Re: NPF documentation

[Pongthep Kulkrisada <ptkrisada%gmail.com@localhost>]

Hi All,

* Mindaugas Rasiukevicius (rmind%netbsd.org@localhost) wrote:
> As those of you tracking source changes may have already noticed, there
> have been various improvements to NPF over the last few months (e.g. support
> for dynamic NPF rules).
Very great to have listened this.
I have posted an npf question in this list since Jan 2013.
But there has been no reply.

> Additionally, I created a web page for NPF documentation:
> 
> http://www.netbsd.org/~rmind/npf/
Sorry, it seems that the doc is still not updated as in npf.conf(5)
regarding interfaces.

$ext_if = "wm0"
should be changed to
$ext_if = inet4(wm0)
or inet6

> NetBSD 6.1 has recently entered Release Candidate
> stage, therefore wider testing would be more than welcome!
Here's my minimal /etc/npf.conf.

# cat /etc/npf.conf
$ext_if = inet4(pcn0)

procedure "log" {
        log: npflog0
}

procedure "norm" {
        normalise: "random-id"
}

group (name "external", interface $ext_if) {
        pass all
}

group (default) {
        pass final on lo0 all
        block all
}

This configuration results in an error.

# npfctl reload
/etc/npf.conf:5:1: invalid parameter 'npflog0' near '}'

So I suspected that npflog might be not ready.
I tried commenting out three lines of procedure "log".
Then again...

# npfctl reload
npfctl: ioctl: Invalid argument

In order to totally eliminate all errors, I must comment out ALL procedures.
Is this a bug or mis-configuration?
It did not happen when I first checkout to netbsd-6-0-RELEASE.
It has been happening since I made it STABLE.

# uname -a
NetBSD netbsd.localdomain 6.1_RC1 NetBSD 6.1_RC1 (GENERIC) #5: Fri Mar  8 
17:34:39 ICT 2013  
root@netbsd.localdomain:/usr/obj/sys/arch/i386/compile/GENERIC i386

Thanks in advance,

-- 
Pongthep Kulkrisada
 
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie