp;
7457 			}
7458 
7459 
7460 			/* if a numeric address */
7461 
7462 			if (inet_pton(AF_INET, addr_str, &addr) == 1 ||
7463 			    inet_pton(AF_INET6, addr_str, &addr) == 1) {
7464 
7465 				/* get address */
7466 
7467 				hp = getipnodebyname(addr_str, AF_INET6,
7468 				    AI_DEFAULT, &err_num);
7469 				if (hp == NULL) {
7470 					ipqos_msg(MT_ENOSTR,
7471 					    "getipnodebyname");
7472 					goto fail;
7473 				}
7474 
7475 				(void) bcopy(hp->h_addr_list[0], &v6addr,
7476 				    hp->h_length);
7477 				freehostent(hp);
7478 
7479 				/* determine address type */
7480 
7481 				v4 = IN6_IS_ADDR_V4MAPPED(&v6addr);
7482 				if (!v4) {
7483 					v6++;
7484 				}
7485 
7486 				/*
7487 				 * check any previous addresses have same
7488 				 * version.
7489 				 */
7490 				if (nvlist_lookup_byte((*filter)->nvlist,
7491 				    IPGPC_FILTER_TYPE, &b) == 0) {
7492 					if (v4 && b != IPGPC_V4_FLTR ||
7493 					    v6 && b != IPGPC_V6_FLTR) {
7494 						ipqos_msg(MT_ERROR,
7495 						    gettext("Incompatible "
7496 						    "address version line "
7497 						    "%u.\n"), lineno);
7498 						goto fail;
7499 					}
7500 				}
7501 
7502 				/*
7503 				 * check that if ip_version spec'd it
7504 				 * corresponds.
7505 				 */
7506 				if ((*filter)->ip_versions != 0) {
7507 					if (v4 && !VERSION_IS_V4(*filter) ||
7508 					    v6 && !VERSION_IS_V6(*filter)) {
7509 						ipqos_msg(MT_ERROR,
7510 						    gettext("Incompatible "
7511 						    "address version line %u"
7512 						    ".\n"), lineno);
7513 						goto fail;
7514 					}
7515 				}
7516 
7517 				/* add the address type */
7518 
7519 				res = nvlist_add_byte(
7520 				(*filter)->nvlist, IPGPC_FILTER_TYPE,
7521 				    v4 ? IPGPC_V4_FLTR : IPGPC_V6_FLTR);
7522 				if (res != 0) {
7523 					ipqos_msg(MT_ENOSTR,
7524 					    "nvlist_add_byte");
7525 					goto fail;
7526 				}
7527 
7528 				/* add address to list */
7529 
7530 				res = nvlist_add_uint32_array((*filter)->nvlist,
7531 				    sa ? IPGPC_SADDR : IPGPC_DADDR,
7532 				    (uint32_t *)&v6addr, 4);
7533 				if (res != 0) {
7534 					ipqos_msg(MT_ENOSTR,
7535 					    "nvlist_add_uint32_array");
7536 					goto fail;
7537 				}
7538 
7539 
7540 				/*
7541 				 * add mask entry in list.
7542 				 */
7543 
7544 				if (sl) {	/* have CIDR mask */
7545 					char *lo;
7546 					res = readuint8(sl, &mlen, &lo);
7547 					if (res != IPQOS_CONF_SUCCESS ||
7548 					    v4 && mlen > 32 ||
7549 					    !v4 && mlen > 128 ||
7550 					    mlen == 0) {
7551 						ipqos_msg(MT_ERROR,
7552 						    gettext("Invalid CIDR "
7553 						    "mask line %u.\n"), lineno);
7554 						goto fail;
7555 					}
7556 					setmask(mlen, &mask,
7557 					    v4 ? AF_INET : AF_INET6);
7558 					free(sl);
7559 				} else {
7560 					/* no CIDR mask spec'd - use all 1s */
7561 
7562 					(void) memset(&mask, ~0,
7563 					    sizeof (in6_addr_t));
7564 				}
7565 				res = nvlist_add_uint32_array((*filter)->nvlist,
7566 				    sa ? IPGPC_SADDR_MASK : IPGPC_DADDR_MASK,
7567 				    (uint32_t *)&mask, 4);
7568 				if (res != 0) {
7569 					ipqos_msg(MT_ENOSTR,
7570 					    "nvlist_add_uint32_arr");
7571 					goto fail;
7572 				}
7573 
7574 			/* inet_pton returns fail - we assume a node name */
7575 
7576 			} else {
7577 				/*
7578 				 * doesn't make sense to have a mask
7579 				 * with a node name.
7580 				 */
7581 				if (sl) {
7582 					ipqos_msg(MT_ERROR,
7583 					    gettext("Address masks aren't "
7584 					    "allowed for host names line "
7585 					    "%u.\n"), lineno);
7586 					goto fail;
7587 				}
7588 
7589 				/*
7590 				 * store node name in filter struct for
7591 				 * later resolution.
7592 				 */
7593 				if (sa) {
7594 					(*filter)->src_nd_name =
7595 					    malloc(strlen(addr_str) + 1);
7596 					(void) strcpy((*filter)->src_nd_name,
7597 					    addr_str);
7598 				} else {
7599 					(*filter)->dst_nd_name =
7600 					    malloc(strlen(addr_str) + 1);
7601 					(void) strcpy((*filter)->dst_nd_name,
7602 					    addr_str);
7603 				}
7604 			}
7605 
7606 		/* ip_version enumeration */
7607 
7608 		} else if (strcmp(nvpair_name(nvp), IPQOS_CONF_IP_VERSION) ==
7609 		    0) {
7610 			/* check we haven't read ip_version before */
7611 			if (ipv) {
7612 				ipqos_msg(MT_ERROR,
7613 				    gettext("Duplicate parameter line %u.\n"),
7614 				    lineno);
7615 				goto fail;
7616 			}
7617 			ipv++;
7618 
7619 			/* get bitmask value */
7620 
7621 			(void) nvpair_value_uint32(nvp,
7622 			    &(*filter)->ip_versions);
7623 
7624 			/*
7625 			 * check that if either ip address is spec'd it
7626 			 * corresponds.
7627 			 */
7628 			if (v4 && !VERSION_IS_V4(*filter) ||
7629 			    v6 && !VERSION_IS_V6(*filter)) {
7630 				ipqos_msg(MT_ERROR, gettext("Incompatible "
7631 				    "address version line %u.\n"), lineno);
7632 				goto fail;
7633 			}
7634 
7635 			/* remove ip_version from nvlist */
7636 
7637 			(void) nvlist_remove_all((*filter)->nvlist,
7638 			    IPQOS_CONF_IP_VERSION);
7639 		}
7640 	}
7641 	if (nm == 0 || cls == 0) {
7642 		ipqos_msg(MT_ERROR, gettext("Missing filter/class name "
7643 		    "before line %u.\n"), lineno);
7644 		goto fail;
7645 	}
7646 
7647 	if (in_string_table(perm_filters, num_perm_filters, (*filter)->name)) {
7648 		IPQOSCDBG1(L0, "Setting filter %s as permanent.\n",
7649 		    (*filter)->name);
7650 
7651 		(*filter)->originator = IPP_CONFIG_PERMANENT;
7652 	}
7653 
7654 	return (IPQOS_CONF_SUCCESS);
7655 fail:
7656 	if (*filter)
7657 		free_filter(*filter);
7658 	if (hp)
7659 		freehostent(hp);
7660 	if (sl)
7661 		free(sl);
7662 
7663 	return (IPQOS_CONF_ERR);
7664 }
7665 
7666 /*
7667  * reads the curl begin token from cfp stream.
7668  * RETURNS: IPQOS_CONF_ERR if not read successfully, else IPQOS_CONF_SUCCES.
7669  */
7670 static int
7671 read_curl_begin(FILE *cfp)
7672 {
7673 
7674 	int res;
7675 	char *st;
7676 
7677 	res = readtoken(cfp, &st);
7678 
7679 	if (res != IPQOS_CONF_CURL_BEGIN) {
7680 		if (res == IPQOS_CONF_EOF) {
7681 			ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
7682 
7683 		/* if CURL_END or something else */
7684 		} else if (res != IPQOS_CONF_ERR) {
7685 			free(st);
7686 			ipqos_msg(MT_ERROR, gettext("\'{\' missing at line "
7687 			    "%u.\n"), lineno);
7688 		}
7689 		return (IPQOS_CONF_ERR);
7690 	}
7691 
7692 	free(st);
7693 	return (IPQOS_CONF_SUCCESS);
7694 }
7695 
7696 /*
7697  * This function parses the parameter string version into a version of the
7698  * form "%u.%u" (as a sscanf format string). It then encodes this into an
7699  * int and returns this encoding.
7700  * RETURNS: -1 if an invalid string, else the integer encoding.
7701  */
7702 static int
7703 ver_str_to_int(
7704 char *version)
7705 {
7706 	uint32_t major, minor;
7707 	int ver;
7708 
7709 	if (sscanf(version, "%u.%u", &major, &minor) != 2) {
7710 		IPQOSCDBG0(L0, "Failed to process version number string\n");
7711 		return (-1);
7712 	}
7713 
7714 	ver = (int)((major * 10000) + minor);
7715 	return (ver);
7716 }
7717 
7718 /*
7719  * This function scans through the stream fp line by line looking for
7720  * a line beginning with version_tag and returns a integer encoding of
7721  * the version following it.
7722  *
7723  * RETURNS: If the version definition isn't found or the version is not
7724  * a valid version (%u.%u) then -1 is returned, else an integer encoding
7725  * of the read version.
7726  */
7727 static int
7728 read_tfile_ver(
7729 FILE *fp,
7730 char *version_tag,
7731 char *module_name)
7732 {
7733 	char lbuf[IPQOS_CONF_LINEBUF_SZ];
7734 	char buf[IPQOS_CONF_LINEBUF_SZ+1];
7735 	char buf2[IPQOS_CONF_LINEBUF_SZ+1];
7736 	int found = 0;
7737 	int version;
7738 
7739 	/*
7740 	 * reset to file start
7741 	 */
7742 	if (fseek(fp, 0, SEEK_SET) != 0) {
7743 		ipqos_msg(MT_ENOSTR, "fseek");
7744 		return (-1);
7745 	}
7746 
7747 	/*
7748 	 * loop reading lines till found the one beginning with version_tag.
7749 	 */
7750 	while (fgets(lbuf, IPQOS_CONF_LINEBUF_SZ, fp) != NULL) {
7751 		if ((sscanf(lbuf,
7752 		    "%" VAL2STR(IPQOS_CONF_LINEBUF_SZ) "s"
7753 		    "%" VAL2STR(IPQOS_CONF_LINEBUF_SZ) "s",
7754 		    buf, buf2) == 2) &&
7755 		    (strcmp(buf, version_tag) == 0)) {
7756 			found++;
7757 			break;
7758 		}
7759 	}
7760 	if (found == 0) {
7761 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
7762 		    "corrupt.\n"), module_name);
7763 		IPQOSCDBG1(L1, "Couldn't find %s in types file\n",
7764 		    version_tag);
7765 		return (-1);
7766 	}
7767 
7768 	/*
7769 	 * convert version string into int.
7770 	 */
7771 	if ((version = ver_str_to_int(buf2)) == -1) {
7772 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
7773 		    "corrupt.\n"), module_name);
7774 		return (-1);
7775 	}
7776 
7777 	return (version);
7778 }
7779 
7780 /*
7781  * read action clause and params/classes/filters clauses within and
7782  * store in and hang off an action structure, and point action at it.
7783  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
7784  */
7785 static int
7786 readaction(
7787 FILE *cfp,
7788 ipqos_conf_action_t **action)
7789 {
7790 
7791 	char *st;
7792 	FILE *tfp = NULL;
7793 	int nm, md;
7794 	int readprms = 0;
7795 	int res;
7796 	char *strval;
7797 	char *name;
7798 	nvpair_t *nvp;
7799 	ipqos_nvtype_t type;
7800 	ipqos_conf_filter_t *filter;
7801 	ipqos_conf_class_t *class;
7802 	int oe;
7803 	char **perm_filters;
7804 	int num_perm_filters;
7805 	int tf_fmt_ver;
7806 
7807 	IPQOSCDBG0(L0, "in readaction\n");
7808 
7809 	res = readtoken(cfp, &st);
7810 	if (res == IPQOS_CONF_ERR || res == IPQOS_CONF_EOF) {
7811 		return (res);
7812 	} else if (strcmp(st, IPQOS_CONF_ACTION_STR) != 0) {
7813 			ipqos_msg(MT_ERROR, gettext("Missing %s token line "
7814 			    "%u.\n"), IPQOS_CONF_ACTION_STR, lineno);
7815 			free(st);
7816 			return (IPQOS_CONF_ERR);
7817 	}
7818 	free(st);
7819 
7820 	/* create action structure */
7821 
7822 	*action = alloc_action();
7823 	if (*action == NULL) {
7824 		return (IPQOS_CONF_ERR);
7825 	}
7826 	(*action)->params->originator = IPP_CONFIG_IPQOSCONF;
7827 
7828 
7829 	/* get starting line for error reporting */
7830 	(*action)->lineno = lineno;
7831 
7832 	/* read beginning curl */
7833 
7834 	res = read_curl_begin(cfp);
7835 	if (res != IPQOS_CONF_SUCCESS) {
7836 		goto fail;
7837 	}
7838 
7839 	/* loop till read both action name and module */
7840 
7841 	nm = md = 0;
7842 	do {
7843 		/* read nvpair */
7844 
7845 		res = readnvpair(cfp, NULL, &(*action)->nvlist, &nvp, &type,
7846 		    PL_ACTION, NULL);
7847 		if (res == IPQOS_CONF_ERR) {
7848 			goto fail;
7849 
7850 		/* read curl_end */
7851 
7852 		} else if (res == IPQOS_CONF_CURL_END) {
7853 			if (nm == 0 || md == 0) {
7854 				ipqos_msg(MT_ERROR,
7855 				    gettext("Missing action name/ module "
7856 				    "before line %u.\n"), lineno);
7857 				goto fail;
7858 			}
7859 		}
7860 
7861 
7862 		/* store name and module in action structure */
7863 
7864 		name = nvpair_name(nvp);
7865 
7866 		/* read action name */
7867 
7868 		if (nm == 0 && strcmp(name, IPQOS_CONF_NAME_STR) == 0) {
7869 
7870 			(void) nvpair_value_string(nvp, &strval);
7871 
7872 			/* check name is valid */
7873 
7874 			if (valid_name(strval) != IPQOS_CONF_SUCCESS ||
7875 			    valid_aname(strval) != IPQOS_CONF_SUCCESS) {
7876 				goto fail;
7877 			}
7878 
7879 			/* store and remove from list */
7880 
7881 			(void) strcpy((*action)->name, strval);
7882 			/* remove name from nvlist */
7883 			(void) nvlist_remove_all((*action)->nvlist,
7884 			    IPQOS_CONF_NAME_STR);
7885 
7886 			nm++;
7887 
7888 		/* read module name */
7889 
7890 		} else if (md == 0 &&
7891 		    strcmp(name, IPQOS_CONF_MODULE_STR) == 0) {
7892 			/*
7893 			 * check that module has a type file and get
7894 			 * open stream to it.
7895 			 */
7896 			(void) nvpair_value_string(nvp, &strval);
7897 			if ((tfp = validmod(strval, &oe)) == NULL) {
7898 				if (oe) {
7899 					if (errno == ENOENT) {
7900 						ipqos_msg(MT_ERROR,
7901 						    gettext("Invalid "
7902 						    "module name line %u.\n"),
7903 						    lineno);
7904 					} else {
7905 						ipqos_msg(MT_ENOSTR, "fopen");
7906 					}
7907 				}
7908 				goto fail;
7909 			}
7910 
7911 			/*
7912 			 * move module name to action struct
7913 			 */
7914 			(void) strlcpy((*action)->module, strval,
7915 			    IPQOS_CONF_NAME_LEN);
7916 			(void) nvlist_remove_all((*action)->nvlist,
7917 			    IPQOS_CONF_MODULE_STR);
7918 			md++;
7919 
7920 		/* duplicate/other parameter */
7921 
7922 		} else {
7923 			ipqos_msg(MT_ERROR,
7924 			    gettext("Unexpected parameter line %u.\n"),
7925 			    lineno);
7926 			goto fail;
7927 		}
7928 
7929 	} while (nm == 0 || md == 0);
7930 
7931 	/*
7932 	 * check that if the ipgpc action it is named correctly
7933 	 */
7934 	if ((strcmp((*action)->module, IPGPC_NAME) == 0) &&
7935 	    (strcmp((*action)->name, IPGPC_CLASSIFY) != 0)) {
7936 		ipqos_msg(MT_ERROR,
7937 		    gettext("%s action has incorrect name line %u.\n"),
7938 		    IPGPC_NAME, (*action)->lineno);
7939 		goto fail;
7940 	}
7941 
7942 	/* get list of permanent classes */
7943 
7944 	res = read_perm_items(0, tfp, (*action)->module,
7945 	    &(*action)->perm_classes, &(*action)->num_perm_classes);
7946 	if (res != IPQOS_CONF_SUCCESS) {
7947 		goto fail;
7948 	}
7949 
7950 	/* get list of permanent filters */
7951 
7952 	res = read_perm_items(1, tfp, (*action)->module,
7953 	    &perm_filters, &num_perm_filters);
7954 	if (res != IPQOS_CONF_SUCCESS) {
7955 		goto fail;
7956 	}
7957 
7958 	/*
7959 	 * get types file format version and check its supported.
7960 	 */
7961 	if ((tf_fmt_ver = read_tfile_ver(tfp, IPQOS_FMT_STR,
7962 	    (*action)->module)) == -1)
7963 		goto fail;
7964 	if (IPP_MAJOR_MODULE_VER(tf_fmt_ver) > 1 ||
7965 	    IPP_MINOR_MODULE_VER(tf_fmt_ver) > 0) {
7966 		ipqos_msg(MT_ERROR, gettext("Types file for module %s is "
7967 		    "incompatible.\n"), (*action)->module);
7968 		IPQOSCDBG0(L1, "Unsupported fmt major/minor version\n");
7969 		goto fail;
7970 	}
7971 
7972 	/*
7973 	 * get module version
7974 	 */
7975 	if (((*action)->module_version = read_tfile_ver(tfp, IPQOS_MOD_STR,
7976 	    (*action)->module)) == -1)
7977 		goto fail;
7978 
7979 	/* read filter/class/params blocks until CURL_END */
7980 
7981 	for (;;) {
7982 		/* read token */
7983 		res = readtoken(cfp, &st);
7984 
7985 		if (res == IPQOS_CONF_ERR) {
7986 			goto fail;
7987 		} else if (res == IPQOS_CONF_EOF) {
7988 			ipqos_msg(MT_ERROR, gettext("Unexpected EOF.\n"));
7989 			goto fail;
7990 
7991 		/* read CURL_END - end of action definition */
7992 
7993 		} else if (res == IPQOS_CONF_CURL_END) {
7994 			free(st);
7995 			break;
7996 		}
7997 
7998 
7999 		/*
8000 		 * read in either a filter/class or parameter block.
8001 		 */
8002 
8003 		/* read filter */
8004 
8005 		if (strcmp(st, IPQOS_CONF_FILTER_STR) == 0) {
8006 			free(st);
8007 
8008 			res = readfilter(cfp, tfp, (*action)->module, &filter,
8009 			    perm_filters, num_perm_filters);
8010 			if (res != IPQOS_CONF_SUCCESS) {
8011 				goto fail;
8012 			}
8013 
8014 			/*
8015 			 * if we read a host name for either src or dst addr
8016 			 * resolve the hostnames and create the appropriate
8017 			 * number of filters.
8018 			 */
8019 
8020 			if (filter->src_nd_name || filter->dst_nd_name) {
8021 
8022 				res = domultihome(filter, &(*action)->filters,
8023 				    B_FALSE);
8024 				/*
8025 				 * if a lookup fails and the filters
8026 				 * marked as retry we add it to a list
8027 				 * for another attempt later, otherwise
8028 				 * it is thrown away.
8029 				 */
8030 				if (res != IPQOS_CONF_SUCCESS) {
8031 
8032 					/* if not name lookup problem */
8033 
8034 					if (filter->nlerr == 0) {
8035 						free_filter(filter);
8036 						goto fail;
8037 
8038 					/* name lookup problem */
8039 
8040 					/*
8041 					 * if intermitent lookup failure
8042 					 * add to list of filters to
8043 					 * retry later.
8044 					 */
8045 					} else if (filter->nlerr ==
8046 					    IPQOS_LOOKUP_RETRY) {
8047 						filter->nlerr = 0;
8048 						ADD_TO_LIST(
8049 						    &(*action)->retry_filters,
8050 						    filter);
8051 					/*
8052 					 * for non-existing names
8053 					 * ignore the filter.
8054 					 */
8055 					} else {
8056 						free_filter(filter);
8057 					}
8058 
8059 				/* creation of new filters successful */
8060 
8061 				} else {
8062 					free_filter(filter);
8063 				}
8064 
8065 			/* non-node name filter */
8066 
8067 			} else {
8068 				ADD_TO_LIST(&(*action)->filters, filter);
8069 			}
8070 
8071 		/* read class */
8072 
8073 		} else if (strcmp(st, IPQOS_CONF_CLASS_STR) == 0) {
8074 			free(st);
8075 			res = readclass(cfp, (*action)->module, &class,
8076 			    (*action)->perm_classes,
8077 			    (*action)->num_perm_classes);
8078 			if (res != IPQOS_CONF_SUCCESS) {
8079 				goto fail;
8080 			}
8081 
8082 			ADD_TO_LIST(&(*action)->classes, class);
8083 
8084 		/* read params */
8085 
8086 		} else if (strcmp(st, IPQOS_CONF_PARAMS_STR) == 0) {
8087 			free(st);
8088 			if (readprms) {
8089 				ipqos_msg(MT_ERROR,
8090 				    gettext("Second parameter clause not "
8091 				    "supported line %u.\n"), lineno);
8092 				goto fail;
8093 			}
8094 			res = readparams(cfp, tfp, (*action)->module,
8095 			    (*action)->params);
8096 			if (res != IPQOS_CONF_SUCCESS) {
8097 				goto fail;
8098 			}
8099 			readprms++;
8100 
8101 		/* something unexpected */
8102 		} else {
8103 			free(st);
8104 			ipqos_msg(MT_ERROR,
8105 			    gettext("Params/filter/class clause expected "
8106 			    "line %u.\n"), lineno);
8107 			goto fail;
8108 		}
8109 	}
8110 
8111 	(void) fclose(tfp);
8112 	return (IPQOS_CONF_SUCCESS);
8113 
8114 fail:
8115 	if (tfp)
8116 		(void) fclose(tfp);
8117 	if (*action) {
8118 		free_actions(*action);
8119 		*action = NULL;
8120 	}
8121 	return (IPQOS_CONF_ERR);
8122 }
8123 
8124 /*
8125  * check that each of the actions in actions is uniquely named. If one isn't
8126  * set *name to point at the name of the duplicate action.
8127  * RETURNS: IPQOS_CONF_ERR if a non-unique action, else IPQOS_CONF_SUCCESS.
8128  */
8129 static int
8130 actions_unique(ipqos_conf_action_t *actions, char **name)
8131 {
8132 
8133 	IPQOSCDBG0(L1, "In actions_unique.\n");
8134 
8135 	while (actions) {
8136 		if (actionexist(actions->name, actions->next)) {
8137 			*name = actions->name;
8138 			return (IPQOS_CONF_ERR);
8139 		}
8140 		actions = actions->next;
8141 	}
8142 
8143 	return (IPQOS_CONF_SUCCESS);
8144 }
8145 
8146 /*
8147  * checks whether the action parameter is involved in an action cycle.
8148  * RETURNS: 1 if involved in a cycle, 0 otherwise.
8149  */
8150 static int
8151 in_cycle(
8152 ipqos_conf_action_t *action)
8153 {
8154 
8155 	ipqos_conf_act_ref_t *aref;
8156 	ipqos_conf_class_t *c;
8157 
8158 	IPQOSCDBG1(L0, "in_cycle: visiting action %s\n", action->name);
8159 
8160 
8161 	/* have we visited this action before? */
8162 
8163 	if (action->visited == INCYCLE_VISITED) {
8164 		action->visited = 0;
8165 		return (1);
8166 	}
8167 	action->visited = INCYCLE_VISITED;
8168 
8169 	/*
8170 	 * recurse down the child actions of this action through the
8171 	 * classes next action and parameter actions.
8172 	 */
8173 
8174 	for (aref = action->params->actions; aref != NULL; aref = aref->next) {
8175 
8176 		/* skip virtual actions - they can't be in a cycle */
8177 
8178 		if (virtual_action(aref->name)) {
8179 			continue;
8180 		}
8181 
8182 		if (in_cycle(aref->action)) {
8183 			action->visited = 0;
8184 			return (1);
8185 		}
8186 	}
8187 
8188 	for (c = action->classes; c != NULL; c = c->next) {
8189 		aref = c->alist;
8190 
8191 		if (virtual_action(aref->name)) {
8192 			continue;
8193 		}
8194 
8195 		if (in_cycle(aref->action)) {
8196 			action->visited = 0;
8197 			return (1);
8198 		}
8199 	}
8200 
8201 	IPQOSCDBG0(L0, "in_cycle: return\n");
8202 	action->visited = 0;
8203 	return (0);
8204 }
8205 
8206 /*
8207  * checks that the configuration in actions is a valid whole, that
8208  * all actions are unique, all filters and classes are unique within
8209  * their action, that classes referenced by filters exist and actions
8210  * referenced by classes and params exist. Also checks that there are no root
8211  * actions but ipgpc and that no actions are involved in cycles. As
8212  * a consequence of checking that the actions exist two way pointers
8213  * are created between the dependee and dependant actions.
8214  *
8215  * In the case the the userconf flag is zero only this link creation is
8216  * set as we trust the kernel to return a valid configuration.
8217  *
8218  * RETURNS: IPQOS_CONF_ERR if config isn't valid, else IPQOS_CONF_SUCCESS.
8219  *
8220  */
8221 
8222 static int
8223 validconf(
8224 ipqos_conf_action_t *actions,
8225 int userconf)			/* are we checking a conf file ? */
8226 {
8227 	char *name;
8228 	ipqos_conf_action_t *act;
8229 	int res;
8230 	ipqos_conf_action_t *dact;
8231 	ipqos_conf_filter_t *flt;
8232 	ipqos_conf_class_t *cls;
8233 	ipqos_conf_params_t *params;
8234 	ipqos_conf_act_ref_t *aref;
8235 
8236 	IPQOSCDBG0(L0, "In validconf\n");
8237 
8238 	/* check actions are unique */
8239 
8240 	if (userconf && actions_unique(actions, &name) != IPQOS_CONF_SUCCESS) {
8241 		ipqos_msg(MT_ERROR, gettext("Duplicate named action %s.\n"),
8242 		    name);
8243 		return (IPQOS_CONF_ERR);
8244 	}
8245 
8246 	for (act = actions; act; act = act->next) {
8247 
8248 		/*
8249 		 * check filters (for user land configs only).
8250 		 * check they are unique in this action and their class exists.
8251 		 */
8252 		if (userconf) {
8253 			for (flt = act->filters; flt; flt = flt->next) {
8254 
8255 				/* check unique name */
8256 
8257 				if (filterexist(flt->name, flt->instance,
8258 				    flt->next)) {
8259 					ipqos_msg(MT_ERROR,
8260 					    gettext("Duplicate named filter "
8261 					    "%s in action %s.\n"), flt->name,
8262 					    act->name);
8263 					return (IPQOS_CONF_ERR);
8264 				}
8265 
8266 				/*
8267 				 * check existence of class and error if
8268 				 * class doesn't exist and not a perm class
8269 				 */
8270 
8271 				if (!classexist(flt->class_name,
8272 				    act->classes)) {
8273 					if (!in_string_table(act->perm_classes,
8274 					    act->num_perm_classes,
8275 					    flt->class_name)) {
8276 						ipqos_msg(MT_ERROR,
8277 						    gettext("Undefined "
8278 						    "class in filter %s, "
8279 						    "action %s.\n"), flt->name,
8280 						    act->name);
8281 						return (IPQOS_CONF_ERR);
8282 					}
8283 				}
8284 			}
8285 		}
8286 
8287 		/* check classes */
8288 
8289 		for (cls = act->classes; cls; cls = cls->next) {
8290 
8291 			/* check if class name unique (userland only) */
8292 
8293 			if (userconf && classexist(cls->name, cls->next)) {
8294 				ipqos_msg(MT_ERROR,
8295 				    gettext("Duplicate named class %s in "
8296 				    "action %s.\n"), cls->name, act->name);
8297 				return (IPQOS_CONF_ERR);
8298 			}
8299 
8300 			/*
8301 			 * virtual actions always exist so don't check for next
8302 			 * action.
8303 			 */
8304 			if (virtual_action(cls->alist->name)) {
8305 				continue;
8306 			}
8307 
8308 			/*
8309 			 * check existance of next action and create link to
8310 			 * it.
8311 			 */
8312 			if ((cls->alist->action =
8313 			    actionexist(cls->alist->name, actions)) == NULL) {
8314 				ipqos_msg(MT_ERROR,
8315 				    gettext("Undefined action in class %s, "
8316 				    "action %s.\n"), cls->name, act->name);
8317 				return (IPQOS_CONF_ERR);
8318 			}
8319 
8320 			/* create backwards link - used for deletions */
8321 
8322 			dact = cls->alist->action;
8323 			res = add_aref(&dact->dependencies, NULL, act->name);
8324 			if (res != IPQOS_CONF_SUCCESS) {
8325 				return (IPQOS_CONF_ERR);
8326 			}
8327 			dact->dependencies->action = act;
8328 		}
8329 
8330 
8331 		/* check actions exist for action type parameters */
8332 
8333 		params = act->params;
8334 		for (aref = params->actions; aref; aref = aref->next) {
8335 
8336 			/* skip virtuals */
8337 
8338 			if (virtual_action(aref->name)) {
8339 				continue;
8340 			}
8341 
8342 			/*
8343 			 * check existance of action in this ref
8344 			 * and if present create a ptr to it.
8345 			 */
8346 			aref->action = actionexist(aref->name, actions);
8347 			if (aref->action == NULL) {
8348 				ipqos_msg(MT_ERROR,
8349 				    gettext("Undefined action in parameter "
8350 				    "%s, action %s.\n"),
8351 				    SHORT_NAME(aref->field), act->name);
8352 				return (IPQOS_CONF_ERR);
8353 			}
8354 
8355 			/* create backwards link */
8356 
8357 			dact = aref->action;
8358 			res = add_aref(&dact->dependencies, NULL,
8359 			    act->name);
8360 			if (res != IPQOS_CONF_SUCCESS) {
8361 				return (IPQOS_CONF_ERR);
8362 			}
8363 			dact->dependencies->action = act;
8364 		}
8365 	}
8366 
8367 	/* for kernel retrieved configs we don't do the following checks. */
8368 	if (!userconf) {
8369 		return (IPQOS_CONF_SUCCESS);
8370 	}
8371 
8372 	/* check for cycles in config and orphaned actions other than ipgpc */
8373 
8374 	for (act = actions; act; act = act->next) {
8375 
8376 		/* check if involved in cycle */
8377 
8378 		if (in_cycle(act)) {
8379 			ipqos_msg(MT_ERROR,
8380 			    gettext("Action %s involved in cycle.\n"),
8381 			    act->name);
8382 			return (IPQOS_CONF_ERR);
8383 		}
8384 
8385 		/* check that this action has a parent (except ipgpc) */
8386 
8387 		if (act->dependencies == NULL &&
8388 		    strcmp(act->name, IPGPC_CLASSIFY) != 0) {
8389 			ipqos_msg(MT_ERROR, gettext("Action %s isn't "
8390 			    "referenced by any other actions.\n"), act->name);
8391 			return (IPQOS_CONF_ERR);
8392 		}
8393 	}
8394 
8395 	return (IPQOS_CONF_SUCCESS);
8396 }
8397 
8398 /*
8399  * Read the version from the config file with stream cfp with
8400  * the tag version_tag. The tag-value pair should be the first tokens
8401  * encountered.
8402  *
8403  * RETURNS: -1 if a missing or invalid version or a read error,
8404  * else an integer encoding of the version.
8405  */
8406 static int
8407 read_cfile_ver(
8408 FILE *cfp,
8409 char *version_tag)
8410 {
8411 	char *sp = NULL;
8412 	int res;
8413 	int version;
8414 
8415 	IPQOSCDBG0(L1, "In read_cfile_ver:\n");
8416 
8417 	/*
8418 	 * read version tag string.
8419 	 */
8420 	res = readtoken(cfp, &sp);
8421 	if (res != IPQOS_CONF_SUCCESS) {
8422 		goto fail;
8423 	} else if (strcasecmp(sp, version_tag) != 0) {
8424 		goto fail;
8425 	}
8426 	free(sp);
8427 	sp = NULL;
8428 
8429 	/*
8430 	 * read version number string.
8431 	 */
8432 	res = readtoken(cfp, &sp);
8433 	if (res != IPQOS_CONF_SUCCESS) {
8434 		goto fail;
8435 	}
8436 
8437 	/*
8438 	 * encode version into int.
8439 	 */
8440 	if ((version = ver_str_to_int(sp)) == -1) {
8441 		goto fail;
8442 	}
8443 	free(sp);
8444 
8445 	return (version);
8446 fail:
8447 	ipqos_msg(MT_ERROR,
8448 	    gettext("Missing/Invalid config file %s.\n"), version_tag);
8449 	if (sp != NULL)
8450 		free(sp);
8451 	return (-1);
8452 }
8453 
8454 /*
8455  * read the set of actions definitions from the stream cfp and store
8456  * them in a list pointed to by conf.
8457  * RETURNS: IPQOS_CONF_ERR if any errors, else IPQOS_CONF_SUCCESS.
8458  */
8459 static int
8460 readconf(
8461 FILE *cfp,
8462 ipqos_conf_action_t **conf)
8463 {
8464 
8465 	int res;
8466 	ipqos_conf_action_t *action;
8467 	boolean_t ipgpc_action = B_FALSE;
8468 	int fmt_ver;
8469 
8470 	IPQOSCDBG0(L0, "In readconf\n");
8471 
8472 	*conf = NULL;
8473 
8474 	/*
8475 	 * get config file format version.
8476 	 */
8477 	fmt_ver = read_cfile_ver(cfp, IPQOS_FMT_VERSION_STR);
8478 	if (fmt_ver == -1) {
8479 		return (IPQOS_CONF_ERR);
8480 	} else {
8481 		/*
8482 		 * check version is valid
8483 		 */
8484 		if ((IPP_MAJOR_MODULE_VER(fmt_ver) > 1) ||
8485 		    (IPP_MINOR_MODULE_VER(fmt_ver) > 0)) {
8486 			ipqos_msg(MT_ERROR, gettext("Unsupported config file "
8487 			    "format version.\n"));
8488 			return (IPQOS_CONF_ERR);
8489 		}
8490 	}
8491 
8492 	/* loop reading actions adding to conf till EOF */
8493 
8494 	for (;;) {
8495 		action = NULL;
8496 
8497 		/* readaction */
8498 
8499 		res = readaction(cfp, &action);
8500 		if (res == IPQOS_CONF_ERR) {
8501 			goto fail;
8502 		}
8503 
8504 		/* reached eof, finish */
8505 
8506 		if (res == IPQOS_CONF_EOF) {
8507 			break;
8508 		}
8509 
8510 		ADD_TO_LIST(conf, action);
8511 
8512 		/* check if we just read an ipgpc action */
8513 
8514 		if (strcmp(action->name, IPGPC_CLASSIFY) == 0)
8515 			ipgpc_action = B_TRUE;
8516 	}
8517 
8518 	/* check that there is one or more actions and that one is ipgpc */
8519 
8520 	if (ipgpc_action == B_FALSE) {
8521 		ipqos_msg(MT_ERROR, gettext("No %s action defined.\n"),
8522 		    IPGPC_NAME);
8523 		goto fail;
8524 	}
8525 
8526 	return (IPQOS_CONF_SUCCESS);
8527 fail:
8528 	free_actions(*conf);
8529 	*conf = NULL;
8530 	return (IPQOS_CONF_ERR);
8531 }
8532 
8533 /* ************************ kernel config retrieval ************************ */
8534 
8535 
8536 /*
8537  * read the current configuration from the kernel and make *conf a ptr to it.
8538  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8539  */
8540 static int
8541 readkconf(ipqos_conf_action_t **conf)
8542 {
8543 
8544 	int res;
8545 	char **modnames = NULL;
8546 	int nmods;
8547 	char **actnames = NULL;
8548 	int nacts;
8549 	int x, y;
8550 	FILE *tfp;
8551 	int openerr;
8552 	ipqos_actinfo_prm_t ai_prm;
8553 
8554 
8555 	IPQOSCDBG0(L0, "In readkconf\n");
8556 
8557 	/* initialise conf to NULL */
8558 	*conf = NULL;
8559 
8560 	/* get list of modules currently loaded */
8561 
8562 	res = ipp_list_mods(&modnames, &nmods);
8563 	if (res != 0) {
8564 		ipqos_msg(MT_ENOSTR, "ipp_list_mods");
8565 		return (IPQOS_CONF_ERR);
8566 	}
8567 
8568 	/*
8569 	 * iterate through all loaded modules retrieving their list of actions
8570 	 * and then retrieving the configuration of each of these
8571 	 * and attatching it to conf.
8572 	 */
8573 	for (x = 0; x < nmods; x++) {
8574 
8575 		/* skip actions of modules that we can't open types file of */
8576 
8577 		if ((tfp = validmod(modnames[x], &openerr)) == NULL) {
8578 
8579 			/* mem error */
8580 
8581 			if (!openerr) {
8582 				goto fail;
8583 
8584 			/*
8585 			 * fopen fail - if we failed because the file didn't
8586 			 * exist we assume this is an unknown module and
8587 			 * ignore this module, otherwise error.
8588 			 */
8589 			} else {
8590 				if (errno == ENOENT) {
8591 					continue;
8592 				} else {
8593 					ipqos_msg(MT_ENOSTR, "fopen");
8594 					goto fail;
8595 				}
8596 			}
8597 		}
8598 		(void) fclose(tfp);
8599 
8600 		/* get action list for this module */
8601 
8602 		res = ipp_mod_list_actions(modnames[x], &actnames, &nacts);
8603 		if (res != 0) {
8604 			ipqos_msg(MT_ENOSTR, "ipp_mod_list_actions");
8605 			goto fail;
8606 		}
8607 
8608 		/* read config of each action of this module */
8609 
8610 		for (y = 0; y < nacts; y++) {
8611 			ai_prm.action = alloc_action();
8612 			if (ai_prm.action == NULL) {
8613 				goto fail;
8614 			}
8615 
8616 			/* copy action name into action struct */
8617 
8618 			(void) strlcpy(ai_prm.action->name, actnames[y],
8619 			    IPQOS_CONF_NAME_LEN);
8620 
8621 			/* copy module name into action struct */
8622 
8623 			(void) strlcpy(ai_prm.action->module, modnames[x],
8624 			    IPQOS_CONF_NAME_LEN);
8625 
8626 			/* get action info */
8627 
8628 			res = ipp_action_info(actnames[y],
8629 			    (int (*)(nvlist_t *, void *))parse_kaction,
8630 			    (void *)&ai_prm, 0);
8631 			if (res != 0) {
8632 				/* was this an ipp error */
8633 				if (ai_prm.intl_ret == IPQOS_CONF_SUCCESS) {
8634 					ipqos_msg(MT_ENOSTR,
8635 					    "ipp_action_info");
8636 				}
8637 				goto fail;
8638 			}
8639 
8640 			ADD_TO_LIST(conf, ai_prm.action);
8641 		}
8642 
8643 		cleanup_string_table(actnames, nacts);
8644 	}
8645 
8646 	cleanup_string_table(modnames, nmods);
8647 	return (IPQOS_CONF_SUCCESS);
8648 fail:
8649 	free_actions(*conf);
8650 	*conf = NULL;
8651 	cleanup_string_table(modnames, nmods);
8652 	cleanup_string_table(actnames, nacts);
8653 	return (IPQOS_CONF_ERR);
8654 }
8655 
8656 /*
8657  * This is passed as a parameter to ipp_action_info() in readkaction and
8658  * is called back one for each configuration element within the action
8659  * specified. This results in filters and classes being created and chained
8660  * off of action, and action having its params set.
8661  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCESS.
8662  */
8663 static int
8664 parse_kaction(
8665 nvlist_t *nvl,
8666 ipqos_actinfo_prm_t *ai_prm)
8667 {
8668 
8669 	int ret;
8670 	uint8_t cfgtype;
8671 	ipqos_conf_filter_t *filter = NULL;
8672 	ipqos_conf_class_t *class = NULL;
8673 	ipqos_conf_action_t *action = ai_prm->action;
8674 
8675 
8676 	IPQOSCDBG1(KRET, "In parse_kaction: action_name: %s\n", action->name);
8677 
8678 	/* get config type */
8679 
8680 	(void) nvlist_lookup_byte(nvl, IPP_CONFIG_TYPE, &cfgtype);
8681 	(void) nvlist_remove_all(nvl, IPP_CONFIG_TYPE);
8682 
8683 	switch (cfgtype) {
8684 		case CLASSIFIER_ADD_FILTER: {
8685 			/*
8686 			 * parse the passed filter nvlist
8687 			 * and add result to action's filter list.
8688 			 */
8689 			filter = alloc_filter();
8690 			if (filter == NULL) {
8691 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8692 				return (IPQOS_CONF_ERR);
8693 			}
8694 
8695 			ret = parse_kfilter(filter, nvl);
8696 			if (ret != IPQOS_CONF_SUCCESS) {
8697 				free_filter(filter);
8698 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8699 				return (ret);
8700 			}
8701 
8702 			ADD_TO_LIST(&action->filters, filter);
8703 			break;
8704 		}
8705 		case CLASSIFIER_ADD_CLASS:
8706 		case CLASSIFIER_MODIFY_CLASS: {
8707 			/*
8708 			 * parse the passed class nvlist
8709 			 * and add result to action's class list.
8710 			 */
8711 			class = alloc_class();
8712 			if (class == NULL) {
8713 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8714 				return (IPQOS_CONF_ERR);
8715 			}
8716 
8717 			ret = parse_kclass(class, nvl);
8718 			if (ret != IPQOS_CONF_SUCCESS) {
8719 				free_class(class);
8720 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8721 				return (ret);
8722 			}
8723 
8724 			ADD_TO_LIST(&action->classes, class);
8725 			break;
8726 		}
8727 		case IPP_SET: {
8728 			/*
8729 			 * we don't alloc a params struct as it is created
8730 			 * as part of an action.
8731 			 */
8732 
8733 			/* parse the passed params nvlist */
8734 
8735 			ret = parse_kparams(action->module, action->params,
8736 			    nvl);
8737 			if (ret != IPQOS_CONF_SUCCESS) {
8738 				ai_prm->intl_ret = IPQOS_CONF_ERR;
8739 				return (ret);
8740 			}
8741 		}
8742 	}
8743 
8744 	ai_prm->intl_ret = IPQOS_CONF_SUCCESS;
8745 	return (IPQOS_CONF_SUCCESS);
8746 }
8747 
8748 /*
8749  * parses a params nvlist returned from the kernel.
8750  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8751  */
8752 int
8753 parse_kparams(
8754 char *module,
8755 ipqos_conf_params_t *params,
8756 nvlist_t *nvl) {
8757 
8758 	int ret;
8759 	ipqos_nvtype_t type;
8760 	str_val_nd_t *tmp;
8761 	char *act;
8762 	uint32_t u32;
8763 	nvpair_t *nvp;
8764 	FILE *tfp;
8765 	char dfltst[IPQOS_VALST_MAXLEN];
8766 	char *param;
8767 	nvlist_t *nvlcp;
8768 	int openerr;
8769 	place_t place;
8770 
8771 	IPQOSCDBG0(KRET, "In parse_kparams:\n");
8772 
8773 	/* get stream to module types file */
8774 
8775 	tfp = validmod(module, &openerr);
8776 	if (tfp == NULL) {
8777 		if (openerr) {
8778 			ipqos_msg(MT_ENOSTR, "fopen");
8779 		}
8780 		return (IPQOS_CONF_ERR);
8781 	}
8782 
8783 	/* make copy of passed in nvlist as it is freed by the caller */
8784 
8785 	ret = nvlist_dup(nvl, &nvlcp, 0);
8786 	if (ret != 0) {
8787 		return (IPQOS_CONF_ERR);
8788 	}
8789 
8790 	/*
8791 	 * get config originator and remove from nvlist. If no owner we
8792 	 * assume ownership.
8793 	 */
8794 	ret = nvlist_lookup_uint32(nvlcp, IPP_CONFIG_ORIGINATOR, &u32);
8795 	if (ret == 0) {
8796 		params->originator = u32;
8797 		(void) nvlist_remove_all(nvlcp, IPP_CONFIG_ORIGINATOR);
8798 	} else {
8799 		params->originator = IPP_CONFIG_IPQOSCONF;
8800 	}
8801 
8802 	/* get action stats and remove from nvlist */
8803 
8804 	ret = nvlist_lookup_uint32(nvlcp, IPP_ACTION_STATS_ENABLE, &u32);
8805 	if (ret == 0) {
8806 		params->stats_enable = *(boolean_t *)&u32;
8807 		(void) nvlist_remove_all(nvlcp, IPP_ACTION_STATS_ENABLE);
8808 	}
8809 
8810 	/*
8811 	 * loop throught nvlist elements and for those that are actions create
8812 	 * action ref entrys for them.
8813 	 */
8814 	nvp = nvlist_next_nvpair(nvlcp, NULL);
8815 	while (nvp != NULL) {
8816 		param = SHORT_NAME(nvpair_name(nvp));
8817 		place = PL_ANY;
8818 		ret = readtype(tfp, module, param, &type, &tmp, dfltst,
8819 		    B_FALSE, &place);
8820 		if (ret != IPQOS_CONF_SUCCESS) {
8821 			goto fail;
8822 		}
8823 
8824 		if ((place == PL_PARAMS) &&	/* avoid map entries */
8825 		    (type == IPQOS_DATA_TYPE_ACTION)) {
8826 			(void) nvpair_value_string(nvp, &act);
8827 			ret = add_aref(&params->actions, nvpair_name(nvp), act);
8828 			if (ret != IPQOS_CONF_SUCCESS) {
8829 				goto fail;
8830 			}
8831 		}
8832 
8833 		nvp = nvlist_next_nvpair(nvlcp, nvp);
8834 	}
8835 
8836 	/* assign copied nvlist to params struct */
8837 
8838 	params->nvlist = nvlcp;
8839 
8840 	(void) fclose(tfp);
8841 	return (IPQOS_CONF_SUCCESS);
8842 fail:
8843 	(void) fclose(tfp);
8844 	free_arefs(params->actions);
8845 	params->actions = NULL;
8846 	nvlist_free(nvlcp);
8847 	return (IPQOS_CONF_ERR);
8848 }
8849 
8850 /*
8851  * parses a classes nvlist returned from the kernel.
8852  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8853  */
8854 static int
8855 parse_kclass(
8856 ipqos_conf_class_t *class,
8857 nvlist_t *nvl)
8858 {
8859 
8860 	int ret;
8861 	uint32_t u32;
8862 	char *str;
8863 
8864 	IPQOSCDBG0(KRET, "In parse_kclass:\n");
8865 
8866 	/* lookup object originator */
8867 
8868 	ret = nvlist_lookup_uint32(nvl, IPP_CONFIG_ORIGINATOR, &u32);
8869 	if (ret == 0) {
8870 		class->originator = u32;
8871 	} else {
8872 		class->originator = IPP_CONFIG_IPQOSCONF;
8873 	}
8874 
8875 	/* lookup name */
8876 
8877 	(void) nvlist_lookup_string(nvl, CLASSIFIER_CLASS_NAME, &str);
8878 	(void) strlcpy(class->name, str, IPQOS_CONF_NAME_LEN);
8879 	IPQOSCDBG1(KRET, "reading class %s\n", class->name);
8880 
8881 	/* lookup next action */
8882 
8883 	(void) nvlist_lookup_string(nvl, CLASSIFIER_NEXT_ACTION, &str);
8884 	ret = add_aref(&class->alist, NULL, str);
8885 	if (ret != IPQOS_CONF_SUCCESS) {
8886 		return (IPQOS_CONF_ERR);
8887 	}
8888 
8889 	/* lookup stats enable */
8890 
8891 	ret = nvlist_lookup_uint32(nvl, CLASSIFIER_CLASS_STATS_ENABLE, &u32);
8892 	if (ret == 0) {
8893 		class->stats_enable = *(boolean_t *)&u32;
8894 	}
8895 
8896 	return (IPQOS_CONF_SUCCESS);
8897 }
8898 
8899 /*
8900  * parses a filters nvlist returned from the kernel.
8901  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
8902  */
8903 static int
8904 parse_kfilter(
8905 ipqos_conf_filter_t *filter,
8906 nvlist_t *nvl)
8907 {
8908 
8909 	int ret;
8910 	char *str;
8911 	uint32_t u32;
8912 	nvlist_t *nvlcp;
8913 	char *end;
8914 
8915 	IPQOSCDBG0(KRET, "In parse_kfilter:\n");
8916 
8917 	/* make copy of passed in nvlist as it is freed by the caller */
8918 
8919 	ret = nvlist_dup(nvl, &nvlcp, 0);
8920 	if (ret != 0) {
8921 		return (IPQOS_CONF_ERR);
8922 	}
8923 
8924 	/* lookup originator */
8925 
8926 	ret = nvlist_lookup_uint32(nvlcp, IPP_CONFIG_ORIGINATOR, &u32);
8927 	if (ret == 0) {
8928 		filter->originator = u32;
8929 		(void) nvlist_remove_all(nvlcp, IPP_CONFIG_ORIGINATOR);
8930 	} else {
8931 		filter->originator = IPP_CONFIG_IPQOSCONF;
8932 	}
8933 
8934 	/* lookup filter name */
8935 
8936 	(void) nvlist_lookup_string(nvlcp, CLASSIFIER_FILTER_NAME, &str);
8937 	(void) strlcpy(filter->name, str, IPQOS_CONF_NAME_LEN);
8938 	(void) nvlist_remove_all(nvlcp, CLASSIFIER_FILTER_NAME);
8939 
8940 	/* lookup class name */
8941 
8942 	(void) nvlist_lookup_string(nvlcp, CLASSIFIER_CLASS_NAME, &str);
8943 	(void) strlcpy(filter->class_name, str, IPQOS_CONF_NAME_LEN);
8944 	(void) nvlist_remove_all(nvlcp, CLASSIFIER_CLASS_NAME);
8945 
8946 	/* lookup src and dst host names if present */
8947 
8948 	if (nvlist_lookup_string(nvlcp, IPGPC_SADDR_HOSTNAME, &str) == 0) {
8949 		filter->src_nd_name = malloc(strlen(str) + 1);
8950 		if (filter->src_nd_name) {
8951 			(void) strcpy(filter->src_nd_name, str);
8952 			(void) nvlist_remove_all(nvlcp, IPGPC_SADDR_HOSTNAME);
8953 		} else {
8954 			ipqos_msg(MT_ENOSTR, "malloc");
8955 			nvlist_free(nvlcp);
8956 			return (IPQOS_CONF_ERR);
8957 		}
8958 	}
8959 	if (nvlist_lookup_string(nvlcp, IPGPC_DADDR_HOSTNAME, &str) == 0) {
8960 		filter->dst_nd_name = malloc(strlen(str) + 1);
8961 		if (filter->dst_nd_name) {
8962 			(void) strcpy(filter->dst_nd_name, str);
8963 			(void) nvlist_remove_all(nvlcp, IPGPC_DADDR_HOSTNAME);
8964 		} else {
8965 			ipqos_msg(MT_ENOSTR, "malloc");
8966 			nvlist_free(nvlcp);
8967 			return (IPQOS_CONF_ERR);
8968 		}
8969 	}
8970 
8971 	/* lookup ip_version if present */
8972 
8973 	if (nvlist_lookup_string(nvlcp, IPGPC_FILTER_PRIVATE, &str) == 0) {
8974 		filter->ip_versions = (uint32_t)strtol(str, &end, 0);
8975 		if (end != str) {
8976 			(void) nvlist_remove_all(nvlcp, IPGPC_FILTER_PRIVATE);
8977 		} else {
8978 			ipqos_msg(MT_ERROR,
8979 			    gettext("Corrupted ip_version returned from "
8980 			    "kernel.\n"));
8981 			nvlist_free(nvlcp);
8982 			return (IPQOS_CONF_ERR);
8983 		}
8984 	}
8985 
8986 	/* lookup filter instance if present */
8987 
8988 	ret = nvlist_lookup_int32(nvlcp, IPGPC_FILTER_INSTANCE,
8989 	    &filter->instance);
8990 	if (ret != 0) {
8991 		filter->instance = -1;
8992 	} else {
8993 		(void) nvlist_remove_all(nvlcp, IPGPC_FILTER_INSTANCE);
8994 	}
8995 
8996 	/* attach new trimmed nvlist to filter */
8997 	filter->nvlist = nvlcp;
8998 
8999 	return (IPQOS_CONF_SUCCESS);
9000 }
9001 
9002 
9003 /*
9004  * determines whether action_name is a virtual action name.
9005  * RETURNS: if virtual action 1, else 0.
9006  */
9007 static int
9008 virtual_action(char *action_name)
9009 {
9010 
9011 	if (strcmp(action_name, IPP_ANAME_CONT) == 0 ||
9012 	    strcmp(action_name, IPP_ANAME_DEFER) == 0 ||
9013 	    strcmp(action_name, IPP_ANAME_DROP) == 0) {
9014 		return (1);
9015 	}
9016 
9017 	return (0);
9018 }
9019 
9020 /*
9021  * remove all the actions within the kernel. If there is a failure
9022  * modified is set to represent whether the attempt to flush modified
9023  * the configuration in any way.
9024  * RETURNS: IPQOS_CONF_ERR if the ipp_* functions return any errors,
9025  * else IPQOS_CONF_SUCCESS.
9026  */
9027 static int
9028 flush(
9029 boolean_t *modified)
9030 {
9031 
9032 	int res;
9033 	char **modnames = NULL;
9034 	int nmods;
9035 	char **actnames = NULL;
9036 	int nacts;
9037 	int x, y;
9038 
9039 	IPQOSCDBG0(L0, "In flush\n");
9040 
9041 	*modified = B_FALSE;
9042 
9043 	/*
9044 	 * get list of modules currently loaded.
9045 	 */
9046 	res = ipp_list_mods(&modnames, &nmods);
9047 	if (res != 0) {
9048 		ipqos_msg(MT_ENOSTR, "ipp_list_mods");
9049 		return (IPQOS_CONF_ERR);
9050 	}
9051 
9052 	/*
9053 	 * iterate through all the modules listing their actions and
9054 	 * deleting all of them.
9055 	 */
9056 	for (x = 0; x < nmods; x++) {
9057 		IPQOSCDBG1(APPLY, "Getting actions of module %s.\n",
9058 		    modnames[x]);
9059 		res = ipp_mod_list_actions(modnames[x], &actnames, &nacts);
9060 		if (res != 0) {
9061 			ipqos_msg(MT_ENOSTR, "ipp_mod_list_actions");
9062 			cleanup_string_table(modnames, nmods);
9063 			return (IPQOS_CONF_ERR);
9064 		}
9065 
9066 		for (y = 0; y < nacts; y++) {
9067 			IPQOSCDBG1(APPLY, "deleting action %s\n", actnames[y]);
9068 			res = ipp_action_destroy(actnames[y], IPP_DESTROY_REF);
9069 			/*
9070 			 * if fails for reason other than action doesn't
9071 			 * exist or action has dependency.
9072 			 */
9073 			if (res != 0 && errno != ENOENT && errno != EBUSY) {
9074 				ipqos_msg(MT_ENOSTR, "ipp_action_destroy");
9075 				cleanup_string_table(modnames, nmods);
9076 				cleanup_string_table(actnames, nacts);
9077 				return (IPQOS_CONF_ERR);
9078 			}
9079 
9080 			if (res == 0)
9081 				*modified = B_TRUE;
9082 		}
9083 		cleanup_string_table(actnames, nacts);
9084 	}
9085 	cleanup_string_table(modnames, nmods);
9086 
9087 	return (IPQOS_CONF_SUCCESS);
9088 }
9089 
9090 /*
9091  * Trys to flush the configuration. If it fails and nothing has been modified
9092  * and force_flush is false just return an error, otherwise persist trying to
9093  * completion.
9094  * RETURNS: IPQOS_CONF_ERR if flush attempt failed without modifying anything
9095  * and force_flush was set to false, otherwise IPQOS_CONF_SUCCESS.
9096  */
9097 static int
9098 atomic_flush(
9099 boolean_t force_flush)
9100 {
9101 	int x = 0;
9102 	int res;
9103 	boolean_t modified = B_FALSE;
9104 
9105 	/*
9106 	 * attempt first flush of config.
9107 	 */
9108 	res = flush(&modified);
9109 	if ((force_flush == B_FALSE) && (res != IPQOS_CONF_SUCCESS) &&
9110 	    (modified == B_FALSE)) {
9111 		return (IPQOS_CONF_ERR);
9112 	} else if (res == IPQOS_CONF_SUCCESS) {
9113 		return (IPQOS_CONF_SUCCESS);
9114 	}
9115 
9116 	/*
9117 	 * failed flush that modified config, or force flush set; loop till
9118 	 * successful flush.
9119 	 */
9120 	while (res != IPQOS_CONF_SUCCESS) {
9121 		if (x == 5) {	/* 10 secs since start/last message. */
9122 			ipqos_msg(MT_ERROR,
9123 			    gettext("Retrying configuration flush.\n"));
9124 			x = 0;
9125 		}
9126 		(void) sleep(2);
9127 		x++;
9128 		res = flush(&modified);
9129 	}
9130 
9131 	return (IPQOS_CONF_SUCCESS);
9132 }
9133 
9134 /*
9135  * Performs a flush of the configuration within a signal blocking region
9136  * so that there's minimal chance of it being killed and the flush only
9137  * partially completing.
9138  * RETURNS: IPQOS_CONF_SUCCESS (for symmetry with the other main functions).
9139  */
9140 static int
9141 flushconf()
9142 {
9143 	int res;
9144 
9145 	/*
9146 	 * make sure that flush is as atomic as possible.
9147 	 */
9148 	if ((res = block_all_signals()) == -1)
9149 		return (IPQOS_CONF_ERR);
9150 
9151 	res = atomic_flush(B_FALSE);
9152 
9153 	/*
9154 	 * restore signals.
9155 	 */
9156 	(void) restore_all_signals();
9157 
9158 	if (res == IPQOS_CONF_SUCCESS) {
9159 		ipqos_msg(MT_LOG, gettext("Configuration flushed.\n"));
9160 	} else {
9161 		ipqos_msg(MT_ENOSTR, "atomic_flush");
9162 	}
9163 
9164 	return (res);
9165 }
9166 
9167 static int
9168 in_string_table(char *stable[], int size, char *string)
9169 {
9170 
9171 	IPQOSCDBG1(L1, "In in_string_table: search string %s\n", string);
9172 
9173 	for (--size; size >= 0; size--) {
9174 		if (strcmp(stable[size], string) == 0) {
9175 			IPQOSCDBG1(L1, "Found %s in string table\n", string);
9176 			return (1);
9177 		}
9178 	}
9179 
9180 	return (0);
9181 }
9182 
9183 /* free the memory occupied by the string table ctable and its contents. */
9184 static void
9185 cleanup_string_table(char *ctable[], int size)
9186 {
9187 
9188 	int x;
9189 
9190 	if (ctable) {
9191 		for (x = 0; x < size; x++) {
9192 			free(ctable[x]);
9193 		}
9194 		free(ctable);
9195 	}
9196 }
9197 
9198 #if 0
9199 
9200 /*
9201  * makes a copy of a string table and returns a ptr to it.
9202  * RETURNS: NULL on error or if size was 0, else ptr to copied table.
9203  */
9204 static char **
9205 copy_string_table(char *stable1[], int size)
9206 {
9207 
9208 	char **st = NULL;
9209 	int pos;
9210 
9211 	/* create char ptr array */
9212 
9213 	st = malloc(size * sizeof (char *));
9214 	if (st == NULL) {
9215 		ipqos_msg(MT_ENOSTR, "malloc");
9216 		return (st);
9217 	}
9218 
9219 	/* create copy of each string from stable1 in array */
9220 
9221 	for (pos = size - 1; pos >= 0; pos--) {
9222 		st[pos] = malloc(strlen(stable1[pos] + 1));
9223 		if (st[pos] == NULL) {
9224 			for (pos++; pos < size; pos++)
9225 				free(st[pos]);
9226 			free(st);
9227 			ipqos_msg(MT_ENOSTR, "malloc");
9228 			return (NULL);
9229 		}
9230 
9231 		(void) strcpy(st[pos], stable1[pos]);
9232 	}
9233 
9234 	return (st);
9235 }
9236 #endif	/* 0 */
9237 
9238 /*
9239  * retry lookups on filters that soft failed a previous lookup and
9240  * were put on the retry list.
9241  * RETURNS: IPQOS_CONF_ERR on any errors, else IPQOS_CONF_SUCCESS.
9242  */
9243 static int
9244 retry_name_lookups(
9245 ipqos_conf_action_t *actions)
9246 {
9247 
9248 	ipqos_conf_action_t *act;
9249 	ipqos_conf_filter_t **new_filters;
9250 	ipqos_conf_filter_t *flt;
9251 
9252 	IPQOSCDBG0(APPLY, "In retry_name_lookups:\n");
9253 
9254 	for (act = actions; act != NULL; act = act->next) {
9255 
9256 		/* store start of new resolved filters */
9257 		LIST_END(&act->filters, &new_filters);
9258 
9259 		/*
9260 		 * do name resolution on retry list adding resolved filters
9261 		 * to end of actions filters.
9262 		 */
9263 		for (flt = act->retry_filters; flt != NULL; flt = flt->next) {
9264 
9265 			if (domultihome(flt, new_filters, B_TRUE) !=
9266 			    IPQOS_CONF_SUCCESS) {
9267 
9268 				/* if resource failure */
9269 
9270 				if (flt->nlerr == 0) {
9271 					return (IPQOS_CONF_ERR);
9272 				}
9273 			}
9274 		}
9275 
9276 		/* add the newly resolved filters to the kernel action */
9277 
9278 		for (flt = *new_filters; flt != NULL; flt = flt->next) {
9279 			if (add_filter(act->name, flt, act->module_version) !=
9280 			    IPQOS_CONF_SUCCESS) {
9281 				return (IPQOS_CONF_ERR);
9282 			}
9283 		}
9284 	}
9285 
9286 	return (IPQOS_CONF_SUCCESS);
9287 }
9288 
9289 /*
9290  * write the configuration in conf to the file given in dstpath. This
9291  * is done by writing first to a temporary file and then renaming that
9292  * file to dstpath. This assures an atomic write.
9293  * RETURNS: IPQOS_CONF_ERR on any errors, else IPQOS_CONF_SUCCESS.
9294  */
9295 static int
9296 writeconf(
9297 ipqos_conf_action_t *conf,
9298 char *dstpath)
9299 {
9300 
9301 	FILE *tmpfp;
9302 	char *tmppath;
9303 	char *pathend;
9304 	ipqos_conf_action_t *act;
9305 	int res;
9306 
9307 	IPQOSCDBG0(L0, "in writeconf\n");
9308 
9309 	/* construct tmp file path so we can use rename() */
9310 
9311 	pathend = strrchr(dstpath, '/');
9312 
9313 	/* dstpath in current dir */
9314 
9315 	if (pathend == NULL) {
9316 		tmppath = malloc(strlen("ipqosconf.tmp") + 1);
9317 		if (tmppath == NULL) {
9318 			ipqos_msg(MT_ENOSTR, "malloc");
9319 			return (IPQOS_CONF_ERR);
9320 		}
9321 		(void) strcpy(tmppath, "ipqosconf.tmp");
9322 
9323 	/* dstpath in root dir */
9324 
9325 	} else if (pathend == dstpath) {
9326 		tmppath = malloc(strlen("/ipqosconf.tmp") + 1);
9327 		if (tmppath == NULL) {
9328 			ipqos_msg(MT_ENOSTR, "malloc");
9329 			return (IPQOS_CONF_ERR);
9330 		}
9331 		(void) strcpy(tmppath, "/ipqosconf.tmp");
9332 
9333 	/* not pwd or root */
9334 
9335 	} else {
9336 		*pathend = NULL;
9337 		tmppath = malloc(strlen(dstpath) + strlen("/ipqosconf.tmp") +
9338 		    1);
9339 		if (tmppath == NULL) {
9340 			ipqos_msg(MT_ENOSTR, "malloc");
9341 			return (IPQOS_CONF_ERR);
9342 		}
9343 		(void) strcpy(tmppath, dstpath);
9344 		(void) strcat(tmppath, "/ipqosconf.tmp");
9345 		*pathend = '/';
9346 	}
9347 
9348 
9349 	/* open tmp file */
9350 
9351 	tmpfp = fopen(tmppath, "w");
9352 	if (tmpfp == NULL) {
9353 		ipqos_msg(MT_ENOSTR, "fopen");
9354 		free(tmppath);
9355 		return (IPQOS_CONF_ERR);
9356 	}
9357 
9358 	/* write out format version */
9359 
9360 	(void) fprintf(tmpfp, "%s %d.%d\n\n", IPQOS_FMT_VERSION_STR,
9361 	    IPQOS_CUR_FMT_MAJOR_VER, IPQOS_CUR_FMT_MINOR_VER);
9362 
9363 	/*
9364 	 * loop through actions in list writing ipqosconf originated
9365 	 * ones out to the tmp file.
9366 	 */
9367 	for (act = conf; act != NULL; act = act->next) {
9368 		if (act->params->originator == IPP_CONFIG_IPQOSCONF) {
9369 			res = printaction(tmpfp, act, 0, 0);
9370 			if (res != IPQOS_CONF_SUCCESS) {
9371 				free(tmppath);
9372 				(void) fclose(tmpfp);
9373 				return (res);
9374 			}
9375 		}
9376 	}
9377 	(void) fclose(tmpfp);
9378 
9379 	/* rename tmp file to dst file */
9380 
9381 	if (rename(tmppath, dstpath) != 0) {
9382 		ipqos_msg(MT_ENOSTR, "rename");
9383 		free(tmppath);
9384 		return (IPQOS_CONF_ERR);
9385 	}
9386 	free(tmppath);
9387 
9388 	return (IPQOS_CONF_SUCCESS);
9389 }
9390 
9391 /*
9392  * read the configuration back from the kernel and then write each of the
9393  * actions read to IPQOS_CONF_INIT_PATH.
9394  * RETURNS: IPQOS_CONF_ERR if error, else IPQOS_CONF_SUCCESS.
9395  */
9396 static int
9397 commitconf()
9398 {
9399 
9400 	int ret;
9401 	ipqos_conf_action_t *conf;
9402 
9403 	IPQOSCDBG0(L0, "In commitconf\n");
9404 
9405 	/* read the configuration from the kernel */
9406 
9407 	ret = readkconf(&conf);
9408 	if (ret != IPQOS_CONF_SUCCESS) {
9409 		return (IPQOS_CONF_ERR);
9410 	}
9411 
9412 	/* dissallow a null config to be stored (we can't read one in) */
9413 
9414 	if (conf == NULL) {
9415 		ipqos_msg(MT_ERROR,
9416 		    gettext("Can't commit a null configuration.\n"));
9417 		return (IPQOS_CONF_ERR);
9418 	}
9419 
9420 	/* make sure if we create file that perms are 644 */
9421 
9422 	(void) umask(S_IXUSR | S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH);
9423 
9424 	/* write the configuration to the init file */
9425 
9426 	ret = writeconf(conf, IPQOS_CONF_INIT_PATH);
9427 	if (ret != IPQOS_CONF_SUCCESS) {
9428 		return (IPQOS_CONF_ERR);
9429 	}
9430 
9431 	ipqos_msg(MT_LOG,
9432 	    gettext("Current configuration saved to init file.\n"));
9433 
9434 	return (IPQOS_CONF_SUCCESS);
9435 }
9436 
9437 /*
9438  * Called in the event of a failed rollback. It first flushes the
9439  * current configuration, then attempts to apply the oconf (the old
9440  * one), and if that fails flushes again.
9441  *
9442  * RETURNS: IPQOS_CONF_ERR if the application of old config fails,
9443  * else IPQOS_CONF_SUCCESS.
9444  */
9445 static int
9446 rollback_recover(
9447 ipqos_conf_action_t *oconf)
9448 {
9449 	int res;
9450 
9451 	IPQOSCDBG0(RBK, "In rollback_recover\n");
9452 
9453 	/*
9454 	 * flush configuration.
9455 	 */
9456 	(void) atomic_flush(B_TRUE);
9457 
9458 	/*
9459 	 * mark all elements of old config for application.
9460 	 */
9461 	mark_config_new(oconf);
9462 
9463 	/*
9464 	 * attempt to apply old config.
9465 	 */
9466 	res = applydiff(oconf, NULL);
9467 	/*
9468 	 * if failed force flush of config.
9469 	 */
9470 	if (res != IPQOS_CONF_SUCCESS) {
9471 		(void) atomic_flush(B_TRUE);
9472 		return (IPQOS_CONF_ERR);
9473 	}
9474 
9475 	return (IPQOS_CONF_SUCCESS);
9476 }
9477 
9478 /*
9479  * read and apply the configuration contained if file ifile to the kernel.
9480  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
9481  */
9482 static int
9483 applyconf(char *ifile)
9484 {
9485 
9486 	FILE *ifp;
9487 	ipqos_conf_action_t *conf = NULL;
9488 	ipqos_conf_action_t *oconf = NULL;
9489 	ipqos_conf_action_t *act, *oact;
9490 	int res;
9491 
9492 	IPQOSCDBG0(L0, "In applyconf:\n");
9493 
9494 
9495 	/* if filename '-' read from stdin */
9496 
9497 	if (strcmp(ifile, "-") == 0) {
9498 		ifp = stdin;
9499 	} else {
9500 		ifp = fopen(ifile, "r");
9501 		if (ifp == NULL) {
9502 			ipqos_msg(MT_ERROR,
9503 			    gettext("Opening file %s for read: %s.\n"),
9504 			    ifile, strerror(errno));
9505 			return (IPQOS_CONF_ERR);
9506 		}
9507 	}
9508 
9509 	/* read in new configuration */
9510 
9511 	res = readconf(ifp, &conf);
9512 	if (res != IPQOS_CONF_SUCCESS) {
9513 		goto fail;
9514 	}
9515 
9516 	/* check configuration is valid */
9517 
9518 	res = validconf(conf, 1);
9519 	if (res != IPQOS_CONF_SUCCESS) {
9520 		goto fail;
9521 	}
9522 
9523 	/* read in kernel configuration */
9524 
9525 	res = readkconf(&oconf);
9526 	if (res != IPQOS_CONF_SUCCESS) {
9527 		goto fail;
9528 	}
9529 
9530 	/*
9531 	 * check there are no same named actions in both config file and the
9532 	 * the kernel that are for a different module. The application
9533 	 * system can't handle these as we would try to add the new
9534 	 * action before we deleted the old one and because actions
9535 	 * in the kernel are indexed solely on their name (their module
9536 	 * isn't included) the kernel would return an error. We want
9537 	 * to avoid this error and the resulting rollback.
9538 	 */
9539 	for (act = conf; act != NULL; act = act->next) {
9540 		for (oact = oconf; oact != NULL; oact = oact->next) {
9541 			/* found action */
9542 			if (strcmp(act->name, oact->name) == 0) {
9543 				/* different module */
9544 				if (strcmp(act->module, oact->module) != 0) {
9545 					ipqos_msg(MT_ERROR,
9546 					    gettext("Action at line %u has "
9547 					    "same name as currently "
9548 					    "installed action, but is for a "
9549 					    "different module.\n"),
9550 					    act->lineno);
9551 					goto fail;
9552 				/* same module - stop search */
9553 				} else {
9554 					break;
9555 				}
9556 			}
9557 		}
9558 	}
9559 
9560 
9561 	/* create links between actions for use with deletions etc.. */
9562 
9563 	res = validconf(oconf, 0);
9564 	if (res != IPQOS_CONF_SUCCESS) {
9565 		goto fail;
9566 	}
9567 
9568 	/* diff conf file against kernel */
9569 
9570 	res = diffconf(oconf, conf);
9571 	if (res != IPQOS_CONF_SUCCESS) {
9572 		goto fail;
9573 	}
9574 
9575 	/* make kernel mods as atomic as possible */
9576 
9577 	if ((res = block_all_signals()) == -1) {
9578 		res = IPQOS_CONF_ERR;
9579 		goto fail;
9580 	}
9581 
9582 	/* apply difference to kernel */
9583 
9584 	res = applydiff(conf, oconf);
9585 #ifdef	_IPQOS_CONF_DEBUG
9586 	if (force_rback || res != IPQOS_CONF_SUCCESS) {
9587 #else
9588 	if (res != IPQOS_CONF_SUCCESS) {
9589 #endif	/* _IPQOS_CONF_DEBUG */
9590 
9591 		res = rollback(conf, oconf);
9592 		if (res != IPQOS_CONF_SUCCESS) {
9593 			res = rollback_recover(oconf);
9594 			if (res != IPQOS_CONF_SUCCESS) {
9595 				/* system left flushed */
9596 				ipqos_msg(MT_ERROR,
9597 				    gettext("Failed to rollback from failed "
9598 				    "configuration, configuration flushed.\n"));
9599 				res = IPQOS_CONF_RECOVER_ERR;
9600 			} else {	/* old config re-applied */
9601 				ipqos_msg(MT_ERROR,
9602 				    gettext("Configuration failed, system "
9603 				    "state unchanged.\n"));
9604 				res = IPQOS_CONF_ERR;
9605 			}
9606 		} else {
9607 			ipqos_msg(MT_ERROR,
9608 			    gettext("Configuration failed, system "
9609 			    "state unchanged.\n"));
9610 			res = IPQOS_CONF_ERR;
9611 		}
9612 		goto fail;
9613 	}
9614 
9615 	/* retry any soft name lookup failures */
9616 
9617 	res = retry_name_lookups(conf);
9618 	if (res != IPQOS_CONF_SUCCESS) {
9619 		res = rollback(conf, oconf);
9620 		if (res != IPQOS_CONF_SUCCESS) {
9621 			res = rollback_recover(oconf);
9622 			if (res != IPQOS_CONF_SUCCESS) {
9623 			/* system left flushed */
9624 				ipqos_msg(MT_ERROR,
9625 				    gettext("Failed to rollback from failed "
9626 				    "configuration, configuration flushed.\n"));
9627 				res = IPQOS_CONF_RECOVER_ERR;
9628 			} else {	/* old config re-applied */
9629 				ipqos_msg(MT_ERROR,
9630 				    gettext("Configuration failed, system "
9631 				    "state unchanged.\n"));
9632 				res = IPQOS_CONF_ERR;
9633 			}
9634 		} else {
9635 			ipqos_msg(MT_ERROR,
9636 			    gettext("Configuration failed, system "
9637 			    "state unchanged.\n"));
9638 			res = IPQOS_CONF_ERR;
9639 		}
9640 		goto fail;
9641 
9642 	}
9643 
9644 	ipqos_msg(MT_LOG, gettext("IPQoS configuration applied.\n"));
9645 
9646 	/* re-enable signals */
9647 	(void) restore_all_signals();
9648 
9649 	(void) fclose(ifp);
9650 	free_actions(conf);
9651 	free_actions(oconf);
9652 	return (IPQOS_CONF_SUCCESS);
9653 fail:
9654 	(void) fclose(ifp);
9655 	(void) restore_all_signals();
9656 	if (conf)
9657 		free_actions(conf);
9658 	if (oconf)
9659 		free_actions(oconf);
9660 	if (res == IPQOS_CONF_RECOVER_ERR)
9661 		ipqos_msg(MT_LOG, gettext("Configuration flushed.\n"));
9662 	return (res);
9663 }
9664 
9665 static sigset_t set, oset;
9666 
9667 static int
9668 block_all_signals()
9669 {
9670 	if (sigfillset(&set) == -1) {
9671 		ipqos_msg(MT_ENOSTR, "sigfillset");
9672 		return (-1);
9673 	}
9674 	if (sigprocmask(SIG_SETMASK, &set, &oset) == -1) {
9675 		ipqos_msg(MT_ENOSTR, "sigprocmask");
9676 		return (-1);
9677 	}
9678 	return (0);
9679 }
9680 
9681 static int
9682 restore_all_signals()
9683 {
9684 	if (sigprocmask(SIG_SETMASK, &oset, NULL) == -1) {
9685 		ipqos_msg(MT_ENOSTR, "sigprocmask");
9686 		return (-1);
9687 	}
9688 	return (0);
9689 }
9690 
9691 static int
9692 unlock(int fd)
9693 {
9694 	if (lockf(fd, F_ULOCK, 0) == -1) {
9695 		ipqos_msg(MT_ENOSTR, "lockf");
9696 		return (-1);
9697 	}
9698 	return (0);
9699 }
9700 
9701 static int
9702 lock()
9703 {
9704 	int fd;
9705 	struct stat sbuf1;
9706 	struct stat sbuf2;
9707 
9708 	/*
9709 	 * Open the file with O_CREAT|O_EXCL. If it exists already, it
9710 	 * will fail. If it already exists, check whether it looks like
9711 	 * the one we created.
9712 	 */
9713 	(void) umask(0077);
9714 	if ((fd = open(IPQOS_CONF_LOCK_FILE, O_EXCL|O_CREAT|O_RDWR,
9715 	    S_IRUSR|S_IWUSR)) == -1) {
9716 		if (errno != EEXIST) {
9717 			/* Some other problem. */
9718 			ipqos_msg(MT_ENOSTR,
9719 			    gettext("Cannot open lock file %s"),
9720 			    IPQOS_CONF_LOCK_FILE);
9721 			return (-1);
9722 		}
9723 
9724 		/*
9725 		 * open() returned an EEXIST error. We don't fail yet
9726 		 * as it could be a residual from a previous
9727 		 * execution. However, we need to clear errno here.
9728 		 * If we don't and print_cmd_buf() is later invoked
9729 		 * as the result of a parsing error, it
9730 		 * will assume that the current error is EEXIST and
9731 		 * that a corresponding error message has already been
9732 		 * printed, which results in an incomplete error
9733 		 * message. If errno is zero, print_cmd_buf() will
9734 		 * assume that it is called as a result of a
9735 		 * parsing error and will print the appropriate
9736 		 * error message.
9737 		 */
9738 		errno = 0;
9739 
9740 		/*
9741 		 * File exists. make sure it is OK. We need to lstat()
9742 		 * as fstat() stats the file pointed to by the symbolic
9743 		 * link.
9744 		 */
9745 		if (lstat(IPQOS_CONF_LOCK_FILE, &sbuf1) == -1) {
9746 			ipqos_msg(MT_ENOSTR,
9747 			    gettext("Cannot lstat lock file %s\n"),
9748 			    IPQOS_CONF_LOCK_FILE);
9749 			return (-1);
9750 		}
9751 		/*
9752 		 * Check whether it is a regular file and not a symbolic
9753 		 * link. Its link count should be 1. The owner should be
9754 		 * root and the file should be empty.
9755 		 */
9756 		if (((sbuf1.st_mode & (S_IFREG|S_IFLNK)) != S_IFREG) ||
9757 		    sbuf1.st_nlink != 1 ||
9758 		    sbuf1.st_uid != 0 ||
9759 		    sbuf1.st_size != 0) {
9760 			ipqos_msg(MT_ERROR, gettext("Bad lock file %s.\n"),
9761 			    IPQOS_CONF_LOCK_FILE);
9762 			return (-1);
9763 		}
9764 		if ((fd = open(IPQOS_CONF_LOCK_FILE, O_CREAT|O_RDWR,
9765 		    S_IRUSR|S_IWUSR)) == -1) {
9766 			ipqos_msg(MT_ENOSTR,
9767 			    gettext("Cannot open lock file %s"),
9768 			    IPQOS_CONF_LOCK_FILE);
9769 			return (-1);
9770 		}
9771 
9772 		/* Check whether we opened the file that we lstat()ed. */
9773 		if (fstat(fd, &sbuf2) == -1) {
9774 			ipqos_msg(MT_ENOSTR,
9775 			    gettext("Cannot fstat lock file %s\n"),
9776 			    IPQOS_CONF_LOCK_FILE);
9777 			return (-1);
9778 		}
9779 		if (sbuf1.st_dev != sbuf2.st_dev ||
9780 		    sbuf1.st_ino != sbuf2.st_ino) {
9781 			/* File changed after we did the lstat() above */
9782 			ipqos_msg(MT_ERROR, gettext("Bad lock file %s.\n"),
9783 			    IPQOS_CONF_LOCK_FILE);
9784 			return (-1);
9785 		}
9786 	}
9787 	if (lockf(fd, F_LOCK, 0) == -1) {
9788 		ipqos_msg(MT_ENOSTR, "lockf");
9789 		return (-1);
9790 	}
9791 	return (fd);
9792 }
9793 
9794 /*
9795  * print the current kernel configuration out to stdout. If viewall
9796  * is set this causes more verbose configuration listing including
9797  * showing objects we didn't create, each instance of a mhome filter,
9798  * etc.. see printaction().
9799  * RETURNS: IPQOS_CONF_ERR on error, else IPQOS_CONF_SUCCES.
9800  */
9801 
9802 static int
9803 viewconf(int viewall)
9804 {
9805 
9806 	ipqos_conf_action_t *conf = NULL;
9807 	ipqos_conf_action_t *act;
9808 	int ret;
9809 
9810 	IPQOSCDBG0(L0, "In viewconf\n");
9811 
9812 	/* get kernel configuration */
9813 
9814 	ret = readkconf(&conf);
9815 	if (ret != IPQOS_CONF_SUCCESS) {
9816 		return (IPQOS_CONF_ERR);
9817 	}
9818 
9819 	/* write out format version */
9820 
9821 	if (conf != NULL) {
9822 		(void) fprintf(stdout, "%s %d.%d\n\n", IPQOS_FMT_VERSION_STR,
9823 		    IPQOS_CUR_FMT_MAJOR_VER, IPQOS_CUR_FMT_MINOR_VER);
9824 	}
9825 
9826 	/* print each of the actions in the kernel config to stdout */
9827 
9828 	for (act = conf; act != NULL; act = act->next) {
9829 		ret = printaction(stdout, act, viewall, 0);
9830 		if (ret != IPQOS_CONF_SUCCESS) {
9831 			free_actions(conf);
9832 			return (ret);
9833 		}
9834 		(void) fprintf(stdout, "\n");
9835 	}
9836 
9837 	free_actions(conf);
9838 
9839 	return (IPQOS_CONF_SUCCESS);
9840 }
9841 
9842 
9843 /*
9844  * debug function that reads the config file and prints it out after
9845  * interpreting to stdout.
9846  */
9847 #ifdef	_IPQOS_CONF_DEBUG
9848 static int
9849 viewcfile(char *cfile)
9850 {
9851 
9852 	ipqos_conf_action_t *conf;
9853 	ipqos_conf_action_t *act;
9854 	int res;
9855 	FILE *ifp;
9856 	int viewall = 1;
9857 
9858 	IPQOSCDBG0(L0, "In viewcfile\n");
9859 	ifp = fopen(cfile, "r");
9860 	if (ifp == NULL) {
9861 		ipqos_msg(MT_ERROR, gettext("Opening file %s for read: %s.\n"),
9862 		    cfile, strerror(errno));
9863 		return (IPQOS_CONF_ERR);
9864 	}
9865 
9866 	res = readconf(ifp, &conf);
9867 	if (res != IPQOS_CONF_SUCCESS) {
9868 		free(ifp);
9869 		return (IPQOS_CONF_ERR);
9870 	}
9871 
9872 	/* print each of the actions in the kernel config to stdout */
9873 	for (act = conf; act != NULL; act = act->next) {
9874 		res = printaction(stdout, act, viewall, 0);
9875 		if (res != IPQOS_CONF_SUCCESS) {
9876 			free(ifp);
9877 			return (res);
9878 		}
9879 
9880 		(void) fprintf(stdout, "\n");
9881 	}
9882 
9883 	(void) fprintf(stdout, "\n");
9884 
9885 
9886 	return (IPQOS_CONF_SUCCESS);
9887 }
9888 #endif	/* _IPQOS_CONF_DEBUG */
9889 
9890 static void
9891 usage(void)
9892 {
9893 	(void) fprintf(stderr, gettext("usage:\n"
9894 	    "\tipqosconf [-sv] -a file|-\n"
9895 	    "\tipqosconf -c\n"
9896 	    "\tipqosconf -l\n"
9897 	    "\tipqosconf -L\n"
9898 	    "\tipqosconf -f\n"));
9899 }
9900 
9901 int
9902 main(int argc, char *argv[])
9903 {
9904 
9905 	int c;
9906 	char *ifile = NULL;
9907 	int args;
9908 	int ret;
9909 	int cmd;
9910 	int viewall = 0;
9911 	int lfp;
9912 
9913 	/* init global flags */
9914 	use_syslog = verbose = 0;
9915 
9916 	/* init current line number */
9917 	lineno = 0;
9918 
9919 	/* setup internationalisation */
9920 
9921 	(void) setlocale(LC_ALL, "");
9922 #if	!defined(TEXT_DOMAIN)
9923 #define	TEXT_DOMAIN "SYS_TEST"
9924 #endif
9925 	(void) textdomain(TEXT_DOMAIN);
9926 
9927 	/* setup syslog parameters */
9928 	openlog("ipqosconf", 0, LOG_USER);
9929 
9930 	args = 0;
9931 
9932 /* enable debug options */
9933 
9934 #ifdef	_IPQOS_CONF_DEBUG
9935 #define	DBGOPTS	"rz:"
9936 #else
9937 #define	DBGOPTS
9938 #endif	/* _IPQOS_CONF_DEBUG */
9939 
9940 	while ((c = getopt(argc, argv, "sca:vflL" DBGOPTS)) != EOF) {
9941 		switch (c) {
9942 #ifdef	_IPQOS_CONF_DEBUG
9943 			case 'z':
9944 				cmd = -1;
9945 				ifile = optarg;
9946 				if (*ifile == '\0') {
9947 					usage();
9948 					exit(1);
9949 				}
9950 				args++;
9951 				break;
9952 			case 'r':
9953 				force_rback++;
9954 				break;
9955 #endif	/* _IPQOS_CONF_DEBUG */
9956 			case 'c':
9957 				cmd = IPQOS_CONF_COMMIT;
9958 				args++;
9959 				break;
9960 			case 'a':
9961 				cmd = IPQOS_CONF_APPLY;
9962 				ifile = optarg;
9963 				if (*ifile == '\0') {
9964 					usage();
9965 					exit(1);
9966 				}
9967 				args++;
9968 				break;
9969 			case 'f':
9970 				cmd = IPQOS_CONF_FLUSH;
9971 				args++;
9972 				break;
9973 			case 'l':
9974 				cmd = IPQOS_CONF_VIEW;
9975 				args++;
9976 				break;
9977 			case 'L':
9978 				cmd = IPQOS_CONF_VIEW;
9979 				viewall++;
9980 				args++;
9981 				break;
9982 			case 'v':
9983 				verbose++;
9984 				break;
9985 			case 's':
9986 				use_syslog++;
9987 				break;
9988 			case '?':
9989 				usage();
9990 				return (1);
9991 		}
9992 	}
9993 
9994 	/*
9995 	 * dissallow non-option args, > 1 cmd args and syslog/verbose flags set
9996 	 * for anything but apply.
9997 	 */
9998 	if (optind != argc || args > 1 ||
9999 	    use_syslog && cmd != IPQOS_CONF_APPLY ||
10000 	    verbose && cmd != IPQOS_CONF_APPLY) {
10001 		usage();
10002 		exit(1);
10003 	}
10004 
10005 	/* if no cmd option then show config */
10006 
10007 	if (args == 0) {
10008 		cmd = IPQOS_CONF_VIEW;
10009 	}
10010 
10011 	/* stop concurrent ipqosconf invocations */
10012 	lfp = lock();
10013 	if (lfp == -1) {
10014 		exit(1);
10015 	}
10016 
10017 	switch (cmd) {
10018 #ifdef	_IPQOS_CONF_DEBUG
10019 		case -1:
10020 			ret = viewcfile(ifile);
10021 			break;
10022 #endif	/* _IPQOS_CONF_DEBUG */
10023 		case IPQOS_CONF_APPLY:
10024 			ret = applyconf(ifile);
10025 			break;
10026 		case IPQOS_CONF_COMMIT:
10027 			ret = commitconf();
10028 			break;
10029 		case IPQOS_CONF_VIEW:
10030 			ret = viewconf(viewall);
10031 			break;
10032 		case IPQOS_CONF_FLUSH:
10033 			ret = flushconf();
10034 			break;
10035 	}
10036 
10037 	(void) unlock(lfp);
10038 
10039 	return (ret);
10040 
10041 }
10042