[src/netbsd-6]: src/usr.sbin/npf/npfctl Pull up following revision(s) (reques...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/dad63fa56c36
branches:  netbsd-6
changeset: 775586:dad63fa56c36
user:      riz <riz%NetBSD.org@localhost>
date:      Sun Dec 16 19:41:37 2012 +0000

description:
Pull up following revision(s) (requested by rmind in ticket #750):
        usr.sbin/npf/npfctl/npfctl.c: revision 1.25
        usr.sbin/npf/npfctl/npfctl.h: revision 1.24
        usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.13
        usr.sbin/npf/npfctl/npf_build.c: revision 1.16
        usr.sbin/npf/npfctl/npfctl.8: revision 1.11
npfctl: add 'validate' command to check the config, but not load it.  Update
the man page.  Also add a small note about 'debug' command, PR/47298.

diffstat:

 usr.sbin/npf/npfctl/npf_build.c       |  10 ++++++++--
 usr.sbin/npf/npfctl/npf_disassemble.c |  21 +++++++++++++--------
 usr.sbin/npf/npfctl/npfctl.8          |  14 ++++++++++++--
 usr.sbin/npf/npfctl/npfctl.c          |  14 +++++++++++---
 usr.sbin/npf/npfctl/npfctl.h          |   3 ++-
 5 files changed, 46 insertions(+), 16 deletions(-)

diffs (189 lines):

diff -r 3f196d180eac -r dad63fa56c36 usr.sbin/npf/npfctl/npf_build.c
--- a/usr.sbin/npf/npfctl/npf_build.c   Sun Dec 16 19:13:15 2012 +0000
+++ b/usr.sbin/npf/npfctl/npf_build.c   Sun Dec 16 19:41:37 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_build.c,v 1.4.2.8 2012/12/11 04:31:52 riz Exp $    */
+/*     $NetBSD: npf_build.c,v 1.4.2.9 2012/12/16 19:41:37 riz Exp $    */
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.4.2.8 2012/12/11 04:31:52 riz Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.4.2.9 2012/12/16 19:41:37 riz Exp $");
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
@@ -85,6 +85,12 @@
        return error;
 }
 
+nl_config_t *
+npfctl_config_ref(void)
+{
+       return npf_conf;
+}
+
 unsigned long
 npfctl_debug_addif(const char *ifname)
 {
diff -r 3f196d180eac -r dad63fa56c36 usr.sbin/npf/npfctl/npf_disassemble.c
--- a/usr.sbin/npf/npfctl/npf_disassemble.c     Sun Dec 16 19:13:15 2012 +0000
+++ b/usr.sbin/npf/npfctl/npf_disassemble.c     Sun Dec 16 19:41:37 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_disassemble.c,v 1.3.2.9 2012/11/26 17:39:29 riz Exp $      */
+/*     $NetBSD: npf_disassemble.c,v 1.3.2.10 2012/12/16 19:41:37 riz Exp $     */
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  * FIXME: config generation should be redesigned..
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_disassemble.c,v 1.3.2.9 2012/11/26 17:39:29 riz Exp $");
+__RCSID("$NetBSD: npf_disassemble.c,v 1.3.2.10 2012/12/16 19:41:37 riz Exp $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -702,13 +702,18 @@
        bool active, loaded;
        int error = 0;
 
-       ncf = npf_config_retrieve(fd, &active, &loaded);
-       if (ncf == NULL) {
-               return errno;
+       if (fd) {
+               ncf = npf_config_retrieve(fd, &active, &loaded);
+               if (ncf == NULL) {
+                       return errno;
+               }
+               printf("Filtering:\t%s\nConfiguration:\t%s\n\n",
+                   active ? "active" : "inactive",
+                   loaded ? "loaded" : "empty");
+       } else {
+               ncf = npfctl_config_ref();
+               loaded = true;
        }
-       printf("Filtering:\t%s\nConfiguration:\t%s\n\n",
-           active ? "active" : "inactive",
-           loaded ? "loaded" : "empty");
 
        if (loaded) {
                _npf_table_foreach(ncf, npfctl_show_table);
diff -r 3f196d180eac -r dad63fa56c36 usr.sbin/npf/npfctl/npfctl.8
--- a/usr.sbin/npf/npfctl/npfctl.8      Sun Dec 16 19:13:15 2012 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.8      Sun Dec 16 19:41:37 2012 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npfctl.8,v 1.6.6.3 2012/11/24 04:34:43 riz Exp $
+.\"    $NetBSD: npfctl.8,v 1.6.6.4 2012/12/16 19:41:37 riz Exp $
 .\"
 .\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 15, 2012
+.Dd December 10, 2012
 .Dt NPFCTL 8
 .Os
 .Sh NAME
@@ -79,6 +79,12 @@
 Syntax of printed configuration is for the user and may not match the
 .Xr npf.conf 5
 syntax.
+.It Ic validate Op Ar path
+Validate the configuration file and the processed form.
+The configuration file at
+.Pa /etc/npf.conf
+will be used unless a file is specified by
+.Ar path .
 .It Ic table Ar tid Ic add Aq Ar addr/mask
 In table
 .Ar tid ,
@@ -117,6 +123,10 @@
 Administrator may want to start packet inspection after the session loading.
 .It Ic stats
 Print various statistics.
+.It Ic debug
+Process the configuration file, print the n-code of each rule
+and dump the raw configuration.
+This is primarily for developer use.
 .El
 .Sh PERFORMANCE
 Reloading the configuration is a relatively expensive operation.
diff -r 3f196d180eac -r dad63fa56c36 usr.sbin/npf/npfctl/npfctl.c
--- a/usr.sbin/npf/npfctl/npfctl.c      Sun Dec 16 19:13:15 2012 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.c      Sun Dec 16 19:41:37 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npfctl.c,v 1.10.2.9 2012/11/26 17:39:29 riz Exp $      */
+/*     $NetBSD: npfctl.c,v 1.10.2.10 2012/12/16 19:41:37 riz Exp $     */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.10.2.9 2012/11/26 17:39:29 riz Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.10.2.10 2012/12/16 19:41:37 riz Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -57,6 +57,7 @@
        NPFCTL_RELOAD,
        NPFCTL_SHOWCONF,
        NPFCTL_FLUSH,
+       NPFCTL_VALIDATE,
        NPFCTL_TABLE,
        NPFCTL_STATS,
        NPFCTL_SESSIONS_SAVE,
@@ -73,6 +74,7 @@
        {       "reload",               NPFCTL_RELOAD           },
        {       "show",                 NPFCTL_SHOWCONF,        },
        {       "flush",                NPFCTL_FLUSH            },
+       {       "valid",                NPFCTL_VALIDATE         },
        /* Table */
        {       "table",                NPFCTL_TABLE            },
        /* Stats */
@@ -382,6 +384,11 @@
        case NPFCTL_FLUSH:
                ret = npf_config_flush(fd);
                break;
+       case NPFCTL_VALIDATE:
+               npfctl_config_init(false);
+               npfctl_parsecfg(argc < 3 ? NPF_CONF_PATH : argv[2]);
+               ret = npfctl_config_show(0);
+               break;
        case NPFCTL_TABLE:
                if ((argc -= 2) < 2) {
                        usage();
@@ -433,7 +440,8 @@
 
        /* Find and call the subroutine. */
        for (int n = 0; operations[n].cmd != NULL; n++) {
-               if (strcmp(cmd, operations[n].cmd) != 0)
+               const char *opcmd = operations[n].cmd;
+               if (strncmp(cmd, opcmd, strlen(opcmd)) != 0)
                        continue;
                npfctl(operations[n].action, argc, argv);
                return EXIT_SUCCESS;
diff -r 3f196d180eac -r dad63fa56c36 usr.sbin/npf/npfctl/npfctl.h
--- a/usr.sbin/npf/npfctl/npfctl.h      Sun Dec 16 19:13:15 2012 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.h      Sun Dec 16 19:41:37 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npfctl.h,v 1.11.2.10 2012/12/11 04:31:52 riz Exp $     */
+/*     $NetBSD: npfctl.h,v 1.11.2.11 2012/12/16 19:41:37 riz Exp $     */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -178,6 +178,7 @@
 
 void           npfctl_config_init(bool);
 int            npfctl_config_send(int, const char *);
+nl_config_t *  npfctl_config_ref(void);
 int            npfctl_config_show(int);
 unsigned long  npfctl_debug_addif(const char *);