Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/npf/npfctl allow turning off the bpf jit loading.
details: https://anonhg.NetBSD.org/src/rev/af50b57d46be
branches: trunk
changeset: 335123:af50b57d46be
user: christos <christos%NetBSD.org@localhost>
date: Fri Dec 26 22:44:54 2014 +0000
description:
allow turning off the bpf jit loading.
diffstat:
usr.sbin/npf/npfctl/npf.conf.5 | 7 +++++--
usr.sbin/npf/npfctl/npf_parse.y | 23 ++++++++++++++++++++++-
usr.sbin/npf/npfctl/npf_scan.l | 5 ++++-
usr.sbin/npf/npfctl/npfctl.c | 24 ++++++++++++++++++++----
usr.sbin/npf/npfctl/npfctl.h | 3 ++-
5 files changed, 53 insertions(+), 9 deletions(-)
diffs (199 lines):
diff -r 353cb71486e0 -r af50b57d46be usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5 Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5 Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf.conf.5,v 1.42 2014/08/03 00:02:56 rmind Exp $
+.\" $NetBSD: npf.conf.5,v 1.43 2014/12/26 22:44:54 christos Exp $
.\"
.\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd August 2, 2014
+.Dd December 26, 2014
.Dt NPF.CONF 5
.Os
.Sh NAME
@@ -240,6 +240,9 @@
interface = interface-name | var-name
var-def = var "=" ( var-value | "{" value *[ "," value ] "}" )
+; Parameter setting
+set-statement = "set" parameter value
+
; Table definition. Table ID shall be numeric. Path is in the double quotes.
table-id = \*[Lt]table-name\*[Gt]
diff -r 353cb71486e0 -r af50b57d46be usr.sbin/npf/npfctl/npf_parse.y
--- a/usr.sbin/npf/npfctl/npf_parse.y Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_parse.y,v 1.35 2014/03/15 15:22:37 riastradh Exp $ */
+/* $NetBSD: npf_parse.y,v 1.36 2014/12/26 22:44:54 christos Exp $ */
/*-
* Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@@ -92,6 +92,7 @@
%token ARROWLEFT
%token ARROWRIGHT
%token BLOCK
+%token BPFJIT
%token CDB
%token CURLY_CLOSE
%token CURLY_OPEN
@@ -118,6 +119,7 @@
%token NAME
%token NPT66
%token ON
+%token OFF
%token OUT
%token PAR_CLOSE
%token PAR_OPEN
@@ -134,6 +136,7 @@
%token RETURNRST
%token RULESET
%token SEPLINE
+%token SET
%token SLASH
%token STATEFUL
%token STATEFUL_ENDS
@@ -169,9 +172,11 @@
%type <filtopts> filt_opts, all_or_filt_opts
%type <optproto> opt_proto
%type <rulegroup> group_opts
+%type <tf> onoff
%union {
char * str;
+ bool tf;
unsigned long num;
double fpnum;
npfvar_t * var;
@@ -200,6 +205,7 @@
| group
| rproc
| alg
+ | set
|
;
@@ -210,6 +216,21 @@
}
;
+onoff
+ : ON {
+ $$ = true;
+ }
+ | OFF {
+ $$ = false;
+ }
+ ;
+
+set
+ : SET BPFJIT onoff {
+ npfctl_bpfjit($3);
+ }
+ ;
+
/*
* A value - an element or a list of elements.
* Can be assigned to a variable or used inline.
diff -r 353cb71486e0 -r af50b57d46be usr.sbin/npf/npfctl/npf_scan.l
--- a/usr.sbin/npf/npfctl/npf_scan.l Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_scan.l Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_scan.l,v 1.21 2014/05/31 22:37:05 rmind Exp $ */
+/* $NetBSD: npf_scan.l,v 1.22 2014/12/26 22:44:54 christos Exp $ */
/*-
* Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -97,6 +97,7 @@
dynamic return TDYNAMIC;
file return TFILE;
map return MAP;
+set return SET;
"<->" return ARROWBOTH;
"<-" return ARROWLEFT;
"->" return ARROWRIGHT;
@@ -124,6 +125,8 @@
final return FINAL;
quick return FINAL;
on return ON;
+off return OFF;
+bpf.jit return BPFJIT;
inet6 return INET6;
inet4 return INET4;
proto return PROTO;
diff -r 353cb71486e0 -r af50b57d46be usr.sbin/npf/npfctl/npfctl.c
--- a/usr.sbin/npf/npfctl/npfctl.c Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.c Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npfctl.c,v 1.44 2014/12/26 20:44:38 rmind Exp $ */
+/* $NetBSD: npfctl.c,v 1.45 2014/12/26 22:44:54 christos Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.44 2014/12/26 20:44:38 rmind Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.45 2014/12/26 22:44:54 christos Exp $");
#include <sys/ioctl.h>
#include <sys/stat.h>
@@ -481,6 +481,14 @@
exit(EXIT_SUCCESS);
}
+static bool bpfjit = true;
+
+void
+npfctl_bpfjit(bool onoff)
+{
+ bpfjit = onoff;
+}
+
static void
npfctl_preload_bpfjit(void)
{
@@ -491,9 +499,17 @@
.ml_propslen = 0
};
+ if (!bpfjit)
+ return;
+
if (modctl(MODCTL_LOAD, &args) != 0 && errno != EEXIST) {
- fprintf(stderr, "WARNING: bpfjit is not loaded; "
- "this may have severe impact on performance.");
+ static const char *p = "; performance will be degraded";
+ if (errno == ENOENT)
+ warnx("the bpfjit module seems to be missing%s", p);
+ else
+ warn("error loading the bpfjit module%s", p);
+ warnx("To disable this warning `set bpf.jit off' in "
+ "/etc/npf.conf");
}
}
diff -r 353cb71486e0 -r af50b57d46be usr.sbin/npf/npfctl/npfctl.h
--- a/usr.sbin/npf/npfctl/npfctl.h Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.h Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npfctl.h,v 1.38 2014/07/23 01:25:34 rmind Exp $ */
+/* $NetBSD: npfctl.h,v 1.39 2014/12/26 22:44:54 christos Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -106,6 +106,7 @@
bool join(char *, size_t, int, char **, const char *);
void yyerror(const char *, ...) __printflike(1, 2) __dead;
+void npfctl_bpfjit(bool);
void npfctl_parse_file(const char *);
void npfctl_parse_string(const char *);
Home |
Main Index |
Thread Index |
Old Index